Open glasnt opened 1 day ago
A possible way to do this, replacing most of the logic in _service_url
# pip install google-api-python-client
from googleapiclient.discovery import build
run = build("run", "v1")
fqname = f"projects/{project}/locations/{region}/services/{service}"
service = run.projects().locations().services().get(name=fqname).execute()
urls = service['metadata']['annotations']['run.googleapis.com/urls']
May no longer need google-cloud-run
, instead google-api-python-client
(or both).
Also need to update the ALLOWED_HOSTS to support a list, possibly similar to the Codelabs update https://codelabs.developers.google.com/codelabs/cloud-run-django#5:
# If defined, add service URLs to Django security settings
CLOUDRUN_SERVICE_URLS = env("CLOUDRUN_SERVICE_URLS", default=None)
if CLOUDRUN_SERVICE_URLS:
CSRF_TRUSTED_ORIGINS = env("CLOUDRUN_SERVICE_URLS").split(",")
# Remove the scheme from URLs for ALLOWED_HOSTS
ALLOWED_HOSTS = [urlparse(url).netloc for url in CSRF_TRUSTED_ORIGINS]
else:
ALLOWED_HOSTS = ["*"]
Describe the bug
With the release of Deterministic URLs, Cloud Run services now have two default urls:
Avocano uses self-csrf to build the hash-regioncode variation of it's own URL, but not the new version.
This causes issues when trying to use the web-interface for the server, specifically when using the default presented URL in the Google Cloud Console or Service URL in the output of a
gcloud run deploy
(both report the projectnum variation)Additional context
internal b/367711357