search

MarkEdmondson1234 / googleCloudRunner

Easy R scripts on Google Cloud Platform via Cloud Run, Cloud Build and Cloud Scheduler
https://code.markedmondson.me/googleCloudRunner/
Other
81 stars 26 forks source link

Do an example of scheduling a Cloud Run app for R code #114

Open MarkEdmondson1234 opened 3 years ago

MarkEdmondson1234 commented 3 years ago

Maybe add the option to the "Schedule R script" gadget to have a plumber API endpoint as an option.

run_app <- cr_run_schedule_http(
       "https://example-ewjogewawq-ew.a.run.app/echo?msg=blah",
      http_method = "GET"
     )

cr_schedule("cloud-run-scheduled", schedule = "4 16 * * *", httpTarget = run_me)
MarkEdmondson1234 commented 3 years ago

Need to add the scheduler email as a role: https://cloud.google.com/run/docs/triggering/using-scheduler#command-line

    auth_step <- cr_buildstep_gcloud(
      args = c("gcloud",
               "run", "services", "add-iam-policy-binding",
               name,
               sprintf("--member=serviceAccount:%s",cr_email_get()),
               "--role=roles/run.invoker",
               "--platform", "managed",
               name),
      id = "auth cloudrun",
      ...)

??

MarkEdmondson1234 commented 3 years ago

It seems impossible for the invoker for private Cloud Run to be the same email as the one deploying it (which is weird if you ask me - the error was "this@email does not have permission to act on behalf of this@email").

Down that rabbit hole the Cloud run deployment process (via cr_buildstep_run()) will now create a dedicated service account for its own deployment and give it access. This brings the need for users to generate that email, which is by default called "my-app-invoker" - tried to explain in the docs

# for unauthenticated apps create a HttpTarget
run_me <- HttpTarget(
  uri = "https://public-ewjogewawq-ew.a.run.app/echo?msg=blah",
  http_method = "GET"
)
cr_schedule("cloud-run-scheduled", schedule = "16 4 * * *",
            httpTarget = run_me)

# for authenticated Cloud Run apps - create with allowUnauthenticated=FALSE
cr_deploy_run("my-app", allowUnauthenticated = TRUE)

## End(Not run)

# deploying via R will help create a service email called my-app-cloudrun-invoker
cr_run_email("my-app")

## Not run: 
# use that email to schedule the Cloud Run private micro-service

# schedule the endpoint
my_run_name <- "my-app"
my_app <- cr_run_get(my_run_name)
email <- cr_run_email(my_run_name)
endpoint <- paste0(my_app$status$url, "/fetch_stuff")

app_sched <- cr_run_schedule_http(endpoint,
                                  http_method = "GET",
                                  email = email)

cr_schedule("cloud-run-scheduled-1",
            schedule = "4 16 * * *",
            httpTarget = app_sched)