I'm trying to use Google Cloud to generate an http certification, following this guide: https://certbot-dns-google.readthedocs.io/en/stable/
I have my domain via Google Domains, and I also use GSuite. I made a Google Cloud account (free), and I'm not sure how to tell it about my domain.
What's the best way forward, so I can get the cert for my domain? Thanks!
You don't necessarily need to use Google Cloud in order to create a certificate from "Let's Encrypt" but here's how I would do it.
Assuming the Google Domains domain name is certme.com, I would create a GCP Cloud DNS public zone using certme.com link, then you must create a GCP service account link (this will be used by your certbot later) remember to use the credential types described on your guide and download it's credentials to the cerbot running machine.
After that then you should be able to run the following (described on your guide):
certbot certonly \
--dns-google \
--dns-google-credentials /path/to/credentials.json \
--dns-google-propagation-seconds 120 \
-d certme.com
Remember that under the hood, you would be using cerbot challenge "dns-01", for this to work a DNS TXT record must be added and validated (by cerbot).
I have set up Azure AD authentication on my SonarQube server as well as the corresponding app registration listed in Azure AD. The problem I am facing is that when I try to authenticate to the SonarQube portal using my Azure login, it logs me into the portal but doesn't place my account in the correct group!
My account is placed in the "sonar-users" default group when it should be fed into the other group which is named exactly the same as the group listed in Azure AD (as per the SQ documentation).
Has any one experienced any issues similar to this? If so, did you manage to resolve it?
Have you checked, that your APP-registration has the corresponding permissions to the AAD?
Sign in and read user profile
Read all users' basic profiles
Read directory data
https://github.com/hkamel/sonar-auth-aad Point 7
I have created a Google Cloud Project MySQL database to use in conjunction with the Jdbc service provided by Google Apps Script. Everything went as planned with the connection. I am basically connecting as it does in the docs.
var conn = Jdbc.getCloudSqlConnection(dbUrl, user, userPwd);
I shared the file with another account and all of a sudden I am seeing a red error saying:
'Failed to establish a database connection. Check connection string, username and password.'
Nothing changed in the code, but there is an error. When I go back to my original account and run the same bit of code, there is no error. What is happening here? Any ideas?
Jdbc.getConnection works from both: my account and another account:
var conn = Jdbc.getConnection('jdbc:mysql://' + IP + ':3306/' + database_name, user, password)
I'm really confused because the recommended method did not work.
There are two ways of establishing a connection with a Google Cloud
SQL database using Apps Script's JDBC service:
(Recommended) Connecting using Jdbc.getCloudSqlConnection(url)
Connecting using Jdbc.getConnection(url)
Notes:
IP is a Public IP address from the OVERVIEW tab in your database console:
I've allowed any host when created a user:
I am not sure whether this question has been resolved or not, but let me add this answer.
I also faced the same problem but I found the resolution. What I did is:
First, go to the console.
https://console.cloud.google.com
Then, open IAM.
and add the account as a member and add this permission: "Cloud SQL Client".
I think this is a permission issue in your second account. Necessary information are missing in your question. But, the secound account, if run as a another user, won't necessarily have your sqlservice authorization. The permission,
https://www.googleapis.com/auth/sqlservice
Manage the data in your Google SQL Service instances
is required to use Jdbc.getCloudSqlConnection(url), while Jdbc#getConnectionUrl() just requires external link connection permission
https://www.googleapis.com/auth/script.external_request
I believe that you can only connect to sql instances owned by you with getCloudSqlConnection() which doesn't even require external connection permission. This method probably calls your sql instance internally.
References:
Jdbc#getCloudConnection
Jdbc#getConnection
Conclusion
To connect to any external service, you need external_request permission. But, You don't need that permission to connect to your own documents say, Spreadsheets owned by you/have edit access permission - through SpreadsheetApp.openByUrl(). I believe it's the same thing with Jdbc.getCloudSqlConnection(). It calls your Google sql internally - So, even if you grant external request permission, It won't work. What will work for this method is
Installable triggers (which runs as you).
Add the second account also as owner in GCP-IAM (may not work though) See this answer
I'd double-check once again all IP ranges which should be whitelisted. According to your description it worked fine in first account, probably in second account Apps Script uses another IP for connection, which was not whitelisted or whitelisted with some typo. Could you share screenshot how did you exactly whitelist the ranges from this article?
I have a GAS Add-On that uses a Google cloud dB. I initially set this up by:
Whitelisting Google Cloud IP ranges in my SQL instance
Getting the script.external_request scope approved for OAuth Consent screen
This all works great from GAS for the add-on, but I suspect that if this whitelist is not comprehensive and volatile (which I expect it is), I will see intermittent connectivity issues.
I recently added a Firebase web app that needs access to the same dB. I had issues, because Firebase does not conform to those Google IP ranges and does not expose its IP for whitelisting. So I had to create a socket layer connection as if Firebase was an external service.
Which got me thinking, should I put a socket layer in my GAS Add-On? But nothing in the GAS JBDC Class documentation indicates a socket parameter.
Which leads me to a question that was not really answered in this thread:
Does anyone know why Jdbc.getCloudSqlConnection(url) is the "Recommended" approach? The documentation seems to imply that because the IP whitelisting is not required, Jdbc.getCloudSqlConnection(url) is using a socket (or some other secure method) to connect to the dB?
It also seems silly that if that is the case, that I would need two have two sensitive scopes to manage a dB connection. I would rather not go through another OAuth const audit and require my users to accept another scope unless there is a benefit to doing so.
I created an Ubuntu server on Amazon AWS.
Then I registered for Forge, and now trying to configure it.
I selected source control to be Bitbucket.
I selected Amazon in Server Provider Section,but now I am not sure what to put in key and secret
I found the answer to this question,
We need to create a IAM user and opt for api access key and secret.
also remember to give access to at least FullEC2Admin Access to this user before initiating the process to create and provision the server via forge.
I would appreciate any help that can be offered. I would like to achieve the following in Azure and having tried various tutorials using lots of different configurations I am still unable to achieve what seems quite simple.
I would like to set the default IIS homepage on an Azure VM to use Windows Authentication. I would like to Add a user or group from my local on-premise Active Directory, which is linked to an Azure Active Directory using 'Azure AD Connect'. Finally I would like to login to a client machine on my local on-premise Active Directory, and be able to browse to the Azure VM IIS default homepage without having to enter a username and password, as I am already authenticated having logged into the local Active Directory.
I am happy to try various setups and scenarios, so if you can help please shout up.
Thanks
Andy