Apigee X Connection to Google Topic.

Google Cloud Apigee
1

Hi @dchiesa1

How are you?We have a requirement where the team wants an Apigee Proxy to be proxying a Topic. The Topic is Authenticated and is on the Enterprise Google Cloud Environment. They intend to call the Google Pub/Sub API https://cloud.google.com/pubsub/docs/reference/service_apis_overview and pass the topic name.
Please let me know if you need any further information to be shared. If there are any documentation already available could you please share the links it will be helpful or any similar topics already discussed also would be helpful.

Thanks,

Debjit

2 Likes
2

“proxy to a topic” for what purpose? For publishing an event to a topic? Or for subscribing to events on that topic?

There are substantial differences. Apigee can proxy a publish call , no problem. For subscribing with a PUSH model, the interaction model would need to be a little different.

What are you thinking? What are the goals?

1 Like
3

Hi Dino,

Apigee will be publishing an event to a topic.

1 Like
4

That should be really easy.

The GCP PubSub service lets you Publish a message to a pubsub topic via a simple REST call.

POST  https://pubsub.googleapis.com/v1/projects/PROJECT_ID/topics/TOPIC_ID:publish
Content-Type: application/json
Authorization: Bearer $TOKEN

{
  "messages": [ {
    "data": "base64-encoded-data",
    "attributes": {
      "key": "value",
      ...
    }
  }]
}

So you just need a target endpoint that points there. This is what I used:

<TargetEndpoint name="target-1">

  <PreFlow name="PreFlow">
    <Request>
      <Step>
        <Name>AM-Pubsub-Post-Body</Name>
      </Step>
    </Request>
  </PreFlow>

  <HTTPTargetConnection>
    <!-- tell Apigee to invoke this endpoint with a Google Access Token -->
    <Authentication>
      <GoogleAccessToken>
        <Scopes>
          <Scope>https://www.googleapis.com/auth/cloud-platform</Scope>
        </Scopes>
      </GoogleAccessToken>
    </Authentication>

    <SSLInfo>
      <Enabled>true</Enabled>
      <IgnoreValidationErrors>false</IgnoreValidationErrors>
    </SSLInfo>
    <Properties>
      <Property name="success.codes">2xx</Property>
      <Property name="request.retain.headers">User-Agent,Referer,Accept-Language</Property>
    </Properties>
    <URL>https://pubsub.googleapis.com/v1/projects/{propertyset.settings.pubsub-project-id}/topics/{propertyset.settings.pubsub-topic}:publish</URL>
  </HTTPTargetConnection>
</TargetEndpoint>

Inside AM-Pubsub-Post-Body, you need to base64-encode whatever it is you want to publish. And also set “target.copy.pathsuffix” to false. Maybe like this:

<AssignMessage name='AM-Pubsub-Post-Body'>
  <Set>
    <Payload contentType='application/json'>
{
  "messages": [ {
    "data": "{encodeBase64(request.content)}",
    "attributes": {
      "source-proxy": "{apiproxy.name}",
      "source-org": "{organization.name}",
      "source-env": "{environment.name}"
    }
  }]
}
</Payload>
  </Set>

  <AssignVariable>
    <Name>target.copy.pathsuffix</Name>
    <Value>false</Value>
  </AssignVariable>

</AssignMessage>

And then you can add in your settings in the resources/properties/settings.properties file:

pubsub-topic=example-topic
pubsub-project-id=gcp-project-that-holds-pubsub-topic

Deploy your proxy with a particular service account - that allows the Authentication element in the target endpoint to do its magic. And grant that SA the role : roles/pubsub.publisher on the topic.

That works for me.

You could parameterize the topic - allow the proxy to get it from the inbound request, rather than from the properties file.

But in that case you would need to apply the role roles/pubsub.publisher on the PROJECT resource, not the TOPIC resource, for the particular SA you are using. Or just have a finite set of topics, and grant the roles/pubsub.publisher role to all topics that would get messages.

1 Like
5

Sorry for the delay in response, I have implemented the steps, connection to backend is happening successfully. But we are receiving a 404 Not Found, which is being verified. Will share the updates.

1 Like
6

You can simply create “NoTagret” proxy and attach the apigeeX publishMessage Policy to your proxy.

<?xml version="1.0" encoding="UTF-8"?><PublishMessage continueOnError="false" enabled="true" name="Publish-Message">
    <DisplayName>Publish Message</DisplayName>
    <Source>{request.content}</Source>
    <CloudPubSub>
        <Topic>projects/{project-id}/topics/{topic-name}</Topic>
    </CloudPubSub>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</PublishMessage>

And deploy the proxy by service account. Make sure your project’s service account has the required role at the destination project.

7

I’m always getting a error 400 using this AM

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> { "messages": [ { "data": "SGVsbG9Xb3JsZA==" } }] } target.copy.pathsuffix false

Your client has issued a malformed or illegal request. That’s all we know.

What could be the issue?

8

Looks there is extra “}” in your payload.

{
“messages”: [ {
“data”: “SGVsbG9Xb3JsZA==”
}]
}

Try like this.

9

Hi,

Thanks for your reply, but I still got the same error.