0

I have designed a simple dialogflow and tried to enable basicauth by providing username and password in the code.It works.It is shown below(refer check_auth function):
app.py enter image description here The dialogflow works fine with the given username and password.I tried deploying to cloudrun via the CI/CD using cloudbuild.yaml and it works fine.

Now,I want to use secret manager to store the username and password instead of giving it in the code.

So,I created name:secret-username,value:myuser and name:secret-password,value:mypassword in the secret manager .Also,I reference the secrets in cloudrun as shown below: enter image description here Secret manager screenshot is shown below: enter image description here Also,I made changes to the code as shown below(I am referring the secret name to username instead of hardcoding my username value): enter image description here

It got deployed successfuly to cloudrun via cloudbuild.But ,Dialogflow does not accept my username and password.It gives unauthenticated error when I dont give any credentials in dialogflow which is expected.But,when I give my username and password as ""myuser" and "mypassword" as mentioned in the secretmanager value,it gives webhookcallfailed:error:unavailable which is shown below: enter image description here

The cloudbuild.yaml file is given below: enter image description here

Also,I have enabled all the required permissions(secret manager,serviceaccount,cloudrun) in cloud build settings. Could you please help me out with this?Is this related to any permission issues or anything with the code?

lakshmi
  • 201
  • 2
  • 13
  • What error are you getting? – sethvargo Aug 04 '21 at 00:38
  • When I test using the given username and password in dialogflow,I get "webhookcallfailed:error:unavailable" in diagnostic info.I have also updated with screenshot of dialogflow.@sethvargo – lakshmi Aug 04 '21 at 00:45
  • 2
    @lakshmi just to check, are you able to print the values of your secrets prior to passing the values to dialogflow? – Ricco D Aug 04 '21 at 03:11
  • How do you get the secrets value in your code? the `check_auth` function is strange. – guillaume blaquiere Aug 04 '21 at 09:41
  • @guillaumeblaquiere I got the check_auth,requires_auth,authenticate function from a documentation regarding setting the basic auth in dialogflow. But,this code works if I pass as hardcoded values as I have added in first screenshot.This is my gitlab link:https://gitlab.com/Suchitra1994/dialogflow/-/tree/master .Also,I connect with dialogflow using ngrok and pass the url along with the username and password to check if it is working – lakshmi Aug 04 '21 at 14:44
  • I posted an answer (better formatted than a comment). Let me know if it works. if so, i will explain you more. if not I will delete it. – guillaume blaquiere Aug 04 '21 at 15:04
  • @lakshmi, let us know if you've done what Ricco suggested after following Guillaume's answer. – Donnald Cucharo Aug 04 '21 at 18:06
  • @RiccoD .I tried out that and I did not get the values printed.its because probably I had given in wrong way..After that,I replaced my code with guillame code that he has given below. – lakshmi Aug 04 '21 at 20:30

1 Answers1

2

Can you replace your check_auth function by this one?

def check_auth(username, password):
    return username == os.getenv('secret-username') and password == os.getenv('secret-password')

EDIT 1

Your first screenshot, it's clearly mentioned: Exposed as an Environment Variables. Therefore you simply have to read your secrets as an environment variable. In python os.getenv('...')

You can also load secrets as volume (at the end, files in Cloud Run). If you do so, read your secret as file.

Note: Your mistake is one reason for which I don't like python. Your code is buggy with unknown secret-username and secret-password, but no problem, you can deploy it, no check, no compilation!

guillaume blaquiere
  • 66,369
  • 2
  • 47
  • 76
  • Ya.I did..I am getting UNAUTHENTICATED in dialogflow when I pass myuser and mypassword values in dialogflow – lakshmi Aug 04 '21 at 15:33
  • Can you print the values in a log? username and os.getenv(...) to compare them and to understand what is different – guillaume blaquiere Aug 04 '21 at 18:26
  • ..Thank you so much for your time and thank you for giving me the code. Actually your code works.In the 2nd screenshot that I have added above,I have given "username" instead of "secret-username" in left while referring it to secret-username:latest...Also along with your code, it worked. – lakshmi Aug 04 '21 at 20:51
  • Is it also possible to provide any documentation or link that you referred or could you please explain as to why we use os.getenv here...I came across with os.getenv but I assumed that we have to use when we create a seperate .env file. – lakshmi Aug 04 '21 at 20:52
  • I edited my answer. There is no Cloud Run specific thing, it's just a runtime configuration. And you have to comply with it. Let me know if you need more. And happy to help :) – guillaume blaquiere Aug 04 '21 at 20:53