I'm trying to enable IAP for the first time for an app I have set up and working. I think I'm missing an obvious step in the process, but can't seem to figure it out. In the console if I go to APIs and Services->Credentials, under OAuth 2.0 Client IDs there's an entry named IAP-backend-service. I retrieve the client ID and client secret from there.
The app I'm trying to secure is tekton. I'm deploying my backend through terraform using the google_compute_backend resource. To enable IAP, I'm adding the following block to that resource:
iap {
oauth2_client_id = "replaced"
oauth2_client_secret = "replaced"
}
This automatically enables IAP for it which I can see in the console. However, as soon as I do this, I can no longer access my app. I just get connection refused or connection reset without it trying to even prompt me for IAP creds. Is there another step I need to do for this to work?
I have firewall rules in place to allow tcp/80 and tcp/9097 from the IAP range (35.235.240.0/20)
Thanks!
