GCP - Verify ownership of a cloud function https endpoint for a PubSub push

Question

Pretty sure there's no way to do this but would be great to reach out to see if anyone else has any ideas.

What I'm trying to do is this:

• I have 2 microservices hosted on Google Cloud Platform as cloud functions
• My first microservices does stuff and fires a PubSub message with topic [x]
• I'd like to set my second microservice up as a push subscriber to the topic [x]. I know I can do this by deploying the 2nd cloud function with a subscription trigger but I don't want to do this as there's no decent way to acknowledge/reject the message (see this post: Google Cloud Functions to only Ack Pub/Sub on success).
• Therefore I've deployed my 2nd function as having a HTTP trigger. I've then tried to configure the push subscription in the GCP console to this endpoint URL. Of course, this isn't working because the https://[cloud-subdomain].cloudfunctions.net/ isn't a verified domain.

I guess it's just not possible to do what I'm trying to and instead need to create my 2nd microservice in app engine or elsewhere where i can verify a domain.

Thanks in advance!

Answer 1

Site Verification using HTML tag method

Not just domain registrar based verification, you can verify your site using any of the methods listed here. I agree most of these will not work with Cloud Functions, but it is possible to get HTML Tag based verification working in matter of minutes with Cloud functions.

You will need to add the given meta attribute in the HTML response just before the body attribute.

Example:

<meta name="google-site-verification" content="VERIFICATION_TAG" />

Also, Google verifies the domain periodically (even after initial success) and hence you will have to continue returning this response as long as you want to have the URL verified.

How long does verification last?

Google periodically checks if your verification is valid in a way appropriate to your verification method (for example, by checking for the presence of an HTML tag on your site). If verification can no longer be confirmed, your permissions on that property will expire after a certain grace period.

Implement retry mechanism within your Cloud function

This is same as the option explained in the other answer you linked, and IMO simpler. Take currentRetryAttempt as one parameter of the request and increment this value every time you queue up a retry request recursively back to the same function when you're timing out. You will need to check currentRetryAttempt against a maxRetriesAllowed value before queuing up a new retry request.

It does not impose any restrictions on the responses from your Cloud function unlike the previous option.