Assigned
Status Update
No update yet.
Comments
sj...@google.com
I have forwarded this request to the engineering team. We will update this issue with any progress updates and a resolution.
Best Regards,
Josh Moyer
Google Cloud Platform Support
Best Regards,
Josh Moyer
Google Cloud Platform Support
st...@sky.uk
This is not only useful for IP addresses, but also for many other resources. I understand that names are currently used as identifiers, so this request is probably not trivial to implement. Maybe distinguishing between a (numeric, automatically generated) identifier and a (textual) label is the way to go?
[Deleted User] <[Deleted User]>
Is it any hope? We have migrated our IP address to the server with different role, and now the name of this IP address resource doesn't match its role at all. It seems to be trivial enough to momentary reserve static IP address of the old named resource, drop resource, and immediately recreate it with the new name and the old IP address.
vg...@augury.com
This would also improve life when using the Google Deployment Manager (since it otherwise error's out if you've changed a name of an IP)
cd...@worldia.com
Over 3 years to get something as basic as renaming a static IP address. Any progress here?
gh...@lum.ai
Yes, I have a customer who has this exact issue too! Any updates or workarounds would be very appreciated!
gu...@gmail.com
Any progress in here?
[Deleted User] <[Deleted User]>
I would like this feature as well.
t....@gmail.com
Hello, any progress in here? Please is very frustrating.
se...@gmail.com
Hi, open request for more than 3 years for a simple change. Please proceed that.
[Deleted User] <[Deleted User]>
+1. :(
[Deleted User] <[Deleted User]>
We need this.
th...@gmail.com
please add this!
[Deleted User] <[Deleted User]>
+1 !
ja...@intercom.io
+1
ar...@blablacar.com
+1
[Deleted User] <[Deleted User]>
We need this please
[Deleted User] <[Deleted User]>
+1
ko...@gmail.com
+1
2018 =(
2018 =(
[Deleted User] <[Deleted User]>
+1
ro...@gmail.com
+1
ea...@gmail.com
+1
[Deleted User] <[Deleted User]>
+1
[Deleted User] <[Deleted User]>
+1 (again) coming up to 5 years?
ni...@noovle.com
+1
wa...@gmail.com
+1
am...@google.com
+1
[Deleted User] <[Deleted User]>
+1
[Deleted User] <[Deleted User]>
+1
[Deleted User] <[Deleted User]>
+1
ch...@google.com
+1
[Deleted User] <[Deleted User]>
Please implement this
[Deleted User] <[Deleted User]>
+1
mi...@rewe-digital.com
+1, don't see why this would be hard. If the underlying GCP infrastructure depends on the name remaining unchanged, then the frontend can simply provide a way to alias it such that the end-user doesn't have to see the "original" name anymore.
pj...@gmail.com
Bumping this.
Definitely useful feature at least provide a way to alias this.
+1
Definitely useful feature at least provide a way to alias this.
+1
la...@gmail.com
+1
[Deleted User] <[Deleted User]>
+1
gu...@gmail.com
+1
ma...@gmail.com
+1 Please add this feature
shouldn't be a very difficult implementation but benefits lots of people
shouldn't be a very difficult implementation but benefits lots of people
[Deleted User] <[Deleted User]>
+1
jo...@themindlab.co.uk
+1
[Deleted User] <[Deleted User]>
+1
[Deleted User] <[Deleted User]>
+1
do...@gmail.com
+1 (same goes for description). Should update in-place
ra...@bendingspoons.com
+1 here too. But the problem is also with disks. We currently use part of hostname in the name. Sometimes a machine has to be renamed and it's not possible.
[Deleted User] <[Deleted User]>
+1
al...@gmail.com
+1
re...@gmail.com
Guys, this feature was requested in 2014, what's the problem? Why hasn't this been implemented or at least an update been given??
[Deleted User] <[Deleted User]>
+1
Whe the ETA for this simple important request?
Whe the ETA for this simple important request?
[Deleted User] <[Deleted User]>
At least say NO so we are not left hanging for years and years. If you are looking for a reason why Google you can't compete with Azure and AWS this thread would be a prime example. If Google can't respond to basic feature requests then it is easy to imagine they can't do other basic things. Did Elon Musk take over Google too? Are 1/2 of you Google employees fired or just too busy checking out Amazon prime deals working at home? WTF, crickets for 8+ years? Do Something!
yi...@gmail.com
+1
gh...@gmail.com
+1
ke...@bright-interactive.co.uk
Hello,
Thanks for reaching out to us!
The Feature Request has been created and the Product Engineering Team is working on this request. At this moment, there is no ETA to this request. Thank you for your trust and continued support to improve Google Cloud Platform products.
In case you want to report a new issue, please do not hesitate to create a new
[Deleted User] <[Deleted User]>
+1, this would be a very valuable feature.
el...@springer.com
+1
[Deleted User] <[Deleted User]>
+1 we can't create dynamically 1 test environment by branch because of this..
pi...@gmail.com
+1
an...@gmail.com
Can we please stop with the +1? The proper way to vote for the issue is the star icon to the left of the issue subject. Those subscribed to receive replies (like myself) are likely doing so for when there is actual movement on the issue. The weekly +1 is just useless noise.
ma...@zoominfo.com
+1 and I added a star. This is blocking us from automating our IAP setup for GAE services.
_e...@partner.auchan.com
+1
[Deleted User] <[Deleted User]>
+1
[Deleted User] <[Deleted User]>
This prevents using dynamically created applications (what GitLab calls "Review Apps") with Google OAuth. Since each review app is deployed to a unique domain, e.g.: branch "foo" deploys to foo.review.example.com and branch "bar" deploys to bar.review.example.com , we cannot as part of our automated system configure client IDs and secrets.
It is a catch-22:
We cannot use a wildcard catch-all OAuth credentials because the Google Cloud Console forbids wildcards in origins, e.g.: *.example.com
We cannot use per-review-app OAuth credentials because we cannot programmatically create them during a deployment job, to inject the ID and secret into the frontend and backend respectively.
It is a catch-22:
We cannot use a wildcard catch-all OAuth credentials because the Google Cloud Console forbids wildcards in origins, e.g.: *.
We cannot use per-review-app OAuth credentials because we cannot programmatically create them during a deployment job, to inject the ID and secret into the frontend and backend respectively.
an...@gmail.com
+1
mb...@google.com
.
ni...@platform.sh
Please provide update on this highly important feature.
ta...@ujet.cx
+1
ha...@gmail.com
+1
rl...@travix.com
+1
ib...@gmail.com
+1
sh...@forallsecure.com
+1 This would help fill in a significant gap in automated deployments that support Gsuite login. In particular for use with terraform, as linked in the original comment: https://github.com/terraform-providers/terraform-provider-google/issues/1287
al...@gmail.com
Is is possible google has some other service that manages this? firebase perhaps? It seems strange that this seemingly simple request would be ignored for so long.
very frustrating.
very frustrating.
ka...@kralnet.us
Is there some particular reason why this hasn't been implemented yet, or just that nobody's gotten around to it?
It sort of doesn't even really make sense - all the other APIs are automated and usable via Terraform. We have several repositories at this point where the readme has a "Manual deployment steps" that consists entirely of messing with OAuth client IDs in the cloud console, while literally everything else is smoothly automated. It's big enough of a wrench thrown into the automation pipeline though that a fair amount of special care needs to be taken to restructure the automation around this lack of automation.
It would make sense for some esoteric GCP functionality to not be automated, but this seems fundamental enough that it's a strange anomaly to not have the API in place.
It's sorta like having an assembly line that manufactures automobiles where the vehicles come out fully assembled but with no pistons in the engines. Sure, they can be added in later, but you basically have to backtrack into the automation process and account for the fact that someone has to take the whole thing apart and reassemble it so that it has all of the critical components in place.
But who knows - maybe there's some security concern, where Google doesn't want bots programmatically making nefarious OAuth client IDs, if there is such a thing. (shrug)
Anyways, this is my +1 vote for providing an OAuth client credential management API.
It sort of doesn't even really make sense - all the other APIs are automated and usable via Terraform. We have several repositories at this point where the readme has a "Manual deployment steps" that consists entirely of messing with OAuth client IDs in the cloud console, while literally everything else is smoothly automated. It's big enough of a wrench thrown into the automation pipeline though that a fair amount of special care needs to be taken to restructure the automation around this lack of automation.
It would make sense for some esoteric GCP functionality to not be automated, but this seems fundamental enough that it's a strange anomaly to not have the API in place.
It's sorta like having an assembly line that manufactures automobiles where the vehicles come out fully assembled but with no pistons in the engines. Sure, they can be added in later, but you basically have to backtrack into the automation process and account for the fact that someone has to take the whole thing apart and reassemble it so that it has all of the critical components in place.
But who knows - maybe there's some security concern, where Google doesn't want bots programmatically making nefarious OAuth client IDs, if there is such a thing. (shrug)
Anyways, this is my +1 vote for providing an OAuth client credential management API.
me...@stuartwakefield.co.uk
+1
el...@google.com
IAP users, check out the new IAP OAuth API.
The API enables programmatic creation & management of OAuth clients for IAP applications that will be used by users within your domain.
https://cloud.google.com/iap/docs/reference/rest#rest-resource:-v1.projects.brands
https://cloud.google.com/iap/docs/programmatic-oauth-clients
The API enables programmatic creation & management of OAuth clients for IAP applications that will be used by users within your domain.
ms...@google.com
pr...@hawkfish.us
This is great news! Amazing work.
sa...@gmail.com
> Marked as fixed.
This is not fixed.
It's still not possible to manage API OAuth client credentials programmatically - the literal title of that issue.
This is not fixed.
It's still not possible to manage API OAuth client credentials programmatically - the literal title of that issue.
aj...@archive.zumepizza.com
When will this be fixed? It's blocking our project.
sw...@bainbridgehealth.com
Since the status of this is marked as "fixed", I am going to guess that the powers that be will make no further progress on this ticket as it is.
It probably makes sense to open a new ticket with more specific details with what you need to accomplish.
It probably makes sense to open a new ticket with more specific details with what you need to accomplish.
pi...@google.com
Hello, this Feature Request has not been completed, yet.
la...@brut.media
As many people, I'd like to have this feature to automate my deployments in CI/CD pipelines.
Automate all the things!
Automate all the things!
ad...@google.com
gl...@gmail.com
We need this!
cm...@gmail.com
will API's get added for those of us not in Google Cloud?
ke...@gmail.com
This would be useful for us too!
da...@gmail.com
Sane thing for me with multiple company I work for would like to be able to add "authorized redirect uri" from CI to be able setup everything automatically.
ts...@gmail.com
Would like to have this one as well.
We need it to periodically rotate the secret for security reasons. Common google, 2 years for small feature....
We need it to periodically rotate the secret for security reasons. Common google, 2 years for small feature....
do...@gmail.com
When researching on how to create OAuth 2.0 client credentials in Terraform, I was kind of surprised that there is no API for this use case. From the existing documentation, it is hard to find out that the recently released IAP OAuth client management API only covers the special case of IAP OAuth clients but not general OAuth clients. This raises confusion among people and false assumptions.
I would appreciate to have an API which allows to manage OAuth 2.0 client credentials just like in the GCP console.
I would appreciate to have an API which allows to manage OAuth 2.0 client credentials just like in the GCP console.
li...@google.com
We are engaging an automation solution with google ADs team by terraform
recently, the only manual process is the OAuth 2.0 client credentials setup
through console. I would appreciate if we have an API
On Mon, Jan 25, 2021 at 6:34 PM <buganizer-system@google.com> wrote:
recently, the only manual process is the OAuth 2.0 client credentials setup
through console. I would appreciate if we have an API
On Mon, Jan 25, 2021 at 6:34 PM <buganizer-system@google.com> wrote:
--
Chenggang Liu
liuchenggang@google.com
Customer Engineer
Raycom Tower B,No.2 Kexueyuan South Road, Haidian District, Beijing, 100022
mb...@google.com
+1 Any updates on this?
[Deleted User] <[Deleted User]>
Any updates...if giving API access that would be helpful for development
di...@gmail.com
Is there are any update regarding this issue? Much appreciated if you could resolve this
el...@sada.com
This feature request has been open for a few years now without any real action.
For many Google Cloud customers using Google Oauth as their primary identity provider for logging in to environments, it’s impossible to fully automate the environment creation today. The reason is that it’s not possible to create a Webapp Oauth Client ID + secret from Terraform (as you would do here), because there is no external API for creating those resources. Google appears to consider .
Google appears to consider this done because they allowed automation of client creation for IAP resources, but that’s useless for resources hosted anywhere other than behind IAP.
This is a huge blocker for many Google customers because it prevents full automation for creating their environments. The only workaround we can find is shifting workflows to use Azure AD or AWS Cognito as primary identity provider.
Let me know if you have any question.
Best,
Elena
For many Google Cloud customers using Google Oauth as their primary identity provider for logging in to environments, it’s impossible to fully automate the environment creation today. The reason is that it’s not possible to create a Webapp Oauth Client ID + secret from Terraform (as you would do here), because there is no external API for creating those resources. Google appears to consider .
Google appears to consider this done because they allowed automation of client creation for IAP resources, but that’s useless for resources hosted anywhere other than behind IAP.
This is a huge blocker for many Google customers because it prevents full automation for creating their environments. The only workaround we can find is shifting workflows to use Azure AD or AWS Cognito as primary identity provider.
Let me know if you have any question.
Best,
Elena
ko...@koma.be
This API is never gonna happen IMO.
Create your OAUTH credentials manually in a separate project and define them as data sources in your Terraform setup.
Is it ideal ? No. Is this the end of the world ? Neither.
Create your OAUTH credentials manually in a separate project and define them as data sources in your Terraform setup.
Is it ideal ? No. Is this the end of the world ? Neither.
ve...@quantexa.com
What is the status on this?
We have a use case where we need to create OAuth Desktop Clients programmatically but that is not available through thehttps://cloud.google.com/iap/docs/reference/rest/v1/projects.brands.identityAwareProxyClients/create API.
The Console UI does call some sort of API athttps://clientauthconfig.clients6.google.com/v1/clients with the following payload:
authType: "SHARED_SECRET"
brandId: "XXXXXXXX"
displayName: "test-ventsi"
projectNumber: "XXXXXXXX"
type: "NATIVE_DESKTOP"
This is exactly what we need. Currently we are stuck creating a Web Application type and having users authenticate to it by using redirect URI of itself and users having to grab the Auth Token from the URL parameters.
If we can get update from google, that would be great!
We have a use case where we need to create OAuth Desktop Clients programmatically but that is not available through the
The Console UI does call some sort of API at
authType: "SHARED_SECRET"
brandId: "XXXXXXXX"
displayName: "test-ventsi"
projectNumber: "XXXXXXXX"
type: "NATIVE_DESKTOP"
This is exactly what we need. Currently we are stuck creating a Web Application type and having users authenticate to it by using redirect URI of itself and users having to grab the Auth Token from the URL parameters.
If we can get update from google, that would be great!
da...@crunchydata.com
I would like this to limit the scope of a compromised oauth client key.
ar...@ravelin.com
+1
ph...@xpoli.eu
+1
vi...@ekahaa.com
+1 come on Google! sounds like this is a much sought after feature!
bj...@subsplash.com
+1
[Deleted User] <[Deleted User]>
+1
[Deleted User] <[Deleted User]>
+1
[Deleted User] <[Deleted User]>
+1
ja...@crispthinking.com
+1
ch...@otbc.se
+1
an...@qyberion.com
Please refrain from submitting "+1" comments that spam everyone subscribed to issues here on Google (or for that matter in almost all modern issue trackers). It isn't the Apache board in 1998. Vote and subscribe to issues. Or at least add some meaningful information to your comments. Thank you for your understanding.
an...@loreal.com
+30000 an API to manage ALL the Client ID / Oauth Creds, whatever they are used or not and whatever coming from api or UI
ro...@gmail.com
+1
sa...@gmail.com
+999999
This was opened in 2018 and it's 2022 and WE all want this feature so bad.
I recently started using Google Cloud and I am facing this issue in almost all of the deployments I am doing.
We need the APIs to create OAuth Client IDs programmatically!
This should be a TOP priority in 2022, PLEASE.
This was opened in 2018 and it's 2022 and WE all want this feature so bad.
I recently started using Google Cloud and I am facing this issue in almost all of the deployments I am doing.
We need the APIs to create OAuth Client IDs programmatically!
This should be a TOP priority in 2022, PLEASE.
kb...@gmail.com
+1
st...@google.com
My customer is very interested in this feature. They are trying to automate dev onboarding. For example. every tableau user needs to connect to bq they are manually creating OAuth 2.0 credentials. Currently no API is available to create this (Currently available on UI). Is there any time line on when this would be available?
wy...@gmail.com
+1
fe...@gmail.com
3 years and no fix. What's going on?! GCP features should be available through API from the day 0.
This blocks:https://github.com/hashicorp/terraform-provider-google/issues/6074
This blocks:
sr...@manh.com
Comment has been deleted.
sp...@google.com
ka...@kralnet.us
Looks like Google has made major progress on this, unless I'm mistaken - at least in terms of Identity Aware Proxy (IAP) and Identity Platform (IDP).
For example, `gcloud alpha iap oauth-clients`, as described here:https://cloud.google.com/sdk/gcloud/reference/alpha/iap/oauth-clients
In Terraform there's a corresponding `google_iap_client` resource. Similar is true for IDP.
So that's encouraging! It's overall pre-GA, but it's a step in the right direction.
For example, `gcloud alpha iap oauth-clients`, as described here:
In Terraform there's a corresponding `google_iap_client` resource. Similar is true for IDP.
So that's encouraging! It's overall pre-GA, but it's a step in the right direction.
ia...@gmail.com
The google_iap_client is very limited in terms of exposing all the features for creating a oauth2 client. It is best used in limited capacity when referencing in backend configuration.
[Deleted User] <[Deleted User]>
I don't understand why you can't do the same actions from the iap command line as you can from the console. I am not talking about editing an existing client, but even creating one the only thing you can do is set the name, but no redirect URI. Frustrating.
ri...@doit.com
+1
ch...@biotics.ai
+1
sh...@gmail.com
+1
lo...@pgs.com
+1
ha...@google.com
+1 for MLP, who requires this to be able to fully use Terraform
ry...@gmail.com
The goal here is to use Google as a federated identity source in another cloud environment (eg: via AWS Cognito). Some of us have to deploy to AWS but also have gsuite, so being able to automatically set up (via terraform) cross-cloud beyondcorp would be really nice. Right now the process involves too much back and forth, since some of the URLs that need to be put into GCP come from generated terraform outputs from the AWS side. Mixing both AWS + GCP into a single TF run would be ideal here.
But it is not to be, because one cannot manage even internal oauth2 clients via the API and terraform. Sad!
But it is not to be, because one cannot manage even internal oauth2 clients via the API and terraform. Sad!
ck...@google.com
My assigned has same trouble and they would like to solve this issue,
They have created a mechanism to automatically build multiple development environments. Although the creation of other services can be automated, only the OAuth2.0 client settings have to be handled manually. Please be able to do the following to improve the development cycle:
- Capability to add, remove, and edit oAuth approved redirect URIs from the command line
- Partial wildcard support for oAuth approved redirect URIs.
th...@otto.de
+1
co...@otto.de
Yes, would love to see it. It prevents complete automation. Manually created artifacts should be a no go in production envs.
va...@gmail.com
+1
jp...@gmail.com
We have a multitenant web app, each tenant is a separate URL, the whole deployment is automated expect the part where we need to add the Javascript origin and allowed redirect (the tenant-specific URL) manually in the GCP console. So +1 to this request.
[Deleted User] <[Deleted User]>
+1
ph...@battelleecology.org
5 years of customers asking for this, zero updates from Google...
ba...@google.com
gh...@google.com
ja...@onda.ai
I am in the same boat as https://issuetracker.google.com/issues/116182848#comment129 . I need the ability to dynamically specify the Redirect URIs et al when creating the OAuth2 Client ID credential.
ed...@kognic.com
So tiered of all the limitations GCP have when it comes to oauth. Just like most people here, I need to be able to define Redirect URIs.
I really don't want to host my own oauth solution, but with all the limitations that GCP has around it, I'm starting to lean towards hosting our own keycloak or similar tool is the only long term solution. How are we supposed to scale with these kinds of limitations?
rp...@activecampaign.com
+1
va...@google.com
gh...@google.com
mi...@roller.de
Please....do it!
ar...@gmail.com
The pressing issue is inability to specify the redirect uri for a newly created google_iap_client resource in Terraform. According to https://cloud.google.com/iap/docs/programmatic-oauth-clients
"The OAuth clients created by the API are locked for IAP usage only, and therefore the API does not allow any updates to the redirect URI or other attributes."
Why!
It is not acceptable in 2023 to have to modify production infrastructure manually.
"The OAuth clients created by the API are locked for IAP usage only, and therefore the API does not allow any updates to the redirect URI or other attributes."
Why!
It is not acceptable in 2023 to have to modify production infrastructure manually.
ja...@google.com
I'm not from the Terraform or OAuth Teams, But I just tried this and it is working for me:
This is Ideal if you have not already enabled Identity Platform on your Google Cloud Project as it will enable it for you as if you pressed the big blue "Enable Identity Platform" button on the GCP console for a new project.
If you already have an Identity Platform enabled on your GCP Project, then you can try and import with terraform import google_identity_platform_config.default "my-gcp-project" once you have added the below to your terraform config:
resource "google_identity_platform_config" "default" {
project = var.project_id
autodelete_anonymous_users = true
authorized_domains = [
"localhost",
"my-gcp-project.firebaseapp.com",
"my-gcp-project.web.app",
"${var.dns_domain}",
"api.${var.dns_domain}",
]
}
vm...@gmail.com
Bro, do not tell me that it is 17th of October, 2023, and it STILL have not been implemented!? We are in the analysis phase of our project, and we decided to switch to different servicde when this simple thing is so big issue... bye
vm...@gmail.com
We needed this for firebase environments automation (for example PR projects, where also google login needs to be tested...)
mi...@clipido.com
Quite a shame that the whole google cloud environment is automated except for this. This is much needed for GitOps or any other form of infrastructure automation...
ma...@bright-interactive.co.uk
Today's xkcd comic seems very relevant to this thread: https://xkcd.com/2881/
be...@precisionsoftware.us
Heck, I'd be ecstatic to just get an API to map from the human readable name to the set of strings needed to run an OIDC authentication:
- client_id
- client_secret
- a few global (presumably, at least when limited to google) URLs
That would be enough that I could at least use a Terraform data resource to fill in blanks on other resources.
ja...@talkspace.com
+1
ra...@quorbit.co.uk
+1
sh...@agencyanalytics.com
+11111111
gr...@trmlabs.com
+1
[Deleted User] <[Deleted User]>
+1
ru...@gmail.com
+1
as...@bt.com
We need this as well.
ad...@mystrobe.net
Comment has been deleted.
av...@gmail.com
+1
va...@google.com
va...@google.com
[Deleted User] <[Deleted User]>
+1
al...@nitrado.net
+1
mi...@ruhl.in
+1
ci...@gmail.com
+1
ja...@crispthinking.com
+1
py...@scorewarrior.com
What do you think about the idea of ​​implementing changing Authorized JavaScript Origins and Authorized Redirect URIs programmatically instead of manually in the GCP console?
Identity Platfrom includes a lot of functionality and requires support for it on clients. I would like to stay on simple and convenient OAuth clients that can be fully managed via API.
s....@gmail.com
+1
mb...@fu.do
+1
do...@ext.urw.com
+1
ss...@google.com
+1 for my customer Unibail
yo...@nais.io
+1
sa...@gmail.com
+1
da...@gmail.com
+1
Description
This will be used for example on Terraform Google Provider :