#Google Cloud

Google Cloud Technology Thread

I need to remember to recertify in all my certifications. Where can I find a proper list of what's different between what the certs are now compared to 2023?

For all of them.

Hey guys.
I'm trying to set up Custom Search API but it's not working well.

My goal is to do image search.
Ex : I want a cat image. I call the Custom Search API with "cat" as query and it should return a cat image.

On GCP, I have my organization, my project and enabled the API. I also generated an API key.
On https://programmablesearchengine.google.com/ I created my own search engine for this purpose.

However when calling the enpdpoint I still receive an error. Below are my api call and the response I get :

curl 'https://www.googleapis.com/customsearch/v1?key={API_KEY}&cx={SEARCH_ENGINE_ID}&q=cat&searchType=image&num=1&imgSize=medium&safe=active'

{ "error": { "code": 403, "message": "This project does not have the access to Custom Search JSON API.", "errors": [ { "message": "This project does not have the access to Custom Search JSON API.", "domain": "global", "reason": "forbidden" } ], "status": "PERMISSION_DENIED" } }

Service account error

Go to IAM
Create new service account

For Search API

Well wait

You need your cloud run instance / whatever you're hosting it on to have a service account created

And it needs to have search API permissions

Have little to no connection to internet rn but

Go to IAM > Manage Roles > Create Service Account > [select cloud run or compute engine or whatever] > Add Role > Search API or Apigee Editor

Something like that

Should fix it! Lmk if it doesnt

@violet sorrel
Thanks for your reply !

I forgot to mention, but I'm actually trying to call this API from outside GCP network.
As a starter I am trying simply from my terminal. If this step is cleared I wanted to integrate it into my app which is running on supabase.

Does this also apply when I'm trying to call the API from outside ?

Where are you ingressing the data into?

Id recommend using a Cloud Run bastion host, but I think there's specifically an option that deals with dealing with traffic external to Google's networks. In that case you have to go to Firewalls and select "Allow all ingress and egress on all ports from the subnet range I am calling from"

You'll want it's priority set lower than 1000 (higher priority)

Best practice would be to ingress into a Cloud Run bastion host (best security too!) and have that set up as a node server that then forwards the handshake to the Search API using the service account topology I mentioned.

For testing I recommend setting it up to 0.0.0.0/0 which is EVERY IP range, but this is a huge security issue.

I recommend using a resource like "What is my IP?" And say that your IP is 72.162.94.16, set it up for 72.162.0.0/16 which should only allow the computers roughly in your area or on your subnet to access it!

Don't use the exact one otherwise your ISP might change your IP via DHCP!

I'm just trying to hit the command and get a result in my terminal for now.
I thought that Custom Search API was by default callable from outside the gcp network ?

Also, I noticed that gcp is trying to shift Custom Search API users to Vertex AI. When asking Gemini it also mentioned at some point that "New customers" would not be able to use it anymore.
Would this not be the cause here ?

In any case thank you so much for your guidance 🙏

Is your app hosted on GCP? I'm pretty sure there are ways to call Search APIs using Apigee as PaaS, i.e. without using the GCP tools.

I'm not sure, Gemini has a Search API feature, but you should be able to use Search API without Gemini as well. Either way I recommend looking into Apigee settings.

If your goal is to use the Search API as PaaS.

If you're just trying to ping it there might still be firewall issues and service account issues.

Try asking Gemini if you need to set it up for your specific use case.

It seems like you're hitting the endpoint, but you have a permissions issue.

This is either a service account or firewall error as you're getting a 403 forbidden, which means you're hitting the network but you're being stopped by RBAC or the actual firewall.

You may still need to set up firewall and service account settings even if you're using the APIs outside of the network. Hope this helps!

I'll give it a try, thanks so much 🙏 !

No problem!

If you get stuck lmk!

Yes, google is going to end of life Custom Search API and want their customer to migrate to the new Vertex AI Search. My Custom Search API is still working perfectly fine for me, honestly Google's decision of migrating to Vertex AI Search is really disappointing. Basically, they want everything built or has an AI on it now 🙂

Hi, I am building a production web app using the Google oauth, I am only accessing the openid, email and profile picture, do I need to submit my app for verification?. If I don't need to verify then is there any user limit?

I think this is more of a Android development question if this regards verification for the play store.

OAuth clients are set up in firebase. If you already have this set up, I recommend you move this to an android channel, as this is out of scope of Google Cloud.

Morning. What do you guys do here I don’t understand it

We build things using gcp :3

I'm migrating from Azure to GCP. The first thing I wish to migrate is our database.
It's very tiny (less than a GB) and I would like to take the cheapest route to migrate it.

Do I use the [https://console.cloud.google.com/marketplace/product/google/datamigration.googleapis.com?hl=en&organizationId=1095957692238&project=tensile-octagon-471113-k8&returnUrl=%2Fdbmigration%2Fmigrations%3Fhl%3Den%26organizationId%3D1095957692238%26project%3Dtensile-octagon-471113-k8] (Database Migration API) ?

Any other options?

I'm fully new to GCP

My db type is SQL server.

I would imagine you can create a SQL instance in GCP and enable eventual consistency when your Azure one is prod and your GCP is spinning up, using CAP principles to copy over the Azure instance rolled over the GCP instance. Once the eventual consistency copying completes, roll over the IP to the GCP sql ip using gradual rollout, starting with 5% of rollout on your load balancer to the GCP instance to ensure your GCP sql instance works, in order to ensure everything stays up and running. If it stays stable, continue the rollout to the GCP instance, keep the Azure version as a backup until you can ensure the GCP one is stable, then decommission the Azure sql instance.

ping

If you can afford to take down prod I'd imagine you can just export the sql data and import it into gcp cloud sql, not too familiar with that process tho

Hi

This is the channel for questions about GCP right ? 🙂

yes that is correct

https://cloud.google.com/learn/certification @violet sorrel

I'm well aware, I have 9 of them they're just expired lol

Great, you can find the difference in the current scheme

Oh thanks

Hi Everyone, I have query related to VPC peering

I have a GCP Apigee Instance which is a Google managed instance, we are reaching the Apigee using Private Access Service (PSA) subnet in the VPC. So, now there is a peering between the APIGEE project VPC and the VPC from my own project made through PSA.

I’m access the Apigee the request goes from my project VPC -> to Apigee Project VPC -> and Apigee hits the target that is a GKE Ingress Controller which is also in my project VPC with different subnet.

Now, if I move the target which is also in my project VPC to the different VPC, the transitivity comes into picture. How to peer the APIGEE VPC to the different VPC which we move the target recently?

Does anyone know how to apply the $10 monthly Google Cloud credits? I did it in February and March, but don't remember how and I've searched and asked Gemini high and low and just can't find it

Hello everyone, is anyone here registered on the the Cloud professional track?

Hi