github/genai-toolbox
1
1
Fork 0
mirror of https://github.com/googleapis/genai-toolbox.git synced 2026-04-09 03:02:26 -04:00
Code Issues Packages Projects Releases 14 Wiki Activity

docs: change docs to add authenticated Toolbox Cloud Run access (#575)

Browse Source
This commit is contained in:
Twisha Bansal
2025-05-20 21:26:38 +05:30
committed by GitHub
parent 4b4fbc656a
commit 0e4564f383
1 changed files with 24 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
docs/en/how-to/deploy_toolbox.md
View File

@@ -48,14 +48,6 @@ description: >
- Cloud Run Developer (roles/run.developer)
- Service Account User role (roles/iam.serviceAccountUser)
{{< notice note >}}
If you are under a domain restriction organization policy
[restricting](https://cloud.google.com/run/docs/authenticating/public#domain-restricted-sharing)
unauthenticated invocations for your project, you will need to access your
deployed service as described under [Testing private
services](https://cloud.google.com/run/docs/triggering/https-request#testing-private).
{{< /notice >}}
{{< notice note >}}
If you are using sources that require VPC-access (such as
AlloyDB or Cloud SQL over private IP), make sure your Cloud Run service and the
@@ -138,27 +130,21 @@ section.
# --allow-unauthenticated # https://cloud.google.com/run/docs/authenticating/public#gcloud
```
## Connecting to Cloud Run
Next, we will use `gcloud` to authenticate requests to our Cloud Run instance:
1. Run the `run services proxy` to proxy connections to Cloud Run:
```bash
gcloud run services proxy toolbox --port=8080 --region=us-central1
```
If you are prompted to install the proxy, reply *Y* to install.
1. Finally, use `curl` to verify the endpoint works:
```bash
curl http://127.0.0.1:8080
```
## Connecting with Toolbox Client SDK
Next, we will use Toolbox with client SDK:
You can connect to Toolbox Cloud Run instances directly through the SDK
1. [Set up `Cloud Run Invoker` role access](https://cloud.google.com/run/docs/securing/managing-access#service-add-principals) to your Cloud Run service.
1. Set up [Application Default
Credentials](https://cloud.google.com/docs/authentication/set-up-adc-local-dev-environment)
for the principle you set up the `Cloud Run Invoker` role access to.
{{< notice tip >}}
If you're working in some other environment than local, set up [environment
specific Default
Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc).
{{< /notice >}}
1. Run the following to retrieve a non-deterministic URL for the cloud run service:
@@ -168,18 +154,16 @@ Next, we will use Toolbox with client SDK:
1. Import and initialize the toolbox client with the URL retrieved above:
{{< tabpane persist=header >}}
{{< tab header="LangChain" lang="Python" >}}
from toolbox_langchain import ToolboxClient
```python
from toolbox_core import ToolboxClient, auth_methods
# Replace with the cloud run service URL generated above
toolbox = ToolboxClient("http://$YOUR_URL")
{{< /tab >}}
{{< tab header="Llamaindex" lang="Python" >}}
from toolbox_llamaindex import ToolboxClient
# Replace with the cloud run service URL generated above
toolbox = ToolboxClient("http://$YOUR_URL")
{{< /tab >}}
{{< /tabpane >}}
# Replace with the Cloud Run service URL generated in the previous step.
toolbox = ToolboxClient("http://$YOUR_URL")
auth_token_provider = auth_methods.aget_google_id_token # can also use sync method
toolbox = ToolboxClient(
URL,
client_headers={"Authorization": auth_token_provider},
)
```
Now, you can use this client to connect to the deployed Cloud Run instance!