Separation of task queueing and task handling

[gaborbencebekesi]

I have the following stack in Google Cloud Platform.

Cloud Run (1) -> Cloud Tasks (2) -> Cloud Run (3)

The first component is an API with "Allow unauthenticated" and ingress "Internal + Load Balancing" options.
The second component is the queue, nothing special.
The third component is a worker with "Require authentication" and ingress "All" options.

When setting the audience of OIDC token to hash_hmac('sha256', $this->getHandler(), config('app.key')) the built-in Google authentication fails before reaching the third worker component.

This is the related commit: 45e8167

So, I had to override the audience setting and the verifier logic. It was complicated and unmaintainable.

--

Also, I am not sure if handle route should be always registered. For example, in our stack, an API component should not serve this route.

--

Could you share your opinion on these?
Thank you.

[marickvantuil]

Hey, the package (obviously) was not intended to work like that, but I'm interested in thinking of ways how this could work. Just out of curiosity and understanding the setup better, what is the reason the API sends jobs to the worker? Are they the same Laravel application?

Anyway, I'll think about it for a bit. If you have ideas in the meantime I'm curious to hear them as well!