GAE Firewall - Allowing Access for PubSub Push Subscriptions?

[JP Robinson]

Howdy all,

I'm attempting to restrict access to a 'development' project via the new GAE Firewall.

This project relies on push-style subscriptions for PubSub but I can't seem to find any magic CIDR block (similar to UrlFetch's 0.1.0.40) that would allow messages to be delivered.

Does such a CIDR block exist? If not, are there plans to add one?

thanks,

-JP

[George (Cloud Platform Support)]

Hello JP, 

The architecture for push subscriptions does not seem to require such a magic URL as the in case of UrlFetch, as there is no user-configurable firewall involved in the delivery path. "The Pub/Sub server sends any messages for your subscription to the webhook address you have configured. " In other words the firewall you have in mind would not affect your webhook directly. You can read more related detail on the "Push Subscriber Guide" documentation page, "Receiving Push Messages" subtitle. 

To directly reply to your question, the architectural use of a webhook makes extra firewall configuration unnecessary, in this case.