Is there an sort of API to automatically map custom domains to app. In a multi tenant system, app domain mapping requires that an explicit mapping is created through App Engine settings.
Is there any way of doing this programmatically? Cloud DNS API of sort for App Engine app domain mapping.
Meanwhile the desired feature has been implemented in beta stage, and there is now indeed a way of doing this programmatically, and you can now manage both your custom domains and SSL certificates using the new beta features of the Admin API and gcloud command-line tool. More detail can be gathered from the "App Engine users, now you can configure custom domains from the API or CLI" documentation page.
Related
I bought a domain from GoDaddy.com and I've been trying to connect that as a custom domain to my app engine project.
My project is a static website made in python using the flask framework. I currently have the stock url provided but I want to connect a custom domain purchased from GoDaddy. I updated the records under manage DNS settings on GoDaddy with the ones provided when I mapped my domain in the App Engine settings. I followed this tutorial on Google Cloud documentation.
What am I doing wrong? The site shows up as can't be found when I try to access it through the custom domain.
I have a rest API hosted in Google App Engine. (API lives in a Docker container in the Flexible environment).
I need to support only internal API calls (from another service in the same App Engine Project) and for developer testing be able to call it directly (I don't want user authentication, but I should be able to access it still using the application_default_credentials...I'm just unsure how)
Can you direct me to documentation or examples of how to set this up?
The Google documentation is very lacking.
You have several options, including the following:
The App Engine documentation states that the recommended approach is OAuth for microservices that require authentication.
A second option is to use Cloud Endpoints with service account authentication.
Third, you can use Identity-Aware Proxy to secure the server. Clients can get an identity token from the metadata server.
I read this page: https://cloud.google.com/appengine/docs/ssl
What I'm wondering: When you create a Google Apps for Work account to get a certificate, does the same user need to 'own' the Google Cloud Platform account where the appengine is running?
And who should be the 'owner' of Cloud DNS?
In many cases, the programmer is not part of the company, so he doesn't have a google apps user account. Or is sharing access of the Cloud Platform enough to get SSL.
Regards, Peter
Note: GAE SSL on custom domains is about to break free of Google Apps, which may significantly change the context for your question and answer(s). See https://support.google.com/a/answer/2644334:
Currently the Google Apps SSL configs only map certificates to the custom domain URLs, regardless of those URLs being served by GAE apps or not, so app ownership identity shouldn't matter. But this needs to be done by a Google Apps Admin.
For now Google Apps Admins can still map custom domain URLs to GAE apps (unclear if they need to own the apps, the above note suggest they might not need to) - which will change after the migration to the Developer Console.
Both the Google Apps Admin or the GAE app owner can perform the app mapping to a custom domain URL (via the Apps Admin console or the Developer Console, respectively) provided they pass the domain ownership verification (the actual Cloud DNS owner doesn't matter technically).
The page you read links to a more detailed documentation for Google Apps, where you can find this :
To add your application to the Google Apps account, the account
administrator’s sign-in account (email address) should be an owner of
the app. This is set in the Google Cloud Platform documentation under
Permissions.
So the admin user who enables SSL on Google Apps must also be an owner of the Google Cloud Platform project.
Who owns the DNS settings (be it Google Cloud DNS or any other DNS service) is independent : it doesn't have to be the same person.
I have created an application that runs in GAE where users can create online stores. They can set up their own domain for the store. I verify the domain using Google Site Verification API:
https://developers.google.com/site-verification/v1/webResource
In order to serve the application in their domain, I also need to add a new URL defining a subdomain (i.e. www). I am currently doing this step manually, but I would like to do it programatically.
Is there a Google API to add new URLs to serve an app?
I want to implement some form of access control for a REST API implemented in App engine. Is it possible to get the list of GAE Applications that a user has permissions to administer or view in the app engine console. Or whether the user has permissions to administer/view the current application.
Note: the Users API does not work for me because this is a rest server called by another google app not a web service called by a user from the browser. OAuth API seems promising but I was unable to find an OAuth scope or rest endpoint for getting GAE related information.
there is no API that can provide a "list of GAE Applications that a user has permissions to administer." Google Cloud Endpoints on App Engine (Trusted Tester program) may be useful for hosting custom RESTful APIs with user authorization may be useful, read more here: http://endpoints-trusted-tester.appspot.com/
There must be an API as the Google Eclipse plugin is using it.
https://developers.google.com/eclipse/docs/signin?hl=de
But it is not documented.