I recently created a very basic very static site through Google app engine. My question is, if I publish the site, what is required to edit it. What sort of authentication is required when you deploy the site with local files? I might have missed it but does it check an ID from your computer the first time or simply use the project-id in the .yaml file? If I were to deploy it and want to be able to create a different version from another host, what would I need besides the source files?
PS: I will and definitely NEED to go over the doc fully (err semi-fully), just wanted to ask this question which hopefully has a rather trivial answer.
When you deploy it, it will either ask for your username and password, or if you pass the --oauth2 flag, it will take you through an OAuth flow to authenticate.
(Take a look at appcfg.py --help if you are curious about the options available.)
Deployment requires the Google Account username and password from someone with permissions to deploy (in your case, probably your admin account).
You can either enter these every time you deploy, or have them stored locally. Check for example here for the Python info: https://cloud.google.com/appengine/docs/python/tools/uploadinganapp
Related
Known issue:
Installing google-cloud-sdk (linux package or from tarball) has a quirk where you cannot create projects from the command line before accepting the terms of service.
Steps to reproduce:
Download sdk, untar, move folder to home directory and add google sdk root directory to PATH using install.sh
Initialize and login with: $ google init
Create a project from the CL: $ gcloud projects create --set-as-default
This will spit out an error like:
ERROR: (gcloud.projects.create) Operation [cp.5641973328385684887] failed: 9: Callers must accept Terms of Service
I hazard a guess that accepting the terms of service have not been built into the command line initialization yet. Omitting such a fundamental step to an installation process should be illegal, with consequences ranging from death by a thousand key-stokes, to 'build an operating system in headfuck'... but that's just me...
We find the solution in the most unholiest of places: the google cloud control interface (cloud console).
Go to your cloud console
Create a project by selecting 'select a project' (top-left next to "Google Cloud Platform" and then 'create project' (top-right in the popup window).
This will prompt the terms of service agreement and you may carry on after agreeing to the terms of service.
I hope this helps whoever else stumbles upon this most infuriating of errors.
Live long and prosper
Bitshift
Let's not be so dramatic with "death by a thousand key-strokes". This is a security measure that should be implemented. Security is not always convenient but can save your checking/credit account a lot of grief.
Imagine this theoretical scenario. You provide me with a service account that has the roles to create a project. I create a new project. This project is created under your Google Billing Account. I know what I am doing with Google IAM so I remove you from the new project and make myself the Project Owner. Now you have no access to the new project but your credit card is paying the bills for my project. I think you would then be screaming "death by a million key-strokes".
There are two types of projects:
Independent projects not part of an organization.
Projects that are part of an organization.
If you are part of a Google Cloud Organization, you can easily create projects up to your quota limit (default is 5). No prompting, accepting TOS, etc. Using the CLI to create a new project is effortless.
If you are not part of an Google Cloud Organization then you are basically creating a new account, you need to set up account billing, accept terms of service, etc. This means that you should not use the CLI to create a new project as the CLI does not prompt you for the items that a new project requires. Why, the CLI should be using a service account. The service account is not the IAM member that owns the account. This forces you to log into the Google Cloud Console using your User Credentials to create the new project.
For anyone getting this message when trying to create a dialogflow agent:
Go to https://console.cloud.google.com, login and accept the displayed terms and conditions.
Afterwards it worked for me...
I'm working on a project with Google App Engine. I am using continuous integration via Travis, and wish to be able to deploy directly from it. Due to a bug that will not be resolved directly, I can't rely on Travis' built-in GAE deployment, so I basically have to use mvn appengine:update manually. This requires me navigate to a generated URL and manually paste to the terminal an authentication code, which I can't do in automated builds.
It was suggested to me, however, that I do some Unix magic instead. While I can easily pick out the URL I need to navigate to from grep, I still need to log in to Google with my credentials in order to actually get the authentication code (which I can then grep out and pipe to the deployment program).
Given that, how do I log in to Google with my credentials, using only curl or similar command-line utilities?
I've accomplished similar things in the past using Service Accounts. These are likely a good fit for your problem.
Service Accounts will allow you to authenticate and upload your app without manual intervention.
Overview
A Service Account will allow you to do "passwordless" authentication like you may already do with ssh, and git, etc. by setting up your keys. This will remove the requirement that you log in manually, or follow the road to madness by trying to do a "manual" login automatically.
There are basically two steps:
Create your service account and key (with the right permissions)
Use that credential instead of what you're doing now
Resources
I think it's better to give a list of resources than concrete instructions since it's basically impossible to express concisely (even though it's a simple process, there's bound to be a lot of little things that annoy), everyone's requirements will be slightly different, and Google is likely to change the process at some point.
Using the Google Cloud Platform Console for App Engine | Permissions
Using OAuth 2.0 for Server to Server Applications
Setting up OAuth 2.0 | Service Accounts
gcloud auth activate-service-account
Hopefully that's enough to get you headed in the right direction.
Note
You'll likely have to spend some time looking at your .appcfg_oauth2_tokens_java and sorting out a variety of other annoyances, but I believe that this approach is the best way to solve your problem.
It sounds like you have a pretty straight-forward setup and that a Service Account alone will get you there, but if you need to get a little weird, the App Engine Admin API is always there.
I recall seeing an option on the google app engine admin page that would allow me to duplicate/copy a deployment to a different appid. Was I imagining this? I do have a copy of all the files needed for deployment but I do not currently have access to a computer with admin privileges in order to install the GAE SDK.
Not relevant to this question, but FYI I need to do this simply because there is a major bug that's preventing me from logging in to a particular part of the admin interface and google tech support has failed to resolve the issue, so I'm just trying a workaround.
Copy old settings to new app via the admin console admin>application settings>Duplicate Application Settings. (you'll choose new appid here too)
Then upload a version of your code to the new appId (so you'll need gae sdk or use online sdk devtable).
Then go to datastore admin in the old app, select all the entities and choose "copy to another app" You'll need datastore admin to be enabled on the old app (and new app I think).
Using Eclipse, I am experiencing an error when trying to deploy a rather basic web app with JAX-RS and JAXB. It runs okay locally, but when trying it on the remote servers I get the message shown below...
'Deploying to Google' has encountered a problem / This application does not exist
Below shows my appengine-web.xml
The XML file illustrates that I am using the same name in the xml as what's specified in the project properties...
The output window show...
------------ Deploying frontend ------------
Preparing to deploy:
Created staging directory at: '/var/folders/n8/6by626014jbfc0dwmxnb0ly00000gn/T/appcfg2754901216637807129.tmp'
Scanning for jsp files.
Scanning files on local disk.
Initiating update.
com.google.appengine.tools.admin.HttpIoException: Error posting to URL: https://appengine.google.com/api/appversion/create?app_id=hillingarincident&version=0&
404 Not Found
This application does not exist (app_id=u'hillingarincident').
Debugging information may be found in /private/var/folders/n8/6by626014jbfc0dwmxnb0ly00000gn/T/appengine-deploy447984481661870877.log
The referenced debug logs show...
Unable to update:
com.google.appengine.tools.admin.HttpIoException: Error posting to URL: https://appengine.google.com/api/appversion/create?app_id=hillingarincident&version=0&
404 Not Found
This application does not exist (app_id=u'hillingarincident').
at com.google.appengine.tools.admin.AbstractServerConnection.send1(AbstractServerConnection.java:293)
at com.google.appengine.tools.admin.AbstractServerConnection.send(AbstractServerConnection.java:253)
at com.google.appengine.tools.admin.AbstractServerConnection.post(AbstractServerConnection.java:232)
at com.google.appengine.tools.admin.AppVersionUpload.send(AppVersionUpload.java:644)
at com.google.appengine.tools.admin.AppVersionUpload.beginTransaction(AppVersionUpload.java:449)
at com.google.appengine.tools.admin.AppVersionUpload.doUpload(AppVersionUpload.java:124)
at com.google.appengine.tools.admin.AppAdminImpl.doUpdate(AppAdminImpl.java:371)
at com.google.appengine.tools.admin.AppAdminImpl.update(AppAdminImpl.java:53)
at com.google.appengine.eclipse.core.proxy.AppEngineBridgeImpl.deploy(AppEngineBridgeImpl.java:433)
at com.google.appengine.eclipse.core.deploy.DeployProjectJob.runInWorkspace(DeployProjectJob.java:148)
at org.eclipse.core.internal.resources.InternalWorkspaceJob.run(InternalWorkspaceJob.java:38)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:53)
Any answers will be appreciated. At one point my browser was not logged in to the target google account, so I swapped to the correct one a little later, Google does render the application name as expected.
Okay, this was simple in the end! Eclipse performs an auto-login to the Google account, unfortunately I created the Eclipse project whilst being logged in to one Google account and then tried to specify the application name afterwards.
You'll see in the bottom-right (or bottom-left in some versions) a Google icon with the name of the user that you are logged in as. If that's not the account where your application is defined, then simply logout of that account, then login as the correct Google account.
Now there's no error :-)
I know this question is super old but I had this issue all day and finally I found a solution. Maybe it will help someone out in the future.
After you create a project in Google Cloud Platform, you must go to google cloud shell in your project and run the command
gcloud beta app create
After you run this command, you will get prompted to choose a region. Then go back to eclipse and try deploying it. It worked for me.
There are not just 1 way can cause this problem. For me, I have this problem when I create the project using Maven. But I don't have the same issue if I directly create the project from the Google plugin.
There might be another issue, when you register with Google App Engine, you receive email indicating your activation. If you have not received the email yet, this problem could occur too.
Another issue could be to use the gmail account for the Google App Engine to avoid any such errors.
I am trying to automate the deploy process with the Google AppEngine Launcher, and the one thing getting in my way is the password enquiry; I am trying to set it up so that I don't have to enter my password after the first time.
One approach I am looking at is to somehow ensure the cookie does not expire; any ideas on how this may be accomplished?
Are there any resources that detail the format of the .appcfg_cookies file, including the encoding?
Another approach I am looking into is the use of the --passin argument. Are there any resources on this?
Thanks in advance.
Google App Engine now supports OAuth tokens to handle automated deployment, which does not expose your Google account password.
The --passin argument is what you want - use appcfg.py with that and the --email argument, and provide the password from a file and you're sorted.
This seems fairly straightforward - what sort of 'resources' are you looking for?