Verify/change application region at Google App Engine - google-app-engine

I'm creating a GAE application.
When I set my GAE PHP application as an authorized application to access my
Cloud SQL instance, I get the following warning:
App Engine regions must be the same as Cloud SQL instance regions!
How can I verify or change the region of my GAE application?
Thx

You can use gcloud app describe --project <projectId> command to get the location.
You cannot change an app's region after you set it.
Refer here.
For example:
$ gcloud app describe --project myapp-1337
authDomain: gmail.com
codeBucket: staging.myapp-1337.appspot.com
defaultBucket: myapp-1337.appspot.com
defaultHostname: myapp-1337.appspot.com
featureSettings:
splitHealthChecks: true
gcrDomain: us.gcr.io
id: myapp-1337
locationId: us-central
name: apps/myapp-1337
servingStatus: SERVING

You can see the location of your application at [1].
Regarding changing the region, please see [2] for more information.
[1] - https://appengine.google.com/
[2] - Change GAE application location
Update: EU app creation is now possible from the new Developers console and doesn't require whitelist / premier status. Looks like Location tab will only show in the GAE console if account was whitelisted / Premier. A way to find app location is still in the old GAE console -> from the list click on the app to go to the dashboard -> if you see e~ in the link after app_id=, your app is in EU, else if you see s~ your app is in the US.
Another alternative is to use gcloud command suggested by Ilya Zakreuski below.

You can get the AppId from the runtime environment:
Java:
ApiProxy.getCurrentEnvironment().getAppId()
or Python:
os.environ['APPLICATION_ID']
where the prefixes as mentioned by #Ilya and #Nikita still apply:
prefixed with e~ means EU and s~ means US.
P.S. It looks like both the dev consoles have been updated to get the App ID from elsewhere, so they don't have this prefix.

Related

Deploying a service to a subdomain Google App Engine

I have two services in my Google App Engine project: default and betaversion
they are currently, successfully deployed to different domains (e.g., example and otherwebsite), because I can't get the one deployed on the subdomain. what I'd like is for default to be at:
example.com
and for the beta to be at:
beta.example.com
so I only have to maintain 1 domain. I've made and deployed a dispatch.yaml file and added the beta CNAME DNS registration in the app engine settings and with my DNS registrar.
dispatch:
- url: "example.com/*"
service: default
- url: "otherwebsite.com/*"
service: betaversion
- url: "beta.example.com/*"
service: betaversion
beta.example.com works, but it's routing to the default service. I feel like I must be missing something small, but it's driving me crazy. Any help or ideas would be appreciated.
In case this helps anyone, the issue was that my updated dispatch.yaml file was inside of an undeployed version of the app.yaml file in the betaversion service.
If editing the dispatch.yaml file - make sure you also re-deploy the location containing that dispatch file. In my case, deploying it using
gcloud app deploy service-folder/dispatch.yaml
did not work unless I also deployed the service as well
gcloud app deploy service-folder/app.yampl service-folder/dispatch.yaml
It could be that you have not specified the service name in the yaml for the non-default service. If you don't specify a service name, I think it will go to the default service.
In addition, we have a blog post (complete with an example) about this scenario. Maybe something there will help you.

503 errors when trying to login on local Google AppEngine server

I have a functional Go app which I've been running locally for months. Got setup with Google Cloud, did a test run to a live domain, everything works.
Looking back at my local machine, I want to run a local Google AppEngine server (instead of running my Go app directly). It runs, however I'm trying to use the "login: required" parameter in app.yaml, and I see the login form at localhost:8080, however no matter what email I input, it keeps timing out with 503 errors.
My app.yaml:
application: myapp-dev
env: flex
runtime: go
api_version: go1
handlers:
- url: /
script: _go_app
login: required
Command I use to run the local app:
dev_appserver.py app.yaml
Flexible environment doesn't support 'login' features via app.yaml (external to whatever regular login you'd do in your app).
Standard environment app.yaml doc DOES list 'login' features: https://cloud.google.com/appengine/docs/standard/go/config/appref
Flexible environment app.yaml doc DOES NOT list 'login' features: https://cloud.google.com/appengine/docs/flexible/go/configuring-your-app-with-app-yaml
But more specifically, a page talking about upgrading from Standard-to-Flex, mentions that the login handlers for flex have been deprecated:
https://cloud.google.com/appengine/docs/flexible/go/upgrading
The login setting under handlers is now deprecated for the App Engine
flexible environment. You should follow the guidance for User service
migration.
So basically, with flex environment, there is no project-wide login controls possible outside of your app. You have to let the app initialize and then do normal authentication/authorization.
For my own project, I wanted a quick app-wide level of security so I could provide guest accounts and have them see what a public not-logged-in view of my app would be. Yes I can do the same within my app, I just wanted to save some work.

Invalid Credentials accessing Big Query tables from App Engine application

Could someone help me access Big Query from an App Engine application ?
I have completed the following steps -
Created an App Engine project.
Installed google-api-client, oauth2client dependencies (etc) into /lib.
Enabled the Big Query API for the App Engine project via the cloud console.
Created some 'Application Default Credentials' (a 'Service Account Key') [JSON] and saved it/them to the root of the App Engine application.
Created a 'Big Query Service Resource' as per the following -
def get_bigquery_service():
from googleapiclient.discovery import build
from oauth2client.client import GoogleCredentials
credentials=GoogleCredentials.get_application_default()
bigquery_service=build('bigquery', 'v2', credentials=credentials)
return bigquery_service
Verified that the resource exists -
<googleapiclient.discovery.Resource object at 0x7fe758496090>
Tried to query the resource with the following (ProjectId is the short name of the App Engine application) -
bigquery=get_bigquery_service()
bigquery.tables().list(projectId=#{ProjectId},
datasetId=#{DatasetId}).execute()
Returns the following -
<HttpError 401 when requesting https://www.googleapis.com/bigquery/v2/projects/#{ProjectId}/datasets/#{DatasetId}/tables?alt=json returned "Invalid Credentials">
Any ideas as to steps I might have wrong or be missing here ? The whole auth process seems a nightmare, quite at odds with the App Engine/PaaS ease-of-use ethos :-(
Thank you.
OK so despite being a Google Cloud fan in general, this is definitely the worst thing I have been unfortunate enough to have to work on in a while. Poor/inconsistent/nonexistent documentation, complexity, bugs etc. Avoid if you can!
1) Ensure your App Engine 'Default Service Account' exists
https://console.cloud.google.com/apis/dashboard?project=XXX&duration=PTH1
You get the option to create the Default Service Account only if it doesn't already exist. If you've deleted it by accident you will need a new project; you can't recreate it.
How to recover Google App Engine's "default service account"
You should probably create the default set of JSON credentials, but you won't need to include them as part of your project.
You shouldn't need to create any other Service Accounts, for Big Query or otherwise.
2) Install google-api-python-client and apply fix
pip install -t lib google-api-python-client
Assuming this installs oath2client 3.0.x, then on testing you'll get the following complaint:
File "~/oauth2client/client.py", line 1392, in _get_well_known_file
default_config_dir = os.path.join(os.path.expanduser('~'),
File "/usr/lib/python2.7/posixpath.py", line 268, in expanduser
import pwd
File "~/google_appengine-1.9.40/google/appengine/tools/devappserver2/python/sandbox.py", line 963, in load_module
raise ImportError('No module named %s' % fullname)
ImportError: No module named pwd
which you can fix by changing ~/oauth2client/client.py [line 1392] from:
os.path.expanduser('~')
to:
os.env("HOME")
and adding the following to app.yaml:
env_variables:
HOME: '/tmp'
Ugly but works.
3) Download GCloud SDK and login from console
https://cloud.google.com/sdk/
gcloud auth login
The issue here is that App Engine's dev_appserver.py doesn't include any Big Query replication (natch); so when you're interacting with Big Query tables it's the production data you're playing with; you need to login to get access.
Obvious in retrospect, but poorly documented.
4) Enable Big Query API in App Engine console; create a Big Query ProjectID
https://console.cloud.google.com/apis/dashboard?project=XXX&duration=PTH1
https://bigquery.cloud.google.com/welcome/XXX
5) Test
from oauth2client.client import GoogleCredentials
credentials=GoogleCredentials.get_application_default()
from googleapiclient.discovery import build
bigquery=build('bigquery', 'v2', credentials=credentials)
print bigquery.datasets().list(projectId=#{ProjectId}).execute()
[or similar]
Good luck!

AngularStack Facebook, Google+ and Twitter Authentication

I am making my first Web App using Generator Angular Fullstack. I went through the project initialization here: https://github.com/DaftMonk/generator-angular-fullstack
During initialization I set up oAuth for the following: Facebook, Google+, Twitter
I am using Openshift as well, and after initializing the project... I used the steps to add it to openshift. This included setting up environment variables for RHC for Facebook, Google+ and Twitter authentication. I added these as well.
However, with my new app... I cannot create a new account with Facebook, Google+ or Twitter.
When I create new account these are the errors I get:
Facebook:
Invalid App ID: id
Google+:
401. That’s an error.
Error: invalid_client
The OAuth client was not found.
Request Details
scope=https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
response_type=code
redirect_uri=http://site.rhcloud.com/auth/google/callback
client_id=id
That’s all we know.
Twitter:
Internal Server Error
I haven't done much besides go through the tutorial so far. But I feel I missed something. Any help on this topic would be grea.t Thanks :)
Well, first of all you have to configure your clientIDs, clientSecrets and callBackURLs. These you will need to find on each oAuth provider's developer platform page. i.e. for Facebook this would be: https://developers.facebook.com/apps/
These can be placed in the local.env.js file (a sample is included, like this:
module.exports = {
DOMAIN: 'http://localhost:9000',
SESSION_SECRET: "xxxxxxxxxxxxx",
FACEBOOK_ID: 'xxxxxxx',
FACEBOOK_SECRET: 'xxxxxxx',
TWITTER_ID: 'xxxxxxx',
TWITTER_SECRET: 'xxxxxx',
GOOGLE_ID: 'xxxxxxx',
GOOGLE_SECRET: 'xxxxxxx',
.....
};
When deploying to Heroku don't forget to set the DOMAIN config variable with http/https prefix when using Google+ sign-in.
heroku config:set DOMAIN=http://<your app name>.herokuapp.com
Otherwise you will get a redirect_uri_mismatch. If this ends with an internal server error you probably need to enable the Google+ API in the Google developer console.
If you have obtained your provided ID and SECRET keys and you are still having difficulty with OpenShift as I did ... I found setting environment variables for the application did the trick for me.
Google for example:
rhc set-env -a GOOGLE_ID=
rhc set-env -a GOODLE_SECRET=
The module exports in local.env.js worked fine for me when I was developing locally but didn't when I pushed my app to OpenShift via grunt buildcontrol

Google Cloud Storage on Appengine Dev Server

There's a similar question that was recently responded to on Stackoverflow here: Google Cloud Storage Client not working on dev appserver
The solution was to either upgrade the SDK to 1.8.8 or use the previous revision of the GCS client library which didn't have the bug instead.
I'm currently using 1.8.8 and have tried downloading multiple revisions and /_ah/gcs doesn't load for me. After using up a significant number of my backend instances trying to understand how GCS and app engine work together, it'd be great if I could just test it on my local server instead!
When I visit localhost:port/_ah/gcs I get a 404 not found error.
Just a heads up, to install the library all I did was drag and drop the code into my app folder. I'm wondering if maybe I skipped a setup step? I wasn't able to find the answer in the documentation!
thanks!!
Note
To clarify this is my first week using GCS, so my first time trying to use the dev_server to host it.
I was able to find the google cloud storage files I wrote to a bucket locally at:
localhost:port/_ah/gcs/bucket_name/file_suffix
Where port is by default 8080, and the file was written to: /bucket_name/file_suffix
For those trying to understand the full process of setting up a simple python GAE app and testing local writes to google cloud storage:
1. Follow the google app engine "quickstart":
https://cloud.google.com/appengine/docs/standard/python/quickstart
2. Run a local dev server with:
dev_appserver.py app.yaml
3. If using python, follow "App Engine and Google Cloud Storage Sample":
https://cloud.google.com/appengine/docs/standard/python/googlecloudstorageclient/app-engine-cloud-storage-sample
If you run into "ImportError: No module named cloudstorage" you need to create a file named appengine_config.py
touch appengine_config.py
and add to it:
from google.appengine.ext import vendor
vendor.add('lib')
GAE runs this script automatically when starting your local dev server with dev_appserver.py app.yaml, and it is necessary to run this script for GAE to find the cloudstorage library in your lib/ folder
4. "Writing a file to cloud storage" from the same tutorial:
def create_file(self, filename):
"""Create a file."""
self.response.write('Creating file {}\n'.format(filename))
# The retry_params specified in the open call will override the default
# retry params for this particular file handle.
write_retry_params = cloudstorage.RetryParams(backoff_factor=1.1)
with cloudstorage.open(
filename, 'w', content_type='text/plain', options={
'x-goog-meta-foo': 'foo', 'x-goog-meta-bar': 'bar'},
retry_params=write_retry_params) as cloudstorage_file:
cloudstorage_file.write('abcde\n')
cloudstorage_file.write('f'*1024*4 + '\n')
self.tmp_filenames_to_clean_up.append(filename)
with cloudstorage.open(
filename, 'w', content_type='text/plain', options={
'x-goog-meta-foo': 'foo', 'x-goog-meta-bar': 'bar'},
retry_params=write_retry_params) as cloudstorage_file:
cloudstorage_file.write('abcde\n')
cloudstorage_file.write('f'*1024*4 + '\n')
Where filename is /bucket_name/file_suffix
4. After calling create_file via a route in your WSGI app, your file will be available at:
localhost:port/_ah/gcs/bucket_name/file_suffix
Where port is by default 8080, and the file was written to: /bucket_name/file_suffix
Postscript
Unfortunately, I did not find either 3) or 4) in their docs, so I hope this helps someone get set up more easily in the future.
To access gcs objects on dev_appserver, you must specify the bucket & object name, i.e. /_ah/gcs/[bucket]/[object].
The storage simulator for the local server is working in later versions of the SDK. For Java, one may choose to follow a dedicated tutorial: “App Engine and Google Cloud Storage Sample”.

Resources