I would like to use the Datastore Remote API to share data between two GAE applications (http://code.google.com/appengine/docs/java/tools/remoteapi.html)
To do that I understand that I need to add a servlet to my GAE application, but I'm a bit worried about security. Ideally I would like this servlet to be visible only to other GAE applications, but not to other clients outside of Google's datacenters. Is there any way to configure this ?
remote_api is only ever accessible by administrators of your application, unless you configure it otherwise.
Related
I have an application deployed to an app engine service. I have many services under the same app engine. How can I make the application available to certain white-listed IPs? In other words, I want this application to accept requests from certain IPs and deny all other request?
Can we do this by writing some configurations in app.yaml file?
Note: I just want to apply the rule to one service only so that other services will not be affected.
Applying this kind of restriction at a service level is, at the moment, not possible.
The best option would be to deploy the services you want to protect on a different project, and use the App Engine firewall there.
My Django app is working on GAE with Cloud SQL(MySQL).
By using New Relic Monitoring, I tracked requests done by my app to www.googleapis.com.
I don't know those requests. Can somebody explain this behavior?
(app connecting with cloud proxy)
As merely described here, there are various processes running in the instance along side (with?) your application... scaling, billing, logging, etc. Communication with other Google Cloud Services (like the ones I previously mentioned) is mainly done through Google Cloud APIs. Since App Engine is a managed Platform as a Service, this management needs to be done somehow... a myriad of REST API requests and responses do this. Partly through the www.googleapis.com endpoint.
You don't have to worry, though... your application's performance is not affected by this, nor your billing account.
I am writing a web application using Google App Engine, and to promote it (and give more information about it), I will also have a web site. For ease of deployments, it makes sense to have the web site separate from the application itself. I would like to be able to make changes to the web site independent of the application. I would think that making a change to the web site would NOT mean a re-deployment of the application.
I would like to have a domain, and for the purpose of this question, let's call it www.example.com.
App Engine allows for multi-tenancy, and it makes sense to use sub-domains. For this question, let's assume www.org1.example.com / www.org2.example.com, etc.
Given this scenario, how is this done in the enterprise world on GAE? Do companies:
have the web site and application all as one?
use their hosting provider to redirect sub-domain requests to their application?
have completely separate domains for the web site and application?
something else?
Thanks in advance,
If you want to be able to independently deploy the web app and the web site they need to be at least in separate GAE services/modules, which offer complete code isolation.
Yes, it's not a problem to have the separate services mapped under different subdomains of the same domain. I'm not very sure if it'd work with the sub-domain split you proposed and with wildcard SSL certificates. From App Engine support for SSL certificates:
Wildcard certificates only support one level of subdomain.
So I didn't even try such subdomains. But I am using a wildcard certificate like *.example.com with subdomains like these, each mapped to a different service:
www-org1.example.com
www-org2.example.com
I'm also using a dispatch.yaml file to route each domain to the respective service.
Now about the multi-tenancy, I'm unsure if it's what you actually need, because it's offering just data isolation, not code isolation. You still need to address code isolation if you want to deploy them independently. From About multitenancy:
Multitenancy is the name given to a software architecture in which one instance of an application, running on a remote server, serves
many client organizations (also known as tenants).
Is it possible for one GAE application to access the datastore of another GAE application (both applications are hosted under the same Google account) using Objectify? If so, how can I pass service account credentials to Objectify (which API calls)?
It is not possible. Objectify is a very simple and convenient lightweight ORM that sits on top of a GAE Datastore, thus shielding the developer from most of the complexities of using JDO/JPA.
Nowhere in the documentation have I seen the scenario you describe mentioned because that is not the problem it is trying to solve.
I suspect what you will probably need to do is create a Web Service that exposes your GAE application (whose data you want) through an API. Then have your other GAE application call those service methods to obtain the data it needs.
Alternatively, you can use something called remote_api. It allows you to access and manipulate a GAE Datastore remotely.
Below are some links I just found to similar questions after posting my answer:
Can I access Datastore entities of my other Google App Engine Applications
Can one application access other applications data querying the key in Google App Engine?
A solution is to have only one "GAE application" but to make different Modules in your application. The Datastore will be shared between the modules.
Another solution is to use the Remote API (https://developers.google.com/appengine/docs/java/tools/remoteapi), but you won't be able to use Objectify, I think...
Is it possible to query App Engine's Datastore from outside the cloud, i.e. a client application?
I could possibly write an app to be housed within AppStore and query the Datastore returning XML-formatted data; I want to know, however, if there are any Datastore endpoints which would allow me to do it directly.
Also, in case it is possible, am I able to do so via SSL?
Yes. The remote_api library supports exactly this use-case. If you're using Java, there's a Java remote_api handler available, and the client will be available at some point in the future.
You can use this over SSL in the same way as any other handler.
There's no reason you couldn't create your own app engine application that exposes the datastore as a web service (either http or https). In fact, here is a link to a python version.