I am trying to automate the deploy process with the Google AppEngine Launcher, and the one thing getting in my way is the password enquiry; I am trying to set it up so that I don't have to enter my password after the first time.
One approach I am looking at is to somehow ensure the cookie does not expire; any ideas on how this may be accomplished?
Are there any resources that detail the format of the .appcfg_cookies file, including the encoding?
Another approach I am looking into is the use of the --passin argument. Are there any resources on this?
Thanks in advance.
Google App Engine now supports OAuth tokens to handle automated deployment, which does not expose your Google account password.
The --passin argument is what you want - use appcfg.py with that and the --email argument, and provide the password from a file and you're sorted.
This seems fairly straightforward - what sort of 'resources' are you looking for?
Related
My python application on the Google App Engine (standard environment) writes some logs to stdout.
I used to be able to see them on the Logs Viewer but not anymore.
The default options under the "Log name" drop down menu do not show stdout, and I have tried to manually add logName="projects/airlib-main/logs/stdout" into the Query Builder but it doesn't find anything.
I solved my problem by NOT using basicConfig to configure the logs and rather instantiate my own loggers and use them throughout the application. The python documentation says that < This function does nothing if the root logger already has handlers configured > and maybe the Google App Engine does that now. My application used to produce logs properly so there might have been a change recently in the way the Google App Engine works in this environment.
I would recommend you to take a look at the post from the Community:
How to group related request log entries GAE python 3.7 standard env. This post provides you with possible solutions to your stdout logging.
For example, as mentioned on this answer here - that it's in Python language - there are some methods that you can use to set the stdout as the pattern for logs. So, checking this post should assist you in configuring the use of stdout on your App Engine.
Let me know if the information helped you!
I recently created a very basic very static site through Google app engine. My question is, if I publish the site, what is required to edit it. What sort of authentication is required when you deploy the site with local files? I might have missed it but does it check an ID from your computer the first time or simply use the project-id in the .yaml file? If I were to deploy it and want to be able to create a different version from another host, what would I need besides the source files?
PS: I will and definitely NEED to go over the doc fully (err semi-fully), just wanted to ask this question which hopefully has a rather trivial answer.
When you deploy it, it will either ask for your username and password, or if you pass the --oauth2 flag, it will take you through an OAuth flow to authenticate.
(Take a look at appcfg.py --help if you are curious about the options available.)
Deployment requires the Google Account username and password from someone with permissions to deploy (in your case, probably your admin account).
You can either enter these every time you deploy, or have them stored locally. Check for example here for the Python info: https://cloud.google.com/appengine/docs/python/tools/uploadinganapp
I'm working on a project with Google App Engine. I am using continuous integration via Travis, and wish to be able to deploy directly from it. Due to a bug that will not be resolved directly, I can't rely on Travis' built-in GAE deployment, so I basically have to use mvn appengine:update manually. This requires me navigate to a generated URL and manually paste to the terminal an authentication code, which I can't do in automated builds.
It was suggested to me, however, that I do some Unix magic instead. While I can easily pick out the URL I need to navigate to from grep, I still need to log in to Google with my credentials in order to actually get the authentication code (which I can then grep out and pipe to the deployment program).
Given that, how do I log in to Google with my credentials, using only curl or similar command-line utilities?
I've accomplished similar things in the past using Service Accounts. These are likely a good fit for your problem.
Service Accounts will allow you to authenticate and upload your app without manual intervention.
Overview
A Service Account will allow you to do "passwordless" authentication like you may already do with ssh, and git, etc. by setting up your keys. This will remove the requirement that you log in manually, or follow the road to madness by trying to do a "manual" login automatically.
There are basically two steps:
Create your service account and key (with the right permissions)
Use that credential instead of what you're doing now
Resources
I think it's better to give a list of resources than concrete instructions since it's basically impossible to express concisely (even though it's a simple process, there's bound to be a lot of little things that annoy), everyone's requirements will be slightly different, and Google is likely to change the process at some point.
Using the Google Cloud Platform Console for App Engine | Permissions
Using OAuth 2.0 for Server to Server Applications
Setting up OAuth 2.0 | Service Accounts
gcloud auth activate-service-account
Hopefully that's enough to get you headed in the right direction.
Note
You'll likely have to spend some time looking at your .appcfg_oauth2_tokens_java and sorting out a variety of other annoyances, but I believe that this approach is the best way to solve your problem.
It sounds like you have a pretty straight-forward setup and that a Service Account alone will get you there, but if you need to get a little weird, the App Engine Admin API is always there.
I studied and could successfully replicate the quickstart.py example on https://developers.google.com/drive/web/quickstart/quickstart-python to upload a file to my google drive using command line.
However, I wish to write an app that does the same, but through a cron job i.e. uploads a file everyday at 8am say, without the need to authenticate each time. Is there sample code/examples that I can look at to implement the oauth steps without the command line intervention?
Thanks!
You can use your App Engine app's built-in Service Account to authorize requests to the Google Drive API.
https://cloud.google.com/appengine/docs/python/appidentity/
https://developers.google.com/identity/protocols/OAuth2ServiceAccount
Your app will need to have an embedded Refresh Token, or some way of fetching it from a secure server. The Refresh Token acts a bit like a stored username/password, albeit with constrained access. Therefore you need to consider the security implications. For example, since it's uploading, it will only need drive.file scope, so your corpus of Drive files remain inaccessible.
If you're happy with the security implications, then the steps you need are described How do I authorise an app (web or installed) without user intervention? (canonical ?)
If I want to deploy anything on Google Apps, I'll have to create an application in Google App Engine, is that right? Is there a way to use FTP like in other web hosting services?
If I have myapp in GAE, and I already let myownsite.com to use this app. But I don't want anyone else to use this app on myapp.appspot.com, how can I do it?
Thanks in advance!
Perhaps not the best solution, but you can use self.request.headers["HOST"] in your handler to see which domain the request was requested to and redirect the user based on that.
You will need to upload your application. There is no FTP access for that as far as I know, but the GAE SDK contains a commandline tool to do that. You can also do it from IDE.
There is always an associated myapp.appspot.com domain with your application, so no one will take it. But you can also use your own domain (but not for SSL!). But you cannot also block access through myapp.appspot.com, but in Java you can create a filter that will redirect all requests to your custom domain. And keep in mind you cannot use naked domains (without www) in GAE.