How to design an extensible CMS for Google App Engine? - google-app-engine

I am a fan of the extensibility of the CMSes. You can upload some code (usually PHP), authorize it from the CMS admin panel and it's running.
I wonder if it is possible in Google App Engine. I haven't checked the extensibility of existing CMSes for Google App Engine, but if there is any of them that supports plugins I would like to know how they did it, and whether they are JS plugins only, or if they support Python/Java plugins too.

Nick Johnson from Google wrote an entire blog post series on how to write a blog system for app engine. If it doesn't do what you want, I am sure that you can extend it but normally a blogging system is sufficient for a CMS for most people.

I don't have a public example to point to (sorry), but I can confirm that it is possible to create Python plugins for an App Engine project. I completed a project a few months ago that does something like this. The crux of the thing comes down to a single line of python:
exec plugincode in someDict
Above 'plugincode' is a string containing some python code to execute, and someDict is a dictionary of globals to execute it in. This is arguably cleaner than using eval(). In our case the globals dictionary contained an instance of an object that the plugincode used to communicate with the system. I can't think of any major limitations with this (or similar) approaches. e.g. plugincode could declare a class, and register an instance of that class as a callback handler etc etc.
In our case we stored the plugin code in the Data Store, and loaded it at appropriate times (e.g. when an instance of the app is started).

Actually I see no conceptual problem with supporting plugins in App Engine application. For example on Java you may fetch plugin jar to memory from data store or memcache (on application initialization phase), and then use custom class loader to load plugin classes as needed). Actually you even may load classes from request data and evaluate them on the fly if needed (how we do it in AppWrench Java console).
Regards,
Pavel.

Related

Google App Engine Flexible Environment, Custom Runtime, general newbie questions

I want to build a web application using a mixture of App Engine Standard and Flexible Environment as described in the Google docs (flexible as microservice where third party software is needed, standard for everything else).
I need the mentioned microservice to run latex, a few linux tools and python. What is the best way to go from here?
My guess is:
Build a docker container from a Linux OS and use either Google Pub/Sub, Google Task Queue or plain HTTP for communication with the Standard Env App.
But how is this custom runtime then managed by Google regarding security updates, scaling, loadbalancing and everything else promised in the docs?
Sorry for the rather generic question, the infos are thin IMHO and so I have to ask.
It would be your responsability to re-build the custom runtime images (done during every app deployment) to incorporate security updates. If your Dockerfile references other Google-supplied base images then the security updates for them will be automatically picked up in the process. But for any additional packages or customisations you added to your runtime you may need to incorporate the updates yourself.
Scaling depends on your app's configuration (your responsability), see Service scaling settings.
Google automatically load-balances traffic across your app's instances.

Is it possible to have both appengine fleixble and standard in single project

I have an standard appengine app currently running. I am currently developing another flask app which will use flexible runtime. I am wondering is it possible for me to have both apps in same project?
Yes, it is possible, with each of your "applications" being implemented as separate services/modules in the same GAE app. Services/modules offer complete code isolation, see Comparison of service isolation and project isolation.
See also: Custom runtime for non-flexible environment app?
There is an even easier way to do this that doesn't require creating a separate service :)
Since you are only developing your second application, you do not need to set it as the default version to serve traffic to the public. You only need to access it yourself, (or perhaps whoever you give the URL to). The only drawback really is that you will not be able to access your project at the default url, usually .appspot.com
Therefore, you can simply deploy your flexible app engine project, but make sure you don't give it any traffic sharing or promote it to the main version!! You can then access your version simply by clicking on the version in the google cloud console, or by visiting http://-dot-.appspot.com/ (It was not possible to access individual versions like this for flexible for quite some time, but this has now been resolved.)

Can I have two instances on same App Engine project - Java servlet and Endpoints side by side?

We have Java servlets up and running on GAE, using blobstore, datastore and other cloud services.
Currently, we're starting a migration process to cloud Endpoints and we've hit an issue: if we use a different GAE project, we would not be able to query regarding current datastore entities (to the best of my knowledge, Google doesn't want you to do this - see
this question
and the GAE terms of service - section 3.3d), so we need to use the same project for both.
I looked up whether it's possible to have one GAE instance running Java servlets and one instance running Endpoints, but I found no conclusive answer anywhere.
If we try to implement and something goes wrong, we're looking at a potentially major issue for our users, so we need to be sure beforehand.
Has anyone tried something similar, and can assure us that this works?
You have 2 options to run the old and the new code inside the same app (thus with no issues sharing access to the datastore) but as separate engine instances, so they can be developed/deployed/managed independently:
as different versions of the same app/module(s):
the old version remains the default, the new one can be accessed at a different URL during development (possibly via URL routing)
you can use traffic splitting to do live A/B testing on the new code and for gradual final migration until you make the new version the default
as different modules of the same app:
both can run (fully functional) side by side indefinitely, but you need to be more careful during development
traffic is routed to the modules in several possible ways
final migration is done by publishing the new URLs, eventually re-directing the old URLs and finally bringing down the old module code
The 2 approaches can even be combined, if needed, as the final solution described by the OP's in this somehow similar question (for the python environment, but java equivalents exist): Google App Engine upgrading part by part

Strategy: How do I exchange data directly between JavaScript and Google App Engine DataStore

I am somewhat new to Web development - specifically Google App Engine and JavaScript/HTML development, but I have an app deployed and working on Google App Engine and it is working ok.
I would like a user of my App to be able to store and retrieve a serialization of the app state in JSON using the GAE Datastore. (Note - This is only a user-initiated action - so channels seem to be overkill)
The examples provided by Google demonstrates one approach that allows the server-side Python implementation to do this. Specifically https://developers.google.com/appengine/docs/python/gettingstartedpython27/usingdatastore. I have this working ok.
But this approach seems rather inelegant especially if as an "app" I want to store and retrieve serialized chunks of data somewhat asynchronously without reloading the page/app each time (again, this is only ever user-initiated).
I have not been able to find any high-level guidance on an approach to do that (assuming it is possible).
Any suggestions/links/examples would be greatly appreciated.
Thank you!
Jeff
As with many things, this depends on your specific needs. If you just want direct access to datastore storage, the datastore is exposed as an independent service with an API.
If you instead want to assert logic over the usage and interact with your app in some fashion, you may also want to look at Google Cloud Endpoints. With an endpoints API, you gain a more structured API you can call directly from javascript, or generate client libraries to be consumed by other languages/platforms.

How to manage asymmetric keys without checking them into source control?

I have a google app engine application which needs to be given a public-private key pair. I don't want to check this into source control because it will be accessible by too many people. Since this is GAE I can't use the build system to write the keys to the file system of the server.
Is there a known best practice for this?
My first thought was does Jenkins provide a way to manage keys securely? I know I can just copy the keys to a location on the jenkins server and copy them into the build but this project will be used by third party teams so I need to provide a UI based solution in jenkins. I did not find any relevant plugin but I would like to make sure there isn't a better way before writing my own.
There are of course several approaches to this. I believe certificates are a concern of admins, not developers.
What we do is have custom admin pages where we upload certificates to blobstore under separate namespace. Then we have an internal "service" (just a simple factory) so that other pieces of code can retrieve certs.
If you are happy to use a cloud based Jenkins, we (CloudBees) have an oauth based solution at appengine.cloudbees.com
You could roll your own. It is not excessively tricky. You will need to
Register with google's api console to get a client key and secret and define the endpoints that your app will show up as
Write some way if feeding those credentials to your Jenkins build. I would recommend using the credentials plugin
Either write a build wrapper that exposes the refresh token to your build (python sdk deployment) or exposes the access token (java sdk... Got to love that the two sdks do the same thing in different ways)
Or use our free service ;-)

Resources