I have an app that is built in Java and runs on app engine. This app will be installed by users in their own GCP account.
I want to build the capability where
Users can come to my website
Users can use “login with google” and provide access to my website.
My website app will use GCP API to create a project and install the application with app engine.
Also, want this permission to be temporary for 1 hr.
Is there a guide or documentation to do this?
Related
I'm trying to connect an automated build. In the app I connect to a google api and in Cloud Run I access secrets both using different service accounts. It's just a test app so nothing major but I keep getting hung up with cloud build using the service account that I use to access the api to run the app. Anybody know of a way to dictate which service account is used to run the app while still using the key to access the api. My thinking is it has to be done in the build process with something in my cloudbuild.yaml or maybe can't be done?
The cloud build process is carried out by a special service account that handles everything. You can delegate the auth to other accounts but there really isn't any need. Running the container in cloud run and choosing a service account to access secrets is easy (from Cloud Run choose edit and deploy => security tab) and that service account has no bearing on how you access other api's with creds.json you add at runtime.
I want to know what service in Google cloud Platform that i need to deploy my backend django + postgresql? I'm developing a mobile app using flutter.
There are multiple ways to host a Django app with PostgreSQL on GCP. The documentation covers the following available options:
App Engine standard environment
App Engine flexible Environment
Cloud Run
Google Kubernetes Engine (GKE)
Compute Engine
For the PostgreSQL database, you can use the Cloud SQL.
If you need a Django package that already includes PostgreSQL, you can use the Django in Google Cloud Marketplace and deploy your app on the Compute Engine.
Google Cloud's Flexible App Engine Service can definitely work in this case .
About App Engine
Google App Engine lets app developers build scalable web and mobile back ends in any programming language on a fully managed serverless platform.
For more detail please check the below link, on how you can achieve the same
https://codeburst.io/beginners-guide-to-deploying-a-django-postgresql-project-on-google-cloud-s-flexible-app-engine-e3357b601b91
I started learning Google Cloud Platform recently. So, created a trial account. Can I deploy my learning web application to the VM I created and browse it from my local? I tried running gcloud app deploy from my vm but getting error...
== ERROR: (gcloud.app.deploy) PERMISSION_DENIED: The caller does not have permission==
VM (Compute Engine) and App engine are two different things, you can read more in this answer. gcloud app deploy is app engine utility and used to deploy your application to app engine.
If you have your code in compute engine and want to deploy to app engine, make sure service account associated with your vm has necessary scopes and permissions. Please check this answer.
On addition to that you can start with cloud shell for deploying your web application.
I am aiming to do a pythonic automated Google Cloud project manager. Just testing a bunch of models of Tensorflow and stuff. Even when I can fully access training, deploying and testing models inside a project, I can't mke any new projects since I am authenticated with a service account through:
google.oauth2.service_account.Credentials.from_service_account_file("thisisakey.json")
But as far as I understand, services account are project-binded so it's perfectly correct that creating a new project with it raises an error. In fact it does:
googleapiclient.discovery.build("cloudresourcemanager", "v1", cache_discovery=False)
Falis with:
Service accounts cannot create project without a parent.
So either creating/finding a "parent" for this project or log in a more "powerful" account could solve this. But I can't figure them out. Are there any other credential types to download and embed into python? Can I create a project from python? Everything I've checked about this is at least 2 years old and seems to be very outdated (back then projects were just not possible to create via APIs)
Update:
I've tried creating a project using the "parent" flag on the project's body, on the Organization made from the corp I work on. and even when this service account has "Owner" and "Organization Administrator" roles the create requests fails with:
Encountered 403 Forbidden with reason "forbidden"
User is not authorized.
So the problem persists.
You can assign privileges to Service Accounts to do just about anything in Google Cloud. You have hit one of just a few that you cannot.
The problem is that your project is not part of an Organization (you have no parent). Your solution is to either setup Organizations or create your projects via the Google Cloud Console. Note: I do not recommend creating projects via software. You also need to setup billing in order to do anything useful.
There are two types of credentials with Google Cloud: User Credentials and Service Account Credentials. You cannot embed User Account Credentials into an application. User Account Credentials are created interactively as part of a login / authentication process using OAuth 2.0.
There are other types of access to cloud services such as API Keys, but these do not apply to your issue.
Quickstart Using Organizations
I'm new to google Cloud and Odoo ERP,I need to customize in 2 odoo apps Fleet and CRM, Can I customize after deploying odoo via Bitnami Lunchpad to Google Cloud, or I need to customize in local virtual machine, and Can I upload local virtual machine to google cloud or only can deploy odoo to Google via Bitnami Lunchpad.
Can Google endpoints access postgreSQL of odoo server
Any help is welcome, Thank you.
For Google Cloud Endpoints, it sits in front of your app. You can get the general architecture idea from these links depending on what platform you are choosing to use:
https://cloud.google.com/endpoints/docs/openapi/architecture-overview
https://cloud.google.com/endpoints/docs/frameworks/about-cloud-endpoints-frameworks
Since Google Cloud Endpoints sits in front of your app and forwards requests to your app, your app is still responsible for handling the requests. This would include things like accessing PostreSQL. Therefore, as long as your app can access PostgreSql, using Google Cloud Endpoints should not restrict your usage.