-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support launching devappserver with user-supplied credential (including CT4E login credentials, service accounts, etc) and project ID used for Veneer libraries #2352
Comments
The addendum is essentially #2350 in a different library. I think we'll need to set our library dependencies accordingly. On the rest of it, we should design and document what we want to do with ADC before starting work on this. Something does need to be done here, but I'm not yet sure what. |
We could cover the dev appserver, but I wonder what we can do for non-App Engine projects that use the Google Cloud libraries. |
We could provide a 'Google Cloud' tab for Java config types that provides the AccountSelector and ProjectSelector, which are wired up to store/retrieve from the launch config's environment variables. |
@briandealwis updated the title. I think the old title no longer applies; I believe the local server should have no problem picking up the application default credential. And the intention was probably to allow users to provide a different credential (mainly the CT4E login credentials but also other forms of credentials such as service accounts). |
Fixed by #2568. (BTW, we only pass a service account key, not the CT4E login cred.) |
Launching a local app in the devappserver that uses Google services (e.g., BigQuery) is difficult as we don't provide means to configure the application default credential nor the project. There has been some discussion about the ADC.
#429 will at least allow(UPDATED by @chanseokoh: we can do this now) setting environment variables (likeGOOGLE_APPLICATION_CREDENTIALS
orGOOGLE_CLOUD_PROJECT
), but it would be better to have some decent UI support, especially for selecting a user credential. Perhaps in the server definitions?Steps to repeat:
com.example.bq
, artifactId=bq
, and javaPackage=com.example.bq
Add the following to thepom.xml
's<dependencies>
(as per the BigQuery client library installation instructions;UPDATED by @chanseokoh: App Engine API will be provided for App Engine projects
note that we also have to bring in theappengine-api-1.0-sdk
, discussed further below:HelloAppEngine#doGet()
, cribbed from the BigQuery Using the client library code:Launching this app will fail for two reasons:
1. Cannot find a credential for access2. Cannot find a Project ID
Problem 1: Cannot Resolve Application Default CredentialLaunching will fail with an exception thatBigQueryException: Could not get the access token
. It turns out that this is due to b/63123716 and a workaround exists. The app will then usegcloud
's default application credential.UPDATE by @chanseokoh: the bug is fixed in latest gcloud releases.
We may want to provide support for specifying a different credential rather than the
gcloud
application-default credential?Problem 2: Unable to determine app id
Because we are not recommending setting the
<application>
element inappengine-web.xml
, the BigQuery library is unable to determine the Project ID (stacktrace below).With the workaround in b/63123716,(UPDATED by @chanseokoh: fixed in latest gcloud releases) we can provide the default Project ID via the(UPDATE: unfortunately the devappserver overwrites thecom.google.appengine.application.id
system propertycom.google.appengine.application.id
system property)GOOGLE_CLOUD_PROJECT
environment variable, though this is only used by the Veneer libraries and is not used by the App Engine SDK.Addendum: Must explicitly bring inappengine-sdk-1.0-api
Anygoogle-cloud-java
-based services require explicitly bringing in theappengine-sdk-1.0-api
jar. It might be worth adding some validation to check for this case.UPDATED by @chanseokoh: fixed by #2453. (See #2350 if for additional contexts.)
The text was updated successfully, but these errors were encountered: