Closed loosebazooka closed 7 years ago
Why is client login being deprecated?
I am currently using it for CI since oauth2 requires some level of interaction. Is there an alternative besides oauth2?
Its a decision made by the appengine team : https://developers.google.com/identity/protocols/AuthForInstalledApps
What CI system are you using? If you have access to the machine, you can create the authorization token once and it will use that for any future interactions.
FYI you should be able to use service account for deployment with gcloud. The commands should be something like:
$ gcloud auth activate-service-account [EMAIL ADDRESS: ~@developer.gserviceaccount.com] --key-file [PATH]/[YOUR-KEY].json
$ gcloud auth login [EMAIL ADDRESS: ~@developer.gserviceaccount.com] --no-launch-browser
$ gcloud auth list
$ gcloud preview app deploy target/war --project [YOUR APP ID] --version [VERSION]
As note, if you're using gcloud, the newest version of app deploy
doesn't support war directories, you will need to provide it with a app.yaml OR you can use the appengineStage
task to create a directory that is deployable.
$ ./gradlew appengineStage
$ gcloud preview app deploy build/staged-app/app.yaml --project [app id] --version [some version]
Thanks for the hints but it it displays a strange error. I am not sure if it is a bug on the gcloud tool or if I did something wrong. Everything worked until the deploy command.
Updating module [default] from file [/Users/ruka/blablabla/build/staged-app/app.yaml]
11:37 PM Host: appengine.google.com
11:37 PM Application: [APP ID](was: None); version: test (was: None)
11:37 PM
Starting update of app: [APP ID], version: test
11:37 PM Getting current resource limits.
ERROR: An error occurred processing file '': [Errno 2] No such file or directory. Aborting.
Traceback (most recent call last):
File "/Users/ruka/google-cloud-sdk/./lib/googlecloudsdk/gcloud/gcloud.py", line 209, in
This is an issue with the latest version of the Cloud SDK. It affects Python 2.7.9 users. A new version of the Cloud SDK with a fix will be released tomorrow. Until then you can temporarily rollback to a previous version of the SDK by doing the following:
export CLOUDSDK_COMPONENT_MANAGER_SNAPSHOT_URL=dl.google.com/dl/cloudsdk/release/components-v0.9.55.json gcloud components update
thanks. It worked.
I had to change the first command to
export CLOUDSDK_COMPONENT_MANAGER_SNAPSHOT_URL= https://dl.google.com/dl/cloudsdk/release/components-v0.9.55.json
in order for the update to run though.
On Wed, 22 Apr 2015 at 00:33 Vilas Jagannath notifications@github.com wrote:
This is an issue with the latest version of the Cloud SDK. It affects Python 2.7.9 users. A new version of the Cloud SDK with a fix will be released tomorrow. Until then you can temporarily rollback to a previous version of the SDK by doing the following:
export CLOUDSDK_COMPONENT_MANAGER_SNAPSHOT_URL= dl.google.com/dl/cloudsdk/release/components-v0.9.55.json gcloud components update
— Reply to this email directly or view it on GitHub https://github.com/GoogleCloudPlatform/gradle-appengine-plugin/issues/180#issuecomment-94962226 .
You can also get OAuth2 to work on your CI system by doing the following:
~/.appcfg_oauth2_tokens_java
. This file contains a refresh_token
variable.appcfg {
oauth2 = true
oauth2_refresh_token = <grab your refresh token from wherever you stored it>
extraOptions = ["--oauth2_refresh_token=" + oauth2_refresh_token]
}
Gradle wraps appcfg.sh and the above configuration is the equivalent of running appcfg.sh
@davidkravitz Thanks for the hint. It works and it is really easy.
@davidkravitz This DOES work, but you'll find that you'll have to re-authenticate your account locally if you want to use gcloud on your machine again. Not sure if you have to do it every time, but I suspect you do.
Warning for others: Don't use YOUR account. Create a separate account, authenticate, and use the oauth token for that one.
Im trying to use the refresh token through bitbucket pipelines with the extraOptions method above, although when I do, I get the following error:
Either the access code is invalid or the OAuth token is revoked.Details: invalid_grant
Is anyone else experiencing this? I have a service account also setup, but I have not been able to make the service account work via the gradle plugin. I run the following before doing the appengineUpdate, but I dont think that its using the account specified:
Any help would be much appreciated!
I don't think service accounts work via that mechanism.
There's a different parameter in appcfg that allows you to use service accounts : see
service_account_json_key_file
at https://cloud.google.com/appengine/docs/java/tools/appcfg-arguments
so instead of specifying the oauth2 token, you specify the service_account_json_key_file in the extra_options.
Thanks for the response. I actually took a few hours and converted over to the new plugin (https://github.com/GoogleCloudPlatform/app-gradle-plugin). This seems to work fine with the service account being set via gcloud in the pipeline. Heres the pipeline script I got working in case anyone else is running into similar problems.
pipelines:
default:
- step:
script:
# Install Google Cloud SDK
- export CLOUDSDK_CORE_DISABLE_PROMPTS=1
# Google Cloud SDK is pinned for build reliability. Bump if the SDK complains about deprecation.
- SDK_VERSION=140.0.0
- SDK_FILENAME=google-cloud-sdk-${SDK_VERSION}-linux-x86_64.tar.gz
- curl -O -J https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/${SDK_FILENAME}
- tar -zxvf ${SDK_FILENAME} --directory ${HOME}
- export PATH=${PATH}:${HOME}/google-cloud-sdk/bin
# Install Google App Engine SDK
- GAE_PYTHONPATH=${HOME}/google_appengine
- export PYTHONPATH=${PYTHONPATH}:${GAE_PYTHONPATH}
- python scripts/fetch_gae_sdk.py $(dirname "${GAE_PYTHONPATH}")
- echo "${PYTHONPATH}" && ls ${GAE_PYTHONPATH}
- gcloud components install app-engine-java
- ./gradlew clean build
- echo "key = '${GOOGLE_API_KEY}'" > api_key.py
- echo ${GOOGLE_CLIENT_SECRET} > client-secret.json
- gcloud auth activate-service-account --key-file client-secret.json
- ./gradlew appengineDeploy
Add deprecation warnings for 1.9.19 and remove in later versions.