search

GoogleCloudPlatform / gradle-appengine-plugin

Gradle plugin that provides tasks for uploading, running and managing Google App Engine projects
Apache License 2.0
236 stars 60 forks source link

ClientLogin (username/email + password)deprecation #180

Closed loosebazooka closed 7 years ago

loosebazooka commented 9 years ago

Add deprecation warnings for 1.9.19 and remove in later versions.

ruiaraujo commented 9 years ago

Why is client login being deprecated?

I am currently using it for CI since oauth2 requires some level of interaction. Is there an alternative besides oauth2?

loosebazooka commented 9 years ago

Its a decision made by the appengine team : https://developers.google.com/identity/protocols/AuthForInstalledApps

What CI system are you using? If you have access to the machine, you can create the authorization token once and it will use that for any future interactions.

tmatsuo commented 9 years ago

FYI you should be able to use service account for deployment with gcloud. The commands should be something like:

$ gcloud auth activate-service-account [EMAIL ADDRESS: ~@developer.gserviceaccount.com] --key-file [PATH]/[YOUR-KEY].json
$ gcloud auth login [EMAIL ADDRESS: ~@developer.gserviceaccount.com] --no-launch-browser
$ gcloud auth list
$ gcloud preview app deploy target/war --project [YOUR APP ID] --version [VERSION]
loosebazooka commented 9 years ago

As note, if you're using gcloud, the newest version of app deploy doesn't support war directories, you will need to provide it with a app.yaml OR you can use the appengineStage task to create a directory that is deployable.

$ ./gradlew appengineStage
$ gcloud preview app deploy build/staged-app/app.yaml --project [app id] --version [some version]
ruiaraujo commented 9 years ago

Thanks for the hints but it it displays a strange error. I am not sure if it is a bug on the gcloud tool or if I did something wrong. Everything worked until the deploy command.

Updating module [default] from file [/Users/ruka/blablabla/build/staged-app/app.yaml] 11:37 PM Host: appengine.google.com 11:37 PM Application: [APP ID](was: None); version: test (was: None) 11:37 PM Starting update of app: [APP ID], version: test 11:37 PM Getting current resource limits. ERROR: An error occurred processing file '': [Errno 2] No such file or directory. Aborting. Traceback (most recent call last): File "/Users/ruka/google-cloud-sdk/./lib/googlecloudsdk/gcloud/gcloud.py", line 209, in main() File "/Users/ruka/google-cloud-sdk/./lib/googlecloudsdk/gcloud/gcloud.py", line 205, in main _cli.Execute() File "/Users/ruka/google-cloud-sdk/./lib/googlecloudsdk/calliope/cli.py", line 621, in Execute result = args.cmd_func(cli=self, args=args) File "/Users/ruka/google-cloud-sdk/./lib/googlecloudsdk/calliope/backend.py", line 1088, in Run result = command_instance.Run(args) File "/Users/ruka/google-cloud-sdk/./lib/googlecloudsdk/calliope/exceptions.py", line 86, in TryFunc return func(_args, _kwargs) File "/Users/ruka/google-cloud-sdk/lib/googlecloudsdk/appengine/app_commands/deploy.py", line 137, in Run runner.Run('update', appyaml, module=module) File "/Users/ruka/google-cloud-sdk/./lib/googlecloudsdk/appengine/lib/appengine_adapter.py", line 281, in Run error_code = app.Run() File "/Users/ruka/google-cloud-sdk/./lib/googlecloudsdk/appengine/lib/appcfg/appcfg.py", line 2847, in Run self.action(self) File "/Users/ruka/google-cloud-sdk/./lib/googlecloudsdk/appengine/lib/appcfg/appcfg.py", line 4347, in call return method() File "/Users/ruka/google-cloud-sdk/./lib/googlecloudsdk/appengine/lib/appcfg/appcfg.py", line 3551, in Update self.UpdateUsingSpecificFiles() File "/Users/ruka/google-cloud-sdk/./lib/googlecloudsdk/appengine/lib/appcfg/appcfg.py", line 3543, in UpdateUsingSpecificFiles self.UpdateVersion(rpcserver, self.basepath, module_yaml, file_name) File "/Users/ruka/google-cloud-sdk/./lib/googlecloudsdk/appengine/lib/appcfg/appcfg.py", line 3519, in UpdateVersion return appversion.DoUpload(paths, openfunc) File "/Users/ruka/google-cloud-sdk/./lib/googlecloudsdk/appengine/lib/appcfg/appcfg.py", line 2313, in DoUpload self.error_fh) File "/Users/ruka/google-cloud-sdk/./lib/googlecloudsdk/appengine/lib/appcfg/appcfg.py", line 392, in GetResourceLimits resource_limits.update(_GetRemoteResourceLimits(logging_context)) File "/Users/ruka/google-cloud-sdk/./lib/googlecloudsdk/appengine/lib/appcfg/appcfg.py", line 362, in _GetRemoteResourceLimits yaml_data = logging_context.Send('/api/appversion/getresourcelimits') File "/Users/ruka/google-cloud-sdk/./lib/googlecloudsdk/appengine/lib/appcfg/appcfg.py", line 1638, in Send result = self.rpcserver.Send(url, payload=payload, _kwargs) File "/Users/ruka/google-cloud-sdk/./lib/googlecloudsdk/appengine/lib/external/tools/appengine_rpc_httplib2.py", line 220, in Send url, method=method, body=payload, headers=headers) File "/Users/ruka/google-cloud-sdk/./lib/oauth2client/util.py", line 129, in positional_wrapper return wrapped(_args, kwargs) File "/Users/ruka/google-cloud-sdk/./lib/oauth2client/client.py", line 516, in new_request self._refresh(request_orig) File "/Users/ruka/google-cloud-sdk/./lib/oauth2client/client.py", line 738, in _refresh self._do_refresh_request(http_request) File "/Users/ruka/google-cloud-sdk/./lib/oauth2client/client.py", line 757, in _do_refresh_request self.token_uri, method='POST', body=body, headers=headers) File "/Users/ruka/google-cloud-sdk/./lib/httplib2/init.py", line 1608, in request (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey) File "/Users/ruka/google-cloud-sdk/./lib/httplib2/init.py", line 1350, in _request (response, content) = self._conn_request(conn, request_uri, method, body, headers) File "/Users/ruka/google-cloud-sdk/./lib/httplib2/init.py", line 1272, in _conn_request conn.connect() File "/Users/ruka/google-cloud-sdk/./lib/httplib2/init.py", line 1036, in connect self.disable_ssl_certificate_validation, self.ca_certs) File "/Users/ruka/google-cloud-sdk/./lib/httplib2/init**.py", line 80, in _ssl_wrap_socket cert_reqs=cert_reqs, ca_certs=ca_certs) File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 891, in wrap_socket ciphers=ciphers) File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 507, in init self._context.load_verify_locations(ca_certs) IOError: [Errno 2] No such file or directory

vilasj commented 9 years ago

This is an issue with the latest version of the Cloud SDK. It affects Python 2.7.9 users. A new version of the Cloud SDK with a fix will be released tomorrow. Until then you can temporarily rollback to a previous version of the SDK by doing the following:

export CLOUDSDK_COMPONENT_MANAGER_SNAPSHOT_URL=dl.google.com/dl/cloudsdk/release/components-v0.9.55.json gcloud components update

ruiaraujo commented 9 years ago

thanks. It worked.

I had to change the first command to

export CLOUDSDK_COMPONENT_MANAGER_SNAPSHOT_URL= https://dl.google.com/dl/cloudsdk/release/components-v0.9.55.json

in order for the update to run though.

On Wed, 22 Apr 2015 at 00:33 Vilas Jagannath notifications@github.com wrote:

This is an issue with the latest version of the Cloud SDK. It affects Python 2.7.9 users. A new version of the Cloud SDK with a fix will be released tomorrow. Until then you can temporarily rollback to a previous version of the SDK by doing the following:

export CLOUDSDK_COMPONENT_MANAGER_SNAPSHOT_URL= dl.google.com/dl/cloudsdk/release/components-v0.9.55.json gcloud components update

— Reply to this email directly or view it on GitHub https://github.com/GoogleCloudPlatform/gradle-appengine-plugin/issues/180#issuecomment-94962226 .

davidkravitz commented 9 years ago

You can also get OAuth2 to work on your CI system by doing the following:

  1. Authenticate using OAuth2 on a local machine
  2. After authenticating successfully, a configuration file will be auto-generated: ~/.appcfg_oauth2_tokens_java. This file contains a refresh_token variable.
  3. Store the refresh token somewhere safe
  4. Update the gradle-appengine-plugin configuration in your build.gradle file to the following:
appcfg {
        oauth2 = true
        oauth2_refresh_token = <grab your refresh token from wherever you stored it> 
        extraOptions = ["--oauth2_refresh_token=" + oauth2_refresh_token]
}

Gradle wraps appcfg.sh and the above configuration is the equivalent of running appcfg.sh --oauth2_refresh_token

ruiaraujo commented 9 years ago

@davidkravitz Thanks for the hint. It works and it is really easy.

ndtreviv commented 8 years ago

@davidkravitz This DOES work, but you'll find that you'll have to re-authenticate your account locally if you want to use gcloud on your machine again. Not sure if you have to do it every time, but I suspect you do.

Warning for others: Don't use YOUR account. Create a separate account, authenticate, and use the oauth token for that one.

daswass commented 7 years ago

Im trying to use the refresh token through bitbucket pipelines with the extraOptions method above, although when I do, I get the following error:

Either the access code is invalid or the OAuth token is revoked.Details: invalid_grant

Is anyone else experiencing this? I have a service account also setup, but I have not been able to make the service account work via the gradle plugin. I run the following before doing the appengineUpdate, but I dont think that its using the account specified:

Any help would be much appreciated!

loosebazooka commented 7 years ago

I don't think service accounts work via that mechanism.

There's a different parameter in appcfg that allows you to use service accounts : see service_account_json_key_file at https://cloud.google.com/appengine/docs/java/tools/appcfg-arguments

so instead of specifying the oauth2 token, you specify the service_account_json_key_file in the extra_options.

daswass commented 7 years ago

Thanks for the response. I actually took a few hours and converted over to the new plugin (https://github.com/GoogleCloudPlatform/app-gradle-plugin). This seems to work fine with the service account being set via gcloud in the pipeline. Heres the pipeline script I got working in case anyone else is running into similar problems.

pipelines:
  default:
    - step:
        script:
          # Install Google Cloud SDK
          - export CLOUDSDK_CORE_DISABLE_PROMPTS=1
          # Google Cloud SDK is pinned for build reliability. Bump if the SDK complains about deprecation.
          - SDK_VERSION=140.0.0
          - SDK_FILENAME=google-cloud-sdk-${SDK_VERSION}-linux-x86_64.tar.gz
          - curl -O -J https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/${SDK_FILENAME}
          - tar -zxvf ${SDK_FILENAME} --directory ${HOME}
          - export PATH=${PATH}:${HOME}/google-cloud-sdk/bin
          # Install Google App Engine SDK
          - GAE_PYTHONPATH=${HOME}/google_appengine
          - export PYTHONPATH=${PYTHONPATH}:${GAE_PYTHONPATH}
          - python scripts/fetch_gae_sdk.py $(dirname "${GAE_PYTHONPATH}")
          - echo "${PYTHONPATH}" && ls ${GAE_PYTHONPATH}
          - gcloud components install app-engine-java
          - ./gradlew clean build
          - echo "key = '${GOOGLE_API_KEY}'" > api_key.py
          - echo ${GOOGLE_CLIENT_SECRET} > client-secret.json
          - gcloud auth activate-service-account --key-file client-secret.json
          - ./gradlew appengineDeploy