From 5e07d5c93c43f1e4e798ed22406f77350f29bf58 Mon Sep 17 00:00:00 2001 From: Jon Wayne Parrott Date: Mon, 11 Apr 2016 14:27:38 -0700 Subject: [PATCH] Adding additional app identity samples. Change-Id: Ia187974d9d6726e12ff47feafb0aa336e23a75e6 --- appengine/app_identity/asserting/app.yaml | 7 +++ appengine/app_identity/asserting/main.py | 61 +++++++++++++++++++ appengine/app_identity/asserting/main_test.py | 31 ++++++++++ appengine/app_identity/incoming/app.yaml | 7 +++ appengine/app_identity/incoming/main.py | 45 ++++++++++++++ appengine/app_identity/incoming/main_test.py | 27 ++++++++ appengine/app_identity/signing/main.py | 2 +- 7 files changed, 179 insertions(+), 1 deletion(-) create mode 100644 appengine/app_identity/asserting/app.yaml create mode 100644 appengine/app_identity/asserting/main.py create mode 100644 appengine/app_identity/asserting/main_test.py create mode 100644 appengine/app_identity/incoming/app.yaml create mode 100644 appengine/app_identity/incoming/main.py create mode 100644 appengine/app_identity/incoming/main_test.py diff --git a/appengine/app_identity/asserting/app.yaml b/appengine/app_identity/asserting/app.yaml new file mode 100644 index 000000000000..42ad35ed2a84 --- /dev/null +++ b/appengine/app_identity/asserting/app.yaml @@ -0,0 +1,7 @@ +runtime: python27 +threadsafe: yes +api_version: 1 + +handlers: +- url: .* + script: main.app diff --git a/appengine/app_identity/asserting/main.py b/appengine/app_identity/asserting/main.py new file mode 100644 index 000000000000..d0c216b5db02 --- /dev/null +++ b/appengine/app_identity/asserting/main.py @@ -0,0 +1,61 @@ +# Copyright 2015 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +Sample Google App Engine application that demonstrates using the App Engine +identity API to generate an auth token. + +For more information about App Engine, see README.md under /appengine. +""" + +# [START all] +import json +import logging + +from google.appengine.api import app_identity +from google.appengine.api import urlfetch +import webapp2 + + +class MainPage(webapp2.RequestHandler): + def get(self): + auth_token, _ = app_identity.get_access_token( + 'https://www.googleapis.com/auth/cloud-platform') + logging.info( + 'Using token {} to represent identity {}'.format( + auth_token, app_identity.get_service_account_name())) + + response = urlfetch.fetch( + 'https://www.googleapis.com/storage/v1/b?project={}'.format( + app_identity.get_application_id()), + method=urlfetch.GET, + headers={ + 'Authorization': 'Bearer {}'.format(auth_token) + } + ) + + if response.status_code != 200: + raise Exception( + 'Call failed. Status code {}. Body {}'.format( + response.status_code, response.content)) + + result = json.loads(response.content) + self.response.headers['Content-Type'] = 'application/json' + self.response.write(json.dumps(result, indent=2)) + +app = webapp2.WSGIApplication([ + ('/', MainPage) +], debug=True) + +# [END all] diff --git a/appengine/app_identity/asserting/main_test.py b/appengine/app_identity/asserting/main_test.py new file mode 100644 index 000000000000..33c03a75ecde --- /dev/null +++ b/appengine/app_identity/asserting/main_test.py @@ -0,0 +1,31 @@ +# Copyright 2015 Google Inc. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import main +import mock +import webtest + + +def test_app(testbed): + app = webtest.TestApp(main.app) + + with mock.patch('main.urlfetch.fetch') as fetch_mock: + result_mock = mock.Mock() + result_mock.status_code = 200 + result_mock.content = '{}' + fetch_mock.return_value = result_mock + + response = app.get('/') + assert response.status_int == 200 + assert fetch_mock.called diff --git a/appengine/app_identity/incoming/app.yaml b/appengine/app_identity/incoming/app.yaml new file mode 100644 index 000000000000..42ad35ed2a84 --- /dev/null +++ b/appengine/app_identity/incoming/app.yaml @@ -0,0 +1,7 @@ +runtime: python27 +threadsafe: yes +api_version: 1 + +handlers: +- url: .* + script: main.app diff --git a/appengine/app_identity/incoming/main.py b/appengine/app_identity/incoming/main.py new file mode 100644 index 000000000000..f7c25f51afb8 --- /dev/null +++ b/appengine/app_identity/incoming/main.py @@ -0,0 +1,45 @@ +# Copyright 2015 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +Sample Google App Engine application that demonstrates usage of the app +engine inbound app ID header. + +For more information about App Engine, see README.md under /appengine. +""" + +# [START all] +import webapp2 + + +class MainPage(webapp2.RequestHandler): + allowed_app_ids = [ + 'other-app-id', + 'other-app-id-2' + ] + + def get(self): + incoming_app_id = self.request.headers.get( + 'X-Appengine-Inbound-Appid', None) + + if incoming_app_id not in self.allowed_app_ids: + self.abort(403) + + self.response.write('This is a protected page.') + +app = webapp2.WSGIApplication([ + ('/', MainPage) +], debug=True) + +# [END all] diff --git a/appengine/app_identity/incoming/main_test.py b/appengine/app_identity/incoming/main_test.py new file mode 100644 index 000000000000..0365a52327db --- /dev/null +++ b/appengine/app_identity/incoming/main_test.py @@ -0,0 +1,27 @@ +# Copyright 2015 Google Inc. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import main +import webtest + + +def test_app(testbed): + app = webtest.TestApp(main.app) + + response = app.get('/', status=403) + + response = app.get('/', headers={ + 'X-Appengine-Inbound-Appid': 'other-app-id' + }) + assert response.status_int == 200 diff --git a/appengine/app_identity/signing/main.py b/appengine/app_identity/signing/main.py index 7e325d8315ce..63fc7097b34c 100644 --- a/appengine/app_identity/signing/main.py +++ b/appengine/app_identity/signing/main.py @@ -14,7 +14,7 @@ """ Sample Google App Engine application that demonstrates usage of the app -identity API. +identity API to sign bytes and verify signatures. For more information about App Engine, see README.md under /appengine. """