GAE：无法使用Google服务器端API（白名单问题） [英] GAE: Can't Use Google Server Side API's (Whitelisting Issue)

问题描述

要使用Google API，在从Google Developers Console中激活Google API后，需要生成凭证。就我而言，我有一个应该使用API​​服务器端的后端。为此，可以选择生成Google页面调用的服务器应用程序密钥。到现在为止还挺好。

问题在于，为了生成密钥，必须提及将被列入白名单的服务器的IP地址。但是GAE没有我可以在那里使用的静态IP地址。

手动通过执行以下命令获取IP：

  dig -t TXT _netblocks.google.com @ ns1.google.com 
  

<但是，这并不能保证列表是静态的（更重要的是，我们知道它会不时地发生变化），并且没有任何程序化的方式可以自动使用添加的IP，我可以通过挖掘Google开发人员

这让我有两种选择：

1. 忘记GAE for具有讽刺意味的是，这个项目不能将GAE用作Google API的后端（更好地使用Amazon或其他解决方案）。或


2. 在dig命令的输出上编写类似于监视程序的东西，它会通知我是否有更改，然后手动更新白名单（不会执行此操作 - 太危险了），或者允许所有IP都使用Google API，因为它拥有我的API密钥。不是最安全的解决方案，但它可以工作。

是否有其他解决方法？是否GAE不支持使用Google API的服务器端？

解决方案

您可以使用App Identity从AppEngine访问Google的API 。请参阅： https://developers.google.com/appengine/docs/python/appidentity/ 。如果您使用云端控制台设置您的应用程序，它应该已经将您的应用程序的身份添加到您的项目的许可中，但您始终可以检查该应用程序。从您的项目云控制台的权限选项卡中，确保您的服务帐户添加到服务帐户下（以 your_app_id@appspot.gserviceaccount.com ）另外，如果您使用类似可用于python的JSON API Libs的东西，您可以使用捆绑的oauth2库为您使用AppAssertionCredentials来完成所有这些操作，以授权您希望使用的API。请参阅： https://developers.google.com/api-client -library / python / guide / google_app_engine＃ServiceAccounts

To use Google API's, after activating them from the Google Developers Console, one needs to generate credentials. In my case, I have a backend that is supposed to consume the API server side. For this purpose, there is an option to generate what the Google page calls "Key for server applications". So far so good.

The problem is that in order to generate the key, one has to mention IP addresses of servers that would be whitelisted. But GAE has no static IP address that I could use there.

There is an option to manually get the IP's by executing:

dig -t TXT _netblocks.google.com @ns1.google.com 

However there is no guarantee that the list is static (further more, it is known to change from time to time), and there is no programatic way I could automate the use of adding IP's that I get from dig into the Google Developers Console.

This leaves me with two choices:

1. Forget about GAE for this project, ironically, GAE cannot be used as a backend for Google API's (better use Amazon or some other solution for that). or
2. Program something like a watchdog over the output of the dig command that would notify me if there's a change, and then I would manually update the whitelist (no way I am going to do this - too dangerous), or allow all IP's to use the Google API granted it has my API key. Not the most secure solution but it works.

Is there any other workaround? Can it be that GAE does not support consuming Google API's server side?

解决方案

You can use App Identity to access Google's API from AppEngine. See: https://developers.google.com/appengine/docs/python/appidentity/. If you setup your app using the cloud console, it should have already added your app's identity with permission to your project, but you can always check that out. From the "Permissions" Tab in cloud console for your project, make sure your service account is added under "Service Accounts" (in the form of your_app_id@appspot.gserviceaccount.com)

Furthermore, if you use something like the JSON API Libs available for python, you can use the bundled oauth2 library to do all of this for you using AppAssertionCredentials to authorize the API you wish to use. See: https://developers.google.com/api-client-library/python/guide/google_app_engine#ServiceAccounts

这篇关于GAE：无法使用Google服务器端API（白名单问题）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！