How credential and google cloud storage work?

1
votes

I am just starting to develop GAE web application. I am trying to get a list of bucket of google cloud storage. I found some code from web site.

there are 3 ways on the web what I found.

  1. using Google storage API

    https://code.google.com/p/google-api-java-client/source/browse/storage-serviceaccount-appengine-sample/src/main/java/com/google/api/client/sample/storage/appengine/serviceaccount/StorageSample.java?repo=samples&r=f0c6982b3cde8629511346641bfe4bb5eb28d73f

  2. using Json liblary

    but thsi sample needs to configure domain verification for bucket.

  3. using python

    our exisiting application is developped by gae for Java. I do not think thie python way can include in Java application.

then I would like to fix No1 way.

It show credential error. Buckets are authorized to everyone (All Authenticated Users )for now. I think I need to understand how the credential works. I have read the google developer page about 0Auth2. I could find a sample of bigquery. if you have a sample or good web sites about credential and google cloud storage, it will be great helpful.

the errors;

Error: com.google.api.client.googleapis.extensions.appengine.auth.oauth2.AppIdentityCredential.(Ljava/util/Collection;)V

what i did at API console:

  • creating client id (web application, service account, installed application each)

  • creating Simple API Access ( new server key , new browser key)

what I did at local machine;

  • Set ACL with gsutil

my developing environment

  • eclipse 3.6 helios ( Japanese language pack)

  • gae java for eclipse

  • gae 1.8.0

  • java 1.6.31

  • google storage API

  • google client library

  • others(tomcat,maven)

  • windows 7 English with Japanese language pack

1
google-app-engineoauth-2.0credentialsgoogle-cloud-storage
Could you post the full error traceback?jterrace

1 Answers

2
votes

Your first attempt (number 1) is the best way to focus on getting this to work. The code sample Marc provided uses the built-in App Engine App Identity module to securely identify the App Engine app to other Google APIs: https://developers.google.com/appengine/docs/java/appidentity/#Asserting_Identity_to_Google_APIs

However, there are 2 gotchas to check:

  1. The App Identity module will not work using the local devserver. When running locally there is no way for the local server to securely identity itself to Google production APIs - so you should either look at using a service account with a downloadable key for local testing, or, easiest option (and what I'd recommend for now), is to deploy into a production App Engine environment to test.

  2. Make sure the App Engine service account email address is added to the access control list for the Google Cloud Storage bucket that you are trying to access. Get this email address by looking under the Admin Console (for your App Engine app) -> Application Settings:

Service Account Name: [email protected]

To add this to a Google Cloud Storage access control list, either add it to the project team for the project that owns the Google Cloud Storage bucket, or, if you're not using the default access control settings, add it directly to an ACL: https://developers.google.com/storage/docs/accesscontrol

Service accounts with downloadable key - use this for local testing if you can't test in a production App Engine environment: https://developers.google.com/accounts/docs/OAuth2ServiceAccount