10
votes

At the moment I am able to write to the datastore once I deploy my code, but I can't write to the datastore emulator with code running locally since it throws a ca-bundle error. The local datastore is visible at localhost:8000

use google\appengine\api\users\User;
use google\appengine\api\users\UserService;
use google\appengine\api\app_identity\AppIdentityService;

echo AppIdentityService::getApplicationId()."<br>";
echo AppIdentityService::getDefaultVersionHostname()."<br>";

# Includes the autoloader for libraries installed with composer
require __DIR__ . '/vendor/autoload.php';

use Google\Cloud\ServiceBuilder;
$cloud = new ServiceBuilder([
    'projectId' => AppIdentityService::getApplicationId(),
    'keyFilePath'=>'review-9504000716d8.json'
  ]);
$datastore = $cloud->datastore();



# The kind for the new entity
$kind = 'Task';

# The name/ID for the new entity
$name = 'sampletask1';

# The Cloud Datastore key for the new entity
$taskKey = $datastore->key($kind, $name);

# Prepares the new entity
$task = $datastore->entity($taskKey, ['description' => 'Buy milk']);

# Saves the entity
$datastore->upsert($task);

This code runs without any issues when deployed. But locally throws:

Fatal error: Uncaught exception 'Google\Cloud\Exception\ServiceException' with message 'No system CA bundle could be found in any of the the common system locations. PHP versions earlier than 5.6 are not properly configured to use the system's CA bundle by default. In order to verify peer certificates, you will need to supply the path on disk to a certificate bundle to the 'verify' request option: http://docs.guzzlephp.org/en/latest/clients.html#verify. If you do not need a specific certificate bundle, then Mozilla provides a commonly used CA bundle which can be downloaded here (provided by the maintainer of cURL): https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt. Once you have a CA bundle available on disk, you can set the 'openssl.cafile' PHP ini setting to point to the path to the file, allowing you to omit the 'verify' request option. See http://curl.haxx.se/docs/sslcerts.html for more information.' in D:\Google\php\appengine-php-guestbook-phase0-helloworld\appengine-php-guestbook-phase0-hellowo in D:\Google\php\appengine-php-guestbook-phase0-helloworld\appengine-php-guestbook-phase0-helloworld\vendor\google\cloud\src\RequestWrapper.php on line 219

I didn't manage to make the local server even consider the php.ini file nor did I manage to upgrade the bundled php55 to at least php56.

Thus I actually have 2 questions:

  1. how to properly connect from the local instance (dev_appserver.py) on windows to Google's remote datastore?
  2. how to properly connect from the local instant to the local emulated datastore so I can view the data on localhost:8000?
1
The documentation for PHP is woeful. Were you able to get your dev_appserver.py instance to communicate with the datastore emulator?N S
No, but funny fact, after using github.com/tomwalder/php-gds I stopped having errors.Avner Solomon

1 Answers

1
votes

The APIs are using CA certificate files for authentication more specifically they are using curl.cainfo.

Now you server might already have this file configured in php.ini. You can check in server file. Remember there could be different ini files for different environments like apache, cli.

Now you can either copy that file or Create your own authority file

Option 1:
Set absolute path in php.ini

Option 2:
Use ini_set to set this config.

Option 3:
Try with some other mode of authentication, i am sure google will have that.

Option 4:
As given in your question itself.

If you do not need a specific certificate bundle, then Mozilla provides a commonly used CA bundle which can be downloaded here https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt. Once you have a CA bundle available on disk, you can set the 'openssl.cafile' PHP ini setting to point to the path to the file, allowing you to omit the 'verify' request option