Join Joseph Lowery for an in-depth discussion in this video Authorizing requests, part of Google Cloud Compute Engine Essential Training.
- If you completed the previous lesson, you're ready to start addressing your Compute Engine project via Python. Because you want to keep your project secure, the first step is to authorize your access. We'll use the industry standard OAuth 2.0 authorization protocol. This will take a combination of work in the Google Cloud Console, and your own Python code. We're gonna start right in the console. I've got the Google Cloud Console open for my project, and now I need to establish a new Client ID for a native or installed application.
I'll navigate to the credentials section under APIs and auth, and then click Create New Client ID. I'll choose Installed Application as the application type. Since we're gonna be running our app right from the command line through the Python interpreter, that makes the most sense. Then under Installed Application Type, make sure that your choose other as we definitely don't fit in any of the other listed categories. All right, we're good.
Click Create Client ID. Google Cloud will add a new set of credentials for your project with the heading, and I'll need to scroll down for this, there it is, Client ID for Native Application. This will contain the newly generated Client ID, Client Secret, and Redirect URLs including localhost. Should you ever need to reset the secret, there's a button that you can use to do that. For us to use this information with our Python script, all we need to do is to click Download JSON.
Once it's downloaded, I'm going to find it in Finder here, copy it, and then I'm going to navigate to what I'm using, my Exercise Files, paste it in, and let's name it something a little bit simpler. As you can see the username incorporates the Client ID so it's a little awkward to say the least. Let's just click into it, and I'll get rid of the vast majority of this so that we're left with client_secrets.json.
Let's switch to the Code Editor, and first see what kind of secrets we have here. There's my client_secrets file. I'll open that up. Let me switch to Word Wrap, enable that so we can see it. Actually, a better choice would be to go to Source, Format. Since this is a JSON file, that's a little bit more readable. If you're not using Aptana Studio, your code editor probably has a similar function. Now we can see the name value pairs generated by Google Cloud. This file references the URLs our code will be using for authentication, and to create the required token.
On Line 7 where it says redirect uris, you'll see a shorthand reference to localhosts, oob. Let's bring in our Python code. As the code is somewhat complex, I have it scripted and available in the exercise files for us to go over. You'll find it under Chapter 5, 05_02 in the Start folder. Open up vm-manager.py. The code begins by importing the necessary libraries including several for OAuth 2.0 functionality starting on Line 7 and then going through Line 10.
Then starting on Line 13, we declare a number of variables beginning with the downloaded Client ID credential file. Next, the main function is defined starting on Line 17. Let me scroll down a bit here so you can see all of that. It starts initially with basic logging and parsing routines. Then, Line 29 begins the actual authentication execution by invoking several key functions, flow_from_clientsecrets, storage, and storage.get, and assigning those results to flow, storage, and credentials respectively.
Now on Line 32, we're ready to check to see if the stored credentials exist, and if so, if they're valid. The run_flow function you see on Line 34 attempts to open an authorization server page in your default browser, and ask for access. If access is granted, your new credentials are returned, and they're stored in the file associated with the storage object declared on Line 30. Before I can go to the command line, I'm gonna need to save this file into our exercise files route just to make it easier to access from the command line, and also to have this file and client_secrets.json local to each other.
I'll choose File, Save As, and then drill up to the Exercise Files folder, click OK. There's my new file, and I'm good to go. Now we're ready to switch to the command line. From here I'm gonna do a ls to make sure that I'm in the right directory. It looks good. I see vm-manager.py, and also client_secrets.json.
Now I can run the file by entering python, and then the name of the file that I want Python to run, python vm-manager.py. Cool, there's our browser window as expected. I will accept the request, and with that little bit of text up there, the authentication flow has completed. I'm authorized. Excellent! All systems are go for accessing our virtual machine instance starting in the next lesson.
- Integrating with Google Cloud products
- Setting up the Google Cloud SDK
- Creating a Compute Engine instance
- Authenticating users
- Working with Python and Compute Engine
- Managing resources
- Implementing network load balancing