chandrap08
diff --git a/‎appengine/standard/migration/incoming/README.md
Lines changed: 16 additions & 0 deletions b/‎appengine/standard/migration/incoming/README.md
Lines changed: 16 additions & 0 deletions
diff --git a/‎appengine/standard/migration/incoming/app.yaml
Lines changed: 25 additions & 0 deletions b/‎appengine/standard/migration/incoming/app.yaml
Lines changed: 25 additions & 0 deletions
diff --git a/‎appengine/standard/migration/incoming/appengine_config.py
Lines changed: 20 additions & 0 deletions b/‎appengine/standard/migration/incoming/appengine_config.py
Lines changed: 20 additions & 0 deletions
diff --git a/‎appengine/standard/migration/incoming/main.py
Lines changed: 84 additions & 0 deletions b/‎appengine/standard/migration/incoming/main.py
Lines changed: 84 additions & 0 deletions
diff --git a/‎appengine/standard/migration/incoming/main_test.py
Lines changed: 27 additions & 0 deletions b/‎appengine/standard/migration/incoming/main_test.py
Lines changed: 27 additions & 0 deletions
diff --git a/‎appengine/standard/migration/incoming/requirements-test.txt
Lines changed: 2 additions & 0 deletions b/‎appengine/standard/migration/incoming/requirements-test.txt
Lines changed: 2 additions & 0 deletions
diff --git a/‎appengine/standard/migration/incoming/requirements.txt
Lines changed: 2 additions & 0 deletions b/‎appengine/standard/migration/incoming/requirements.txt
Lines changed: 2 additions & 0 deletions
diff --git a/‎appengine/standard/migration/storage/README.md
Lines changed: 16 additions & 0 deletions b/‎appengine/standard/migration/storage/README.md
Lines changed: 16 additions & 0 deletions
diff --git a/‎appengine/standard/migration/storage/app.yaml
Lines changed: 15 additions & 0 deletions b/‎appengine/standard/migration/storage/app.yaml
Lines changed: 15 additions & 0 deletions
diff --git a/‎appengine/standard/migration/storage/app3.yaml
Lines changed: 5 additions & 0 deletions b/‎appengine/standard/migration/storage/app3.yaml
Lines changed: 5 additions & 0 deletions
@@ -0,0 +1,16 @@
+## App Engine to App Engine Request Sample
+
+This sample application shows how an App Engine for Python 2.7 app can verify
+the caller's identity for a request from an App Engine for Python 2.7 or
+App Engine for Python 3.7 app.
+
+Requests from an App Engine for Python 2.7 app that use `urlfetch` have
+a trustworthy `X-Appengine-Inbound-Appid` header that can be used to verify
+the calling app's identity.
+
+Requests from an App Engine for Python 3.7 app that include an Authorization
+header with an ID token for the calling app's default service account can
+be used to verify those calling apps' identities.
+
+The appengine/standard_python37/migration/urlfetch sample app can be used
+to make calls to this app with a valid Authorization header.
@@ -0,0 +1,25 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+runtime: python27
+threadsafe: yes
+api_version: 1
+
+libraries:
+- name: ssl
+  version: latest
+
+handlers:
+- url: .*
+  script: main.app
@@ -0,0 +1,20 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# [START vendor]
+from google.appengine.ext import vendor
+
+# Add any libraries installed in the "lib" folder.
+vendor.add('lib')
+# [END vendor]
@@ -0,0 +1,84 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+Authenticate requests coming from other App Engine instances.
+"""
+
+# [START gae_python_app_identity_incoming]
+from google.oauth2 import id_token
+from google.auth.transport import requests
+
+import logging
+import webapp2
+
+
+def get_app_id(request):
+    # Requests from App Engine Standard for Python 2.7 will include a
+    # trustworthy X-Appengine-Inbound-Appid. Other requests won't have
+    # that header, as the App Engine runtime will strip it out
+    incoming_app_id = request.headers.get(
+        'X-Appengine-Inbound-Appid', None)
+    if incoming_app_id is not None:
+        return incoming_app_id
+
+    # Other App Engine apps can get an ID token for the App Engine default
+    # service account, which will identify the application ID. They will
+    # have to include at token in an Authorization header to be recognized
+    # by this method.
+    auth_header = request.headers.get('Authorization', None)
+    if auth_header is None:
+        return None
+
+    # The auth_header must be in the form Authorization: Bearer token.
+    bearer, token = auth_header.split()
+    if bearer.lower() != 'bearer':
+        return None
+
+    try:
+        info = id_token.verify_oauth2_token(token, requests.Request())
+        service_account_email = info['email']
+        incoming_app_id, domain = service_account_email.split('@')
+        if domain != 'appspot.gserviceaccount.com':  # Not App Engine svc acct
+            return None
+        else:
+            return incoming_app_id
+    except Exception as e:
+        # report or log if desired, as here:
+        logging.warning('Request has bad OAuth2 id token: {}'.format(e))
+        return None
+
+
+class MainPage(webapp2.RequestHandler):
+    allowed_app_ids = [
+        'other-app-id',
+        'other-app-id-2'
+    ]
+
+    def get(self):
+        incoming_app_id = get_app_id(self.request)
+
+        if incoming_app_id is None:
+            self.abort(403)
+
+        if incoming_app_id not in self.allowed_app_ids:
+            self.abort(403)
+
+        self.response.write('This is a protected page.')
+
+
+app = webapp2.WSGIApplication([
+    ('/', MainPage)
+], debug=True)
+# [END gae_python_app_identity_incoming]
@@ -0,0 +1,27 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import webtest
+
+import main
+
+
+def test_get():
+    app = webtest.TestApp(main.app)
+
+    try:
+        response = app.get('/')
+        assert response.status_int == 403
+    except webtest.app.AppError as e:
+        assert '403 Forbidden' in str(e)
@@ -0,0 +1,2 @@
+pytest>=4.6.10
+webtest>=2.0.35
@@ -0,0 +1,2 @@
+google-auth>=1.14.1
+requests>=2.23.0
@@ -0,0 +1,16 @@
+## App Engine cloudstorage library Replacement
+
+The runtime for App Engine standard for Python 2.7 includes the `cloudstorage`
+library, which is used to store and retrieve blobs. The sample in this
+directory shows how to do the same operations using Python libraries that
+work in either App Engine standard for Python runtime, version 2.7 or 3.7.
+The sample code is the same for each environment.
+
+To deploy and run this sample in App Engine standard for Python 2.7:
+
+    pip install -t lib -r requirements.txt
+    gcloud app deploy
+
+To deploy and run this sample in App Engine standard for Python 3.7:
+
+    gcloud app deploy app3.yaml
@@ -0,0 +1,15 @@
+runtime: python27
+api_version: 1
+threadsafe: yes
+
+env_variables:
+    CLOUD_STORAGE_BUCKET: "REPLACE THIS WITH YOUR EXISTING BUCKET NAME"
+    BLOB_NAME: "my-demo-blob"
+
+libraries:
+  - name: ssl
+    version: latest
+
+handlers:
+  - url: /.*
+    script: main.app
@@ -0,0 +1,5 @@
+runtime: python37
+
+env_variables:
+    CLOUD_STORAGE_BUCKET: "REPLACE THIS WITH YOUR EXISTING BUCKET NAME"
+    BLOB_NAME: "my-demo-blob"
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+google-auth>=1.14.1`
	`2`	`+requests>=2.23.0`