Merge pull request #247 from GoogleCloudPlatform/appengine-identity

Adding additional app identity samples.

Author: Jon Wayne Parrott

appengine/app_identity/asserting/app.yaml

@@ -0,0 +1,7 @@
+runtime: python27
+threadsafe: yes
+api_version: 1
+
+handlers:
+- url: .*
+  script: main.app

appengine/app_identity/asserting/main.py

@@ -0,0 +1,61 @@
+# Copyright 2015 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+Sample Google App Engine application that demonstrates using the App Engine
+identity API to generate an auth token.
+
+For more information about App Engine, see README.md under /appengine.
+"""
+
+# [START all]
+import json
+import logging
+
+from google.appengine.api import app_identity
+from google.appengine.api import urlfetch
+import webapp2
+
+
+class MainPage(webapp2.RequestHandler):
+    def get(self):
+        auth_token, _ = app_identity.get_access_token(
+            'https://www.googleapis.com/auth/cloud-platform')
+        logging.info(
+            'Using token {} to represent identity {}'.format(
+                auth_token, app_identity.get_service_account_name()))
+
+        response = urlfetch.fetch(
+            'https://www.googleapis.com/storage/v1/b?project={}'.format(
+                app_identity.get_application_id()),
+            method=urlfetch.GET,
+            headers={
+                'Authorization': 'Bearer {}'.format(auth_token)
+            }
+        )
+
+        if response.status_code != 200:
+            raise Exception(
+                'Call failed. Status code {}. Body {}'.format(
+                    response.status_code, response.content))
+
+        result = json.loads(response.content)
+        self.response.headers['Content-Type'] = 'application/json'
+        self.response.write(json.dumps(result, indent=2))
+
+app = webapp2.WSGIApplication([
+    ('/', MainPage)
+], debug=True)
+
+# [END all]

appengine/app_identity/asserting/main_test.py

@@ -0,0 +1,31 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import main
+import mock
+import webtest
+
+
+def test_app(testbed):
+    app = webtest.TestApp(main.app)
+
+    with mock.patch('main.urlfetch.fetch') as fetch_mock:
+        result_mock = mock.Mock()
+        result_mock.status_code = 200
+        result_mock.content = '{}'
+        fetch_mock.return_value = result_mock
+
+        response = app.get('/')
+        assert response.status_int == 200
+        assert fetch_mock.called

appengine/app_identity/incoming/app.yaml

@@ -0,0 +1,7 @@
+runtime: python27
+threadsafe: yes
+api_version: 1
+
+handlers:
+- url: .*
+  script: main.app

appengine/app_identity/incoming/main.py

@@ -0,0 +1,45 @@
+# Copyright 2015 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+Sample Google App Engine application that demonstrates usage of the app
+engine inbound app ID header.
+
+For more information about App Engine, see README.md under /appengine.
+"""
+
+# [START all]
+import webapp2
+
+
+class MainPage(webapp2.RequestHandler):
+    allowed_app_ids = [
+        'other-app-id',
+        'other-app-id-2'
+    ]
+
+    def get(self):
+        incoming_app_id = self.request.headers.get(
+            'X-Appengine-Inbound-Appid', None)
+
+        if incoming_app_id not in self.allowed_app_ids:
+            self.abort(403)
+
+        self.response.write('This is a protected page.')
+
+app = webapp2.WSGIApplication([
+    ('/', MainPage)
+], debug=True)
+
+# [END all]

appengine/app_identity/incoming/main_test.py

@@ -0,0 +1,27 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import main
+import webtest
+
+
+def test_app(testbed):
+    app = webtest.TestApp(main.app)
+
+    response = app.get('/', status=403)
+
+    response = app.get('/', headers={
+        'X-Appengine-Inbound-Appid': 'other-app-id'
+    })
+    assert response.status_int == 200

appengine/app_identity/signing/main.py

@@ -14,7 +14,7 @@
 
 """
 Sample Google App Engine application that demonstrates usage of the app
-identity API.
+identity API to sign bytes and verify signatures.
 
 For more information about App Engine, see README.md under /appengine.
 """