-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add an example for IAP on GCE #1099
Conversation
Remove openapi-appengine.yaml.
@@ -0,0 +1,30 @@ | |||
CLOUD_PROJECT_ID = 'YOUR_PROJECT_ID' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file needs a license header.
iap/example_gce_backend.py
Outdated
CLOUD_PROJECT_ID = 'YOUR_PROJECT_ID' | ||
BACKEND_SERVICE_ID = 'YOUR_BACKEND_SERVICE_ID' | ||
|
||
from flask import Flask |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Import modules, not members, so just import flask
and use flask.Flask
and flask.request
.
iap/example_gce_backend.py
Outdated
from flask import Flask | ||
from flask import request | ||
|
||
import platform |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Standard library imports go into the first section:
import platform
import flask
import validate_jwt
iap/example_gce_backend.py
Outdated
return "Error: %s" % error_str | ||
else: | ||
return "Hi, {}. I am {}.".format(user_email, platform.node()) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
style: two blank spaces between functions.
iap/example_gce_backend.py
Outdated
return 'OK', 200 | ||
|
||
if __name__ == '__main__': | ||
app.run(host='0.0.0.0', port=80) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just use app.run()
, do not bind to a specific port. Use gunicorn to run this in production.
iap/requirements.txt
Outdated
@@ -1,5 +1,6 @@ | |||
PyJWT==1.5.2 | |||
cryptography==2.0.3 | |||
flask |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You must pin versions.
iap/example_gce_backend.py
Outdated
user_id, user_email, error_str = validate_iap_jwt_from_compute_engine( | ||
jwt, CLOUD_PROJECT_ID, BACKEND_SERVICE_ID) | ||
if error_str: | ||
return "Error: %s" % error_str |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use single quotes everywhere (except docstrings), and use .format
over %
.
I've made the changes you requested (I used the "thumbs-up" to mean "done"). Please take another look and let me know what you think. |
iap/example_gce_backend.py
Outdated
return 'Hi, {}. I am {}.'.format(user_email, platform.node()) | ||
|
||
|
||
@app.route('/healthz') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why's this needed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not, actually. I've taken it out.
iap/example_gce_backend.py
Outdated
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
CLOUD_PROJECT_ID = 'YOUR_PROJECT_ID' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You need to put constant after imports to please the linter.
I don't have merge access, could you merge this if it looks good? |
Yep, there's still one small lint issue. I'll fix it and merge. |
Using Flask, this app verifies the IAP-added headers and returns a greeting.