Giter Site home page Giter Site logo

gcloud-app's Introduction

gcloud app

Starter app and instructions for deploying a Go app protected by G Suite OAuth via Google Cloud Run so only your coworkers can access it.

Setup

Clone this repo and run the following commands from within the repo as a starting point.

  1. Install the gcloud CLI
  2. Create gcloud Project
  3. Ensure you have selected your new project in the top left, then note the Project ID under the "Project info" panel.
export PROJECT_ID="FIXME"
  1. Authenticate and configure gcloud:
gcloud auth login
gcloud config set project ${PROJECT_ID}
gcloud config set run/region us-west1
  1. Choose an application name e.g. gcloud-app
export APP_NAME="FIXME"
  1. Deploy this application, selecting y for all prompts.
    • Note: Allow unauthenticated invocations to [gcloud-app] (y/N)? is for IAM, not oauth2, so still respond with y.
gcloud run deploy ${APP_NAME}
  1. Note the URL it is deployed at e.g. https://gcloud-app-random-xy.a.run.app:
export EXTERNAL_URI="FIXME"

# or if you have jq
export EXTERNAL_URI=$(gcloud run services describe bravo-app --format=json | jq -r .status.url)
echo $EXTERNAL_URI
  1. Create oauth credentials by clicking "+ New Credentials" then "Oauth client ID".
    • Follow the prompt to configure the oauth consent screen first; make it internal, and only fill in required fields.
    • You may need select "Credentials" on the left and "+ New Credentials" again
    • Select "Web application" for application type
    • Run echo ${EXTERNAL_URI}/auth/redirect and use the output as an "Authorized redirect URIs"
    • Note the Client ID and Client Secret
export OAUTH_CLIENT_ID="FIXME"

export OAUTH_CLIENT_SECRET="FIXME"
  1. Set these env vars on the service
gcloud run services update ${APP_NAME} --update-env-vars "EXTERNAL_URI=${EXTERNAL_URI},OAUTH_CLIENT_ID=${OAUTH_CLIENT_ID},OAUTH_CLIENT_SECRET=${OAUTH_CLIENT_SECRET}"
  1. Now you can login to your app!
open ${EXTERNAL_URI}

You can logout by going to ${EXTERNAL_URI}/logout.

  1. Finally verify that only your coworkers have access to the application by trying to login using a Google account that is not part of the Google workspace. You should get a screen from Google that says "Access blocked: can only be used within its organization."

  2. You can select and delete the project you just created in Cloud Resource Manager to guarantee you are not billed for any latent resources laying around.

gcloud-app's People

Contributors

jdhenke avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.