Sample code to access cloud.google.com / google compute engine ?

List overview All Threads
Download

newer

older

Automatic documentation of...

Pike support for Jupyter...

Stephen R. van den Berg

15 May 2019 15 May '19

1:30 p.m.

Does anyone happen to have some boilerplate code which they can share that uses Pike to get the authorisation tokens required to create and delete google compute engine instances?

Basically I need to follow this guide:

https://developers.google.com/identity/protocols/OAuth2ServiceAccount

Which means that I have a private service key from google, and need to use this to create a JWT, which can then be used to request a token. The token I can then use to call the API.

The question is, how do I use Web.Auth to get my hands on the token? The example shown in http://pike.lysator.liu.se/generated/manual/modref/ex/predef_3A_3A/Web/Auth.... appears to be geared towards authorisations that require user approval.

In my case I only need to call some Google API (server to server), no userdata involved.

-- Stephen.

Show replies by date

William Welliver

15 May 15 May

3:21 p.m.

I don't have the exact use case you describe, but it seems like the code I've used uin the past would work just fine. The idea is that trather than initiating a user interactive session that pops up a browser toget a token, you already have it, so you can just skip that step and pass the token in to the authorization calll. Thus, no user interaction is required.

Here's a fairly old example that uses poppa's Social module, which I get the feeling has evolved into Web.Auth.

https://bitbucket.org/hww3/pike_demos/src/default/google_apis/google_task_de...

On Wed, 15 May 2019, Stephen R. van den Berg wrote:

...

Does anyone happen to have some boilerplate code which they can share that uses Pike to get the authorisation tokens required to create and delete google compute engine instances?

Basically I need to follow this guide:

https://developers.google.com/identity/protocols/OAuth2ServiceAccount

Which means that I have a private service key from google, and need to use this to create a JWT, which can then be used to request a token. The token I can then use to call the API.

The question is, how do I use Web.Auth to get my hands on the token? The example shown in http://pike.lysator.liu.se/generated/manual/modref/ex/predef_3A_3A/Web/Auth.... appears to be geared towards authorisations that require user approval.

In my case I only need to call some Google API (server to server), no userdata involved. -- Stephen.

Pontus Östlund

6:24 p.m.

...

On 15 May 2019, at 15:30, Stephen R. van den Berg srb@cuci.nl wrote:

Does anyone happen to have some boilerplate code which they can share that uses Pike to get the authorisation tokens required to create and delete google compute engine instances?

[...]

In my case I only need to call some Google API (server to server), no userdata involved.

I think this might work:

Web.Api.Google api = Web.Api.Google(0, 0, 0);

api->auth->get_token_from_jwt(your_service_account_key, 0, lambda (bool ok, string data) { // yadda yadda });

And if I remember correctly, leaving out the lambda will issue a sync call.

Regards ----------------------------- Pontus Östlund Developer • Roxen AB +46 70-662 81 69

www.roxen.com http://www.roxen.com/ | twitter.com/roxen https://twitter.com/roxen

Stephen R. van den Berg

19 May 19 May

3:31 p.m.

New subject: SSL.Connection failure

Pontus ??stlund wrote:

...

I think this might work:

...

Web.Api.Google api = Web.Api.Google(0, 0, 0);

...

api->auth->get_token_from_jwt(your_service_account_key, 0, lambda (bool ok, string data) { // yadda yadda });

...

And if I remember correctly, leaving out the lambda will issue a sync call.

Well, something like this does in fact seem to work, however, when doing this without the lambda (and thus blocking and with the sync call) I get a SSL.Connection Fatal alert: Decoding error.

queue_write: To write: 0 [thr:139633112520512,fd:11] queue_write: Got nothing to write (0 bytes buffered) [thr:139633112520512,fd:11] queue_write: Returning 0 (0 bytes buffered) [thr:139633112520512,fd:11] ssl_read_callback: Got 0 bytes of application data [thr:139633112520512,fd:11] Running local backend [r:1 w:0], infinite timeout [thr:139633112520512,fd:11] ssl_read_callback (string[751]): nonblocking mode=0, callback mode=0 handshaking SSL.Connection->recv_packet(): version=0x303 SSL.Connection: received packet of type 22 SSL.Connection: HANDSHAKE SSL.Connection->recv_packet(): version=0x303 SSL.Connection: received packet of type 22 SSL.Connection: HANDSHAKE SSL.Connection->recv_packet(): version=0x303 SSL.Connection: received packet of type 22 SSL.Connection: HANDSHAKE SSL.ClientConnection(handshaking): derive_master_secret: STATE_wait_for_peer (TLS 1.2) SSL.Connection->send_packet: type 22, pri 2, "\20\0\0"!\4" SSL.Connection->send_packet: type 20, pri 2, "\1" SSL.Connection->send_packet: type 22, pri 2, "\24\0\0\f\376C" SSL.Connection->recv_packet(): current_read_state is zero! ssl_read_callback: Got data: "" SSL.Connection: writing packet of type 22, "\20\0\0"!\4\337" queue_write: To write: 2 SSL.Connection: writing packet of type 20, "\1" queue_write: To write: 2 SSL.Connection: writing packet of type 22, "\24\0\0\f\376Cm" queue_write: To write: 2 queue_write: To write: 0 [thr:139633112520512,fd:11] queue_write: Got nothing to write (94 bytes buffered) [thr:139633112520512,fd:11] queue_write: Install the write callback. [thr:139633112520512,fd:11] queue_write: Returning 0 (94 bytes buffered) [thr:139633112520512,fd:11] ssl_read_callback: Got 0 bytes of application data [thr:139633112520512,fd:11] Running local backend [r:1 w:1], infinite timeout [thr:139633112520512,fd:11] ssl_write_callback: nonblocking mode=0, callback mode=0 handshaking [thr:139633112520512,fd:11] ssl_write_callback: Wrote 94 bytes (0 bytes left) queue_write: To write: 0 [thr:139633112520512,fd:11] queue_write: Got nothing to write (0 bytes buffered) [thr:139633112520512,fd:11] queue_write: Returning 0 (0 bytes buffered) [thr:139633112520512,fd:11] Running local backend [r:1 w:0], infinite timeout [thr:139633112520512,fd:11] ssl_read_callback (string[7]): nonblocking mode=0, callback mode=0 handshaking SSL.Connection->recv_packet(): version=0x303 SSL.Connection: received packet of type 21 SSL.Connection: ALERT SSL.Connection: Fatal alert "Decoding error."

I'm a little out of my depth here. Haven't had any need to decode an SSL handshake/connection by RFC yet... Any ideas?

I have not tried the same using async. This is without a backend running. Maybe the problem is in the handling of the local backend for SSL. I could probably come up with a very small sample of code that illustrates the error.

Basically the problem is at the start of the SSL connection, before actual data is exchanged.

-- Stephen.

1939

Age (days ago)

1943

Last active (days ago)

pike-devel@lists.lysator.liu.se

3 comments

3 participants

tags (0)

participants (3)

Pontus Östlund
Stephen R. van den Berg
William Welliver