[google-appengine] Re: Secure Cloud Scheduler App Engine route with X-Cloudscheduler
Actually, the test was done on another Customer's setup in the past. You can be sure that the Internal Cloud Scheduler engineers are aware of this usage. In fact, there is an Internal Feature request with the Cloud Scheduler team for the use of these headers. At the moment, Our recommendation is to use these headers for informational purposes rather than using it for Security. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/3a389b1f-f447-49d1-aa9e-7a3a9ee3fa27%40googlegroups.com.
[google-appengine] Re: Secure Cloud Scheduler App Engine route with X-Cloudscheduler
Thanks Olu for testing, Could you provide the scenario in which the header was not presented? Can you also raise a ticket to get this fixed / added to all Cloud Scheduler requests? login: admin is not available in Python 3.7 App Engine environment App.yaml reference: https://cloud.google.com/appengine/docs/standard/python3/config/appref On Tuesday, 21 April 2020 16:39:28 UTC+1, Olu wrote: > > According to Cloud Scheduler documentation [1--See the App Engine HTTP], > App Engine endpoints can be secured with "login: admin" in the app.yaml > file. While I understand that the admin login feature is not available for > some environments and not documented for some of the App Engine Standard > Language Runtimes, certainly it is not available for App Engine flex, I do > not have any information about the deprecation. At the least, I have no > documentation that confirms that at this point. > > About the use of X-Cloudscheduler:true as a header, following internal > tests completed on various types of requests, this may somewhat be relied > upon to filter requests for some of the cases. However, in one of the tests > done in the past for requests, we found the use flawed. Since using the > X-Cloudscheduler:true as a header may not be viable for all cases(at least, > from our internal tests in the past), I believe this may be the reason why > the documentation has not been duly updated. > > [1]https://cloud.google.com/scheduler/docs/creating#creating_jobs > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/874aa788-d794-4df7-a2b2-0bdf6327041d%40googlegroups.com.
[google-appengine] Re: Secure Cloud Scheduler App Engine route with X-Cloudscheduler
According to Cloud Scheduler documentation [1--See the App Engine HTTP], App Engine endpoints can be secured with "login: admin" in the app.yaml file. While I understand that the admin login feature is not available for some environments and not documented for some of the App Engine Standard Language Runtimes, certainly it is not available for App Engine flex, I do not have any information about the deprecation. At the least, I have no documentation that confirms that at this point. About the use of X-Cloudscheduler:true as a header, following internal tests completed on various types of requests, this may somewhat be relied upon to filter requests for some of the cases. However, in one of the tests done in the past for requests, we found the use flawed. Since using the X-Cloudscheduler:true as a header may not be viable for all cases(at least, from our internal tests in the past), I believe this may be the reason why the documentation has not been duly updated. [1]https://cloud.google.com/scheduler/docs/creating#creating_jobs -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/d5b7d6b2-6c9f-424c-b9ed-bdfd7e2ecafa%40googlegroups.com.