Is it possible to view and create an index on the Google Cloud Datastore for my project, using the Google Developer Console?
If not, how can I create one via another route?
Some context: I am writing a simple Android app to store/retrieve data from the cloud datastore by customising the "Mobile Backend Starter / MBS" (that backend we are always invited to deploy when creating a new project in the dev console).
I am now at the point where the queries / filters I am specifying in my Android client are returning a "503" error stating that an index is required. I think this is because I am using a "greater than" filter in my query.
So how can I add one? Or do I have to edit the backend deployment package to do this? If so, then how can I do this e.g. view the folder MBS backend got deployed to? I had assumed MBS was a zero configuration backend - we just need to write the client, but it seems even basic query ops need an index adding so this isn't the case? I am being suggested to add an xml fragment somewhere in the IOException thrown by the list() call I'm making to CloudBackend:
com.google.api.client.googleapis.json.GoogleJsonResponseException: 503 Service Unavailable
{
"code": 503,
"errors": [
{
"domain": "global",
"message": "com.google.appengine.api.datastore.DatastoreNeedIndexException: no matching index found.\nThe suggested index for this query is:\n <datastore-index kind=\"DB\" ancestor=\"false\" source=\"manual\">\n <property name=\"_createdBy\" direction=\"asc\"/>\n <property name=\"originatingDeviceID\" direction=\"asc\"/>\n <property name=\"LastUpdatedOn\" direction=\"asc\"/>\n </datastore-index>\n\n",
"reason": "backendError"
}
... SNIP
Typically, most indexes are auto-generated when you test your application. In case it did not happen, you need to manually configure the datastore-indexes.xml file. You can read more about it at Java Datastore Index Configuration.
Thanks all for your input - for future reference here is the solution for users like me who just deploy the MBS and haven't/don't want to interact with the server-side code which should be just deploy and go.
First you download the currently deployed backend via the Google App Engine SDK tool:
appcfg.cmd --application=my-project-name download_app .
Then in WEB-INF/datastore-indexes.xml we see the auto generation of the index has been disabled in the vanilla MBS configuration.
<?xml version="1.0" encoding="utf-8"?>
<datastore-indexes autoGenerate="false">
<datastore-index kind="_CloudMessages" ancestor="false">
<property name="topicId" direction="asc"/>
<property name="_createdAt" direction="desc"/>
</datastore-index>
</datastore-indexes>
which is why my index was not getting built. You then paste in the recommended index which fortunately is included in the Java IOException message body, and upload it back to Google via:
appcfg.cmd --application=my-project-name update_indexes .
It would have been super-useful for Google Console to have some dashboard capability to manage indexes much as it has to add/delete/edit Entities, but it seems you can only inspect them.
Related
I am trying to implement Android Management API in my project where the first step is to create an enterprise:
Post the Callbackurl and ProjectID to the Following URL
https://androidmanagement.googleapis.com/v1/signupUrls
I get the response name and url:
{
"name": "signupUrls/C265d41bc093bdd97",
"url": "https://play.google.com/work/adminsignup?token=someToken"
}
How can I Change this "url" parameter to my own. Do I require to upload my DPC to playstore?
I am out of guesses. please help
Thanks in advance.
The flow is this:
1) Create a Project in Google developer console, enable Android Management API, create credentials and get the project id. (I think you already done that).
2) Create a SignupUrl with signupUrls.create. (What you have done to get that JSON)
3) Keep the SignupUrl Name and redirect the user (or go) to the returned URL (inside the JSON posted).
3) Follow the procedure to create an enterprise.
This will start the creation of an enterprise to the signed Google Account.
4) At the end of the procedure you will be redirected to the callbackUrl specified inside signupUrls.create. Appended to the callbackUrl, as a GET query parameter, will be a token.
5) You must use the appended token to conclude the flow calling the API enterprises.create with these parameters:
The signup url name
The enterprise token returned as parameter
(optional) a request body with some enterprise parameters (logo, name, etc)
At the end of this coming and going between URLs and API calls, you will end with an Enterprise created on the Google Account and the enterprise ID in the form enterprise/<yourID> to interact with the API.
You can check all the Enterprise infos at the created Google Play for Work (or Managed Google Play) at http://play.google.com/work . Left menu "Administration Settings" at check your enterpriseId.
It has been a while since we touch this google-services.json file. We download the file again from Firebase console and do a diff for it with whatever we have on file and saw that the api key is different 🤔.
However, we could not find any good documentation about why it is changed and what is supposed to do on our side.
"api_key": [
{
- "current_key": "AI***********************************BC"
+ "current_key": "AI***********************************K0"
}
],
We saw this question that this api key is supposed to be used to send push notifications. We tested notification with both versions of the key and both of them are working fine.
https://stackoverflow.com/a/38227768/1035008
What might be causing the change in the current_key field in the JSON file? Is it safe to just swap in the new file?
Edit:
We saw the old key is still there under https://console.firebase.google.com > Project Overview > Project Settings > Web API Key:
I guess Google just decided to move the web API key outside of file and created a new one for each project?
A Firebase project can have many API keys, but each API key can only be associated with a single Firebase project. See The docs
You can view your API keys in Firebase console at APIs & Services > Credentials
From what I can gather, when you download the google-services.json it 'auto matches' what it thinks is the most appropriate key. In my case it changed the key to a different (existing) key, but both keys still work - tested with FCM Push Notifications and Firebase Analytics on Android device.
I found at https://developers.google.com/instance-id/reference/server#get_information_about_app_instances the following example GET request:
https://iid.googleapis.com/iid/info/nKctODamlM4:CKrh_PC8kIb7O...clJONHoA?details=trueAuthorization:key=AIzaSyZ-1u...0GBYzPu7Udno5aA
The key in that example is: AIzaSyZ-1u...0GBYzPu7Udno5aA. Where can I find my key, the one that I should use in my GET request? I am trying to find it at https://console.developers.google.com/apis/credentials, and this is what I see:
I tried using all of the four keys that you see in the image above, and I always receive this message from the browser:
{"error":"MissingAuthorization"}
Does this error refer to the key being wrong, or to something else? Am I looking in the right place for the key? Thank you.
EDIT 1: I was looking at the question at How to check how many topics has been subscribed?, and I also tried using the keys that I found in my Firebase Console, under the "Cloud Messaing" tab. This is what I see:
I tried the GET request using those keys in the image above as well and I still see the same error: {"error":"MissingAuthorization"}.
EDIT 2: I am using this from the command line:
C:\curl>curl -k https://iid.googleapis.com/iid/info/nKctODamlM4:CKrh_PC8kIb7O...clJONHoA?details=trueAuthorization:key=AIzaSyZ-1u...0GBYzPu7Udno5aA
{"error":"MissingAuthorization"}
C:\curl>
Notice how I simply copied/pasted what I found at https://developers.google.com/instance-id/reference/server#get_information_about_app_instances under the "Example GET request" heading. I am not even attempting to use my own keys and I see the same error: {"error":"MissingAuthorization"}. Does it mean the problem is with the key I am using? Is not it the one I see in the Firebase Console?
Based on the instructions at https://developers.google.com/instance-id/reference/server, under the heading "Get information about app instances", it shows that it is necessary to provide the Authorization: key=YOUR_API_KEY, which is set in the header. See at https://android.jlelse.eu/firebase-push-notification-using-curl-command-devoid-backend-e63795d282c4 an example of how to provide a parameter in the header.
Concerning the Authorization: key=YOUR_API_KEY that has to be used, it is the key that appears in the "EDIT 1" section of this question. I used the Server key, not the Legacy server key, and it worked for me.
https://developers.google.com/instance-id/reference/server shows this end point: https://iid.googleapis.com/iid/info/IID_TOKEN. But IID_TOKEN must be replaced with the instance ID token which corresponds to the instance of the app that was installed on a device. In my case, I found it by printing the instance ID or token of the device, using the following code in the first activity of my Android app:
Log.d("The token of device: ", FirebaseInstanceId.getInstance().getToken());
In the log of the Android monitor, I found the IID_TOKEN that I needed:
D/The token of device:: f35EFw4bsef:QWE34bFm56ZuQLWYSDDgPlkf4a88Lu6Gp4DoXVDJ5dRIlsdDncq0UdNnlDi7wxbbut6YX7Z1kwgyS3bzk_Zrl-1doHCf9XFdOXTThNzo4sDFEWqQjHKfNa3uH2Js4Flbf_CnRkD2Mftr
Finally, I used cURL from the command prompt, and you can see how I obtained results correctly:
C:\curl>curl -X GET -k --header "Authorization: key=AAAAJ5XteYp:DKE32aIdFalyFXku6A-eR_wHL6ZBUFxfyPtcrm3wwF2l-nPEv_vAeYqo3NJzaIKKcSSow6gqoAwf3cBEm8QWYbF6w-asW0SX0RmHZftQglwmo_ziwrk8wFcGp1_DOQ1PLFFgP4BFWXAD" "https://iid.googleapis.com/iid/info/f35EFw4bsef:QWE34bFm56ZuQLWYSDDgPlkf4a88Lu6Gp4DoXVDJ5dRIlsdDncq0UdNnlDi7wxbbut6YX7Z1kwgyS3bzk_Zrl-1doHCf9XFdOXTThNzo4sDFEWqQjHKfNa3uH2Js4Flbf_CnRkD2Mftr
{"applicationVersion":"22","attestStatus":"NOT_ROOTED","application":"com.[myapp]","scope":"*","authorizedEntity":"232255245625","appSigner":"3d34g3fs3443292d825f21da4fdd5b34a56f2a3h","platform":"ANDROID"}
C:\curl>
Note: In the code above I have changed the values of things such as tokens and keys for privacy purposes, but you need to use your values and everything should work.
I'm analyzing some security issues due to an app which uses the Facebook SDK.
a) What type has the data which is transferred between the app and the Facebook backend? Is it JSON? Or is it something else?
b) Furthermore is there a "modern" and secure SSL-Communication used? Do I have to deal with certificates or is that managed by the SDK itself?
The data type transferred is JSON through HTTP GET request-response.
The result JSON it's like:
{
"id" : "32419183519351",
"bithday": "*****",
"name": "Danilo Dughetti",
...
}
For more info try to check the Facebook Graph API.
And for the security question, I know that exists an Acess Tocken system. Actually I don't know if SSL is used.
Hope it can help, bye!
Using the Mobile Backend Starter (MBS) Android classes (those distributed as a sample project when creating a new project in Google Dev Console and demoed at Google I/O 2013) I'm able to insert new entities to the cloud datastore via calls to CloudBackendMessaging.insertAll or .updateAll. The latter will create entities if none exist so seems functionally identical to insert for new records.
The insertion/creation works fine. However when I attempt to update existing entries in the datastore, I received permissions errors e.g. (from the backend log)
Method: mobilebackend.endpointV1.updateAll
Error Code: 401
Reason: required
Message: Insuffient permission for updating a CloudEntity: XXXXXX by: USER: YYYYYYY
which results in a matching access error in the logcat client side.
In all cases I am using Secured access authenticating with a valid Google account (my own).
The entities being inserted are thus showing as "owned" by my user ID with "updated by" and "created by" showing my Google account's email address.
However when the update of the existing record is made, using exactly the same CloudBackendMessenger object and thus same credentials etc. the backend is telling me I can't update due to permissions issues. But surely if I just made the entity with the same credentials this can't be correct? Looking at the documentation it appears that I should be able to edit entities owned by the same user ID in all cases (regardless of the KindName and whether it is prepended [public], [private] or nothing).
Can anyone who has received permissions errors on UPDATES via Mobile Backend Starter for Datascore please shed any light? I have been banging my head over this for most of today.
I've faced the similar error "Insuffient permission for updating a CloudEntity" when using cloudBackendAsync.update(cloudEntity). I resolved it by making sure the cloudEntity has it's createdAt field set. createdAt is autogenerated and I think I am not supposed to touch it. But it worked for me. In my case I am first obtaining list of cloud entities. This is when I get createdAt field of cloud entities. Then when I am updating I setting the createdAt field from previously obtained entities.
Edit: Had to do similar thing for owner field also.
Similar to one of the comments above, I successfully got around this by getting the original CloudEntity before doing the insert/update/delete function.
CloudQuery cq = new CloudQuery("datastoretype");
cq.setLimit(1);
cq.setFilter(Filter.eq("_id",id));
cloudEntity.setId(id);
mProcessingFragment.getCloudBackend().get(cloudEntity, handler);
Thereafter it was trivial to do the following:
mProcessingFragment.getCloudBackend().update(cloudEntity, handler);
The docs definitely ought to be more clear on this, whether it is a strict requirement or bug.
The answers posted so far work around the problem if you don't mind all users being able to access the entity you are trying to update. However, a better solution that retains the access permissions is detailed by google here - https://cloud.google.com/cloud/samples/mbs/authentication
If you want to pass the user’s Google Account info to the backend on
each call, use the CloudBackend#setCredential() method (also available
on the subclasses, CloudBackendAsync and CloudBackendMessaging) to set
a GoogleAccountCredential object before calling any Mobile Backend
methods.
GoogleAccountCredential credential = GoogleAccountCredential.usingAudience(this, "<Web Client ID>");
credential.setSelectedAccountName("<Google Account Name>");
cloudBackend.setCredential(credential);
Setting credientials enables the client to operate when the backend is
in “Secured by Client ID” mode and also sets createdBy/updatedBy/owner
properties of CloudEntity automatically.