How to check HTTP basic auth on the python environment of Google Cloud Functions












0















How could this be implemented?



I'm not sure if it's possible to use the various flask related libraries as they use python decorators - and I don't have access to the Flask routes.



My solution would be to manually get the headers, and parse the authorization string manually. But I'm actually not to sure what format the Authorization follows - is there some library that can handle this complication for me?






flask google-cloud-platform google-cloud-build







share|improve this question



























    0















    How could this be implemented?



    I'm not sure if it's possible to use the various flask related libraries as they use python decorators - and I don't have access to the Flask routes.



    My solution would be to manually get the headers, and parse the authorization string manually. But I'm actually not to sure what format the Authorization follows - is there some library that can handle this complication for me?






    flask google-cloud-platform google-cloud-build







    share|improve this question

























      0












      0








      0








      How could this be implemented?



      I'm not sure if it's possible to use the various flask related libraries as they use python decorators - and I don't have access to the Flask routes.



      My solution would be to manually get the headers, and parse the authorization string manually. But I'm actually not to sure what format the Authorization follows - is there some library that can handle this complication for me?






      flask google-cloud-platform google-cloud-build







      share|improve this question














      How could this be implemented?



      I'm not sure if it's possible to use the various flask related libraries as they use python decorators - and I don't have access to the Flask routes.



      My solution would be to manually get the headers, and parse the authorization string manually. But I'm actually not to sure what format the Authorization follows - is there some library that can handle this complication for me?






      flask google-cloud-platform google-cloud-build




      flask google-cloud-platform google-cloud-build






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 16 '18 at 9:10









      Chris StryczynskiChris Stryczynski

      4,45453378




      4,45453378
























          2 Answers
          2






          active

          oldest

          votes


















          1














          requirements.txt:



          basicauth==0.4.1


          And the code:



          from basicauth import decode
          

          

          
encoded_str = request.headers.get('Authorization')
          
username, password = decode(encoded_str)
          

          
if (username == "example", password == "*********"):
          
    authed_request = True





          share|improve this answer































            0














            The Cloud Functions (CFs) are primarily designed for executing simple, standalone tasks, not complex applications.



            The recommended CF access control method is based on service accounts and IAM. From Runtime service account:




            At runtime, Cloud Functions uses the service account
            PROJECT_ID@appspot.gserviceaccount.com, which has the Editor
            role on the project. You can change the roles of this service account
            to limit or extend the permissions for your running functions.




            This access control method is enforced outside of the actual CF execution, so you don't need to worry about authentication in the CF code - you already know it can only be executed using the respective service account credentials.



            Yes, it might be possible to use a custom authentication scheme similar to the one(s) use in more complex applications, but it won't be trivial - it's not what CFs were designed for. See the somehow related When to choose App Engine over Cloud Functions?






            share|improve this answer
























            • The URL is publicly available - not sure how service accounts provide any authentication in this manner.

              – Chris Stryczynski
              Nov 16 '18 at 23:54











            • Ah, you mean on the ingress side. I imagine the IAM checks for the cloudfunctions.functions.call permission is done at the CF trigger level. So if the trigger is HTTP, yes, the URL is public, but it's in the Google-owned cloudfunctions.net domain, so it's easy to do the IAM check after receiving the HTTP request but before actually invoking the CF. So you won't need to actually do anything inside the CF code itself, you just need to take care at configuring the CF and IAM roles and permissions.

              – Dan Cornilescu
              Nov 17 '18 at 4:10











            • I still don't understand why this has anything to do with HTTP's "Basic Access Authentication"?

              – Chris Stryczynski
              Nov 17 '18 at 9:16











            • I guess what I'm trying to say is that I see no point in attempting to parse/use the basic authentication info in the CF code. The info is either missing or static since a particular CF is always executed in a Google-curated environment, by the same identity/user.

              – Dan Cornilescu
              Nov 17 '18 at 14:13











            • It is sent in the HTTP request as an HTTP header - so with that I can check if it matches a username and password.

              – Chris Stryczynski
              Nov 17 '18 at 14:26












            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53334636%2fhow-to-check-http-basic-auth-on-the-python-environment-of-google-cloud-functions%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1














            requirements.txt:



            basicauth==0.4.1


            And the code:



            from basicauth import decode
            

            

            
encoded_str = request.headers.get('Authorization')
            
username, password = decode(encoded_str)
            

            
if (username == "example", password == "*********"):
            
    authed_request = True





            share|improve this answer




























              1














              requirements.txt:



              basicauth==0.4.1


              And the code:



              from basicauth import decode
              

              

              
encoded_str = request.headers.get('Authorization')
              
username, password = decode(encoded_str)
              

              
if (username == "example", password == "*********"):
              
    authed_request = True





              share|improve this answer


























                1












                1








                1







                requirements.txt:



                basicauth==0.4.1


                And the code:



                from basicauth import decode
                

                

                
encoded_str = request.headers.get('Authorization')
                
username, password = decode(encoded_str)
                

                
if (username == "example", password == "*********"):
                
    authed_request = True





                share|improve this answer













                requirements.txt:



                basicauth==0.4.1


                And the code:



                from basicauth import decode
                

                

                
encoded_str = request.headers.get('Authorization')
                
username, password = decode(encoded_str)
                

                
if (username == "example", password == "*********"):
                
    authed_request = True






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 16 '18 at 9:34









                Chris StryczynskiChris Stryczynski

                4,45453378




                4,45453378

























                    0














                    The Cloud Functions (CFs) are primarily designed for executing simple, standalone tasks, not complex applications.



                    The recommended CF access control method is based on service accounts and IAM. From Runtime service account:




                    At runtime, Cloud Functions uses the service account
                    PROJECT_ID@appspot.gserviceaccount.com, which has the Editor
                    role on the project. You can change the roles of this service account
                    to limit or extend the permissions for your running functions.




                    This access control method is enforced outside of the actual CF execution, so you don't need to worry about authentication in the CF code - you already know it can only be executed using the respective service account credentials.



                    Yes, it might be possible to use a custom authentication scheme similar to the one(s) use in more complex applications, but it won't be trivial - it's not what CFs were designed for. See the somehow related When to choose App Engine over Cloud Functions?






                    share|improve this answer
























                    • The URL is publicly available - not sure how service accounts provide any authentication in this manner.

                      – Chris Stryczynski
                      Nov 16 '18 at 23:54











                    • Ah, you mean on the ingress side. I imagine the IAM checks for the cloudfunctions.functions.call permission is done at the CF trigger level. So if the trigger is HTTP, yes, the URL is public, but it's in the Google-owned cloudfunctions.net domain, so it's easy to do the IAM check after receiving the HTTP request but before actually invoking the CF. So you won't need to actually do anything inside the CF code itself, you just need to take care at configuring the CF and IAM roles and permissions.

                      – Dan Cornilescu
                      Nov 17 '18 at 4:10











                    • I still don't understand why this has anything to do with HTTP's "Basic Access Authentication"?

                      – Chris Stryczynski
                      Nov 17 '18 at 9:16











                    • I guess what I'm trying to say is that I see no point in attempting to parse/use the basic authentication info in the CF code. The info is either missing or static since a particular CF is always executed in a Google-curated environment, by the same identity/user.

                      – Dan Cornilescu
                      Nov 17 '18 at 14:13











                    • It is sent in the HTTP request as an HTTP header - so with that I can check if it matches a username and password.

                      – Chris Stryczynski
                      Nov 17 '18 at 14:26
















                    0














                    The Cloud Functions (CFs) are primarily designed for executing simple, standalone tasks, not complex applications.



                    The recommended CF access control method is based on service accounts and IAM. From Runtime service account:




                    At runtime, Cloud Functions uses the service account
                    PROJECT_ID@appspot.gserviceaccount.com, which has the Editor
                    role on the project. You can change the roles of this service account
                    to limit or extend the permissions for your running functions.




                    This access control method is enforced outside of the actual CF execution, so you don't need to worry about authentication in the CF code - you already know it can only be executed using the respective service account credentials.



                    Yes, it might be possible to use a custom authentication scheme similar to the one(s) use in more complex applications, but it won't be trivial - it's not what CFs were designed for. See the somehow related When to choose App Engine over Cloud Functions?






                    share|improve this answer
























                    • The URL is publicly available - not sure how service accounts provide any authentication in this manner.

                      – Chris Stryczynski
                      Nov 16 '18 at 23:54











                    • Ah, you mean on the ingress side. I imagine the IAM checks for the cloudfunctions.functions.call permission is done at the CF trigger level. So if the trigger is HTTP, yes, the URL is public, but it's in the Google-owned cloudfunctions.net domain, so it's easy to do the IAM check after receiving the HTTP request but before actually invoking the CF. So you won't need to actually do anything inside the CF code itself, you just need to take care at configuring the CF and IAM roles and permissions.

                      – Dan Cornilescu
                      Nov 17 '18 at 4:10











                    • I still don't understand why this has anything to do with HTTP's "Basic Access Authentication"?

                      – Chris Stryczynski
                      Nov 17 '18 at 9:16











                    • I guess what I'm trying to say is that I see no point in attempting to parse/use the basic authentication info in the CF code. The info is either missing or static since a particular CF is always executed in a Google-curated environment, by the same identity/user.

                      – Dan Cornilescu
                      Nov 17 '18 at 14:13











                    • It is sent in the HTTP request as an HTTP header - so with that I can check if it matches a username and password.

                      – Chris Stryczynski
                      Nov 17 '18 at 14:26














                    0












                    0








                    0







                    The Cloud Functions (CFs) are primarily designed for executing simple, standalone tasks, not complex applications.



                    The recommended CF access control method is based on service accounts and IAM. From Runtime service account:




                    At runtime, Cloud Functions uses the service account
                    PROJECT_ID@appspot.gserviceaccount.com, which has the Editor
                    role on the project. You can change the roles of this service account
                    to limit or extend the permissions for your running functions.




                    This access control method is enforced outside of the actual CF execution, so you don't need to worry about authentication in the CF code - you already know it can only be executed using the respective service account credentials.



                    Yes, it might be possible to use a custom authentication scheme similar to the one(s) use in more complex applications, but it won't be trivial - it's not what CFs were designed for. See the somehow related When to choose App Engine over Cloud Functions?






                    share|improve this answer













                    The Cloud Functions (CFs) are primarily designed for executing simple, standalone tasks, not complex applications.



                    The recommended CF access control method is based on service accounts and IAM. From Runtime service account:




                    At runtime, Cloud Functions uses the service account
                    PROJECT_ID@appspot.gserviceaccount.com, which has the Editor
                    role on the project. You can change the roles of this service account
                    to limit or extend the permissions for your running functions.




                    This access control method is enforced outside of the actual CF execution, so you don't need to worry about authentication in the CF code - you already know it can only be executed using the respective service account credentials.



                    Yes, it might be possible to use a custom authentication scheme similar to the one(s) use in more complex applications, but it won't be trivial - it's not what CFs were designed for. See the somehow related When to choose App Engine over Cloud Functions?







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Nov 16 '18 at 10:46









                    Dan CornilescuDan Cornilescu

                    30k113767




                    30k113767













                    • The URL is publicly available - not sure how service accounts provide any authentication in this manner.

                      – Chris Stryczynski
                      Nov 16 '18 at 23:54











                    • Ah, you mean on the ingress side. I imagine the IAM checks for the cloudfunctions.functions.call permission is done at the CF trigger level. So if the trigger is HTTP, yes, the URL is public, but it's in the Google-owned cloudfunctions.net domain, so it's easy to do the IAM check after receiving the HTTP request but before actually invoking the CF. So you won't need to actually do anything inside the CF code itself, you just need to take care at configuring the CF and IAM roles and permissions.

                      – Dan Cornilescu
                      Nov 17 '18 at 4:10











                    • I still don't understand why this has anything to do with HTTP's "Basic Access Authentication"?

                      – Chris Stryczynski
                      Nov 17 '18 at 9:16











                    • I guess what I'm trying to say is that I see no point in attempting to parse/use the basic authentication info in the CF code. The info is either missing or static since a particular CF is always executed in a Google-curated environment, by the same identity/user.

                      – Dan Cornilescu
                      Nov 17 '18 at 14:13











                    • It is sent in the HTTP request as an HTTP header - so with that I can check if it matches a username and password.

                      – Chris Stryczynski
                      Nov 17 '18 at 14:26



















                    • The URL is publicly available - not sure how service accounts provide any authentication in this manner.

                      – Chris Stryczynski
                      Nov 16 '18 at 23:54











                    • Ah, you mean on the ingress side. I imagine the IAM checks for the cloudfunctions.functions.call permission is done at the CF trigger level. So if the trigger is HTTP, yes, the URL is public, but it's in the Google-owned cloudfunctions.net domain, so it's easy to do the IAM check after receiving the HTTP request but before actually invoking the CF. So you won't need to actually do anything inside the CF code itself, you just need to take care at configuring the CF and IAM roles and permissions.

                      – Dan Cornilescu
                      Nov 17 '18 at 4:10











                    • I still don't understand why this has anything to do with HTTP's "Basic Access Authentication"?

                      – Chris Stryczynski
                      Nov 17 '18 at 9:16











                    • I guess what I'm trying to say is that I see no point in attempting to parse/use the basic authentication info in the CF code. The info is either missing or static since a particular CF is always executed in a Google-curated environment, by the same identity/user.

                      – Dan Cornilescu
                      Nov 17 '18 at 14:13











                    • It is sent in the HTTP request as an HTTP header - so with that I can check if it matches a username and password.

                      – Chris Stryczynski
                      Nov 17 '18 at 14:26

















                    The URL is publicly available - not sure how service accounts provide any authentication in this manner.

                    – Chris Stryczynski
                    Nov 16 '18 at 23:54





                    The URL is publicly available - not sure how service accounts provide any authentication in this manner.

                    – Chris Stryczynski
                    Nov 16 '18 at 23:54













                    Ah, you mean on the ingress side. I imagine the IAM checks for the cloudfunctions.functions.call permission is done at the CF trigger level. So if the trigger is HTTP, yes, the URL is public, but it's in the Google-owned cloudfunctions.net domain, so it's easy to do the IAM check after receiving the HTTP request but before actually invoking the CF. So you won't need to actually do anything inside the CF code itself, you just need to take care at configuring the CF and IAM roles and permissions.

                    – Dan Cornilescu
                    Nov 17 '18 at 4:10





                    Ah, you mean on the ingress side. I imagine the IAM checks for the cloudfunctions.functions.call permission is done at the CF trigger level. So if the trigger is HTTP, yes, the URL is public, but it's in the Google-owned cloudfunctions.net domain, so it's easy to do the IAM check after receiving the HTTP request but before actually invoking the CF. So you won't need to actually do anything inside the CF code itself, you just need to take care at configuring the CF and IAM roles and permissions.

                    – Dan Cornilescu
                    Nov 17 '18 at 4:10













                    I still don't understand why this has anything to do with HTTP's "Basic Access Authentication"?

                    – Chris Stryczynski
                    Nov 17 '18 at 9:16





                    I still don't understand why this has anything to do with HTTP's "Basic Access Authentication"?

                    – Chris Stryczynski
                    Nov 17 '18 at 9:16













                    I guess what I'm trying to say is that I see no point in attempting to parse/use the basic authentication info in the CF code. The info is either missing or static since a particular CF is always executed in a Google-curated environment, by the same identity/user.

                    – Dan Cornilescu
                    Nov 17 '18 at 14:13





                    I guess what I'm trying to say is that I see no point in attempting to parse/use the basic authentication info in the CF code. The info is either missing or static since a particular CF is always executed in a Google-curated environment, by the same identity/user.

                    – Dan Cornilescu
                    Nov 17 '18 at 14:13













                    It is sent in the HTTP request as an HTTP header - so with that I can check if it matches a username and password.

                    – Chris Stryczynski
                    Nov 17 '18 at 14:26





                    It is sent in the HTTP request as an HTTP header - so with that I can check if it matches a username and password.

                    – Chris Stryczynski
                    Nov 17 '18 at 14:26


















                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53334636%2fhow-to-check-http-basic-auth-on-the-python-environment-of-google-cloud-functions%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Xamarin.iOS Cant Deploy on Iphone

                    Image
                    .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } -1 I have a windows laptop and a mac mini my problem is that It wont deploy on iphone if I use Visual Studio Xamarin on windows to install my app, but it works fine with Visual Studio For Mac. Here's what I get after build succeded on Visual Studio Xamarin on windows : 1>------ Build started: Project: FinalCustomerApp.iOS, Configuration: Debug iPhone ------ 1> Connecting to Mac server 192.168.8.100... 1> FinalCustomerApp.iOS -> C:UsersJeremy PaulDesktopFinalCustomerAppFinalCustomerAppFinalCustomerApp.iOSbiniPhoneDebugFinalCustomerApp.iOS.exe 1> Detected signing identity: 1> Code Signing Key: &quo
                    Read more

                    Glorious Revolution

                    Image
                    "The Bloodless Revolution" redirects here. For a history of the vegetarian movement, see The Bloodless Revolution (book). This article is about the English revolution of 1688. For the revolution of 1868 in Spain, see Glorious Revolution (Spain). For other uses, see Glorious Revolution (disambiguation). Glorious Revolution The Prince of Orange lands at Torbay Date 1688–1689 Location British Isles Also known as Revolution of 1688 War of the English Succession Bloodless Revolution Participants English, Welsh and Scottish society, Dutch forces Outcome Replacement of James II by William III and Mary II Jacobite rising of 1689 Williamite War in Ireland War with France; England and Scotland join Grand Alliance Drafting of the Bill of Rights 1689 Part of a series on the History of England Timeline Prehistoric Britain Roman Britain Sub-Roman Britain Medieval period Economy in the Middle Ages Anglo-Saxon period
                    Read more

                    Dulmage-Mendelsohn matrix decomposition in Python

                    Image
                    0 Matlab has a function called dmperm that computes the so-called Dulmage–Mendelsohn decomposition of a n x n matrix. From wikipedia, the Dulmage–Mendelsohn is a partition of the vertices of a bipartite graph into subsets, with the property that two adjacent vertices belong to the same subset if and only if they are paired with each other in a perfect matching of the graph. Looking both on scipy and numpy, I could not find this function, nor some similar version. Is it possible to implement it using basic linear algebra operations? Any idea if this is implemented in some Python package? python matlab linear-algebra graph-theory matrix-decomposition share | improve this question
                    Read more