I've got a Google Apps Script attached to a Google Sheet that is triggered when a new entry comes in. I've also got a Google Cloud Run instance for a Flask app that I access through an end-point.
Currently it allows unauthenticated invocations but I want to only allow authenticated invocations. How do I go about doing this? I can't access the metadata server as its outside of GCP and the Calling From Outside GCP suggests following the Identity-Aware Proxy sample code however IAP does not work for Cloud Run...
Is there any simple way of doing this?
Related
I came across this doc which says that Apps Script can connect to any external APIs.
I'm trying to access my Virtual Machines and maybe perform some actions (GET, DELETE etc). Can I do that using Compute Engine APIs using Apps Script.
Thank you
It works perfectly within Google Workspace Ecosystem but not sure how to begin connecting GCP services using Apps Script.
I have an app script linked to a spreadsheet that has a few functions to automate some processes for users. I recently updated the project to be linked to a standard GCP project I created so I could create OAuth credentials for an unrelated process in this script. However, now when users go to run the functions, they get a 403. Is there a place in the GCP console where I can give them access? I am not using any OAuth credentials for these functions. Just the standard app script interactions with the Google Sheet.
I think when you move to GCP you are required to use OAuth and they have to enter their credentials again. Found in the docs.
You have to configure the OAuth Consent Screen as is explained in the official docs about link a Google Apps Script project to a standard Google Cloud Project --> https://developers.google.com/apps-script/guides/cloud-platform-projects
I want to create multiple copies of google script files using same advanced services, also must enable API at Google developers console.
When I save as new copy, API at Google developers console for the copy doesn't auto-enable.
Because I need a lot of copies so I can't enable API manually for all.
I also tried creating a script as a library to access advanced services, enable API for it. Then other scripts call to the library function. But when I run, every script show message that I need to enable services and API itself.
Is there any solution for this?
You cannot enable APIs for a Google Apps Script project programmatically. When you create a copy of a Google Apps Script project, a new Google Cloud platform project is created.
Even if the advanced Google service settings are copied when making a file copy, the APIs in the new Cloud Platform project must be manually enabled.
This is no more the case with "default" GCP projects.
When you enable an advanced service for your script project in the Apps Script editor, it is automatically enabled in the default GCP project when the script project is saved.
Contrasting with "Standard" GCP project:
When you enable an advanced service in a script project, you must manually enable the corresponding API in the standard GCP project.
However in both cases, the advanced service needs to be enabled.
I am developing an application using Google Apps Script and using some Advanced Services such as Admin SDK (Directory API) and Reseller API.
It seems like these API's are being called by my WebApp under context of user who is accessing my WebApp (it's deployed with 'Execute the app as 'User accessing the webapp').
Ideally, I would like these API's calls to be authenticated with some Service Account under my project (in Dev Console). Is it possible? How?
When your scripts are ran as 'User accessing the webapp' it runs off the users data against your quota. If you want to run it against your data you need to change the settings to execute the app as "me".
If you need to do a mixed authentication model where the app needs to access the data of two different accounts, you have some options. Either way one account gets to access the built in Apps Script services and the other will use the REST interfaces to the APIs to access their data.
You can run the app as "me" then manage your own Oauth for the user. This can be done with an OAuth Library such as:
https://github.com/googlesamples/apps-script-oauth2
Or you can run the app as the user and use a service account for your server. Here is a library I put together for using service accounts in Apps Script:
https://github.com/Spencer-Easton/Apps-Script-GSApp-Library
Is there a way to restrict access to an application built on Google App Script using LDAP? Can Google App Script access LDAP?
There are a couple of ways to look at this problem.
Apps Script cannot directly access your LDAP system. Apps Script has ability make HTTP calls to REST/SOAP services, make JDBC calls to external databases but it doesn't have built in support for the LDAP directory.
However, if you are using Apps Script w/in a Google Apps domain then you can tie in Google user accounts to LDAP using Google Apps Directory Sync. Once this is setup, you can deploy your Apps Script to only allow people w/in your domain and Google will make them login before they can access the Apps Script.
Hope this helps.