Create Identity in Google Cloud Platform and GSuite

Compare to some other cloud providers, creating an identity via code in GCP is a little fragmented if your using GSuite for your identity storage. The Google Cloud Platform holds your users identity reference and permission, while the other system GSuite hold the security of the users authentication. This can also make the documentation feel a little fragmented and not so easy to follow. Hence this post to stick them together in how I used C# Dot Net Core to create a Google Cloud Platform Identity using their SDK.

This part is standard for any SDK access to GCP, which is to have a service account authentication. For this you will need to create a Service Account in GCP, which needs to be associated with a project. You can create it against the project where you are deploying, or to keep things separate, like I would recommend, you can create a  Service Management Project. This is just a standard project, but you can use this to keep all the SDK activity on this project while the usage activity happens on the other project.

Create a Project

  1. Go to the Manage resources page in the Cloud Console.
  2. On the Select organization drop-down list at the top of the page, select the organization in which you want to create a project. If you are a free trial user, skip this step, as this list does not appear.
  3. Click Create Project.
  4. In the New Project window that appears, enter a project name and select a billing account as applicable. A project name can contain only letters, numbers, single quotes, hyphens, spaces, or exclamation points, and must be between 4 and 30 characters.
  5. Enter the parent organization or folder in the Location box. That resource will be the hierarchical parent of the new project.
  6. When you’re finished entering new project details, click Create.

Reference: https://cloud.google.com/resource-manager/docs/creating-managing-projects#console

Create a Service Account

  1. In the Cloud Console, go to the Service accounts page.
  2. Select a project (your new Service Management Project).
  3. Click Create service account.
  4. Enter a service account name to display in the Cloud Console.
    The Cloud Console generates a service account ID based on this name. Edit the ID if necessary. You cannot change the ID later.
  5. Optional: Enter a description of the service account.
  6. If you do not want to set access controls now, click Done to finish creating the service account.
    To set access controls now, click Create and continue to the next step.
  7. Optional: Choose one or more IAM roles to grant to the service account on the project.
  8. When you are done adding roles, click Continue.
  9. Optional: In the Service account users role field, add members that can impersonate the service account.
  10. Optional: In the Service account admins role field, add members that can manage the service account.
  11. Click Done to finish creating the service account.

Reference: https://cloud.google.com/iam/docs/creating-managing-service-accounts#iam-service-accounts-create-console

You could then get more specific for the Identity Access Management (IAM) permissions, but to keep it simple you would just need to apply the Service Account ‘Owner’ and ‘Project IAM Admin’ access on the new Service Management Project. This will give the Service Account access to create the identities, but for more detail on the permissions, you can use this link to look them up. https://cloud.google.com/iam/docs/permissions-reference

Next we need the Service Account to have access to create the identities in the GSuite. The below sets the Service Account in GCP ready to give access in the Admin portal of GSuite.

  1. Locate the newly-created service account in the table. Under Actions, click more the 3 dots at the end, then Edit.
  2. In the service account details, click the down arrow to see more Show domain-wide delegation, then ensure the Enable G Suite Domain-wide Delegation checkbox is checked.
  3. If you haven’t yet configured your app’s OAuth consent screen, you must do so before you can enable domain-wide delegation. Follow the on-screen instructions to configure the OAuth consent screen, then repeat the above steps and re-check the checkbox.
  4. Click Save to update the service account, and return to the table of service accounts. A new column, Domain-wide delegation, can be seen. Click View Client ID, to obtain and make a note of the client ID.

Reference: https://developers.google.com/admin-sdk/directory/v1/guides/delegation#create_the_service_account_and_credentials

Now we connect these together, but giving the Service Account access in the GSuite Admin Portal.

  1. From your Google Workspace domain’s Admin console, go to Main menu menu> Security > API controls.
  2. In the Domain wide delegation pane, select Manage Domain Wide Delegation.
  3. Click Add new.
  4. In the Client ID field, enter the client ID obtained from the service account creation steps above.
  5. In the OAuth Scopes field, enter a comma-delimited list of the scopes required for your application (for a list of possible scopes, see Authorize requests).
    For example, if you require domain-wide access to Users and Groups enter: https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.group
  6. Click Authorize.

Reference: https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account

At this point our Service Account has access to the GCP Account/Project and also has the access needed for the GSuite to create the identities. Therefore, we can start getting into the code to create these accounts.

To start with the SDK we need the Service Accounts JSON Key, which you can get by:

  1. In the Cloud Console, go to the Service Accounts page.
  2. Click Select a project, choose a project, and click Open.
  3. Find the row of the service account that you want to create a key for. In that row, click the More button, and then click Create key.
  4. Select a Key type and click Create.

Reference: https://cloud.google.com/iam/docs/creating-managing-service-account-keys#iam-service-account-keys-create-console

Once you have downloaded the JSON File we can move to the Authentication in C#.

You will need to install the Google.Apis.Auth Nuget package to your project. There are then multiple difference methods to do this depending on how you are storing your JSON Key, but for my example we are injecting the JSON straight into the method, which we need the GoogleCredential.  The method we need to call is:

GoogleCredential.FromJson(gcpAuthenticationJson);

With gcpAuthenticationJson being the JSON string from the downloaded file. We also need to add scope to the request of access, which we can string together like below with these scopes required:

GoogleCredential.FromJson(gcpAuthenticationJson)
.CreateScoped(new List<string>
{
"https://www.googleapis.com/auth/admin.directory.user",
"https://www.googleapis.com/auth/admin.directory.group",
"https://www.googleapis.com/auth/admin.directory.user.security"
});

Now although we have given the Service Account all the permissions it requires to do the job, it needs to be executed by a GSuite Admin. We of course cannot have the admin logging in every time, therefore we just need the code to act as the admin. We can do this by adding an addition command to the methods:

GoogleCredential.FromJson(gcpAuthenticationJson)
.CreateScoped(new List<string>
{
 "https://www.googleapis.com/auth/admin.directory.user",
 "https://www.googleapis.com/auth/admin.directory.group",
 "https://www.googleapis.com/auth/admin.directory.user.security"
}).CreateWithUser(adminEmail);

We can of course make this a little more flexable as it can be reused for other authentications, so this is the method I would recommend:

///<summary>
///GettheGCPCredentialviatheServiceAccount
///https://cloud.google.com/docs/authentication/production
///</summary>
///<paramname="authJson">DownloadedAuthenticationJSON</param>
///<paramname="apiScopes">CustomAPIScopes</param>
///<paramname="adminEmail">UserEmailAddresstoImpersonate</param>
///<returns>GCPCredentials</returns>
publicGoogleCredential GetGcpCredential(string authJson,List<string> apiScopes=null,string adminEmail="")
{
 var googleCredential = GoogleCredential.FromJson(authJson)
 .CreateScoped(apiScopes ?? new List<string>
 {
  "https://www.googleapis.com/auth/cloud-platform"
 });

 if(!string.IsNullOrEmpty(adminEmail))
  googleCredential=googleCredential.CreateWithUser(adminEmail);

 return googleCredential;
}

From this can then create users with the SDK using this simple bit of code:

var directoryService = new DirectoryService( new BaseClientService.Initializer
            {
                HttpClientInitializer = GetGcpCredential(authJson, apiScopes, userEmail)
            });
            try
            {
                var request = directoryService.Users.Insert(userData);
                return await request.ExecuteAsync();
            }
            finally
            {
                directoryService.Dispose();
            }

Can Project ARA work?

Just about all developers watched and followed the Google I/O 2016. You heard about the Allo, the Duo and the Google Home air freshener, but something they also squeezed in was a nod to Project ARA. I thought this was dead with no recent news, but they have brought life to the project again so I ask, can this idea work?

For those who don’t know about Project ARA, it is an idea from Google to build a modular phone. Their plan is to have a phone that you can create and be your own. All you will have to do is replace, upgrade and buy new modules for the phone to keep it running. If you want the new camera upgrade, then you don’t need to buy a whole new phone. You just need to pop to a store that sells the modules and then slot it in.

They also say on the Project ARA website, they are looking to expand to the Open Marketplace. This could mean they will expand to allow third parties to build for the ARA phone. Google said at the I/O that they plan for the phone to be on sale in 2017, so we don’t have long to wait. The question about the open marketplace would be if they will have enough companies building for it before it comes out. If the phone drops and there is nothing other than Google things build for it, then it will be a hard sell and an uphill battle to reach the general public.

 

Why Could It Succeed

Google are known for throwing ideas at the wall and seeing what sticks, so what makes this another egg at the wall and not the new best thing of 2017? I think a lot of it has to do with cost, flexibility and personable. The whole idea is to be able to swap out your modules whenever you want, which brings in the flexibility and the personalisation. Most phone contracts for the general public are 2 years, so when we see a new phone in the middle of this, all we can do is dribble. If they announce a new feature that can be added by a module, then you can get that upgrade then. This also means updates can come faster that rely on hardware. For example, if Apples iOS Force Touch just needs the newer hardware to run that feature, with this you could get told what modules you need to update to get that feature, then do it.

Speaking about another company, as said before they want to open the development of modules to other companies. This could be great to see what they build for the phone and what could be useful. Like the big hype is at the moment, you could have better fitness tracking or blood sugar reader for people with diabetes. The realms are limitless, only bound by how many custom modules you can fit on the phone. It would depend how much room the basic modules you need take up to then how many custom modules you want can get on the phone. The benefit of these being small, easy fit modules though, is they can all be in your pocket for an easy swap over. The phone would just be limited by the imagination of the companies making the modules and by the cost of them.

We would hope the modules don’t cost that much as you would probably want to buy a few at a time and get new ones frequently like apps. If these modules are expensive then people might think why not wait for the next best phone, which will have all the upgrades at once.

Buying the phone will be interesting as well, because you are going to be the creator of the phone. It would be cool if you can basically spec out your phones modules and then put a price to it. For example £200 for the basic phone then 5 X £50 for each module. If you wanted a cheaper phone, you could then either downgrade the modules or you could just get less modules. The flexibility of these devices and the pricing would bring smart phones to more people, while also spreading the rate of updating as well, if they do it right. I think these factors could make the project ARA a starting point for other manufactures to follow.

 

Why Would It Fail

Project ARA is so flexibly it is amazing, but do we really want it that flexibly. You and me will probably say hell yes, but a general public user which is the main stream manufacturers are trying to hit might not. Think about Microsoft App store, no one wants to build apps for them as no one really wants their phones. They have even had to Open Source and partner with companies like Xamarin to make it easier for developer to build for them.

Does the general user know about Camera or Speaker quality and specifications? No and they won’t want to learn about these technical things. You may also find that the sales people don’t know either. In university I applied to a phone shop sales job, told them I knew loads about the handsets and their OS, but was told you don’t really need to know them things, you just need to sell the phones. So how will they sell a phone and modules that they don’t even understand? I think it will be a hard sell to an average user unless it can be sold as a package. They just want a cool, fast phone with awesome gadgets.

Depending on that would then be interesting if the companies making the modules, or Google want to make modules, actually want to. If they can’t see potential of the average user buying their module, then why would they spend time and resource on the product?

 

Until It Begins

I think we will really have to wait and see how Google approaches this. If they can package it and sell it well to the general public, then the Open Market will be willing to put time and money to the project. If that all goes well then I see no reason why this could fail as it has what all people want, a flexible, personal and affordable phone. Either way I could see me getting this phone depending on the modules built and price.

 

Tell me what you think about Project ARA and how it will do when released?

 

SEO Tips to help you rank in all search engines

Below 10 SEO tips for both programmers and non techy people. Your knowledge doesn’t have to be great to get yourself seen by the top search engines. Most all SEO tips will work in the top search engines as all the search engines want to find you in the same way.

We will start with the non techy SEO tips first, then move on to what the developer can do. Firstly do remember no one can guarantee first page let alone first place. It is all up to the search engines algorithm and how you score on it.

//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

(adsbygoogle = window.adsbygoogle || []).push({});

Content
This is now the most important one that anyone can do. Search engines look at your content to see how relevant you are to what the user is searching. When you write your copy make sure it makes sense and is reinvent to you. Don’t write your copy for search engines, write it for your company. If you write it perfectly to describe what you can offer then you will get pick up on that. When developers say use keywords, they are the search terms you are trying to get searched on. So if I wanted to get searched on ‘developer’ then I would try to use that in most places, but in context and not over used. You can over do it and search engines could see that you are trying to flood your content with keywords.

Summary
Write good, relevant and in context content for yourself not for search engines, while trying to get as many keywords in as you can with out over doing it.

 

Meta data
This is a more developer thing, but you can make sure it is all in and the correct details are in. The main ones to get in are the Meta Title, Meta Description and Author. There are a few others plus you can get in a favicon. These detail won’t directly increase your ranking, but this information will show on the search results in search engines, and will give the user more information for when they are choosing a site to visit, which in turn will increase visits. If you have a WordPress or content management that allows you to edit these, then it will save you hiring a developer.

Summary
Make sure either you or your developer has all the relavent details in your meta data to display your information better on search engines and in turn improve your visit rate.

 

Social media
A big thing these days is getting on social media and rightfully you should be on there. If you share a post about your site, then that one person shares it with their friends and so on, then you have just reach a few 100 people. The other part to it is that when you are sharing you link then others share it, the link counts as a inbound link. The more inbound links you have going to your website from verified places the better. Although a link from Facebook may not be the most valued link, as so many people link from there, it counts as something, plus it can lead to more people sharing that link in Facebook and out.

Summary
Get on social media and start posting to your relavent users. If it’s for fun then go on twitter or Facebook. If you want to be a full fledged company then go on Facebook and LinkedIn. If you are any one then get on Google+ as that is where Google can get the most information about you and then rank you better.

 

News feeds
The main aim is to get people to your website and sharing your website, so a new feed, blog or keep upto date section on your site is a must. When you write posts, write them for the users reading them. If they are good enough then you will get people regularly coming back to read more posts which is good, and then if they share that post for others to read even better as that means more people coming in. The other reason for this is to keep your site active. If your website is a static website and nothing changes then for all the search engine knows, you have packed up. If they see you are constaintly updating your site and changing then they will come back to crawl your site for content.

Summary
Get a news feeds to interest users to return to your site and share it. Also so your website doesn’t become stagnant and keeps active.

 

//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

(adsbygoogle = window.adsbygoogle || []).push({});

Link building
Linking building takes time, but is worth it if you get the result. Like the sections above, you want to get your name out there, get it shared and then get more inbound links to your website. As I also said you will get some value from social media inbound links, but you will get better value for your chosen industry if you post on things like forums, get news site to post about you and generally get your link on industry websites. The less the person has to do with you, but is in your industry the better it will be. This is because it means people are linking to you without having to know you. These kind of links would be better value then things like social media and non industry websites.

Summary
Get you link posted by others on industry relavent websites, forums and blogs, as much as possible. If not that then as close to it, by you posting on other forums.

 

Let’s get techy now with some developer tools for SEO.

 

Attributes
Go through all your elements and make sure you have all the SEO friendly attributes in them. For example links should have ‘title’ attributes and images should have ‘alt’ tags. These will give the user and the search engines more information about them elements. Some new attributes as such are the Google Rich Text Snippts. This again won’t directly improve your website ranking, but it will give Google more information and shows more information in the search results. This will then entise the user more to click on your link.

Summary
Make sure your elements are displaying as much information for search engines and users to pick up on your website.

 

Element structure
Same as above it is to display as much information as possible to search engines to search on you. Some of the basic elements you should use are for the title a H1 tag. This then tells the search engine this is the most important title and therefore the title of the page, but don’t have to many. If you over load a page with them, search engines won’t know what is important and it could effect you negatively. The new elements you can use are the HTML5 elements like header, footer and nav. These are great for showing search engines the structure of the website. Research into which elements are industry standards to find out which to use, as with HTML5 you can use anything, but not everything is recognised by search engines.

Summary
Make sure you use the elements to direct the search engines to the right content, like H1 tags. Look at HTML5 elements to give more direction to your websites structure, but make sure they are search engine standard.

 

SEO tools
Use the resources that are at your disposal. There are hundreds tools to tell you errors, ranking and corrections. The best ones are below:

  • Google Analytics – See your websites rankings and who your audience is to better target them.
  • Google Webmaster – This tool can tell you if Google has had any crawling error and more, so you can make sure Google and other search engines are able to crawl you website.
  • W3C – This is like the web developers standards body and can check your HTML, CSS plus RSS feeds to make sure there is no errors.
  • IIS SEO – If your website is on a windows server and running IIS, then you can download this plug in for IIS. It will tell you for any website errors, duplicate content and some SEO advice as well.

 

Optermisation
Search engines want to give the user the best website with the best information. Therefore you need to have a fast website to get a better score with the search engines. Ways to accomplish this is to minify all your CSS and plugins that you won’t need to edit most of the time. Good code, by which I mean only using as much character/elements as needed and also on the server side of code make sure it is not bloated, so make more reusable functions. Another handy tool is Lazy.js, this JQuery plugin will make it so your images don’t load in until they are in view. This way on the first load it is not as heavy and the spreads the loading.

Summary
Make as much of your code smaller and image sizes smaller to speed up your website to get better scored by search engines. Read my previous post about coding to perfection for more detail.

 

//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

(adsbygoogle = window.adsbygoogle || []).push({});

Readable code
One thing to avoid is having to many images instead of text. It may look better, but search engines don’t know what your image is. The alt tag of an image will tell search engines what the image is, but they won’t see it as important. The best thing is to code as much or all of the images as possible, so search engines have more content to read you on. This will also reduce the loading speed as you have less images to load.

Summary
Make sure you give the search engines as much to search you on as possible, so reduce the amount of images you use.

These tips can improve your website for not just the search engine but also for the users on your website. So get these done as soon as possible.