I have a react.js app that is running as the default service in my appengine. What would be the best approach to make a second version that is only accessible to a specific IP or user to test new features?
I was searching about making a traffic split with cookies but I don't understand if I can filter all users that have the cookie to a certain version or not or if I should create a different service or not. Any suggestions?
CodePudding user response:
Option 1 (easiest) - Create a new app (new AppId) just for testing and then use Firewall settings to control access.
E.g. Let's say your appid is
new-react-app
. You can create a new App callednew-react-app-test
and after deploying it, you navigate to https://console.cloud.google.com > Serverless > App Engine > Firewall Rules.Then you create a firewall for the specific IP you want to give access and specify an action of 'allow'. Then you change the existing default rule from allow to deny. What you have essentially done is to say - if incoming IP is the one I specified, allow access else deny access.
Option 2 - Stick with just 1 AppId but create a different version.
In this new version, add
login:required
to yourapp.yaml
. This will force every visitor to login. Then add code to extract the logged-in user email. If it isn't the email you want, you give a 403 or 404 error. To find the logged in user, look for the HTTP header -X-Appengine-User-Email
Using the previous example,
a) your default service/version will be available at https://new-react-app.appspot.com
b) Deploy your new version (assume you call the version 'test') using the following command
gcloud app deploy app.yaml --version=test --no-promote
*test is your version name
*no-promote tells Google not to migrate all the traffic from the existing running version to this new version
c) your test version will now be available at https://test-dot-new-react-app.appspot.com/
d) Everyone can visit https://new-react-app.appspot.com and they will be given access but if they visit https://test-dot-new-react-app.appspot.com/, they'll be asked to login and only the email you have authorized will be allowed to go through