I have a scenario where a customer wants to host an application I wrote on App Engine on his own Google Cloud tenant.
Given the customer is of course admin on his tenant, even though it seems that appcfg.py download_app is no longer supported / deprecated, it's still possible to download source code via Cloud Debugger or by directly accessing the Cloud Storage Buckets.
So the question is a) is there a way to prevent this (I guess no, not if the customer has admin access) or b) are there any suggestions / best practice approaches to this problem?
I don't believe you can totally prevent that from happening. I believe the best you can do is to remove the paths to the easy downloads.
When you run gcloud app deploy with the default settings, your source code will go to staging.<appid>.appspot.com. These files will stay there for a default of 15 days before being deleted unless you change the settings.
You can delete the contents from that staging bucket (or from whatever bucket you used for staging). This will prevent the admin from using gsutil cp command to download the files.
Even if you don't delete the files from staging bucket, the files there are listed with their encoded filenames so running gsutil cp command still requires a later lookup to figure out the corresponding human readable file names and also the folder path since the files are not stored using the directory structure in which you did the upload. This is a tedious effort unless you're using a tool. This blog article from us provides a detailed explanation of this scenario (bullets 1 - 3) and a tool for automated download from the staging bucket.
Even if you have deleted the files from the staging bucket, the person might still be able to go to ``` admin console > versions > view source and see the uploaded source code. To download, they would have to manually open each file, copy the contents and save it. That is a lot of work.