We would like to start using Google Cloud Storage as a persistent store for user-uploaded files. Unfortunately, I can't add the App Identity (application-id@appspot.gserviceaccount.com) to our "Team" because our team is based on Google Apps for domains, and it does not allow any email addresses that are not on our domain to be on the team.
Is there a recommended way to authenticate the App Engine instance in this case?
For using the Google Cloud Storage you can go through this link https://developers.google.com/storage/ and then create the new account then use.
You can also work around this by using GSUtil to explicitly grant write access to the bucket you created so that your service account "application-id@appspot.gserviceaccount.com" have sufficient access to the bucket. By default, your bucket can't be accessed by others.
What you will need to do with GSUtil to modify your ACL on the bucket is this:
Make changes to acl.txt such as adding an additional grant for user "application-id@appspot.gserviceaccount.com" to have write access of the bucket, see ACL doc. on how to do this: http://code.google.com/apis/storage/docs/accesscontrol.html#applyacls Specifically, it might look something like this to add to the acl.txt you downloaded:
Update ACL on the bucket: gsutil setacl acl.txt gs://yourbucket
Hope this helps!
Create a new team using a gmail account. Add all your team members (including the app), and delete the gmail account from the team.
Yes, it's a horrid hack. Sorry about that.