Beispiel #1
0
    def Run(self, args):
        """Run the authentication command."""

        if c_gce.Metadata().connected:
            message = textwrap.dedent("""
          You are running on a Google Compute Engine virtual machine.
          The service credentials associated with this virtual machine
          will automatically be used by Application Default
          Credentials, so it is not necessary to use this command.

          If you decide to proceed anyway, your user credentials may be visible
          to others with access to this virtual machine. Are you sure you want
          to authenticate with your personal account?
          """)
            console_io.PromptContinue(message=message,
                                      throw_if_unattended=True,
                                      cancel_on_no=True)

        override_file = auth_util.AdcEnvVariable()
        if override_file:
            message = textwrap.dedent("""
          The environment variable [{envvar}] is set to:
            [{override_file}]
          Credentials will still be generated to the default location:
            [{default_file}]
          To use these credentials, unset this environment variable before
          running your application.
          """.format(envvar=client.GOOGLE_APPLICATION_CREDENTIALS,
                     override_file=override_file,
                     default_file=auth_util.ADCFilePath()))
            console_io.PromptContinue(message=message,
                                      throw_if_unattended=True,
                                      cancel_on_no=True)

        scopes = args.scopes or auth_util.DEFAULT_SCOPES
        launch_browser = check_browser.ShouldLaunchBrowser(args.launch_browser)
        if args.client_id_file:
            creds = auth_util.DoInstalledAppBrowserFlow(
                launch_browser=launch_browser,
                scopes=scopes,
                client_id_file=args.client_id_file)
        else:
            creds = auth_util.DoInstalledAppBrowserFlow(
                launch_browser=launch_browser,
                scopes=scopes,
                client_id=auth_util.DEFAULT_CREDENTIALS_DEFAULT_CLIENT_ID,
                client_secret=auth_util.
                DEFAULT_CREDENTIALS_DEFAULT_CLIENT_SECRET)

        full_path = auth_util.SaveCredentialsAsADC(creds)
        log.status.Print(
            '\nCredentials saved to file: [{f}]'.format(f=full_path))
        log.status.Print(
            '\n'
            'These credentials will be used by any library that requests\n'
            'Application Default Credentials.\n'
            '\n'
            'To generate an access token for other uses, run:\n'
            '  gcloud auth application-default print-access-token')
        return creds
Beispiel #2
0
  def Run(self, args):
    """Revoke Application Default Credentials."""

    cred_file = auth_util.ADCFilePath()
    if not os.path.isfile(cred_file):
      raise c_exc.BadFileException(
          'Application Default Credentials have not been set up, nothing was '
          'revoked.')

    creds = client.GoogleCredentials.from_stream(cred_file)
    if creds.serialization_data['type'] != 'authorized_user':
      raise c_exc.BadFileException(
          'The given credential file is a service account credential, and '
          'cannot be revoked.')

    console_io.PromptContinue(
        'You are about to revoke the credentials stored in: [{file}]'
        .format(file=cred_file),
        throw_if_unattended=True, cancel_on_no=True)

    c_store.RevokeCredentials(creds)
    os.remove(cred_file)
    log.status.Print('Credentials revoked.')