def ActivateCredentials(account, refresh_token):
"""Activates credentials for given account with given refresh token."""
creds = c_store.AcquireFromToken(refresh_token)
c_store.ActivateCredentials(account, creds)
return creds
def Run(self, args):
"""Create service account credentials."""
file_content, is_json = _IsJsonFile(args.key_file)
if is_json:
if _UseGoogleAuth():
cred = auth_service_account.CredentialsFromAdcDictGoogleAuth(
file_content)
else:
# TODO(b/161992086): Remove the flow of activating via oauth2client once
# this legacy auth lib is deprecated. Leave this option for now so that
# the users are able to fall back to the old flow of if any issues
# related to google-auth comes up. The users can do this by setting
# property auth/disable_activate_service_account_google_auth to True.
cred = auth_service_account.CredentialsFromAdcDict(
file_content)
if args.password_file or args.prompt_for_password:
raise c_exc.InvalidArgumentException(
'--password-file',
'A .json service account key does not require a password.')
account = cred.service_account_email
if args.account and args.account != account:
raise c_exc.InvalidArgumentException(
'ACCOUNT',
'The given account name does not match the account name in the key '
'file. This argument can be omitted when using .json keys.'
)
else:
account = args.account
if not account:
raise c_exc.RequiredArgumentException(
'ACCOUNT', 'An account is required when using .p12 keys')
password = None
if args.password_file:
try:
password = files.ReadFileContents(
args.password_file).strip()
except files.Error as e:
raise c_exc.UnknownArgumentException('--password-file', e)
elif args.prompt_for_password:
password = console_io.PromptPassword('Password: '******'Activated service account credentials for: [{0}]'.format(account))
def ActivateCredentials(account, refresh_token):
"""Activates credentials for given account with given refresh token."""
use_google_auth = (
not properties.VALUES.auth.disable_load_google_auth.GetBool())
creds = c_store.AcquireFromToken(refresh_token,
use_google_auth=use_google_auth)
c_store.ActivateCredentials(account, creds)
return creds
def Run(self, args):
"""Create service account credentials."""
try:
cred = auth_service_account.CredentialsFromAdcFile(args.key_file)
except auth_service_account.BadCredentialFileException:
account = args.account
if not account:
raise c_exc.RequiredArgumentException(
'ACCOUNT', 'An account is required when using .p12 keys')
password = None
if args.password_file:
try:
with open(args.password_file) as f:
password = f.read().strip()
except IOError as e:
raise c_exc.UnknownArgumentException('--password-file', e)
elif args.prompt_for_password:
password = getpass.getpass('Password: '******'--password-file',
'A .json service account key does not require a password.')
account = cred.service_account_email
if args.account and args.account != account:
raise c_exc.InvalidArgumentException(
'ACCOUNT',
'The given account name does not match the account name in the key '
'file. This argument can be omitted when using .json keys.'
)
try:
c_store.ActivateCredentials(account, cred)
except c_store.TokenRefreshError as e:
log.file_only_logger.exception(e)
raise auth_service_account.BadCredentialFileException(
'Failed to activate the given service account. '
'Please ensure provided key file is valid.')
project = args.project
if project:
properties.PersistProperty(properties.VALUES.core.project, project)
log.status.Print(
'Activated service account credentials for: [{0}]'.format(account))
def Run(self, args):
"""Create service account credentials."""
file_content, is_json = _IsJsonFile(args.key_file)
if is_json:
cred = auth_service_account.CredentialsFromAdcDictGoogleAuth(
file_content)
if args.password_file or args.prompt_for_password:
raise c_exc.InvalidArgumentException(
'--password-file',
'A .json service account key does not require a password.')
account = cred.service_account_email
if args.account and args.account != account:
raise c_exc.InvalidArgumentException(
'ACCOUNT',
'The given account name does not match the account name in the key '
'file. This argument can be omitted when using .json keys.'
)
else:
account = args.account
if not account:
raise c_exc.RequiredArgumentException(
'ACCOUNT', 'An account is required when using .p12 keys')
password = None
if args.password_file:
try:
password = files.ReadFileContents(
args.password_file).strip()
except files.Error as e:
raise c_exc.UnknownArgumentException('--password-file', e)
elif args.prompt_for_password:
password = console_io.PromptPassword('Password: '******'Activated service account credentials for: [{0}]'.format(account))
def __enter__(self):
self._orig_account = properties.VALUES.core.account.Get()
self._orig_project = properties.VALUES.core.project.Get()
self._orig_impersonate_service_account = (
properties.VALUES.auth.impersonate_service_account.Get())
user_creds = c_store.AcquireFromToken(self._refresh_token)
c_store.ActivateCredentials(self._account, user_creds)
if self._project_override:
properties.VALUES.core.project.Set(self._project_override)
properties.VALUES.auth.impersonate_service_account.Set(
self._service_account_email)
self._orig_impersonate_provider = c_store.IMPERSONATION_TOKEN_PROVIDER
c_store.IMPERSONATION_TOKEN_PROVIDER = (
iamcred_util.ImpersonationAccessTokenProvider())
return self
def __enter__(self):
self._orig_account = properties.VALUES.core.account.Get()
c_store.ActivateCredentials(self._account, self.credentials)
return self
