def _stub(args): target = '{}:{}'.format(args.server_host, args.server_port) if args.test_case == 'oauth2_auth_token': google_credentials, unused_project_id = google_auth.default( scopes=[args.oauth_scope]) google_credentials.refresh(google_auth.transport.requests.Request()) call_credentials = grpc.access_token_call_credentials( google_credentials.token) elif args.test_case == 'compute_engine_creds': google_credentials, unused_project_id = google_auth.default( scopes=[args.oauth_scope]) call_credentials = grpc.metadata_call_credentials( google_auth.transport.grpc.AuthMetadataPlugin( credentials=google_credentials, request=google_auth.transport.requests.Request())) elif args.test_case == 'jwt_token_creds': google_credentials = google_auth_jwt.OnDemandCredentials.from_service_account_file( os.environ[google_auth.environment_vars.CREDENTIALS]) call_credentials = grpc.metadata_call_credentials( google_auth.transport.grpc.AuthMetadataPlugin( credentials=google_credentials, request=None)) else: call_credentials = None if args.use_tls: if args.use_test_ca: root_certificates = resources.test_root_certificates() else: root_certificates = None # will load default roots. channel_credentials = grpc.ssl_channel_credentials(root_certificates) if call_credentials is not None: channel_credentials = grpc.composite_channel_credentials( channel_credentials, call_credentials) channel_opts = None if args.server_host_override: channel_opts = (( 'grpc.ssl_target_name_override', args.server_host_override, ),) channel = grpc.secure_channel(target, channel_credentials, channel_opts) else: channel = grpc.insecure_channel(target) if args.test_case == "unimplemented_service": return test_pb2_grpc.UnimplementedServiceStub(channel) else: return test_pb2_grpc.TestServiceStub(channel)
def get_conn(self): base_url = self.conn.host if self.conn.port: base_url = base_url + ":" + str(self.conn.port) auth_type = self._get_field("auth_type") if auth_type == "NO_AUTH": channel = grpc.insecure_channel(base_url) elif auth_type == "SSL" or auth_type == "TLS": credential_file_name = self._get_field("credential_pem_file") creds = grpc.ssl_channel_credentials(open(credential_file_name).read()) channel = grpc.secure_channel(base_url, creds) elif auth_type == "JWT_GOOGLE": credentials, _ = google_auth.default() jwt_creds = google_auth_jwt.OnDemandCredentials.from_signing_credentials( credentials) channel = google_auth_transport_grpc.secure_authorized_channel( jwt_creds, None, base_url) elif auth_type == "OATH_GOOGLE": scopes = self._get_field("scopes").split(",") credentials, _ = google_auth.default(scopes=scopes) request = google_auth_transport_requests.Request() channel = google_auth_transport_grpc.secure_authorized_channel( credentials, request, base_url) elif auth_type == "CUSTOM": if not self.custom_connection_func: raise AirflowConfigException( "Customized connection function not set, not able to establish a channel") channel = self.custom_connection_func(self.conn) else: raise AirflowConfigException( "auth_type not supported or not provided, channel cannot be established,\ given value: %s" % str(auth_type)) if self.interceptors: for interceptor in self.interceptors: channel = grpc.intercept_channel(channel, interceptor) return channel
def _per_rpc_creds(stub, args): json_key_filename = os.environ[google_auth_environment_vars.CREDENTIALS] wanted_email = json.load(open(json_key_filename, 'rb'))['client_email'] google_credentials, unused_project_id = google_auth.default( scopes=[args.oauth_scope]) call_credentials = grpc.metadata_call_credentials( google_auth_transport_grpc.AuthMetadataPlugin( credentials=google_credentials, request=google_auth_transport_requests.Request())) response = _large_unary_common_behavior(stub, True, False, call_credentials) if wanted_email != response.username: raise ValueError('expected username %s, got %s' % (wanted_email, response.username))
def __init__( self, *, host: str = "dialogflow.googleapis.com", credentials: credentials.Credentials = None, credentials_file: Optional[str] = None, scopes: Optional[Sequence[str]] = None, channel: aio.Channel = None, api_mtls_endpoint: str = None, client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, ssl_channel_credentials: grpc.ChannelCredentials = None, quota_project_id=None, client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, ) -> None: """Instantiate the transport. Args: host (Optional[str]): The hostname to connect to. credentials (Optional[google.auth.credentials.Credentials]): The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. This argument is ignored if ``channel`` is provided. credentials_file (Optional[str]): A file with credentials that can be loaded with :func:`google.auth.load_credentials_from_file`. This argument is ignored if ``channel`` is provided. scopes (Optional[Sequence[str]]): A optional list of scopes needed for this service. These are only used when credentials are not specified and are passed to :func:`google.auth.default`. channel (Optional[aio.Channel]): A ``Channel`` instance through which to make calls. api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. If provided, it overrides the ``host`` argument and tries to create a mutual TLS channel with client SSL credentials from ``client_cert_source`` or applicatin default SSL credentials. client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): Deprecated. A callback to provide client SSL certificate bytes and private key bytes, both in PEM format. It is ignored if ``api_mtls_endpoint`` is None. ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials for grpc channel. It is ignored if ``channel`` is provided. quota_project_id (Optional[str]): An optional project to use for billing and quota. client_info (google.api_core.gapic_v1.client_info.ClientInfo): The client info used to send a user-agent string along with API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. Raises: google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport creation failed for any reason. google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` and ``credentials_file`` are passed. """ self._ssl_channel_credentials = ssl_channel_credentials if channel: # Sanity check: Ensure that channel and credentials are not both # provided. credentials = False # If a channel was explicitly provided, set it. self._grpc_channel = channel self._ssl_channel_credentials = None elif api_mtls_endpoint: warnings.warn( "api_mtls_endpoint and client_cert_source are deprecated", DeprecationWarning, ) host = ( api_mtls_endpoint if ":" in api_mtls_endpoint else api_mtls_endpoint + ":443" ) if credentials is None: credentials, _ = auth.default( scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id ) # Create SSL credentials with client_cert_source or application # default SSL credentials. if client_cert_source: cert, key = client_cert_source() ssl_credentials = grpc.ssl_channel_credentials( certificate_chain=cert, private_key=key ) else: ssl_credentials = SslCredentials().ssl_credentials # create a new channel. The provided one is ignored. self._grpc_channel = type(self).create_channel( host, credentials=credentials, credentials_file=credentials_file, ssl_credentials=ssl_credentials, scopes=scopes or self.AUTH_SCOPES, quota_project_id=quota_project_id, ) self._ssl_channel_credentials = ssl_credentials else: host = host if ":" in host else host + ":443" if credentials is None: credentials, _ = auth.default( scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id ) # create a new channel. The provided one is ignored. self._grpc_channel = type(self).create_channel( host, credentials=credentials, credentials_file=credentials_file, ssl_credentials=ssl_channel_credentials, scopes=scopes or self.AUTH_SCOPES, quota_project_id=quota_project_id, ) # Run the base constructor. super().__init__( host=host, credentials=credentials, credentials_file=credentials_file, scopes=scopes or self.AUTH_SCOPES, quota_project_id=quota_project_id, client_info=client_info, ) self._stubs = {}
def __init__(self, options): super().__init__() self.ssl_context = get_ssl_context( options.backend_options.get('ssl-ca-path', None)) # type: Optional[ssl.Context] self.options = options.backend_options # type: Dict[str, str] self.proxy = get_proxy(ssl=True) # type: str self.login = options.backend_login # type: str self.refresh_token = options.backend_password # type: str if self.login == 'adc': if g_auth is None: raise QuietError('ADC authentification requires the google.auth module') elif self.adc is None: requestor = GAuthHTTPRequestor(self.ssl_context) try: credentials, _ = g_auth.default( request=requestor, scopes=['https://www.googleapis.com/auth/devstorage.full_control']) except g_auth.exceptions.DefaultCredentialsError as exc: raise QuietError('ADC found no valid credential sources: ' + str(exc)) type(self).adc = (credentials, requestor) elif self.login != 'oauth2': raise QuietError("Google Storage backend requires OAuth2 or ADC authentication") # Special case for unit testing against local mock server hit = re.match(r'^gs://!unittest!' r'([^/:]+)' # Hostname r':([0-9]+)' # Port r'/([^/]+)' # Bucketname r'(?:/(.*))?$', # Prefix options.storage_url) if hit: self.hostname = hit.group(1) self.port = int(hit.group(2)) self.bucket_name = hit.group(3) self.prefix = hit.group(4) or '' else: hit = re.match(r'^gs://([^/]+)(?:/(.*))?$', options.storage_url) if not hit: raise QuietError('Invalid storage URL', exitcode=2) self.bucket_name = hit.group(1) self.hostname = 'www.googleapis.com' self.prefix = hit.group(2) or '' self.port = 443 self.conn = self._get_conn() # Check if bucket exists and/or credentials are correct path = '/storage/v1/b/' + urllib.parse.quote(self.bucket_name, safe='') try: resp = self._do_request('GET', path) except RequestError as exc: if exc.code == 404: raise DanglingStorageURLError("Bucket '%s' does not exist" % self.bucket_name) exc = _map_request_error(exc, None) if exc: raise exc raise self._parse_json_response(resp)
def __init__(self, *, host: str = "datacatalog.googleapis.com", credentials: credentials.Credentials = None, credentials_file: str = None, scopes: Sequence[str] = None, channel: grpc.Channel = None, api_mtls_endpoint: str = None, client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id: Optional[str] = None) -> None: """Instantiate the transport. Args: host (Optional[str]): The hostname to connect to. credentials (Optional[google.auth.credentials.Credentials]): The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. This argument is ignored if ``channel`` is provided. credentials_file (Optional[str]): A file with credentials that can be loaded with :func:`google.auth.load_credentials_from_file`. This argument is ignored if ``channel`` is provided. scopes (Optional(Sequence[str])): A list of scopes. This argument is ignored if ``channel`` is provided. channel (Optional[grpc.Channel]): A ``Channel`` instance through which to make calls. api_mtls_endpoint (Optional[str]): The mutual TLS endpoint. If provided, it overrides the ``host`` argument and tries to create a mutual TLS channel with client SSL credentials from ``client_cert_source`` or applicatin default SSL credentials. client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): A callback to provide client SSL certificate bytes and private key bytes, both in PEM format. It is ignored if ``api_mtls_endpoint`` is None. quota_project_id (Optional[str]): An optional project to use for billing and quota. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport creation failed for any reason. google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` and ``credentials_file`` are passed. """ if channel: # Sanity check: Ensure that channel and credentials are not both # provided. credentials = False # If a channel was explicitly provided, set it. self._grpc_channel = channel elif api_mtls_endpoint: host = (api_mtls_endpoint if ":" in api_mtls_endpoint else api_mtls_endpoint + ":443") if credentials is None: credentials, _ = auth.default( scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id) # Create SSL credentials with client_cert_source or application # default SSL credentials. if client_cert_source: cert, key = client_cert_source() ssl_credentials = grpc.ssl_channel_credentials( certificate_chain=cert, private_key=key) else: ssl_credentials = SslCredentials().ssl_credentials # create a new channel. The provided one is ignored. self._grpc_channel = type(self).create_channel( host, credentials=credentials, credentials_file=credentials_file, ssl_credentials=ssl_credentials, scopes=scopes or self.AUTH_SCOPES, quota_project_id=quota_project_id, ) self._stubs = {} # type: Dict[str, Callable] # Run the base constructor. super().__init__( host=host, credentials=credentials, credentials_file=credentials_file, scopes=scopes or self.AUTH_SCOPES, quota_project_id=quota_project_id, )
from google import auth as google_auth from google.protobuf import json_format from google.api_core import exceptions from google.api_core import client_options from google.cloud import aiplatform from google.cloud import storage from google.cloud.aiplatform import utils from google.cloud.aiplatform import initializer from google.cloud.aiplatform_v1beta1.types import dataset as gca_dataset from google.cloud.aiplatform_v1beta1.services import dataset_service from test_utils.vpcsc_config import vpcsc_config # TODO(vinnys): Replace with env var `BUILD_SPECIFIC_GCP_PROJECT` once supported _, _TEST_PROJECT = google_auth.default() TEST_BUCKET = os.environ.get("GCLOUD_TEST_SAMPLES_BUCKET", "cloud-samples-data-us-central1") _TEST_LOCATION = "us-central1" _TEST_PARENT = f"projects/{_TEST_PROJECT}/locations/{_TEST_LOCATION}" _TEST_API_ENDPOINT = f"{_TEST_LOCATION}-aiplatform.googleapis.com" _TEST_IMAGE_DATASET_ID = "1084241610289446912" # permanent_50_flowers_dataset _TEST_TEXT_DATASET_ID = ( "6203215905493614592" # permanent_text_entity_extraction_dataset ) _TEST_DATASET_DISPLAY_NAME = "permanent_50_flowers_dataset" _TEST_TABULAR_CLASSIFICATION_GCS_SOURCE = "gs://ucaip-sample-resources/iris_1000.csv" _TEST_TEXT_ENTITY_EXTRACTION_GCS_SOURCE = f"gs://{TEST_BUCKET}/ai-platform-unified/sdk/datasets/text_entity_extraction_dataset.jsonl" _TEST_IMAGE_OBJECT_DETECTION_GCS_SOURCE = ( "gs://ucaip-test-us-central1/dataset/salads_oid_ml_use_public_unassigned.jsonl"
# See the License for the specific language governing permissions and # limitations under the License. """Provides translate_text functionality from Google Cloud Translate.""" from __future__ import absolute_import from __future__ import unicode_literals from constants import constants # To use cloud translate in a local dev environment, use # cloud_translate_emulator. from google import auth from google.cloud import translate_v2 as translate CLIENT = translate.Client(credentials=(auth.credentials.AnonymousCredentials( ) if constants.EMULATOR_MODE else auth.default()[0])) # List of languages with adequate Google Translate accuracy. LANGUAGE_CODE_ALLOWLIST = ('en', 'es', 'fr', 'zh', 'pt') def translate_text(text: str, source_language: str, target_language: str) -> str: """Translates text into the target language. This method uses ISO 639-1 compliant language codes to specify languages. To learn more about ISO 639-1, see: https://www.w3schools.com/tags/ref_language_codes.asp Args: text: str. The text to be translated. If text contains html tags, Cloud
def _connect_google_default(self): credentials, project = gauth.default(scopes=[self.scope]) self.project = project self.session = AuthorizedSession(credentials)
def __init__( self, **kwargs, ): if 'client_info' in kwargs: client_info = kwargs['client_info'] del kwargs['client_info'] else: client_info = DEFAULT_CLIENT_INFO if 'quota_project_id' in kwargs: quota_project_id = kwargs['quota_project_id'] del kwargs['quota_project_id'] else: quota_project_id = None if 'scopes' in kwargs: scopes = kwargs['scopes'] del kwargs['scopes'] else: scopes = AUTH_SCOPES if 'credentials_file' in kwargs: credentials_file = kwargs['credentials_file'] del kwargs['credentials_file'] else: credentials_file = None if 'credentials' in kwargs: credentials = kwargs['credentials'] del kwargs['credentials'] else: credentials = None if 'host' in kwargs: host = kwargs['host'] del kwargs['host'] else: host = "spanner.googleapis.com" """Instantiate the transport. Args: host (Optional[str]): The hostname to connect to. credentials (Optional[google.auth.credentials.Credentials]): The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. credentials_file (Optional[str]): A file with credentials that can be loaded with :func:`google.auth.load_credentials_from_file`. This argument is mutually exclusive with credentials. scope (Optional[Sequence[str]]): A list of scopes. quota_project_id (Optional[str]): An optional project to use for billing and quota. client_info (google.api_core.gapic_v1.client_info.ClientInfo): The client info used to send a user-agent string along with API requests. If ``None``, then default info will be used. Generally, you only need to set this if you're developing your own client library. """ # Save the hostname. Default to port 443 (HTTPS) if none is specified. if ":" not in host: host += ":443" self._host = host # If no credentials are provided, then determine the appropriate # defaults. if credentials and credentials_file: raise exceptions.DuplicateCredentialArgs( "'credentials_file' and 'credentials' are mutually exclusive") if credentials_file is not None: credentials, _ = auth.load_credentials_from_file( credentials_file, scopes=scopes, quota_project_id=quota_project_id) elif credentials is None: credentials, _ = auth.default(scopes=scopes, quota_project_id=quota_project_id) # Save the credentials. self._credentials = credentials # Lifted into its own function so it can be stubbed out during tests. self._prep_wrapped_messages(client_info)
from starlette.requests import HTTPConnection, Request from starlette.responses import HTMLResponse, JSONResponse, PlainTextResponse, RedirectResponse, Response from starlette.routing import BaseRoute, Route STATIC_BUCKET_NAME: Final[str] = os.getenv('STATIC_BUCKET_NAME') or sys.exit( 'You MUST set STATIC_BUCKET_NAME environment variable.') PACKAGES_BUCKET_NAME: Final[str] = os.getenv( 'PACKAGES_BUCKET_NAME') or sys.exit( 'You MUST set PACKAGES_BUCKET_NAME environment variable.') TOKEN_NAME: Final[str] = os.getenv('TOKEN_NAME') or sys.exit( 'You MUST set TOKEN_NAME environment variable (ex. "projects/123/secrets/pypi-token/versions/1").' ) EXPIRES_MINUTES: Final[int] = 30 auth_request: TransportRequest = TransportRequest() credentials, project = default() storage_client: Client = Client(project, credentials) STATIC_BUCKET: Final[Bucket] = storage_client.lookup_bucket( STATIC_BUCKET_NAME) or sys.exit('Static website bucket was not found') PACKAGES_BUCKET: Final[Bucket] = storage_client.lookup_bucket( PACKAGES_BUCKET_NAME) or sys.exit('Packages bucket was not found') SIGNING_CREDENTIALS: Final[Credentials] = compute_engine.IDTokenCredentials( auth_request, '', service_account_email=credentials.service_account_email) HEADERS: Final[Dict[str, str]] = { 'WWW-Authenticate': 'Basic realm="Restricted Area"', } NOT_FOUND_RESPONSE: Final[Response] = JSONResponse({ 'code': int(HTTPStatus.NOT_FOUND),
def get_project_id(): """Return current project_id.""" _, project_id = auth.default() return project_id
import json import logging from constants import constants import feconf from google import auth from google.api_core import retry from google.cloud import tasks_v2 from google.protobuf import timestamp_pb2 from typing import Any, Dict, Optional CLIENT = tasks_v2.CloudTasksClient( credentials=(auth.credentials.AnonymousCredentials() if constants. EMULATOR_MODE else auth.default()[0])) # In the type annotation below, payload is of type Dict[str, Any] because # the payload here has no constraints. def create_http_task(queue_name: str, url: str, payload: Optional[Dict[str, Any]] = None, scheduled_for: Optional[datetime.datetime] = None, task_name: Optional[str] = None) -> tasks_v2.types.Task: """Creates an http task with the correct http headers/payload and sends that task to the Cloud Tasks API. An http task is an asynchronous task that consists of a post request to a specified url with the specified payload. The post request will be made by the Cloud Tasks Cloud Service when the `scheduled_for` time is reached.
from google.cloud.speech.v1.cloud_speech_pb2 import * from google.cloud.speech.v1.cloud_speech_pb2_grpc import * from google import auth as google_auth from google.oauth2 import service_account as google_oauth2_service_account from google.auth.transport import grpc as google_auth_transport_grpc from google.auth.transport import requests as google_auth_transport_requests SCOPES = ['https://www.googleapis.com/auth/cloud-platform'] SERVICE = 'speech.googleapis.com:443' # We will need credentials to call the service. The default approach # requires setting the GOOGLE_APPLICATION_CREDENTIALS environment variable. scoped_credentials, project = google_auth.default (scopes = SCOPES) # Alternative approach where file is specified directly. # credentials = google_oauth2_service_account.Credentials.from_service_account_file ('account.json') # scoped_credentials = credentials.with_scopes (SCOPES) # The request object represents an HTTP transport layer used to renew tokens. request = google_auth_transport_requests.Request () # Just create a channel, the request object could also be None if token renewal is not needed. with google_auth_transport_grpc.secure_authorized_channel (scoped_credentials, request, SERVICE) as channel: # Create a stub object that provides the service interface. stub = SpeechStub (channel) # Encoding and sample rate are only needed for RAW files.
import os import json import uuid from google.cloud import tasks_v2 from google import auth _, PROJECT_ID = auth.default() TASKS_CLIENT = tasks_v2.CloudTasksClient() TABLES = [ {"resource": "Workflow", "table": "Workflows"}, {"resource": "Workflow", "table": "Jobs"}, {"resource": "Wework", "table": "ProjectDetails"}, ] CLOUD_TASKS_PATH = (PROJECT_ID, "us-central1", "basevn") PARENT = TASKS_CLIENT.queue_path(*CLOUD_TASKS_PATH) def create_tasks() -> dict: payloads = [ { "name": f"{table['resource']}-{table['table']}-{uuid.uuid4()}", "payload": { "resource": table["resource"], "table": table["table"], }, } for table in TABLES ]
from google.oauth2 import service_account from google.auth.transport.requests import AuthorizedSession from google.auth import default # Create credentials CREDENTIALS, PROJECT = default() # The storage api scopes and auth url SCOPES = [ "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/cloud-platform.read-only", "https://www.googleapis.com/auth/devstorage.full_control", "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/devstorage.read_write" ] AUTH_URL = f'https://storage.googleapis.com/storage/v1/b/{PROJECT}/o'
def __init__(self, creds): self.client = storage.Client( credentials=auth.default(scopes=creds.get_scopes())[0], project=creds.get_project_id()) self.bucket = self.client.get_bucket(creds.get_bucket_name())
"""Author: Sameer Kesava""" from google import auth #for authorization import os import time import dialogflow #Google Natural Language Processing API json_file = input('Enter path to the json credentials file: ') #Authorization to login to the project chosen during gcloud init os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = json_file credentials, project = auth.default() #Creating a session using the credentials session_client = dialogflow.SessionsClient(credentials=credentials) session_ID = input('Enter a name for session id: ') #Final step setting up a session session = session_client.session_path(project, session_ID) #Audio Streaming # Importing module recording, requires installation of sounddevice from GCP_Dobot_modules.recording_sounddevice import record_stream # Parameters for recording CHUNK = 1024 FORMAT = 'int16' CHANNELS = 1 RATE = 16000