def _get_transfer_service_account():
        credentials = default_credentials()
        credentials = with_scopes(credentials, scopes=['https://www.googleapis.com/auth/cloud-platform'])
        service = discovery.build('storagetransfer', 'v1', cache_discovery=False, credentials=credentials)

        request = service.googleServiceAccounts().get(projectId=GCP_PROJECT_ID)
        return request.execute()
Ejemplo n.º 2
0
def latest_successful_build(image_id):
    """Given an image URI get the most recent green cloudbuild."""

    credentials = _auth.default_credentials()

    uri_prefix = image_id.split(":")[0]

    project_id = uri_prefix.split("/")[1]
    cloudbuild = googleapiclient.discovery.build('cloudbuild',
                                                 'v1',
                                                 credentials=credentials,
                                                 cache_discovery=False)
    builds = cloudbuild.projects().builds().list(
        projectId=project_id).execute()

    latest_time = None
    latest = None

    for build in builds["builds"]:
        if build["status"] == "SUCCESS":
            images = build["images"]
            if len(images) == 1:
                if images[0].startswith(uri_prefix):
                    finish_time = dateutil.parser.parse(build["finishTime"])
                    if not latest:
                        latest_time = finish_time
                    if finish_time >= latest_time:
                        latest = images[0]
                        latest_time = finish_time

    if latest:
        logging.info("Found a latest successful build: {}".format(latest))

    return latest
    def _get_transfer_service_account():
        credentials = default_credentials()
        credentials = with_scopes(credentials, scopes=['https://www.googleapis.com/auth/cloud-platform'])
        service = discovery.build('storagetransfer', 'v1', cache_discovery=False, credentials=credentials)

        request = service.googleServiceAccounts().get(projectId=GCP_PROJECT_ID)
        return request.execute()
Ejemplo n.º 4
0
    def test_default_credentials_with_quota_project(self):
        with mock.patch("google.auth.default", autospec=True) as default:
            default.return_value = (mock.sentinel.credentials, mock.sentinel.project)
            credentials = _auth.default_credentials(quota_project_id="my-project")

            default.assert_called_once_with(scopes=None, quota_project_id="my-project")
            self.assertEqual(credentials, mock.sentinel.credentials)
Ejemplo n.º 5
0
    def test_default_credentials(self):
        with mock.patch("google.auth.default", autospec=True) as default:
            default.return_value = (mock.sentinel.credentials, mock.sentinel.project)

            credentials = _auth.default_credentials()

            self.assertEqual(credentials, mock.sentinel.credentials)
    def test_default_credentials(self):
        with mock.patch('google.auth.default', autospec=True) as default:
            default.return_value = (
                mock.sentinel.credentials, mock.sentinel.project)

            credentials = _auth.default_credentials()

            self.assertEqual(credentials, mock.sentinel.credentials)
    def test_default_credentials(self):
        default_patch = mock.patch(
            'oauth2client.client.GoogleCredentials.get_application_default')

        with default_patch as default:
            default.return_value = mock.sentinel.credentials

            credentials = _auth.default_credentials()

            self.assertEqual(credentials, mock.sentinel.credentials)
    def test_default_credentials(self):
        default_patch = mock.patch(
            "oauth2client.client.GoogleCredentials.get_application_default")

        with default_patch as default:
            default.return_value = mock.sentinel.credentials

            credentials = _auth.default_credentials()

            self.assertEqual(credentials, mock.sentinel.credentials)
 def __init__(self):
     # If credentials is None use Default credentials --> gcloud auth list
     if os.getenv("GCLOUD_DEFAULT_CREDENTIALS") != "False":
         print("Default credential: %s" %
               _auth.default_credentials().__dict__)
         self.compute = googleapiclient.discovery.build('compute',
                                                        'v1',
                                                        credentials=None)
     else:
         credentials = service_account.Credentials.from_service_account_file(
             os.getenv("GCLOUD_SA_FILE"))
         print("Default credential: %s" % credentials.__dict__)
         self.compute = googleapiclient.discovery.build(
             'compute', 'v1', credentials=credentials)
Ejemplo n.º 10
0
def build_from_document(
    service,
    base=None,
    future=None,
    http=None,
    developerKey=None,
    model=None,
    requestBuilder=HttpRequest,
    credentials=None
):
    """Create a Resource for interacting with an API.

  Same as `build()`, but constructs the Resource object from a discovery
  document that is it given, as opposed to retrieving one over HTTP.

  Args:
    service: string or object, the JSON discovery document describing the API.
      The value passed in may either be the JSON string or the deserialized
      JSON.
    base: string, base URI for all HTTP requests, usually the discovery URI.
      This parameter is no longer used as rootUrl and servicePath are included
      within the discovery document. (deprecated)
    future: string, discovery document with future capabilities (deprecated).
    http: httplib2.Http, An instance of httplib2.Http or something that acts
      like it that HTTP requests will be made through.
    developerKey: string, Key for controlling API usage, generated
      from the API Console.
    model: Model class instance that serializes and de-serializes requests and
      responses.
    requestBuilder: Takes an http request and packages it up to be executed.
    credentials: oauth2client.Credentials or
      google.auth.credentials.Credentials, credentials to be used for
      authentication.

  Returns:
    A Resource object with methods for interacting with the service.
  """

    if http is not None and credentials is not None:
        raise ValueError('Arguments http and credentials are mutually exclusive.')

    if isinstance(service, six.string_types):
        service = json.loads(service)

    if 'rootUrl' not in service and (isinstance(http, (HttpMock, HttpMockSequence))):
        logger.error(
            "You are using HttpMock or HttpMockSequence without" +
            "having the service discovery doc in cache. Try calling " +
            "build() without mocking once first to populate the " + "cache."
        )
        raise InvalidJsonError()

    base = urljoin(service['rootUrl'], service['servicePath'])
    schema = Schemas(service)

    # If the http client is not specified, then we must construct an http client
    # to make requests. If the service has scopes, then we also need to setup
    # authentication.
    if http is None:
        # Does the service require scopes?
        scopes = list(service.get('auth', {}).get('oauth2', {}).get('scopes', {}).keys())

        # If so, then the we need to setup authentication if no developerKey is
        # specified.
        if scopes and not developerKey:
            # If the user didn't pass in credentials, attempt to acquire application
            # default credentials.
            if credentials is None:
                credentials = _auth.default_credentials()

            # The credentials need to be scoped.
            credentials = _auth.with_scopes(credentials, scopes)

            # Create an authorized http instance
            http = _auth.authorized_http(credentials)

        # If the service doesn't require scopes then there is no need for
        # authentication.
        else:
            http = build_http()

    if model is None:
        features = service.get('features', [])
        model = JsonModel('dataWrapper' in features)

    return Resource(
        http=http,
        baseUrl=base,
        model=model,
        developerKey=developerKey,
        requestBuilder=requestBuilder,
        resourceDesc=service,
        rootDesc=service,
        schema=schema
    )
Ejemplo n.º 11
0
from googleapiclient import _auth

print(_auth.default_credentials())
Ejemplo n.º 12
0
@scenario('features/vm.feature', 'Validate GCE Instance')
def test_validate():
    """
    Validate GCE functional test
    :return:
    """
    pass


VIRTUAL_MACHINE_DEF = None

# Build and Initialize the API
os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = '{0}/{1}'.format(os.environ['PWD'],
                                                                '/credentials/anz-challenge.json')
COMPUTE = discovery.build('compute', 'v1', credentials=_auth.default_credentials())


def get_instance_specs(project, zone):
    """
    Fetch the GCE instance specifications
    :param project: GCP project name
    :param zone: GCP availability zone
    :return: list of instances from the specified project and zone
    """
    result = COMPUTE.instances().list(project=project, zone=zone).execute()
    return result['items'] if 'items' in result else None


def isgoodipv4(ip_addr):
    """
 def test_default_credentials(self):
     with self.assertRaises(EnvironmentError):
         print(_auth.default_credentials())
Ejemplo n.º 14
0
def build_from_document(
    service,
    base=None,
    future=None,
    http=None,
    developerKey=None,
    model=None,
    requestBuilder=HttpRequest,
    credentials=None,
    client_options=None,
    adc_cert_path=None,
    adc_key_path=None,
):
    if http is not None and credentials is not None:
        raise ValueError(
            "Arguments http and credentials are mutually exclusive.")

    if isinstance(service, six.string_types):
        service = json.loads(service)
    elif isinstance(service, six.binary_type):
        service = json.loads(service.decode("utf-8"))

    if "rootUrl" not in service and isinstance(http,
                                               (HttpMock, HttpMockSequence)):
        logger.error(
            "You are using HttpMock or HttpMockSequence without" +
            "having the service discovery doc in cache. Try calling " +
            "build() without mocking once first to populate the " + "cache.")
        raise InvalidJsonError()

    base = urljoin(service["rootUrl"], service["servicePath"])
    if client_options:
        if isinstance(client_options, six.moves.collections_abc.Mapping):
            client_options = google.api_core.client_options.from_dict(
                client_options)
        if client_options.api_endpoint:
            base = client_options.api_endpoint

    schema = Schemas(service)

    if http is None:
        scopes = list(
            service.get("auth", {}).get("oauth2", {}).get("scopes", {}).keys())

        if scopes and not developerKey:

            if credentials is None:
                credentials = _auth.default_credentials()

            credentials = _auth.with_scopes(credentials, scopes)

        if credentials:
            http = _auth.authorized_http(credentials)

        else:
            http = build_http()

        client_cert_to_use = None
        if client_options and client_options.client_cert_source:
            raise MutualTLSChannelError(
                "ClientOptions.client_cert_source is not supported, please use ClientOptions.client_encrypted_cert_source."
            )
        if (client_options
                and hasattr(client_options, "client_encrypted_cert_source")
                and client_options.client_encrypted_cert_source):
            client_cert_to_use = client_options.client_encrypted_cert_source
        elif adc_cert_path and adc_key_path and mtls.has_default_client_cert_source(
        ):
            client_cert_to_use = mtls.default_client_encrypted_cert_source(
                adc_cert_path, adc_key_path)
        if client_cert_to_use:
            cert_path, key_path, passphrase = client_cert_to_use()

            http_channel = (http.http if google_auth_httplib2 and isinstance(
                http, google_auth_httplib2.AuthorizedHttp) else http)
            http_channel.add_certificate(key_path, cert_path, "", passphrase)

        if "mtlsRootUrl" in service and (not client_options
                                         or not client_options.api_endpoint):
            mtls_endpoint = urljoin(service["mtlsRootUrl"],
                                    service["servicePath"])
            use_mtls_env = os.getenv("GOOGLE_API_USE_MTLS", "never")

            if not use_mtls_env in ("never", "auto", "always"):
                raise MutualTLSChannelError(
                    "Unsupported GOOGLE_API_USE_MTLS value. Accepted values: never, auto, always"
                )

            if use_mtls_env == "always" or (use_mtls_env == "auto"
                                            and client_cert_to_use):
                base = mtls_endpoint

    if model is None:
        features = service.get("features", [])
        model = JsonModel("dataWrapper" in features)

    return {
        'http': http,
        'baseUrl': base,
        'model': model,
        'developerKey': developerKey,
        'requestBuilder': requestBuilder,
        'resourceDesc': service,
        'rootDesc': service,
        'schema': schema,
    }
Ejemplo n.º 15
0
def main():
    conn = None

    device_opt = [
        "port", "no_password", "zone", "project", "stackdriver-logging",
        "method", "baremetalsolution", "apitimeout", "retries", "retrysleep",
        "serviceaccount", "plugzonemap", "proxyhost", "proxyport"
    ]

    atexit.register(atexit_handler)

    define_new_opts()

    all_opt["power_timeout"]["default"] = "60"
    all_opt["method"]["default"] = "cycle"
    all_opt["method"][
        "help"] = "-m, --method=[method]          Method to fence (onoff|cycle) (Default: cycle)"

    options = check_input(device_opt, process_input(device_opt))

    docs = {}
    docs["shortdesc"] = "Fence agent for GCE (Google Cloud Engine)"
    docs["longdesc"] = "fence_gce is an I/O Fencing agent for GCE (Google Cloud " \
         "Engine). It uses the googleapiclient library to connect to GCE.\n" \
         "googleapiclient can be configured with Google SDK CLI or by " \
         "executing 'gcloud auth application-default login'.\n" \
         "For instructions see: https://cloud.google.com/compute/docs/tutorials/python-guide"
    docs["vendorurl"] = "http://cloud.google.com"
    show_docs(options, docs)

    run_delay(options)

    # Prepare logging
    if options.get('--verbose') is None:
        logging.getLogger('googleapiclient').setLevel(logging.ERROR)
        logging.getLogger('oauth2client').setLevel(logging.ERROR)
    if options.get('--stackdriver-logging') is not None and options.get(
            '--plug'):
        try:
            import google.cloud.logging.handlers
            client = google.cloud.logging.Client()
            handler = google.cloud.logging.handlers.CloudLoggingHandler(
                client, name=options['--plug'])
            handler.setLevel(logging.INFO)
            formatter = logging.Formatter('gcp:stonith "%(message)s"')
            handler.setFormatter(formatter)
            root_logger = logging.getLogger()
            if options.get('--verbose') is None:
                root_logger.setLevel(logging.INFO)
            root_logger.addHandler(handler)
        except ImportError:
            logging.error('Couldn\'t import google.cloud.logging, '
                          'disabling Stackdriver-logging support')

# if apitimeout is defined we set the socket timeout, if not we keep the
# socket default which is 60s
    if options.get("--apitimeout"):
        socket.setdefaulttimeout(options["--apitimeout"])

    # Prepare cli
    try:
        serviceaccount = options.get("--serviceaccount")
        if serviceaccount:
            scope = ['https://www.googleapis.com/auth/cloud-platform']
            logging.debug("using credentials from service account")
            try:
                from google.oauth2.service_account import Credentials as ServiceAccountCredentials
                credentials = ServiceAccountCredentials.from_service_account_file(
                    filename=serviceaccount, scopes=scope)
            except ImportError:
                from oauth2client.service_account import ServiceAccountCredentials
                credentials = ServiceAccountCredentials.from_json_keyfile_name(
                    serviceaccount, scope)
        else:
            try:
                from googleapiclient import _auth
                credentials = _auth.default_credentials()
            except:
                credentials = GoogleCredentials.get_application_default()
            logging.debug("using application default credentials")

        if options.get("--proxyhost") and options.get("--proxyport"):
            proxy_info = httplib2.ProxyInfo(
                proxy_type=socks.PROXY_TYPE_HTTP,
                proxy_host=options.get("--proxyhost"),
                proxy_port=int(options.get("--proxyport")))
            http = credentials.authorize(httplib2.Http(proxy_info=proxy_info))
            conn = googleapiclient.discovery.build('compute',
                                                   'v1',
                                                   http=http,
                                                   cache_discovery=False)
        else:
            conn = googleapiclient.discovery.build('compute',
                                                   'v1',
                                                   credentials=credentials,
                                                   cache_discovery=False)
    except Exception as err:
        fail_usage("Failed: Create GCE compute v1 connection: {}".format(
            str(err)))

    # Get project and zone
    if not options.get("--project"):
        try:
            options["--project"] = get_metadata('project/project-id')
        except Exception as err:
            fail_usage(
                "Failed retrieving GCE project. Please provide --project option: {}"
                .format(str(err)))

    if "--baremetalsolution" in options:
        options["--zone"] = "none"

    # Populates zone automatically if missing from the command
    zones = [] if not "--zone" in options else options["--zone"].split(",")
    options["--plugzonemap"] = {}
    if "--plug" in options:
        for i, instance in enumerate(options["--plug"].split(",")):
            if len(zones) == 1:
                # If only one zone is specified, use it across all plugs
                options["--plugzonemap"][instance] = zones[0]
                continue

            if len(zones) - 1 >= i:
                # If we have enough zones specified with the --zone flag use the zone at
                # the same index as the plug
                options["--plugzonemap"][instance] = zones[i]
                continue

            try:
                # In this case we do not have a zone specified so we attempt to detect it
                options["--plugzonemap"][instance] = get_zone(
                    conn, options, instance)
            except Exception as err:
                fail_usage(
                    "Failed retrieving GCE zone. Please provide --zone option: {}"
                    .format(str(err)))

    # Operate the fencing device
    result = fence_action(conn, options, set_power_status, get_power_status,
                          get_nodes_list, power_cycle)
    sys.exit(result)
 def test_default_credentials_with_scopes_and_quota_project(self):
     with self.assertRaises(EnvironmentError):
         credentials = _auth.default_credentials(
             scopes=["1", "2"], quota_project_id="my-project")
Ejemplo n.º 17
0
 def test_default_credentials(self):
     with self.assertRaises(EnvironmentError):
         print(_auth.default_credentials())
def build_from_document(service,
                        base=None,
                        future=None,
                        http=None,
                        developerKey=None,
                        model=None,
                        requestBuilder=HttpRequest,
                        credentials=None):
    """Create a Resource for interacting with an API.

  Same as `build()`, but constructs the Resource object from a discovery
  document that is it given, as opposed to retrieving one over HTTP.

  Args:
    service: string or object, the JSON discovery document describing the API.
      The value passed in may either be the JSON string or the deserialized
      JSON.
    base: string, base URI for all HTTP requests, usually the discovery URI.
      This parameter is no longer used as rootUrl and servicePath are included
      within the discovery document. (deprecated)
    future: string, discovery document with future capabilities (deprecated).
    http: httplib2.Http, An instance of httplib2.Http or something that acts
      like it that HTTP requests will be made through.
    developerKey: string, Key for controlling API usage, generated
      from the API Console.
    model: Model class instance that serializes and de-serializes requests and
      responses.
    requestBuilder: Takes an http request and packages it up to be executed.
    credentials: oauth2client.Credentials or
      google.auth.credentials.Credentials, credentials to be used for
      authentication.

  Returns:
    A Resource object with methods for interacting with the service.
  """

    if http is not None and credentials is not None:
        raise ValueError(
            'Arguments http and credentials are mutually exclusive.')

    if isinstance(service, six.string_types):
        service = json.loads(service)

    if 'rootUrl' not in service and (isinstance(http,
                                                (HttpMock, HttpMockSequence))):
        logger.error(
            "You are using HttpMock or HttpMockSequence without" +
            "having the service discovery doc in cache. Try calling " +
            "build() without mocking once first to populate the " + "cache.")
        raise InvalidJsonError()

    base = urljoin(service['rootUrl'], service['servicePath'])
    schema = Schemas(service)

    # If the http client is not specified, then we must construct an http client
    # to make requests. If the service has scopes, then we also need to setup
    # authentication.
    if http is None:
        # Does the service require scopes?
        scopes = list(
            service.get('auth', {}).get('oauth2', {}).get('scopes', {}).keys())

        # If so, then the we need to setup authentication if no developerKey is
        # specified.
        if scopes and not developerKey:
            # If the user didn't pass in credentials, attempt to acquire application
            # default credentials.
            if credentials is None:
                credentials = _auth.default_credentials()

            # The credentials need to be scoped.
            credentials = _auth.with_scopes(credentials, scopes)

            # Create an authorized http instance
            http = _auth.authorized_http(credentials)

        # If the service doesn't require scopes then there is no need for
        # authentication.
        else:
            http = build_http()

    if model is None:
        features = service.get('features', [])
        model = JsonModel('dataWrapper' in features)

    return Resource(http=http,
                    baseUrl=base,
                    model=model,
                    developerKey=developerKey,
                    requestBuilder=requestBuilder,
                    resourceDesc=service,
                    rootDesc=service,
                    schema=schema)
Ejemplo n.º 19
0
import datetime
import os
import yaml
import uuid
import re
import dateutil

import tensorflow as tf

from google.cloud import pubsub_v1

from google.oauth2 import service_account
import googleapiclient.discovery
from googleapiclient import _auth

credentials = _auth.default_credentials()

service = googleapiclient.discovery.build('iam', 'v1', credentials=credentials)

crm_service = googleapiclient.discovery.build('cloudresourcemanager',
                                              'v1',
                                              credentials=credentials)

cloudbuild = googleapiclient.discovery.build('cloudbuild',
                                             'v1',
                                             credentials=credentials)


def latest_successful_build(image_uri, project_id):
    """Given an image URI get the most recent green cloudbuild."""