def ADCIsUserAccount():
"""Returns whether the ADC credentials correspond to a user account or not."""
cred_file = config.ADCFilePath()
creds, _ = c_creds.GetGoogleAuthDefault().load_credentials_from_file(
cred_file)
return (c_creds.IsUserAccountCredentials(creds) or
c_creds.IsExternalAccountUserCredentials(creds))
def WriteGcloudCredentialsToADC(creds, add_quota_project=False):
"""Writes gclouds's credential from auth login to ADC json."""
if not c_creds.IsUserAccountCredentials(creds):
log.warning('Credentials cannot be written to application default '
'credentials because it is not a user credential.')
return
PromptIfADCEnvVarIsSet()
if add_quota_project:
c_creds.ADC(creds).DumpExtendedADCToFile()
else:
c_creds.ADC(creds).DumpADCToFile()
def RevokeCredentials(credentials):
"""Revokes the token on the server.
Args:
credentials: user account credentials from either google-auth or
oauth2client.
Raises:
RevokeError: If credentials to revoke is not user account credentials.
"""
if not c_creds.IsUserAccountCredentials(credentials):
raise RevokeError(
'The token cannot be revoked from server because it is '
'not user account credentials.')
http_client = http.Http()
if c_creds.IsOauth2ClientCredentials(credentials):
credentials.revoke(http_client)
else:
credentials.revoke(http.GoogleAuthRequest(http_client))
def WriteGcloudCredentialsToADC(creds, add_quota_project=False):
"""Writes gclouds's credential from auth login to ADC json."""
# TODO(b/190114370): We will also support writing service account creds.
if (not c_creds.IsUserAccountCredentials(creds) and
not c_creds.IsExternalAccountCredentials(creds)):
log.warning('Credentials cannot be written to application default '
'credentials because it is not a user or external account '
'credential.')
return
# Quota project ID should not be added to non-user credentials.
if c_creds.IsExternalAccountCredentials(creds) and add_quota_project:
raise AddQuotaProjectError(
'The application default credentials are external account credentials, '
'quota project cannot be added.')
PromptIfADCEnvVarIsSet()
if add_quota_project:
c_creds.ADC(creds).DumpExtendedADCToFile()
else:
c_creds.ADC(creds).DumpADCToFile()
def Run(self, args):
"""Revoke Application Default Credentials."""
cred_file = config.ADCFilePath()
if not os.path.isfile(cred_file):
log.status.Print(
'Application Default Credentials have not been set up, '
'nothing to revoke.')
return
creds, _ = c_creds.GetGoogleAuthDefault().load_credentials_from_file(
cred_file)
if not (c_creds.IsUserAccountCredentials(creds)
or c_creds.IsExternalAccountCredentials(creds)
or c_creds.IsExternalAccountUserCredentials(creds)):
raise c_exc.BadFileException(
'The given credential file is a service account credential, and '
'cannot be revoked.')
if isinstance(creds, google_auth_creds.Credentials):
creds = c_google_auth.Credentials.FromGoogleAuthUserCredentials(
creds)
console_io.PromptContinue(
'You are about to revoke the credentials stored in: [{file}]'.
format(file=cred_file),
throw_if_unattended=True,
cancel_on_no=True)
try:
c_store.RevokeCredentials(creds)
os.remove(cred_file)
log.status.Print('Credentials revoked.')
except c_store.RevokeError:
os.remove(cred_file)
log.warning(
'The credentials stored in: [{file}] are not revocable from the '
'server but have been deleted from the file system.'.format(
file=cred_file))
def testIsUserAccountCredentialsOauth2client(self, credentials, is_devshell,
expected_result):
self.StartObjectPatch(
devshell, 'IsDevshellEnvironment', return_value=is_devshell)
self.assertEqual(
creds.IsUserAccountCredentials(credentials), expected_result)
