def _GetCredentials(self, credentials_file_path, client_secret_file_path):
""" Gets valid user credentials from storage. If nothing has been stored, or
if the stored credentials are invalid, the OAuth2 flow is completed to
obtain the new credentials.
When running in the buildbot, uses LUCI credentials instead.
Args:
credentials_file_path: str Absolute path to read/save user credentials.
client_secret_file_path: str Absolute path to read client_secret.json.
Returns:
OAuth2Credentials The obtained user credentials.
"""
if luci_auth.available():
return luci_auth.LUCICredentials(scopes=[self.SCOPES])
store = Storage(credentials_file_path)
credentials = store.get()
if not credentials or credentials.invalid:
flow = client.flow_from_clientsecrets(client_secret_file_path,
self.SCOPES)
flow.user_agent = self.APPLICATION_NAME
flags = tools.argparser.parse_args([])
credentials = tools.run_flow(flow, store, flags)
print("Storing credentials to " + credentials_file_path)
return credentials
def _FetchBuilderJsonFromMilo(master,
builder,
limit=100,
service_account_file=None): # pragma: no cover
LOGGER.debug('Fetching buildbot json for %s/%s from milo', master, builder)
body = {'master': master, 'builder': builder, 'limit': limit}
headers = {
'Accept': 'application/json',
'Content-Type': 'application/json',
}
http = httplib2.Http(timeout=300)
creds = None
if service_account_file:
creds = infra_libs.get_signed_jwt_assertion_credentials(
service_account_file, scope=OAUTH_SCOPES)
elif luci_auth.available():
creds = luci_auth.LUCICredentials(scopes=OAUTH_SCOPES)
if creds:
creds.authorize(http)
resp, content = http.request(MILO_JSON_ENDPOINT,
method='POST',
headers=headers,
body=json.dumps(body))
if resp.status != 200:
raise httplib2.HttpLib2Error('Invalid response status: %s\n%s' %
(resp.status, content))
# Strip off jsonp header.
data = json.loads(content[4:])
builds = [
json.loads(base64.b64decode(build['data'])) for build in data['builds']
]
return {build['number']: build for build in builds}
def test_luci_credentials_happy(self):
expiry = int(time.time()) + 3600
with self.luci_ctx({'local_auth': _LOCAL_AUTH}) as environ:
creds = luci_auth.LUCICredentials(scopes=['a', 'b'],
environ=environ,
http=self.mocked_http({
'access_token':
'new-token',
'expiry':
expiry,
}))
creds.refresh(httplib2.Http())
self.assertEqual('new-token', creds.access_token)
def _FetchFromBuildbucketImpl(project,
bucket_name,
builder,
service_account_file=None): # pragma: no cover
request_pb = rpc_pb2.SearchBuildsRequest()
request_pb.predicate.builder.project = project
request_pb.predicate.builder.bucket = bucket_name
request_pb.predicate.builder.builder = builder
request_pb.predicate.status = common_pb2.ENDED_MASK
request_pb.fields.paths.extend([
'builds.*.number',
'builds.*.status',
'builds.*.input.gitiles_commit.id',
])
headers = {
'Accept': 'application/prpc; encoding=binary',
'Content-Type': 'application/prpc; encoding=binary',
}
http = httplib2.Http(timeout=300)
creds = None
if service_account_file:
creds = infra_libs.get_signed_jwt_assertion_credentials(
service_account_file, scope=OAUTH_SCOPES)
elif luci_auth.available():
creds = luci_auth.LUCICredentials(scopes=OAUTH_SCOPES)
if creds:
creds.authorize(http)
resp, content = http.request(_BUILDBUCKET_SEARCH_ENDPOINT_V2.format(
buildbucket_instance=_DEFAULT_BUILDBUCKET_INSTANCE),
method='POST',
headers=headers,
body=request_pb.SerializeToString())
grpc_code = resp.get('X-Prpc-Grpc-Code'.lower())
if grpc_code != '0':
raise httplib2.HttpLib2Error('Invalid GRPC exit code: %s\n%s' %
(grpc_code, content))
response_pb = rpc_pb2.SearchBuildsResponse()
response_pb.ParseFromString(content)
return response_pb
def get_luci_credentials():
if luci_auth.available():
return luci_auth.LUCICredentials(scopes=OAUTH_SCOPES)
return None
def test_luci_credentials_no_ctx(self):
with self.luci_ctx({}) as environ:
with self.assertRaises(luci_auth.LUCIAuthError):
luci_auth.LUCICredentials(scopes=['a', 'b'], environ=environ)
