def main(args=sys.argv):
"""The main function for the erpmtics_agent program."""
logger.debug(args)
try:
logger.debug("Init the app")
id = "*****@*****.**" # from google API console - convert private key to base64 or load from file
#key = base64.b64decode(...)
credentials = SignedJwtAssertionCredentials(id, key, scope='https://www.googleapis.com/auth/drive')
credentials.authorize(httplib2.Http())
gauth = GoogleAuth()
gauth.credentials = credentials
drive = GoogleDrive(gauth)
sys.exit()
"""
gauth = GoogleAuth()
gauth.LocalWebserverAuth()
drive = GoogleDrive(gauth)
file1 = drive.CreateFile({'title': 'Hello.txt'}) # Create GoogleDriveFile instance with title 'Hello.txt'
file1.SetContentString('Hello World!') # Set content of the file from given string
file1.Upload()
"""
except ImportError:
raise
except Exception, e:
raise
def InitializeCredentials():
"""Builds a decorator for using oauth2 with webapp2.RequestHandlers."""
try:
global service
global drive_service
global http
global drive_http
# Load the key in PKCS 12 format that you downloaded from the Google API
# Console when you created your Service account.
f = file(_SERVICE_SECRETS_PATH, 'rb')
key = f.read()
f.close()
from oauth2client.client import SignedJwtAssertionCredentials
credentials = SignedJwtAssertionCredentials(
_OAUTH_USER, key, scope=[_SCOPE, _DRIVE_SCOPE], sub=_SUB_USER)
http = httplib2.Http()
http = credentials.authorize(http)
service = build("admin", "directory_v1", http=http)
drive_http = httplib2.Http()
drive_http = credentials.authorize(drive_http)
drive_service = build("drive", "v2", http=drive_http)
# Deliberately catch everything. pylint: disable-msg=broad-except
except Exception as e:
logging.error(
'oauth2 module enabled, but unable to load secretes file %s' % e)
def post(self, hurl=None):
user = users.get_current_user()
hunt = Hunts.query(Hunts.hurl == hurl).get()
title = self.request.get('title', None)
if not hunt:
logging.error('Hunt not found')
self.response(400)
return
# User must be in the current hunt to create docs.
if not self.CheckHunterInHunt(user, hunt):
logging.error('User not in hunt.')
self.error(403)
return
# Validate title
if re.match(r'^[\w\s]{1,128}$', title) == None:
logging.error('Invalid doc title')
self.error(400)
return
# Setup a service object to talk to the Drive API.
scopes = [
'https://www.googleapis.com/auth/drive',
'https://www.googleapis.com/auth/drive.appdata',
'https://www.googleapis.com/auth/drive.apps.readonly',
'https://www.googleapis.com/auth/drive.file',
'https://www.googleapis.com/auth/drive.metadata.readonly',
'https://www.googleapis.com/auth/drive.readonly',
'https://www.googleapis.com/auth/drive.scripts',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile',
]
client_email = '*****@*****.**'
with open('../puzzlebuddy-b7c415ad8eaf.pem') as f:
private_key = f.read()
credentials = SignedJwtAssertionCredentials(client_email, private_key,
scopes)
if credentials is None or credentials.invalid:
logging.error('Puzbud credentials failed to load or were invalid')
http = Http()
credentials.authorize(http)
service = discovery.build('drive', 'v2', http=http)
# Create a new doc.
body = {
'title': title,
'mimeType': 'application/vnd.google-apps.spreadsheet',
'parents': [{
'id': hunt.shared_folder_id
}],
}
# TODO(jonlesser): Catch AccessTokenRefreshError exceptions when executing.
doc = service.files().insert(body=body).execute()
resp = {'file_id': doc['id']}
self.response.out.write(json.dumps(resp))
def login_to_google_analytics():
credentials = SignedJwtAssertionCredentials(GOOGLE_SERVICE_ACCOUNT_EMAIL, GOOGLE_SERVICE_ACCOUNT_SECRET_KEY,
'https://www.googleapis.com/auth/analytics.readonly')
http = Http()
credentials.authorize(http)
service = build("analytics", "v3", http=http)
return service, credentials.access_token
def get_http_for_request(self):
if self.use_jwt_credentials_auth: # Local debugging using pem file
scope = 'https://www.googleapis.com/auth/bigquery'
from oauth2client.client import SignedJwtAssertionCredentials
credentials = SignedJwtAssertionCredentials(self.jwt_account_name, self.jwt_key_func(), scope=scope)
logging.info("Using Standard jwt authentication")
return credentials.authorize(httplib2.Http())
elif self.is_in_appengine(): # App engine
from google.appengine.api import memcache
scope = 'https://www.googleapis.com/auth/bigquery'
credentials = AppAssertionCredentials(scope=scope)
logging.info("Using Standard appengine authentication")
return credentials.authorize(httplib2.Http(memcache))
elif self.oauth_credentails_file: # Local oauth token
http = httplib2.Http()
storage = Storage(self.oauth_credentails_file)
credentials = storage.get()
if not credentials:
raise EnvironmentError('No credential file present')
http = credentials.authorize(http)
credentials.refresh(http)
logging.info("Using Standard OAuth authentication")
return http
elif self.is_in_gce_machine(): # GCE authorization
http = httplib2.Http()
credentials = gce.AppAssertionCredentials('')
http = credentials.authorize(http)
credentials.refresh(http)
logging.info("Using GCE authentication")
return http
raise BigQueryAuthorizationError()
def google_prediction(subject, args):
from oauth2client.client import SignedJwtAssertionCredentials
import json
from apiclient import discovery
from httplib2 import Http
json_key = json.load(open("..."))
credentials = SignedJwtAssertionCredentials(
json_key['client_email'],
json_key['private_key'].encode(),
'https://www.googleapis.com/auth/prediction')
http = Http()
credentials.authorize(http)
prediction = discovery.build('prediction', 'v1.6', http=http)
models = prediction.trainedmodels()
results = []
for data in subject:
r = models.predict(project='symbolic-button-852',
id='language-detection',
body={"input": {"csvInstance": [data]}})
results.append(r.execute()['outputLabel'])
return results
def login_to_google_analytics():
credentials = SignedJwtAssertionCredentials(GOOGLE_SERVICE_ACCOUNT_EMAIL, GOOGLE_SERVICE_ACCOUNT_SECRET_KEY,
'https://www.googleapis.com/auth/analytics.readonly')
http = Http()
credentials.authorize(http)
service = build("analytics", "v3", http=http)
return service, credentials.access_token
def create_discovery(self, discovery, scope, api_version):
"""
Create Google Cloud API discovery object and perform authentication.
:param discovery: name of the API discovery to be created
:param scope: scope the API discovery will have
:param api_version: version of the API
:return: discovery object
:raise: GCPError if there is a problem with service account JSON file:
e.g. the file is not under the given path or it has wrong permissions
"""
Crypto.Random.atfork()
try:
with open(self.auth) as f:
account_data = json.load(f)
credentials = SignedJwtAssertionCredentials(
account_data['client_email'],
account_data['private_key'],
scope=scope)
http = httplib2.Http()
credentials.authorize(http)
return build(discovery, api_version, http=http)
except IOError as e:
self.logger.error(str(e))
raise GCPError(str(e))
def build_service(service_name, api_version, scopes):
"""Get an authorized service account http connection"""
if DEBUG:
if config.SERVICE_EMAIL and config.SERVICE_KEY_PATH and os.path.exists(
config.SERVICE_KEY_PATH):
from oauth2client.client import SignedJwtAssertionCredentials
# must extract key first since pycrypto doesn't support p12 files
# openssl pkcs12 -passin pass:notasecret -in privatekey.p12 -nocerts -passout pass:notasecret -out key.pem
# openssl pkcs8 -nocrypt -in key.pem -passin pass:notasecret -topk8 -out privatekey.pem
# rm key.pem
key_str = open(config.SERVICE_KEY_PATH).read()
credentials = SignedJwtAssertionCredentials(
config.SERVICE_EMAIL, key_str, scopes)
http = credentials.authorize(httplib2.Http(api.memcache))
return build(service_name, api_version, http=http)
else:
logging.warn(
"Please create a service account and download your key add to appengine_config.py."
)
raise AppError(
"Service '{}' not availble from localhost without a service account set up and added to appengine_config.py."
.format(service_name))
credentials = AppAssertionCredentials(scope=scopes)
http = credentials.authorize(httplib2.Http(api.memcache))
return build(service_name, api_version, http=http)
def create_discovery(self, discovery, scope, api_version):
"""
Create Google Cloud API discovery object and perform authentication.
:param discovery: name of the API discovery to be created
:param scope: scope the API discovery will have
:param api_version: version of the API
:return: discovery object
:raise: GCPError if there is a problem with service account JSON file:
e.g. the file is not under the given path or it has wrong permissions
"""
Crypto.Random.atfork()
try:
with open(self.auth) as f:
account_data = json.load(f)
credentials = SignedJwtAssertionCredentials(
account_data['client_email'],
account_data['private_key'],
scope=scope)
http = httplib2.Http()
credentials.authorize(http)
return build(discovery, api_version, http=http)
except IOError as e:
self.logger.error(str(e))
raise GCPError(str(e))
def get_authorized_http(oauth_path):
json_key = json.load(open(oauth_path))
scope = ['https://www.googleapis.com/auth/drive.readonly']
credentials = SignedJwtAssertionCredentials(json_key['client_email'], json_key['private_key'], scope)
http = Http()
credentials.authorize(http)
return http
def post(self, hurl=None):
user = users.get_current_user()
hunt = Hunts.query(Hunts.hurl == hurl).get()
title = self.request.get('title', None)
if not hunt:
logging.error('Hunt not found')
self.response(400)
return
# User must be in the current hunt to create docs.
if not self.CheckHunterInHunt(user, hunt):
logging.error('User not in hunt.')
self.error(403)
return
# Validate title
if re.match(r'^[\w\s]{1,128}$', title) == None:
logging.error('Invalid doc title')
self.error(400)
return
# Setup a service object to talk to the Drive API.
scopes = [
'https://www.googleapis.com/auth/drive',
'https://www.googleapis.com/auth/drive.appdata',
'https://www.googleapis.com/auth/drive.apps.readonly',
'https://www.googleapis.com/auth/drive.file',
'https://www.googleapis.com/auth/drive.metadata.readonly',
'https://www.googleapis.com/auth/drive.readonly',
'https://www.googleapis.com/auth/drive.scripts',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile',
]
client_email = '*****@*****.**'
with open('../puzzlebuddy-b7c415ad8eaf.pem') as f:
private_key = f.read()
credentials = SignedJwtAssertionCredentials(client_email, private_key, scopes)
if credentials is None or credentials.invalid:
logging.error('Puzbud credentials failed to load or were invalid')
http = Http()
credentials.authorize(http)
service = discovery.build('drive', 'v2', http=http)
# Create a new doc.
body = {
'title': title,
'mimeType': 'application/vnd.google-apps.spreadsheet',
'parents': [{'id': hunt.shared_folder_id}],
}
# TODO(jonlesser): Catch AccessTokenRefreshError exceptions when executing.
doc = service.files().insert(body=body).execute()
resp = {'file_id': doc['id']}
self.response.out.write(json.dumps(resp))
def authenticate(config):
svc_user_id = config.get("drive", "service_user_email")
svc_scope = "https://www.googleapis.com/auth/drive"
svc_key_file = config.get("drive", "key_file")
svc_key = open(svc_key_file, "rb").read()
gcredentials = SignedJwtAssertionCredentials(svc_user_id, svc_key, scope=svc_scope)
gcredentials.authorize(httplib2.Http())
gauth = GoogleAuth()
gauth.credentials = gcredentials
return gauth
def authenticate(config):
#logger.debug("OAuth2 Authentication - Starting")
svc_user_id = config.get('drive', 'service_user_email')
svc_scope = "https://www.googleapis.com/auth/drive"
svc_key_file = config.get('drive', 'key_file')
svc_key = open(svc_key_file, 'rb').read()
gcredentials = SignedJwtAssertionCredentials(svc_user_id, svc_key, scope=svc_scope)
gcredentials.authorize(httplib2.Http())
gauth = GoogleAuth()
gauth.credentials = gcredentials
#logger.debug("OAuth2 Authentication - Complete")
return gauth
def ga_login(self, api_name='analytics', api_version='v3'):
try:
from oauth2client.client import SignedJwtAssertionCredentials
credentials = SignedJwtAssertionCredentials(self.json_key['client_email'], self.json_key['private_key'].encode(), self.scope_ga)
http = credentials.authorize(httplib2.Http())
service = build(api_name, api_version, http=http)
except ImportError:
from oauth2client.service_account import ServiceAccountCredentials
credentials = ServiceAccountCredentials.from_json_keyfile_name(self.json_key, self.scope_ga)
http = credentials.authorize(httplib2.Http())
service = build(api_name, api_version, http=http)
return service
def authenticate(config):
logger.debug("GoogleDriveUploadAction starting authentication")
svc_user_id = config.config_obj.get('GoogleDriveUploadAction', 'service_user_email')
svc_scope = "https://www.googleapis.com/auth/drive"
svc_key_file = config.config_obj.get('GoogleDriveUploadAction', 'key_file')
svc_key = open(svc_key_file, 'rb').read()
gcredentials = SignedJwtAssertionCredentials(svc_user_id, svc_key, scope=svc_scope)
gcredentials.authorize(httplib2.Http())
gauth = GoogleAuth()
gauth.credentials = gcredentials
logger.debug("GoogleDriveUploadAction authentication complete")
return gauth
def authenticate(config):
logger.debug("GoogleDriveUploadAction starting authentication")
svc_user_id = config.config_obj.get('GoogleDriveUploadAction', 'service_user_email')
svc_scope = "https://www.googleapis.com/auth/drive"
svc_key_file = config.config_obj.get('GoogleDriveUploadAction', 'key_file')
svc_key = open(svc_key_file, 'rb').read()
gcredentials = SignedJwtAssertionCredentials(svc_user_id, svc_key, scope=svc_scope)
gcredentials.authorize(httplib2.Http())
gauth = GoogleAuth()
gauth.credentials = gcredentials
logger.debug("GoogleDriveUploadAction authentication complete")
return gauth
def list_instances(client_cert_file, client_email, project, zone):
with open(client_cert_file) as f:
private_key = f.read()
credentials = SignedJwtAssertionCredentials(client_email, private_key,
'https://www.googleapis.com/auth/compute.readonly')
http = Http()
credentials.authorize(http)
try:
compute = build('compute', 'v1', http=http)
resp_json = compute.instances().list(project=project, zone=zone).execute()
except HttpError:
raise GoogleClientError('Failed to make "list instances" Google cloud API request')
return resp_json
def get_service():
client_email = '*****@*****.**'
with open("secure_key.p12") as f:
private_key = f.read()
credentials = SignedJwtAssertionCredentials(client_email, private_key,
'https://www.googleapis.com/auth/analytics.readonly')
http = Http()
credentials.authorize(http)
service = build('analytics', 'v3', http=http)
return service
def InitialLogin(self): sourceKey = settings.BASE_DIR + "/auth/b054caf6c564d84ff0396f4b42b7d928551adfeb-privatekey.p12" id = "*****@*****.**" f = file(sourceKey, 'rb') key = f.read() http = httplib2.Http() credentials = SignedJwtAssertionCredentials(id, key, scope='https://www.googleapis.com/auth/drive') credentials.authorize(http) gauth = GoogleAuth() gauth.credentials = credentials drive = GoogleDrive(gauth) self.service =drive
def index():
jsondata = request.get_json()
if 'bookname' not in jsondata or 'publish_date' not in jsondata:
abort(400, "Bookname and publish date is required.")
publish_date = dateutil.parser.parse(jsondata['publish_date'])
desc = str()
if 'subbookname' in jsondata:
jsondata['bookname'] += " %s" % jsondata['subbookname']
if 'author' in jsondata:
desc += "%s\n" % jsondata['author']
if 'cover_image' in jsondata:
desc += "封面圖片: %s\n" % jsondata['cover_image']
if 'link' in jsondata:
desc += "詳細資料: %s\n" % jsondata['link']
if 'price' in jsondata:
desc += "定價: %s\n" % jsondata['price']
if 'publish_date' in jsondata:
desc += "發售日期: %s\n" % jsondata['publish_date']
if postedBooks.find_one({u"bookname": jsondata['bookname']}) is not None:
abort(400, "Content already exists.")
with open("My Project-c50dae1a95a3-notasecret.p12") as f:
private_key = f.read()
credentials = SignedJwtAssertionCredentials(client_email, private_key,
'https://www.googleapis.com/auth/calendar')
http = Http()
credentials.authorize(http)
service = discovery.build('calendar', 'v3', http=http)
event = {
'summary': jsondata['bookname'],
'description': desc,
'start': {
'date': publish_date.strftime('%Y-%m-%d'),
'timeZone': 'Asia/Taipei',
},
'end': {
'date': publish_date.strftime('%Y-%m-%d'),
'timeZone': 'Asia/Taipei',
}
}
event = service.events().insert(calendarId=calID, body=event).execute()
postedBooks.insert({'bookname': jsondata['bookname']})
return jsonify({'message': 'Event created: %s' % (event.get('htmlLink'))})
def __init__(self, parsed_url):
duplicity.backend.Backend.__init__(self, parsed_url)
try:
global pydrive
import httplib2
from apiclient.discovery import build
from oauth2client.client import SignedJwtAssertionCredentials
from pydrive.auth import GoogleAuth
from pydrive.drive import GoogleDrive
from pydrive.files import FileNotUploadedError
except ImportError:
raise BackendException('PyDrive backend requires PyDrive installation'
'Please read the manpage to fix.')
if 'GOOGLE_DRIVE_ACCOUNT_KEY' in os.environ:
account_key = os.environ['GOOGLE_DRIVE_ACCOUNT_KEY']
credentials = SignedJwtAssertionCredentials(parsed_url.username + '@' + parsed_url.hostname, account_key, scope='https://www.googleapis.com/auth/drive')
credentials.authorize(httplib2.Http())
gauth = GoogleAuth()
gauth.credentials = credentials
elif 'GOOGLE_DRIVE_SETTINGS' in os.environ:
gauth = GoogleAuth(settings_file=os.environ['GOOGLE_DRIVE_SETTINGS'])
gauth.CommandLineAuth()
else:
raise BackendException('GOOGLE_DRIVE_ACCOUNT_KEY or GOOGLE_DRIVE_SETTINGS environment variable not set. Please read the manpage to fix.')
self.drive = GoogleDrive(gauth)
# Dirty way to find root folder id
file_list = self.drive.ListFile({'q': "'Root' in parents and trashed=false"}).GetList()
if file_list:
parent_folder_id = file_list[0]['parents'][0]['id']
else:
file_in_root = self.drive.CreateFile({'title': 'i_am_in_root'})
file_in_root.Upload()
parent_folder_id = file_in_root['parents'][0]['id']
# Fetch destination folder entry and create hierarchy if required.
folder_names = string.split(parsed_url.path, '/')
for folder_name in folder_names:
if not folder_name:
continue
file_list = self.drive.ListFile({'q': "'" + parent_folder_id + "' in parents and trashed=false"}).GetList()
folder = next((item for item in file_list if item['title'] == folder_name and item['mimeType'] == 'application/vnd.google-apps.folder'), None)
if folder is None:
folder = self.drive.CreateFile({'title': folder_name, 'mimeType': "application/vnd.google-apps.folder", 'parents': [{'id': parent_folder_id}]})
folder.Upload()
parent_folder_id = folder['id']
self.folder = parent_folder_id
self.id_cache = {}
def __auth():
# TODO Validate credentials
private_key = open(settings.GOOGLE_PREDICTION_PRIVATE_KEY).read()
http = httplib2.Http()
credentials = SignedJwtAssertionCredentials(
settings.GOOGLE_PREDICTION_PROJECT_EMAIL, private_key, [
'https://www.googleapis.com/auth/devstorage.full_control',
'https://www.googleapis.com/auth/devstorage.read_only',
'https://www.googleapis.com/auth/devstorage.read_write',
'https://www.googleapis.com/auth/prediction',
])
credentials.authorize(http)
APIManager.__api = discovery.build('prediction', 'v1.6', http=http)
class YoutubeInterface:
YOUTUBE_READ_WRITE_SCOPE = 'https://www.googleapis.com/auth/youtube.upload'
YOUTUBE_ADMIN_SCOPE = 'https://www.googleapis.com/auth/youtube'
YOUTUBE_API_SERVICE_NAME = 'youtube'
YOUTUBE_API_VERSION = 'v3'
def __init__(self):
self._credentials = None
self.youtube_service = None
pass
def authorize_pki(self,
client_id,
pki,
scope=YOUTUBE_ADMIN_SCOPE,
as_user=None):
from oauth2client.client import SignedJwtAssertionCredentials
self._credentials = SignedJwtAssertionCredentials(client_id,
pki,
scope,
sub=as_user)
h = self._credentials.authorize(httplib2.Http())
self.youtube_service = build(self.YOUTUBE_API_SERVICE_NAME,
self.YOUTUBE_API_VERSION,
http=h)
def list_categories(self, region_code='gb'):
result = self.youtube_service.videoCategories().list(
part="id,snippet", regionCode=region_code).execute()
#pprint(result)
return result
def _authorize(self):
"""
Returns an authorized HTTP object to be used to build a Google cloud
service hook connection.
"""
service_account = self._get_field('service_account', False)
key_path = self._get_field('key_path', False)
scope = self._get_field('scope', False)
kwargs = {}
if self.delegate_to:
kwargs['sub'] = self.delegate_to
if not key_path or not service_account:
logging.info('Getting connection using `gcloud auth` user, since no service_account/key_path are defined for hook.')
credentials = GoogleCredentials.get_application_default()
elif self.scope:
with open(key_path, 'rb') as key_file:
key = key_file.read()
credentials = SignedJwtAssertionCredentials(
service_account,
key,
scope=self.scope,
**kwargs)
else:
raise AirflowException('Scope undefined, or either key_path/service_account config was missing.')
http = httplib2.Http()
return credentials.authorize(http)
def get_RLXMOOC_credentials():
json_key = {
'client_x509_cert_url':
'https://www.googleapis.com/robot/v1/metadata/x509/tutorpython%40intropython-udea.iam.gserviceaccount.com',
'auth_uri': 'https://accounts.google.com/o/oauth2/auth',
'private_key':
'-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCnzM3MraFSKVJv\nYLznFbiCo7d6EZCrerjJFtkr6blWuZ6czBh+nRtUdhOxgsnM9472UM5DsBAYKke5\nyLalBNcR2El+TGjtdwqX6eu9I+gS8jXxV3ofiszeB6+dkw/bnGboyUadscmQy7zv\nEq884+cevbTR9wljtnQt1lom6gXeYwnKSdElwKwm26LBMRS1NPjUvHyNz0uSrtNn\n2u/DcKldkBGNpX85GR6lxuG+yyuQJ+gf9U/un9j5fonKYh+PxmPZWMPyq9I+1ZYF\nt2P87/5JWBwRxMbnfGps+15vDyPy1dOOJ5RCSA0WQFi2MQBO5nkXLLsQ0/PZ4l6Y\nIdlIdfdrAgMBAAECggEADWlLEY7XE/AFjK1Yq8eKpbZcFb+Npob6eef/l4jorUvM\np4+QbZ407v04+bkQU/d9T6aJtdM+lg/bB7hJEMtgPSbiSNvmjwQyro2dr9JM3CbL\ntOxe8GJxmVVX7eoxHEZV20krAbOR/qaqBRmjM+SrNkPHTfjGoVeV1YwKTI3rxihW\n8KkzsOa9ZaPb5tLaLn2ZEfXab04P2lCznM+d6mGZFRu3GV50C9BHL2fcbuC477+X\nUlX5RKkXfdFCNuF4eB6NC/QYhUkE3hI62ASMpyU5LokKMzpxEFOj49EJWIQqDGF3\nsD6V3d4nlAq8P/MDgoE1a0TIZkRuTGoydSO+AfjBgQKBgQDmeTlJhbkTvEkNuirj\nNra1EZmXE1oO5lYActjyvrvrn1Ca7JUlF44VCwmjCsrKrT2Nr1XiEW3HnJA5PVb5\nVMv6aqvvL5TrY37ofIzmk0OCwhMtGXx+pgSr79XuGxFO6YV3c6JU32fK/TEw93/D\n56NJS86oF50+91eenKX8wlLAoQKBgQC6Yo3sGq5vcQ9tgRLZ8diBwW3ybBCZOK9V\neTMepL30pIBbgAwUbJjeamamFWYkdKF6szkbbqA4tfEl1B8GF3IxZgR8uNk3P93q\nUo4PwVvsPiS9GwyLXtrya0+b2POjjLW4ZBxcAQetaiyQGwBwCZXic/i5+OE/cvz5\nS25p+mtgiwKBgEgpnK5QmGp9gcIykEskToDTSevruz7/D96EFzmqTtyvvWVEvk4m\n2e3szs+mCWj8ZVF/nLx0CJN/igjiE+Ftk5CM5di2ZUJunMXeeZ+YbIL8kVSFrl1Z\nTg0nwywSfZDfvVJxelpouO7t6AEU/YQxewbwHXy0KCAXAfA/zBkgHxkBAoGAdjTj\nBYa2cn8l5bEin46+XSyr6j+XF1XX/UFspladEnbx4RYIkzt8iDK6/0I7EYvWjdb0\ntO0oOE9LrU4mjtp31dR5rBAf0uZye5X3+w4Kmn2fFz/8aLez7GMajiC+BE/NQDBd\nvAv7LoRT1uEJGgU6RfB/IpMxZ+gpgIHSeOwVBZkCgYBkn3/n9vWaXfiY1VYOv2Uz\n5zpK1i2+QPrRPdG3jaB7L3/4XraxuHX2xICdli8C3giYN/Tq9RaQ1nsN3oANVarz\nZsrt1rANMFyHX/RLsPmnGE0hsGp/NFcN+sUuM9JQ8F69cmbXrmwmpaNAoYjiPJ7C\nVYD9YHALrpHNviamGIZxfA==\n-----END PRIVATE KEY-----\n',
'client_email': '*****@*****.**',
'private_key_id': 'ad27c7beea3401e0b9cd59e37cc38764305c9eb3',
'client_id': '104711341528706712731',
'token_uri': 'https://accounts.google.com/o/oauth2/token',
'project_id': 'intropython-udea',
'type': 'service_account',
'auth_provider_x509_cert_url':
'https://www.googleapis.com/oauth2/v1/certs'
}
scope = [
'https://spreadsheets.google.com/feeds',
'https://www.googleapis.com/auth/drive'
]
credentials = SignedJwtAssertionCredentials(
json_key['client_email'], json_key['private_key'].encode(), scope)
gc = gspread.authorize(credentials)
http = credentials.authorize(httplib2.Http())
service = discovery.build("drive", "v3", http=http)
return json_key['client_email'], gc, service
def __init__(self, config):
self.service_account = config["service_account_email"]
self.sub_user_email = config["service_user_email"]
self.domain = config["domain"]
self.user_pass = config["google_user_pass"]
with open(config["google_private_key_path"], 'rb') as p_key:
self.private_key = p_key.read()
p_key.close()
http = httplib2.Http()
"""
Sub account is needed to fulfill these actions
http://stackoverflow.com/questions/20704925/google-admin-sdk-directory-api-403-python
"""
credentials = SignedJwtAssertionCredentials(
self.service_account,
self.private_key,
scope=[
"https://www.googleapis.com/auth/admin.directory.group",
"https://www.googleapis.com/auth/admin.directory.user"
],
sub=self.sub_user_email)
http = credentials.authorize(http)
self.directory_api = build('admin', 'directory_v1', http=http)
def connect(self, keyFile=KEY_FILE, account=ACCOUNT):
try:
f = file(keyFile, 'rb')
except IOError:
logger.error('Could not find key file. Please verify settings.')
return None
key = f.read()
f.close()
credentials = SignedJwtAssertionCredentials(
account,
key,
scope=[
'https://www.googleapis.com/auth/fusiontables',
'https://www.googleapis.com/auth/fusiontables.readonly',
])
self.http = httplib2.Http()
self.http = credentials.authorize(self.http)
i = 0
while (not self.service and i < 10 and not time.sleep(10)):
try:
self.service = build('fusiontables', 'v1', http=self.http)
except httplib2.ServerNotFoundError:
logger.warning('Unable to find server for authentication.')
except HttpError:
logger.warning('HTTP error when trying to authenticate.')
return self.service
def main():
'''
main function
'''
with open(settings.SERVICE_ACCOUNT_JSON) as json_file:
json_data = json.load(json_file)
#print json_data
credentials = SignedJwtAssertionCredentials(
json_data['client_email'],
json_data['private_key'],
scope=
'https://www.googleapis.com/auth/admin.reports.audit.readonly',
access_type='offline',
approval_prompt='force',
sub=email)
storage = Storage(settings.STORAGE_FILE)
storage.put(credentials)
#credentials = storage.get()
credentials.get_access_token()
if test:
print credentials.__dict__
#print credentials.access_token
http = httplib2.Http()
auth = credentials.authorize(http)
# refresh does not seem to work
credentials.refresh(http)
print credentials.__dict__
def authenticate():
"""Build and return a Plus service object authorized with the service accounts
that act on behalf of the given user.
Returns:
Plus service object.
"""
print 'Authenticate the domain for %s' % USER_EMAIL
f = open(SERVICE_ACCOUNT_PKCS12_FILE_PATH, 'rb')
key = f.read()
f.close()
# Setting the sub field with USER_EMAIL allows you to make API calls using the
# special keyword 'me' in place of a user id for that user.
credentials = SignedJwtAssertionCredentials(SERVICE_ACCOUNT_EMAIL,
key,
scope=SCOPES,
sub=USER_EMAIL)
http = httplib2.Http()
http = credentials.authorize(http)
# Create and return the Plus service object
return build('plusDomains', 'v1', http=http)
def authenticate(api_name, api_version, scope, key_file_location, service_account_email):
f = open(key_file_location, 'rb')
key = f.read()
f.close()
credentials = SignedJwtAssertionCredentials(service_account_email, key, scope=scope)
service = build(api_name, api_version, http=credentials.authorize(httplib2.Http()))
return service
class GoogleAnalytics(object):
def __init__(self, service_account_name, private_key, profile_id):
self._credentials = SignedJwtAssertionCredentials(
service_account_name,
private_key,
scope='https://www.googleapis.com/auth/analytics.readonly')
self._profile_id = profile_id
self._service = None
def _get_service(self):
if not self._service:
http = httplib2.Http()
http = self._credentials.authorize(http)
self._service = build(serviceName='analytics', version='v3',
http=http)
return self._service
def date_query(self, start_date=None, end_date=None, metrics=None,
dimensions=None):
service = self._get_service()
data_query = service.data().ga().get(
ids='ga:' + self._profile_id,
start_date=start_date,
end_date=end_date,
dimensions=dimensions,
metrics=metrics).execute()
return data_query['rows']
def realtime_query(self, metrics=None):
service = self._get_service()
data_query = service.data().realtime().get(
ids='ga:' + self._profile_id,
metrics=metrics).execute()
return data_query['rows']
def get_service(api_name, api_version, scope, key_file_location,
service_account_email):
"""Get a service that communicates to a Google API.
Args:
api_name: The name of the api to connect to.
api_version: The api version to connect to.
scope: A list auth scopes to authorize for the application.
key_file_location: The path to a valid service account p12 key file.
service_account_email: The service account email address.
Returns:
A service that is connected to the specified API.
"""
f = open(key_file_location, 'rb')
key = f.read()
f.close()
credentials = SignedJwtAssertionCredentials(service_account_email, key,
scope=scope)
http = credentials.authorize(httplib2.Http())
# Build the service object.
service = build(api_name, api_version, http=http)
return service
def get_conn(self):
"""
Returns a Google Cloud Storage service object.
"""
connection_info = self.get_connection(
self.google_cloud_storage_conn_id)
connection_extras = connection_info.extra_dejson
service_account = connection_extras['service_account']
key_path = connection_extras['key_path']
with file(key_path, 'rb') as key_file:
key = key_file.read()
credentials = SignedJwtAssertionCredentials(service_account,
key,
scope=self.scope)
# TODO Support domain delegation, which will allow us to set a sub-account to execute as. We can then
# pass DAG owner emails into the connection_info, and use it here.
# sub='*****@*****.**')
http = httplib2.Http()
http_authorized = credentials.authorize(http)
service = build('storage', 'v1', http=http_authorized)
return service
def _authorize(self):
"""
Returns an authorized HTTP object to be used to build a Google cloud
service hook connection.
"""
connection_info = self.get_connection(self.conn_id)
connection_extras = connection_info.extra_dejson
service_account = connection_extras.get('service_account', False)
key_path = connection_extras.get('key_path', False)
if not key_path or not service_account:
logging.info('Getting connection using `gcloud auth` user, since no service_account/key_path are defined for hook.')
credentials = GoogleCredentials.get_application_default()
elif self.scope:
with file(key_path, 'rb') as key_file:
key = key_file.read()
credentials = SignedJwtAssertionCredentials(
service_account,
key,
scope=self.scope)
# TODO Support domain delegation, which will allow us to set a sub-account to execute as. We can then
# pass DAG owner emails into the connection_info, and use it here.
# sub='*****@*****.**')
else:
raise AirflowException('Scope undefined, or either key_path/service_account config was missing.')
http = httplib2.Http()
return credentials.authorize(http)
def _auth(service_account, private_key, scopes, **kwargs):
credentials = SignedJwtAssertionCredentials(service_account,
bytes(private_key, "utf-8"),
scopes,
**kwargs)
credentials.refresh(httplib2.Http())
return credentials.authorize(httplib2.Http())
def __init__(self, service_email=None, private_key=None, user_email=None):
"""
Handles credentials and builds the google service.
:param service_email: String
:param private_key: Path
:param user_email: String
:raise ValueError:
"""
self._service_email = service_email or settings.GOOGLE_DRIVE_STORAGE_SERVICE_EMAIL
self._key = private_key or settings.GOOGLE_DRIVE_STORAGE_KEY
kwargs = {}
if user_email or settings.GOOGLE_DRIVE_STORAGE_USER_EMAIL:
self._user_email = kwargs[
'sub'] = user_email or settings.GOOGLE_DRIVE_STORAGE_USER_EMAIL
credentials = SignedJwtAssertionCredentials(
self._service_email,
self._key,
scope="https://www.googleapis.com/auth/drive",
**kwargs)
http = httplib2.Http()
http = credentials.authorize(http)
self._drive_service = build('drive', 'v2', http=http)
def authenticate_google_docs():
credentials = SignedJwtAssertionCredentials(constants.EMAIL_ID, constants.SIGNED_KEY, constants.SCOPE)
data = {
'refresh_token': constants.REFRESH_TOKEN,
'client_id': constants.CLIENT_ID,
'client_secret': constants.CLIENT_SECRET,
'grant_type': 'refresh_token',
}
r = requests.post('https://accounts.google.com/o/oauth2/token', data = data)
credentials.access_token = ast.literal_eval(r.text)['access_token']
service = discovery.build('drive', 'v2', http=credentials.authorize(Http()))
media_body = MediaFileUpload('/tmp/dgtech.csv', mimetype='text/csv', resumable=True)
file_metadata = {
'title': 'dgtech.csv',
'mimeType': 'application/vnd.google-apps.spreadsheet',
'parents': [{'id': constants.FOLDER_ID}]
}
try:
import pdb
pdb.set_trace()
param = {}
children = service.children().list(folderId=constants.FOLDER_ID, **param).execute()
file_list = [str(item['id']) for item in children['items']]
print(file_list)
service.children().delete(folderId=constants.FOLDER_ID, childId=file_list[0]).execute()
file = service.files().insert(body=file_metadata, media_body=media_body, fields='id').execute()
#logger.info("file id of the file upoaded = %s ", (file.get('id')))
except Exception as e:
print(str(e))
#logger.exception("Exception occured while uploading the file")
def googleLogin():
import os
#login and use google api
p12=os.path.join(os.path.dirname(os.path.realpath(__file__)),"key1.pem") #"D:\\github\\hdma-dui\\ws\\key1.pem"
import httplib2
from apiclient.discovery import build
from oauth2client.client import SignedJwtAssertionCredentials
# Here's the file you get from API Console -> Service Account.
with open(p12) as f:
key=f.read()
# Create an httplib2.Http object to handle our HTTP requests and authorize it
# with the Credentials. Note that the first parameter, service_account_name,
# is the Email address created for the Service account. It must be the email
# address associated with the key that was created.
credentials = SignedJwtAssertionCredentials(
'*****@*****.**',
key,
scope='https://www.googleapis.com/auth/fusiontables')
http = httplib2.Http()
http = credentials.authorize(http)
return build("fusiontables", "v2", http=http)
def connect(self, keyFile=KEY_FILE, account=ACCOUNT):
try:
f = file(keyFile, 'rb')
except IOError:
logger.error('Could not find key file. Please verify settings.')
return None
key = f.read()
f.close()
credentials = SignedJwtAssertionCredentials(
account,
key,
scope=[
'https://www.googleapis.com/auth/fusiontables',
'https://www.googleapis.com/auth/fusiontables.readonly',
]
)
self.http = httplib2.Http()
self.http = credentials.authorize(self.http)
i = 0
while (not self.service and i < 10 and not time.sleep(10)):
try:
self.service = build('fusiontables', 'v1', http=self.http)
except httplib2.ServerNotFoundError:
logger.warning('Unable to find server for authentication.')
except HttpError:
logger.warning('HTTP error when trying to authenticate.')
return self.service
def createService(scope, build_type, build_version, user_email):
"""Build and returns a Drive service object authorized with the service accounts
that act on behalf of the given user.
Args:
user_email: The email of the user.
Returns:
Calendar service object.
"""
try:
f = file(SERVICE_ACCOUNT_PKCS12_FILE_PATH, 'rb')
key = f.read()
f.close()
except IOError:
logging.fatal("Failed to open PKCS12 keyfile.")
sys.exit(1)
except:
logging.fatal("Unspecified error opening PKCS12 keyfile.")
sys.exit(1)
# Handle oauth storage tokens.
# NOTICE: There might be a much better way to do this.
storage = Storage(CES_SETTINGS['oauthStorage'] + "_" + build_type + "_" + user_email)
credentials = storage.get()
if credentials is None or credentials.invalid:
# WARNING: prn will apparently change to sub
credentials = SignedJwtAssertionCredentials(SERVICE_ACCOUNT_EMAIL, key,
scope=scope, prn=user_email)
storage.put(credentials)
http = httplib2.Http()
http = credentials.authorize(http)
return build(build_type, build_version, http=http)
def list_instances(client_cert_file, client_email, project, zone):
with open(client_cert_file) as f:
private_key = f.read()
credentials = SignedJwtAssertionCredentials(
client_email, private_key,
'https://www.googleapis.com/auth/compute.readonly')
http = Http()
credentials.authorize(http)
try:
compute = build('compute', 'v1', http=http)
resp_json = compute.instances().list(project=project,
zone=zone).execute()
except HttpError:
raise GoogleClientError(
'Failed to make "list instances" Google cloud API request')
return resp_json
def retrieve_authorizations_for_client(service_account_json, user_email,
client_id, start_time):
service_account_credentials = json.loads(
open(service_account_json, 'r').read())
client_email = service_account_credentials["client_email"]
private_key = service_account_credentials["private_key"]
user_email = user_email
credentials = SignedJwtAssertionCredentials(
client_email,
private_key,
['https://www.googleapis.com/'
'auth/'
'admin.reports.audit.readonly'],
sub=user_email)
http = credentials.authorize(httplib2.Http())
service = discovery.build('admin', 'reports_v1', http=http)
activity_response = service.activities().\
list(applicationName="token",
userKey="all",
eventName="authorize",
startTime=start_time).execute()
check_if_client_id_authorized(activity_response.get("items"), client_id)
while activity_response.get("nextPageToken"):
activity_response = service.activities().\
list(applicationName="token",
userKey="all",
eventName="authorize",
pageToken=activity_response.get("nextPageToken"),
startTime=start_time).execute()
check_if_client_id_authorized(activity_response.get("items"),
client_id)
def fill_fusiontable(outfile_path):
# Procedure to dump CSV file to Fusion Tables
try:
# Here's the file you get from API Console -> Service Account.
f = file('**.p12', 'rb')
key = f.read()
f.close()
# Create an httplib2.Http object to handle our HTTP requests and authorize it
# with the Credentials. Note that the first parameter, service_account_name,
# is the Email address created for the Service account. It must be the email
# address associated with the key that was created.
credentials = SignedJwtAssertionCredentials(
'**.iam.gserviceaccount.com',
key,
scope='https://www.googleapis.com/auth/fusiontables')
http = httplib2.Http()
http = credentials.authorize(http)
service = build("fusiontables", "v2", http=http)
media_body = MediaFileUpload(filename=outfile_path,
mimetype="application/octet-stream")
print service.table().replaceRows(
tableId='1DT2tM2bsPcAo5TTUoYt8QVR02du8PI0eVCZe3swm',
media_body=media_body,
encoding="auto-detect",
delimiter="|",
startLine=1,
isStrict=True).execute()
except ValueError, e:
print 'er is iets mis gegaan:', e
def main():
"""
main function
"""
with open(settings.SERVICE_ACCOUNT_JSON) as json_file:
json_data = json.load(json_file)
#print json_data
credentials = SignedJwtAssertionCredentials(
json_data['client_email'],
json_data['private_key'],
scope='https://apps-apis.google.com/a/feeds/emailsettings/2.0/',
access_type="offline",
approval_prompt = "force",
sub=email
)
storage = Storage(settings.STORAGE_FILE)
storage.put(credentials)
#credentials = storage.get()
credentials.get_access_token()
if test:
print credentials.__dict__
#print credentials.access_token
http = httplib2.Http()
auth = credentials.authorize(http)
# refresh does not seem to work
credentials.refresh(http)
print credentials.__dict__
class GoogleCredentials(object):
def _read_private_key(self, keyfile):
"""
"""
with open(keyfile) as f:
return f.read()
def __init__(self, service_account, keyfile, permission, impersonate_as):
"""
"""
self.auth_url = 'https://www.googleapis.com/auth/%s' % permission
self.impersonate_as = impersonate_as
self.service_account = service_account
self.private_key = self._read_private_key(keyfile)
self.credentials = SignedJwtAssertionCredentials(self.service_account, self.private_key, self.auth_url,
sub=self.impersonate_as)
self.authorization = None
def authorize(self):
"""
"""
if not self.authorization:
self.authorization = self.credentials.authorize(httplib2.Http())
return self.authorization
def post(self): # should run at most 1/s
json_row = self.request.get('json')
dataset_name = self.request.get('dataset')
table_name = self.request.get('table')
# OBTAIN THE KEY FROM THE GOOGLE APIs CONSOLE
# More instructions here: http://goo.gl/w0YA0
f = file(private_key_file, 'rb')
key = f.read()
f.close()
credentials = SignedJwtAssertionCredentials(
SERVICE_ACCOUNT_EMAIL,
key,
scope='https://www.googleapis.com/auth/bigquery')
http = Http()
http = credentials.authorize(http)
bigquery = build('bigquery', 'v2', http=http)
stream_row_to_bigquery(bigquery,
project_id,
dataset_name,
table_name,
json.loads(json_row),
num_retries=5)
print 'inserted to bigquery table: ' + table_name + '\n'
def delete(name_event,postcode):
client_email = '*****@*****.**'
with open("CMSTest-5f1753f2f1a0.p12",'rb') as f:
private_key = f.read()
credentials = SignedJwtAssertionCredentials(client_email, private_key,
'https://www.googleapis.com/auth/fusiontables',sub = '*****@*****.**')
http_auth = credentials.authorize(Http())
#http = Http()
query1 = "SELECT rowid FROM 1lrwBUW2WdOCgC-BRr8qG9jmSgjYOF7lBPt3xKQfr WHERE Event = '"+name_event+"' AND Location = "+str(postcode)
fusion = build('fusiontables', 'v2', http=http_auth)
Response = fusion.query().sql(sql=query1)
rep = Response.execute()
#print rep['rows'][0][0]
rowid = rep['rows'][0][0]
query2 = "DELETE FROM 1lrwBUW2WdOCgC-BRr8qG9jmSgjYOF7lBPt3xKQfr WHERE rowid = '"+str(rowid)+"'"
Response2 = fusion.query().sql(sql=query2)
rep2 = Response2.execute()
print rep2;
#print Response.execute().read();
#sqladmin = build('drive', 'v2', http=http)
#sqladmin.instances().list().execute();
return
#if __name__ == "__main__":
# main()
def _authorize(self):
"""
Returns an authorized HTTP object to be used to build a Google cloud
service hook connection.
"""
connection_info = self.get_connection(self.conn_id)
connection_extras = connection_info.extra_dejson
service_account = connection_extras.get("service_account", False)
key_path = connection_extras.get("key_path", False)
kwargs = {}
if self.delegate_to:
kwargs["sub"] = self.delegate_to
if not key_path or not service_account:
logging.info(
"Getting connection using `gcloud auth` user, since no service_account/key_path are defined for hook."
)
credentials = GoogleCredentials.get_application_default()
elif self.scope:
with open(key_path, "rb") as key_file:
key = key_file.read()
credentials = SignedJwtAssertionCredentials(service_account, key, scope=self.scope, **kwargs)
else:
raise AirflowException("Scope undefined, or either key_path/service_account config was missing.")
http = httplib2.Http()
return credentials.authorize(http)
def create_drive_service(service_account_pkcs12_file,\
service_account_email, scope, user_email):
"""Build and returns a Drive service object authorized with the service accounts
that act on behalf of the given user.
Args:
user_email: The email of the user.
Returns:
Drive service object.
"""
f = file(service_account_pkcs12_file, 'rb')
key = f.read()
f.close()
credentials = SignedJwtAssertionCredentials(service_account_email, key,\
scope=scope, sub=user_email)
print "Finish getting credentials for user %s" % user_email
http = httplib2.Http()
http = credentials.authorize(http)
print "Finish authorize user %s" % user_email
try:
drive_service = build('drive', 'v2', http=http)
return drive_service
except AccessTokenRefreshError, error:
print "Error when getting drive service of user %s:\n > Error: %s"\
% (user_email, error)
def buildService(clientEmail, keyFile, domain, service, version, **kwargs):
print "<Google_Service_Builder> retrieving credentials..."
with open(keyFile) as f:
privateKey = f.read()
credentials = SignedJwtAssertionCredentials(
clientEmail, privateKey, 'https://www.googleapis.com/auth/' + domain)
if not credentials or credentials.invalid:
raise GSBError("Could not retrieve credentials")
print "<Google_Service_Builder> authorizing credentials..."
http = httplib2.Http()
httpAuth = credentials.authorize(http)
if not httpAuth:
raise GSBError("Could not authorize credentials")
print "<Google_Service_Builder> building %s object..." % service
bigquery = build(service, version, http=httpAuth)
if not bigquery:
raise GSBError("Could not successfully build BigQuery")
print "<Google_Service_Builder> %s successfully built!!!" % service
return bigquery
def get_service(api_name, api_version, scope, key_file_location,
service_account_email):
"""Get a service that communicates to a Google API.
Args:
api_name: The name of the api to connect to.
api_version: The api version to connect to.
scope: A list auth scopes to authorize for the application.
key_file_location: The path to a valid service account p12 key file.
service_account_email: The service account email address.
Returns:
A service that is connected to the specified API.
"""
f = open(key_file_location, 'rb')
key = f.read()
f.close()
credentials = SignedJwtAssertionCredentials(service_account_email,
key,
scope=scope)
http = credentials.authorize(httplib2.Http())
# Build the service object.
service = build(api_name, api_version, http=http)
return service
def create_plus_service(user_email):
if current_plus_service["user_email"] == user_email and current_plus_service["service"]:
return current_plus_service["service"]
else:
print("NEW AUTHENTICATION NECESSARY: current email is " + current_plus_service["user_email"] + " and new email is " + user_email)
f = file(SERVICE_ACCOUNT_PEM_FILE_PATH, 'rb')
key = f.read()
f.close()
http = httplib2.Http()
cached_http = cache.get('plus_http_' + user_email)
if not cached_http == None:
http = cached_http
logging.debug("CACHE HIT")
else:
credentials = SignedJwtAssertionCredentials(SERVICE_ACCOUNT_EMAIL, key, scope=[
"https://www.googleapis.com/auth/plus.circles.read",
"https://www.googleapis.com/auth/plus.circles.write",
"https://www.googleapis.com/auth/plus.profiles.read",
"https://www.googleapis.com/auth/plus.stream.read",
"https://www.googleapis.com/auth/plus.stream.write",
], sub=user_email)
http = credentials.authorize(http)
cache.set('plus_http_' + user_email, http, 30)
logging.debug("CACHE MISS")
service = build("plus", "v1domains", http=http)
# save for current session
current_plus_service["user_email"] = user_email
current_plus_service["service"] = service
return service
def _authorize(self):
"""
Returns an authorized HTTP object to be used to build a Google cloud
service hook connection.
"""
connection_info = self.get_connection(self.conn_id)
connection_extras = connection_info.extra_dejson
service_account = connection_extras.get('service_account', False)
key_path = connection_extras.get('key_path', False)
kwargs = {}
if self.delegate_to:
kwargs['sub'] = self.delegate_to
if not key_path or not service_account:
logging.info(
'Getting connection using `gcloud auth` user, since no service_account/key_path are defined for hook.'
)
credentials = GoogleCredentials.get_application_default()
elif self.scope:
with open(key_path, 'rb') as key_file:
key = key_file.read()
credentials = SignedJwtAssertionCredentials(service_account,
key,
scope=self.scope,
**kwargs)
else:
raise AirflowException(
'Scope undefined, or either key_path/service_account config was missing.'
)
http = httplib2.Http()
return credentials.authorize(http)
def GetUsersProjects(emails, jsonKey):
'''
This issues 1 call to the Cloud Resource Manager API for EACH user passed in emails.
An account with 50,000 users will have 50,000 API calls, but this should still be well within
normal quotas.
The API lists all the Cloud Platform projects the user has access to. The list may be empty.
This function returns a list of (user, project) where user has access to project.
'''
userProjectList = []
for user in emails:
credential = SignedJwtAssertionCredentials(jsonKey['client_email'], jsonKey['private_key'],
'https://www.googleapis.com/auth/cloud-platform', sub=user['primaryEmail'])
httpAuth = credential.authorize(Http())
service = build('cloudresourcemanager', 'v1beta1', http=httpAuth)
request = service.projects().list()
while request != None:
results = request.execute()
if len(results) > 0:
for project in results['projects']:
userProjectList.append((user['primaryEmail'], project['name'], project['projectId'],
project['projectNumber']))
request = service.projects().list_next(request, results)
return userProjectList
def main():
"""
main function
"""
with open(settings.SERVICE_ACCOUNT_JSON) as json_file:
json_data = json.load(json_file)
#print json_data
credentials = SignedJwtAssertionCredentials(
json_data['client_email'],
json_data['private_key'],
scope='https://apps-apis.google.com/a/feeds/emailsettings/2.0/',
access_type="offline",
approval_prompt="force",
sub=email)
storage = Storage(settings.STORAGE_FILE)
storage.put(credentials)
#credentials = storage.get()
credentials.get_access_token()
if test:
print credentials.__dict__
#print credentials.access_token
http = httplib2.Http()
auth = credentials.authorize(http)
# refresh does not seem to work
credentials.refresh(http)
print credentials.__dict__
def index(request):
email = settings.DOMAIN_SUPER_USER_EMAIL
with open(settings.SERVICE_ACCOUNT_KEY) as f:
private_key = f.read()
credentials = SignedJwtAssertionCredentials(
settings.CLIENT_EMAIL,
private_key,
'https://www.googleapis.com/auth/admin.directory.user',
sub=email)
http = httplib2.Http()
http = credentials.authorize(http)
service = build("admin", "directory_v1", http=http)
results = service.users().list(customer='carthage.edu',
maxResults=10,
orderBy='email',
viewType='domain_public').execute()
users = results.get('users', [])
return render(request, 'calendar/index.html', {
'users': results,
})
def get_conn(self):
"""
Returns a BigQuery service object.
"""
connection_info = self.get_connection(self.bigquery_conn_id)
connection_extras = connection_info.extra_dejson
service_account = connection_extras['service_account']
key_path = connection_extras['key_path']
with file(key_path, 'rb') as key_file:
key = key_file.read()
credentials = SignedJwtAssertionCredentials(
service_account,
key,
scope=BQ_SCOPE)
# TODO Support domain delegation, which will allow us to set a sub-account to execute as. We can then
# pass DAG owner emails into the connection_info, and use it here.
# sub='*****@*****.**')
http = httplib2.Http()
http_authorized = credentials.authorize(http)
service = build('bigquery', 'v2', http=http_authorized)
return service
def get_analytics():
f = file(SERVICE_ACCOUNT_PKCS12_FILE_PATH, 'rb')
key = f.read()
f.close()
credentials = SignedJwtAssertionCredentials(
SERVICE_ACCOUNT_EMAIL,
key,
scope='https://www.googleapis.com/auth/analytics.readonly',
)
http = httplib2.Http()
http = credentials.authorize(http)
service = build('analytics', 'v3', http=http)
end_date = datetime.date.today()
# 30 days ago
start_date = end_date - datetime.timedelta(days=30)
data_query = service.data().ga().get(**{
'ids': 'ga:89346711', # the code of our project in Google Analytics
'dimensions': '',
'metrics': 'ga:pageviews,ga:uniquePageviews,ga:avgTimeOnPage',
'start_date': start_date.strftime('%Y-%m-%d'),
'end_date': end_date.strftime('%Y-%m-%d'),
'sort': '-ga:pageviews',
})
analytics_data = data_query.execute()
return analytics_data
