def get_google_credentials(use_jwt_credentials_auth=False,
jwt_account_name='',
jwt_key_func=None,
oauth_credentails_file=None):
if use_jwt_credentials_auth: # Local debugging using pem file
raise Exception(
"JWT tokens no longer supported (and probably not necessary")
elif is_in_appengine(): # App engine
scope = 'https://www.googleapis.com/auth/devstorage.read_write'
from oauth2client.contrib.appengine import AppAssertionCredentials
logging.debug("Using Standard appengine authentication")
return AppAssertionCredentials(scope=scope)
elif oauth_credentails_file: # Local oauth token
storage = Storage(oauth_credentails_file)
logging.debug("Using Standard OAuth authentication")
credentials = storage.get()
if not credentials:
raise GoogleCloudAuthorizationConfigurationError(
'No credential file present')
return credentials
elif is_in_gce_machine(): # GCE authorization
from oauth2client.contrib.gce import AppAssertionCredentials
logging.debug("Using GCE authentication")
return AppAssertionCredentials('')
raise GoogleCloudAuthorizationConfigurationError('No Credentials provided')
def test_get_access_token_on_refresh(self):
app_identity_stub = self.AppIdentityStubImpl()
apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
apiproxy_stub_map.apiproxy.RegisterStub("app_identity_service",
app_identity_stub)
apiproxy_stub_map.apiproxy.RegisterStub(
'memcache', memcache_stub.MemcacheServiceStub())
scope = [
"http://www.googleapis.com/scope",
"http://www.googleapis.com/scope2"
]
credentials = AppAssertionCredentials(scope)
http = httplib2.Http()
credentials.refresh(http)
self.assertEqual('a_token_123', credentials.access_token)
json = credentials.to_json()
credentials = Credentials.new_from_json(json)
self.assertEqual(
'http://www.googleapis.com/scope http://www.googleapis.com/scope2',
credentials.scope)
scope = ('http://www.googleapis.com/scope '
'http://www.googleapis.com/scope2')
credentials = AppAssertionCredentials(scope)
http = httplib2.Http()
credentials.refresh(http)
self.assertEqual('a_token_123', credentials.access_token)
self.assertEqual(
'http://www.googleapis.com/scope http://www.googleapis.com/scope2',
credentials.scope)
def stop_vm(instance_name):
credentials = AppAssertionCredentials(scope='https://www.googleapis.com/auth/compute')
http = credentials.authorize(httplib2.Http(memcache))
compute = discovery.build('compute', 'v1', http=http)
result = compute.instances().stop(instance=instance_name, zone=INSTANCE_ZONE, project=PROJECT).execute()
logging.debug(result)
return json.dumps(result, indent=4)
def generate_jwt():
"""Generates a signed JSON Web Token using a service account."""
credentials = AppAssertionCredentials(
'https://www.googleapis.com/auth/iam')
http_auth = credentials.authorize(httplib2.Http())
service = build(serviceName='iam', version='v1', http=http_auth)
now = int(time.time())
header_json = json.dumps({"typ": "JWT", "alg": "RS256"})
payload_json = json.dumps({
'iat': now,
# expires after one hour.
"exp": now + 3600,
# iss is the service account email.
'iss': SERVICE_ACCOUNT_EMAIL,
'sub': SERVICE_ACCOUNT_EMAIL,
# aud must match 'audience' in the security configuration in your
# swagger spec.It can be any string.
'aud': 'echo.endpoints.sample.google.com',
"email": SERVICE_ACCOUNT_EMAIL
})
headerAndPayload = '{}.{}'.format(base64.urlsafe_b64encode(header_json),
base64.urlsafe_b64encode(payload_json))
slist = service.projects().serviceAccounts().signBlob(
name=SERVICE_ACCOUNT,
body={'bytesToSign': base64.b64encode(headerAndPayload)})
res = slist.execute()
signature = base64.urlsafe_b64encode(base64.decodestring(res['signature']))
signed_jwt = '{}.{}'.format(headerAndPayload, signature)
return signed_jwt
def get_service(api_client, version, scope):
if DEV:
scopes = [scope]
credentials = ServiceAccountCredentials.from_json_keyfile_name(
'qvo-vadis-0c249553334b.json', scopes)
else:
credentials = AppAssertionCredentials(scope)
http_auth = credentials.authorize(Http())
service = build(api_client, version, http=http_auth)
return service
def get_credential():
if os.getenv('SERVER_SOFTWARE', '').startswith('Google App Engine'):
from oauth2client.contrib.appengine import AppAssertionCredentials
return AppAssertionCredentials(SCOPE)
else:
# pkmn_tool_credential is returning service_account credentials.
from oauth2client.service_account import ServiceAccountCredentials
from .pkmn_tool_credential import get_credential_file
credentials = get_credential_file()
return ServiceAccountCredentials.from_json_keyfile_dict(
credentials, SCOPE)
def _decorated(self, *args, **kwargs):
credentials = AppAssertionCredentials(
scope='https://www.googleapis.com/auth/devstorage.full_control')
http = credentials.authorize(httplib2.Http(memcache))
self.gcs_service = build('storage',
'v1',
http=http,
developerKey=DEVELOPER_KEY)
self.gcs_service.BUCKET = BUCKET
return function(self, *args, **kwargs)
def start_vm():
credentials = AppAssertionCredentials(scope='https://www.googleapis.com/auth/compute')
logging.debug(memcache)
http = credentials.authorize(httplib2.Http(memcache))
logging.debug(http)
compute = build('compute', 'v1')
# Start the VM!
# result = compute.instances().start(instance='jocsub-1', zone='asia-northeast1-b', project='jocc-121ee').execute()
result = compute.instances().start(instance='swing', zone='asia-southeast1-b', project='sage-buttress-226108').execute()
logging.debug(result)
return json.dumps(result, indent=4)
def test_get_access_token(self):
app_identity_stub = self.AppIdentityStubImpl()
apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
apiproxy_stub_map.apiproxy.RegisterStub("app_identity_service",
app_identity_stub)
apiproxy_stub_map.apiproxy.RegisterStub(
'memcache', memcache_stub.MemcacheServiceStub())
credentials = AppAssertionCredentials(['dummy_scope'])
token = credentials.get_access_token()
self.assertEqual('a_token_123', token.access_token)
self.assertEqual(None, token.expires_in)
def test_raise_correct_type_of_exception(self):
app_identity_stub = self.ErroringAppIdentityStubImpl()
apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
apiproxy_stub_map.apiproxy.RegisterStub('app_identity_service',
app_identity_stub)
apiproxy_stub_map.apiproxy.RegisterStub(
'memcache', memcache_stub.MemcacheServiceStub())
scope = 'http://www.googleapis.com/scope'
credentials = AppAssertionCredentials(scope)
http = httplib2.Http()
self.assertRaises(AccessTokenRefreshError, credentials.refresh, http)
def modelDelete(self, request):
logging.info('modelDelete')
# Verify Firebase auth.
#claims = firebase_helper.verify_auth_token(self.request_state)
id_token = self.request_state.headers['x-metagame-auth'].split(
' ').pop()
claims = google.oauth2.id_token.verify_firebase_token(
id_token, HTTP_REQUEST)
if not claims:
## TODO make this more modular, somehow. We have no idea who this user is at this point, so can't write to the firebase user record.
logging.error('Firebase Unauth')
response = ModelResponse(
#models = None,
more=None,
cursor=None,
response_message='Firebase Unauth.',
response_successful=False)
return response
## get the model
modelController = ModelController()
model = modelController.get_by_key_id(int(request.key_id))
if not model:
logging.error('model not found')
return ModelResponse(response_message="Model Not Found",
response_successful=False)
modelController.delete(model)
credentials = AppAssertionCredentials(
'https://www.googleapis.com/auth/sqlservice.admin')
http_auth = credentials.authorize(Http())
model_json = json.dumps(model.to_json())
logging.info(model_json)
headers = {"Content-Type": "application/json"}
URL = "https://ue4topia.firebaseio.com/model/%s.json" % model.key.id()
resp, content = http_auth.request(
URL,
"DELETE", ## We can delete data with a DELETE request
model_json,
headers=headers)
logging.info(resp)
logging.info(content)
return ModelResponse(response_message="Model Deleted")
def test_service_account_email(self):
acct_name = '*****@*****.**'
app_identity_stub = self.AppIdentityStubImpl(svc_acct=acct_name)
apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
apiproxy_stub_map.apiproxy.RegisterStub('app_identity_service',
app_identity_stub)
credentials = AppAssertionCredentials([])
self.assertIsNone(credentials._service_account_email)
self.assertEqual(app_identity_stub._get_acct_name_calls, 0)
self.assertEqual(credentials.service_account_email, acct_name)
self.assertIsNotNone(credentials._service_account_email)
self.assertEqual(app_identity_stub._get_acct_name_calls, 1)
def test_service_account_email_already_set(self):
acct_name = '*****@*****.**'
credentials = AppAssertionCredentials([])
credentials._service_account_email = acct_name
app_identity_stub = self.AppIdentityStubImpl(svc_acct=acct_name)
apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
apiproxy_stub_map.apiproxy.RegisterStub('app_identity_service',
app_identity_stub)
self.assertEqual(app_identity_stub._get_acct_name_calls, 0)
self.assertEqual(credentials.service_account_email, acct_name)
self.assertEqual(app_identity_stub._get_acct_name_calls, 0)
def test_sign_blob(self):
key_name = b'1234567890'
sig_bytes = b'himom'
app_identity_stub = self.AppIdentityStubImpl(key_name=key_name,
sig_bytes=sig_bytes)
apiproxy_stub_map.apiproxy = apiproxy_stub_map.APIProxyStubMap()
apiproxy_stub_map.apiproxy.RegisterStub('app_identity_service',
app_identity_stub)
credentials = AppAssertionCredentials([])
to_sign = b'blob'
self.assertEqual(app_identity_stub._sign_calls, [])
result = credentials.sign_blob(to_sign)
self.assertEqual(result, (key_name, sig_bytes))
self.assertEqual(app_identity_stub._sign_calls, [to_sign])
def test_gae_type(self):
# Relies on setUp fixing up App Engine imports.
from oauth2client.contrib.appengine import AppAssertionCredentials
from gcloud._testing import _Monkey
from gcloud import credentials
APP_IDENTITY = self.APP_IDENTITY
CREDENTIALS = AppAssertionCredentials([])
STRING_TO_SIGN = b'STRING_TO_SIGN'
with _Monkey(credentials, _GAECreds=AppAssertionCredentials,
app_identity=APP_IDENTITY):
signed_bytes = self._callFUT(CREDENTIALS, b'STRING_TO_SIGN')
self.assertEqual(signed_bytes, STRING_TO_SIGN)
self.assertEqual(APP_IDENTITY._strings_signed, [STRING_TO_SIGN])
def test_gae_type(self):
# Relies on setUp fixing up App Engine imports.
from oauth2client.contrib.appengine import AppAssertionCredentials
from gcloud._testing import _Monkey
from gcloud import credentials
APP_IDENTITY = self.APP_IDENTITY
SERVICE_ACCOUNT_NAME = APP_IDENTITY.service_account_name
CREDENTIALS = AppAssertionCredentials([])
with _Monkey(credentials, _GAECreds=AppAssertionCredentials,
app_identity=APP_IDENTITY):
found = self._callFUT(CREDENTIALS)
self.assertEqual(found, SERVICE_ACCOUNT_NAME)
def start_vm():
"""Start VM instance"""
credentials = AppAssertionCredentials(
scope='https://www.googleapis.com/auth/compute')
http = credentials.authorize(httplib2.Http())
compute = discovery.build('compute', 'v1', http=http)
# Start the VM!
zone = os.environ.get('ZONE')
inst = os.environ.get('INST')
proj = os.environ.get('PROJ')
result = compute.instances().start(instance=inst, zone=zone,
project=proj).execute()
logging.debug(result)
# return json.dumps(result, indent=4)
return result["insertTime"]
def start_vm():
credentials = AppAssertionCredentials(
scope='https://www.googleapis.com/auth/compute')
http = credentials.authorize(httplib2.Http())
compute = discovery.build('compute', 'v1', http=http)
# Start the VM!
result = compute.instances().start(instance=INSTANCE_NAME,
zone=INSTANCE_ZONE,
project=PROJECT).execute()
result2 = compute.instances().start(instance=INSTANCE_NAME2,
zone=INSTANCE_ZONE,
project=PROJECT).execute()
logging.debug(result)
logging.debug(result2)
return json.dumps(result, indent=4)
return json.dumps(result2, indent=4)
def test_custom_service_account(self):
scope = "http://www.googleapis.com/scope"
account_id = "*****@*****.**"
with mock.patch.object(app_identity,
'get_access_token',
return_value=('a_token_456', None),
autospec=True) as get_access_token:
credentials = AppAssertionCredentials(
scope, service_account_id=account_id)
http = httplib2.Http()
credentials.refresh(http)
self.assertEqual('a_token_456', credentials.access_token)
self.assertEqual(scope, credentials.scope)
get_access_token.assert_called_once_with(
[scope], service_account_id=account_id)
def model_create(self, request):
# Verify Firebase auth.
#claims = firebase_helper.verify_auth_token(self.request_state)
id_token = self.request_state.headers['x-metagame-auth'].split(
' ').pop()
claims = google.oauth2.id_token.verify_firebase_token(
id_token, HTTP_REQUEST)
if not claims:
## TODO make this more modular, somehow. We have no idea who this user is at this point, so can't write to the firebase user record.
logging.error('Firebase Unauth')
response = ModelResponse(response_message='Firebase Unauth.',
response_successful=False)
return response
model = ModelController().create(description=request.description,
name=request.name,
user_id=claims['user_id'])
credentials = AppAssertionCredentials(
'https://www.googleapis.com/auth/sqlservice.admin')
http_auth = credentials.authorize(Http())
model_json = json.dumps(model.to_json())
#logging.info(model_json)
headers = {"Content-Type": "application/json"}
URL = "https://ue4topia.firebaseio.com/model/%s.json" % model.key.id()
resp, content = http_auth.request(
URL,
"PUT", ## Write or replace data to a defined path,
model_json,
headers=headers)
#logging.info(resp)
#logging.info(content)
return ModelResponse(response_message="Model Created")
def get(self):
scope = 'https://www.googleapis.com/auth/userinfo.email'
credentials = AppAssertionCredentials(scope)
http = credentials.authorize(Http())
DISCOVERY_URL = (
'https://monorail-prod.appspot.com/_ah/api/discovery/v1/apis/'
'{api}/{apiVersion}/rest')
monorail = build('monorail',
'v1',
discoveryServiceUrl=DISCOVERY_URL,
http=http)
if self.request.get('site') == 'issues':
urlfetch.set_default_fetch_deadline(10)
self.response.headers.add_header("Access-Control-Allow-Origin",
"*")
result = monorail.issues().list(projectId='chromium',
q=self.request.get('q'),
can='open').execute()
self.response.write(json.dumps(result))
elif self.request.get('site') == 'issue':
urlfetch.set_default_fetch_deadline(10)
self.response.headers.add_header("Access-Control-Allow-Origin",
"*")
result = monorail.issues().get(
projectId='chromium',
issueId=self.request.get('issueId')).execute()
self.response.write(json.dumps(result))
elif self.request.get('site') == 'comments':
urlfetch.set_default_fetch_deadline(10)
self.response.headers.add_header("Access-Control-Allow-Origin",
"*")
result = monorail.issues().comments().list(
projectId='chromium',
issueId=self.request.get('issueId')).execute()
self.response.write(json.dumps(result))
else:
# Local development server
#from oauth2client.client import GoogleCredentials
#credentials = GoogleCredentials.get_application_default()
# from oauth2client.service_account import ServiceAccountCredentials
# scopes = ['https://www.googleapis.com/auth/compute']
# cred_file = "./alexwiss-07e55c19e381.json"
# credentials = ServiceAccountCredentials.from_json_keyfile_name(cred_file, scopes=scopes)
redirect_uri = "http://localhost:8888/callback"
#from oauth2client.contrib.gce import AppAssertionCredentials
from oauth2client.contrib.appengine import AppAssertionCredentials
#from oauth2client.client import GoogleCredentials
#credentials = GoogleCredentials.get_application_default()
credentials = AppAssertionCredentials(
'https://www.googleapis.com/auth/compute')
http_auth = credentials.authorize(Http())
service = discovery.build('compute', 'v1', credentials=credentials)
project = 'alexwiss-website' # TODO: Update placeholder value.
zone = 'us-central1-f'
user = "******"
class Instance(ndb.Model):
user = ndb.StringProperty(indexed=True)
name = ndb.StringProperty(indexed=False)
expire_dttm = ndb.DateTimeProperty(auto_now_add=False)
def create_app(config, debug=False, testing=False, config_overrides=None):
app = Flask(__name__)
def test_create_scoped_required_without_scopes(self):
credentials = AppAssertionCredentials([])
self.assertTrue(credentials.create_scoped_required())
def get_http():
credentials = AppAssertionCredentials(
scope='https://www.googleapis.com/auth/compute')
http = credentials.authorize(httplib2.Http(memcache))
return http
class config_sheet(object):
__metaclass__ = Singleton
credentials = AppAssertionCredentials(
scope='https://www.googleapis.com/auth/spreadsheets.readonly')
http = credentials.authorize(httplib2.Http(memcache))
service = googleapiclient.discovery.build('sheets', 'v4')
def test_save_to_well_known_file(self):
os.environ[_CLOUDSDK_CONFIG_ENV_VAR] = tempfile.mkdtemp()
credentials = AppAssertionCredentials([])
self.assertRaises(NotImplementedError, save_to_well_known_file,
credentials)
del os.environ[_CLOUDSDK_CONFIG_ENV_VAR]
def get(self):
credentials = AppAssertionCredentials(
"https://www.googleapis.com/auth/calendar.readonly")
http_auth = credentials.authorize(Http())
cal_service = discovery.build('calendar', 'v3', http=http_auth)
service_settings = ServiceSettings.query().get()
if not service_settings:
service_settings = ServiceSettings()
next_sync_token = service_settings.cal_sync_token
cal_events = []
if next_sync_token:
now = None
else:
now = strict_rfc3339.now_to_rfc3339_utcoffset()
try:
events_result = cal_service.events().list(
calendarId="*****@*****.**",
timeMin=now,
syncToken=next_sync_token).execute()
except:
service_settings.cal_sync_token = None
service_settings.put()
raise
cal_events += events_result.get('items', [])
next_page_token = events_result.get('nextPageToken', None)
while next_page_token:
events_result = cal_service.events().list(
calendarId="*****@*****.**",
timeMin=now,
syncToken=next_sync_token,
pageToken=next_page_token).execute()
cal_events += events_result.get('items', [])
next_page_token = events_result.get('nextPageToken', None)
next_sync_token = events_result.get("nextSyncToken", None)
service_settings.cal_sync_token = next_sync_token
service_settings.put()
for cal_event in cal_events:
cal_id = cal_event.get("id")
event = Event.query().filter(Event.cal_id == cal_id).get()
if event:
q = taskqueue.Queue('default')
for task in event.tasks:
q.delete_tasks(taskqueue.Task(name=task))
event.tasks = []
if cal_event.get("status") == "cancelled":
event.key.delete()
logging.info("Event deleted: %s", event)
continue
else:
event = Event(cal_id=cal_id)
event.put()
summary = cal_event.get("summary")
description = cal_event.get("description")
start = cal_event.get("start")
end = cal_event.get("end")
start = parse_date_time(start.get("date"), start.get("dateTime"))
end = parse_date_time(end.get("date"), end.get("dateTime"))
event.summary = summary
event.description = description
event.start = start
event.end = end
set_event_reminders(event)
event.put()
logging.info("New event created: %s", event)
# Copyright 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Classes representing the monitoring interface for tasks or devices."""
import base64
import httplib2
from google.appengine.api import memcache
from oauth2client.contrib.appengine import AppAssertionCredentials
from apiclient import discovery
# Obtain service account credentials and authorize HTTP connection.
credentials = AppAssertionCredentials(
scope='https://www.googleapis.com/auth/userinfo.email')
http = credentials.authorize(httplib2.Http(memcache))
def _get_swarming_api(server='chromium-swarm.appspot.com'):
# Build a service object for interacting with the API.
api_root = 'https://%s/_ah/api' % server
api = 'swarming'
version = 'v1'
discovery_url = '%s/discovery/v1/apis/%s/%s/rest' % (api_root, api, version)
return discovery.build(
api, version, discoveryServiceUrl=discovery_url, http=http)
swarming = _get_swarming_api()
def _get_isolate_api(server='isolateserver.appspot.com'):
# Build a service object for interacting with the API.
def test_create_scoped_required_with_scopes(self):
credentials = AppAssertionCredentials(['dummy_scope'])
self.assertFalse(credentials.create_scoped_required())
def test_create_scoped(self):
credentials = AppAssertionCredentials([])
new_credentials = credentials.create_scoped(['dummy_scope'])
self.assertNotEqual(credentials, new_credentials)
self.assertTrue(isinstance(new_credentials, AppAssertionCredentials))
self.assertEqual('dummy_scope', new_credentials.scope)
