def WriteTemplate(self):
"""Write the credential file."""
# General credentials used by bq and gsutil.
if self.credentials_type != creds.CredentialType.P12_SERVICE_ACCOUNT:
creds.ADC(self.credentials).DumpADCToFile(file_path=self._adc_path)
if self.credentials_type == creds.CredentialType.USER_ACCOUNT:
# We create a small .boto file for gsutil, to be put in BOTO_PATH.
# Our client_id and client_secret should accompany our refresh token;
# if a user loaded any other .boto files that specified a different
# id and secret, those would override our id and secret, causing any
# attempts to obtain an access token with our refresh token to fail.
self._WriteFileContents(
self._gsutil_path, '\n'.join([
'[OAuth2]',
'client_id = {cid}',
'client_secret = {secret}',
'',
'[Credentials]',
'gs_oauth2_refresh_token = {token}',
]).format(cid=config.CLOUDSDK_CLIENT_ID,
secret=config.CLOUDSDK_CLIENT_NOTSOSECRET,
token=self.credentials.refresh_token))
elif self.credentials_type == creds.CredentialType.SERVICE_ACCOUNT:
self._WriteFileContents(
self._gsutil_path, '\n'.join([
'[Credentials]',
'gs_service_key_file = {key_file}',
]).format(key_file=self._adc_path))
else:
raise creds.CredentialFileSaveError(
'Unsupported credentials type {0}'.format(
type(self.credentials)))
else: # P12 service account
cred = self.credentials
key = cred._private_key_pkcs12 # pylint: disable=protected-access
password = cred._private_key_password # pylint: disable=protected-access
files.WriteBinaryFileContents(self._p12_key_path,
key,
private=True)
# the .boto file gets some different fields
self._WriteFileContents(
self._gsutil_path, '\n'.join([
'[Credentials]',
'gs_service_client_id = {account}',
'gs_service_key_file = {key_file}',
'gs_service_key_file_password = {key_password}',
]).format(account=self.credentials.service_account_email,
key_file=self._p12_key_path,
key_password=password))
def __init__(self, account, credentials, scopes=None):
self.credentials = credentials
if self._cred_type not in (creds.USER_ACCOUNT_CREDS_NAME,
creds.SERVICE_ACCOUNT_CREDS_NAME,
creds.P12_SERVICE_ACCOUNT_CREDS_NAME):
raise creds.CredentialFileSaveError(
'Unsupported credentials type {0}'.format(type(self.credentials)))
if scopes is None:
self.scopes = config.CLOUDSDK_SCOPES
else:
self.scopes = scopes
paths = config.Paths()
# Bq file is not generated here. bq CLI generates it using the adc at
# self._adc_path and uses it as the cache.
# Register so it is cleaned up.
self._bq_path = paths.LegacyCredentialsBqPath(account)
self._gsutil_path = paths.LegacyCredentialsGSUtilPath(account)
self._p12_key_path = paths.LegacyCredentialsP12KeyPath(account)
self._adc_path = paths.LegacyCredentialsAdcPath(account)