def _GetServiceAccountCreds(args): """Gets service account credentials from given file path or default if any. Args: args: Command arguments. Returns: str, service account credentials. """ if args.json_key: file_content = _LoadJsonFile(args.json_key) return base64.b64encode(file_content).decode("utf-8") account = properties.VALUES.core.account.Get() if not account: raise store.NoActiveAccountException() cred = store.Load(account, prevent_refresh=True) if not cred: raise store.NoCredentialsForAccountException(account) account_type = creds.CredentialType.FromCredentials(cred) if account_type == creds.CredentialType.SERVICE_ACCOUNT: paths = config.Paths() json_content = files.ReadFileContents( paths.LegacyCredentialsAdcPath(account)) return base64.b64encode(json_content.encode("utf-8")).decode("utf-8") return ""
def main(): """Launches bq.""" version = bootstrapping.ReadFileContents('platform/bq', 'VERSION') bootstrapping.CommandStart('bq', version=version) blocked_commands = { 'init': 'To authenticate, run gcloud auth.', } argv = bootstrapping.GetDecodedArgv() bootstrapping.WarnAndExitOnBlockedCommand(argv, blocked_commands) cmd_args = [arg for arg in argv[1:] if not arg.startswith('-')] args = [] if cmd_args and cmd_args[0] not in ('version', 'help'): # Check for credentials only if they are needed. store.Load() # Checks if there are active credentials project, account = bootstrapping.GetActiveProjectAndAccount() adc_path = config.Paths().LegacyCredentialsAdcPath(account) single_store_path = config.Paths().LegacyCredentialsBqPath(account) gce_metadata = gce.Metadata() if gce_metadata and account in gce_metadata.Accounts(): args = ['--use_gce_service_account'] elif os.path.isfile(adc_path): args = ['--application_default_credential_file', adc_path, '--credential_file', single_store_path] else: p12_key_path = config.Paths().LegacyCredentialsP12KeyPath(account) if os.path.isfile(p12_key_path): args = ['--service_account', account, '--service_account_credential_file', single_store_path, '--service_account_private_key_file', p12_key_path] else: # Don't have any credentials we can pass. raise store.NoCredentialsForAccountException(account) use_client_cert = ( os.getenv('GOOGLE_API_USE_CLIENT_CERTIFICATE', 'false').upper() == 'TRUE') if use_client_cert: args.append('--mtls') _MaybeAddOption(args, 'project_id', project) bootstrapping.CheckUpdates('bq') proxy_params = properties.VALUES.proxy _MaybeAddOption(args, 'proxy_address', proxy_params.address.Get()) _MaybeAddOption(args, 'proxy_port', proxy_params.port.Get()) _MaybeAddOption(args, 'proxy_username', proxy_params.username.Get()) _MaybeAddOption(args, 'proxy_password', proxy_params.password.Get()) _MaybeAddOption(args, 'disable_ssl_validation', properties.VALUES.auth.disable_ssl_validation.GetBool()) _MaybeAddOption(args, 'ca_certificates_file', properties.VALUES.core.custom_ca_certs_file .Get()) bootstrapping.ExecutePythonTool( 'platform/bq', 'bq.py', *args)
def main(): """Launches bq.""" version = bootstrapping.GetFileContents('platform/bq', 'VERSION') bootstrapping.CommandStart('bq', version=version) blacklist = { 'init': 'To authenticate, run gcloud auth.', } bootstrapping.CheckForBlacklistedCommand(sys.argv, blacklist, warn=True, die=True) cmd_args = [arg for arg in sys.argv[1:] if not arg.startswith('-')] args = [] if cmd_args and cmd_args[0] not in ('version', 'help'): # Check for credentials only if they are needed. store.Load() # Checks if there are active credentials project, account = bootstrapping.GetActiveProjectAndAccount() adc_path = config.Paths().LegacyCredentialsAdcPath(account) single_store_path = config.Paths().LegacyCredentialsBqPath(account) gce_metadata = gce.Metadata() if gce_metadata and account in gce_metadata.Accounts(): args = ['--use_gce_service_account'] elif os.path.isfile(adc_path): args = [ '--application_default_credential_file', adc_path, '--credential_file', single_store_path ] else: p12_key_path = config.Paths().LegacyCredentialsP12KeyPath(account) if os.path.isfile(p12_key_path): args = [ '--service_account', account, '--service_account_credential_file', single_store_path, '--service_account_private_key_file', p12_key_path ] else: # Don't have any credentials we can pass. raise store.NoCredentialsForAccountException(account) _MaybeAddOption(args, 'project', project) bootstrapping.CheckUpdates('bq') proxy_params = properties.VALUES.proxy _MaybeAddOption(args, 'proxy_address', proxy_params.address.Get()) _MaybeAddOption(args, 'proxy_port', proxy_params.port.Get()) _MaybeAddOption(args, 'proxy_username', proxy_params.username.Get()) _MaybeAddOption(args, 'proxy_password', proxy_params.password.Get()) _MaybeAddOption(args, 'disable_ssl_validation', properties.VALUES.auth.disable_ssl_validation.GetBool()) _MaybeAddOption(args, 'ca_certificates_file', properties.VALUES.core.custom_ca_certs_file.Get()) bootstrapping.ExecutePythonTool('platform/bq', 'bq.py', *args)
def FakeAuthSetCredentialsPresent(self, present): """Set whether there should be active credentials. Args: present: bool, True to have credentials present, False for no credentials. """ if present: # pylint:disable=unused-argument # This function must match the signature of store.Load. def _FakeLoad(account=None, scopes=None, prevent_refresh=False, allow_account_impersonation=True, use_google_auth=False): return self._FakeAuthCredential(use_google_auth) # pylint:enable=unused-argument self._load_mock.side_effect = _FakeLoad else: self._load_mock.side_effect = c_store.NoCredentialsForAccountException( self.FakeAuthAccount())