def test_impersonate_service_account_sets_target_scopes( self, mock_credentials): target_scopes = ['https://www.googleapis.com/auth/devstorage.read_only'] cloud_auth.impersonate_service_account(self.service_account_name, target_scopes) default_credentials, _ = self.mock_auth_default.return_value mock_credentials.assert_called_once_with( source_credentials=default_credentials, target_principal=self.service_account_name, target_scopes=target_scopes)
def __init__(self, project_id: str, service_account_name: Optional[str] = None, service_account_key_file: Optional[str] = None) -> None: """Initialize new instance of BigQueryUtils. Args: project_id: GCP project id. service_account_name: The service account name. service_account_key_file: File containing service account key. If both service_account_name and service_account_key_file are not passed the default credential will be used.There are following ways to create service accounts - 1) Use `build_service_client` method from `cloud_auth` module. 2) Use `gcloud` command line utility as documented here - https://cloud.google.com/iam/docs/creating-managing-service-account-keys """ if service_account_name: credentials = cloud_auth.impersonate_service_account( service_account_name) elif service_account_key_file: credentials = cloud_auth.get_credentials(service_account_key_file) else: logging.info( 'Neither Service account key file nor service account ' 'name was provided, so using default credentials.') credentials = cloud_auth.get_default_credentials() self.project_id = project_id self.client = bigquery.Client(project=project_id, credentials=credentials)
def test_impersonate_service_account(self): mock_credentials = mock.Mock(spec=service_account.Credentials) self.mock_auth_default.return_value = (mock_credentials, self.project_id) credentials = cloud_auth.impersonate_service_account( self.service_account_name) self.assertIsNotNone(credentials) self.assertIsInstance(credentials, impersonated_credentials.Credentials) self.mock_auth_default.assert_called_once()
def __init__(self, project_id: str, service_account_info: Mapping[str, str] = None, service_account_name: Optional[str] = None, service_account_key_file: Optional[str] = None) -> None: """Initialize new instance of CloudStorageUtils. Args: project_id: GCP project id. service_account_info: Mapping containing the service account info, such as the example below: { 'type': 'service_account', 'project_id': '[PROJECT_ID]', 'private_key_id': '[PRIVATE_KEY_ID]', 'private_key': '[PRIVATE_KEY]', 'client_email': '[CLIENT_EMAIL]', 'client_id': '[CLIENT_ID]', 'auth_uri': 'https://accounts.google.com/o/oauth2/auth', 'token_uri': 'https://accounts.google.com/o/oauth2/token', 'auth_provider_x509_cert_url': 'https://www.googleapis.com/oauth2/v1/certs', 'client_x509_cert_url': '[CERTIFICATE_URL]' } service_account_name: The service account name. service_account_key_file: File containing service account key. """ if service_account_name: credentials = cloud_auth.impersonate_service_account( service_account_name) elif service_account_key_file: credentials = cloud_auth.get_credentials(service_account_key_file) elif service_account_info: credentials = cloud_auth.get_credentials_from_info( service_account_info) else: logging.info( 'Neither Service account key file nor service account ' 'name was provided, so using default credentials.') credentials = cloud_auth.get_default_credentials() self.client = storage.Client(project=project_id, credentials=credentials)