def add_oauth_options(parser):
"""Appends OAuth related options to OptionParser."""
# Same options as in tools.argparser, excluding auth_host_name and
# logging_level. We should never ever use OAuth client_id with
# open-ended request_uri. It should always be 'localhost'.
parser.oauth_group = optparse.OptionGroup(parser, "OAuth options")
parser.oauth_group.add_option(
"--auth-no-local-webserver",
action="store_true",
default=tools.get_bool_env_var("SWARMING_AUTH_NO_LOCAL_WEBSERVER"),
help=(
"Do not run a local web server when performing OAuth2 login flow. "
"Can also be set with SWARMING_AUTH_NO_LOCAL_WEBSERVER=1 "
"environment variable."
),
)
parser.oauth_group.add_option(
"--auth-host-port",
action="append",
type=int,
default=[8080, 8090],
help=("Port a local web server should listen on. Used only if " "--auth-no-local-webserver is not set."),
)
parser.oauth_group.add_option(
"--auth-no-keyring",
action="store_true",
default=tools.get_bool_env_var("SWARMING_AUTH_NO_KEYRING"),
help=(
"Do not use system keyring to store OAuth2 tokens, store them in "
"file %s instead. Can also be set with SWARMING_AUTH_NO_KEYRING=1 "
"environment variable." % OAUTH_STORAGE_FILE
),
)
parser.add_option_group(parser.oauth_group)
def make_oauth_config(tokens_cache=None,
no_local_webserver=None,
webserver_port=None):
"""Returns new instance of OAuthConfig.
If some config option is not provided or None, it will be set to a reasonable
default value. This function also acts as an authoritative place for default
values of corresponding command line options.
Args:
tokens_cache: path to a file with cached OAuth2 credentials.
no_local_webserver: if True, do not try to run local web server that
handles redirects. Use copy-pasted verification code instead.
webserver_port: port to run local webserver on.
"""
if tokens_cache is None:
tokens_cache = os.environ.get('SWARMING_AUTH_TOKENS_CACHE',
DEFAULT_OAUTH_TOKENS_CACHE)
if no_local_webserver is None:
no_local_webserver = tools.get_bool_env_var(
'SWARMING_AUTH_NO_LOCAL_WEBSERVER')
# TODO(vadimsh): Add support for "find free port" option.
if webserver_port is None:
webserver_port = 8090
return OAuthConfig(tokens_cache, no_local_webserver, webserver_port)
def make_oauth_config(
disabled=None,
tokens_cache=None,
no_local_webserver=None,
webserver_port=None,
service_account_json=None):
"""Returns new instance of OAuthConfig.
If some config option is not provided or None, it will be set to a reasonable
default value. This function also acts as an authoritative place for default
values of corresponding command line options.
Args:
disabled: True to completely turn off OAuth authentication.
tokens_cache: path to a file with cached OAuth2 credentials.
no_local_webserver: if True, do not try to run local web server that
handles redirects. Use copy-pasted verification code instead.
webserver_port: port to run local webserver on.
service_account_json: path to JSON file with service account credentials.
"""
if tokens_cache is None:
tokens_cache = os.environ.get(
'SWARMING_AUTH_TOKENS_CACHE', DEFAULT_OAUTH_TOKENS_CACHE)
if no_local_webserver is None:
no_local_webserver = tools.get_bool_env_var(
'SWARMING_AUTH_NO_LOCAL_WEBSERVER')
if webserver_port is None:
webserver_port = 8090
if service_account_json is None:
service_account_json = os.environ.get('SWARMING_AUTH_SERVICE_ACCOUNT_JSON')
use_luci_context_auth = has_local_auth()
if disabled is None:
disabled = (tools.is_headless()
and not service_account_json and not use_luci_context_auth)
if disabled:
service_account_json = None
use_luci_context_auth = False
elif service_account_json and use_luci_context_auth:
raise ValueError('Cannot use both service account and LUCI_CONTEXT')
return OAuthConfig(
disabled,
tokens_cache,
no_local_webserver,
webserver_port,
service_account_json,
use_luci_context_auth)
def make_oauth_config(
disabled=None,
tokens_cache=None,
no_local_webserver=None,
webserver_port=None,
service_account_json=None):
"""Returns new instance of OAuthConfig.
If some config option is not provided or None, it will be set to a reasonable
default value. This function also acts as an authoritative place for default
values of corresponding command line options.
Args:
disabled: True to completely turn off OAuth authentication.
tokens_cache: path to a file with cached OAuth2 credentials.
no_local_webserver: if True, do not try to run local web server that
handles redirects. Use copy-pasted verification code instead.
webserver_port: port to run local webserver on.
service_account_json: path to JSON file with service account credentials.
"""
if tokens_cache is None:
tokens_cache = os.environ.get(
'SWARMING_AUTH_TOKENS_CACHE', DEFAULT_OAUTH_TOKENS_CACHE)
if no_local_webserver is None:
no_local_webserver = tools.get_bool_env_var(
'SWARMING_AUTH_NO_LOCAL_WEBSERVER')
if webserver_port is None:
webserver_port = 8090
if service_account_json is None:
service_account_json = os.environ.get('SWARMING_AUTH_SERVICE_ACCOUNT_JSON')
if disabled is None:
disabled = tools.is_headless() and not service_account_json
return OAuthConfig(
disabled,
tokens_cache,
no_local_webserver,
webserver_port,
service_account_json)
def make_oauth_config(
tokens_cache=None, no_local_webserver=None, webserver_port=None):
"""Returns new instance of OAuthConfig.
If some config option is not provided or None, it will be set to a reasonable
default value. This function also acts as an authoritative place for default
values of corresponding command line options.
Args:
tokens_cache: path to a file with cached OAuth2 credentials.
no_local_webserver: if True, do not try to run local web server that
handles redirects. Use copy-pasted verification code instead.
webserver_port: port to run local webserver on.
"""
if tokens_cache is None:
tokens_cache = os.environ.get(
'SWARMING_AUTH_TOKENS_CACHE', DEFAULT_OAUTH_TOKENS_CACHE)
if no_local_webserver is None:
no_local_webserver = tools.get_bool_env_var(
'SWARMING_AUTH_NO_LOCAL_WEBSERVER')
# TODO(vadimsh): Add support for "find free port" option.
if webserver_port is None:
webserver_port = 8090
return OAuthConfig(tokens_cache, no_local_webserver, webserver_port)
