def __buildHttp(cls, http, options, url, method='GET'):
_http = None
try:
if not isinstance(options, dict):
if options == None:
options = {}
else:
raise TypeError('Error: options must be a dict')
if not isinstance(http, googleapiclient.http.httplib2.Http):
raise TypeError(
'Error: http must be an http request of googlepiclient.http.httplib2.Http class'
)
if not isinstance(url, str):
raise TypeError('Error: url must be a str')
if not isinstance(method, str):
raise TypeError('Error: method must be a str')
_request = httplib2.AuthorizedHttp(cls.token, http)
_options = options
_url = f'{url}?'
_method = method
for key, value in dict(_options).items():
_url += f'{key}={value}&'
_http = {'request': _request, 'url': _url, 'method': _method}
except Exception:
print_exc()
finally:
return _http
def test_close(self):
with mock.patch("httplib2.Http.close", autospec=True) as close:
authed_http = google_auth_httplib2.AuthorizedHttp(
mock.sentinel.credentials)
authed_http.close()
close.assert_called_once()
def build_request(http, *args, **kwargs):
new_http = httplib2.Http()
if user_agent is not None:
new_http = set_user_agent(new_http, user_agent)
if credentials is not None:
new_http = google_auth_httplib2.AuthorizedHttp(credentials, http=new_http)
return googleapiclient.http.HttpRequest(new_http, *args, **kwargs)
def get_client():
"""BigQuery-Client erzeugen."""
credentials = google.auth.credentials.with_scopes_if_required(
get_credentials(), bigquery.Client.SCOPE)
return bigquery.Client(project=replication_config.BIGQUERY_PROJECT,
_http=google_auth_httplib2.AuthorizedHttp(
credentials, httplib2.Http(timeout=60)))
def _BuildService(self):
http = httplib2.Http(timeout=_HTTP_TIMEOUT_SECONDS)
http = google_auth_httplib2.AuthorizedHttp(self._credentials, http)
api = googleapiclient.discovery.build(
'clouddebugger', 'v2', http=http, cache_discovery=False)
return api.controller()
def authenticate(cls, json_path=None):
"""Authenticates for Cloud Natural Language API and returns a parser.
If a service account private key file is not given, it tries to authenticate
with default credentials.
Args:
json_path: A file path to a service account's JSON private keyfile.
(str, optional)
Returns:
Budou parser. (Budou)
"""
import google_auth_httplib2
from googleapiclient import discovery
scope = ['https://www.googleapis.com/auth/cloud-platform']
if json_path:
try:
from google.oauth2 import service_account
credentials = service_account.Credentials.from_service_account_file(
json_path)
scoped_credentials = credentials.with_scopes(scope)
except ImportError:
print('''Failed to load google.oauth2.service_account module.
If you are running this script in Google App Engine environment,
please call `authenticate` method with empty argument to
authenticate with default credentials.''')
else:
import google.auth
scoped_credentials, project = google.auth.default(scope)
authed_http = google_auth_httplib2.AuthorizedHttp(scoped_credentials)
service = discovery.build('language', 'v1beta2', http=authed_http)
return cls(service)
def _authenticate(self, cache_discovery):
import google_auth_httplib2
import googleapiclient.discovery
scope = ['https://www.googleapis.com/auth/cloud-platform']
if self.credentials_path:
try:
from google.oauth2 import service_account
credentials = service_account.Credentials.from_service_account_file(
self.credentials_path)
scoped_credentials = credentials.with_scopes(scope)
except ImportError:
logging.error(
'Failed to load google.oauth2.service_account module. '
'If you are running this script in Google App Engine '
'environment, you can initialize the segmenter with '
'default credentials.')
else:
import google.auth
scoped_credentials, _ = google.auth.default(scope)
authed_http = google_auth_httplib2.AuthorizedHttp(scoped_credentials)
service = googleapiclient.discovery.build(
'language',
'v1beta2',
http=authed_http,
cache_discovery=cache_discovery)
return service
def init(self, conf):
# type: (ConfigTree) -> None
self.key_path = conf.get_string(
BigQueryTableUsageExtractor.KEY_PATH_KEY, None)
if self.key_path:
credentials = (
google.oauth2.service_account.Credentials.
from_service_account_file(
self.key_path,
scopes=BigQueryTableUsageExtractor._DEFAULT_SCOPES))
else:
credentials, _ = google.auth.default(
scopes=BigQueryTableUsageExtractor._DEFAULT_SCOPES)
http = httplib2.Http()
authed_http = google_auth_httplib2.AuthorizedHttp(credentials,
http=http)
self.logging_service = build('logging',
'v2',
http=authed_http,
cache_discovery=False)
self.timestamp = conf.get_string(
BigQueryTableUsageExtractor.TIMESTAMP_KEY,
(date.today() - timedelta(days=1)).strftime('%Y-%m-%dT00:00:00Z'))
self.projectid = conf.get_string(
BigQueryTableUsageExtractor.PROJECT_ID_KEY)
self.pagesize = conf.get_int(
BigQueryTableUsageExtractor.PAGE_SIZE_KEY,
BigQueryTableUsageExtractor.DEFAULT_PAGE_SIZE)
self.table_usage_counts = {}
self._count_usage()
self.iter = iter(self.table_usage_counts)
def init(self, conf):
# type: (ConfigTree) -> None
self.key_path = conf.get_string(BigQueryMetadataExtractor.KEY_PATH_KEY,
None)
self.project_id = conf.get_string(
BigQueryMetadataExtractor.PROJECT_ID_KEY)
self.pagesize = conf.get_int(
BigQueryMetadataExtractor.PAGE_SIZE_KEY,
BigQueryMetadataExtractor.DEFAULT_PAGE_SIZE)
self.filter = conf.get_string(BigQueryMetadataExtractor.FILTER_KEY, '')
if self.key_path:
credentials = (
google.oauth2.service_account.Credentials.
from_service_account_file(
self.key_path,
scopes=BigQueryMetadataExtractor._DEFAULT_SCOPES))
else:
credentials, _ = google.auth.default(
scopes=BigQueryMetadataExtractor._DEFAULT_SCOPES)
http = httplib2.Http()
authed_http = google_auth_httplib2.AuthorizedHttp(credentials,
http=http)
self.bigquery_service = build('bigquery',
'v2',
http=authed_http,
cache_discovery=False)
self.datasets = self._retrieve_datasets()
self.iter = iter(self._iterate_over_tables())
self.grouped_tables = set([])
def AuthorizeClient(self, http_client, creds):
"""Returns an http_client authorized with the given credentials."""
if core_creds.IsGoogleAuthCredentials(creds):
http_client = google_auth_httplib2.AuthorizedHttp(creds, http_client)
else:
http_client = creds.authorize(http_client)
return http_client
def __init__(self, creds, autorefresh=True):
try:
self.creds = Credentials.from_json(creds)
except TypeError:
self.creds = creds
if self.creds.expired and self.creds.refresh_token \
and autorefresh:
self.creds.refresh(Request())
http = google_auth_httplib2.AuthorizedHttp(self.creds)
#see bug https://github.com/googleapis/google-api-python-client/issues/803#issuecomment-578151576
http.http.redirect_codes = set(http.http.redirect_codes) - {308}
self._service = build('drive', 'v3', http=http)
self.id = None
self.drive = self
self.default_fields = 'id, name, mimeType, parents, spaces'
root_folder = self.item_by_id("root")
super().__init__(self, root_folder.parent_ids, root_folder.name,
root_folder.id, root_folder.spaces)
if 'https://www.googleapis.com/auth/drive.appdata' in self.creds.scopes:
self.appdata = self.item_by_id("appDataFolder")
def build_request(http, *args, **kwargs):
"""
See https://googleapis.github.io/google-api-python-client/docs/thread_safety.html
"""
new_http = google_auth_httplib2.AuthorizedHttp(
creds, http=httplib2.Http())
return googleapiclient.http.HttpRequest(new_http, *args, **kwargs)
def authorized_http(credentials):
"""Returns an http client that is authorized with the given credentials.
Args:
credentials (Union[
google.auth.credentials.Credentials,
oauth2client.client.Credentials]): The credentials to use.
Returns:
Union[httplib2.Http, google_auth_httplib2.AuthorizedHttp]: An
authorized http client.
"""
from googleapiclient.http import build_http
if HAS_GOOGLE_AUTH and isinstance(
credentials, google.auth.credentials.Credentials):
if google_auth_httplib2 is None:
raise ValueError(
'Credentials from google.auth specified, but '
'google-api-python-client is unable to use these credentials '
'unless google-auth-httplib2 is installed. Please install '
'google-auth-httplib2.')
return google_auth_httplib2.AuthorizedHttp(credentials,
http=build_http())
else:
return credentials.authorize(build_http())
def test_request_no_refresh(self):
mock_credentials = mock.Mock(wraps=MockCredentials())
mock_response = MockResponse()
mock_http = MockHttp([mock_response])
authed_http = google_auth_httplib2.AuthorizedHttp(
mock_credentials, http=mock_http
)
response, data = authed_http.request(self.TEST_URL)
assert response == mock_response
assert data == mock_response.data
assert mock_credentials.before_request.called
assert not mock_credentials.refresh.called
assert mock_http.requests == [
(
"GET",
self.TEST_URL,
None,
{"authorization": "token"},
httplib2.DEFAULT_MAX_REDIRECTS,
None,
)
]
def test_request_positional_args(self):
"""Verifies that clients can pass args to request as positioanls."""
mock_credentials = mock.Mock(wraps=MockCredentials())
mock_response = MockResponse()
mock_http = MockHttp([mock_response])
authed_http = google_auth_httplib2.AuthorizedHttp(
mock_credentials, http=mock_http
)
response, data = authed_http.request(
self.TEST_URL, "GET", None, None, httplib2.DEFAULT_MAX_REDIRECTS, None
)
assert response == mock_response
assert data == mock_response.data
assert mock_credentials.before_request.called
assert not mock_credentials.refresh.called
assert mock_http.requests == [
(
"GET",
self.TEST_URL,
None,
{"authorization": "token"},
httplib2.DEFAULT_MAX_REDIRECTS,
None,
)
]
def test_timeout(self):
authed_http = google_auth_httplib2.AuthorizedHttp(mock.sentinel.credentials)
assert authed_http.timeout == authed_http.http.timeout
authed_http.timeout = mock.sentinel.timeout
assert authed_http.http.timeout == mock.sentinel.timeout
def test_redirect_codes(self):
authed_http = google_auth_httplib2.AuthorizedHttp(mock.sentinel.credentials)
assert authed_http.redirect_codes == authed_http.http.redirect_codes
authed_http.redirect_codes = mock.sentinel.redirect_codes
assert authed_http.http.redirect_codes == mock.sentinel.redirect_codes
def test_connections(self):
authed_http = google_auth_httplib2.AuthorizedHttp(mock.sentinel.credentials)
assert authed_http.connections == authed_http.http.connections
authed_http.connections = mock.sentinel.connections
assert authed_http.http.connections == mock.sentinel.connections
def build_client(self):
service_account_data = self.credential.content['service_account']
service_account_data['private_key'] = service_account_data[
'private_key'].replace('\\n', '\n')
credentials = service_account.Credentials.from_service_account_info(
service_account_data, scopes=self.credential.scopes)
if HTTP_PROXY:
_, host, port = HTTP_PROXY.split(':')
try:
port = int(port)
except ValueError:
raise EnvironmentError('HTTP_PROXY incorrect format')
proxied_http = httplib2.Http(proxy_info=httplib2.ProxyInfo(
httplib2.socks.PROXY_TYPE_HTTP, host.replace('//', ''), port))
authorized_http = google_auth_httplib2.AuthorizedHttp(
credentials, http=proxied_http)
service = googleapiclient.discovery.build('compute',
'v1',
http=authorized_http)
else:
service = googleapiclient.discovery.build(
'compute',
'v1',
credentials=credentials,
)
return service
def custom_execute(self: HttpRequest, *args, **kwargs):
is_google_workspace = getattr(self.http.credentials,
"is_google_workspace", False)
if is_google_workspace and self.http.credentials.threading:
self.http = google_auth_httplib2.AuthorizedHttp(
self.http.credentials, http=Http())
try:
data = error_handled_execute(self, *args, **kwargs)
except HttpError as e:
# Tell the user which scopes are required
if (e.reason == "Request had insufficient authentication scopes."
and is_google_workspace):
content = json.loads(
discovery_cache.get_static_doc(
self.http.credentials.api,
self.http.credentials.version))
scopes = get_scopes_by_method_id(self.methodId, content)
print(
f"Error: `{self.methodId}` requires one of these scopes: {scopes} , but you have {self.http.credentials.authenticated_scopes}"
)
raise
finally:
if is_google_workspace and self.http.credentials.threading:
# close connection when using threads, because on the next
# call we will be creating a new AuthorizedHttp anyway
self.http.close()
return data
def send_reports():
if request.headers.get('X-Appengine-Cron') != 'true':
abort(404)
already_parsed_endpoint_ids = fetch_all_endpoint_ids()
print(already_parsed_endpoint_ids)
with open('oauth2.txt') as f:
cdata = json.load(f)
httpc = httplib2.Http()
req = google_auth_httplib2.Request(httpc)
creds = google.oauth2.credentials.Credentials.from_authorized_user_file('oauth2.txt')
creds.token = cdata.get('token', cdata.get('auth_token', ''))
creds._id_token = cdata.get('id_token_jwt', cdata.get('id_token', None))
token_expiry = cdata.get('token_expiry', '1970-01-01T00:00:01Z')
creds.expiry = datetime.datetime.strptime(token_expiry, '%Y-%m-%dT%H:%M:%SZ')
creds.refresh(req)
httpc = google_auth_httplib2.AuthorizedHttp(creds, httpc)
rep = googleapiclient.discovery.build('admin', 'reports_v1', http=httpc, cache_discovery=False)
gmail = googleapiclient.discovery.build('gmail', 'v1', http=httpc, cache_discovery=False)
cal = googleapiclient.discovery.build('calendar', 'v3', http=httpc, cache_discovery=False)
now = datetime.datetime.utcnow()
two_days_ago = now - datetime.timedelta(days=2)
two_days_ago = two_days_ago.isoformat(timespec='seconds') + 'Z'
min_age = now - datetime.timedelta(minutes=MINIMUM_AGE_MINUTES)
min_age = min_age.isoformat(timespec='seconds') + 'Z'
print(f'Start time: {two_days_ago} End time: {min_age}')
response = gapi.call_pages(rep.activities(), 'list', applicationName='meet',
userKey='all', eventName='call_ended',
startTime=two_days_ago, endTime=min_age)
meetings = parse_report(response, cal, ignore_endpoint_ids=already_parsed_endpoint_ids)
draw_meetings(gmail, meetings)
return 'all done!'
def build_authorized_service(service, version, credentials=None):
"""Builds an authorized service proxy with custom user agent.
Args:
service (str): name of service requested.
version (str): version of service requested.
credentials (google.auth.Credentials): Credentials to authorize client.
Returns:
Resource: Authorized compute service proxy with custom user agent.
"""
headers = get_user_agent_header()
if PY2:
httplib2.Http.request.__func__.func_defaults = ('GET', None, headers,
5, None)
elif PY3:
httplib2.Http.request.func_defaults = ('GET', None, headers, 5, None)
default_credentials, _ = google.auth.default()
authorized_http = google_auth_httplib2.AuthorizedHttp(
credentials or default_credentials)
service = discovery.build(service,
version,
cache_discovery=False,
http=authorized_http)
return service
def init(self, conf: ConfigTree) -> None:
# should use key_path, or cred_key if the former doesn't exist
self.key_path = conf.get_string(BaseBigQueryExtractor.KEY_PATH_KEY, None)
self.cred_key = conf.get_string(BaseBigQueryExtractor.CRED_KEY, None)
self.project_id = conf.get_string(BaseBigQueryExtractor.PROJECT_ID_KEY)
self.pagesize = conf.get_int(
BaseBigQueryExtractor.PAGE_SIZE_KEY,
BaseBigQueryExtractor.DEFAULT_PAGE_SIZE)
self.filter = conf.get_string(BaseBigQueryExtractor.FILTER_KEY, '')
if self.key_path:
credentials = (
google.oauth2.service_account.Credentials.from_service_account_file(
self.key_path, scopes=self._DEFAULT_SCOPES))
else:
if self.cred_key:
service_account_info = json.loads(self.cred_key)
credentials = (
google.oauth2.service_account.Credentials.from_service_account_info(
service_account_info, scopes=self._DEFAULT_SCOPES))
else:
# FIXME: mypy can't find this attribute
google_auth: Any = getattr(google, 'auth')
credentials, _ = google_auth.default(scopes=self._DEFAULT_SCOPES)
http = httplib2.Http()
authed_http = google_auth_httplib2.AuthorizedHttp(credentials, http=http)
self.bigquery_service = build('bigquery', 'v2', http=authed_http, cache_discovery=False)
self.logging_service = build('logging', 'v2', http=authed_http, cache_discovery=False)
self.iter: Iterator[Any] = iter([])
def destroy_cloudfunction_artifacts(name):
"""Destroys all images stored in cloud storage that are related to the function."""
client = Client("cloudresourcemanager", "v1", calls="projects")
resp = client.execute("get",
parent_key="projectId",
parent_schema=get_default_project())
project_number = resp["projectNumber"]
region = get_default_location()
if not region:
raise Exception("Missing Region")
bucket_name = f"gcf-sources-{project_number}-{get_default_location()}"
http = client.http or google_auth_httplib2.AuthorizedHttp(
get_credentials())
resp = http.request(
f"https://storage.googleapis.com/storage/v1/b/{bucket_name}/o?prefix={name}"
)
objects = json.loads(resp[1])
if not objects.get("items"):
log.info("Artifacts already deleted")
return
for storage in objects["items"]:
log.info(f"Deleting artifact {storage['name']}")
resp = http.request(
f"https://storage.googleapis.com/storage/v1/b/{bucket_name}/o/{quote_plus(storage['name'])}",
method="DELETE",
)
def from_credentials(cls, credentials: credentials.Credentials):
http_client = http.set_user_agent(http.build_http(),
'django-cloud-deploy')
auth_http = google_auth_httplib2.AuthorizedHttp(credentials,
http=http_client)
return cls(
discovery.build('cloudresourcemanager', 'v1', http=auth_http))
def _create_directory_service(self, user_email=None):
"""Build and return a Google Admin SDK Directory API service object.
Args:
user_email: String, The email address of the user that needs permission to
access the admin APIs.
Returns:
Google Admin SDK Directory API service object.
Raises:
UnauthorizedUserError: If a user email is not provided.
"""
if user_email and user_email.split('@')[1] in constants.APP_DOMAINS:
credentials = service_account.Credentials.from_service_account_file(
filename=constants.SECRETS_FILE,
scopes=constants.DIRECTORY_SCOPES,
subject=constants.ADMIN_EMAIL)
logging.info('Created delegated credentials for %s.', user_email)
else:
raise UnauthorizedUserError('User Email not provided.')
return build(
serviceName='admin',
version='directory_v1',
http=google_auth_httplib2.AuthorizedHttp(credentials=credentials))
def __init__(self,
resource,
version="v1",
credentials=None,
calls=None,
parent_schema=None):
self.project_id = get_default_project()
self.location_id = get_default_location()
self.calls = calls
self.resource = resource
self.version = version
self.parent_schema = parent_schema
self.http = self.http_for_tests()
self._credentials = credentials or get_credentials()
if self.http:
self.credentials = None
self.http = google_auth_httplib2.AuthorizedHttp(self._credentials,
http=self.http)
else:
self.credentials = self._credentials
self.client = build(
resource,
version,
credentials=self.credentials,
cache_discovery=False,
http=self.http,
)
self.parent = None
if self.parent_schema:
self.parent = self.parent_schema.format(
project_id=self.project_id, location_id=self.location_id)
def authorized_http(credentials, default_http=None):
"""Returns an http client that is authorized with the given credentials.
Args:
credentials (Union[
google.auth.credentials.Credentials,
oauth2client.client.Credentials]): The credentials to use.
default_http (Union[httplib2.Http, None]): A httplib2.Http object which
will be used to make http requests.
Returns:
Union[httplib2.Http, google_auth_httplib2.AuthorizedHttp]: An
authorized http client.
"""
http = default_http
if not http:
from googleapiclient.http import build_http
http = build_http()
if HAS_GOOGLE_AUTH and isinstance(credentials,
google.auth.credentials.Credentials):
if google_auth_httplib2 is None:
raise ValueError(
'Credentials from google.auth specified, but '
'google-api-python-client is unable to use these credentials '
'unless google-auth-httplib2 is installed. Please install '
'google-auth-httplib2.')
return google_auth_httplib2.AuthorizedHttp(credentials, http=http)
else:
return credentials.authorize(http)
def AuthorizeHttp(http, credentials, scopes=None):
"""Helper function to apply credentials to an HTTP client."""
if not credentials:
return http # TODO: try to use default credentials
if scopes:
credentials = ga_credentials.with_scopes_if_required(credentials, scopes)
return google_auth_httplib2.AuthorizedHttp(credentials, http)
def produce_profile_message(creds: Credentials):
"""Generate a message containing the users profile inforamtion."""
http = google_auth_httplib2.AuthorizedHttp(creds)
people_api = discovery.build('people', 'v1', http=http)
try:
person = people_api.people().get(resourceName='people/me',
personFields=','.join([
'names',
'addresses',
'emailAddresses',
'phoneNumbers',
'photos',
])).execute()
except Exception as e:
logging.exception(e)
return {
'text': 'Failed to fetch profile info: ```%s```' % e,
}
card = {}
if person.get('names') and person.get('photos'):
card.update({
'header': {
'title': person['names'][0]['displayName'],
'imageUrl': person['photos'][0]['url'],
'imageStyle': 'AVATAR',
},
})
widgets = []
for email_address in person.get('emailAddresses', []):
widgets.append({
'keyValue': {
'icon': 'EMAIL',
'content': email_address['value'],
}
})
for phone_number in person.get('phoneNumbers', []):
widgets.append({
'keyValue': {
'icon': 'PHONE',
'content': phone_number['value'],
}
})
for address in person.get('addresses', []):
if 'formattedValue' in address:
widgets.append({
'keyValue': {
'icon': 'MAP_PIN',
'content': address['formattedValue'],
}
})
if widgets:
card.update({'sections': [{
'widgets': widgets,
}]})
if card:
return {'cards': [card]}
return {
'text': 'Hmm, no profile information found',
}
