Esempio n. 1
0
  def Run(self, args):
    """Run the helper command."""

    cred = c_store.Load(args.account)
    c_store.Refresh(cred)

    if not cred.access_token:
      raise auth_exceptions.InvalidCredentialsError(
          'No access token could be obtained from the current credentials.')
    return cred
Esempio n. 2
0
  def Run(self, args):
    """Run the helper command."""

    cred = c_store.Load(
        args.account,
        allow_account_impersonation=True,
        use_google_auth=True)
    c_store.Refresh(cred)
    if c_creds.IsOauth2ClientCredentials(cred):
      token = cred.access_token
    else:
      token = cred.token
    if not token:
      raise auth_exceptions.InvalidCredentialsError(
          'No access token could be obtained from the current credentials.')
    return DummyCredentials(token)
Esempio n. 3
0
    def Run(self, args):
        """Run the helper command."""

        cred = c_store.Load(args.account,
                            allow_account_impersonation=True,
                            use_google_auth=True)
        if args.scopes:
            cred_type = c_creds.CredentialTypeGoogleAuth.FromCredentials(cred)
            if cred_type not in [
                    c_creds.CredentialTypeGoogleAuth.USER_ACCOUNT,
                    c_creds.CredentialTypeGoogleAuth.SERVICE_ACCOUNT
            ]:
                # TODO(b/223649175): Add support for other credential types(e.g GCE).
                log.warning(
                    '`--scopes` flag may not working as expected and will be ignored '
                    'for account type {}.'.format(cred_type.key))
            scopes = args.scopes + [
                auth_util.OPENID, auth_util.USER_EMAIL_SCOPE
            ]

            # non user account credential types
            if isinstance(cred, credentials.Scoped):
                cred = cred.with_scopes(scopes)
            else:
                requested_scopes = set(args.scopes)
                trusted_scopes = set(config.CLOUDSDK_SCOPES)
                if not requested_scopes.issubset(trusted_scopes):
                    raise c_exc.InvalidArgumentException(
                        '--scopes',
                        'Invalid scopes value. Please make sure the scopes are from [{0}]'
                        .format(config.CLOUDSDK_SCOPES))
                # pylint:disable=protected-access
                cred._scopes = scopes

        c_store.Refresh(cred)
        if c_creds.IsOauth2ClientCredentials(cred):
            token = cred.access_token
        else:
            token = cred.token
        if not token:
            raise auth_exceptions.InvalidCredentialsError(
                'No access token could be obtained from the current credentials.'
            )
        return FakeCredentials(token)
Esempio n. 4
0
def generate_login_token_from_gcloud_auth(scopes):
    """Genearete a down-coped access token with given scopes for IAM DB authentication from gcloud credentials.

  Args:
    scopes: scopes to be included in the down-scoped token.

  Returns:
    Down-scoped access token.
  """
    cred = c_store.Load(allow_account_impersonation=True, use_google_auth=True)

    cred = _downscope_credential(cred, scopes)

    c_store.Refresh(cred)
    if c_creds.IsOauth2ClientCredentials(cred):
        token = cred.access_token
    else:
        token = cred.token
    if not token:
        raise auth_exceptions.InvalidCredentialsError(
            'No access token could be obtained from the current credentials.')
    return token