Esempio n. 1
0
def RevokeCredsInWellKnownFile(brief):
  """Revoke the credentials in ADC's well-known file."""
  # pylint:disable=protected-access, refactor as per TODO above
  credentials_filename = client._get_well_known_file()
  if not os.path.isfile(credentials_filename):
    if not brief:
      log.status.write(
          '\nApplication Default Credentials have not been\n'
          'set up by a tool, so nothing was revoked.\n')
    return

  # We only want to get the credentials from the well-known file, because
  # no other credentials can be revoked.
  # pylint:disable=protected-access, refactor as per TODO above
  creds = client._get_application_default_credential_from_file(
      credentials_filename)
  if creds.serialization_data['type'] != 'authorized_user':
    if not brief:
      log.status.write(
          '\nThe credentials set up for Application Default Credentials\n'
          'through the Google Cloud SDK are service account credentials,\n'
          'so they were not revoked.\n')
  else:
    c_store.RevokeCredentials(creds)
    if not brief:
      log.status.write(
          '\nThe credentials set up for Application Default Credentials\n'
          'through the Google Cloud SDK have been revoked.\n')

  os.remove(credentials_filename)

  if not brief:
    log.status.write(
        '\nThe file storing the Application Default Credentials\n'
        'has been removed.\n')
Esempio n. 2
0
    def Run(self, args):
        """Revoke Application Default Credentials."""

        cred_file = config.ADCFilePath()
        if not os.path.isfile(cred_file):
            log.status.Print(
                'Application Default Credentials have not been set up, '
                'nothing to revoke.')
            return

        creds = client.GoogleCredentials.from_stream(cred_file)
        if creds.serialization_data['type'] != 'authorized_user':
            raise c_exc.BadFileException(
                'The given credential file is a service account credential, and '
                'cannot be revoked.')

        console_io.PromptContinue(
            'You are about to revoke the credentials stored in: [{file}]'.
            format(file=cred_file),
            throw_if_unattended=True,
            cancel_on_no=True)

        c_store.RevokeCredentials(creds)
        os.remove(cred_file)
        log.status.Print('Credentials revoked.')
    def Run(self, args):
        """Revoke Application Default Credentials."""

        cred_file = config.ADCFilePath()
        if not os.path.isfile(cred_file):
            log.status.Print(
                'Application Default Credentials have not been set up, '
                'nothing to revoke.')
            return

        creds, _ = c_creds.GetGoogleAuthDefault().load_credentials_from_file(
            cred_file)
        if not (c_creds.IsUserAccountCredentials(creds)
                or c_creds.IsExternalAccountCredentials(creds)
                or c_creds.IsExternalAccountUserCredentials(creds)):
            raise c_exc.BadFileException(
                'The given credential file is a service account credential, and '
                'cannot be revoked.')
        if isinstance(creds, google_auth_creds.Credentials):
            creds = c_google_auth.Credentials.FromGoogleAuthUserCredentials(
                creds)

        console_io.PromptContinue(
            'You are about to revoke the credentials stored in: [{file}]'.
            format(file=cred_file),
            throw_if_unattended=True,
            cancel_on_no=True)

        try:
            c_store.RevokeCredentials(creds)
            os.remove(cred_file)
            log.status.Print('Credentials revoked.')
        except c_store.RevokeError:
            os.remove(cred_file)
            log.warning(
                'The credentials stored in: [{file}] are not revocable from the '
                'server but have been deleted from the file system.'.format(
                    file=cred_file))