def _load_credentials_from_file(filename):
"""Loads credentials from a file.
The credentials file must be a service account key or stored authorized
user credentials.
Args:
filename (str): The full path to the credentials file.
Returns:
Tuple[google.auth.credentials.Credentials, Optional[str]]: Loaded
credentials and the project ID. Authorized user credentials do not
have the project ID information.
Raises:
google.auth.exceptions.DefaultCredentialsError: if the file is in the
wrong format.
"""
with io.open(filename, 'r') as file_obj:
try:
info = json.load(file_obj)
except ValueError as exc:
raise exceptions.DefaultCredentialsError(
'File {} is not a valid json file.'.format(filename), exc)
# The type key should indicate that the file is either a service account
# credentials file or an authorized user credentials file.
credential_type = info.get('type')
if credential_type == _AUTHORIZED_USER_TYPE:
from google.auth import _cloud_sdk
try:
credentials = _cloud_sdk.load_authorized_user_credentials(info)
except ValueError as exc:
raise exceptions.DefaultCredentialsError(
'Failed to load authorized user credentials from {}'.format(
filename), exc)
# Authorized user credentials do not contain the project ID.
return credentials, None
elif credential_type == _SERVICE_ACCOUNT_TYPE:
from google.oauth2 import service_account
try:
credentials = (
service_account.Credentials.from_service_account_info(info))
except ValueError as exc:
raise exceptions.DefaultCredentialsError(
'Failed to load service account credentials from {}'.format(
filename), exc)
return credentials, info.get('project_id')
else:
raise exceptions.DefaultCredentialsError(
'The file {file} does not have a valid type. '
'Type is {type}, expected one of {valid_types}.'.format(
file=filename, type=credential_type, valid_types=_VALID_TYPES))
def test_load_authorized_user_credentials():
credentials = _cloud_sdk.load_authorized_user_credentials(
AUTHORIZED_USER_FILE_DATA)
assert isinstance(credentials, google.oauth2.credentials.Credentials)
assert credentials.token is None
assert (credentials._refresh_token ==
AUTHORIZED_USER_FILE_DATA['refresh_token'])
assert credentials._client_id == AUTHORIZED_USER_FILE_DATA['client_id']
assert (credentials._client_secret ==
AUTHORIZED_USER_FILE_DATA['client_secret'])
assert credentials._token_uri == _cloud_sdk._GOOGLE_OAUTH2_TOKEN_ENDPOINT
def test_load_authorized_user_credentials_bad_format():
with pytest.raises(ValueError) as excinfo:
_cloud_sdk.load_authorized_user_credentials({})
assert excinfo.match(r'missing fields')
def _load_credentials_from_file(filename):
"""Loads credentials from a file.
The credentials file must be a service account key or stored authorized
user credentials.
Args:
filename (str): The full path to the credentials file.
Returns:
Tuple[google.auth.credentials.Credentials, Optional[str]]: Loaded
credentials and the project ID. Authorized user credentials do not
have the project ID information.
Raises:
google.auth.exceptions.DefaultCredentialsError: if the file is in the
wrong format or is missing.
"""
if not os.path.exists(filename):
raise exceptions.DefaultCredentialsError(
"File {} was not found.".format(filename)
)
with io.open(filename, "r") as file_obj:
try:
info = json.load(file_obj)
except ValueError as caught_exc:
new_exc = exceptions.DefaultCredentialsError(
"File {} is not a valid json file.".format(filename), caught_exc
)
six.raise_from(new_exc, caught_exc)
# The type key should indicate that the file is either a service account
# credentials file or an authorized user credentials file.
credential_type = info.get("type")
if credential_type == _AUTHORIZED_USER_TYPE:
from google.auth import _cloud_sdk
try:
credentials = _cloud_sdk.load_authorized_user_credentials(info)
except ValueError as caught_exc:
msg = "Failed to load authorized user credentials from {}".format(filename)
new_exc = exceptions.DefaultCredentialsError(msg, caught_exc)
six.raise_from(new_exc, caught_exc)
# Authorized user credentials do not contain the project ID.
_warn_about_problematic_credentials(credentials)
return credentials, None
elif credential_type == _SERVICE_ACCOUNT_TYPE:
from google.oauth2 import service_account
try:
credentials = service_account.Credentials.from_service_account_info(info)
except ValueError as caught_exc:
msg = "Failed to load service account credentials from {}".format(filename)
new_exc = exceptions.DefaultCredentialsError(msg, caught_exc)
six.raise_from(new_exc, caught_exc)
return credentials, info.get("project_id")
else:
raise exceptions.DefaultCredentialsError(
"The file {file} does not have a valid type. "
"Type is {type}, expected one of {valid_types}.".format(
file=filename, type=credential_type, valid_types=_VALID_TYPES
)
)
