def test__load_credentials_from_file_invalid_type(tmpdir): jsonfile = tmpdir.join('invalid.json') jsonfile.write(json.dumps({'type': 'not-a-real-type'})) with pytest.raises(exceptions.DefaultCredentialsError) as excinfo: _default._load_credentials_from_file(str(jsonfile)) assert excinfo.match(r'does not have a valid type')
def test__load_credentials_from_file_invalid_json(tmpdir): jsonfile = tmpdir.join('invalid.json') jsonfile.write('{') with pytest.raises(exceptions.DefaultCredentialsError) as excinfo: _default._load_credentials_from_file(str(jsonfile)) assert excinfo.match(r'not a valid json file')
def test__load_credentials_from_file_service_account_bad_format(tmpdir): filename = tmpdir.join('serivce_account_bad.json') filename.write(json.dumps({'type': 'service_account'})) with pytest.raises(exceptions.DefaultCredentialsError) as excinfo: _default._load_credentials_from_file(str(filename)) assert excinfo.match(r'Failed to load service account') assert excinfo.match(r'missing fields')
def test__load_credentials_from_file_authorized_user_bad_format(tmpdir): filename = tmpdir.join('authorized_user_bad.json') filename.write(json.dumps({'type': 'authorized_user'})) with pytest.raises(exceptions.DefaultCredentialsError) as excinfo: _default._load_credentials_from_file(str(filename)) assert excinfo.match(r'Failed to load authorized user') assert excinfo.match(r'missing fields')
def build_service(api, version, credentials_path=None, user_email=None, scopes=None): """Build and returns a service object. Allows delegation of GSuite permissions to the service account when the `user_email` argument is passed. Args: api (str): The Admin SDK API to use. version (str): The Admin SDK API version to use. credentials_path (str, optional): The path to the service account credentials. user_email (str): The email of the user. Needs permissions to access the Admin APIs. scopes (list, optional): A list of scopes to authenticate the request with. Returns: Google Service object. """ if credentials_path is not None: logger.info("Getting credentials from file '%s' ...", credentials_path) credentials, _ = _load_credentials_from_file(credentials_path) else: logger.info("Getting default application credentials ...") credentials, _ = google.auth.default() if user_email is not None: # make delegated credentials credentials = _make_delegated_credentials( credentials, user_email, scopes) return discovery.build(api, version, credentials=credentials)
def __init__(self, config, callback_handler): self.config = config self._callback_handler = callback_handler if 'gcp_cred' not in config: LOGGER.info('No gcp_cred credential specified in config') self._pubber = None self._storage = None self._firestore = None return cred_file = self.config['gcp_cred'] LOGGER.info('Loading gcp credentials from %s', cred_file) # Normal execution assumes default credentials. # pylint: disable=protected-access (self._credentials, self._project) = google_auth._load_credentials_from_file(cred_file) self._client_name = self._parse_creds(cred_file) self._pubber = pubsub_v1.PublisherClient(credentials=self._credentials) LOGGER.info('Initialized gcp pub/sub %s:%s', self._project, self._client_name) self._firestore = self._initialize_firestore(cred_file) self._storage = storage.Client(project=self._project, credentials=self._credentials) self._report_bucket_name = self.REPORT_BUCKET_FORMAT % self._project self._ensure_report_bucket() self._config_callbacks = {} LOGGER.info('Connection initialized at %s', get_timestamp())
def test__load_credentials_from_file_authorized_user_cloud_sdk(): with pytest.warns(UserWarning, match="Cloud SDK"): credentials, project_id = _default._load_credentials_from_file( AUTHORIZED_USER_CLOUD_SDK_FILE ) assert isinstance(credentials, google.oauth2.credentials.Credentials) assert project_id is None
def credentials_from_file( cred_file: str, scopes: List[str] = [k.CLOUD_PLATFORM_SCOPE_URL, k.COMPUTE_SCOPE_URL] ) -> CredentialsData: """gets cloud credentials from service account file Args: cred_file: service account credentials file to read scopes: list of scopes for credentials Returns: CredentialsData """ with open(cred_file, 'r') as f: info = json.load(f) cred_type = info.get('type') # first we try reading as service account file if cred_type == _SERVICE_ACCOUNT_TYPE: creds = service_account.Credentials.from_service_account_file( cred_file, scopes=scopes) project_id = info.get('project_id') elif cred_type == _AUTHORIZED_USER_TYPE: creds, project_id = _load_credentials_from_file(cred_file) else: logging.error('invalid credentials file format: {}'.format(cred_type)) return CredentialsData(None, None) creds.refresh(google.auth.transport.requests.Request()) return CredentialsData(credentials=creds, project_id=project_id)
def __init__(self, config): self.config = config if 'gcp_cred' not in config: LOGGER.info('No gcp_cred credential specified in config') self.pubber = None return cred_file = self.config['gcp_cred'] LOGGER.info('Loading gcp credentials from %s', cred_file) # Normal execution assumes default credentials. pylint: disable=protected-access (self.credentials, self.project) = google_auth._load_credentials_from_file(cred_file) self.client_name = self._parse_creds(cred_file) self.pubber = pubsub_v1.PublisherClient(credentials=self.credentials) LOGGER.info('Initialized gcp pub/sub %s:%s', self.project, self.client_name) self.firestore = self._initialize_firestore(cred_file)
def init_app(self, app): # defaults for the configuration app.config.setdefault("NDB_PROJECT", None) app.config.setdefault("NDB_NAMESPACE", None) app.config.setdefault("NDB_GOOGLE_APPLICATION_CREDENTIALS", None) app.config.setdefault("NDB_LOCAL_EMULATOR", False) app.config.setdefault("NDB_DATASTORE_DATASET", "") app.config.setdefault("NDB_DATASTORE_EMULATOR_HOST", "") app.config.setdefault("NDB_DATASTORE_EMULATOR_HOST_PATH", "") app.config.setdefault("NDB_DATASTORE_HOST", "") app.config.setdefault("NDB_DATASTORE_PROJECT_ID", app.config["NDB_PROJECT"]) if not self.client: # setup the client project = app.config["NDB_PROJECT"] namespace = app.config["NDB_NAMESPACE"] credentials_file = app.config["NDB_GOOGLE_APPLICATION_CREDENTIALS"] if credentials_file: # call google auth helper to initialise credentials credentials, project_id = _load_credentials_from_file( credentials_file) else: # default credentials, OR load from env, through underlying # lib credentials = None # if local emulator, set the environ as required by underlying # google cloud ndb and related libraries if app.config["NDB_LOCAL_EMULATOR"]: os.environ["DATASTORE_DATASET"] = app.config[ "NDB_DATASTORE_DATASET"] os.environ["DATASTORE_EMULATOR_HOST"] = app.config[ "NDB_DATASTORE_EMULATOR_HOST"] os.environ["DATASTORE_EMULATOR_HOST_PATH"] = app.config[ "NDB_DATASTORE_EMULATOR_HOST_PATH"] os.environ["DATASTORE_HOST"] = app.config["NDB_DATASTORE_HOST"] os.environ["DATASTORE_PROJECT_ID"] = app.config[ "NDB_DATASTORE_PROJECT_ID"] credentials = None self.client = ndb.Client(project=project, namespace=namespace, credentials=credentials) app.wsgi_app = ndb_wsgi_middleware(app.wsgi_app, client=self.client)
def client(): credentials, project = _load_credentials_from_file(FIRESTORE_CREDS) yield firestore.Client(project=project, credentials=credentials)
def test__load_credentials_from_file_service_account(): credentials, project_id = _default._load_credentials_from_file( SERVICE_ACCOUNT_FILE) assert isinstance(credentials, service_account.Credentials) assert project_id == SERVICE_ACCOUNT_FILE_DATA['project_id']
def test__load_credentials_from_file_authorized_user(): credentials, project_id = _default._load_credentials_from_file( AUTHORIZED_USER_FILE) assert isinstance(credentials, google.oauth2.credentials.Credentials) assert project_id is None
def test__load_credentials_from_missing_file(): with pytest.raises(exceptions.DefaultCredentialsError) as excinfo: _default._load_credentials_from_file("") assert excinfo.match(r"not found")
import aiohttp import google.oauth2.credentials import uvloop from google.auth._default import _load_credentials_from_file from .datastore import DemoUser as User, GoogleSheetData, NonExpireableData from .datastore import GcdConnector, Roles from .googleauth import ServiceAccount from .settings import BaseEnviron, AppEnviron, load_env if BaseEnviron.SERVICE_ACCOUNT_SECRETS_PATH is None: load_env(AppEnviron.ENV) #request = google.auth.transport.requests.Request() loop = uvloop.new_event_loop() asyncio.set_event_loop(loop) ROOT_ACCOUNT = ServiceAccount(*_load_credentials_from_file(BaseEnviron.SERVICE_ACCOUNT_SECRETS_PATH)) with open(BaseEnviron.WEBAPP_SECRETS_PATH) as fp: s = fp.read() BaseEnviron.WEBAPP_CLIENT_ID = json.loads(s)['web']['client_id'] (GCD_CREDENTIALS,) = ROOT_ACCOUNT.sub_credentials(aiogcd.connector.connector.DEFAULT_SCOPES) VANILLA_SESSION = aiohttp.ClientSession() ANONYMOUS = User(name="anonymous", gid="", role=Roles.SIGNED_OUT, token="", project_id=ROOT_ACCOUNT.project_name, email='*****@*****.**') GCD_CONNECTOR = GcdConnector(ROOT_ACCOUNT.project_name, GCD_CREDENTIALS) User.set_connector(GCD_CONNECTOR) GoogleSheetData.set_connector(GCD_CONNECTOR) NonExpireableData.set_connector(GCD_CONNECTOR)