コード例 #1
0
def test_load_credentials_from_file_no_type(tmpdir):
    # use the client_secrets.json, which is valid json but not a
    # loadable credentials type
    with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
        _default.load_credentials_from_file(CLIENT_SECRETS_FILE)

    assert excinfo.match(r"does not have a valid type")
    assert excinfo.match(r"Type is None")
コード例 #2
0
def test_load_credentials_from_file_invalid_type(tmpdir):
    jsonfile = tmpdir.join("invalid.json")
    jsonfile.write(json.dumps({"type": "not-a-real-type"}))

    with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
        _default.load_credentials_from_file(str(jsonfile))

    assert excinfo.match(r"does not have a valid type")
コード例 #3
0
def test_load_credentials_from_file_invalid_json(tmpdir):
    jsonfile = tmpdir.join("invalid.json")
    jsonfile.write("{")

    with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
        _default.load_credentials_from_file(str(jsonfile))

    assert excinfo.match(r"not a valid json file")
コード例 #4
0
def test_load_credentials_from_file_authorized_user_bad_format(tmpdir):
    filename = tmpdir.join("authorized_user_bad.json")
    filename.write(json.dumps({"type": "authorized_user"}))

    with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
        _default.load_credentials_from_file(str(filename))

    assert excinfo.match(r"Failed to load authorized user")
    assert excinfo.match(r"missing fields")
コード例 #5
0
def test_load_credentials_from_file_service_account_bad_format(tmpdir):
    filename = tmpdir.join("serivce_account_bad.json")
    filename.write(json.dumps({"type": "service_account"}))

    with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
        _default.load_credentials_from_file(str(filename))

    assert excinfo.match(r"Failed to load service account")
    assert excinfo.match(r"missing fields")
コード例 #6
0
def test_load_credentials_from_file_external_account_bad_format(tmpdir):
    filename = tmpdir.join("external_account_bad.json")
    filename.write(json.dumps({"type": "external_account"}))

    with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
        _default.load_credentials_from_file(str(filename))

    assert excinfo.match(
        "Failed to load external account credentials from {}".format(
            str(filename)))
コード例 #7
0
def test_load_credentials_from_file_authorized_user_cloud_sdk():
    with pytest.warns(UserWarning, match="Cloud SDK"):
        credentials, project_id = _default.load_credentials_from_file(
            AUTHORIZED_USER_CLOUD_SDK_FILE)
    assert isinstance(credentials, google.oauth2.credentials.Credentials)
    assert project_id is None

    # No warning if the json file has quota project id.
    credentials, project_id = _default.load_credentials_from_file(
        AUTHORIZED_USER_CLOUD_SDK_WITH_QUOTA_PROJECT_ID_FILE)
    assert isinstance(credentials, google.oauth2.credentials.Credentials)
    assert project_id is None
コード例 #8
0
def test_load_credentials_from_file_impersonated_wrong_source_type(tmpdir):

    with open(IMPERSONATED_SERVICE_ACCOUNT_AUTHORIZED_USER_SOURCE_FILE) as fh:
        impersonated_credentials_info = json.load(fh)
    impersonated_credentials_info["source_credentials"][
        "type"] = "external_account"

    jsonfile = tmpdir.join("invalid.json")
    jsonfile.write(json.dumps(impersonated_credentials_info))
    with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
        _default.load_credentials_from_file(str(jsonfile))

    assert excinfo.match(
        r"source credential of type external_account is not supported")
コード例 #9
0
def test_load_credentials_from_file_impersonated_wrong_target_principal(
        tmpdir):

    with open(IMPERSONATED_SERVICE_ACCOUNT_AUTHORIZED_USER_SOURCE_FILE) as fh:
        impersonated_credentials_info = json.load(fh)
    impersonated_credentials_info[
        "service_account_impersonation_url"] = "something_wrong"

    jsonfile = tmpdir.join("invalid.json")
    jsonfile.write(json.dumps(impersonated_credentials_info))
    with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
        _default.load_credentials_from_file(str(jsonfile))

    assert excinfo.match(r"Cannot extract target principal")
コード例 #10
0
def test_load_credentials_from_file_service_account_with_quota_project():
    credentials, project_id = _default.load_credentials_from_file(
        SERVICE_ACCOUNT_FILE, quota_project_id="project-foo"
    )
    assert isinstance(credentials, service_account.Credentials)
    assert project_id == SERVICE_ACCOUNT_FILE_DATA["project_id"]
    assert credentials.quota_project_id == "project-foo"
コード例 #11
0
def test_load_credentials_from_file_service_account_with_scopes():
    credentials, project_id = _default.load_credentials_from_file(
        SERVICE_ACCOUNT_FILE, scopes=["https://www.google.com/calendar/feeds"]
    )
    assert isinstance(credentials, service_account.Credentials)
    assert project_id == SERVICE_ACCOUNT_FILE_DATA["project_id"]
    assert credentials.scopes == ["https://www.google.com/calendar/feeds"]
コード例 #12
0
def build_service(api,
                  version,
                  credentials_path=None,
                  user_email=None,
                  scopes=None):
    """Build and returns a service object.

    Allows delegation of GSuite permissions to the service account when the `user_email` argument is passed.

    Args:
      api (str): The Admin SDK API to use.
      version (str): The Admin SDK API version to use.
      credentials_path (str, optional): The path to the service account credentials.
      user_email (str): The email of the user. Needs permissions to access the Admin APIs.
      scopes (list, optional): A list of scopes to authenticate the request with.

    Returns:
      Google Service object.
    """
    if credentials_path is not None:
        logger.info("Getting credentials from file '%s' ...", credentials_path)
        credentials, _ = load_credentials_from_file(credentials_path)
    else:
        logger.info("Getting default application credentials ...")
        credentials, _ = google.auth.default()

    if user_email is not None:  # make delegated credentials
        credentials = _make_delegated_credentials(credentials, user_email,
                                                  scopes)

    return discovery.build(api, version, credentials=credentials)
コード例 #13
0
ファイル: util.py プロジェクト: B3EF/caliban 
def credentials_from_file(
    cred_file: str,
    scopes: List[str] = [k.CLOUD_PLATFORM_SCOPE_URL, k.COMPUTE_SCOPE_URL]
) -> CredentialsData:
    """gets cloud credentials from service account file

  Args:
  cred_file: service account credentials file to read
  scopes: list of scopes for credentials

  Returns:
  CredentialsData
  """

    with open(cred_file, 'r') as f:
        info = json.load(f)

    cred_type = info.get('type')

    # first we try reading as service account file
    if cred_type == _SERVICE_ACCOUNT_TYPE:
        creds = service_account.Credentials.from_service_account_file(
            cred_file, scopes=scopes)
        project_id = info.get('project_id')
    elif cred_type == _AUTHORIZED_USER_TYPE:
        creds, project_id = load_credentials_from_file(cred_file)
    else:
        logging.error('invalid credentials file format: {}'.format(cred_type))
        return CredentialsData(None, None)

    creds.refresh(google.auth.transport.requests.Request())

    return CredentialsData(credentials=creds, project_id=project_id)
コード例 #14
0
    def __init__(self, config, callback_handler):
        self.config = config
        self._callback_handler = callback_handler
        cred_file = self.config.get('gcp_cred')
        if not cred_file:
            LOGGER.info(
                'No gcp_cred file specified in config, disabling gcp use.')
            self._pubber = None
            self._storage = None
            self._firestore = None
            self._client_name = None
            return
        assert SUCCESSFUL_IMPORTS, "Missing google cloud python dependencies."
        LOGGER.info('Loading gcp credentials from %s', cred_file)
        # Normal execution assumes default credentials.
        (self._credentials,
         self._project) = google_auth.load_credentials_from_file(cred_file)
        self._client_name = self._parse_creds(cred_file)
        self._site_name = self._get_site_name()
        self._pubber = pubsub_v1.PublisherClient(credentials=self._credentials)
        LOGGER.info('Initialized gcp pub/sub %s:%s:%s', self._project,
                    self._client_name, self._site_name)
        self._firestore = self._initialize_firestore(cred_file)
        self._report_bucket_name = self.REPORT_BUCKET_FORMAT % self._project
        self._storage = storage.Client(project=self._project,
                                       credentials=self._credentials)
        self._bucket = self._ensure_report_bucket()
        self._config_callbacks = {}
        self._logging = logging.Client(credentials=self._credentials,
                                       project=self._project)

        LOGGER.info('Connection initialized at %s', get_timestamp())
コード例 #15
0
def test_load_credentials_from_file_impersonated_with_service_account_source():
    credentials, _ = _default.load_credentials_from_file(
        IMPERSONATED_SERVICE_ACCOUNT_SERVICE_ACCOUNT_SOURCE_FILE)
    assert isinstance(credentials, impersonated_credentials.Credentials)
    assert isinstance(credentials._source_credentials,
                      service_account.Credentials)
    assert not credentials._quota_project_id
コード例 #16
0
def test_load_credentials_from_file_authorized_user_cloud_sdk_with_quota_project(
):
    credentials, project_id = _default.load_credentials_from_file(
        AUTHORIZED_USER_CLOUD_SDK_FILE, quota_project_id="project-foo")

    assert isinstance(credentials, google.oauth2.credentials.Credentials)
    assert project_id is None
    assert credentials.quota_project_id == "project-foo"
コード例 #17
0
def test_load_credentials_from_file_external_account_aws(get_project_id, tmpdir):
    config_file = tmpdir.join("config.json")
    config_file.write(json.dumps(AWS_DATA))
    credentials, project_id = _default.load_credentials_from_file(str(config_file))

    assert isinstance(credentials, aws.Credentials)
    # Since no scopes are specified, the project ID cannot be determined.
    assert project_id is None
    assert get_project_id.called
コード例 #18
0
def test_load_credentials_from_file_authorized_user_cloud_sdk_with_scopes():
    with pytest.warns(UserWarning, match="Cloud SDK"):
        credentials, project_id = _default.load_credentials_from_file(
            AUTHORIZED_USER_CLOUD_SDK_FILE,
            scopes=["https://www.google.com/calendar/feeds"],
        )
    assert isinstance(credentials, google.oauth2.credentials.Credentials)
    assert project_id is None
    assert credentials.scopes == ["https://www.google.com/calendar/feeds"]
コード例 #19
0
def test_load_credentials_from_file_external_account_with_quota_project(
        get_project_id, tmpdir):
    config_file = tmpdir.join("config.json")
    config_file.write(json.dumps(IDENTITY_POOL_DATA))
    credentials, project_id = _default.load_credentials_from_file(
        str(config_file), quota_project_id="project-foo")

    assert isinstance(credentials, identity_pool.Credentials)
    # Since no scopes are specified, the project ID cannot be determined.
    assert project_id is None
    assert credentials.quota_project_id == "project-foo"
コード例 #20
0
def test_load_credentials_from_file_impersonated_with_authorized_user_source():
    credentials, project_id = _default.load_credentials_from_file(
        IMPERSONATED_SERVICE_ACCOUNT_AUTHORIZED_USER_SOURCE_FILE)
    assert isinstance(credentials, impersonated_credentials.Credentials)
    assert isinstance(credentials._source_credentials,
                      google.oauth2.credentials.Credentials)
    assert credentials.service_account_email == "*****@*****.**"
    assert credentials._delegates == ["*****@*****.**"]
    assert not credentials._quota_project_id
    assert not credentials._target_scopes
    assert project_id is None
コード例 #21
0
def test_load_credentials_from_file_external_account_workforce_impersonated(
        get_project_id, tmpdir):
    config_file = tmpdir.join("config.json")
    config_file.write(json.dumps(IMPERSONATED_IDENTITY_POOL_WORKFORCE_DATA))
    credentials, project_id = _default.load_credentials_from_file(
        str(config_file))

    assert isinstance(credentials, identity_pool.Credentials)
    assert not credentials.is_user
    assert credentials.is_workforce_pool
    # Since no scopes are specified, the project ID cannot be determined.
    assert project_id is None
    assert get_project_id.called
コード例 #22
0
def test_load_credentials_from_file_external_account_explicit_request(
        get_project_id, tmpdir):
    config_file = tmpdir.join("config.json")
    config_file.write(json.dumps(IDENTITY_POOL_DATA))
    credentials, project_id = _default.load_credentials_from_file(
        str(config_file),
        request=mock.sentinel.request,
        scopes=["https://www.googleapis.com/auth/cloud-platform"],
    )

    assert isinstance(credentials, identity_pool.Credentials)
    # Since scopes are specified, the project ID can be determined.
    assert project_id is mock.sentinel.project_id
    get_project_id.assert_called_with(credentials,
                                      request=mock.sentinel.request)
コード例 #23
0
def test_load_credentials_from_file_external_account_with_user_and_default_scopes(
        get_project_id, tmpdir):
    config_file = tmpdir.join("config.json")
    config_file.write(json.dumps(IDENTITY_POOL_DATA))
    credentials, project_id = _default.load_credentials_from_file(
        str(config_file),
        scopes=["https://www.google.com/calendar/feeds"],
        default_scopes=["https://www.googleapis.com/auth/cloud-platform"],
    )

    assert isinstance(credentials, identity_pool.Credentials)
    # Since scopes are specified, the project ID can be determined.
    assert project_id is mock.sentinel.project_id
    assert credentials.scopes == ["https://www.google.com/calendar/feeds"]
    assert credentials.default_scopes == [
        "https://www.googleapis.com/auth/cloud-platform"
    ]
コード例 #24
0
ファイル: auth.py プロジェクト: staftermath/pysuite 
    def load_credential(self) -> Credentials:
        """load credential json file needed to authenticate Google Suite Apps. If token file does not exists,
        confirmation is needed from browser prompt and the token file will be created.

        :param credential: path to the credential json file.
        :return: a Credential object
        """
        if not self.is_google_cloud:
            if self._token_path is None:
                raise ValueError(f"token is required for {self._services}.")

            if not Path(self._token_path).exists():
                return self._load_credential_from_file(self._credential_path)  # pragma: no cover

            with open(self._token_path, 'r') as f:
                token_json = json.load(f)

            with open(self._credential_path, 'r') as f:
                try:
                    cred_json = json.load(f)["installed"]
                except KeyError:
                    raise KeyError("'installed' does not exist in credential file. please check the format")

            try:
                credential = Credentials(token=token_json["token"],
                                         refresh_token=token_json["refresh_token"],
                                         token_uri=cred_json["token_uri"],
                                         client_id=cred_json["client_id"],
                                         client_secret=cred_json["client_secret"],
                                         scopes=self._scopes,
                                         )
            except KeyError as e:
                logging.critical("missing key value in credential or token file")
                raise e
        else:
            credential, _ = load_credentials_from_file(str(self._credential_path))

        return credential
コード例 #25
0
def test_load_credentials_from_missing_file():
    with pytest.raises(exceptions.DefaultCredentialsError) as excinfo:
        _default.load_credentials_from_file("")

    assert excinfo.match(r"not found")
コード例 #26
0
def test_load_credentials_from_file_authorized_user():
    credentials, project_id = _default.load_credentials_from_file(
        AUTHORIZED_USER_FILE)
    assert isinstance(credentials, google.oauth2.credentials.Credentials)
    assert project_id is None
コード例 #27
0
def test_load_credentials_from_file_service_account():
    credentials, project_id = _default.load_credentials_from_file(
        SERVICE_ACCOUNT_FILE)
    assert isinstance(credentials, service_account.Credentials)
    assert project_id == SERVICE_ACCOUNT_FILE_DATA["project_id"]
コード例 #28
0
def test_load_credentials_from_file_impersonated_passing_scopes():
    credentials, _ = _default.load_credentials_from_file(
        IMPERSONATED_SERVICE_ACCOUNT_SERVICE_ACCOUNT_SOURCE_FILE,
        scopes=["scope1", "scope2"],
    )
    assert credentials._target_scopes == ["scope1", "scope2"]
コード例 #29
0
def test_load_credentials_from_file_impersonated_passing_quota_project():
    credentials, _ = _default.load_credentials_from_file(
        IMPERSONATED_SERVICE_ACCOUNT_SERVICE_ACCOUNT_SOURCE_FILE,
        quota_project_id="new_quota_project",
    )
    assert credentials._quota_project_id == "new_quota_project"
コード例 #30
0
def test_load_credentials_from_file_impersonated_with_quota_project():
    credentials, _ = _default.load_credentials_from_file(
        IMPERSONATED_SERVICE_ACCOUNT_WITH_QUOTA_PROJECT_FILE)
    assert isinstance(credentials, impersonated_credentials.Credentials)
    assert credentials._quota_project_id == "quota_project"