def _get_transfer_service_account(): credentials = default_credentials() credentials = with_scopes(credentials, scopes=['https://www.googleapis.com/auth/cloud-platform']) service = discovery.build('storagetransfer', 'v1', cache_discovery=False, credentials=credentials) request = service.googleServiceAccounts().get(projectId=GCP_PROJECT_ID) return request.execute()
def latest_successful_build(image_id): """Given an image URI get the most recent green cloudbuild.""" credentials = _auth.default_credentials() uri_prefix = image_id.split(":")[0] project_id = uri_prefix.split("/")[1] cloudbuild = googleapiclient.discovery.build('cloudbuild', 'v1', credentials=credentials, cache_discovery=False) builds = cloudbuild.projects().builds().list( projectId=project_id).execute() latest_time = None latest = None for build in builds["builds"]: if build["status"] == "SUCCESS": images = build["images"] if len(images) == 1: if images[0].startswith(uri_prefix): finish_time = dateutil.parser.parse(build["finishTime"]) if not latest: latest_time = finish_time if finish_time >= latest_time: latest = images[0] latest_time = finish_time if latest: logging.info("Found a latest successful build: {}".format(latest)) return latest
def test_default_credentials_with_quota_project(self): with mock.patch("google.auth.default", autospec=True) as default: default.return_value = (mock.sentinel.credentials, mock.sentinel.project) credentials = _auth.default_credentials(quota_project_id="my-project") default.assert_called_once_with(scopes=None, quota_project_id="my-project") self.assertEqual(credentials, mock.sentinel.credentials)
def test_default_credentials(self): with mock.patch("google.auth.default", autospec=True) as default: default.return_value = (mock.sentinel.credentials, mock.sentinel.project) credentials = _auth.default_credentials() self.assertEqual(credentials, mock.sentinel.credentials)
def test_default_credentials(self): with mock.patch('google.auth.default', autospec=True) as default: default.return_value = ( mock.sentinel.credentials, mock.sentinel.project) credentials = _auth.default_credentials() self.assertEqual(credentials, mock.sentinel.credentials)
def test_default_credentials(self): default_patch = mock.patch( 'oauth2client.client.GoogleCredentials.get_application_default') with default_patch as default: default.return_value = mock.sentinel.credentials credentials = _auth.default_credentials() self.assertEqual(credentials, mock.sentinel.credentials)
def test_default_credentials(self): default_patch = mock.patch( "oauth2client.client.GoogleCredentials.get_application_default") with default_patch as default: default.return_value = mock.sentinel.credentials credentials = _auth.default_credentials() self.assertEqual(credentials, mock.sentinel.credentials)
def __init__(self): # If credentials is None use Default credentials --> gcloud auth list if os.getenv("GCLOUD_DEFAULT_CREDENTIALS") != "False": print("Default credential: %s" % _auth.default_credentials().__dict__) self.compute = googleapiclient.discovery.build('compute', 'v1', credentials=None) else: credentials = service_account.Credentials.from_service_account_file( os.getenv("GCLOUD_SA_FILE")) print("Default credential: %s" % credentials.__dict__) self.compute = googleapiclient.discovery.build( 'compute', 'v1', credentials=credentials)
def build_from_document( service, base=None, future=None, http=None, developerKey=None, model=None, requestBuilder=HttpRequest, credentials=None ): """Create a Resource for interacting with an API. Same as `build()`, but constructs the Resource object from a discovery document that is it given, as opposed to retrieving one over HTTP. Args: service: string or object, the JSON discovery document describing the API. The value passed in may either be the JSON string or the deserialized JSON. base: string, base URI for all HTTP requests, usually the discovery URI. This parameter is no longer used as rootUrl and servicePath are included within the discovery document. (deprecated) future: string, discovery document with future capabilities (deprecated). http: httplib2.Http, An instance of httplib2.Http or something that acts like it that HTTP requests will be made through. developerKey: string, Key for controlling API usage, generated from the API Console. model: Model class instance that serializes and de-serializes requests and responses. requestBuilder: Takes an http request and packages it up to be executed. credentials: oauth2client.Credentials or google.auth.credentials.Credentials, credentials to be used for authentication. Returns: A Resource object with methods for interacting with the service. """ if http is not None and credentials is not None: raise ValueError('Arguments http and credentials are mutually exclusive.') if isinstance(service, six.string_types): service = json.loads(service) if 'rootUrl' not in service and (isinstance(http, (HttpMock, HttpMockSequence))): logger.error( "You are using HttpMock or HttpMockSequence without" + "having the service discovery doc in cache. Try calling " + "build() without mocking once first to populate the " + "cache." ) raise InvalidJsonError() base = urljoin(service['rootUrl'], service['servicePath']) schema = Schemas(service) # If the http client is not specified, then we must construct an http client # to make requests. If the service has scopes, then we also need to setup # authentication. if http is None: # Does the service require scopes? scopes = list(service.get('auth', {}).get('oauth2', {}).get('scopes', {}).keys()) # If so, then the we need to setup authentication if no developerKey is # specified. if scopes and not developerKey: # If the user didn't pass in credentials, attempt to acquire application # default credentials. if credentials is None: credentials = _auth.default_credentials() # The credentials need to be scoped. credentials = _auth.with_scopes(credentials, scopes) # Create an authorized http instance http = _auth.authorized_http(credentials) # If the service doesn't require scopes then there is no need for # authentication. else: http = build_http() if model is None: features = service.get('features', []) model = JsonModel('dataWrapper' in features) return Resource( http=http, baseUrl=base, model=model, developerKey=developerKey, requestBuilder=requestBuilder, resourceDesc=service, rootDesc=service, schema=schema )
from googleapiclient import _auth print(_auth.default_credentials())
@scenario('features/vm.feature', 'Validate GCE Instance') def test_validate(): """ Validate GCE functional test :return: """ pass VIRTUAL_MACHINE_DEF = None # Build and Initialize the API os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = '{0}/{1}'.format(os.environ['PWD'], '/credentials/anz-challenge.json') COMPUTE = discovery.build('compute', 'v1', credentials=_auth.default_credentials()) def get_instance_specs(project, zone): """ Fetch the GCE instance specifications :param project: GCP project name :param zone: GCP availability zone :return: list of instances from the specified project and zone """ result = COMPUTE.instances().list(project=project, zone=zone).execute() return result['items'] if 'items' in result else None def isgoodipv4(ip_addr): """
def test_default_credentials(self): with self.assertRaises(EnvironmentError): print(_auth.default_credentials())
def build_from_document( service, base=None, future=None, http=None, developerKey=None, model=None, requestBuilder=HttpRequest, credentials=None, client_options=None, adc_cert_path=None, adc_key_path=None, ): if http is not None and credentials is not None: raise ValueError( "Arguments http and credentials are mutually exclusive.") if isinstance(service, six.string_types): service = json.loads(service) elif isinstance(service, six.binary_type): service = json.loads(service.decode("utf-8")) if "rootUrl" not in service and isinstance(http, (HttpMock, HttpMockSequence)): logger.error( "You are using HttpMock or HttpMockSequence without" + "having the service discovery doc in cache. Try calling " + "build() without mocking once first to populate the " + "cache.") raise InvalidJsonError() base = urljoin(service["rootUrl"], service["servicePath"]) if client_options: if isinstance(client_options, six.moves.collections_abc.Mapping): client_options = google.api_core.client_options.from_dict( client_options) if client_options.api_endpoint: base = client_options.api_endpoint schema = Schemas(service) if http is None: scopes = list( service.get("auth", {}).get("oauth2", {}).get("scopes", {}).keys()) if scopes and not developerKey: if credentials is None: credentials = _auth.default_credentials() credentials = _auth.with_scopes(credentials, scopes) if credentials: http = _auth.authorized_http(credentials) else: http = build_http() client_cert_to_use = None if client_options and client_options.client_cert_source: raise MutualTLSChannelError( "ClientOptions.client_cert_source is not supported, please use ClientOptions.client_encrypted_cert_source." ) if (client_options and hasattr(client_options, "client_encrypted_cert_source") and client_options.client_encrypted_cert_source): client_cert_to_use = client_options.client_encrypted_cert_source elif adc_cert_path and adc_key_path and mtls.has_default_client_cert_source( ): client_cert_to_use = mtls.default_client_encrypted_cert_source( adc_cert_path, adc_key_path) if client_cert_to_use: cert_path, key_path, passphrase = client_cert_to_use() http_channel = (http.http if google_auth_httplib2 and isinstance( http, google_auth_httplib2.AuthorizedHttp) else http) http_channel.add_certificate(key_path, cert_path, "", passphrase) if "mtlsRootUrl" in service and (not client_options or not client_options.api_endpoint): mtls_endpoint = urljoin(service["mtlsRootUrl"], service["servicePath"]) use_mtls_env = os.getenv("GOOGLE_API_USE_MTLS", "never") if not use_mtls_env in ("never", "auto", "always"): raise MutualTLSChannelError( "Unsupported GOOGLE_API_USE_MTLS value. Accepted values: never, auto, always" ) if use_mtls_env == "always" or (use_mtls_env == "auto" and client_cert_to_use): base = mtls_endpoint if model is None: features = service.get("features", []) model = JsonModel("dataWrapper" in features) return { 'http': http, 'baseUrl': base, 'model': model, 'developerKey': developerKey, 'requestBuilder': requestBuilder, 'resourceDesc': service, 'rootDesc': service, 'schema': schema, }
def main(): conn = None device_opt = [ "port", "no_password", "zone", "project", "stackdriver-logging", "method", "baremetalsolution", "apitimeout", "retries", "retrysleep", "serviceaccount", "plugzonemap", "proxyhost", "proxyport" ] atexit.register(atexit_handler) define_new_opts() all_opt["power_timeout"]["default"] = "60" all_opt["method"]["default"] = "cycle" all_opt["method"][ "help"] = "-m, --method=[method] Method to fence (onoff|cycle) (Default: cycle)" options = check_input(device_opt, process_input(device_opt)) docs = {} docs["shortdesc"] = "Fence agent for GCE (Google Cloud Engine)" docs["longdesc"] = "fence_gce is an I/O Fencing agent for GCE (Google Cloud " \ "Engine). It uses the googleapiclient library to connect to GCE.\n" \ "googleapiclient can be configured with Google SDK CLI or by " \ "executing 'gcloud auth application-default login'.\n" \ "For instructions see: https://cloud.google.com/compute/docs/tutorials/python-guide" docs["vendorurl"] = "http://cloud.google.com" show_docs(options, docs) run_delay(options) # Prepare logging if options.get('--verbose') is None: logging.getLogger('googleapiclient').setLevel(logging.ERROR) logging.getLogger('oauth2client').setLevel(logging.ERROR) if options.get('--stackdriver-logging') is not None and options.get( '--plug'): try: import google.cloud.logging.handlers client = google.cloud.logging.Client() handler = google.cloud.logging.handlers.CloudLoggingHandler( client, name=options['--plug']) handler.setLevel(logging.INFO) formatter = logging.Formatter('gcp:stonith "%(message)s"') handler.setFormatter(formatter) root_logger = logging.getLogger() if options.get('--verbose') is None: root_logger.setLevel(logging.INFO) root_logger.addHandler(handler) except ImportError: logging.error('Couldn\'t import google.cloud.logging, ' 'disabling Stackdriver-logging support') # if apitimeout is defined we set the socket timeout, if not we keep the # socket default which is 60s if options.get("--apitimeout"): socket.setdefaulttimeout(options["--apitimeout"]) # Prepare cli try: serviceaccount = options.get("--serviceaccount") if serviceaccount: scope = ['https://www.googleapis.com/auth/cloud-platform'] logging.debug("using credentials from service account") try: from google.oauth2.service_account import Credentials as ServiceAccountCredentials credentials = ServiceAccountCredentials.from_service_account_file( filename=serviceaccount, scopes=scope) except ImportError: from oauth2client.service_account import ServiceAccountCredentials credentials = ServiceAccountCredentials.from_json_keyfile_name( serviceaccount, scope) else: try: from googleapiclient import _auth credentials = _auth.default_credentials() except: credentials = GoogleCredentials.get_application_default() logging.debug("using application default credentials") if options.get("--proxyhost") and options.get("--proxyport"): proxy_info = httplib2.ProxyInfo( proxy_type=socks.PROXY_TYPE_HTTP, proxy_host=options.get("--proxyhost"), proxy_port=int(options.get("--proxyport"))) http = credentials.authorize(httplib2.Http(proxy_info=proxy_info)) conn = googleapiclient.discovery.build('compute', 'v1', http=http, cache_discovery=False) else: conn = googleapiclient.discovery.build('compute', 'v1', credentials=credentials, cache_discovery=False) except Exception as err: fail_usage("Failed: Create GCE compute v1 connection: {}".format( str(err))) # Get project and zone if not options.get("--project"): try: options["--project"] = get_metadata('project/project-id') except Exception as err: fail_usage( "Failed retrieving GCE project. Please provide --project option: {}" .format(str(err))) if "--baremetalsolution" in options: options["--zone"] = "none" # Populates zone automatically if missing from the command zones = [] if not "--zone" in options else options["--zone"].split(",") options["--plugzonemap"] = {} if "--plug" in options: for i, instance in enumerate(options["--plug"].split(",")): if len(zones) == 1: # If only one zone is specified, use it across all plugs options["--plugzonemap"][instance] = zones[0] continue if len(zones) - 1 >= i: # If we have enough zones specified with the --zone flag use the zone at # the same index as the plug options["--plugzonemap"][instance] = zones[i] continue try: # In this case we do not have a zone specified so we attempt to detect it options["--plugzonemap"][instance] = get_zone( conn, options, instance) except Exception as err: fail_usage( "Failed retrieving GCE zone. Please provide --zone option: {}" .format(str(err))) # Operate the fencing device result = fence_action(conn, options, set_power_status, get_power_status, get_nodes_list, power_cycle) sys.exit(result)
def test_default_credentials_with_scopes_and_quota_project(self): with self.assertRaises(EnvironmentError): credentials = _auth.default_credentials( scopes=["1", "2"], quota_project_id="my-project")
def build_from_document(service, base=None, future=None, http=None, developerKey=None, model=None, requestBuilder=HttpRequest, credentials=None): """Create a Resource for interacting with an API. Same as `build()`, but constructs the Resource object from a discovery document that is it given, as opposed to retrieving one over HTTP. Args: service: string or object, the JSON discovery document describing the API. The value passed in may either be the JSON string or the deserialized JSON. base: string, base URI for all HTTP requests, usually the discovery URI. This parameter is no longer used as rootUrl and servicePath are included within the discovery document. (deprecated) future: string, discovery document with future capabilities (deprecated). http: httplib2.Http, An instance of httplib2.Http or something that acts like it that HTTP requests will be made through. developerKey: string, Key for controlling API usage, generated from the API Console. model: Model class instance that serializes and de-serializes requests and responses. requestBuilder: Takes an http request and packages it up to be executed. credentials: oauth2client.Credentials or google.auth.credentials.Credentials, credentials to be used for authentication. Returns: A Resource object with methods for interacting with the service. """ if http is not None and credentials is not None: raise ValueError( 'Arguments http and credentials are mutually exclusive.') if isinstance(service, six.string_types): service = json.loads(service) if 'rootUrl' not in service and (isinstance(http, (HttpMock, HttpMockSequence))): logger.error( "You are using HttpMock or HttpMockSequence without" + "having the service discovery doc in cache. Try calling " + "build() without mocking once first to populate the " + "cache.") raise InvalidJsonError() base = urljoin(service['rootUrl'], service['servicePath']) schema = Schemas(service) # If the http client is not specified, then we must construct an http client # to make requests. If the service has scopes, then we also need to setup # authentication. if http is None: # Does the service require scopes? scopes = list( service.get('auth', {}).get('oauth2', {}).get('scopes', {}).keys()) # If so, then the we need to setup authentication if no developerKey is # specified. if scopes and not developerKey: # If the user didn't pass in credentials, attempt to acquire application # default credentials. if credentials is None: credentials = _auth.default_credentials() # The credentials need to be scoped. credentials = _auth.with_scopes(credentials, scopes) # Create an authorized http instance http = _auth.authorized_http(credentials) # If the service doesn't require scopes then there is no need for # authentication. else: http = build_http() if model is None: features = service.get('features', []) model = JsonModel('dataWrapper' in features) return Resource(http=http, baseUrl=base, model=model, developerKey=developerKey, requestBuilder=requestBuilder, resourceDesc=service, rootDesc=service, schema=schema)
import datetime import os import yaml import uuid import re import dateutil import tensorflow as tf from google.cloud import pubsub_v1 from google.oauth2 import service_account import googleapiclient.discovery from googleapiclient import _auth credentials = _auth.default_credentials() service = googleapiclient.discovery.build('iam', 'v1', credentials=credentials) crm_service = googleapiclient.discovery.build('cloudresourcemanager', 'v1', credentials=credentials) cloudbuild = googleapiclient.discovery.build('cloudbuild', 'v1', credentials=credentials) def latest_successful_build(image_uri, project_id): """Given an image URI get the most recent green cloudbuild."""