def Run(self, args): """Run the helper command.""" cred = c_store.Load(args.account) c_store.Refresh(cred) if not cred.access_token: raise auth_exceptions.InvalidCredentialsError( 'No access token could be obtained from the current credentials.') return cred
def Run(self, args): """Run the helper command.""" cred = c_store.Load( args.account, allow_account_impersonation=True, use_google_auth=True) c_store.Refresh(cred) if c_creds.IsOauth2ClientCredentials(cred): token = cred.access_token else: token = cred.token if not token: raise auth_exceptions.InvalidCredentialsError( 'No access token could be obtained from the current credentials.') return DummyCredentials(token)
def Run(self, args): """Run the helper command.""" cred = c_store.Load(args.account, allow_account_impersonation=True, use_google_auth=True) if args.scopes: cred_type = c_creds.CredentialTypeGoogleAuth.FromCredentials(cred) if cred_type not in [ c_creds.CredentialTypeGoogleAuth.USER_ACCOUNT, c_creds.CredentialTypeGoogleAuth.SERVICE_ACCOUNT ]: # TODO(b/223649175): Add support for other credential types(e.g GCE). log.warning( '`--scopes` flag may not working as expected and will be ignored ' 'for account type {}.'.format(cred_type.key)) scopes = args.scopes + [ auth_util.OPENID, auth_util.USER_EMAIL_SCOPE ] # non user account credential types if isinstance(cred, credentials.Scoped): cred = cred.with_scopes(scopes) else: requested_scopes = set(args.scopes) trusted_scopes = set(config.CLOUDSDK_SCOPES) if not requested_scopes.issubset(trusted_scopes): raise c_exc.InvalidArgumentException( '--scopes', 'Invalid scopes value. Please make sure the scopes are from [{0}]' .format(config.CLOUDSDK_SCOPES)) # pylint:disable=protected-access cred._scopes = scopes c_store.Refresh(cred) if c_creds.IsOauth2ClientCredentials(cred): token = cred.access_token else: token = cred.token if not token: raise auth_exceptions.InvalidCredentialsError( 'No access token could be obtained from the current credentials.' ) return FakeCredentials(token)
def generate_login_token_from_gcloud_auth(scopes): """Genearete a down-coped access token with given scopes for IAM DB authentication from gcloud credentials. Args: scopes: scopes to be included in the down-scoped token. Returns: Down-scoped access token. """ cred = c_store.Load(allow_account_impersonation=True, use_google_auth=True) cred = _downscope_credential(cred, scopes) c_store.Refresh(cred) if c_creds.IsOauth2ClientCredentials(cred): token = cred.access_token else: token = cred.token if not token: raise auth_exceptions.InvalidCredentialsError( 'No access token could be obtained from the current credentials.') return token