def Run(self, args):
"""Run the authentication command."""
if c_gce.Metadata().connected:
message = textwrap.dedent("""
You are running on a Google Compute Engine virtual machine.
The service credentials associated with this virtual machine
will automatically be used by Application Default
Credentials, so it is not necessary to use this command.
If you decide to proceed anyway, your user credentials may be visible
to others with access to this virtual machine. Are you sure you want
to authenticate with your personal account?
""")
console_io.PromptContinue(message=message,
throw_if_unattended=True,
cancel_on_no=True)
override_file = auth_util.AdcEnvVariable()
if override_file:
message = textwrap.dedent("""
The environment variable [{envvar}] is set to:
[{override_file}]
Credentials will still be generated to the default location:
[{default_file}]
To use these credentials, unset this environment variable before
running your application.
""".format(envvar=client.GOOGLE_APPLICATION_CREDENTIALS,
override_file=override_file,
default_file=auth_util.ADCFilePath()))
console_io.PromptContinue(message=message,
throw_if_unattended=True,
cancel_on_no=True)
scopes = args.scopes or auth_util.DEFAULT_SCOPES
launch_browser = check_browser.ShouldLaunchBrowser(args.launch_browser)
if args.client_id_file:
creds = auth_util.DoInstalledAppBrowserFlow(
launch_browser=launch_browser,
scopes=scopes,
client_id_file=args.client_id_file)
else:
creds = auth_util.DoInstalledAppBrowserFlow(
launch_browser=launch_browser,
scopes=scopes,
client_id=auth_util.DEFAULT_CREDENTIALS_DEFAULT_CLIENT_ID,
client_secret=auth_util.
DEFAULT_CREDENTIALS_DEFAULT_CLIENT_SECRET)
full_path = auth_util.SaveCredentialsAsADC(creds)
log.status.Print(
'\nCredentials saved to file: [{f}]'.format(f=full_path))
log.status.Print(
'\n'
'These credentials will be used by any library that requests\n'
'Application Default Credentials.\n'
'\n'
'To generate an access token for other uses, run:\n'
' gcloud auth application-default print-access-token')
return creds
def Run(self, args):
"""Run the authentication command."""
if c_gce.Metadata().connected:
message = textwrap.dedent("""
You are running on a Google Compute Engine virtual machine.
The service credentials associated with this virtual machine
will automatically be used by Application Default
Credentials, so it is not necessary to use this command.
If you decide to proceed anyway, your user credentials may be visible
to others with access to this virtual machine. Are you sure you want
to authenticate with your personal account?
""")
console_io.PromptContinue(message=message,
throw_if_unattended=True,
cancel_on_no=True)
command_auth_util.PromptIfADCEnvVarIsSet()
scopes = args.scopes or auth_util.DEFAULT_SCOPES
# This reauth scope is only used here and when refreshing the access token.
scopes += [config.REAUTH_SCOPE]
launch_browser = check_browser.ShouldLaunchBrowser(args.launch_browser)
if args.client_id_file:
creds = auth_util.DoInstalledAppBrowserFlow(
launch_browser=launch_browser,
scopes=scopes,
client_id_file=args.client_id_file)
else:
creds = auth_util.DoInstalledAppBrowserFlow(
launch_browser=launch_browser,
scopes=scopes,
client_id=auth_util.DEFAULT_CREDENTIALS_DEFAULT_CLIENT_ID,
client_secret=auth_util.
DEFAULT_CREDENTIALS_DEFAULT_CLIENT_SECRET)
if args.IsSpecified('client_id_file'):
full_path = c_creds.ADC(creds).DumpADCToFile()
else:
full_path = c_creds.ADC(creds).DumpExtendedADCToFile()
log.status.Print(
'\nCredentials saved to file: [{f}]'.format(f=full_path))
log.status.Print(
'\nThese credentials will be used by any library that requests '
'Application Default Credentials (ADC).')
quota_project = command_auth_util.GetQuotaProjectFromADC()
if quota_project:
log.status.Print(
"\nQuota project '{}' was added to ADC which can be used by Google "
'client libraries for billing and quota. To just '
'update the quota project in ADC, '
'run $gcloud auth application-default set-quota-project.'.
format(quota_project))
return creds
def Run(self, args):
"""Run the authentication command."""
if c_gce.Metadata().connected:
message = textwrap.dedent("""
You are running on a Google Compute Engine virtual machine.
The service credentials associated with this virtual machine
will automatically be used by Application Default
Credentials, so it is not necessary to use this command.
If you decide to proceed anyway, your user credentials may be visible
to others with access to this virtual machine. Are you sure you want
to authenticate with your personal account?
""")
console_io.PromptContinue(message=message,
throw_if_unattended=True,
cancel_on_no=True)
command_auth_util.PromptIfADCEnvVarIsSet()
# This reauth scope is only used here and when refreshing the access token.
scopes = (args.scopes
or auth_util.DEFAULT_SCOPES) + [config.REAUTH_SCOPE]
launch_browser = check_browser.ShouldLaunchBrowser(args.launch_browser)
if args.use_oauth2client:
if args.client_id_file:
creds = auth_util.DoInstalledAppBrowserFlow(
launch_browser=launch_browser,
scopes=scopes,
client_id_file=args.client_id_file)
else:
creds = auth_util.DoInstalledAppBrowserFlow(
launch_browser=launch_browser,
scopes=scopes,
client_id=auth_util.DEFAULT_CREDENTIALS_DEFAULT_CLIENT_ID,
client_secret=auth_util.
DEFAULT_CREDENTIALS_DEFAULT_CLIENT_SECRET)
else:
properties.VALUES.auth.client_id.Set(
auth_util.DEFAULT_CREDENTIALS_DEFAULT_CLIENT_ID)
properties.VALUES.auth.client_secret.Set(
auth_util.DEFAULT_CREDENTIALS_DEFAULT_CLIENT_SECRET)
creds = auth_util.DoInstalledAppBrowserFlowGoogleAuth(
launch_browser, scopes, client_id_file=args.client_id_file)
if args.IsSpecified('client_id_file'):
command_auth_util.DumpADC(creds, quota_project_disabled=False)
elif args.disable_quota_project or (not args.add_quota_project):
command_auth_util.DumpADC(creds, quota_project_disabled=True)
else:
command_auth_util.DumpADCOptionalQuotaProject(creds)
return creds
def Run(self, args):
"""Run the authentication command."""
if c_gce.Metadata().connected:
message = textwrap.dedent("""
You are running on a Google Compute Engine virtual machine.
The service credentials associated with this virtual machine
will automatically be used by Application Default
Credentials, so it is not necessary to use this command.
If you decide to proceed anyway, your user credentials may be visible
to others with access to this virtual machine. Are you sure you want
to authenticate with your personal account?
""")
answer = console_io.PromptContinue(message=message)
if not answer:
return None
if auth_util.AdcEnvVariableIsSet():
message = textwrap.dedent("""
The environment variable GOOGLE_APPLICATION_CREDENTIALS is set,
which means that the file pointed to by that variable will be used
instead of any credentials set up with this command. Do you want to
continue anyway?
""")
answer = console_io.PromptContinue(message=message)
if not answer:
return None
scopes = args.scopes
if not scopes:
scopes = [auth_util.CLOUD_PLATFORM_SCOPE]
launch_browser = auth_util.ShouldLaunchBrowser(args.launch_browser)
creds = auth_util.DoInstalledAppBrowserFlow(
client_id_file=args.client_id_file,
scopes=scopes,
launch_browser=launch_browser)
return self.SaveCredentials(creds, args.brief)
def Run(self, args):
"""Run the authentication command."""
scopes = config.CLOUDSDK_SCOPES
# Add REAUTH scope in case the user has 2fact activated.
# This scope is only used here and when refreshing the access token.
scopes += (config.REAUTH_SCOPE,)
if args.enable_gdrive_access:
scopes += (auth_util.GOOGLE_DRIVE_SCOPE,)
if c_devshell.IsDevshellEnvironment():
message = """
You are already authenticated with gcloud when running
inside the Cloud Shell and so do not need to run this
command.
Do you wish to proceed anyway?
"""
answer = console_io.PromptContinue(message=message)
if not answer:
return None
elif c_gce.Metadata().connected:
message = textwrap.dedent("""
You are running on a Google Compute Engine virtual machine.
It is recommended that you use service accounts for authentication.
You can run:
$ gcloud config set account `ACCOUNT`
to switch accounts if necessary.
Your credentials may be visible to others with access to this
virtual machine. Are you sure you want to authenticate with
your personal account?
""")
answer = console_io.PromptContinue(message=message)
if not answer:
return None
account = args.account
if account and not args.force:
try:
creds = c_store.Load(account=account, scopes=scopes)
except c_store.Error:
creds = None
if creds:
# Account already has valid creds, just switch to it.
return self.LoginAs(account, creds, args.project, args.activate,
args.brief)
# No valid creds, do the web flow.
launch_browser = check_browser.ShouldLaunchBrowser(args.launch_browser)
creds = auth_util.DoInstalledAppBrowserFlow(launch_browser, scopes)
web_flow_account = creds.id_token['email']
if account and account.lower() != web_flow_account.lower():
raise auth_exceptions.WrongAccountError(
'You attempted to log in as account [{account}] but the received '
'credentials were for account [{web_flow_account}].\n\n'
'Please check that your browser is logged in as account [{account}] '
'and that you are using the correct browser profile.'.format(
account=account, web_flow_account=web_flow_account))
account = web_flow_account
# We got new creds, and they are for the correct user.
c_store.Store(creds, account, scopes)
return self.LoginAs(account, creds, args.project, args.activate,
args.brief)
