def AvailableAccounts(): """Get all accounts that have credentials stored for the CloudSDK. This function will also ping the GCE metadata server to see if GCE credentials are available. Returns: [str], List of the accounts. """ all_keys = multistore_file.get_all_credential_keys( filename=config.Paths().credentials_path) accounts = [] for key in all_keys: if key.get('type') != 'google-cloud-sdk': continue if key.get('clientId') != properties.VALUES.auth.client_id.Get( required=True): continue if key.get('scope') != ' '.join(config.CLOUDSDK_SCOPES): continue accounts.append(key['account']) accounts.extend(c_gce.Metadata().Accounts()) devshell_creds = c_devshell.LoadDevshellCredentials() if devshell_creds: accounts.append(devshell_creds.devshell_response.user_email) accounts.sort() return accounts
def AvailableAccounts(): """Get all accounts that have credentials stored for the CloudSDK. This function will also ping the GCE metadata server to see if GCE credentials are available. Returns: [str], List of the accounts. """ all_keys = multistore_file.get_all_credential_keys( filename=config.Paths().credentials_path) accounts = [key['account'] for key in all_keys if key.get('type') == 'google-cloud-sdk'] accounts.extend(c_gce.Metadata().Accounts()) devshell_creds = c_devshell.LoadDevshellCredentials() if devshell_creds: accounts.append(devshell_creds.devshell_response.user_email) accounts.sort() return accounts
def Load(account=None): """Get the credentials associated with the provided account. Args: account: str, The account address for the credentials being fetched. If None, the account stored in the core.account property is used. Returns: oauth2client.client.Credentials, The specified credentials. Raises: NoActiveAccountException: If account is not provided and there is no active account. NoCredentialsForAccountException: If there are no valid credentials available for the provided or active account. c_gce.CannotConnectToMetadataServerException: If the metadata server cannot be reached. RefreshError: If the credentials fail to refresh. """ # If a credential file is set, just use that and ignore the active account # and whatever is in the credential store. cred_file_override = properties.VALUES.auth.credential_file_override.Get() if cred_file_override: log.info('Using alternate credentials from file: [%s]', cred_file_override) try: cred = client.GoogleCredentials.from_stream(cred_file_override) if cred.create_scoped_required(): cred = cred.create_scoped(config.CLOUDSDK_SCOPES) return cred except client.Error as e: raise InvalidCredentialFileException(cred_file_override, e) if not account: account = properties.VALUES.core.account.Get() if not account: raise NoActiveAccountException() devshell_creds = c_devshell.LoadDevshellCredentials() if devshell_creds and ( devshell_creds.devshell_response.user_email == account): return devshell_creds if account in c_gce.Metadata().Accounts(): return AcquireFromGCE(account) store = _StorageForAccount(account) if not store: raise NoCredentialsForAccountException(account) cred = store.get() if not cred: raise NoCredentialsForAccountException(account) # cred.token_expiry is in UTC time. if not cred.token_expiry or cred.token_expiry < cred.token_expiry.utcnow(): Refresh(cred) return cred
def GetCredentials(self, account, use_google_auth=False): # TODO(b/153356810): migrate to google-auth. del use_google_auth devshell_creds = c_devshell.LoadDevshellCredentials() if devshell_creds and (devshell_creds.devshell_response.user_email == account): return devshell_creds return None
def GetAccounts(self): # DevShellCredentialsGoogleAuth and DevShellCredentials use the same code # to get devshell_response, so here it is safe to load # DevShellCredentialsGoogleAuth. devshell_creds = c_devshell.LoadDevshellCredentials( use_google_auth=True) if devshell_creds: return set([devshell_creds.devshell_response.user_email]) return set()
def Load(account=None): """Get the credentials associated with the provided account. Args: account: str, The account address for the credentials being fetched. If None, the account stored in the core.account property is used. Returns: oauth2client.client.Credentials, The specified credentials. Raises: NoActiveAccountException: If account is not provided and there is no active account. NoCredentialsForAccountException: If there are no valid credentials available for the provided or active account. c_gce.CannotConnectToMetadataServerException: If the metadata server cannot be reached. RefreshError: If the credentials fail to refresh. """ if not account: account = properties.VALUES.core.account.Get() if not account: raise NoActiveAccountException() devshell_creds = c_devshell.LoadDevshellCredentials() if devshell_creds and ( devshell_creds.devshell_response.user_email == account): return devshell_creds if account in c_gce.Metadata().Accounts(): return AcquireFromGCE(account) store = _StorageForAccount(account) if not store: raise NoCredentialsForAccountException(account) cred = store.get() if not cred: raise NoCredentialsForAccountException(account) # cred.token_expiry is in UTC time. if not cred.token_expiry or cred.token_expiry < cred.token_expiry.utcnow(): Refresh(cred) return cred
def AvailableAccounts(): """Get all accounts that have credentials stored for the CloudSDK. This function will also ping the GCE metadata server to see if GCE credentials are available. Returns: [str], List of the accounts. """ store = Oauth2ClientCredentialStore(config.Paths().credentials_path) accounts = store.GetAccounts() | set(c_gce.Metadata().Accounts()) devshell_creds = c_devshell.LoadDevshellCredentials() if devshell_creds: accounts.add(devshell_creds.devshell_response.user_email) return sorted(accounts)
def GetAccounts(self): devshell_creds = c_devshell.LoadDevshellCredentials() if devshell_creds: return set([devshell_creds.devshell_response.user_email]) return set()
def GetCredentials(self, account): devshell_creds = c_devshell.LoadDevshellCredentials() if devshell_creds and (devshell_creds.devshell_response.user_email == account): return devshell_creds return None
def GetCredentials(self, account, use_google_auth=False): devshell_creds = c_devshell.LoadDevshellCredentials(use_google_auth) if devshell_creds and (devshell_creds.devshell_response.user_email == account): return devshell_creds return None
def Load(account=None, scopes=None, prevent_refresh=False): """Get the credentials associated with the provided account. Args: account: str, The account address for the credentials being fetched. If None, the account stored in the core.account property is used. scopes: tuple, Custom auth scopes to request. By default CLOUDSDK_SCOPES are requested. prevent_refresh: bool, If True, do not refresh the access token even if it is out of date. (For use with operations that do not require a current access token, such as credential revocation.) Returns: oauth2client.client.Credentials, The specified credentials. Raises: NoActiveAccountException: If account is not provided and there is no active account. NoCredentialsForAccountException: If there are no valid credentials available for the provided or active account. c_gce.CannotConnectToMetadataServerException: If the metadata server cannot be reached. TokenRefreshError: If the credentials fail to refresh. """ # If a credential file is set, just use that and ignore the active account # and whatever is in the credential store. cred_file_override = properties.VALUES.auth.credential_file_override.Get() if cred_file_override: log.info('Using alternate credentials from file: [%s]', cred_file_override) try: cred = client.GoogleCredentials.from_stream(cred_file_override) cred_type = cred.serialization_data['type'] token_uri_override = properties.VALUES.auth.token_host.Get() if cred_type == client.SERVICE_ACCOUNT and token_uri_override: # pylint: disable=protected-access cred.token_uri = cred._token_uri = token_uri_override if cred.create_scoped_required(): if scopes is None: scopes = config.CLOUDSDK_SCOPES cred = cred.create_scoped(scopes) return cred except client.Error as e: raise InvalidCredentialFileException(cred_file_override, e) if not account: account = properties.VALUES.core.account.Get() if not account: raise NoActiveAccountException() devshell_creds = c_devshell.LoadDevshellCredentials() if devshell_creds and (devshell_creds.devshell_response.user_email == account): return devshell_creds if account in c_gce.Metadata().Accounts(): return AcquireFromGCE(account) store = _StorageForAccount(account) if not store: raise NoCredentialsForAccountException(account) cred = store.get() if not cred: raise NoCredentialsForAccountException(account) # cred.token_expiry is in UTC time. if (not prevent_refresh and (not cred.token_expiry or cred.token_expiry < cred.token_expiry.utcnow())): Refresh(cred) return cred
def Load(account=None, scopes=None, prevent_refresh=False): """Get the credentials associated with the provided account. This loads credentials regardless of whether credentials have been disabled via properties. Only use this when the functionality of the caller absolutely requires credentials (like printing out a token) vs logically requiring credentials (like for an http request). Args: account: str, The account address for the credentials being fetched. If None, the account stored in the core.account property is used. scopes: tuple, Custom auth scopes to request. By default CLOUDSDK_SCOPES are requested. prevent_refresh: bool, If True, do not refresh the access token even if it is out of date. (For use with operations that do not require a current access token, such as credential revocation.) Returns: oauth2client.client.Credentials, The specified credentials. Raises: NoActiveAccountException: If account is not provided and there is no active account. NoCredentialsForAccountException: If there are no valid credentials available for the provided or active account. c_gce.CannotConnectToMetadataServerException: If the metadata server cannot be reached. TokenRefreshError: If the credentials fail to refresh. TokenRefreshReauthError: If the credentials fail to refresh due to reauth. """ # If a credential file is set, just use that and ignore the active account # and whatever is in the credential store. cred_file_override = properties.VALUES.auth.credential_file_override.Get() if cred_file_override: log.info('Using alternate credentials from file: [%s]', cred_file_override) try: cred = client.GoogleCredentials.from_stream(cred_file_override) except client.Error as e: raise InvalidCredentialFileException(cred_file_override, e) if cred.create_scoped_required(): if scopes is None: scopes = config.CLOUDSDK_SCOPES cred = cred.create_scoped(scopes) # Set token_uri after scopes since token_uri needs to be explicitly # preserved when scopes are applied. token_uri_override = properties.VALUES.auth.token_host.Get() if token_uri_override: cred_type = creds.CredentialType.FromCredentials(cred) if cred_type in (creds.CredentialType.SERVICE_ACCOUNT, creds.CredentialType.P12_SERVICE_ACCOUNT): cred.token_uri = token_uri_override return cred if not account: account = properties.VALUES.core.account.Get() if not account: raise NoActiveAccountException() devshell_creds = c_devshell.LoadDevshellCredentials() if devshell_creds and (devshell_creds.devshell_response.user_email == account): return devshell_creds if account in c_gce.Metadata().Accounts(): return AcquireFromGCE(account) store = creds.GetCredentialStore() cred = store.Load(account) if not cred: raise NoCredentialsForAccountException(account) # cred.token_expiry is in UTC time. if (not prevent_refresh and (not cred.token_expiry or cred.token_expiry < cred.token_expiry.utcnow())): Refresh(cred) return cred