def RevokeCredsInWellKnownFile(brief): """Revoke the credentials in ADC's well-known file.""" # pylint:disable=protected-access, refactor as per TODO above credentials_filename = client._get_well_known_file() if not os.path.isfile(credentials_filename): if not brief: log.status.write( '\nApplication Default Credentials have not been\n' 'set up by a tool, so nothing was revoked.\n') return # We only want to get the credentials from the well-known file, because # no other credentials can be revoked. # pylint:disable=protected-access, refactor as per TODO above creds = client._get_application_default_credential_from_file( credentials_filename) if creds.serialization_data['type'] != 'authorized_user': if not brief: log.status.write( '\nThe credentials set up for Application Default Credentials\n' 'through the Google Cloud SDK are service account credentials,\n' 'so they were not revoked.\n') else: c_store.RevokeCredentials(creds) if not brief: log.status.write( '\nThe credentials set up for Application Default Credentials\n' 'through the Google Cloud SDK have been revoked.\n') os.remove(credentials_filename) if not brief: log.status.write( '\nThe file storing the Application Default Credentials\n' 'has been removed.\n')
def Run(self, args): """Revoke Application Default Credentials.""" cred_file = config.ADCFilePath() if not os.path.isfile(cred_file): log.status.Print( 'Application Default Credentials have not been set up, ' 'nothing to revoke.') return creds = client.GoogleCredentials.from_stream(cred_file) if creds.serialization_data['type'] != 'authorized_user': raise c_exc.BadFileException( 'The given credential file is a service account credential, and ' 'cannot be revoked.') console_io.PromptContinue( 'You are about to revoke the credentials stored in: [{file}]'. format(file=cred_file), throw_if_unattended=True, cancel_on_no=True) c_store.RevokeCredentials(creds) os.remove(cred_file) log.status.Print('Credentials revoked.')
def Run(self, args): """Revoke Application Default Credentials.""" cred_file = config.ADCFilePath() if not os.path.isfile(cred_file): log.status.Print( 'Application Default Credentials have not been set up, ' 'nothing to revoke.') return creds, _ = c_creds.GetGoogleAuthDefault().load_credentials_from_file( cred_file) if not (c_creds.IsUserAccountCredentials(creds) or c_creds.IsExternalAccountCredentials(creds) or c_creds.IsExternalAccountUserCredentials(creds)): raise c_exc.BadFileException( 'The given credential file is a service account credential, and ' 'cannot be revoked.') if isinstance(creds, google_auth_creds.Credentials): creds = c_google_auth.Credentials.FromGoogleAuthUserCredentials( creds) console_io.PromptContinue( 'You are about to revoke the credentials stored in: [{file}]'. format(file=cred_file), throw_if_unattended=True, cancel_on_no=True) try: c_store.RevokeCredentials(creds) os.remove(cred_file) log.status.Print('Credentials revoked.') except c_store.RevokeError: os.remove(cred_file) log.warning( 'The credentials stored in: [{file}] are not revocable from the ' 'server but have been deleted from the file system.'.format( file=cred_file))