def ClientInfo(cls): return { 'client_id': cls._CLIENT_ID, 'client_secret': cls._CLIENT_SECRET, 'scope': ' '.join(sorted(util.NormalizeScopes(cls._SCOPES))), 'user_agent': cls._USER_AGENT, }
def __init__(self, scopes=None, service_account_name='default', **kwds): """Initializes the credentials instance. Args: scopes: The scopes to get. If None, whatever scopes that are available to the instance are used. service_account_name: The service account to retrieve the scopes from. **kwds: Additional keyword args. """ if not util.DetectGce(): raise exceptions.ResourceUnavailableError( 'GCE credentials requested outside a GCE instance') if not self.GetServiceAccount(service_account_name): raise exceptions.ResourceUnavailableError( 'GCE credentials requested but service account %s does not exist.' % service_account_name) self.__service_account_name = service_account_name if scopes: scope_ls = util.NormalizeScopes(scopes) instance_scopes = self.GetInstanceScopes() if scope_ls > instance_scopes: raise exceptions.CredentialsError( 'Instance did not have access to scopes %s' % (sorted(list(scope_ls - instance_scopes)), )) else: scopes = self.GetInstanceScopes() super(GceAssertionCredentials, self).__init__(scopes, **kwds)
def GetCredentials(package_name, scopes, client_id, client_secret, user_agent, credentials_filename=None, service_account_name=None, service_account_keyfile=None, api_key=None, client=None): """Attempt to get credentials, using an oauth dance as the last resort.""" scopes = util.NormalizeScopes(scopes) # TODO: Error checking. client_info = { 'client_id': client_id, 'client_secret': client_secret, 'scope': ' '.join(sorted(util.NormalizeScopes(scopes))), 'user_agent': user_agent or '%s-generated/0.1' % package_name, } if service_account_name is not None: credentials = ServiceAccountCredentialsFromFile( service_account_name, service_account_keyfile, scopes) if credentials is not None: return credentials credentials = GaeAssertionCredentials.Get(scopes) if credentials is not None: return credentials credentials = GceAssertionCredentials.Get(scopes) if credentials is not None: return credentials credentials_filename = credentials_filename or os.path.expanduser( '~/.apitools.token') credentials = CredentialsFromFile(credentials_filename, client_info) if credentials is not None: return credentials raise exceptions.CredentialsError('Could not create valid credentials')
def GetInstanceScopes(self): # Extra header requirement can be found here: # https://developers.google.com/compute/docs/metadata scopes_uri = ( 'http://metadata.google.internal/computeMetadata/v1/instance/' 'service-accounts/%s/scopes') % self.__service_account_name additional_headers = {'X-Google-Metadata-Request': 'True'} request = urllib2.Request(scopes_uri, headers=additional_headers) try: response = urllib2.urlopen(request) except urllib2.URLError as e: raise exceptions.CommunicationError( 'Could not reach metadata service: %s' % e.reason) return util.NormalizeScopes(scope.strip() for scope in response.readlines())
def ServiceAccountCredentials(service_account_name, private_key, scopes): scopes = util.NormalizeScopes(scopes) return oauth2client.client.SignedJwtAssertionCredentials( service_account_name, private_key, scopes)
def __init__(self, scopes, **kwds): if not util.DetectGae(): raise exceptions.ResourceUnavailableError( 'GCE credentials requested outside a GCE instance') self._scopes = list(util.NormalizeScopes(scopes)) super(GaeAssertionCredentials, self).__init__(None, **kwds)