def _google_analytics_credentials_from_service_account_credentials( private_key_id: str, private_key: str, client_email: str, client_id: str ): '''Returns the credentials for a service account ''' import oauth2client from oauth2client.service_account import ServiceAccountCredentials from oauth2client import crypt # adapted from ServiceAccountCredentials._from_parsed_json_keyfile() service_account_email = client_email private_key_pkcs8_pem = private_key private_key_id = private_key_id client_id = client_id token_uri = oauth2client.GOOGLE_TOKEN_URI revoke_uri = oauth2client.GOOGLE_REVOKE_URI signer = crypt.Signer.from_string(private_key_pkcs8_pem) credentials = ServiceAccountCredentials(service_account_email, signer, scopes=SCOPES, private_key_id=private_key_id, client_id=client_id, token_uri=token_uri, revoke_uri=revoke_uri) credentials._private_key_pkcs8_pem = private_key_pkcs8_pem return credentials
def _google_sheet_credentials_from_service_account_credentials( private_key_id: str, private_key: str, client_email: str, client_id: str): '''Returns the credentials for a service account The credentials have the scope set to ['https://spreadsheets.google.com/feeds'] https://gspread.readthedocs.io/en/latest/oauth2.html ''' import oauth2client from oauth2client.service_account import ServiceAccountCredentials from oauth2client import crypt # adapted from ServiceAccountCredentials._from_parsed_json_keyfile() service_account_email = client_email private_key_pkcs8_pem = private_key private_key_id = private_key_id client_id = client_id token_uri = oauth2client.GOOGLE_TOKEN_URI revoke_uri = oauth2client.GOOGLE_REVOKE_URI signer = crypt.Signer.from_string(private_key_pkcs8_pem) credentials = ServiceAccountCredentials(service_account_email, signer, scopes=SCOPES, private_key_id=private_key_id, client_id=client_id, token_uri=token_uri, revoke_uri=revoke_uri) credentials._private_key_pkcs8_pem = private_key_pkcs8_pem return credentials
def GetCredentials(self): return ServiceAccountCredentials( service_account_id=self._client_id, service_account_email=self._service_account_email, private_key_id=self._private_key_id, private_key_pkcs8_text=self._private_key_pkcs8_text, scopes=[DEFAULT_SCOPE])
def get_workbook(): scopes = [ 'https://spreadsheets.google.com/feeds', 'https://www.googleapis.com/auth/drive', ] signer = crypt.Signer.from_string(DEV_DASHBOARD_PRIVATE_KEY) credentials = ServiceAccountCredentials( service_account_email=DEV_DASHBOARD_CLIENT_EMAIL, signer=signer, scopes=scopes, ) try: gc = gspread.authorize(credentials) except HttpAccessTokenRefreshError: logger.error('Invalid credentials') return try: book = gc.open(DEV_DASHBOARD_WORKBOOK) except gspread.exceptions.SpreadsheetNotFound: logger.error(f'Could not find workbook named {DEV_DASHBOARD_WORKBOOK}') return return book
def __init__(self, service_email=None, private_key=None, user_email=None): """ Handles credentials and builds the google service. :param service_email: String :param private_key: Path :param user_email: String :raise ValueError: """ self._service_email = service_email or settings.GOOGLE_DRIVE_STORAGE_SERVICE_EMAIL self._key = private_key or settings.GOOGLE_DRIVE_STORAGE_KEY kwargs = {} if user_email or settings.GOOGLE_DRIVE_STORAGE_USER_EMAIL: self._user_email = kwargs[ 'sub'] = user_email or settings.GOOGLE_DRIVE_STORAGE_USER_EMAIL credentials = ServiceAccountCredentials( self._service_email, self._key, scope="https://www.googleapis.com/auth/drive", **kwargs) http = httplib2.Http() http = credentials.authorize(http) self._drive_service = build('drive', 'v2', http=http)
def test_create_delegated(self): signer = object() sub = '*****@*****.**' creds = ServiceAccountCredentials('*****@*****.**', signer) self.assertNotIn('sub', creds._kwargs) delegated_creds = creds.create_delegated(sub) self.assertEqual(delegated_creds._kwargs['sub'], sub) # Make sure the original is unchanged. self.assertNotIn('sub', creds._kwargs)
def get_gsheets_creds(): global _gsheets_creds scope = ['https://spreadsheets.google.com/feeds'] if not _gsheets_creds: _gsheets_creds = ServiceAccountCredentials( settings.GOOGLE_SHEETS_EMAIL, settings.GOOGLE_SHEETS_PRIVATE_KEY, scope) return _gsheets_creds
def test_create_scoped_required_with_scopes(self): signer = object() self.credentials = ServiceAccountCredentials( self.service_account_email, signer, scopes=self.scopes, private_key_id=self.private_key_id, client_id=self.client_id, ) self.assertFalse(self.credentials.create_scoped_required())
def api_service(endpoint, version): """ Builds service object to interface with the google api """ with open('data/' + SETTINGS['P12_KEY_FILE']) as f: private_key = f.read() creds = ServiceAccountCredentials(SETTINGS['GSERVEMAIL'], private_key, SETTINGS['SCOPE']) service = build(endpoint, version, http=creds.authorize(Http())) return service
def get_client(): scope = ['https://spreadsheets.google.com/feeds'] s = Signer.from_string( base64.b64decode(os.environ['GOOGLE_API_PRIVATE_KEY'])) credentials = ServiceAccountCredentials( os.environ['GOOGLE_API_CLIENT_EMAIL'], s, scope, ) return gspread.authorize(credentials)
def test_create_delegated_existing_sub(self): signer = object() sub1 = '*****@*****.**' sub2 = '*****@*****.**' creds = ServiceAccountCredentials('*****@*****.**', signer, sub=sub1) self.assertEqual(creds._kwargs['sub'], sub1) delegated_creds = creds.create_delegated(sub2) self.assertEqual(delegated_creds._kwargs['sub'], sub2) # Make sure the original is unchanged. self.assertEqual(creds._kwargs['sub'], sub1)
def GetCredentials(self): if OAUTH2CLIENT_V2: return ServiceAccountCredentials.from_json_keyfile_dict( self._json_key_dict, scopes=[DEFAULT_SCOPE], token_uri=self.token_uri) else: return ServiceAccountCredentials( service_account_id=self._client_id, service_account_email=self._service_account_email, private_key_id=self._private_key_id, private_key_pkcs8_text=self._private_key_pkcs8_text, scopes=[DEFAULT_SCOPE], token_uri=self.token_uri)
def test_p12_type_non_bytes_to_sign(self): from oauth2client.service_account import ServiceAccountCredentials ACCOUNT_NAME = 'dummy_service_account_name' PRIVATE_KEY_TEXT = b'dummy_private_key_text' STRING_TO_SIGN = u'dummy_signature' SIGNER = object() CREDENTIALS = ServiceAccountCredentials(ACCOUNT_NAME, SIGNER) CREDENTIALS._private_key_pkcs12 = PRIVATE_KEY_TEXT CREDENTIALS._private_key_password = '******' self._run_with_fake_crypto(CREDENTIALS, PRIVATE_KEY_TEXT, STRING_TO_SIGN)
def __init__(self, client_email, private_key, private_key_id, client_id): service_account_email = client_email private_key_pkcs8_pem = private_key private_key_id = private_key_id signer = crypt.Signer.from_string(private_key_pkcs8_pem) credentials = ServiceAccountCredentials(service_account_email, signer, scopes=SCOPES, private_key_id=private_key_id, client_id=client_id) credentials._private_key_pkcs8_pem = private_key_pkcs8_pem # Build the service object. self.service = build('calendar', 'v3', credentials=credentials)
def setUp(self): self.client_id = '123' self.service_account_email = '*****@*****.**' self.private_key_id = 'ABCDEF' self.private_key = datafile('pem_from_pkcs12.pem') self.scopes = ['dummy_scope'] self.signer = crypt.Signer.from_string(self.private_key) self.credentials = ServiceAccountCredentials( self.service_account_email, self.signer, private_key_id=self.private_key_id, client_id=self.client_id, )
def handle(self, *args, **options): def get_hour_fraction(timedelta_object): """ Convert seconds to hour fraction. i. e. 1 hour and 60 seconds are 1,016~ hours. """ print('--------') print(timedelta_object.days, timedelta_object.seconds) hours = timedelta_object.days * 24 seconds = timedelta_object.seconds fraction_of_hour = seconds / 3600.0 print(hours, fraction_of_hour) return hours + fraction_of_hour leaderboard = get_leaderboard() print(leaderboard) avg_time_first_mod_rev_all = get_hour_fraction( leaderboard['avg']['all_time']['review'][0]) avg_time_first_mod_rev_week = get_hour_fraction( leaderboard['avg']['seven_days']['review'][0]) avg_time_mod_res_all = get_hour_fraction( leaderboard['avg']['all_time']['resolution'][0]) avg_time_mod_res_week = get_hour_fraction( leaderboard['avg']['seven_days']['resolution'][0]) signer = crypt.Signer.from_string(GOOGLE_DOCS_API_PRIVATE_KEY) scope = ['https://spreadsheets.google.com/feeds'] creds = ServiceAccountCredentials( GOOGLE_DOCS_API_SERVICE_ACCOUNT_EMAIL, signer, scopes=scope, private_key_id=None, client_id=None, user_agent=None, token_uri='https://www.googleapis.com/oauth2/v4/token', revoke_uri='https://accounts.google.com/o/oauth2/revoke') client = gspread.authorize(creds) sheet = client.open('cv-mod-stats').sheet1 # The list of the values that stores the stats needed (should be in this order) timestamp = timezone.now().strftime('%Y-%m-%d') values = (timestamp, avg_time_first_mod_rev_week, avg_time_first_mod_rev_all, avg_time_mod_res_week, avg_time_mod_res_all) # Insert at index 2 (index 1 is the header) sheet.insert_row(values, 2)
def _make_credentials(self): private_key = datafile('privatekey.' + self.format_) signer = crypt.Signer.from_string(private_key) credentials = ServiceAccountCredentials( '*****@*****.**', signer, scopes='read+write', sub='*****@*****.**') if self.format_ == 'pem': credentials._private_key_pkcs8_pem = private_key elif self.format_ == 'p12': credentials._private_key_pkcs12 = private_key credentials._private_key_password = _PASSWORD_DEFAULT else: # pragma: NO COVER raise ValueError('Unexpected format.') return credentials
def test__to_json_override(self): signer = object() creds = ServiceAccountCredentials('*****@*****.**', signer) self.assertEqual(creds._signer, signer) # Serialize over-ridden data (unrelated to ``creds``). to_serialize = {'unrelated': 'data'} serialized_str = creds._to_json([], to_serialize.copy()) serialized_data = json.loads(serialized_str) expected_serialized = { '_class': 'ServiceAccountCredentials', '_module': 'oauth2client.service_account', 'token_expiry': None, } expected_serialized.update(to_serialize) self.assertEqual(serialized_data, expected_serialized)
def __authenticate(self): if self.verbose: print('Authenticating for Google Sheets') creds = self.__sheet_cfg['creds'] signer = Signer.from_string(creds['private_key']) scope = self.__sheet_cfg['scope'] return ServiceAccountCredentials( client_id=creds['client_id'], service_account_email=creds['client_email'], private_key_id=creds['private_key_id'], token_uri=creds['token_uri'], scopes=scope, signer=signer)
def GetCredentials(self): # TODO: Plumb through auth_uri and token_uri support, # which in turn means amending oauth2client to support them. if OAUTH2CLIENT_V2: return ServiceAccountCredentials.from_json_keyfile_dict( self._json_key_dict, scopes=[DEFAULT_SCOPE], token_uri=self.token_uri) else: return ServiceAccountCredentials( service_account_id=self._client_id, service_account_email=self._service_account_email, private_key_id=self._private_key_id, private_key_pkcs8_text=self._private_key_pkcs8_text, scopes=[DEFAULT_SCOPE], token_uri=self.token_uri)
def get_creds(): scopes = '' service_account_email = os.environ['goog_client_email'] private_key_pkcs8_pem = os.environ['goog_private_key'].replace(r"\n", "\n") private_key_id = os.environ['goog_private_key_id'] client_id = os.environ['goog_client_id'] token_uri = os.environ['goog_token_uri'] revoke_uri = GOOGLE_REVOKE_URI signer = crypt.Signer.from_string(private_key_pkcs8_pem) credentials = ServiceAccountCredentials(service_account_email, signer, scopes=scopes, private_key_id=private_key_id, client_id=client_id, token_uri=token_uri, revoke_uri=revoke_uri) credentials._private_key_pkcs8_pem = private_key_pkcs8_pem return credentials
def from_json(cls, s): try: data = json.loads(s) retval = ServiceAccountCredentials( service_account_id=data['_service_account_id'], service_account_email=data['_service_account_email'], private_key_id=data['_private_key_id'], private_key_pkcs8_text=data['_private_key_pkcs8_text'], scopes=[DEFAULT_SCOPE]) # TODO: Need to define user agent here, # but it is not known until runtime. retval.invalid = data['invalid'] retval.access_token = data['access_token'] if 'token_expiry' in data: retval.token_expiry = datetime.datetime.strptime( data['token_expiry'], EXPIRY_FORMAT) return retval except KeyError as e: raise Exception('Your JSON credentials are invalid; ' 'missing required entry %s.' % e[0])
def credentials_from_env(self, scopes): keyfile_dict = {} keyfile_dict["token_uri"] = get_env('SC_TOKEN_URI') keyfile_dict["auth_uri"] = get_env('SC_AUTH_URI') # TODO: clean this part tmp = get_env('SC_PRIVATE_KEY').replace("\n", "\\n") buff = '{"a": "' + tmp + '"}' buff = json.loads(buff) keyfile_dict["private_key"] = buff['a'] ####################### signer = crypt.Signer.from_string(keyfile_dict["private_key"]) credential = ServiceAccountCredentials( get_env('SC_CLIENT_EMAIL'), signer, scopes=scopes, private_key_id=get_env('SC_PRIVATE_KEY_ID'), client_id=get_env('SC_CLIENT_ID'), token_uri=keyfile_dict.get('token_uri', GOOGLE_TOKEN_URI), revoke_uri=keyfile_dict.get('revoke_uri', GOOGLE_REVOKE_URI), ) credential._private_key_pkcs8_pem = keyfile_dict['private_key'] return credential
def get_credentials(credential_file=None, credentials=None): if credential_file: return GoogleCredentials.from_stream(credential_file) if credentials and credentials["type"] == "service_account": return ServiceAccountCredentials( service_account_id=credentials["client_id"], service_account_email=credentials["client_email"], private_key_id=credentials["private_key_id"], private_key_pkcs8_text=credentials["private_key"], scopes=[]) if credentials and credentials["type"] == "authorized_user": return GoogleCredentials(access_token=None, client_id=credentials["client_id"], client_secret=credentials["client_secret"], refresh_token=credentials["refresh_token"], token_expiry=None, token_uri=GOOGLE_TOKEN_URI, user_agent="pghoard") return GoogleCredentials.get_application_default()
from __future__ import absolute_import import pickle import sys from oauth2client.service_account import ServiceAccountCredentials from oauth2_test import utils # Sanity check: It is easy to be confused about what environment you # are in; if this is not being done with oauth2client 4.0.0, complain. utils.expect_version('4.0.0') # Create a _ServiceAccountCredentials object. sac = ServiceAccountCredentials( service_account_email='*****@*****.**', signer=None, scopes=['SCOPE1', 'SCOPE2', 'SCOPE3'], private_key_id='private-key-id', user_agent='user-agent/1.0', ) # Write the pickle to disk. filename = '{target}/service-acct-4.0.0-py{py_major}{py_minor}.pickle'.format( py_major=sys.version_info[0], py_minor=sys.version_info[1], target=utils.target, ) with open(filename, 'wb') as f: f.write(pickle.dumps(sac))
def __init__(self, parsed_url): duplicity.backend.Backend.__init__(self, parsed_url) try: global pydrive import httplib2 from apiclient.discovery import build from pydrive.auth import GoogleAuth from pydrive.drive import GoogleDrive from pydrive.files import ApiRequestError, FileNotUploadedError except ImportError as e: raise BackendException(u"""\ PyDrive backend requires PyDrive installation. Please read the manpage for setup details. Exception: %s""" % str(e)) # let user get by with old client while he can try: from oauth2client.client import SignedJwtAssertionCredentials self.oldClient = True except: from oauth2client.service_account import ServiceAccountCredentials from oauth2client import crypt self.oldClient = False if u'GOOGLE_DRIVE_ACCOUNT_KEY' in os.environ: account_key = os.environ[u'GOOGLE_DRIVE_ACCOUNT_KEY'] if self.oldClient: credentials = SignedJwtAssertionCredentials( parsed_url.username + u'@' + parsed_url.hostname, account_key, scopes=u'https://www.googleapis.com/auth/drive') else: signer = crypt.Signer.from_string(account_key) credentials = ServiceAccountCredentials( parsed_url.username + u'@' + parsed_url.hostname, signer, scopes=u'https://www.googleapis.com/auth/drive') credentials.authorize(httplib2.Http()) gauth = GoogleAuth() gauth.credentials = credentials elif u'GOOGLE_DRIVE_SETTINGS' in os.environ: gauth = GoogleAuth( settings_file=os.environ[u'GOOGLE_DRIVE_SETTINGS']) gauth.CommandLineAuth() elif (u'GOOGLE_SECRETS_FILE' in os.environ and u'GOOGLE_CREDENTIALS_FILE' in os.environ): gauth = GoogleAuth() gauth.LoadClientConfigFile(os.environ[u'GOOGLE_SECRETS_FILE']) gauth.LoadCredentialsFile(os.environ[u'GOOGLE_CREDENTIALS_FILE']) if gauth.credentials is None: gauth.CommandLineAuth() elif gauth.access_token_expired: gauth.Refresh() else: gauth.Authorize() gauth.SaveCredentialsFile(os.environ[u'GOOGLE_CREDENTIALS_FILE']) else: raise BackendException( u'GOOGLE_DRIVE_ACCOUNT_KEY or GOOGLE_DRIVE_SETTINGS environment ' u'variable not set. Please read the manpage to fix.') self.drive = GoogleDrive(gauth) # Dirty way to find root folder id file_list = self.drive.ListFile({ u'q': u"'Root' in parents and trashed=false" }).GetList() if file_list: parent_folder_id = file_list[0][u'parents'][0][u'id'] else: file_in_root = self.drive.CreateFile({u'title': u'i_am_in_root'}) file_in_root.Upload() parent_folder_id = file_in_root[u'parents'][0][u'id'] file_in_root.Delete() # Fetch destination folder entry and create hierarchy if required. folder_names = parsed_url.path.split(u'/') for folder_name in folder_names: if not folder_name: continue file_list = self.drive.ListFile({ u'q': u"'" + parent_folder_id + u"' in parents and trashed=false" }).GetList() folder = next( (item for item in file_list if item[u'title'] == folder_name and item[u'mimeType'] == u'application/vnd.google-apps.folder'), None) if folder is None: folder = self.drive.CreateFile({ u'title': folder_name, u'mimeType': u"application/vnd.google-apps.folder", u'parents': [{ u'id': parent_folder_id }] }) folder.Upload() parent_folder_id = folder[u'id'] self.folder = parent_folder_id self.id_cache = {}
def test_access_token(self, utcnow): # Configure the patch. seconds = 11 NOW = datetime.datetime(1992, 12, 31, second=seconds) utcnow.return_value = NOW # Create a custom credentials with a mock signer. signer = mock.MagicMock() signed_value = b'signed-content' signer.sign = mock.MagicMock(name='sign', return_value=signed_value) credentials = ServiceAccountCredentials( self.service_account_email, signer, private_key_id=self.private_key_id, client_id=self.client_id, ) # Begin testing. lifetime = 2 # number of seconds in which the token expires EXPIRY_TIME = datetime.datetime(1992, 12, 31, second=seconds + lifetime) token1 = u'first_token' token_response_first = { 'access_token': token1, 'expires_in': lifetime, } token2 = u'second_token' token_response_second = { 'access_token': token2, 'expires_in': lifetime, } http = HttpMockSequence([ ({ 'status': '200' }, json.dumps(token_response_first).encode('utf-8')), ({ 'status': '200' }, json.dumps(token_response_second).encode('utf-8')), ]) # Get Access Token, First attempt. self.assertEqual(credentials.access_token, None) self.assertFalse(credentials.access_token_expired) self.assertEqual(credentials.token_expiry, None) token = credentials.get_access_token(http=http) self.assertEqual(credentials.token_expiry, EXPIRY_TIME) self.assertEqual(token1, token.access_token) self.assertEqual(lifetime, token.expires_in) self.assertEqual(token_response_first, credentials.token_response) # Two utcnow calls are expected: # - get_access_token() -> _do_refresh_request (setting expires in) # - get_access_token() -> _expires_in() expected_utcnow_calls = [mock.call()] * 2 self.assertEqual(expected_utcnow_calls, utcnow.mock_calls) # One call to sign() expected: Actual refresh was needed. self.assertEqual(len(signer.sign.mock_calls), 1) # Get Access Token, Second Attempt (not expired) self.assertEqual(credentials.access_token, token1) self.assertFalse(credentials.access_token_expired) token = credentials.get_access_token(http=http) # Make sure no refresh occurred since the token was not expired. self.assertEqual(token1, token.access_token) self.assertEqual(lifetime, token.expires_in) self.assertEqual(token_response_first, credentials.token_response) # Three more utcnow calls are expected: # - access_token_expired # - get_access_token() -> access_token_expired # - get_access_token -> _expires_in expected_utcnow_calls = [mock.call()] * (2 + 3) self.assertEqual(expected_utcnow_calls, utcnow.mock_calls) # No call to sign() expected: the token was not expired. self.assertEqual(len(signer.sign.mock_calls), 1 + 0) # Get Access Token, Third Attempt (force expiration) self.assertEqual(credentials.access_token, token1) credentials.token_expiry = NOW # Manually force expiry. self.assertTrue(credentials.access_token_expired) token = credentials.get_access_token(http=http) # Make sure refresh occurred since the token was not expired. self.assertEqual(token2, token.access_token) self.assertEqual(lifetime, token.expires_in) self.assertFalse(credentials.access_token_expired) self.assertEqual(token_response_second, credentials.token_response) # Five more utcnow calls are expected: # - access_token_expired # - get_access_token -> access_token_expired # - get_access_token -> _do_refresh_request # - get_access_token -> _expires_in # - access_token_expired expected_utcnow_calls = [mock.call()] * (2 + 3 + 5) self.assertEqual(expected_utcnow_calls, utcnow.mock_calls) # One more call to sign() expected: Actual refresh was needed. self.assertEqual(len(signer.sign.mock_calls), 1 + 0 + 1) self.assertEqual(credentials.access_token, token2)
import pandas as pd import gspread as gs import gspread_dataframe as gd from oauth2client.service_account import ServiceAccountCredentials scope = ['https://docs.google.com', 'https://googleapis.com/auth/drive'] credentials = ServiceAccountCredentials('/home/userbmc/aps_bmc_screening.json', scope) gc = gs.authorize(credentials) sheet = gc.open("Screening Results").sheet1
#!/usr/bin/env python3 # -*- coding: utf-8 -*- """ Created on Mon Feb 18 11:20:58 2019 @author: r.mishra """ import json import gspread from oauth2client.service_account import ServiceAccountCredentials json_key = json.load( open('SheetAccess.json')) # json credentials you downloaded earlier scope = ['https://spreadsheets.google.com/feeds'] credentials = ServiceAccountCredentials(json_key['client_email'], json_key['private_key'].encode(), scope) # get email and key from creds file = gspread.authorize(credentials) # authenticate with Google sheet = file.open("Copy of pacing calender").Math # open sheet ##pip install google-api-python-client google-auth-httplib2 google-auth-oauthlib