def _from_p12_keyfile_helper(self, private_key_password=None, scopes='', token_uri=None, revoke_uri=None): service_account_email = '*****@*****.**' filename = data_filename('privatekey.p12') with open(filename, 'rb') as file_obj: key_contents = file_obj.read() creds_from_filename = ServiceAccountCredentials.from_p12_keyfile( service_account_email, filename, private_key_password=private_key_password, scopes=scopes, token_uri=token_uri, revoke_uri=revoke_uri) creds_from_file_contents = ( ServiceAccountCredentials.from_p12_keyfile_buffer( service_account_email, BytesIO(key_contents), private_key_password=private_key_password, scopes=scopes, token_uri=token_uri, revoke_uri=revoke_uri)) for creds in (creds_from_filename, creds_from_file_contents): self.assertIsInstance(creds, ServiceAccountCredentials) self.assertIsNone(creds.client_id) self.assertEqual(creds._service_account_email, service_account_email) self.assertIsNone(creds._private_key_id) self.assertIsNone(creds._private_key_pkcs8_pem) self.assertEqual(creds._private_key_pkcs12, key_contents) if private_key_password is not None: self.assertEqual(creds._private_key_password, private_key_password) self.assertEqual(creds._scopes, ' '.join(scopes)) self.assertEqual(creds.token_uri, token_uri) self.assertEqual(creds.revoke_uri, revoke_uri)
def get_trade_in_value(serial_number): if not (settings.GOOGLE_OAUTH2_CLIENT_EMAIL and settings.GOOGLE_OAUTH2_PRIVATE_KEY and settings.GOOGLE_SPREADSHEET_ID): return try: buffer = io.StringIO( settings.GOOGLE_OAUTH2_PRIVATE_KEY.replace('\\n', '\n')) credentials = ServiceAccountCredentials.from_p12_keyfile_buffer( service_account_email=settings.GOOGLE_OAUTH2_CLIENT_EMAIL, file_buffer=buffer, scopes=['https://spreadsheets.google.com/feeds']) gc = gspread.authorize(credentials) ws = gc.open_by_key(settings.GOOGLE_SPREADSHEET_ID).sheet1 camera = ws.find(serial_number) cell_start = ws.find('Serial Number') dates = ws.row_values(cell_start.row) today = now().date() x = None for col in range(ws.col_count, 0, -1): try: if today <= datetime.datetime.strptime(dates[col - 1], '%m/%d/%Y').date(): x = col except: pass return ws.cell(camera.row, x).value or None except: return
def _GetOauth2ServiceAccountCredentials(): """Retrieves OAuth2 service account credentials for a private key file.""" if not _HasOauth2ServiceAccountCreds(): return provider_token_uri = _GetProviderTokenUri() service_client_id = config.get('Credentials', 'gs_service_client_id', '') private_key_filename = config.get('Credentials', 'gs_service_key_file', '') with io.open(private_key_filename, 'rb') as private_key_file: private_key = private_key_file.read() keyfile_is_utf8 = False try: private_key = private_key.decode(UTF8) # P12 keys won't be encoded as UTF8 bytes. keyfile_is_utf8 = True except UnicodeDecodeError: pass if keyfile_is_utf8: try: json_key_dict = json.loads(private_key) except ValueError: raise Exception('Could not parse JSON keyfile "%s" as valid JSON' % private_key_filename) # Key file is in JSON format. for json_entry in ('client_id', 'client_email', 'private_key_id', 'private_key'): if json_entry not in json_key_dict: raise Exception('The JSON private key file at %s ' 'did not contain the required entry: %s' % (private_key_filename, json_entry)) return ServiceAccountCredentials.from_json_keyfile_dict( json_key_dict, scopes=DEFAULT_SCOPES, token_uri=provider_token_uri) else: # Key file is in P12 format. if HAS_CRYPTO: if not service_client_id: raise Exception( 'gs_service_client_id must be set if ' 'gs_service_key_file is set to a .p12 key file') key_file_pass = config.get('Credentials', 'gs_service_key_file_password', GOOGLE_OAUTH2_DEFAULT_FILE_PASSWORD) # We use _from_p12_keyfile_contents to avoid reading the key file # again unnecessarily. try: return ServiceAccountCredentials.from_p12_keyfile_buffer( service_client_id, BytesIO(private_key), private_key_password=key_file_pass, scopes=DEFAULT_SCOPES, token_uri=provider_token_uri) except Exception as e: raise Exception( 'OpenSSL unable to parse PKCS 12 key {}.' 'Please verify key integrity. Error message:\n{}'.format( private_key_filename, str(e)))
def _GetOauth2ServiceAccountCredentials(): """Retrieves OAuth2 service account credentials for a private key file.""" if not _HasOauth2ServiceAccountCreds(): return provider_token_uri = _GetProviderTokenUri() service_client_id = config.get('Credentials', 'gs_service_client_id', '') private_key_filename = config.get('Credentials', 'gs_service_key_file', '') with io.open(private_key_filename, 'rb') as private_key_file: private_key = private_key_file.read() keyfile_is_utf8 = False try: private_key = private_key.decode(UTF8) # P12 keys won't be encoded as UTF8 bytes. keyfile_is_utf8 = True except UnicodeDecodeError: pass if keyfile_is_utf8: try: json_key_dict = json.loads(private_key) except ValueError: raise Exception('Could not parse JSON keyfile "%s" as valid JSON' % private_key_filename) # Key file is in JSON format. for json_entry in ('client_id', 'client_email', 'private_key_id', 'private_key'): if json_entry not in json_key_dict: raise Exception('The JSON private key file at %s ' 'did not contain the required entry: %s' % (private_key_filename, json_entry)) return ServiceAccountCredentials.from_json_keyfile_dict( json_key_dict, scopes=DEFAULT_SCOPES, token_uri=provider_token_uri) else: # Key file is in P12 format. if HAS_CRYPTO: if not service_client_id: raise Exception('gs_service_client_id must be set if ' 'gs_service_key_file is set to a .p12 key file') key_file_pass = config.get('Credentials', 'gs_service_key_file_password', GOOGLE_OAUTH2_DEFAULT_FILE_PASSWORD) # We use _from_p12_keyfile_contents to avoid reading the key file # again unnecessarily. try: return ServiceAccountCredentials.from_p12_keyfile_buffer( service_client_id, BytesIO(private_key), private_key_password=key_file_pass, scopes=DEFAULT_SCOPES, token_uri=provider_token_uri) except Exception as e: raise Exception( 'OpenSSL unable to parse PKCS 12 key {}.' 'Please verify key integrity. Error message:\n{}'.format( private_key_filename, str(e)))
def _gce_conn(cred, key=None): service_account_name = cryptotool.decrypt_scalr(app.crypto_key, cred["service_account_name"]) if key is None: key = _gce_key(cred) credentials = ServiceAccountCredentials.from_p12_keyfile_buffer( service_account_name, StringIO.StringIO(key), scopes=["https://www.googleapis.com/auth/compute"] ) http = httplib2.Http() http = credentials.authorize(http) return build("compute", "v1", http=http), http
def get_credentials(file_buffer): scopes = [ 'https://www.googleapis.com/auth/spreadsheets', ] credentials = ServiceAccountCredentials.from_p12_keyfile_buffer( service_account_email='*****@*****.**', file_buffer=file_buffer, private_key_password='******', scopes=scopes, ) return credentials
def get_reviews_service(): """Create new instance of google play API service.""" scope = 'https://www.googleapis.com/auth/androidpublisher' credentials = get_credentials() service_credentials = ServiceAccountCredentials.from_p12_keyfile_buffer( credentials['account'], credentials['key'], scopes=scope) http = httplib2.Http() http = service_credentials.authorize(http) service = build('androidpublisher', 'v3', http=http, cache_discovery=False) return service.reviews()
def _gce_conn(cred, key=None): service_account_name = cryptotool.decrypt_scalr( app.crypto_key, cred['service_account_name']) if key is None: key = _gce_key(cred) credentials = ServiceAccountCredentials.from_p12_keyfile_buffer( service_account_name, StringIO.StringIO(key), scopes=['https://www.googleapis.com/auth/compute']) http = httplib2.Http() http = credentials.authorize(http) return build('compute', 'v1', http=http), http
def GetCredentials(self): if HAS_CRYPTO: if OAUTH2CLIENT_V2: # pylint: disable=protected-access return ServiceAccountCredentials.from_p12_keyfile_buffer( self._client_id, BytesIO(self._private_key), private_key_password=self._password, scopes=DEFAULT_SCOPE, token_uri=self.token_uri) # pylint: enable=protected-access else: return SignedJwtAssertionCredentials( self._client_id, self._private_key, scope=DEFAULT_SCOPE, private_key_password=self._password, token_uri=self.token_uri) else: raise MissingDependencyError( 'Service account authentication requires PyOpenSSL. Please install ' 'this library and try again.')
def get_client(): """Return client with connection to build apiary.""" # Connect using build apiary service account credentials. build_apiary_service_account_email = db_config.get_value( 'build_apiary_service_account_email') build_apiary_service_account_private_key = db_config.get_value( 'build_apiary_service_account_private_key') credentials = ServiceAccountCredentials.from_p12_keyfile_buffer( build_apiary_service_account_email, StringIO.StringIO(build_apiary_service_account_private_key), scopes='https://www.googleapis.com/auth/androidbuild.internal') client = apiclient.discovery.build('androidbuildinternal', 'v2beta1', credentials=credentials, cache_discovery=False) return client
def _GetOauth2ServiceAccountCredentials(): """Retrieves OAuth2 service account credentials for a private key file.""" if not _HasOauth2ServiceAccountCreds(): return provider_token_uri = _GetProviderTokenUri() service_client_id = config.get('Credentials', 'gs_service_client_id', '') private_key_filename = config.get('Credentials', 'gs_service_key_file', '') private_key = None with open(private_key_filename, 'rb') as private_key_file: private_key = private_key_file.read() json_key_dict = None try: json_key_dict = json.loads(private_key) except ValueError: pass if json_key_dict: # Key file is in JSON format. for json_entry in ('client_id', 'client_email', 'private_key_id', 'private_key'): if json_entry not in json_key_dict: raise Exception('The JSON private key file at %s ' 'did not contain the required entry: %s' % (private_key_filename, json_entry)) return ServiceAccountCredentials.from_json_keyfile_dict( json_key_dict, scopes=DEFAULT_SCOPES, token_uri=provider_token_uri) else: # Key file is in P12 format. if HAS_CRYPTO: if not service_client_id: raise Exception( 'gs_service_client_id must be set if ' 'gs_service_key_file is set to a .p12 key file') key_file_pass = config.get('Credentials', 'gs_service_key_file_password', GOOGLE_OAUTH2_DEFAULT_FILE_PASSWORD) # We use _from_p12_keyfile_contents to avoid reading the key file # again unnecessarily. return ServiceAccountCredentials.from_p12_keyfile_buffer( service_client_id, BytesIO(private_key), private_key_password=key_file_pass, scopes=DEFAULT_SCOPES, token_uri=provider_token_uri)
def _GetOauth2ServiceAccountCredentials(): """Retrieves OAuth2 service account credentials for a private key file.""" if not _HasOauth2ServiceAccountCreds(): return provider_token_uri = _GetProviderTokenUri() service_client_id = config.get('Credentials', 'gs_service_client_id', '') private_key_filename = config.get('Credentials', 'gs_service_key_file', '') private_key = None with open(private_key_filename, 'rb') as private_key_file: private_key = private_key_file.read() json_key_dict = None try: json_key_dict = json.loads(private_key) except ValueError: pass if json_key_dict: # Key file is in JSON format. for json_entry in ('client_id', 'client_email', 'private_key_id', 'private_key'): if json_entry not in json_key_dict: raise Exception('The JSON private key file at %s ' 'did not contain the required entry: %s' % (private_key_filename, json_entry)) return ServiceAccountCredentials.from_json_keyfile_dict( json_key_dict, scopes=DEFAULT_SCOPES, token_uri=provider_token_uri) else: # Key file is in P12 format. if HAS_CRYPTO: if not service_client_id: raise Exception('gs_service_client_id must be set if ' 'gs_service_key_file is set to a .p12 key file') key_file_pass = config.get( 'Credentials', 'gs_service_key_file_password', GOOGLE_OAUTH2_DEFAULT_FILE_PASSWORD) # We use _from_p12_keyfile_contents to avoid reading the key file # again unnecessarily. return ServiceAccountCredentials.from_p12_keyfile_buffer( service_client_id, BytesIO(private_key), private_key_password=key_file_pass, scopes=DEFAULT_SCOPES, token_uri=provider_token_uri)
def authorize_account(): # setup variables for reading SCOPE = ["https://spreadsheets.google.com/feeds"] SECRETS_FILE = "forms/secretKey.json" SPREADSHEET = "Responses" # Based on docs here - http://gspread.readthedocs.org/en/latest/oauth2.html # Load in the secret JSON key (must be a service account) json_key = json.load(open(SECRETS_FILE)) # Authenticate using the signed key credentials = ServiceAccountCredentials.from_p12_keyfile_buffer( json_key['client_email'], StringIO.StringIO(json_key['private_key']), scopes='https://www.googleapis.com/auth/drive') http = credentials.authorize(httplib2.Http()) drive = discovery.build("drive", "v2", http=http) # Client instance our_client = gspread.authorize(credentials) # our_client.login() return our_client
def test_from_p12_keyfile_buffer(self): service_account_email = '*****@*****.**' filename = data_filename('privatekey.p12') private_key_password = '******' scopes = ['foo', 'bar'] with open(filename, 'rb') as file_obj: key_contents = file_obj.read() # Seek back to the beginning so the buffer can be # passed to the constructor. file_obj.seek(0) creds = ServiceAccountCredentials.from_p12_keyfile_buffer( service_account_email, file_obj, private_key_password=private_key_password, scopes=scopes) # Check the created object. self.assertIsInstance(creds, ServiceAccountCredentials) self.assertIsNone(creds.client_id) self.assertEqual(creds._service_account_email, service_account_email) self.assertIsNone(creds._private_key_id) self.assertIsNone(creds._private_key_pkcs8_pem) self.assertEqual(creds._private_key_pkcs12, key_contents) self.assertEqual(creds._private_key_password, private_key_password) self.assertEqual(creds._scopes, ' '.join(scopes))
def get_client(): """Return client with connection to build apiary.""" # Connect using build apiary service account credentials. build_apiary_service_account_email = db_config.get_value( 'build_apiary_service_account_email') build_apiary_service_account_private_key = db_config.get_value( 'build_apiary_service_account_private_key') if (not build_apiary_service_account_email or not build_apiary_service_account_private_key): logs.log( 'Android build apiary credentials are not set, skip artifact fetch.' ) return None credentials = ServiceAccountCredentials.from_p12_keyfile_buffer( build_apiary_service_account_email, io.BytesIO(build_apiary_service_account_private_key), scopes='https://www.googleapis.com/auth/androidbuild.internal') client = apiclient.discovery.build('androidbuildinternal', 'v2beta1', credentials=credentials, cache_discovery=False) return client
def gce_credentials_from_config(gce_credentials_config=None): """ This function creates a proper GCE credentials object either from a passed in configuration blob or, if this code is being run on a GCE instance, from the default service account credentials associated with the VM. :param dict gce_credentials_config: A credentials dict used to authenticate against GCE. This should have the same content as the JSON blob you download when you create a new key for a service account. If this is ``None``, then the instances implicit credentials will be used. :returns: A GCE credentials object for use with the GCE API. """ if gce_credentials_config is not None: credentials = ServiceAccountCredentials.from_p12_keyfile_buffer( service_account_email=gce_credentials_config['client_email'], file_buffer=BytesIO(gce_credentials_config['private_key']), scopes=[ u"https://www.googleapis.com/auth/compute", ] ) else: credentials = GoogleCredentials.get_application_default() return credentials
def _get_credentials(): """ Method to retrieve credentials with a lot of possible ways. First, it tries to get credentials with the three ansible/libcloud ways: * With the secrets.py file which should be in $PYTHONPATH * With the GCE_INI_PATH * With the environment variables If none present, it tries the default OAuth client one :return: credentials """ gce_ini_default_path = os.path.join( os.path.dirname(os.path.realpath(__file__)), "gce.ini") gce_ini_path = os.environ.get('GCE_INI_PATH', gce_ini_default_path) # We don't get the libcloud_secret parameter since it has been deprecated config = ConfigParser.SafeConfigParser( defaults={ 'gce_service_account_email_address': '', 'gce_service_account_pem_file_path': '', }) if 'gce' not in config.sections(): config.add_section('gce') # It's safe even if the gce.ini file does not exist config.read(gce_ini_path) try: import secrets args = list(getattr(secrets, 'GCE_PARAMS', [])) gce_service_account_email_address = args[0] gce_service_account_pem_file_path = args[1] except ImportError: gce_service_account_email_address = config.get( 'gce', 'gce_service_account_email_address') gce_service_account_pem_file_path = config.get( 'gce', 'gce_service_account_pem_file_path') # If the environment variables are set, they override gce_service_account_email_address = os.environ.get( 'GCE_EMAIL', gce_service_account_email_address) gce_service_account_pem_file_path = os.environ.get( 'GCE_PEM_FILE_PATH', gce_service_account_pem_file_path) # If the email and the pem_file are empty, let use the Google OAuth default behavior if gce_service_account_email_address == '' or gce_service_account_pem_file_path == '': log.info( 'Using default behavior of the oauth client lib to get credentials' ) return GoogleCredentials.get_application_default() # check if the GCE_PEM_FILE_PATH is directly the key # see: https://github.com/apache/libcloud/blob/trunk/libcloud/common/google.py#L471 log.info('Using the libcloud way to get credentials') stream = StringIO() if gce_service_account_pem_file_path.find('PRIVATE KEY---') != -1: stream.write(gce_service_account_pem_file_path) else: key_path = os.path.expanduser(gce_service_account_pem_file_path) is_file_path = os.path.exists(key_path) and os.path.isfile( key_path) if not is_file_path: raise ValueError("Missing (or not readable) key " "file: '%s'" % gce_service_account_pem_file_path) with open(key_path, 'r') as f: contents = f.read() try: key = json.loads(contents) key = key['private_key'] except ValueError: key = contents stream.write(key) # Reset the buffer position stream.seek(0) return ServiceAccountCredentials.from_p12_keyfile_buffer( gce_service_account_email_address, stream)