def make_credentials(self, lifetime=LIFETIME):
return Credentials(
source_credentials=self.SOURCE_CREDENTIALS,
target_principal=self.TARGET_PRINCIPAL,
target_scopes=self.TARGET_SCOPES,
delegates=self.DELEGATES,
lifetime=lifetime)
def generate_jwt_token_from_impersonated_account(service_account_info: Dict[str, str], audiences: str,
issuer: str) -> Tuple[str, int]:
"""
Using a dictionary containing the information from a Google Cloud service account credentials file, this function
impersonates the Company Information API master user service account and signs a JSON Web Token (JWT) used to
authenticate the client when accessing the service.
:param service_account_info: A dictionary containing all the information found in a Google Cloud service account
credentials JSON file.
:type service_account_info: Dict[str, str]
:param audiences: The intended recipient of the JWT. Found in the Google Endpoint specification. For example,
for the company information API, the recipient is 'company-information.api.willowlabs.ai'
:type audiences: str
:param issuer: The email address of the impersonated API master user service account.
:type issuer: str
:param jwt_lifetime: The length of time, in seconds, for which the created JWT is valid.
:type jwt_lifetime: int
:return: A tuple containing the JWT and a POSIX/Unix epoch-style timestamp indicating when the JWT expires.
:rtype: Tuple[str, int]
"""
credentials = Credentials.from_service_account_info(service_account_info,
scopes=["https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/iam"])
if not credentials.valid:
credentials.refresh(Request())
impersonated_credentials = ImpersonatedCredentials(source_credentials=credentials, target_principal=issuer,
target_scopes=["https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/iam"])
if not impersonated_credentials.valid:
impersonated_credentials.refresh(Request())
signer = Signer(Request(), impersonated_credentials, impersonated_credentials.service_account_email)
now = int(time.time())
expires = now + MAX_TOKEN_LIFETIME_SECS
payload = {
'iat': now,
'exp': expires,
'aud': audiences,
'iss': issuer
}
return google.auth.jwt.encode(signer, payload).decode("utf-8"), expires
def make_credentials(
self,
source_credentials=SOURCE_CREDENTIALS,
lifetime=LIFETIME,
target_principal=TARGET_PRINCIPAL,
iam_endpoint_override=None,
):
return Credentials(
source_credentials=source_credentials,
target_principal=target_principal,
target_scopes=self.TARGET_SCOPES,
delegates=self.DELEGATES,
lifetime=lifetime,
iam_endpoint_override=iam_endpoint_override,
)