def __init__(self):
self._service_account_data = _TEST_CONFIG['auth_data'][
'service_account']
self._project = _TEST_CONFIG['property_overrides'].get('project', None)
self._orig_account = None
self._credentials = auth_service_account.CredentialsFromAdcDict(
self._service_account_data)
def Run(self, args):
"""Create service account credentials."""
file_content, is_json = _IsJsonFile(args.key_file)
if is_json:
if _UseGoogleAuth():
cred = auth_service_account.CredentialsFromAdcDictGoogleAuth(
file_content)
else:
# TODO(b/161992086): Remove the flow of activating via oauth2client once
# this legacy auth lib is deprecated. Leave this option for now so that
# the users are able to fall back to the old flow of if any issues
# related to google-auth comes up. The users can do this by setting
# property auth/disable_activate_service_account_google_auth to True.
cred = auth_service_account.CredentialsFromAdcDict(
file_content)
if args.password_file or args.prompt_for_password:
raise c_exc.InvalidArgumentException(
'--password-file',
'A .json service account key does not require a password.')
account = cred.service_account_email
if args.account and args.account != account:
raise c_exc.InvalidArgumentException(
'ACCOUNT',
'The given account name does not match the account name in the key '
'file. This argument can be omitted when using .json keys.'
)
else:
account = args.account
if not account:
raise c_exc.RequiredArgumentException(
'ACCOUNT', 'An account is required when using .p12 keys')
password = None
if args.password_file:
try:
password = files.ReadFileContents(
args.password_file).strip()
except files.Error as e:
raise c_exc.UnknownArgumentException('--password-file', e)
elif args.prompt_for_password:
password = console_io.PromptPassword('Password: '******'Activated service account credentials for: [{0}]'.format(account))
def Run(self, args):
"""Create service account credentials."""
file_content, is_json = _IsJsonFile(args.key_file)
if is_json:
cred = auth_service_account.CredentialsFromAdcDict(file_content)
if args.password_file or args.prompt_for_password:
raise c_exc.InvalidArgumentException(
'--password-file',
'A .json service account key does not require a password.')
account = cred.service_account_email
if args.account and args.account != account:
raise c_exc.InvalidArgumentException(
'ACCOUNT',
'The given account name does not match the account name in the key '
'file. This argument can be omitted when using .json keys.')
else:
account = args.account
if not account:
raise c_exc.RequiredArgumentException(
'ACCOUNT', 'An account is required when using .p12 keys')
password = None
if args.password_file:
try:
with open(args.password_file) as f:
password = f.read().strip()
except IOError as e:
raise c_exc.UnknownArgumentException('--password-file', e)
elif args.prompt_for_password:
password = getpass.getpass('Password: '******'Failed to activate the given service account. '
'Please ensure provided key file is valid.')
project = args.project
if project:
properties.PersistProperty(properties.VALUES.core.project, project)
log.status.Print('Activated service account credentials for: [{0}]'
.format(account))