def test_impersonate_service_account_sets_target_scopes(
self, mock_credentials):
target_scopes = ['https://www.googleapis.com/auth/devstorage.read_only']
cloud_auth.impersonate_service_account(self.service_account_name,
target_scopes)
default_credentials, _ = self.mock_auth_default.return_value
mock_credentials.assert_called_once_with(
source_credentials=default_credentials,
target_principal=self.service_account_name,
target_scopes=target_scopes)
def __init__(self,
project_id: str,
service_account_name: Optional[str] = None,
service_account_key_file: Optional[str] = None) -> None:
"""Initialize new instance of BigQueryUtils.
Args:
project_id: GCP project id.
service_account_name: The service account name.
service_account_key_file: File containing service account key. If both
service_account_name and service_account_key_file are not passed the
default credential will be used.There are following ways to create
service accounts - 1) Use `build_service_client` method from
`cloud_auth` module. 2) Use `gcloud` command line utility as documented
here -
https://cloud.google.com/iam/docs/creating-managing-service-account-keys
"""
if service_account_name:
credentials = cloud_auth.impersonate_service_account(
service_account_name)
elif service_account_key_file:
credentials = cloud_auth.get_credentials(service_account_key_file)
else:
logging.info(
'Neither Service account key file nor service account '
'name was provided, so using default credentials.')
credentials = cloud_auth.get_default_credentials()
self.project_id = project_id
self.client = bigquery.Client(project=project_id,
credentials=credentials)
def test_impersonate_service_account(self):
mock_credentials = mock.Mock(spec=service_account.Credentials)
self.mock_auth_default.return_value = (mock_credentials, self.project_id)
credentials = cloud_auth.impersonate_service_account(
self.service_account_name)
self.assertIsNotNone(credentials)
self.assertIsInstance(credentials, impersonated_credentials.Credentials)
self.mock_auth_default.assert_called_once()
def __init__(self,
project_id: str,
service_account_info: Mapping[str, str] = None,
service_account_name: Optional[str] = None,
service_account_key_file: Optional[str] = None) -> None:
"""Initialize new instance of CloudStorageUtils.
Args:
project_id: GCP project id.
service_account_info: Mapping containing the service account info, such
as the example below:
{
'type': 'service_account',
'project_id': '[PROJECT_ID]',
'private_key_id': '[PRIVATE_KEY_ID]',
'private_key': '[PRIVATE_KEY]',
'client_email': '[CLIENT_EMAIL]',
'client_id': '[CLIENT_ID]',
'auth_uri': 'https://accounts.google.com/o/oauth2/auth',
'token_uri': 'https://accounts.google.com/o/oauth2/token',
'auth_provider_x509_cert_url':
'https://www.googleapis.com/oauth2/v1/certs',
'client_x509_cert_url': '[CERTIFICATE_URL]'
}
service_account_name: The service account name.
service_account_key_file: File containing service account key.
"""
if service_account_name:
credentials = cloud_auth.impersonate_service_account(
service_account_name)
elif service_account_key_file:
credentials = cloud_auth.get_credentials(service_account_key_file)
elif service_account_info:
credentials = cloud_auth.get_credentials_from_info(
service_account_info)
else:
logging.info(
'Neither Service account key file nor service account '
'name was provided, so using default credentials.')
credentials = cloud_auth.get_default_credentials()
self.client = storage.Client(project=project_id,
credentials=credentials)