def _from_p12_keyfile_helper(self, private_key_password=None, scopes='',
                              token_uri=None, revoke_uri=None):
     service_account_email = '*****@*****.**'
     filename = data_filename('privatekey.p12')
     with open(filename, 'rb') as file_obj:
         key_contents = file_obj.read()
     creds_from_filename = ServiceAccountCredentials.from_p12_keyfile(
         service_account_email, filename,
         private_key_password=private_key_password,
         scopes=scopes, token_uri=token_uri, revoke_uri=revoke_uri)
     creds_from_file_contents = (
         ServiceAccountCredentials.from_p12_keyfile_buffer(
             service_account_email, BytesIO(key_contents),
             private_key_password=private_key_password,
             scopes=scopes, token_uri=token_uri, revoke_uri=revoke_uri))
     for creds in (creds_from_filename, creds_from_file_contents):
         self.assertIsInstance(creds, ServiceAccountCredentials)
         self.assertIsNone(creds.client_id)
         self.assertEqual(creds._service_account_email, service_account_email)
         self.assertIsNone(creds._private_key_id)
         self.assertIsNone(creds._private_key_pkcs8_pem)
         self.assertEqual(creds._private_key_pkcs12, key_contents)
         if private_key_password is not None:
             self.assertEqual(creds._private_key_password, private_key_password)
         self.assertEqual(creds._scopes, ' '.join(scopes))
         self.assertEqual(creds.token_uri, token_uri)
         self.assertEqual(creds.revoke_uri, revoke_uri)
예제 #2
0
 def _from_p12_keyfile_helper(self, private_key_password=None, scopes='',
                              token_uri=None, revoke_uri=None):
     service_account_email = '*****@*****.**'
     filename = data_filename('privatekey.p12')
     with open(filename, 'rb') as file_obj:
         key_contents = file_obj.read()
     creds_from_filename = ServiceAccountCredentials.from_p12_keyfile(
         service_account_email, filename,
         private_key_password=private_key_password,
         scopes=scopes, token_uri=token_uri, revoke_uri=revoke_uri)
     creds_from_file_contents = (
         ServiceAccountCredentials.from_p12_keyfile_buffer(
             service_account_email, BytesIO(key_contents),
             private_key_password=private_key_password,
             scopes=scopes, token_uri=token_uri, revoke_uri=revoke_uri))
     for creds in (creds_from_filename, creds_from_file_contents):
         self.assertIsInstance(creds, ServiceAccountCredentials)
         self.assertIsNone(creds.client_id)
         self.assertEqual(creds._service_account_email, service_account_email)
         self.assertIsNone(creds._private_key_id)
         self.assertIsNone(creds._private_key_pkcs8_pem)
         self.assertEqual(creds._private_key_pkcs12, key_contents)
         if private_key_password is not None:
             self.assertEqual(creds._private_key_password, private_key_password)
         self.assertEqual(creds._scopes, ' '.join(scopes))
         self.assertEqual(creds.token_uri, token_uri)
         self.assertEqual(creds.revoke_uri, revoke_uri)
예제 #3
0
파일: utils.py 프로젝트: ivansons/mp_cms
def get_trade_in_value(serial_number):
    if not (settings.GOOGLE_OAUTH2_CLIENT_EMAIL
            and settings.GOOGLE_OAUTH2_PRIVATE_KEY
            and settings.GOOGLE_SPREADSHEET_ID):
        return

    try:
        buffer = io.StringIO(
            settings.GOOGLE_OAUTH2_PRIVATE_KEY.replace('\\n', '\n'))
        credentials = ServiceAccountCredentials.from_p12_keyfile_buffer(
            service_account_email=settings.GOOGLE_OAUTH2_CLIENT_EMAIL,
            file_buffer=buffer,
            scopes=['https://spreadsheets.google.com/feeds'])
        gc = gspread.authorize(credentials)
        ws = gc.open_by_key(settings.GOOGLE_SPREADSHEET_ID).sheet1
        camera = ws.find(serial_number)
        cell_start = ws.find('Serial Number')
        dates = ws.row_values(cell_start.row)
        today = now().date()
        x = None
        for col in range(ws.col_count, 0, -1):
            try:
                if today <= datetime.datetime.strptime(dates[col - 1],
                                                       '%m/%d/%Y').date():
                    x = col
            except:
                pass
        return ws.cell(camera.row, x).value or None
    except:
        return
예제 #4
0
def _GetOauth2ServiceAccountCredentials():
    """Retrieves OAuth2 service account credentials for a private key file."""
    if not _HasOauth2ServiceAccountCreds():
        return

    provider_token_uri = _GetProviderTokenUri()
    service_client_id = config.get('Credentials', 'gs_service_client_id', '')
    private_key_filename = config.get('Credentials', 'gs_service_key_file', '')

    with io.open(private_key_filename, 'rb') as private_key_file:
        private_key = private_key_file.read()

    keyfile_is_utf8 = False
    try:
        private_key = private_key.decode(UTF8)
        # P12 keys won't be encoded as UTF8 bytes.
        keyfile_is_utf8 = True
    except UnicodeDecodeError:
        pass

    if keyfile_is_utf8:
        try:
            json_key_dict = json.loads(private_key)
        except ValueError:
            raise Exception('Could not parse JSON keyfile "%s" as valid JSON' %
                            private_key_filename)
        # Key file is in JSON format.
        for json_entry in ('client_id', 'client_email', 'private_key_id',
                           'private_key'):
            if json_entry not in json_key_dict:
                raise Exception('The JSON private key file at %s '
                                'did not contain the required entry: %s' %
                                (private_key_filename, json_entry))
        return ServiceAccountCredentials.from_json_keyfile_dict(
            json_key_dict, scopes=DEFAULT_SCOPES, token_uri=provider_token_uri)
    else:
        # Key file is in P12 format.
        if HAS_CRYPTO:
            if not service_client_id:
                raise Exception(
                    'gs_service_client_id must be set if '
                    'gs_service_key_file is set to a .p12 key file')
            key_file_pass = config.get('Credentials',
                                       'gs_service_key_file_password',
                                       GOOGLE_OAUTH2_DEFAULT_FILE_PASSWORD)
            # We use _from_p12_keyfile_contents to avoid reading the key file
            # again unnecessarily.
            try:
                return ServiceAccountCredentials.from_p12_keyfile_buffer(
                    service_client_id,
                    BytesIO(private_key),
                    private_key_password=key_file_pass,
                    scopes=DEFAULT_SCOPES,
                    token_uri=provider_token_uri)
            except Exception as e:
                raise Exception(
                    'OpenSSL unable to parse PKCS 12 key {}.'
                    'Please verify key integrity. Error message:\n{}'.format(
                        private_key_filename, str(e)))
def _GetOauth2ServiceAccountCredentials():
  """Retrieves OAuth2 service account credentials for a private key file."""
  if not _HasOauth2ServiceAccountCreds():
    return

  provider_token_uri = _GetProviderTokenUri()
  service_client_id = config.get('Credentials', 'gs_service_client_id', '')
  private_key_filename = config.get('Credentials', 'gs_service_key_file', '')

  with io.open(private_key_filename, 'rb') as private_key_file:
    private_key = private_key_file.read()

  keyfile_is_utf8 = False
  try:
    private_key = private_key.decode(UTF8)
    # P12 keys won't be encoded as UTF8 bytes.
    keyfile_is_utf8 = True
  except UnicodeDecodeError:
    pass

  if keyfile_is_utf8:
    try:
      json_key_dict = json.loads(private_key)
    except ValueError:
      raise Exception('Could not parse JSON keyfile "%s" as valid JSON' %
                      private_key_filename)
    # Key file is in JSON format.
    for json_entry in ('client_id', 'client_email', 'private_key_id',
                       'private_key'):
      if json_entry not in json_key_dict:
        raise Exception('The JSON private key file at %s '
                        'did not contain the required entry: %s' %
                        (private_key_filename, json_entry))
    return ServiceAccountCredentials.from_json_keyfile_dict(
        json_key_dict, scopes=DEFAULT_SCOPES, token_uri=provider_token_uri)
  else:
    # Key file is in P12 format.
    if HAS_CRYPTO:
      if not service_client_id:
        raise Exception('gs_service_client_id must be set if '
                        'gs_service_key_file is set to a .p12 key file')
      key_file_pass = config.get('Credentials', 'gs_service_key_file_password',
                                 GOOGLE_OAUTH2_DEFAULT_FILE_PASSWORD)
      # We use _from_p12_keyfile_contents to avoid reading the key file
      # again unnecessarily.
      try:
        return ServiceAccountCredentials.from_p12_keyfile_buffer(
            service_client_id,
            BytesIO(private_key),
            private_key_password=key_file_pass,
            scopes=DEFAULT_SCOPES,
            token_uri=provider_token_uri)
      except Exception as e:
        raise Exception(
            'OpenSSL unable to parse PKCS 12 key {}.'
            'Please verify key integrity. Error message:\n{}'.format(
                private_key_filename, str(e)))
예제 #6
0
def _gce_conn(cred, key=None):
    service_account_name = cryptotool.decrypt_scalr(app.crypto_key, cred["service_account_name"])
    if key is None:
        key = _gce_key(cred)

    credentials = ServiceAccountCredentials.from_p12_keyfile_buffer(
        service_account_name, StringIO.StringIO(key), scopes=["https://www.googleapis.com/auth/compute"]
    )
    http = httplib2.Http()
    http = credentials.authorize(http)
    return build("compute", "v1", http=http), http
예제 #7
0
def get_credentials(file_buffer):
    scopes = [
        'https://www.googleapis.com/auth/spreadsheets',
    ]
    credentials = ServiceAccountCredentials.from_p12_keyfile_buffer(
        service_account_email='*****@*****.**',
        file_buffer=file_buffer,
        private_key_password='******',
        scopes=scopes,
    )
    return credentials
예제 #8
0
def get_reviews_service():
    """Create new instance of google play API service."""

    scope = 'https://www.googleapis.com/auth/androidpublisher'
    credentials = get_credentials()
    service_credentials = ServiceAccountCredentials.from_p12_keyfile_buffer(
        credentials['account'], credentials['key'], scopes=scope)
    http = httplib2.Http()
    http = service_credentials.authorize(http)
    service = build('androidpublisher', 'v3', http=http, cache_discovery=False)
    return service.reviews()
예제 #9
0
def _gce_conn(cred, key=None):
    service_account_name = cryptotool.decrypt_scalr(
        app.crypto_key, cred['service_account_name'])
    if key is None:
        key = _gce_key(cred)

    credentials = ServiceAccountCredentials.from_p12_keyfile_buffer(
        service_account_name,
        StringIO.StringIO(key),
        scopes=['https://www.googleapis.com/auth/compute'])
    http = httplib2.Http()
    http = credentials.authorize(http)
    return build('compute', 'v1', http=http), http
예제 #10
0
 def GetCredentials(self):
   if HAS_CRYPTO:
     if OAUTH2CLIENT_V2:
       # pylint: disable=protected-access
       return ServiceAccountCredentials.from_p12_keyfile_buffer(
           self._client_id, BytesIO(self._private_key),
           private_key_password=self._password, scopes=DEFAULT_SCOPE,
           token_uri=self.token_uri)
       # pylint: enable=protected-access
     else:
       return SignedJwtAssertionCredentials(
           self._client_id, self._private_key, scope=DEFAULT_SCOPE,
           private_key_password=self._password, token_uri=self.token_uri)
   else:
     raise MissingDependencyError(
         'Service account authentication requires PyOpenSSL. Please install '
         'this library and try again.')
예제 #11
0
def get_client():
    """Return client with connection to build apiary."""
    # Connect using build apiary service account credentials.
    build_apiary_service_account_email = db_config.get_value(
        'build_apiary_service_account_email')
    build_apiary_service_account_private_key = db_config.get_value(
        'build_apiary_service_account_private_key')
    credentials = ServiceAccountCredentials.from_p12_keyfile_buffer(
        build_apiary_service_account_email,
        StringIO.StringIO(build_apiary_service_account_private_key),
        scopes='https://www.googleapis.com/auth/androidbuild.internal')
    client = apiclient.discovery.build('androidbuildinternal',
                                       'v2beta1',
                                       credentials=credentials,
                                       cache_discovery=False)

    return client
예제 #12
0
def _GetOauth2ServiceAccountCredentials():
    """Retrieves OAuth2 service account credentials for a private key file."""
    if not _HasOauth2ServiceAccountCreds():
        return

    provider_token_uri = _GetProviderTokenUri()
    service_client_id = config.get('Credentials', 'gs_service_client_id', '')
    private_key_filename = config.get('Credentials', 'gs_service_key_file', '')
    private_key = None
    with open(private_key_filename, 'rb') as private_key_file:
        private_key = private_key_file.read()

    json_key_dict = None
    try:
        json_key_dict = json.loads(private_key)
    except ValueError:
        pass
    if json_key_dict:
        # Key file is in JSON format.
        for json_entry in ('client_id', 'client_email', 'private_key_id',
                           'private_key'):
            if json_entry not in json_key_dict:
                raise Exception('The JSON private key file at %s '
                                'did not contain the required entry: %s' %
                                (private_key_filename, json_entry))
        return ServiceAccountCredentials.from_json_keyfile_dict(
            json_key_dict, scopes=DEFAULT_SCOPES, token_uri=provider_token_uri)
    else:
        # Key file is in P12 format.
        if HAS_CRYPTO:
            if not service_client_id:
                raise Exception(
                    'gs_service_client_id must be set if '
                    'gs_service_key_file is set to a .p12 key file')
            key_file_pass = config.get('Credentials',
                                       'gs_service_key_file_password',
                                       GOOGLE_OAUTH2_DEFAULT_FILE_PASSWORD)
            # We use _from_p12_keyfile_contents to avoid reading the key file
            # again unnecessarily.
            return ServiceAccountCredentials.from_p12_keyfile_buffer(
                service_client_id,
                BytesIO(private_key),
                private_key_password=key_file_pass,
                scopes=DEFAULT_SCOPES,
                token_uri=provider_token_uri)
예제 #13
0
def _GetOauth2ServiceAccountCredentials():
  """Retrieves OAuth2 service account credentials for a private key file."""
  if not _HasOauth2ServiceAccountCreds():
    return

  provider_token_uri = _GetProviderTokenUri()
  service_client_id = config.get('Credentials', 'gs_service_client_id', '')
  private_key_filename = config.get('Credentials', 'gs_service_key_file', '')
  private_key = None
  with open(private_key_filename, 'rb') as private_key_file:
    private_key = private_key_file.read()

  json_key_dict = None
  try:
    json_key_dict = json.loads(private_key)
  except ValueError:
    pass
  if json_key_dict:
    # Key file is in JSON format.
    for json_entry in ('client_id', 'client_email', 'private_key_id',
                       'private_key'):
      if json_entry not in json_key_dict:
        raise Exception('The JSON private key file at %s '
                        'did not contain the required entry: %s' %
                        (private_key_filename, json_entry))
    return ServiceAccountCredentials.from_json_keyfile_dict(
        json_key_dict, scopes=DEFAULT_SCOPES, token_uri=provider_token_uri)
  else:
    # Key file is in P12 format.
    if HAS_CRYPTO:
      if not service_client_id:
        raise Exception('gs_service_client_id must be set if '
                        'gs_service_key_file is set to a .p12 key file')
      key_file_pass = config.get(
          'Credentials', 'gs_service_key_file_password',
          GOOGLE_OAUTH2_DEFAULT_FILE_PASSWORD)
      # We use _from_p12_keyfile_contents to avoid reading the key file
      # again unnecessarily.
      return ServiceAccountCredentials.from_p12_keyfile_buffer(
          service_client_id, BytesIO(private_key),
          private_key_password=key_file_pass, scopes=DEFAULT_SCOPES,
          token_uri=provider_token_uri)
예제 #14
0
def authorize_account():
    # setup variables for reading
    SCOPE = ["https://spreadsheets.google.com/feeds"]
    SECRETS_FILE = "forms/secretKey.json"
    SPREADSHEET = "Responses"

    # Based on docs here - http://gspread.readthedocs.org/en/latest/oauth2.html
    # Load in the secret JSON key (must be a service account)
    json_key = json.load(open(SECRETS_FILE))
    # Authenticate using the signed key
    credentials = ServiceAccountCredentials.from_p12_keyfile_buffer(
        json_key['client_email'],
        StringIO.StringIO(json_key['private_key']),
        scopes='https://www.googleapis.com/auth/drive')
    http = credentials.authorize(httplib2.Http())
    drive = discovery.build("drive", "v2", http=http)

    # Client instance
    our_client = gspread.authorize(credentials)
    #     our_client.login()
    return our_client
예제 #15
0
 def test_from_p12_keyfile_buffer(self):
     service_account_email = '*****@*****.**'
     filename = data_filename('privatekey.p12')
     private_key_password = '******'
     scopes = ['foo', 'bar']
     with open(filename, 'rb') as file_obj:
         key_contents = file_obj.read()
         # Seek back to the beginning so the buffer can be
         # passed to the constructor.
         file_obj.seek(0)
         creds = ServiceAccountCredentials.from_p12_keyfile_buffer(
             service_account_email, file_obj,
             private_key_password=private_key_password,
             scopes=scopes)
     # Check the created object.
     self.assertIsInstance(creds, ServiceAccountCredentials)
     self.assertIsNone(creds.client_id)
     self.assertEqual(creds._service_account_email, service_account_email)
     self.assertIsNone(creds._private_key_id)
     self.assertIsNone(creds._private_key_pkcs8_pem)
     self.assertEqual(creds._private_key_pkcs12, key_contents)
     self.assertEqual(creds._private_key_password, private_key_password)
     self.assertEqual(creds._scopes, ' '.join(scopes))
예제 #16
0
def get_client():
    """Return client with connection to build apiary."""
    # Connect using build apiary service account credentials.
    build_apiary_service_account_email = db_config.get_value(
        'build_apiary_service_account_email')
    build_apiary_service_account_private_key = db_config.get_value(
        'build_apiary_service_account_private_key')
    if (not build_apiary_service_account_email
            or not build_apiary_service_account_private_key):
        logs.log(
            'Android build apiary credentials are not set, skip artifact fetch.'
        )
        return None

    credentials = ServiceAccountCredentials.from_p12_keyfile_buffer(
        build_apiary_service_account_email,
        io.BytesIO(build_apiary_service_account_private_key),
        scopes='https://www.googleapis.com/auth/androidbuild.internal')
    client = apiclient.discovery.build('androidbuildinternal',
                                       'v2beta1',
                                       credentials=credentials,
                                       cache_discovery=False)

    return client
예제 #17
0
파일: gce.py 프로젝트: zendad/flocker
def gce_credentials_from_config(gce_credentials_config=None):
    """
    This function creates a proper GCE credentials object either from a passed
    in configuration blob or, if this code is being run on a GCE instance, from
    the default service account credentials associated with the VM.

    :param dict gce_credentials_config: A credentials dict used to authenticate
        against GCE. This should have the same content as the JSON blob you
        download when you create a new key for a service account. If this is
        ``None``, then the instances implicit credentials will be used.

    :returns: A GCE credentials object for use with the GCE API.
    """
    if gce_credentials_config is not None:
        credentials = ServiceAccountCredentials.from_p12_keyfile_buffer(
            service_account_email=gce_credentials_config['client_email'],
            file_buffer=BytesIO(gce_credentials_config['private_key']),
            scopes=[
                u"https://www.googleapis.com/auth/compute",
            ]
        )
    else:
        credentials = GoogleCredentials.get_application_default()
    return credentials
 def test_from_p12_keyfile_buffer(self):
     service_account_email = '*****@*****.**'
     filename = data_filename('privatekey.p12')
     private_key_password = '******'
     scopes = ['foo', 'bar']
     with open(filename, 'rb') as file_obj:
         key_contents = file_obj.read()
         # Seek back to the beginning so the buffer can be
         # passed to the constructor.
         file_obj.seek(0)
         creds = ServiceAccountCredentials.from_p12_keyfile_buffer(
             service_account_email,
             file_obj,
             private_key_password=private_key_password,
             scopes=scopes)
     # Check the created object.
     self.assertIsInstance(creds, ServiceAccountCredentials)
     self.assertIsNone(creds.client_id)
     self.assertEqual(creds._service_account_email, service_account_email)
     self.assertIsNone(creds._private_key_id)
     self.assertIsNone(creds._private_key_pkcs8_pem)
     self.assertEqual(creds._private_key_pkcs12, key_contents)
     self.assertEqual(creds._private_key_password, private_key_password)
     self.assertEqual(creds._scopes, ' '.join(scopes))
예제 #19
0
    def _get_credentials():
        """
        Method to retrieve credentials with a lot of possible ways.

        First, it tries to get credentials with the three ansible/libcloud ways:
          * With the secrets.py file which should be in $PYTHONPATH
          * With the GCE_INI_PATH
          * With the environment variables

        If none present, it tries the default OAuth client one
        :return: credentials
        """
        gce_ini_default_path = os.path.join(
            os.path.dirname(os.path.realpath(__file__)), "gce.ini")
        gce_ini_path = os.environ.get('GCE_INI_PATH', gce_ini_default_path)

        # We don't get the libcloud_secret parameter since it has been deprecated
        config = ConfigParser.SafeConfigParser(
            defaults={
                'gce_service_account_email_address': '',
                'gce_service_account_pem_file_path': '',
            })
        if 'gce' not in config.sections():
            config.add_section('gce')

        # It's safe even if the gce.ini file does not exist
        config.read(gce_ini_path)

        try:
            import secrets
            args = list(getattr(secrets, 'GCE_PARAMS', []))
            gce_service_account_email_address = args[0]
            gce_service_account_pem_file_path = args[1]
        except ImportError:
            gce_service_account_email_address = config.get(
                'gce', 'gce_service_account_email_address')
            gce_service_account_pem_file_path = config.get(
                'gce', 'gce_service_account_pem_file_path')

        # If the environment variables are set, they override
        gce_service_account_email_address = os.environ.get(
            'GCE_EMAIL', gce_service_account_email_address)
        gce_service_account_pem_file_path = os.environ.get(
            'GCE_PEM_FILE_PATH', gce_service_account_pem_file_path)

        # If the email and the pem_file are empty, let use the Google OAuth default behavior
        if gce_service_account_email_address == '' or gce_service_account_pem_file_path == '':
            log.info(
                'Using default behavior of the oauth client lib to get credentials'
            )
            return GoogleCredentials.get_application_default()

        # check if the GCE_PEM_FILE_PATH is directly the key
        # see: https://github.com/apache/libcloud/blob/trunk/libcloud/common/google.py#L471
        log.info('Using the libcloud way to get credentials')

        stream = StringIO()
        if gce_service_account_pem_file_path.find('PRIVATE KEY---') != -1:
            stream.write(gce_service_account_pem_file_path)
        else:
            key_path = os.path.expanduser(gce_service_account_pem_file_path)
            is_file_path = os.path.exists(key_path) and os.path.isfile(
                key_path)
            if not is_file_path:
                raise ValueError("Missing (or not readable) key "
                                 "file: '%s'" %
                                 gce_service_account_pem_file_path)
            with open(key_path, 'r') as f:
                contents = f.read()
            try:
                key = json.loads(contents)
                key = key['private_key']
            except ValueError:
                key = contents
            stream.write(key)

            # Reset the buffer position
        stream.seek(0)
        return ServiceAccountCredentials.from_p12_keyfile_buffer(
            gce_service_account_email_address, stream)