def _load_credentials_from_file(filename): """Loads credentials from a file. The credentials file must be a service account key or stored authorized user credentials. Args: filename (str): The full path to the credentials file. Returns: Tuple[google.auth.credentials.Credentials, Optional[str]]: Loaded credentials and the project ID. Authorized user credentials do not have the project ID information. Raises: google.auth.exceptions.DefaultCredentialsError: if the file is in the wrong format. """ with io.open(filename, 'r') as file_obj: try: info = json.load(file_obj) except ValueError as exc: raise exceptions.DefaultCredentialsError( 'File {} is not a valid json file.'.format(filename), exc) # The type key should indicate that the file is either a service account # credentials file or an authorized user credentials file. credential_type = info.get('type') if credential_type == _AUTHORIZED_USER_TYPE: from google.auth import _cloud_sdk try: credentials = _cloud_sdk.load_authorized_user_credentials(info) except ValueError as exc: raise exceptions.DefaultCredentialsError( 'Failed to load authorized user credentials from {}'.format( filename), exc) # Authorized user credentials do not contain the project ID. return credentials, None elif credential_type == _SERVICE_ACCOUNT_TYPE: from google.oauth2 import service_account try: credentials = ( service_account.Credentials.from_service_account_info(info)) except ValueError as exc: raise exceptions.DefaultCredentialsError( 'Failed to load service account credentials from {}'.format( filename), exc) return credentials, info.get('project_id') else: raise exceptions.DefaultCredentialsError( 'The file {file} does not have a valid type. ' 'Type is {type}, expected one of {valid_types}.'.format( file=filename, type=credential_type, valid_types=_VALID_TYPES))
def test_load_authorized_user_credentials(): credentials = _cloud_sdk.load_authorized_user_credentials( AUTHORIZED_USER_FILE_DATA) assert isinstance(credentials, google.oauth2.credentials.Credentials) assert credentials.token is None assert (credentials._refresh_token == AUTHORIZED_USER_FILE_DATA['refresh_token']) assert credentials._client_id == AUTHORIZED_USER_FILE_DATA['client_id'] assert (credentials._client_secret == AUTHORIZED_USER_FILE_DATA['client_secret']) assert credentials._token_uri == _cloud_sdk._GOOGLE_OAUTH2_TOKEN_ENDPOINT
def test_load_authorized_user_credentials_bad_format(): with pytest.raises(ValueError) as excinfo: _cloud_sdk.load_authorized_user_credentials({}) assert excinfo.match(r'missing fields')
def _load_credentials_from_file(filename): """Loads credentials from a file. The credentials file must be a service account key or stored authorized user credentials. Args: filename (str): The full path to the credentials file. Returns: Tuple[google.auth.credentials.Credentials, Optional[str]]: Loaded credentials and the project ID. Authorized user credentials do not have the project ID information. Raises: google.auth.exceptions.DefaultCredentialsError: if the file is in the wrong format or is missing. """ if not os.path.exists(filename): raise exceptions.DefaultCredentialsError( "File {} was not found.".format(filename) ) with io.open(filename, "r") as file_obj: try: info = json.load(file_obj) except ValueError as caught_exc: new_exc = exceptions.DefaultCredentialsError( "File {} is not a valid json file.".format(filename), caught_exc ) six.raise_from(new_exc, caught_exc) # The type key should indicate that the file is either a service account # credentials file or an authorized user credentials file. credential_type = info.get("type") if credential_type == _AUTHORIZED_USER_TYPE: from google.auth import _cloud_sdk try: credentials = _cloud_sdk.load_authorized_user_credentials(info) except ValueError as caught_exc: msg = "Failed to load authorized user credentials from {}".format(filename) new_exc = exceptions.DefaultCredentialsError(msg, caught_exc) six.raise_from(new_exc, caught_exc) # Authorized user credentials do not contain the project ID. _warn_about_problematic_credentials(credentials) return credentials, None elif credential_type == _SERVICE_ACCOUNT_TYPE: from google.oauth2 import service_account try: credentials = service_account.Credentials.from_service_account_info(info) except ValueError as caught_exc: msg = "Failed to load service account credentials from {}".format(filename) new_exc = exceptions.DefaultCredentialsError(msg, caught_exc) six.raise_from(new_exc, caught_exc) return credentials, info.get("project_id") else: raise exceptions.DefaultCredentialsError( "The file {file} does not have a valid type. " "Type is {type}, expected one of {valid_types}.".format( file=filename, type=credential_type, valid_types=_VALID_TYPES ) )