def Run(self, args):
"""Run the print_identity_token command."""
cred = c_store.Load()
if args.force_auth_refresh:
c_store.Refresh(cred)
if not cred.id_token64:
raise auth_exceptions.InvalidIdentityTokenError(
'No identity token can be obtained from the current credentials.'
)
return cred.id_tokenb64
def Run(self, args):
"""Run the print_identity_token command."""
cred = c_store.Load(args.account)
c_store.Refresh(cred)
credential = config_helper.Credential(cred)
if not credential.id_token:
raise auth_exceptions.InvalidIdentityTokenError(
'No identity token can be obtained from the current credentials.'
)
return credential
def _Run(args):
"""Run the print_identity_token command."""
do_impersonation = args.IsSpecified('impersonate_service_account')
cred = c_store.Load(
args.account,
allow_account_impersonation=do_impersonation,
use_google_auth=True)
is_impersonated_account = auth_util.IsImpersonationCredential(cred)
if args.audiences:
if not auth_util.ValidIdTokenCredential(cred):
raise auth_exceptions.WrongAccountTypeError(
'Invalid account Type for `--audiences`. '
'Requires valid service account.')
target_audiences = ' '.join(args.audiences)
# TODO(b/170394261): Avoid changing constant values.
config.CLOUDSDK_CLIENT_ID = target_audiences
if args.IsSpecified('token_format') or args.IsSpecified('include_license'):
if not auth_util.IsGceAccountCredentials(cred):
raise auth_exceptions.WrongAccountTypeError(
'Invalid account type for `--token-format` or `--include-license`. '
'Requires a valid GCE service account.')
if args.token_format == 'standard':
if args.include_license:
raise auth_exceptions.GCEIdentityTokenError(
'`--include-license` can only be specified when '
'`--token-format=full`.')
if args.IsSpecified('include_email'):
if not auth_util.IsImpersonationCredential(cred):
raise auth_exceptions.WrongAccountTypeError(
'Invalid account type for `--include-email`. '
'Requires an impersonate service account.')
c_store.Refresh(
cred,
is_impersonated_credential=is_impersonated_account,
include_email=args.include_email,
gce_token_format=args.token_format,
gce_include_license=args.include_license)
credential = config_helper.Credential(cred)
if not credential.id_token:
raise auth_exceptions.InvalidIdentityTokenError(
'No identity token can be obtained from the current credentials.')
return credential
def _Run(args):
"""Run the print_identity_token command."""
cred = c_store.Load(args.account)
is_service_account = auth_util.CheckAccountType(cred)
if not is_service_account:
raise auth_exceptions.WrongAccountTypeError(
'`--audiences` can only be specified for service account.')
if args.audiences:
target_audiences = ' '.join(args.audiences)
config.CLOUDSDK_CLIENT_ID = target_audiences
c_store.Refresh(cred)
credential = config_helper.Credential(cred)
if not credential.id_token:
raise auth_exceptions.InvalidIdentityTokenError(
'No identity token can be obtained from the current credentials.')
return credential
def _Run(args):
"""Run the print_identity_token command."""
do_impersonation = args.IsSpecified('impersonate_service_account')
cred = c_store.Load(
args.account, allow_account_impersonation=do_impersonation)
is_impersonated_account = auth_util.IsImpersonationCredential(cred)
if args.audiences:
if not auth_util.ValidIdTokenCredential(cred):
raise auth_exceptions.WrongAccountTypeError(
'Invalid account Type for `--audiences`. '
'Requires valid service account.')
target_audiences = ' '.join(args.audiences)
config.CLOUDSDK_CLIENT_ID = target_audiences
c_store.Refresh(cred, is_impersonated_credential=is_impersonated_account)
credential = config_helper.Credential(cred)
if not credential.id_token:
raise auth_exceptions.InvalidIdentityTokenError(
'No identity token can be obtained from the current credentials.')
return credential