def CreateServiceAccountKey(service_account_name): """Create a service account key. Args: service_account_name: Name of service acccount. Returns: The contents of the generated private key file as a string. """ default_credential_path = os.path.join( config.Paths().global_config_dir, _Utf8ToBase64(service_account_name) + '.json') credential_file_path = os.environ.get('LOCAL_CREDENTIAL_PATH', default_credential_path) if os.path.exists(credential_file_path): return files.ReadFileContents(credential_file_path) warning_msg = ('Creating a user-managed service account key for ' '{service_account_name}. This service account key will be ' 'the default credential pointed to by ' 'GOOGLE_APPLICATION_CREDENTIALS in the local development ' 'environment. The user is responsible for the storage,' 'rotation, and deletion of this key. A copy of this key will ' 'be stored at {local_key_path}').format( service_account_name=service_account_name, local_key_path=credential_file_path) console_io.PromptContinue( message=warning_msg, prompt_string='Continue?', cancel_on_no=True) service = apis.GetClientInstance('iam', 'v1') message_module = service.MESSAGES_MODULE create_key_request = ( message_module.IamProjectsServiceAccountsKeysCreateRequest( name=service_account_name, createServiceAccountKeyRequest=message_module .CreateServiceAccountKeyRequest( privateKeyType=message_module.CreateServiceAccountKeyRequest .PrivateKeyTypeValueValuesEnum.TYPE_GOOGLE_CREDENTIALS_FILE))) key = service.projects_serviceAccounts_keys.Create(create_key_request) files.WriteFileContents(credential_file_path, key.privateKeyData) return six.u(key.privateKeyData)
def __init__(self, name, command_root_directory, allow_non_existing_modules=False, logs_dir=config.Paths().logs_dir, version_func=None, known_error_handler=None, yaml_command_translator=None): """Initialize Calliope. Args: name: str, The name of the top level command, used for nice error reporting. command_root_directory: str, The path to the directory containing the main CLI module. allow_non_existing_modules: True to allow extra module directories to not exist, False to raise an exception if a module does not exist. logs_dir: str, The path to the root directory to store logs in, or None for no log files. version_func: func, A function to call for a top-level -v and --version flag. If None, no flags will be available. known_error_handler: f(x)->None, A function to call when an known error is handled. It takes a single argument that is the exception. yaml_command_translator: YamlCommandTranslator, An instance of a translator that will be used to load commands written as a yaml spec. Raises: backend.LayoutException: If no command root directory is given. """ self.__name = name self.__command_root_directory = command_root_directory if not self.__command_root_directory: raise command_loading.LayoutException( 'You must specify a command root directory.') self.__allow_non_existing_modules = allow_non_existing_modules self.__logs_dir = logs_dir self.__version_func = version_func self.__known_errror_handler = known_error_handler self.__yaml_command_translator = yaml_command_translator self.__pre_run_hooks = [] self.__post_run_hooks = [] self.__modules = [] self.__missing_components = {} self.__release_tracks = {}
def __init__(self, name, command_root_directory, allow_non_existing_modules=False, load_context=None, logs_dir=config.Paths().logs_dir, version_func=None): """Initialize Calliope. Args: name: str, The name of the top level command, used for nice error reporting. command_root_directory: str, The path to the directory containing the main CLI module. allow_non_existing_modules: True to allow extra module directories to not exist, False to raise an exception if a module does not exist. load_context: A function that returns a context dict, or None for a default which always returns {}. logs_dir: str, The path to the root directory to store logs in, or None for no log files. version_func: func, A function to call for a top-level -v and --version flag. If None, no flags will be available. Raises: backend.LayoutException: If no command root directory is given. """ self.__name = name self.__command_root_directory = command_root_directory if not self.__command_root_directory: raise backend.LayoutException( 'You must specify a command root directory.') self.__allow_non_existing_modules = allow_non_existing_modules self.__config_hooks = backend.ConfigHooks(load_context=load_context) self.__logs_dir = logs_dir self.__version_func = version_func self.__pre_run_hooks = [] self.__post_run_hooks = [] self.__modules = [] self.__missing_components = {} self.__release_tracks = {}
def __init__(self, anonymizer=None): anonymizer = anonymizer or NoopAnonymizer() self.sdk_root = anonymizer.ProcessPath(config.Paths().sdk_root) self.release_channel = config.INSTALLATION_CONFIG.release_channel self.repo_url = config.INSTALLATION_CONFIG.snapshot_url repos = properties.VALUES.component_manager.additional_repositories.Get( validate=False) self.additional_repos = repos.split(',') if repos else [] # Keep it as array for structured output. path = encoding.GetEncodedValue(os.environ, 'PATH', '').split(os.pathsep) self.python_path = [ anonymizer.ProcessPath(encoding.Decode(path_elem)) for path_elem in sys.path ] if self.sdk_root: manager = update_manager.UpdateManager() self.components = manager.GetCurrentVersionsInformation() self.old_tool_paths = [ anonymizer.ProcessPath(p) for p in manager.FindAllOldToolsOnPath() ] self.duplicate_tool_paths = [ anonymizer.ProcessPath(p) for p in manager.FindAllDuplicateToolsOnPath() ] paths = [os.path.realpath(p) for p in path] this_path = os.path.realpath( os.path.join(self.sdk_root, update_manager.UpdateManager.BIN_DIR_NAME)) # TODO(b/36055867): Validate symlinks in /usr/local/bin when we start # creating them. self.on_path = this_path in paths else: self.components = {} self.old_tool_paths = [] self.duplicate_tool_paths = [] self.on_path = False self.path = [anonymizer.ProcessPath(p) for p in path] self.kubectl = file_utils.SearchForExecutableOnPath('kubectl') if self.kubectl: self.kubectl = anonymizer.ProcessPath(self.kubectl[0])
def __init__(self): self.use_client_certificate = ( properties.VALUES.context_aware.use_client_certificate.GetBool()) self._cert_and_key_path = None self.client_cert_path = None self.client_cert_password = None self.cert_provider_command = '' atexit.register(self.Cleanup) if self.use_client_certificate: # Search for configuration produced by endpoint verification cfg_file = _AutoDiscoveryFilePath() # Autodiscover context aware settings from configuration file created by # end point verification agent try: contents = files.ReadFileContents(cfg_file) log.debug('context aware settings detected at %s', cfg_file) json_out = json.loads(contents) if 'cert_provider_command' in json_out: # Execute the cert provider to provision client certificates for # context aware access self.cert_provider_command = json_out[ 'cert_provider_command'] # Remember the certificate path when auto provisioning # to cleanup after use self._cert_and_key_path = os.path.join( config.Paths().global_config_dir, 'caa_cert.pem') # Certs provisioned using endpoint verification are stored as a # single file holding both the public certificate # and the private key self._ProvisionClientCert(self.cert_provider_command, self._cert_and_key_path) self.client_cert_path = self._cert_and_key_path else: raise CertProvisionException('no cert provider detected') except files.Error as e: log.debug('context aware settings discovery file %s - %s', cfg_file, e) except CertProvisionException as e: log.error('failed to provision client certificate - %s', e) if self.client_cert_path is None: raise ConfigException( 'Use of client certificate requires endpoint verification agent. ' 'Run `gcloud topic client-certificate` for installation guide.' )
def _GetLegacyGen(account, creds, scopes=None): if scopes is None: scopes = config.CLOUDSDK_SCOPES return _LegacyGenerator( multistore_path=config.Paths().LegacyCredentialsMultistorePath( account), json_path=config.Paths().LegacyCredentialsJSONPath(account), gae_java_path=config.Paths().LegacyCredentialsGAEJavaPath(account), gsutil_path=config.Paths().LegacyCredentialsGSUtilPath(account), key_path=config.Paths().LegacyCredentialsKeyPath(account), json_key_path=config.Paths().LegacyCredentialsJSONKeyPath(account), credentials=creds, scopes=scopes)
def __init__(self, name=None, create=True): """ResourceCache constructor. Args: name: The persistent cache object name. If None then a default name conditioned on the account name is used. <GLOBAL_CONFIG_DIR>/cache/<ACCOUNT>/resource.cache create: Create the cache if it doesn't exist if True. """ if not name: path = [config.Paths().cache_dir] account = properties.VALUES.core.account.Get(required=False) if account: path.append(account) files.MakeDir(os.path.join(*path)) path.append('resource.cache') name = os.path.join(*path) super(ResourceCache, self).__init__( name=name, create=create, version='googlecloudsdk.resource-1.0')
def __GetCID(): """Gets the client id from the config file, or generates a new one. Returns: str, The hex string of the client id. """ uuid_path = config.Paths().analytics_cid_path cid = None if os.path.exists(uuid_path): with open(uuid_path) as f: cid = f.read() if cid: return cid with open(uuid_path, 'w') as f: cid = uuid.uuid4().hex f.write(cid) # A random UUID return cid
def _FindStorageKeyForAccount(account): """Scans credential file for keys matching given account. If such key(s) is found it checks that current set of scopes is a subset of scopes associated with the key. Args: account: str, The account tied to the storage key being fetched. Returns: dict, key to be used in the credentials store. """ storage_path = config.Paths().credentials_path current_scopes = set(config.CLOUDSDK_SCOPES) equivalent_keys = [key for key in multistore_file.get_all_credential_keys( filename=storage_path) if (key.get('type') == 'google-cloud-sdk' and key.get('account') == account and ( 'scope' not in key or set(key.get('scope').split()) >= current_scopes))] preferred_key = _GetStorageKeyForAccount(account) if preferred_key in equivalent_keys: equivalent_keys.remove(preferred_key) elif equivalent_keys: # Migrate credentials over to new key format. storage = multistore_file.get_credential_storage_custom_key( filename=storage_path, key_dict=equivalent_keys[0]) creds = storage.get() storage = multistore_file.get_credential_storage_custom_key( filename=storage_path, key_dict=preferred_key) storage.put(creds) # Remove all other entries. for key in equivalent_keys: storage = multistore_file.get_credential_storage_custom_key( filename=storage_path, key_dict=key) storage.delete() return preferred_key
def CreateCLI(): """Generates the gcloud CLI.""" sdk_root = config.Paths().sdk_root if sdk_root: help_dir = os.path.join(sdk_root, 'help') else: help_dir = None loader = cli.CLILoader(name='gcloud', command_root_directory=os.path.join( cli.GoogleCloudSDKPackageRoot(), 'gcloud', 'sdktools', 'root'), allow_non_existing_modules=True, version_func=VersionFunc, help_dir=help_dir) pkg_root = cli.GoogleCloudSDKPackageRoot() loader.AddModule('auth', os.path.join(pkg_root, 'gcloud', 'sdktools', 'auth')) loader.AddModule('bigquery', os.path.join(pkg_root, 'bigquery', 'commands')) loader.AddModule( 'components', os.path.join(pkg_root, 'gcloud', 'sdktools', 'components')) loader.AddModule('compute', os.path.join(pkg_root, 'compute', 'subcommands')) loader.AddModule('config', os.path.join(pkg_root, 'gcloud', 'sdktools', 'config')) loader.AddModule('dns', os.path.join(pkg_root, 'dns', 'dnstools')) loader.AddModule('endpoints', os.path.join(pkg_root, 'endpoints', 'commands')) loader.AddModule('preview', os.path.join(pkg_root, 'preview', 'commands')) # Put app and datastore under preview for now. loader.AddModule('preview.app', os.path.join(pkg_root, 'appengine', 'app_commands')) loader.AddModule('preview.datastore', os.path.join(pkg_root, 'appengine', 'datastore_commands')) loader.AddModule('projects', os.path.join(pkg_root, 'projects', 'commands')) loader.AddModule('sql', os.path.join(pkg_root, 'sql', 'tools')) # Check for updates on shutdown but not for any of the updater commands. loader.RegisterPostRunHook(UpdateCheck, exclude_commands=r'gcloud\.components\..*') return loader.Generate()
def Load(): """Loads the set of properties for the CloudSDK CLIs from files. This function will load the properties file, first from the installation config, then the global config directory CLOUDSDK_GLOBAL_CONFIG_DIR, and then from the workspace config directory CLOUDSDK_WORKSPACE_CONFIG_DIR. Returns: properties.Properties, The CloudSDK properties. """ config_paths = config.Paths() paths = [ config_paths.installation_properties_path, config_paths.user_properties_path, config_paths.workspace_properties_path ] # Remove anything that was None. paths = [p for p in paths if p] return _PropertiesFile(paths)
def GetFeatureFlagsConfig(account_id, project_id): """Gets the feature flags config. If the feature flags config file does not exist or is stale, download and save the feature flags config. Otherwise, read the feature flags config. Errors will be logged, but will not interrupt normal operation. Args: account_id: str, account ID. project_id: str, project ID Returns: A FeatureFlagConfig, or None. """ feature_flags_config_path = config.Paths().feature_flags_config_path with _FEATURE_FLAGS_LOCK: yaml_data = None if IsFeatureFlagsConfigStale(feature_flags_config_path): yaml_data = FetchFeatureFlagsConfig() try: file_utils.WriteFileContents(feature_flags_config_path, yaml_data or '') except file_utils.Error as e: logging.warning( 'Unable to write feature flags config [%s]: %s. Please ' 'ensure that this path is writeable.', feature_flags_config_path, e) else: try: yaml_data = file_utils.ReadFileContents( feature_flags_config_path) except file_utils.Error as e: logging.warning( 'Unable to read feature flags config [%s]: %s. Please ' 'ensure that this path is readable.', feature_flags_config_path, e) if yaml_data: return FeatureFlagsConfig(yaml_data, account_id, project_id) return None
def main(): """Launches gsutil.""" project, account = bootstrapping.GetActiveProjectAndAccount() pass_credentials = properties.VALUES.core.pass_credentials_to_gsutil.GetBool( ) if pass_credentials and account not in c_gce.Metadata().Accounts(): gsutil_path = config.Paths().LegacyCredentialsGSUtilPath(account) boto_config = os.environ.get('BOTO_CONFIG', '') boto_path = os.environ.get('BOTO_PATH', '') # We construct a BOTO_PATH that tacks the refresh token config # on the end. if boto_config: boto_path = os.pathsep.join([boto_config, gsutil_path]) elif boto_path: boto_path = os.pathsep.join([boto_path, gsutil_path]) else: path_parts = [ '/etc/boto.cfg', os.path.expanduser(os.path.join('~', '.boto')), gsutil_path ] boto_path = os.pathsep.join(path_parts) if 'BOTO_CONFIG' in os.environ: del os.environ['BOTO_CONFIG'] os.environ['BOTO_PATH'] = boto_path # Tell gsutil whether gcloud analytics collection is enabled. os.environ['GA_CID'] = metrics.GetCIDIfMetricsEnabled() args = [] if project: args.extend(['-o', 'GSUtil:default_project_id=%s' % project]) if pass_credentials and account in c_gce.Metadata().Accounts(): # Tell gsutil to look for GCE service accounts. args.extend(['-o', 'GoogleCompute:service_account=default']) bootstrapping.ExecutePythonTool('platform/gsutil', 'gsutil', *args)
def testSentinel(self): paths = config.Paths() self.ClearAllConfigurations() self.AssertExistingConfigs('default', 'default') # Don't touch sentinel when updating config on non-active configuration. c = named_configs.ConfigurationStore.CreateConfig('foo') c.PersistProperty('core', 'account', 'foo') self.assertFalse(os.path.isfile(paths.config_sentinel_file)) # Do update it if the configuration is active. c = named_configs.ConfigurationStore.ActiveConfig() c.PersistProperty('core', 'account', 'foo') self.assertTrue(os.path.isfile(paths.config_sentinel_file)) # Do update it if you change the active configuration. os.remove(paths.config_sentinel_file) self.assertFalse(os.path.isfile(paths.config_sentinel_file)) named_configs.ConfigurationStore.ActivateConfig('foo') self.assertTrue(os.path.isfile(paths.config_sentinel_file))
def main(): """Launches appcfg.py.""" unused_project, account = bootstrapping.GetActiveProjectAndAccount() json_creds = config.Paths().LegacyCredentialsJSONPath(account) args = ['--skip_sdk_update_check'] try: creds = devshell.DevshellCredentials() args.extend([ '--oauth2_access_token=' + creds.access_token ]) except devshell.NoDevshellServer: args.extend([ '--oauth2', '--oauth2_client_id=32555940559.apps.googleusercontent.com', '--oauth2_client_secret=ZmssLNjJy2998hD4CTg2ejr2', '--oauth2_credential_file={0}'.format(json_creds), ]) bootstrapping.ExecutePythonTool('platform/google_appengine', 'appcfg.py', *args)
def testCorruptedCache(self): # Set cache to something that can't be parsed as YAML config_dir = config.Paths().global_config_dir cache_file = os.path.join(config_dir, ".apigee-cached-project-mapping") files.WriteFileContents(cache_file, "data: {{ unparseable }}") canned_organization_response = { "organizations": [{ "organization": "my-project", "projectIds": ["my-project"] },] } self.AddHTTPResponse( "https://apigee.googleapis.com/v1/organizations", body=json.dumps(canned_organization_response)) self.AddHTTPResponse( "https://apigee.googleapis.com/v1/" "organizations/my-project/environments", body=json.dumps(["test"])) self.RunApigee("environments list --project=my-project")
def GetCredentialStore(store_file=None, access_token_file=None): """Constructs credential store. Args: store_file: str, optional path to use for storage. If not specified config.Paths().credentials_path will be used. access_token_file: str, optional path to use for access token storage. Note that some implementations use store_file to also store access_tokens, in which case this argument is ignored. Returns: CredentialStore object. """ if properties.VALUES.auth.use_sqlite_store.GetBool(): return _GetSqliteStore(store_file, access_token_file) return Oauth2ClientCredentialStore(store_file or config.Paths().credentials_path)
def testAccessTokenCacheReadonlyStore(self): access_token_cache = creds.AccessTokenCache( config.Paths().access_token_db_path) credentials = creds.FromJson(self.SERVICE_ACCOUNT_CREDENTIALS_JSON) credentials.token_response = json.loads("""{"id_token": "woweee"}""") self.assertIsNone(credentials.access_token) self.StartObjectPatch( access_token_cache, '_Execute', side_effect=sqlite3.OperationalError( 'attempt to write to read-only database')) access_token_cache.Store( credentials.service_account_email, access_token='token1', token_expiry=datetime.datetime.utcnow() + datetime.timedelta(seconds=3600), rapt_token=None, id_token=None) self.AssertLogContains('Could not store access token in cache: ' 'attempt to write to read-only database')
def Load(): """Loads the set of active properties from file. This includes both the installation configuration as well as the currently active configuration file. Returns: properties_file.PropertiesFile, The CloudSDK properties. """ ActivePropertiesFile._LOCK.acquire() try: if not ActivePropertiesFile._PROPERTIES: ActivePropertiesFile._PROPERTIES = properties_file.PropertiesFile( [ config.Paths().installation_properties_path, _ActiveConfig(force_create=False).file_path ]) finally: ActivePropertiesFile._LOCK.release() return ActivePropertiesFile._PROPERTIES
def testAttachAccessTokenCacheStoreGoogleAuth(self): # Create credentials. credentials = google_auth_service_account.Credentials( None, 'email', 'token_uri') self.assertIsNone(credentials.token) # Create access token cache. access_token_cache = creds.AccessTokenCache( config.Paths().access_token_db_path) access_token_cache.Store( credentials.service_account_email, access_token='token1', token_expiry=datetime.datetime.utcnow() + datetime.timedelta(seconds=3600), rapt_token=None, id_token=None) # Attach access token cache store to credentials. new_creds = creds.MaybeAttachAccessTokenCacheStoreGoogleAuth(credentials) self.assertEqual(new_creds.token, 'token1')
def __init__(self, account, credentials, scopes=None): self.credentials = credentials if self._cred_type not in (creds.USER_ACCOUNT_CREDS_NAME, creds.SERVICE_ACCOUNT_CREDS_NAME, creds.P12_SERVICE_ACCOUNT_CREDS_NAME): raise creds.CredentialFileSaveError( 'Unsupported credentials type {0}'.format(type(self.credentials))) if scopes is None: self.scopes = config.CLOUDSDK_SCOPES else: self.scopes = scopes paths = config.Paths() # Bq file is not generated here. bq CLI generates it using the adc at # self._adc_path and uses it as the cache. # Register so it is cleaned up. self._bq_path = paths.LegacyCredentialsBqPath(account) self._gsutil_path = paths.LegacyCredentialsGSUtilPath(account) self._p12_key_path = paths.LegacyCredentialsP12KeyPath(account) self._adc_path = paths.LegacyCredentialsAdcPath(account)
def Run(self, args): ve_dir = config.Paths().virtualenv_dir if not util.VirtualEnvExists(ve_dir): log.error('Virtual env does not exist at {}.'.format(ve_dir)) raise exceptions.ExitCodeNoError(exit_code=1) # The Python version being used. python_version = 'NOT AVAILABLE' def _ver(output): self._version_output = output ec = execution_utils.Exec( ['{}/bin/python3'.format(ve_dir), '--version'], no_exit=True, out_func=_ver) if ec == 0: version_parts = self._version_output.split(' ') if len(version_parts) == 2: python_version = version_parts[1] # The modules installed in the environment. modules = [] def _mod_output(output): self._modules_stdout = output execution_utils.Exec(['{}/bin/pip3'.format(ve_dir), 'freeze'], no_exit=True, out_func=_mod_output) for l in self._modules_stdout.split('\n'): if '==' in l: mn, mv = l.split('==') modules.append(Module(mn, mv)) # The enable|disable state of the virtual env environment. ve_enabled = False if util.EnableFileExists(ve_dir): ve_enabled = True return VirtualEnvInfo(python_version, modules, ve_enabled)
def AllConfigs(include_none_config=False): """Returns all the configurations that exist. This determines the currently active configuration so as a side effect it will create the default configuration if no configurations exist. Args: include_none_config: bool, True to include the NONE configuration in the list. This is a reserved configuration that indicates to not use any configuration. It is not explicitly created but is always available. Returns: {str, Configuration}, A map of configuration name to the configuration object. """ config_dir = config.Paths().named_config_directory active_config = ConfigurationStore.ActiveConfig() active_config_name = active_config.name configs = {} if include_none_config: configs[_NO_ACTIVE_CONFIG_NAME] = Configuration( _NO_ACTIVE_CONFIG_NAME, _NO_ACTIVE_CONFIG_NAME == active_config_name) try: config_files = os.listdir(config_dir) for f in config_files: m = re.match(_CONFIG_FILE_REGEX, f) if m: name = m.group(1) configs[name] = Configuration(name, name == active_config_name) return configs except (OSError, IOError) as exc: if exc.errno != errno.ENOENT: raise NamedConfigFileAccessError( 'List of configurations could not be read from: [{0}]'. format(config_dir), exc) return {}
def RunKubectlCommand(args, out_func=None, err_func=None): """Shells out a command to kubectl. This command should be called within the context of a TemporaryKubeconfig context manager in order for kubectl to be configured to access the correct cluster. Args: args: list of strings, command line arguments to pass to the kubectl command. Should omit the kubectl command itself. For example, to execute 'kubectl get pods', provide ['get', 'pods']. out_func: str->None, a function to call with the stdout of the kubectl command err_func: str->None, a function to call with the stderr of the kubectl command Raises: Error: if kubectl could not be called KubectlError: if the invocation of kubectl was unsuccessful """ # Check for 'kubectl' along Cloud SDK path. This will fail if component # manager is disabled. In this case, check entire path. kubectl_path = files.FindExecutableOnPath(_KUBECTL_COMPONENT_NAME, config.Paths().sdk_bin_path) if kubectl_path is None: kubectl_path = files.FindExecutableOnPath(_KUBECTL_COMPONENT_NAME) if kubectl_path is None: raise Error(MISSING_KUBECTL_MSG) try: retval = execution_utils.Exec(execution_utils.ArgsForExecutableTool( kubectl_path, *args), no_exit=True, out_func=out_func, err_func=err_func, universal_newlines=True) except (execution_utils.PermissionError, execution_utils.InvalidCommandError) as e: raise KubectlError(six.text_type(e)) if retval: raise KubectlError('kubectl returned non-zero status code.')
def TryEnsureWriteableNamedConfig(): """Create a named config for new/legacy users. Returns: None Raises: IOError, if there's a problem creating a new configuration. """ # Don't try to update if the user has named configs. LHS side of the `or` # helps if an otherwise new user has --configuration NONE. The RHS if a # user has named configs but has deleted their activator file. (Let's not # mess with their state any more in the latter case.) if GetNameOfActiveNamedConfig() or ListNamedConfigs(): return logging.warn('Creating and activating new configuration [%s].', AUTO_UPGRADE_NEW_CONFIG_NAME) CreateNamedConfig(AUTO_UPGRADE_NEW_CONFIG_NAME) legacy_properties = None try: with open(config.Paths().user_properties_path, 'r+') as f: legacy_properties = f.read() f.truncate(0) f.seek(0) f.write('# This properties file has been superseded by named\n' '# configurations. Editing it will have no effect.\n\n') f.write(legacy_properties) except IOError: # Best effort read and update of old properties file. pass if legacy_properties is not None: logging.warn('Importing legacy user properties.') with open(GetPathForConfigName(AUTO_UPGRADE_NEW_CONFIG_NAME), 'w') as ff: ff.write(legacy_properties) ActivateNamedConfig(AUTO_UPGRADE_NEW_CONFIG_NAME)
def testGetCredentialsGcloudAuth(self): properties.VALUES.container.use_client_certificate.Set(None) properties.VALUES.container.use_app_default_credentials.Set(False) c_config = self._TestGetCredentials( self._RunningClusterForVersion('1.5.0')) kubeconfig = kconfig.Kubeconfig.Default() bin_name = 'gcloud' if platforms.OperatingSystem.IsWindows(): bin_name = 'gcloud.cmd' path = os.path.join(core_config.Paths().sdk_bin_path, bin_name) self.assertTrue(os.path.isfile(path)) self.assertDictEqual( kubeconfig.users[c_config.kube_context]['user']['auth-provider'], { 'name': 'gcp', 'config': { 'cmd-path': path, 'cmd-args': 'config config-helper --format=json', 'token-key': '{.credential.access_token}', 'expiry-key': '{.credential.token_expiry}', } })
def _IndexDirPath(): """Locates the path for the directory where help search index should be. Raises: NoSdkRootException: if no SDK root is found. Returns: str, the path to the directory. """ paths = config.Paths() if paths.sdk_root is None: raise NoSdkRootException( 'No SDK root for this installation found. Help ' 'search index cannot be located.') # Table will be stored at root/.install/help_text. index_dir_path = os.path.join(paths.sdk_root, paths.CLOUDSDK_STATE_DIR, 'help_text') # Ensure directory exists. files.MakeDir(index_dir_path) return index_dir_path
def main(): """Launches gcutil.""" args = [] project, account = bootstrapping.GetActiveProjectAndAccount() if account: if account in c_gce.Metadata().Accounts(): args += ['--auth_service_account', account] else: ms_path = config.Paths().LegacyCredentialsMultistorePath(account) args += ['--credentials_file', ms_path] args += ['--auth_service_account='] if project: args += ['--project', project] args.append('--nocheck_for_new_version') bootstrapping.ExecutePythonTool('platform/gcutil', 'gcutil', *args)
def Revoke(account=None): """Revoke credentials and clean up related files. Args: account: str, The account address for the credentials to be revoked. If None, the currently active account is used. Raises: NoActiveAccountException: If account is not provided and there is no active account. NoCredentialsForAccountException: If the provided account is not tied to any known credentials. RevokeError: If there was a more general problem revoking the account. """ if not account: account = properties.VALUES.core.account.Get() if not account: raise NoActiveAccountException() if account in c_gce.Metadata().Accounts(): raise RevokeError('Cannot revoke GCE-provided credentials.') creds = Load(account) if not creds: raise NoCredentialsForAccountException(account) if isinstance(creds, c_devshell.DevshellCredentials): raise RevokeError( 'Cannot revoke the automatically provisioned Cloud Shell credential.' 'This comes from your browser session and will not persist outside' 'of your connected Cloud Shell session.') RevokeCredentials(creds) store = _StorageForAccount(account) if store: store.delete() _GetLegacyGen(account, creds).Clean() files.RmTree(config.Paths().LegacyCredentialsDir(account))
def _ActiveConfigNameFromFile(): """Gets the name of the user's active named config according to the file. Returns: str, The name of the active configuration or None. """ path = config.Paths().named_config_activator_path try: with open(path, 'r') as f: config_name = f.read() # If the file is empty, treat it like the file does not exist. if config_name: return config_name except (OSError, IOError) as exc: if exc.errno != errno.ENOENT: raise NamedConfigFileAccessError( 'Active configuration name could not be read from: [{0}]'. format(path), exc) # The active named config pointer file is missing, return None return None