Пример #1
0
    def WriteTemplate(self):
        """Write the credential file."""

        # General credentials used by bq and gsutil.
        if self.credentials_type != creds.CredentialType.P12_SERVICE_ACCOUNT:
            creds.ADC(self.credentials).DumpADCToFile(file_path=self._adc_path)

            if self.credentials_type == creds.CredentialType.USER_ACCOUNT:
                # We create a small .boto file for gsutil, to be put in BOTO_PATH.
                # Our client_id and client_secret should accompany our refresh token;
                # if a user loaded any other .boto files that specified a different
                # id and secret, those would override our id and secret, causing any
                # attempts to obtain an access token with our refresh token to fail.
                self._WriteFileContents(
                    self._gsutil_path, '\n'.join([
                        '[OAuth2]',
                        'client_id = {cid}',
                        'client_secret = {secret}',
                        '',
                        '[Credentials]',
                        'gs_oauth2_refresh_token = {token}',
                    ]).format(cid=config.CLOUDSDK_CLIENT_ID,
                              secret=config.CLOUDSDK_CLIENT_NOTSOSECRET,
                              token=self.credentials.refresh_token))
            elif self.credentials_type == creds.CredentialType.SERVICE_ACCOUNT:
                self._WriteFileContents(
                    self._gsutil_path, '\n'.join([
                        '[Credentials]',
                        'gs_service_key_file = {key_file}',
                    ]).format(key_file=self._adc_path))
            else:
                raise creds.CredentialFileSaveError(
                    'Unsupported credentials type {0}'.format(
                        type(self.credentials)))
        else:  # P12 service account
            cred = self.credentials
            key = cred._private_key_pkcs12  # pylint: disable=protected-access
            password = cred._private_key_password  # pylint: disable=protected-access
            files.WriteBinaryFileContents(self._p12_key_path,
                                          key,
                                          private=True)

            # the .boto file gets some different fields
            self._WriteFileContents(
                self._gsutil_path, '\n'.join([
                    '[Credentials]',
                    'gs_service_client_id = {account}',
                    'gs_service_key_file = {key_file}',
                    'gs_service_key_file_password = {key_password}',
                ]).format(account=self.credentials.service_account_email,
                          key_file=self._p12_key_path,
                          key_password=password))
Пример #2
0
  def __init__(self, account, credentials, scopes=None):
    self.credentials = credentials
    if self._cred_type not in (creds.USER_ACCOUNT_CREDS_NAME,
                               creds.SERVICE_ACCOUNT_CREDS_NAME,
                               creds.P12_SERVICE_ACCOUNT_CREDS_NAME):
      raise creds.CredentialFileSaveError(
          'Unsupported credentials type {0}'.format(type(self.credentials)))
    if scopes is None:
      self.scopes = config.CLOUDSDK_SCOPES
    else:
      self.scopes = scopes

    paths = config.Paths()
    # Bq file is not generated here. bq CLI generates it using the adc at
    # self._adc_path and uses it as the cache.
    # Register so it is cleaned up.
    self._bq_path = paths.LegacyCredentialsBqPath(account)
    self._gsutil_path = paths.LegacyCredentialsGSUtilPath(account)
    self._p12_key_path = paths.LegacyCredentialsP12KeyPath(account)
    self._adc_path = paths.LegacyCredentialsAdcPath(account)