def ActivateCredentials(account, refresh_token): """Activates credentials for given account with given refresh token.""" creds = c_store.AcquireFromToken(refresh_token) c_store.ActivateCredentials(account, creds) return creds
def Run(self, args): """Create service account credentials.""" file_content, is_json = _IsJsonFile(args.key_file) if is_json: if _UseGoogleAuth(): cred = auth_service_account.CredentialsFromAdcDictGoogleAuth( file_content) else: # TODO(b/161992086): Remove the flow of activating via oauth2client once # this legacy auth lib is deprecated. Leave this option for now so that # the users are able to fall back to the old flow of if any issues # related to google-auth comes up. The users can do this by setting # property auth/disable_activate_service_account_google_auth to True. cred = auth_service_account.CredentialsFromAdcDict( file_content) if args.password_file or args.prompt_for_password: raise c_exc.InvalidArgumentException( '--password-file', 'A .json service account key does not require a password.') account = cred.service_account_email if args.account and args.account != account: raise c_exc.InvalidArgumentException( 'ACCOUNT', 'The given account name does not match the account name in the key ' 'file. This argument can be omitted when using .json keys.' ) else: account = args.account if not account: raise c_exc.RequiredArgumentException( 'ACCOUNT', 'An account is required when using .p12 keys') password = None if args.password_file: try: password = files.ReadFileContents( args.password_file).strip() except files.Error as e: raise c_exc.UnknownArgumentException('--password-file', e) elif args.prompt_for_password: password = console_io.PromptPassword('Password: '******'Activated service account credentials for: [{0}]'.format(account))
def ActivateCredentials(account, refresh_token): """Activates credentials for given account with given refresh token.""" use_google_auth = ( not properties.VALUES.auth.disable_load_google_auth.GetBool()) creds = c_store.AcquireFromToken(refresh_token, use_google_auth=use_google_auth) c_store.ActivateCredentials(account, creds) return creds
def Run(self, args): """Create service account credentials.""" try: cred = auth_service_account.CredentialsFromAdcFile(args.key_file) except auth_service_account.BadCredentialFileException: account = args.account if not account: raise c_exc.RequiredArgumentException( 'ACCOUNT', 'An account is required when using .p12 keys') password = None if args.password_file: try: with open(args.password_file) as f: password = f.read().strip() except IOError as e: raise c_exc.UnknownArgumentException('--password-file', e) elif args.prompt_for_password: password = getpass.getpass('Password: '******'--password-file', 'A .json service account key does not require a password.') account = cred.service_account_email if args.account and args.account != account: raise c_exc.InvalidArgumentException( 'ACCOUNT', 'The given account name does not match the account name in the key ' 'file. This argument can be omitted when using .json keys.' ) try: c_store.ActivateCredentials(account, cred) except c_store.TokenRefreshError as e: log.file_only_logger.exception(e) raise auth_service_account.BadCredentialFileException( 'Failed to activate the given service account. ' 'Please ensure provided key file is valid.') project = args.project if project: properties.PersistProperty(properties.VALUES.core.project, project) log.status.Print( 'Activated service account credentials for: [{0}]'.format(account))
def Run(self, args): """Create service account credentials.""" file_content, is_json = _IsJsonFile(args.key_file) if is_json: cred = auth_service_account.CredentialsFromAdcDictGoogleAuth( file_content) if args.password_file or args.prompt_for_password: raise c_exc.InvalidArgumentException( '--password-file', 'A .json service account key does not require a password.') account = cred.service_account_email if args.account and args.account != account: raise c_exc.InvalidArgumentException( 'ACCOUNT', 'The given account name does not match the account name in the key ' 'file. This argument can be omitted when using .json keys.' ) else: account = args.account if not account: raise c_exc.RequiredArgumentException( 'ACCOUNT', 'An account is required when using .p12 keys') password = None if args.password_file: try: password = files.ReadFileContents( args.password_file).strip() except files.Error as e: raise c_exc.UnknownArgumentException('--password-file', e) elif args.prompt_for_password: password = console_io.PromptPassword('Password: '******'Activated service account credentials for: [{0}]'.format(account))
def __enter__(self): self._orig_account = properties.VALUES.core.account.Get() self._orig_project = properties.VALUES.core.project.Get() self._orig_impersonate_service_account = ( properties.VALUES.auth.impersonate_service_account.Get()) user_creds = c_store.AcquireFromToken(self._refresh_token) c_store.ActivateCredentials(self._account, user_creds) if self._project_override: properties.VALUES.core.project.Set(self._project_override) properties.VALUES.auth.impersonate_service_account.Set( self._service_account_email) self._orig_impersonate_provider = c_store.IMPERSONATION_TOKEN_PROVIDER c_store.IMPERSONATION_TOKEN_PROVIDER = ( iamcred_util.ImpersonationAccessTokenProvider()) return self
def __enter__(self): self._orig_account = properties.VALUES.core.account.Get() c_store.ActivateCredentials(self._account, self.credentials) return self