def Run(self, unused_argv):
"""Identifies the authenticated user."""
LOGGER.warn(
'This command is deprecated and will be removed in a '
'later version. Please use "gcloud auth" for your '
'authentication needs and "gcloud config list" to determine '
'the currently logged-in user.')
credential = auth_helper.GetCredentialFromStore(
scopes.DEFAULT_AUTH_SCOPES, ask_user=False)
if credential and credential.id_token:
print credential.id_token['email']
return 0
elif (credential and
(not credential.id_token or 'email' not in credential.id_token)):
sys.stderr.write(
'You are authenticated, but the user id has not been '
'logged. Try re-authenticating using "gcloud auth".\n')
return 1
else:
sys.stderr.write(
'You haven\'t set up your account yet. Please run "gcloud auth".\n'
)
return 1
def testSortScopes(self):
oauth2_multistore_file.get_credential_storage = (
self.MockGetCredentialStorage)
cred = auth_helper.GetCredentialFromStore(['b', 'a'])
self.assertEqual(cred.credentials_file,
os.path.realpath(CREDS_FILENAME))
self.assertEqual(cred.client_id, auth_helper.OAUTH2_CLIENT_ID)
self.assertEqual(cred.user_agent, auth_helper.USER_AGENT)
self.assertEqual(cred.scopes, 'a b')
self.assertEqual(cred.invalid, False)
def testLegacyScopes(self):
oauth2_multistore_file.get_credential_storage = (
self.MockGetCredentialStorageWithLegacyScopes)
cred = auth_helper.GetCredentialFromStore(scopes.DEFAULT_AUTH_SCOPES)
self.assertEqual(cred.credentials_file,
os.path.realpath(CREDS_FILENAME))
self.assertEqual(cred.client_id, auth_helper.OAUTH2_CLIENT_ID)
self.assertEqual(cred.user_agent, auth_helper.USER_AGENT)
self.assertEqual(cred.scopes,
' '.join(sorted(scopes.LEGACY_AUTH_SCOPES)))
self.assertEqual(cred.invalid, False)
def testReauthFlow(self):
oauth2_multistore_file.get_credential_storage = (
self.MockGetCredentialStorage)
(mock_cred, oauth2_tools.run) = self.CreateMockOAuthFlowRun()
cred = auth_helper.GetCredentialFromStore(['b', 'a'],
force_reauth=True,
ask_user=True)
self.assertEqual(mock_cred, cred)
self.assertEqual(cred.client_id, auth_helper.OAUTH2_CLIENT_ID)
self.assertEqual(cred.client_secret, auth_helper.OAUTH2_CLIENT_SECRET)
self.assertEqual(cred.user_agent, auth_helper.USER_AGENT)
self.assertEqual(cred.scopes, 'a b')
def testAuthWithMetadataServer(self):
desired_scopes = [
'https://www.googleapis.com/auth/compute',
'https://www.googleapis.com/auth/devstorage.full_control',
]
metadata = mock_metadata.MockMetadata()
metadata.ExpectIsPresent(True)
metadata.ExpectGetServiceAccountScopes(desired_scopes)
oauth2_multistore_file.get_credential_storage = (
self.MockGetCredentialStorage)
gce_cred = AuthHelperTest.MockCred('accesstoken')
cred = auth_helper.GetCredentialFromStore(
desired_scopes,
metadata=metadata,
oauth2_gce=AuthHelperTest.MockOauth2ClientGce(gce_cred))
self.assertEquals(gce_cred, cred)
self.assertEquals(1, cred.calls)
def testAuthNoMetadataServer(self):
desired_scopes = [
'https://www.googleapis.com/auth/compute',
'https://www.googleapis.com/auth/devstorage.full_control',
]
metadata = mock_metadata.MockMetadata()
metadata.ExpectIsPresent(False)
oauth2_multistore_file.get_credential_storage = (
self.MockGetCredentialStorage)
gce_cred = AuthHelperTest.MockCred(
httplib2.ServerNotFoundError('metadata server not found'))
cred = auth_helper.GetCredentialFromStore(
desired_scopes,
metadata=metadata,
oauth2_gce=AuthHelperTest.MockOauth2ClientGce(gce_cred))
self.assertNotEquals(gce_cred, cred)
self.assertEquals(0, cred.calls)
def RunWithFlagsAndPositionalArgs(self, flag_values,
unused_pos_arg_values):
"""Run the command, returning the result.
Args:
flag_values: The parsed FlagValues instance.
unused_pos_arg_values: The positional args.
Raises:
gcutil_errors.CommandError: If valid credentials cannot be retrieved.
Returns:
0 if the command completes successfully, otherwise 1.
Raises:
CommandError: if valid credentials are not located.
"""
cred = auth_helper.GetCredentialFromStore(
scopes.DEFAULT_AUTH_SCOPES,
ask_user=not flag_values.just_check_auth,
force_reauth=flag_values.force_reauth)
if not cred:
raise gcutil_errors.CommandError(
'Could not get valid credentials for API.')
if flag_values.confirm_email:
http = self._AuthenticateWrapper(utils.GetHttp())
resp, content = http.request(
'https://www.googleapis.com/userinfo/v2/me')
if resp.status != 200:
LOGGER.info('Could not get user info for token. <%d %s>',
resp.status, resp.reason)
userinfo = json.loads(content)
if 'email' in userinfo and userinfo['email']:
LOGGER.info('Authorization succeeded for user %s',
userinfo['email'])
else:
LOGGER.info('Could not get email for token.')
else:
LOGGER.info('Authentication succeeded.')
return (None, [])
def testAuthWithMetadataServerNoServiceAccountsNoAuth(self):
desired_scopes = [
'https://www.googleapis.com/auth/compute',
'https://www.googleapis.com/auth/devstorage.full_control',
]
metadata = mock_metadata.MockMetadata()
metadata.ExpectIsPresent(True)
metadata.ExpectGetServiceAccountScopes(
metadata_lib.MetadataError('No service accounts man'))
oauth2_multistore_file.get_credential_storage = (
self.MockGetCredentialStorageNoCredentials)
oauth2_client.OAuth2WebServerFlow = MockFunctionCall()
(mock_cred, oauth2_tools.run) = self.CreateMockOAuthFlowRun()
with gcutil_unittest.CaptureStandardIO('verificationcode\n') as stdio:
cred = auth_helper.GetCredentialFromStore(
desired_scopes,
metadata=metadata,
oauth2_gce=AuthHelperTest.MockOauth2ClientGce(None))
self.assertEquals(mock_cred, cred)
self.assertEquals(1, oauth2_client.OAuth2WebServerFlow.num_calls)
stdout_lines = stdio.stdout.getvalue().split('\n')
self.assertTrue(
'Service account scopes are not enabled' in stdout_lines[0])