def _get_token(cls, request, scopes=None): token_url = "instance/service-accounts/default/token" if scopes: if not isinstance(scopes, str): scopes = ",".join(scopes) token_url = _helpers.update_query(token_url, {"scopes": scopes}) token_data = _metadata.get(request, token_url) return token_data
def revoke(self, request): query_params = {'token': self.refresh_token or self.token} token_revoke_uri = _helpers.update_query(GOOGLE_REVOKE_URI, query_params) headers = { 'content-type': google_auth_client._URLENCODED_CONTENT_TYPE, # pylint: disable=protected-access } response = request(token_revoke_uri, headers=headers) if response.status != http_client.OK: response_data = six.ensure_text(response.data) response_json = json.loads(response_data) error = response_json.get('error') error_description = response_json.get('error_description') raise TokenRevokeError(error, error_description)
def get(request, path, root=_METADATA_ROOT, recursive=False): """Fetch a resource from the metadata server. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. path (str): The resource to retrieve. For example, ``'instance/service-accounts/default'``. root (str): The full path to the metadata server root. recursive (bool): Whether to do a recursive query of metadata. See https://cloud.google.com/compute/docs/metadata#aggcontents for more details. Returns: Union[Mapping, str]: If the metadata server returns JSON, a mapping of the decoded JSON is return. Otherwise, the response content is returned as a string. Raises: google.auth.exceptions.TransportError: if an error occurred while retrieving metadata. """ base_url = urlparse.urljoin(root, path) query_params = {} if recursive: query_params["recursive"] = "true" url = _helpers.update_query(base_url, query_params) response = request(url=url, method="GET", headers=_METADATA_HEADERS) if response.status == http_client.OK: content = _helpers.from_bytes(response.data) if response.headers["content-type"] == "application/json": try: return json.loads(content) except ValueError as caught_exc: new_exc = exceptions.TransportError( "Received invalid JSON from the Google Compute Engine" "metadata service: {:.20}".format(content)) six.raise_from(new_exc, caught_exc) else: return content else: raise exceptions.TransportError( "Failed to retrieve {} from the Google Compute Engine" "metadata service. Status: {} Response:\n{}".format( url, response.status, response.data), response, )
def get(request, path, root=_METADATA_ROOT, recursive=False): """Fetch a resource from the metadata server. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. path (str): The resource to retrieve. For example, ``'instance/service-accounts/default'``. root (str): The full path to the metadata server root. recursive (bool): Whether to do a recursive query of metadata. See https://cloud.google.com/compute/docs/metadata#aggcontents for more details. Returns: Union[Mapping, str]: If the metadata server returns JSON, a mapping of the decoded JSON is return. Otherwise, the response content is returned as a string. Raises: google.auth.exceptions.TransportError: if an error occurred while retrieving metadata. """ base_url = urlparse.urljoin(root, path) query_params = {} if recursive: query_params['recursive'] = 'true' url = _helpers.update_query(base_url, query_params) response = request(url=url, method='GET', headers=_METADATA_HEADERS) if response.status == http_client.OK: content = _helpers.from_bytes(response.data) if response.headers['content-type'] == 'application/json': try: return json.loads(content) except ValueError as caught_exc: new_exc = exceptions.TransportError( 'Received invalid JSON from the Google Compute Engine' 'metadata service: {:.20}'.format(content)) six.raise_from(new_exc, caught_exc) else: return content else: raise exceptions.TransportError( 'Failed to retrieve {} from the Google Compute Engine' 'metadata service. Status: {} Response:\n{}'.format( url, response.status, response.data), response)
def _token_info(access_token=None, id_token=None): query_params = {} if access_token is not None: query_params['access_token'] = access_token elif id_token is not None: query_params['id_token'] = id_token else: raise ValueError('No token specified.') url = _helpers.update_query(TOKEN_INFO_URL, query_params) response = request(url=url, method='GET') return json.loads(response.data.decode('utf-8'))
def _token_info(access_token=None, id_token=None): query_params = {} if access_token is not None: query_params["access_token"] = access_token elif id_token is not None: query_params["id_token"] = id_token else: raise ValueError("No token specified.") url = _helpers.update_query(TOKEN_INFO_URL, query_params) response = http_request(url=url, method="GET") return json.loads(response.data.decode("utf-8"))
def test_credentials(): credentials = app_engine.Credentials() scoped_credentials = credentials.with_scopes([EMAIL_SCOPE]) scoped_credentials.refresh(None) assert scoped_credentials.valid assert scoped_credentials.token is not None # Get token info and verify scope url = _helpers.update_query(TOKEN_INFO_URL, {"access_token": scoped_credentials.token}) response = HTTP_REQUEST(url=url, method="GET") token_info = json.loads(response.data.decode("utf-8")) assert token_info["scope"] == EMAIL_SCOPE
def get( request, path, root=_METADATA_ROOT, params=None, recursive=False, retry_count=5 ): """Fetch a resource from the metadata server. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. path (str): The resource to retrieve. For example, ``'instance/service-accounts/default'``. root (str): The full path to the metadata server root. params (Optional[Mapping[str, str]]): A mapping of query parameter keys to values. recursive (bool): Whether to do a recursive query of metadata. See https://cloud.google.com/compute/docs/metadata#aggcontents for more details. retry_count (int): How many times to attempt connecting to metadata server using above timeout. Returns: Union[Mapping, str]: If the metadata server returns JSON, a mapping of the decoded JSON is return. Otherwise, the response content is returned as a string. Raises: google.auth.exceptions.TransportError: if an error occurred while retrieving metadata. """ base_url = urlparse.urljoin(root, path) query_params = {} if params is None else params if recursive: query_params["recursive"] = "true" url = _helpers.update_query(base_url, query_params) retries = 0 while retries < retry_count: try: response = request(url=url, method="GET", headers=_METADATA_HEADERS) break except exceptions.TransportError as e: _LOGGER.warning( "Compute Engine Metadata server unavailable on " "attempt %s of %s. Reason: %s", retries + 1, retry_count, e, ) retries += 1 else: raise exceptions.TransportError( "Failed to retrieve {} from the Google Compute Engine" "metadata service. Compute Engine Metadata server unavailable".format(url) ) if response.status == http.client.OK: content = _helpers.from_bytes(response.data) if response.headers["content-type"] == "application/json": try: return json.loads(content) except ValueError as caught_exc: new_exc = exceptions.TransportError( "Received invalid JSON from the Google Compute Engine" "metadata service: {:.20}".format(content) ) raise new_exc from caught_exc else: return content else: raise exceptions.TransportError( "Failed to retrieve {} from the Google Compute Engine" "metadata service. Status: {} Response:\n{}".format( url, response.status, response.data ), response, )
def test_update_query_remove_param(): base_uri = 'http://www.google.com' uri = base_uri + '?x=a' updated = _helpers.update_query(uri, {'y': 'c'}, remove=['x']) _assert_query(updated, {'y': ['c']})
def test_update_query_replace_param(): base_uri = 'http://www.google.com' uri = base_uri + '?x=a' updated = _helpers.update_query(uri, {'x': 'b', 'y': 'c'}) _assert_query(updated, {'x': ['b'], 'y': ['c']})
def test_update_query_existing_params(): uri = 'http://www.google.com?x=y' updated = _helpers.update_query(uri, {'a': 'b', 'c': 'd&'}) _assert_query(updated, {'x': ['y'], 'a': ['b'], 'c': ['d&']})
def test_update_query_params_no_params(): uri = 'http://www.google.com' updated = _helpers.update_query(uri, {'a': 'b'}) assert updated == uri + '?a=b'
def test_update_query_remove_param(): base_uri = "http://www.google.com" uri = base_uri + "?x=a" updated = _helpers.update_query(uri, {"y": "c"}, remove=["x"]) _assert_query(updated, {"y": ["c"]})
def test_update_query_replace_param(): base_uri = "http://www.google.com" uri = base_uri + "?x=a" updated = _helpers.update_query(uri, {"x": "b", "y": "c"}) _assert_query(updated, {"x": ["b"], "y": ["c"]})
def test_update_query_existing_params(): uri = "http://www.google.com?x=y" updated = _helpers.update_query(uri, {"a": "b", "c": "d&"}) _assert_query(updated, {"x": ["y"], "a": ["b"], "c": ["d&"]})
def test_update_query_params_no_params(): uri = "http://www.google.com" updated = _helpers.update_query(uri, {"a": "b"}) assert updated == uri + "?a=b"