def ConnectEventManaged(conn_context): """Provides an EventflowOperations instance to use, for managed events.""" # pylint: disable=protected-access client = apis_internal._GetClientInstance( conn_context.api_name, conn_context.api_version, # Only check response if not connecting to GKE check_response_func=apis.CheckResponseForApiEnablement() if conn_context.supports_one_platform else None, http_client=conn_context.HttpClient()) # This client is used for working with core resources (e.g. Secrets) in # Cloud Run for Anthos. core_client = None if not conn_context.supports_one_platform: core_client = apis_internal._GetClientInstance( conn_context.api_name, _CORE_CLIENT_VERSION, http_client=conn_context.HttpClient()) # This client is only used to get CRDs because the api group they are # under uses different versioning in k8s crd_client = apis_internal._GetClientInstance( conn_context.api_name, _CRD_CLIENT_VERSION, http_client=conn_context.HttpClient()) # pylint: enable=protected-access return EventflowOperations(client, conn_context.api_version, conn_context.region, core_client, crd_client)
def Connect(conn_context): """Provide a ServerlessOperations instance to use. If we're using the GKE Serverless Add-on, connect to the relevant cluster. Otherwise, connect to the right region of GSE. Arguments: conn_context: a context manager that yields a ConnectionInfo and manages a dynamic context that makes connecting to serverless possible. Yields: A ServerlessOperations instance. """ # The One Platform client is required for making requests against # endpoints that do not supported Kubernetes-style resource naming # conventions. The One Platform client must be initialized outside of a # connection context so that it does not pick up the api_endpoint_overrides # values from the connection context. # pylint: disable=protected-access op_client = apis_internal._GetClientInstance( conn_context.api_name, conn_context.api_version, ca_certs=conn_context.ca_certs) # pylint: enable=protected-access with conn_context as conn_info: # pylint: disable=protected-access client = apis_internal._GetClientInstance(conn_info.api_name, conn_info.api_version, ca_certs=conn_info.ca_certs) # pylint: enable=protected-access yield ServerlessOperations(client, conn_info.api_name, conn_info.api_version, conn_info.region, op_client)
def Connect(conn_context): """Provide a EventflowOperations instance to use. If we're using the GKE Serverless Add-on, connect to the relevant cluster. Otherwise, connect to the right region of GSE. Arguments: conn_context: a context manager that yields a ConnectionInfo and manages a dynamic context that makes connecting to serverless possible. Yields: A EventflowOperations instance. """ # The One Platform client is required for making requests against # endpoints that do not supported Kubernetes-style resource naming # conventions. The One Platform client must be initialized outside of a # connection context so that it does not pick up the api_endpoint_overrides # values from the connection context. op_client = apis.GetClientInstance(conn_context.api_name, conn_context.api_version) with conn_context as conn_info: # pylint: disable=protected-access client = apis_internal._GetClientInstance( conn_info.api_name, conn_info.api_version, # Only check response if not connecting to GKE check_response_func=apis.CheckResponseForApiEnablement() if conn_context.supports_one_platform else None, http_client=conn_context.HttpClient()) # This client is used for working with core resources (e.g. Secrets) in # Cloud Run for Anthos. core_client = None if not conn_context.supports_one_platform: core_client = apis_internal._GetClientInstance( conn_context.api_name, _CORE_CLIENT_VERSION, http_client=conn_context.HttpClient()) # This client is only used to get CRDs because the api group they are # under uses different versioning in k8s crd_client = apis_internal._GetClientInstance( conn_context.api_name, _CRD_CLIENT_VERSION, http_client=conn_context.HttpClient()) # pylint: enable=protected-access yield EventflowOperations(client, conn_info.region, core_client, crd_client, op_client)
def GetMethods(full_collection_name, api_version=None, no_http=True): """Gets all the methods available on the given collection. Args: full_collection_name: str, The collection including the api name. api_version: str, The version string of the API or None to use the default for this API. no_http: bool, True to not create an authenticated http object for this API Client. Returns: [APIMethod], The method specifications. """ api_name, collection = _SplitFullCollectionName(full_collection_name) api_version = api_version or _GetDefaultVersion(api_name) # pylint:disable=protected-access client = apis_internal._GetClientInstance(api_name, api_version, no_http=no_http) api_collection = GetAPICollection(full_collection_name, api_version=api_version) service = getattr(client, collection.replace(NAME_SEPARATOR, '_')) method_names = service.GetMethodsList() method_configs = [(name, service.GetMethodConfig(name)) for name in method_names] return [APIMethod(service, name, api_collection, config) for name, config in method_configs]
def GenerateIdToken(service_account_id, audience, include_email=False): """Generates an id token for the given service account.""" service_account_ref = resources.REGISTRY.Parse( service_account_id, collection='iamcredentials.serviceAccounts', params={ 'projectsId': '-', 'serviceAccountsId': service_account_id }) # pylint: disable=protected-access http_client = http_creds.Http(enable_resource_quota=False, response_encoding=http_creds.ENCODING, allow_account_impersonation=False) iam_client = apis_internal._GetClientInstance('iamcredentials', 'v1', http_client=http_client) response = iam_client.projects_serviceAccounts.GenerateIdToken( iam_client.MESSAGES_MODULE. IamcredentialsProjectsServiceAccountsGenerateIdTokenRequest( name=service_account_ref.RelativeName(), generateIdTokenRequest=iam_client.MESSAGES_MODULE. GenerateIdTokenRequest(audience=audience, includeEmail=include_email))) return response.token
def GetClientInstance(): # pylint:disable=protected-access # Specifically disable resource quota in all cases for service management. # We need to use this API to turn on APIs and sometimes the user doesn't have # this API turned on. We should always used the shared project to do this # so we can bootstrap users getting the appropriate APIs enabled. If the user # has explicitly set the quota project, then respect that. enable_resource_quota = ( properties.VALUES.billing.quota_project.IsExplicitlySet()) return apis_internal._GetClientInstance( 'servicemanagement', 'v1', enable_resource_quota=enable_resource_quota)
def GetClientInstance(api_name, api_version, no_http=False): """Returns an instance of the API client specified in the args. Args: api_name: str, The API name (or the command surface name, if different). api_version: str, The version of the API. no_http: bool, True to not create an http object for this client. Returns: base_api.BaseApiClient, An instance of the specified API client. """ # pylint:disable=protected-access return apis_internal._GetClientInstance(api_name, api_version, no_http, _CheckResponse)
def Connect(conn_info): """Provide a AnthosEventsOperations instance to use. If we're using the GKE Serverless Add-on, connect to the relevant cluster. Otherwise, connect to the right region of GSE. Arguments: conn_info: a ConnectionInfo Returns: An AnthosEventsOperation instance. """ # pylint: disable=protected-access v1beta1_client = apis_internal._GetClientInstance( _ANTHOS_EVENTS_CLIENT_NAME, _ANTHOS_EVENTS_CLIENT_VERSION, # Only check response if not connecting to GKE check_response_func=apis.CheckResponseForApiEnablement() if conn_info.supports_one_platform else None, http_client=conn_info.HttpClient()) # This client is used for working with core resources (e.g. Secrets) in # Cloud Run for Anthos. v1_client = apis_internal._GetClientInstance( _ANTHOS_EVENTS_CLIENT_NAME, _CORE_CLIENT_VERSION, http_client=conn_info.HttpClient()) v1alpha1_client = apis_internal._GetClientInstance( _ANTHOS_EVENTS_CLIENT_NAME, _OPERATOR_CLIENT_VERSION, http_client=conn_info.HttpClient()) # pylint: enable=protected-access return AnthosEventsOperations(conn_info.api_version, conn_info.region, v1_client, v1alpha1_client, v1beta1_client)
def _GetClientInstance(version='v1'): """Get a client instance for service usage.""" # pylint:disable=protected-access # Specifically disable resource quota in all cases for service management. # We need to use this API to turn on APIs and sometimes the user doesn't have # this API turned on. We should always use the shared project to do this # so we can bootstrap users getting the appropriate APIs enabled. If the user # has explicitly set the quota project, then respect that. enable_resource_quota = ( properties.VALUES.billing.quota_project.IsExplicitlySet()) http_client = http_creds.Http(response_encoding=http_creds.ENCODING, enable_resource_quota=enable_resource_quota) return apis_internal._GetClientInstance('serviceusage', version, http_client=http_client)
def GetClientInstance(api_name, api_version, no_http=False, enable_resource_quota=True): """Returns an instance of the API client specified in the args. Args: api_name: str, The API name (or the command surface name, if different). api_version: str, The version of the API. no_http: bool, True to not create an http object for this client. enable_resource_quota: bool, By default, we are going to tell APIs to use the quota of the project being operated on. For some APIs we want to use gcloud's quota, so you can explicitly disable that behavior by passing False here. Returns: base_api.BaseApiClient, An instance of the specified API client. """ # pylint:disable=protected-access return apis_internal._GetClientInstance( api_name, api_version, no_http, _CheckResponse, enable_resource_quota)
def GenerateAccessToken(service_account_id, scopes): """Generates an access token for the given service account.""" service_account_ref = resources.REGISTRY.Parse( service_account_id, collection='iamcredentials.serviceAccounts', params={'projectsId': '-', 'serviceAccountsId': service_account_id}) # pylint: disable=protected-access iam_client = apis_internal._GetClientInstance( 'iamcredentials', 'v1', allow_account_impersonation=False, force_resource_quota=True) response = iam_client.projects_serviceAccounts.GenerateAccessToken( iam_client.MESSAGES_MODULE .IamcredentialsProjectsServiceAccountsGenerateAccessTokenRequest( name=service_account_ref.RelativeName(), generateAccessTokenRequest=iam_client.MESSAGES_MODULE .GenerateAccessTokenRequest(scope=scopes) ) ) return response
def GetClientInstance(api_name, api_version, no_http=False, enable_resource_quota=True): """Returns an instance of the API client specified in the args. Args: api_name: str, The API name (or the command surface name, if different). api_version: str, The version of the API. no_http: bool, True to not create an http object for this client. enable_resource_quota: bool, By default, we are going to tell APIs to use the quota of the project being operated on. For some APIs we want to use gcloud's quota, so you can explicitly disable that behavior by passing False here. Returns: base_api.BaseApiClient, An instance of the specified API client. """ # pylint:disable=protected-access return apis_internal._GetClientInstance( api_name, api_version, no_http, _CheckResponse, enable_resource_quota)
def Connect(conn_context): """Provide a ServerlessOperations instance to use. If we're using the GKE Serverless Add-on, connect to the relevant cluster. Otherwise, connect to the right region of GSE. Arguments: conn_context: a context manager that yields a ConnectionInfo and manages a dynamic context that makes connecting to serverless possible. Yields: A ServerlessOperations instance. """ with conn_context as conn_info: yield ServerlessOperations( apis_internal._GetClientInstance( # pylint: disable=protected-access conn_info.api_name, conn_info.api_version, ca_certs=conn_info.ca_certs), conn_info.api_name, conn_info.api_version)
def Connect(cluster_ref): """Provide a ServerlessOperations instance to use. Arguments: cluster_ref: Resource, the gke cluster to connect to if present. Otherwise, connect to Hosted Serverless. Yields: A ServerlessOperations instance. """ if cluster_ref: if not hasattr(ssl, 'PROTOCOL_TLSv1_2'): raise serverless_exceptions.NoTLSError( 'Your Python {}.{}.{} installation does not support TLS 1.2, which is' ' required to connect to the GKE Serverless add-on. Please upgrade to' ' Python 2.7.9 or greater.'.format(sys.version_info.major, sys.version_info.minor, sys.version_info.micro)) with gke.ClusterConnectionInfo(cluster_ref) as (endpoint, ca_certs): k8s_apiserver = 'https://kubernetes.default/' with gke.MonkeypatchGetaddrinfo('kubernetes.default', endpoint): prev_endpoint = ( properties.VALUES.api_endpoint_overrides.serverless.Get()) properties.VALUES.api_endpoint_overrides.serverless.Set( k8s_apiserver) # Since we weirdly have to provide ca_certs directly, allow this # protected access internal method. try: yield ServerlessOperations( apis_internal._GetClientInstance( # pylint: disable=protected-access _SERVERLESS_API_NAME, _SERVERLESS_API_VERSION, ca_certs=ca_certs)) finally: properties.VALUES.api_endpoint_overrides.serverless.Set( prev_endpoint) else: yield ServerlessOperations( apis.GetClientInstance(_SERVERLESS_API_NAME, _SERVERLESS_API_VERSION))
def GetClientInstance(api_name, api_version, no_http=False, use_google_auth=False): """Returns an instance of the API client specified in the args. Args: api_name: str, The API name (or the command surface name, if different). api_version: str, The version of the API. no_http: bool, True to not create an http object for this client. use_google_auth: bool, True if the calling command indicates to use google-auth library for authentication. If False, authentication will fallback to using the oauth2client library. Returns: base_api.BaseApiClient, An instance of the specified API client. """ # pylint:disable=protected-access return apis_internal._GetClientInstance(api_name, api_version, no_http, None, CheckResponseForApiEnablement(), use_google_auth)
def Connect(conn_context): """Provide a EventflowOperations instance to use. If we're using the GKE Serverless Add-on, connect to the relevant cluster. Otherwise, connect to the right region of GSE. Arguments: conn_context: a context manager that yields a ConnectionInfo and manages a dynamic context that makes connecting to serverless possible. Yields: A EventflowOperations instance. """ # The One Platform client is required for making requests against # endpoints that do not supported Kubernetes-style resource naming # conventions. The One Platform client must be initialized outside of a # connection context so that it does not pick up the api_endpoint_overrides # values from the connection context. # pylint: disable=protected-access op_client = apis.GetClientInstance(conn_context.api_name, conn_context.api_version) # pylint: enable=protected-access with conn_context as conn_info: # pylint: disable=protected-access client = apis_internal._GetClientInstance( conn_info.api_name, conn_info.api_version, # Only check response if not connecting to GKE check_response_func=apis.CheckResponseForApiEnablement() if conn_context.supports_one_platform else None, http_client=conn_context.HttpClient()) # pylint: enable=protected-access yield EventflowOperations(client, conn_info.api_name, conn_info.api_version, conn_info.region, op_client)
def GenerateAccessToken(service_account_id, scopes): """Generates an access token for the given service account.""" service_account_ref = resources.REGISTRY.Parse( service_account_id, collection='iamcredentials.serviceAccounts', params={ 'projectsId': '-', 'serviceAccountsId': service_account_id }) http_client = transports.GetApitoolsTransport( enable_resource_quota=False, response_encoding=transport.ENCODING, allow_account_impersonation=False) # pylint: disable=protected-access iam_client = apis_internal._GetClientInstance('iamcredentials', 'v1', http_client=http_client) try: response = iam_client.projects_serviceAccounts.GenerateAccessToken( iam_client.MESSAGES_MODULE. IamcredentialsProjectsServiceAccountsGenerateAccessTokenRequest( name=service_account_ref.RelativeName(), generateAccessTokenRequest=iam_client.MESSAGES_MODULE. GenerateAccessTokenRequest(scope=scopes))) return response except apitools_exceptions.HttpForbiddenError as e: raise exceptions.HttpException( e, error_format='Error {code} (Forbidden) - failed to impersonate ' '[{service_acc}]. Make sure the account that\'s trying ' 'to impersonate it has access to the service account ' 'itself and the "roles/iam.serviceAccountTokenCreator" ' 'role.'.format(code=e.status_code, service_acc=service_account_id)) except apitools_exceptions.HttpError as e: raise exceptions.HttpException(e)
def Connect(cluster_ref): """Provide a ServerlessOperations instance to use. Arguments: cluster_ref: Resource, the gke cluster to connect to if present. Otherwise, connect to Hosted Serverless. Yields: A ServerlessOperations instance. """ if cluster_ref: _CheckTLSSupport() with gke.ClusterConnectionInfo(cluster_ref) as (ip, ca_certs): with gke.MonkeypatchAddressChecking('kubernetes.default', ip) as endpoint: k8s_apiserver = 'https://{}/'.format(endpoint) prev_endpoint = ( properties.VALUES.api_endpoint_overrides.serverless.Get()) properties.VALUES.api_endpoint_overrides.serverless.Set( k8s_apiserver) # Since we weirdly have to provide ca_certs directly, allow this # protected access internal method. try: yield ServerlessOperations( apis_internal._GetClientInstance( # pylint: disable=protected-access _SERVERLESS_API_NAME, _SERVERLESS_API_VERSION, ca_certs=ca_certs)) finally: properties.VALUES.api_endpoint_overrides.serverless.Set( prev_endpoint) else: yield ServerlessOperations( apis.GetClientInstance(_SERVERLESS_API_NAME, _SERVERLESS_API_VERSION))
def GetApiKeysClientInstance(): # pylint:disable=protected-access return apis_internal._GetClientInstance('apikeys', 'v1')
def GetClientInstance(): # pylint:disable=protected-access return apis_internal._GetClientInstance('servicemanagement', 'v1')
messages = GetMessagesModule() RaiseIfResultNotTypeOf(result, messages.Operation) result_dict = encoding.MessageToDict(result) if not async: op_name = result_dict['name'] op_ref = resources.REGISTRY.Parse( op_name, collection='servicemanagement.operations') log.status.Print( 'Waiting for async operation {0} to complete...'.format(op_name)) result_dict = encoding.MessageToDict(WaitForOperation( # pylint:disable=protected-access op_ref, apis_internal._GetClientInstance('servicemanagement', 'v1'))) return result_dict def RaiseIfResultNotTypeOf(test_object, expected_type, nonetype_ok=False): if nonetype_ok and test_object is None: return if not isinstance(test_object, expected_type): raise TypeError('result must be of type %s' % expected_type) def GetCallerViews(): messages = GetMessagesModule() get_request = messages.ServicemanagementServicesProjectSettingsGetRequest return {
messages = GetMessagesModule() RaiseIfResultNotTypeOf(result, messages.Operation) result_dict = encoding.MessageToDict(result) if not async: op_name = result_dict['name'] op_ref = resources.REGISTRY.Parse( op_name, collection='servicemanagement.operations') log.status.Print( 'Waiting for async operation {0} to complete...'.format(op_name)) result_dict = encoding.MessageToDict(WaitForOperation( # pylint:disable=protected-access op_ref, apis_internal._GetClientInstance('servicemanagement', 'v1'))) return result_dict def RaiseIfResultNotTypeOf(test_object, expected_type, nonetype_ok=False): if nonetype_ok and test_object is None: return if not isinstance(test_object, expected_type): raise TypeError('result must be of type %s' % expected_type) def GetCallerViews(): messages = GetMessagesModule() get_request = messages.ServicemanagementServicesProjectSettingsGetRequest return {
def GetClientInstance(): # pylint:disable=protected-access return apis_internal._GetClientInstance('servicemanagement', 'v1')
def GetApiKeysClientInstance(): # pylint:disable=protected-access return apis_internal._GetClientInstance('apikeys', 'v1')