def ClientInfo(cls):
return {
'client_id': cls._CLIENT_ID,
'client_secret': cls._CLIENT_SECRET,
'scope': ' '.join(sorted(util.NormalizeScopes(cls._SCOPES))),
'user_agent': cls._USER_AGENT,
}
def __init__(self, scopes=None, service_account_name='default', **kwds):
"""Initializes the credentials instance.
Args:
scopes: The scopes to get. If None, whatever scopes that are available
to the instance are used.
service_account_name: The service account to retrieve the scopes from.
**kwds: Additional keyword args.
"""
if not util.DetectGce():
raise exceptions.ResourceUnavailableError(
'GCE credentials requested outside a GCE instance')
if not self.GetServiceAccount(service_account_name):
raise exceptions.ResourceUnavailableError(
'GCE credentials requested but service account %s does not exist.'
% service_account_name)
self.__service_account_name = service_account_name
if scopes:
scope_ls = util.NormalizeScopes(scopes)
instance_scopes = self.GetInstanceScopes()
if scope_ls > instance_scopes:
raise exceptions.CredentialsError(
'Instance did not have access to scopes %s' %
(sorted(list(scope_ls - instance_scopes)), ))
else:
scopes = self.GetInstanceScopes()
super(GceAssertionCredentials, self).__init__(scopes, **kwds)
def GetCredentials(package_name,
scopes,
client_id,
client_secret,
user_agent,
credentials_filename=None,
service_account_name=None,
service_account_keyfile=None,
api_key=None,
client=None):
"""Attempt to get credentials, using an oauth dance as the last resort."""
scopes = util.NormalizeScopes(scopes)
# TODO: Error checking.
client_info = {
'client_id': client_id,
'client_secret': client_secret,
'scope': ' '.join(sorted(util.NormalizeScopes(scopes))),
'user_agent': user_agent or '%s-generated/0.1' % package_name,
}
if service_account_name is not None:
credentials = ServiceAccountCredentialsFromFile(
service_account_name, service_account_keyfile, scopes)
if credentials is not None:
return credentials
credentials = GaeAssertionCredentials.Get(scopes)
if credentials is not None:
return credentials
credentials = GceAssertionCredentials.Get(scopes)
if credentials is not None:
return credentials
credentials_filename = credentials_filename or os.path.expanduser(
'~/.apitools.token')
credentials = CredentialsFromFile(credentials_filename, client_info)
if credentials is not None:
return credentials
raise exceptions.CredentialsError('Could not create valid credentials')
def GetInstanceScopes(self):
# Extra header requirement can be found here:
# https://developers.google.com/compute/docs/metadata
scopes_uri = (
'http://metadata.google.internal/computeMetadata/v1/instance/'
'service-accounts/%s/scopes') % self.__service_account_name
additional_headers = {'X-Google-Metadata-Request': 'True'}
request = urllib2.Request(scopes_uri, headers=additional_headers)
try:
response = urllib2.urlopen(request)
except urllib2.URLError as e:
raise exceptions.CommunicationError(
'Could not reach metadata service: %s' % e.reason)
return util.NormalizeScopes(scope.strip()
for scope in response.readlines())
def ServiceAccountCredentials(service_account_name, private_key, scopes):
scopes = util.NormalizeScopes(scopes)
return oauth2client.client.SignedJwtAssertionCredentials(
service_account_name, private_key, scopes)
def __init__(self, scopes, **kwds):
if not util.DetectGae():
raise exceptions.ResourceUnavailableError(
'GCE credentials requested outside a GCE instance')
self._scopes = list(util.NormalizeScopes(scopes))
super(GaeAssertionCredentials, self).__init__(None, **kwds)