def ensure_logged_in(server_url):
"""Checks that user is logged in, asking to do it if not.
Raises:
ValueError if the server_url is not acceptable.
"""
# It's just a waste of time on a headless bot (it can't do interactive login).
if tools.is_headless() or net.get_oauth_config().disabled:
return None
server_url = server_url.lower().rstrip('/')
allowed = (
'https://',
'http://localhost:', 'http://127.0.0.1:', 'http://::1:')
if not server_url.startswith(allowed):
raise ValueError('URL must start with https:// or be http:// to localhost')
service = AuthService(server_url)
try:
service.login(False)
except IOError:
raise ValueError('Failed to contact %s' % server_url)
try:
identity = service.get_current_identity()
except AuthServiceError:
raise ValueError('Failed to fetch identify from %s' % server_url)
if identity == 'anonymous:anonymous':
raise ValueError(
'Please login to %s: \n'
' python auth.py login --service=%s' % (server_url, server_url))
email = identity.split(':')[1]
logging.info('Logged in to %s: %s', server_url, email)
return email
def ensure_logged_in(server_url):
"""Checks that user is logged in, asking to do it if not.
Raises:
ValueError if the server_url is not acceptable.
"""
# It's just a waste of time on a headless bot (it can't do interactive login).
if tools.is_headless() or net.get_oauth_config().disabled:
return None
server_url = normalize_host_url(server_url)
service = AuthService(server_url)
try:
service.login(False)
except IOError:
raise ValueError('Failed to contact %s' % server_url)
try:
identity = service.get_current_identity()
except AuthServiceError:
raise ValueError('Failed to fetch identify from %s' % server_url)
if identity == 'anonymous:anonymous':
raise ValueError('Please login to %s: \n'
' python auth.py login --service=%s' %
(server_url, server_url))
email = identity.split(':')[1]
logging.info('Logged in to %s: %s', server_url, email)
return email
def ensure_logged_in(server_url):
"""Checks that user is logged in, asking to do it if not.
Raises:
ValueError if the server_url is not acceptable.
"""
# It's just a waste of time on a headless bot (it can't do interactive login).
if tools.is_headless() or net.get_oauth_config().disabled:
return None
server_url = normalize_host_url(server_url)
service = AuthService(server_url)
try:
service.login(False)
except IOError:
raise ValueError('Failed to contact %s' % server_url)
try:
identity = service.get_current_identity()
except AuthServiceError:
raise ValueError('Failed to fetch identify from %s' % server_url)
if identity == 'anonymous:anonymous':
raise ValueError(
'Please login to %s: \n'
' python auth.py login --service=%s' % (server_url, server_url))
email = identity.split(':')[1]
logging.info('Logged in to %s: %s', server_url, email)
return email
def add_auth_options(parser):
"""Adds command line options related to authentication."""
parser.auth_group = optparse.OptionGroup(parser, 'Authentication')
parser.auth_group.add_option(
'--auth-method',
metavar='METHOD',
default='bot' if tools.is_headless() else 'oauth',
help='Authentication method to use: %s. [default: %%default]' %
', '.join(net.AUTH_METHODS))
parser.add_option_group(parser.auth_group)
oauth.add_oauth_options(parser)
def get_default_auth_config():
"""Returns auth configuration used by default if configure_auth is not called.
If running in a headless mode on bots, will use 'bot' auth, otherwise
'oauth' with default oauth config.
Returns pair (auth method name, auth method config).
"""
if tools.is_headless():
return 'bot', None
else:
return 'oauth', oauth.make_oauth_config()
def get_default_auth_config():
"""Returns auth configuration used by default if configure_auth is not called.
If running in a headless mode on bots, will use 'bot' auth, otherwise
'oauth' with default oauth config.
Returns pair (auth method name, auth method config).
"""
if tools.is_headless():
return 'bot', None
else:
return 'oauth', oauth.make_oauth_config()
def make_oauth_config(
disabled=None,
tokens_cache=None,
no_local_webserver=None,
webserver_port=None,
service_account_json=None):
"""Returns new instance of OAuthConfig.
If some config option is not provided or None, it will be set to a reasonable
default value. This function also acts as an authoritative place for default
values of corresponding command line options.
Args:
disabled: True to completely turn off OAuth authentication.
tokens_cache: path to a file with cached OAuth2 credentials.
no_local_webserver: if True, do not try to run local web server that
handles redirects. Use copy-pasted verification code instead.
webserver_port: port to run local webserver on.
service_account_json: path to JSON file with service account credentials.
"""
if tokens_cache is None:
tokens_cache = os.environ.get(
'SWARMING_AUTH_TOKENS_CACHE', DEFAULT_OAUTH_TOKENS_CACHE)
if no_local_webserver is None:
no_local_webserver = tools.get_bool_env_var(
'SWARMING_AUTH_NO_LOCAL_WEBSERVER')
if webserver_port is None:
webserver_port = 8090
if service_account_json is None:
service_account_json = os.environ.get('SWARMING_AUTH_SERVICE_ACCOUNT_JSON')
use_luci_context_auth = has_local_auth()
if disabled is None:
disabled = (tools.is_headless()
and not service_account_json and not use_luci_context_auth)
if disabled:
service_account_json = None
use_luci_context_auth = False
elif service_account_json and use_luci_context_auth:
raise ValueError('Cannot use both service account and LUCI_CONTEXT')
return OAuthConfig(
disabled,
tokens_cache,
no_local_webserver,
webserver_port,
service_account_json,
use_luci_context_auth)
def make_oauth_config(
disabled=None,
tokens_cache=None,
no_local_webserver=None,
webserver_port=None,
service_account_json=None):
"""Returns new instance of OAuthConfig.
If some config option is not provided or None, it will be set to a reasonable
default value. This function also acts as an authoritative place for default
values of corresponding command line options.
Args:
disabled: True to completely turn off OAuth authentication.
tokens_cache: path to a file with cached OAuth2 credentials.
no_local_webserver: if True, do not try to run local web server that
handles redirects. Use copy-pasted verification code instead.
webserver_port: port to run local webserver on.
service_account_json: path to JSON file with service account credentials.
"""
if tokens_cache is None:
tokens_cache = os.environ.get(
'SWARMING_AUTH_TOKENS_CACHE', DEFAULT_OAUTH_TOKENS_CACHE)
if no_local_webserver is None:
no_local_webserver = tools.get_bool_env_var(
'SWARMING_AUTH_NO_LOCAL_WEBSERVER')
if webserver_port is None:
webserver_port = 8090
if service_account_json is None:
service_account_json = os.environ.get('SWARMING_AUTH_SERVICE_ACCOUNT_JSON')
if disabled is None:
disabled = tools.is_headless() and not service_account_json
return OAuthConfig(
disabled,
tokens_cache,
no_local_webserver,
webserver_port,
service_account_json)
