Simply download_from_google_storage --config

Simply download_from_google_storage --config

This does two noticable things:
* Prints a message when "download_from_google_storage --config" is run to
  tell the user to enter "0" for the project ID prompt
* Removes the ".boto.depot_tools" boto file and defaults the boto file to
  grant fullcontrol scopes.

Context: We restricted the depot_tools specific scopes to be readonly out of
concern that we would be forcing every developer to hold a set of non-expiring
write access credentials on their workstation.  But this distinction has caused
a great deal of pain and anguish with confusing credentials (who would've thought
~/.boto.depot_tools would exist and might be broken?), and not for huge security
gains.  Most people don't have write access to buckets, and the ones that do
definitely has a fullcontrol boto file already.

BUG=

Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=295728

[hinoka, 2015-06-17 17:33:44]

hinoka@chromium.org changed reviewers:
+ vadimsh@chromium.org

[hinoka, 2015-06-17 17:33:44]

+vadimsh for review to see if security justification seems sound
+petermayo fyi about the boto.depot_tools

[Vadim Sh., 2015-06-17 19:24:04]

IIUC, it will require existing users of download_from_google_storage to rerun
config again? (Since boto file has moved). Will you send a PSA?

(I don't think it has any significant security implications, bucket ACLs should
be the primary access control mechanism, not some client side cookie).

https://codereview.chromium.org/1182583003/diff/1/download_from_google_storag...
File download_from_google_storage.py (right):

https://codereview.chromium.org/1182583003/diff/1/download_from_google_storag...
download_from_google_storage.py:79: os.execv(sys.executable, cmd)
why? Are you sure 'call' is not used multiple times? (first call to 'call' will
replace the process completely). Also windows branch now should looks like
sys.exit(subprocess2.call(....)) to match what linux branch does.

Also you don't pass 'env' in here.

[hinoka, 2015-06-17 19:49:20]

Yes I'll be sending a PSA to chromium-dev first.

https://codereview.chromium.org/1182583003/diff/1/download_from_google_storag...
File download_from_google_storage.py (right):

https://codereview.chromium.org/1182583003/diff/1/download_from_google_storag...
download_from_google_storage.py:79: os.execv(sys.executable, cmd)
On 2015/06/17 19:24:04, Vadim Sh. wrote:
> why? Are you sure 'call' is not used multiple times? (first call to 'call'
will
> replace the process completely). Also windows branch now should looks like
> sys.exit(subprocess2.call(....)) to match what linux branch does.
> 
> Also you don't pass 'env' in here.

I thought it would've been cleaner, but on second thought the extra code and
confusion isn't worth it.  Removed.

https://codereview.chromium.org/1182583003/diff/20001/download_from_google_st...
File download_from_google_storage.py (right):

https://codereview.chromium.org/1182583003/diff/20001/download_from_google_st...
download_from_google_storage.py:57: def __init__(self, path, boto_path=None,
timeout=None, version='4.7'):
I think i'll deprecate boto_path as a flag at some point, but its being used in
a bunch of places, so the first step is to set this to None.

[Vadim Sh., 2015-06-17 20:29:25]

lgtm

[hinoka, 2015-06-17 20:34:34]

The CQ bit was checked by hinoka@chromium.org

[commit-bot: I haz the power, 2015-06-17 20:34:52]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1182583003/20001

[commit-bot: I haz the power, 2015-06-17 20:37:12]

Committed patchset #2 (id:20001) as
http://src.chromium.org/viewvc/chrome?view=rev&revision=295728