tools/telemetry/third_party/gsutil/gslib/commands/config.py - Issue 1260493004: Revert "Add gsutil 4.13 to telemetry/third_party"

Unified Diff: tools/telemetry/third_party/gsutil/gslib/commands/config.py

Issue 1260493004: Revert "Add gsutil 4.13 to telemetry/third_party" (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « tools/telemetry/third_party/gsutil/gslib/commands/compose.py ('k') | tools/telemetry/third_party/gsutil/gslib/commands/cors.py » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: tools/telemetry/third_party/gsutil/gslib/commands/config.py

diff --git a/tools/telemetry/third_party/gsutil/gslib/commands/config.py b/tools/telemetry/third_party/gsutil/gslib/commands/config.py

deleted file mode 100644

index 386af159ac5f24784156ad75b4aeb59df5ce81ab..0000000000000000000000000000000000000000

--- a/tools/telemetry/third_party/gsutil/gslib/commands/config.py

+++ /dev/null

@@ -1,1087 +0,0 @@

-# -*- coding: utf-8 -*-

-# Licensed under the Apache License, Version 2.0 (the "License");

-# you may not use this file except in compliance with the License.

-# You may obtain a copy of the License at

-# http://www.apache.org/licenses/LICENSE-2.0

-# Unless required by applicable law or agreed to in writing, software

-# distributed under the License is distributed on an "AS IS" BASIS,

-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-# See the License for the specific language governing permissions and

-# limitations under the License.

-"""Implementation of config command for creating a gsutil configuration file."""

-from __future__ import absolute_import

-import datetime

-from httplib import ResponseNotReady

-import json

-import multiprocessing

-import os

-import platform

-import signal

-import socket

-import stat

-import sys

-import textwrap

-import time

-import webbrowser

-import boto

-from boto.provider import Provider

-from httplib2 import ServerNotFoundError

-from oauth2client.client import HAS_CRYPTO

-import gslib

-from gslib.command import Command

-from gslib.commands.compose import MAX_COMPONENT_COUNT

-from gslib.cred_types import CredTypes

-from gslib.exception import AbortException

-from gslib.exception import CommandException

-from gslib.hashing_helper import CHECK_HASH_ALWAYS

-from gslib.hashing_helper import CHECK_HASH_IF_FAST_ELSE_FAIL

-from gslib.hashing_helper import CHECK_HASH_IF_FAST_ELSE_SKIP

-from gslib.hashing_helper import CHECK_HASH_NEVER

-from gslib.sig_handling import RegisterSignalHandler

-from gslib.util import EIGHT_MIB

-from gslib.util import IS_WINDOWS

-_SYNOPSIS = """

- gsutil [-D] config [-a] [-b] [-e] [-f] [-o <file>] [-r] [-s <scope>] [-w]

-"""

-_DETAILED_HELP_TEXT = ("""

-SYNOPSIS

-""" + _SYNOPSIS + """

-DESCRIPTION

- The gsutil config command obtains access credentials for Google Cloud

- Storage and writes a boto/gsutil configuration file containing the obtained

- credentials along with a number of other configuration-controllable values.

- Unless specified otherwise (see OPTIONS), the configuration file is written

- to ~/.boto (i.e., the file .boto under the user's home directory). If the

- default file already exists, an attempt is made to rename the existing file

- to ~/.boto.bak; if that attempt fails the command will exit. A different

- destination file can be specified with the -o option (see OPTIONS).

- Because the boto configuration file contains your credentials you should

- keep its file permissions set so no one but you has read access. (The file

- is created read-only when you run gsutil config.)

-CREDENTIALS

- By default gsutil config obtains OAuth2 credentials, and writes them

- to the [Credentials] section of the configuration file. The -r, -w,

- -f options (see OPTIONS below) cause gsutil config to request a token

- with restricted scope; the resulting token will be restricted to read-only

- operations, read-write operations, or all operations (including acl get/set,

- defacl get/set, and logging get/'set on'/'set off' operations). In

- addition, -s <scope> can be used to request additional (non-Google-Storage)

- scopes.

- If you want to use credentials based on access key and secret (the older

- authentication method before OAuth2 was supported) instead of OAuth2,

- see help about the -a option in the OPTIONS section.

- If you wish to use gsutil with other providers (or to copy data back and

- forth between multiple providers) you can edit their credentials into the

- [Credentials] section after creating the initial configuration file.

-CONFIGURING SERVICE ACCOUNT CREDENTIALS

- You can configure credentials for service accounts using the gsutil config -e

- option. Service accounts are useful for authenticating on behalf of a service

- or application (as opposed to a user).

- When you run gsutil config -e, you will be prompted for your service account

- email address and the path to your private key file. To get these data, visit

- the `Google Developers Console <https://cloud.google.com/console#/project>`_,

- click on the project you are using, then click "APIs & auth", then click

- "Credentials", then click "Create new Client ID"; on the pop-up dialog box

- select "Service account" and click "Create Client ID". This will download

- a private key file, which you should move to somewhere

- accessible from the machine where you run gsutil. Make sure to set its

- protection so only the users you want to be able to authenticate have

- access.

- Note that your service account will NOT be considered an Owner for the

- purposes of API access (see "gsutil help creds" for more information about

- this). See https://developers.google.com/accounts/docs/OAuth2ServiceAccount

- for further information on service account authentication.

-CONFIGURATION FILE SELECTION PROCEDURE

- By default, gsutil will look for the configuration file in /etc/boto.cfg and

- ~/.boto. You can override this choice by setting the BOTO_CONFIG environment

- variable. This is also useful if you have several different identities or

- cloud storage environments: By setting up the credentials and any additional

- configuration in separate files for each, you can switch environments by

- changing environment variables.

- You can also set up a path of configuration files, by setting the BOTO_PATH

- environment variable to contain a ":" delimited path. For example setting

- the BOTO_PATH environment variable to:

- /etc/projects/my_group_project.boto.cfg:/home/mylogin/.boto

- will cause gsutil to load each configuration file found in the path in

- order. This is useful if you want to set up some shared configuration

- state among many users: The shared state can go in the central shared file

- ( /etc/projects/my_group_project.boto.cfg) and each user's individual

- credentials can be placed in the configuration file in each of their home

- directories. (For security reasons users should never share credentials

- via a shared configuration file.)

-CONFIGURATION FILE STRUCTURE

- The configuration file contains a number of sections: [Credentials],

- [Boto], [GSUtil], and [OAuth2]. If you edit the file make sure to edit the

- appropriate section (discussed below), and to be careful not to mis-edit

- any of the setting names (like "gs_access_key_id") and not to remove the

- section delimiters (like "[Credentials]").

-ADDITIONAL CONFIGURATION-CONTROLLABLE FEATURES

- With the exception of setting up gsutil to work through a proxy (see

- below), most users won't need to edit values in the boto configuration file;

- values found in there tend to be of more specialized use than command line

- option-controllable features.

- The following are the currently defined configuration settings, broken

- down by section. Their use is documented in comments preceding each, in

- the configuration file. If you see a setting you want to change that's not

- listed in your current file, see the section below on Updating to the Latest

- Configuration File.

- The currently supported settings, are, by section:

- [Credentials]

- aws_access_key_id

- aws_secret_access_key

- gs_access_key_id

- gs_host

- gs_json_host

- gs_json_port

- gs_oauth2_refresh_token

- gs_port

- gs_secret_access_key

- s3_host

- s3_port

- [Boto]

- proxy

- proxy_port

- proxy_user

- proxy_pass

- proxy_rdns

- http_socket_timeout

- https_validate_certificates

- debug

- max_retry_delay

- num_retries

- [GSUtil]

- check_hashes

- content_language

- default_api_version

- default_project_id

- json_api_version

- parallel_composite_upload_component_size

- parallel_composite_upload_threshold

- parallel_process_count

- parallel_thread_count

- prefer_api

- resumable_threshold

- resumable_tracker_dir (deprecated in 4.6, use state_dir)

- rsync_buffer_lines

- software_update_check_period

- state_dir

- tab_completion_time_logs

- tab_completion_timeout

- use_magicfile

- [OAuth2]

- client_id

- client_secret

- oauth2_refresh_retries

- provider_authorization_uri

- provider_label

- provider_token_uri

- token_cache

-UPDATING TO THE LATEST CONFIGURATION FILE

- We add new configuration controllable features to the boto configuration file

- over time, but most gsutil users create a configuration file once and then

- keep it for a long time, so new features aren't apparent when you update

- to a newer version of gsutil. If you want to get the latest configuration

- file (which includes all the latest settings and documentation about each)

- you can rename your current file (e.g., to '.boto_old'), run gsutil config,

- and then edit any configuration settings you wanted from your old file

- into the newly created file. Note, however, that if you're using OAuth2

- credentials and you go back through the OAuth2 configuration dialog it will

- invalidate your previous OAuth2 credentials.

- If no explicit scope option is given, -f (full control) is assumed by default.

-OPTIONS

- -a Prompt for Google Cloud Storage access key and secret (the older

- authentication method before OAuth2 was supported) instead of

- obtaining an OAuth2 token.

- -b Causes gsutil config to launch a browser to obtain OAuth2 approval

- and the project ID instead of showing the URL for each and asking

- the user to open the browser. This will probably not work as

- expected if you are running gsutil from an ssh window, or using

- gsutil on Windows.

- -e Prompt for service account credentials. This option requires that

- -a is not set.

- -f Request token with full-control access (default).

- -o <file> Write the configuration to <file> instead of ~/.boto.

- Use '-' for stdout.

- -r Request token restricted to read-only access.

- -s <scope> Request additional OAuth2 <scope>.

- -w Request token restricted to read-write access.

-""")

-try:

- from gcs_oauth2_boto_plugin import oauth2_helper # pylint: disable=g-import-not-at-top

-except ImportError:

- pass

-GOOG_CLOUD_CONSOLE_URI = 'https://cloud.google.com/console#/project'

-SCOPE_FULL_CONTROL = 'https://www.googleapis.com/auth/devstorage.full_control'

-SCOPE_READ_WRITE = 'https://www.googleapis.com/auth/devstorage.read_write'

-SCOPE_READ_ONLY = 'https://www.googleapis.com/auth/devstorage.read_only'

-CONFIG_PRELUDE_CONTENT = """

-# This file contains credentials and other configuration information needed

-# by the boto library, used by gsutil. You can edit this file (e.g., to add

-# credentials) but be careful not to mis-edit any of the variable names (like

-# "gs_access_key_id") or remove important markers (like the "[Credentials]" and

-# "[Boto]" section delimiters).

-"""

-# Default number of OS processes and Python threads for parallel operations.

-# On Linux systems we automatically scale the number of processes to match

-# the underlying CPU/core count. Given we'll be running multiple concurrent

-# processes on a typical multi-core Linux computer, to avoid being too

-# aggressive with resources, the default number of threads is reduced from

-# the previous value of 24 to 10.

-# On Windows and Mac systems parallel multi-processing and multi-threading

-# in Python presents various challenges so we retain compatibility with

-# the established parallel mode operation, i.e. one process and 24 threads.

-if platform.system() == 'Linux':

- DEFAULT_PARALLEL_PROCESS_COUNT = multiprocessing.cpu_count()

- DEFAULT_PARALLEL_THREAD_COUNT = 10

-else:

- DEFAULT_PARALLEL_PROCESS_COUNT = 1

- DEFAULT_PARALLEL_THREAD_COUNT = 24

-# TODO: Once compiled crcmod is being distributed by major Linux distributions

-# revert DEFAULT_PARALLEL_COMPOSITE_UPLOAD_THRESHOLD value to '150M'.

-DEFAULT_PARALLEL_COMPOSITE_UPLOAD_THRESHOLD = '0'

-DEFAULT_PARALLEL_COMPOSITE_UPLOAD_COMPONENT_SIZE = '50M'

-CONFIG_BOTO_SECTION_CONTENT = """

-[Boto]

-# http_socket_timeout specifies the timeout (in seconds) used to tell httplib

-# how long to wait for socket timeouts. The default is 70 seconds. Note that

-# this timeout only applies to httplib, not to httplib2 (which is used for

-# OAuth2 refresh/access token exchanges).

-#http_socket_timeout = 70

-# The following two options control the use of a secure transport for requests

-# to S3 and Google Cloud Storage. It is highly recommended to set both options

-# to True in production environments, especially when using OAuth2 bearer token

-# authentication with Google Cloud Storage.

-# Set 'https_validate_certificates' to False to disable server certificate

-# checking. The default for this option in the boto library is currently

-# 'False' (to avoid breaking apps that depend on invalid certificates); it is

-# therefore strongly recommended to always set this option explicitly to True

-# in configuration files, to protect against "man-in-the-middle" attacks.

-https_validate_certificates = True

-# 'debug' controls the level of debug messages printed: 0 for none, 1

-# for basic boto debug, 2 for all boto debug plus HTTP requests/responses.

-# Note: 'gsutil -d' sets debug to 2 for that one command run.

-#debug = <0, 1, or 2>

-# 'num_retries' controls the number of retry attempts made when errors occur

-# during data transfers. The default is 6.

-# Note 1: You can cause gsutil to retry failures effectively infinitely by

-# setting this value to a large number (like 10000). Doing that could be useful

-# in cases where your network connection occasionally fails and is down for an

-# extended period of time, because when it comes back up gsutil will continue

-# retrying. However, in general we recommend not setting the value above 10,

-# because otherwise gsutil could appear to "hang" due to excessive retries

-# (since unless you run gsutil -D you won't see any logged evidence that gsutil

-# is retrying).

-# Note 2: Don't set this value to 0, as it will cause boto to fail when reusing

-# HTTP connections.

-#num_retries = <integer value>

-# 'max_retry_delay' controls the max delay (in seconds) between retries. The

-# default value is 60, so the backoff sequence will be 1 seconds, 2 seconds, 4,

-# 8, 16, 32, and then 60 for all subsequent retries for a given HTTP request.

-# Note: At present this value only impacts the XML API and the JSON API uses a

-# fixed value of 60.

-#max_retry_delay = <integer value>

-"""

-CONFIG_INPUTLESS_GSUTIL_SECTION_CONTENT = """

-[GSUtil]

-# 'resumable_threshold' specifies the smallest file size [bytes] for which

-# resumable Google Cloud Storage uploads are attempted. The default is 8388608

-# (8 MiB).

-#resumable_threshold = %(resumable_threshold)d

-# 'rsync_buffer_lines' specifies the number of lines of bucket or directory

-# listings saved in each temp file during sorting. (The complete set is

-# split across temp files and separately sorted/merged, to avoid needing to

-# fit everything in memory at once.) If you are trying to synchronize very

-# large directories/buckets (e.g., containing millions or more objects),

-# having too small a value here can cause gsutil to run out of open file

-# handles. If that happens, you can try to increase the number of open file

-# handles your system allows (e.g., see 'man ulimit' on Linux; see also

-# http://docs.python.org/2/library/resource.html). If you can't do that (or

-# if you're already at the upper limit), increasing rsync_buffer_lines will

-# cause gsutil to use fewer file handles, but at the cost of more memory. With

-# rsync_buffer_lines set to 32000 and assuming a typical URL is 100 bytes

-# long, gsutil will require approximately 10 MiB of memory while building

-# the synchronization state, and will require approximately 60 open file

-# descriptors to build the synchronization state over all 1M source and 1M

-# destination URLs. Memory and file descriptors are only consumed while

-# building the state; once the state is built, it resides in two temp files that

-# are read and processed incrementally during the actual copy/delete

-# operations.

-#rsync_buffer_lines = 32000

-# 'state_dir' specifies the base location where files that

-# need a static location are stored, such as pointers to credentials,

-# resumable transfer tracker files, and the last software update check.

-# By default these files are stored in ~/.gsutil

-#state_dir = <file_path>

-# gsutil periodically checks whether a new version of the gsutil software is

-# available. 'software_update_check_period' specifies the number of days

-# between such checks. The default is 30. Setting the value to 0 disables

-# periodic software update checks.

-#software_update_check_period = 30

-# 'tab_completion_timeout' controls the timeout (in seconds) for tab

-# completions that involve remote requests (such as bucket or object names).

-# If tab completion does not succeed within this timeout, no tab completion

-# suggestions will be returned.

-# A value of 0 will disable completions that involve remote requests.

-#tab_completion_timeout = 5

-# 'parallel_process_count' and 'parallel_thread_count' specify the number

-# of OS processes and Python threads, respectively, to use when executing

-# operations in parallel. The default settings should work well as configured,

-# however, to enhance performance for transfers involving large numbers of

-# files, you may experiment with hand tuning these values to optimize

-# performance for your particular system configuration.

-# MacOS and Windows users should see

-# https://github.com/GoogleCloudPlatform/gsutil/issues/77 before attempting

-# to experiment with these values.

-#parallel_process_count = %(parallel_process_count)d

-#parallel_thread_count = %(parallel_thread_count)d

-# 'parallel_composite_upload_threshold' specifies the maximum size of a file to

-# upload in a single stream. Files larger than this threshold will be

-# partitioned into component parts and uploaded in parallel and then composed

-# into a single object.

-# The number of components will be the smaller of

-# ceil(file_size / parallel_composite_upload_component_size) and

-# MAX_COMPONENT_COUNT. The current value of MAX_COMPONENT_COUNT is

-# %(max_component_count)d.

-# If 'parallel_composite_upload_threshold' is set to 0, then automatic parallel

-# uploads will never occur.

-# Setting an extremely low threshold is unadvisable. The vast majority of

-# environments will see degraded performance for thresholds below 80M, and it

-# is almost never advantageous to have a threshold below 20M.

-# 'parallel_composite_upload_component_size' specifies the ideal size of a

-# component in bytes, which will act as an upper bound to the size of the

-# components if ceil(file_size / parallel_composite_upload_component_size) is

-# less than MAX_COMPONENT_COUNT.

-# Values can be provided either in bytes or as human-readable values

-# (e.g., "150M" to represent 150 mebibytes)

-# Note: At present parallel composite uploads are disabled by default, because

-# using composite objects requires a compiled crcmod (see "gsutil help crcmod"),

-# and for operating systems that don't already have this package installed this

-# makes gsutil harder to use. Google is actively working with a number of the

-# Linux distributions to get crcmod included with the stock distribution. Once

-# that is done we will re-enable parallel composite uploads by default in

-# gsutil.

-#parallel_composite_upload_threshold = %(parallel_composite_upload_threshold)s

-#parallel_composite_upload_component_size = %(parallel_composite_upload_component_size)s

-# 'use_magicfile' specifies if the 'file --mime-type <filename>' command should

-# be used to guess content types instead of the default filename extension-based

-# mechanism. Available on UNIX and MacOS (and possibly on Windows, if you're

-# running Cygwin or some other package that provides implementations of

-# UNIX-like commands). When available and enabled use_magicfile should be more

-# robust because it analyzes file contents in addition to extensions.

-#use_magicfile = False

-# 'content_language' specifies the ISO 639-1 language code of the content, to be

-# passed in the Content-Language header. By default no Content-Language is sent.

-# See the ISO 639-1 column of

-# http://www.loc.gov/standards/iso639-2/php/code_list.php for a list of

-# language codes.

-content_language = en

-# 'check_hashes' specifies how strictly to require integrity checking for

-# downloaded data. Legal values are:

-# '%(hash_fast_else_fail)s' - (default) Only integrity check if the digest

-# will run efficiently (using compiled code), else fail the download.

-# '%(hash_fast_else_skip)s' - Only integrity check if the server supplies a

-# hash and the local digest computation will run quickly, else skip the

-# check.

-# '%(hash_always)s' - Always check download integrity regardless of possible

-# performance costs.

-# '%(hash_never)s' - Don't perform download integrity checks. This setting is

-# not recommended except for special cases such as measuring download

-# performance excluding time for integrity checking.

-# This option exists to assist users who wish to download a GCS composite object

-# and are unable to install crcmod with the C-extension. CRC32c is the only

-# available integrity check for composite objects, and without the C-extension,

-# download performance can be significantly degraded by the digest computation.

-# This option is ignored for daisy-chain copies, which don't compute hashes but

-# instead (inexpensively) compare the cloud source and destination hashes.

-#check_hashes = if_fast_else_fail

-# The ability to specify an alternative JSON API version is primarily for cloud

-# storage service developers.

-#json_api_version = v1

-# Specifies the API to use when interacting with cloud storage providers. If

-# the gsutil command supports this API for the provider, it will be used

-# instead of the default.

-# Commands typically default to XML for S3 and JSON for GCS.

-#prefer_api = json

-#prefer_api = xml

-""" % {'hash_fast_else_fail': CHECK_HASH_IF_FAST_ELSE_FAIL,

- 'hash_fast_else_skip': CHECK_HASH_IF_FAST_ELSE_SKIP,

- 'hash_always': CHECK_HASH_ALWAYS,

- 'hash_never': CHECK_HASH_NEVER,

- 'resumable_threshold': EIGHT_MIB,

- 'parallel_process_count': DEFAULT_PARALLEL_PROCESS_COUNT,

- 'parallel_thread_count': DEFAULT_PARALLEL_THREAD_COUNT,

- 'parallel_composite_upload_threshold': (

- DEFAULT_PARALLEL_COMPOSITE_UPLOAD_THRESHOLD),

- 'parallel_composite_upload_component_size': (

- DEFAULT_PARALLEL_COMPOSITE_UPLOAD_COMPONENT_SIZE),

- 'max_component_count': MAX_COMPONENT_COUNT}

-CONFIG_OAUTH2_CONFIG_CONTENT = """

-[OAuth2]

-# This section specifies options used with OAuth2 authentication.

-# 'token_cache' specifies how the OAuth2 client should cache access tokens.

-# Valid values are:

-# 'in_memory': an in-memory cache is used. This is only useful if the boto

-# client instance (and with it the OAuth2 plugin instance) persists

-# across multiple requests.

-# 'file_system' : access tokens will be cached in the file system, in files

-# whose names include a key derived from the refresh token the access token

-# based on.

-# The default is 'file_system'.

-#token_cache = file_system

-#token_cache = in_memory

-# 'token_cache_path_pattern' specifies a path pattern for token cache files.

-# This option is only relevant if token_cache = file_system.

-# The value of this option should be a path, with place-holders '%(key)s' (which

-# will be replaced with a key derived from the refresh token the cached access

-# token was based on), and (optionally), %(uid)s (which will be replaced with

-# the UID of the current user, if available via os.getuid()).

-# Note that the config parser itself interpolates '%' placeholders, and hence

-# the above placeholders need to be escaped as '%%(key)s'.

-# The default value of this option is

-# token_cache_path_pattern = <tmpdir>/oauth2client-tokencache.%%(uid)s.%%(key)s

-# where <tmpdir> is the system-dependent default temp directory.

-# The following options specify the OAuth2 client identity and secret that is

-# used when requesting and using OAuth2 tokens. If not specified, a default

-# OAuth2 client for the gsutil tool is used; for uses of the boto library (with

-# OAuth2 authentication plugin) in other client software, it is recommended to

-# use a tool/client-specific OAuth2 client. For more information on OAuth2, see

-# http://code.google.com/apis/accounts/docs/OAuth2.html

-#client_id = <OAuth2 client id>

-#client_secret = <OAuth2 client secret>

-# The following options specify the label and endpoint URIs for the OAUth2

-# authorization provider being used. Primarily useful for tool developers.

-#provider_label = Google

-#provider_authorization_uri = https://accounts.google.com/o/oauth2/auth

-#provider_token_uri = https://accounts.google.com/o/oauth2/token

-# 'oauth2_refresh_retries' controls the number of retry attempts made when

-# rate limiting errors occur for OAuth2 requests to retrieve an access token.

-# The default value is 6.

-#oauth2_refresh_retries = <integer value>

-"""

-class ConfigCommand(Command):

- """Implementation of gsutil config command."""

- # Command specification. See base class for documentation.

- command_spec = Command.CreateCommandSpec(

- 'config',

- command_name_aliases=['cfg', 'conf', 'configure'],

- usage_synopsis=_SYNOPSIS,

- min_args=0,

- max_args=0,

- supported_sub_args='habefwrs:o:',

- file_url_ok=False,

- provider_url_ok=False,

- urls_start_arg=0,

- )

- # Help specification. See help_provider.py for documentation.

- help_spec = Command.HelpSpec(

- help_name='config',

- help_name_aliases=['cfg', 'conf', 'configure', 'aws', 's3'],

- help_type='command_help',

- help_one_line_summary=(

- 'Obtain credentials and create configuration file'),

- help_text=_DETAILED_HELP_TEXT,

- subcommand_help_text={},

- )

- def _OpenConfigFile(self, file_path):

- """Creates and opens a configuration file for writing.

- The file is created with mode 0600, and attempts to open existing files will

- fail (the latter is important to prevent symlink attacks).

- It is the caller's responsibility to close the file.

- Args:

- file_path: Path of the file to be created.

- Returns:

- A writable file object for the opened file.

- Raises:

- CommandException: if an error occurred when opening the file (including

- when the file already exists).

- """

- flags = os.O_RDWR | os.O_CREAT | os.O_EXCL

- # Accommodate Windows; copied from python2.6/tempfile.py.

- if hasattr(os, 'O_NOINHERIT'):

- flags |= os.O_NOINHERIT

- try:

- fd = os.open(file_path, flags, 0600)

- except (OSError, IOError), e:

- raise CommandException('Failed to open %s for writing: %s' %

- (file_path, e))

- return os.fdopen(fd, 'w')

- def _CheckPrivateKeyFilePermissions(self, file_path):

- """Checks that the file has reasonable permissions for a private key.

- In particular, check that the filename provided by the user is not

- world- or group-readable. If either of these are true, we issue a warning

- and offer to fix the permissions.

- Args:

- file_path: The name of the private key file.

- """

- if IS_WINDOWS:

- # For Windows, this check doesn't work (it actually just checks whether

- # the file is read-only). Since Windows files have a complicated ACL

- # system, this check doesn't make much sense on Windows anyway, so we

- # just don't do it.

- return

- st = os.stat(file_path)

- if bool((stat.S_IRGRP | stat.S_IROTH) & st.st_mode):

- self.logger.warn(

- '\nYour private key file is readable by people other than yourself.\n'

- 'This is a security risk, since anyone with this information can use '

- 'your service account.\n')

- fix_it = raw_input('Would you like gsutil to change the file '

- 'permissions for you? (y/N) ')

- if fix_it in ('y', 'Y'):

- try:

- os.chmod(file_path, 0400)

- self.logger.info(

- '\nThe permissions on your file have been successfully '

- 'modified.'

- '\nThe only access allowed is readability by the user '

- '(permissions 0400 in chmod).')

- except Exception, _: # pylint: disable=broad-except

- self.logger.warn(

- '\nWe were unable to modify the permissions on your file.\n'

- 'If you would like to fix this yourself, consider running:\n'

- '"sudo chmod 400 </path/to/key>" for improved security.')

- else:

- self.logger.info(

- '\nYou have chosen to allow this file to be readable by others.\n'

- 'If you would like to fix this yourself, consider running:\n'

- '"sudo chmod 400 </path/to/key>" for improved security.')

- def _PromptForProxyConfigVarAndMaybeSaveToBotoConfig(self, varname, prompt,

- convert_to_bool=False):

- """Prompts for one proxy config line, saves to boto.config if not empty.

- Args:

- varname: The config variable name.

- prompt: The prompt to output to the user.

- convert_to_bool: Whether to convert "y/n" to True/False.

- """

- value = raw_input(prompt)

- if value:

- if convert_to_bool:

- if value == 'y' or value == 'Y':

- value = 'True'

- else:

- value = 'False'

- boto.config.set('Boto', varname, value)

- def _PromptForProxyConfig(self):

- """Prompts for proxy config data, loads non-empty values into boto.config.

- """