| OLD | NEW |
|---|
| (Empty) |
| 1 # Copyright 2014 Google Inc. All rights reserved. | |
| 2 # | |
| 3 # Licensed under the Apache License, Version 2.0 (the "License"); | |
| 4 # you may not use this file except in compliance with the License. | |
| 5 # You may obtain a copy of the License at | |
| 6 # | |
| 7 # http://www.apache.org/licenses/LICENSE-2.0 | |
| 8 # | |
| 9 # Unless required by applicable law or agreed to in writing, software | |
| 10 # distributed under the License is distributed on an "AS IS" BASIS, | |
| 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 12 # See the License for the specific language governing permissions and | |
| 13 # limitations under the License. | |
| 14 | |
| 15 """Utilities for Google Compute Engine | |
| 16 | |
| 17 Utilities for making it easier to use OAuth 2.0 on Google Compute Engine. | |
| 18 """ | |
| 19 | |
| 20 import json | |
| 21 import logging | |
| 22 from six.moves import urllib | |
| 23 | |
| 24 from oauth2client._helpers import _from_bytes | |
| 25 from oauth2client import util | |
| 26 from oauth2client.client import HttpAccessTokenRefreshError | |
| 27 from oauth2client.client import AssertionCredentials | |
| 28 | |
| 29 | |
| 30 __author__ = 'jcgregorio@google.com (Joe Gregorio)' | |
| 31 | |
| 32 logger = logging.getLogger(__name__) | |
| 33 | |
| 34 # URI Template for the endpoint that returns access_tokens. | |
| 35 META = ('http://metadata.google.internal/0.1/meta-data/service-accounts/' | |
| 36 'default/acquire{?scope}') | |
| 37 | |
| 38 | |
| 39 class AppAssertionCredentials(AssertionCredentials): | |
| 40 """Credentials object for Compute Engine Assertion Grants | |
| 41 | |
| 42 This object will allow a Compute Engine instance to identify itself to | |
| 43 Google and other OAuth 2.0 servers that can verify assertions. It can be | |
| 44 used for the purpose of accessing data stored under an account assigned to | |
| 45 the Compute Engine instance itself. | |
| 46 | |
| 47 This credential does not require a flow to instantiate because it | |
| 48 represents a two legged flow, and therefore has all of the required | |
| 49 information to generate and refresh its own access tokens. | |
| 50 """ | |
| 51 | |
| 52 @util.positional(2) | |
| 53 def __init__(self, scope, **kwargs): | |
| 54 """Constructor for AppAssertionCredentials | |
| 55 | |
| 56 Args: | |
| 57 scope: string or iterable of strings, scope(s) of the credentials | |
| 58 being requested. | |
| 59 """ | |
| 60 self.scope = util.scopes_to_string(scope) | |
| 61 self.kwargs = kwargs | |
| 62 | |
| 63 # Assertion type is no longer used, but still in the | |
| 64 # parent class signature. | |
| 65 super(AppAssertionCredentials, self).__init__(None) | |
| 66 | |
| 67 @classmethod | |
| 68 def from_json(cls, json_data): | |
| 69 data = json.loads(_from_bytes(json_data)) | |
| 70 return AppAssertionCredentials(data['scope']) | |
| 71 | |
| 72 def _refresh(self, http_request): | |
| 73 """Refreshes the access_token. | |
| 74 | |
| 75 Skip all the storage hoops and just refresh using the API. | |
| 76 | |
| 77 Args: | |
| 78 http_request: callable, a callable that matches the method | |
| 79 signature of httplib2.Http.request, used to make | |
| 80 the refresh request. | |
| 81 | |
| 82 Raises: | |
| 83 HttpAccessTokenRefreshError: When the refresh fails. | |
| 84 """ | |
| 85 query = '?scope=%s' % urllib.parse.quote(self.scope, '') | |
| 86 uri = META.replace('{?scope}', query) | |
| 87 response, content = http_request(uri) | |
| 88 content = _from_bytes(content) | |
| 89 if response.status == 200: | |
| 90 try: | |
| 91 d = json.loads(content) | |
| 92 except Exception as e: | |
| 93 raise HttpAccessTokenRefreshError(str(e), | |
| 94 status=response.status) | |
| 95 self.access_token = d['accessToken'] | |
| 96 else: | |
| 97 if response.status == 404: | |
| 98 content += (' This can occur if a VM was created' | |
| 99 ' with no service account or scopes.') | |
| 100 raise HttpAccessTokenRefreshError(content, status=response.status) | |
| 101 | |
| 102 @property | |
| 103 def serialization_data(self): | |
| 104 raise NotImplementedError( | |
| 105 'Cannot serialize credentials for GCE service accounts.') | |
| 106 | |
| 107 def create_scoped_required(self): | |
| 108 return not self.scope | |
| 109 | |
| 110 def create_scoped(self, scopes): | |
| 111 return AppAssertionCredentials(scopes, **self.kwargs) | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1768993002:
Update oauth2client to v2.0.1 and googleapiclient to v1.5.0.
Base URL: git@github.com:luci/luci-py.git@master