OLD | NEW |
(Empty) | |
| 1 # Copyright (C) 2012 Google Inc. |
| 2 # |
| 3 # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 # you may not use this file except in compliance with the License. |
| 5 # You may obtain a copy of the License at |
| 6 # |
| 7 # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 # |
| 9 # Unless required by applicable law or agreed to in writing, software |
| 10 # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 # See the License for the specific language governing permissions and |
| 13 # limitations under the License. |
| 14 |
| 15 """Utilities for Google Compute Engine |
| 16 |
| 17 Utilities for making it easier to use OAuth 2.0 on Google Compute Engine. |
| 18 """ |
| 19 |
| 20 __author__ = 'jcgregorio@google.com (Joe Gregorio)' |
| 21 |
| 22 import httplib2 |
| 23 import logging |
| 24 import uritemplate |
| 25 |
| 26 from oauth2client import util |
| 27 from oauth2client.anyjson import simplejson |
| 28 from oauth2client.client import AccessTokenRefreshError |
| 29 from oauth2client.client import AssertionCredentials |
| 30 |
| 31 logger = logging.getLogger(__name__) |
| 32 |
| 33 # URI Template for the endpoint that returns access_tokens. |
| 34 META = ('http://metadata.google.internal/0.1/meta-data/service-accounts/' |
| 35 'default/acquire{?scope}') |
| 36 |
| 37 |
| 38 class AppAssertionCredentials(AssertionCredentials): |
| 39 """Credentials object for Compute Engine Assertion Grants |
| 40 |
| 41 This object will allow a Compute Engine instance to identify itself to |
| 42 Google and other OAuth 2.0 servers that can verify assertions. It can be used |
| 43 for the purpose of accessing data stored under an account assigned to the |
| 44 Compute Engine instance itself. |
| 45 |
| 46 This credential does not require a flow to instantiate because it represents |
| 47 a two legged flow, and therefore has all of the required information to |
| 48 generate and refresh its own access tokens. |
| 49 """ |
| 50 |
| 51 @util.positional(2) |
| 52 def __init__(self, scope, **kwargs): |
| 53 """Constructor for AppAssertionCredentials |
| 54 |
| 55 Args: |
| 56 scope: string or iterable of strings, scope(s) of the credentials being |
| 57 requested. |
| 58 """ |
| 59 self.scope = util.scopes_to_string(scope) |
| 60 |
| 61 # Assertion type is no longer used, but still in the parent class signature. |
| 62 super(AppAssertionCredentials, self).__init__(None) |
| 63 |
| 64 @classmethod |
| 65 def from_json(cls, json): |
| 66 data = simplejson.loads(json) |
| 67 return AppAssertionCredentials(data['scope']) |
| 68 |
| 69 def _refresh(self, http_request): |
| 70 """Refreshes the access_token. |
| 71 |
| 72 Skip all the storage hoops and just refresh using the API. |
| 73 |
| 74 Args: |
| 75 http_request: callable, a callable that matches the method signature of |
| 76 httplib2.Http.request, used to make the refresh request. |
| 77 |
| 78 Raises: |
| 79 AccessTokenRefreshError: When the refresh fails. |
| 80 """ |
| 81 uri = uritemplate.expand(META, {'scope': self.scope}) |
| 82 response, content = http_request(uri) |
| 83 if response.status == 200: |
| 84 try: |
| 85 d = simplejson.loads(content) |
| 86 except StandardError, e: |
| 87 raise AccessTokenRefreshError(str(e)) |
| 88 self.access_token = d['accessToken'] |
| 89 else: |
| 90 raise AccessTokenRefreshError(content) |
OLD | NEW |