| OLD | NEW |
|---|
| (Empty) | |
| 1 import json |
| 2 import getpass |
| 3 import os |
| 4 import re |
| 5 import urllib2 |
| 6 import subprocess |
| 7 |
| 8 from boto.auth_handler import AuthHandler |
| 9 from boto.auth_handler import NotReadyToAuthenticate |
| 10 |
| 11 CMD = ['stubby', '--proto2', 'call', 'blade:sso', 'CorpLogin.Exchange'] |
| 12 STUBBY_CMD = """target: { |
| 13 scope: GAIA_USER |
| 14 name: "%s" |
| 15 } |
| 16 target_credential: { |
| 17 type: OAUTH2_TOKEN |
| 18 oauth2_attributes: { |
| 19 scope: 'https://www.googleapis.com/auth/devstorage.read_only' |
| 20 } |
| 21 }""" |
| 22 |
| 23 |
| 24 class SSOAuth(AuthHandler): |
| 25 """SSO based auth handler.""" |
| 26 |
| 27 capability = ['google-oauth2', 's3'] |
| 28 |
| 29 def __init__(self, path, config, provider): |
| 30 if provider.name == 'google' and self.has_prodaccess(): |
| 31 pass |
| 32 else: |
| 33 raise NotReadyToAuthenticate() |
| 34 |
| 35 def GetAccessToken(self): |
| 36 username = '%s@google.com' % getpass.getuser() |
| 37 proc = subprocess.Popen(CMD, stdin=subprocess.PIPE, stdout=subprocess.PIPE) |
| 38 out, err = proc.communicate(STUBBY_CMD % username) |
| 39 token_match = re.search(r'oauth2_token: "(.*)"$', out) |
| 40 if token_match: |
| 41 return token_match.group(1) |
| 42 return None |
| 43 |
| 44 def add_auth(self, http_request): |
| 45 http_request.headers['Authorization'] = ( |
| 46 'OAuth %s' % self.GetAccessToken()) |
| 47 |
| 48 @staticmethod |
| 49 def has_prodaccess(): |
| 50 for path in os.environ["PATH"].split(os.pathsep): |
| 51 exe_file = os.path.join(path, 'prodaccess') |
| 52 if os.path.exists(exe_file) and os.access(exe_file, os.X_OK): |
| 53 return True |
| 54 return False |
| OLD | NEW |
|---|
Chromium Code Reviews