Adds SSO auth to gsutil

third_party/gsutil/gslib/command.py

 # Copyright 2010 Google Inc. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
@@ skipping 151 matching lines @@
   """
   test_steps = []
 
   # Define a convenience property for command name, since it's used many places.
   def _GetDefaultCommandName(self):
     return self.command_spec[COMMAND_NAME]
   command_name = property(_GetDefaultCommandName)
 
   def __init__(self, command_runner, args, headers, debug, parallel_operations,
                gsutil_bin_dir, boto_lib_dir, config_file_list, gsutil_ver,
-               bucket_storage_uri_class, test_method=None):
+               bucket_storage_uri_class, test_method=None,
+               bypass_prodaccess=True):

[Vadim Sh., 2013/12/03 01:33:41]

nit: add it to Args section in doc string.

[Ryan Tseng, 2013/12/03 22:57:11]

Done.

     """
     Args:
       command_runner: CommandRunner (for commands built atop other commands).
       args: Command-line args (arg0 = actual arg, not command name ala bash).
       headers: Dictionary containing optional HTTP headers to pass to boto.
       debug: Debug level to pass in to boto connection (range 0..3).
       parallel_operations: Should command operations be executed in parallel?
       gsutil_bin_dir: Bin dir from which gsutil is running.
       boto_lib_dir: Lib dir where boto runs.
       config_file_list: Config file list returned by _GetBotoConfigFileList().
@@ skipping 19 matching lines @@
     self.parallel_operations = parallel_operations
     self.gsutil_bin_dir = gsutil_bin_dir
     self.boto_lib_dir = boto_lib_dir
     self.config_file_list = config_file_list
     self.gsutil_ver = gsutil_ver
     self.bucket_storage_uri_class = bucket_storage_uri_class
     self.test_method = test_method
     self.exclude_symlinks = False
     self.recursion_requested = False
     self.all_versions = False
+    self.bypass_prodaccess = bypass_prodaccess
 
     # Process sub-command instance specifications.
     # First, ensure subclass implementation sets all required keys.
     for k in self.REQUIRED_SPEC_KEYS:
       if k not in self.command_spec or self.command_spec[k] is None:
         raise CommandException('"%s" command implementation is missing %s '
                                'specification' % (self.command_name, k))
     # Now override default command_spec with subclass-specified values.
     tmp = self._default_command_spec
     tmp.update(self.command_spec)
@@ skipping 114 matching lines @@
     storage_uri = self.UrisAreForSingleProvider(uri_args)
     if not storage_uri:
       raise CommandException('"%s" command spanning providers not allowed.' %
                              self.command_name)
 
     # Determine whether acl_arg names a file containing XML ACL text vs. the
     # string name of a canned ACL.
     if os.path.isfile(acl_arg):
       acl_file = open(acl_arg, 'r')
       acl_arg = acl_file.read()
-      
+
       # TODO: Remove this workaround when GCS allows
-      # whitespace in the Permission element on the server-side 
+      # whitespace in the Permission element on the server-side
       acl_arg = re.sub(r'<Permission>\s*(\S+)\s*</Permission>',
                        r'<Permission>\1</Permission>', acl_arg)
 
       acl_file.close()
       self.canned = False
     else:
       # No file exists, so expect a canned ACL string.
       canned_acls = storage_uri.canned_acls()
       if acl_arg not in canned_acls:
         raise CommandException('Invalid canned ACL "%s".' % acl_arg)
@@ skipping 276 matching lines @@
       True if args_to_check contains any provider URIs.
     """
     for uri_str in args_to_check:
       if re.match('^[a-z]+://$', uri_str):
         return True
     return False
 
   def _ConfigureNoOpAuthIfNeeded(self):
     """Sets up no-op auth handler if no boto credentials are configured."""
     config = boto.config
-    if not util.HasConfiguredCredentials():
+    if not util.HasConfiguredCredentials(self.bypass_prodaccess):
       if self.config_file_list:
         if (config.has_option('Credentials', 'gs_oauth2_refresh_token')
             and not HAVE_OAUTH2):
           raise CommandException(
               'Your gsutil is configured with OAuth2 authentication '
               'credentials.\nHowever, OAuth2 is only supported when running '
               'under Python 2.6 or later\n(unless additional dependencies are '
               'installed, see README for details); you are running Python %s.' %
               sys.version)
         raise CommandException('You have no storage service credentials in any '
@@ skipping 57 matching lines @@
       if num_threads > 1:
         thread_pool.WaitCompletion()
     finally:
       if num_threads > 1:
         thread_pool.Shutdown()
     # If any shared variables (which means we are running in a separate OS
     # process), increment value for each shared variable.
     if shared_vars:
       for (name, var) in shared_vars.items():
         var.value += getattr(self, name)