third_party/gsutil/plugins/sso_auth.py - Issue 86123002: Adds SSO auth to gsutil

Side by Side Diff: third_party/gsutil/plugins/sso_auth.py

Issue 86123002: Adds SSO auth to gsutil (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/tools/depot_tools

Patch Set: Bypass for upload and if token does not exist Created 7 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 import json
	Vadim Sh. 2013/12/03 01:33:41 nit: Copyright (or license header, don't know...). nit: Copyright (or license header, don't know...). Also module level doc string. Ryan Tseng 2013/12/03 22:57:11 Done. Show quoted text On 2013/12/03 01:33:41, Vadim Sh. wrote: > nit: Copyright (or license header, don't know...). > > Also module level doc string. Done.
	2 import getpass

	3 import os

	4 import re

	5 import urllib2

	6 import subprocess

	7

	8 from boto.auth_handler import AuthHandler

	9 from boto.auth_handler import NotReadyToAuthenticate

	10

	11 CMD = ['stubby', '--proto2', 'call', 'blade:sso', 'CorpLogin.Exchange']
	Vadim Sh. 2013/12/03 01:33:41 nit: newline after CMD nit: newline after CMD Ryan Tseng 2013/12/03 22:57:11 Done. Show quoted text On 2013/12/03 01:33:41, Vadim Sh. wrote: > nit: newline after CMD Done.
	12 STUBBY_CMD = """target: {

	13 scope: GAIA_USER

	14 name: "%s"

	15 }

	16 target_credential: {

	17 type: OAUTH2_TOKEN

	18 oauth2_attributes: {

	19 scope: 'https://www.googleapis.com/auth/devstorage.read_only'

	20 }

	21 }"""

	22

	23

	24 class SSOAuth(AuthHandler):

	25 """SSO based auth handler."""

	26

	27 capability = ['google-oauth2', 's3']
	Vadim Sh. 2013/12/03 01:33:41 Is 's3' necessary here?.. Is 's3' necessary here?.. Ryan Tseng 2013/12/03 22:57:11 Actually it is, for some reason this doesn't get a Show quoted text On 2013/12/03 01:33:41, Vadim Sh. wrote: > Is 's3' necessary here?.. Actually it is, for some reason this doesn't get activated unless 's3' is in there.
	28

	29 def __init__(self, path, config, provider):

	30 if provider.name == 'google' and self.has_prodaccess():

	31 # If we don't have a loas token, then bypass this auth handler.

	32 if subprocess.call('loas_check',

	33 stdout=subprocess.PIPE,

	34 stderr=subprocess.PIPE):

	35 raise NotReadyToAuthenticate()

	36 pass
	Vadim Sh. 2013/12/03 01:33:41 nit: remove 'pass', it looks odd.. nit: remove 'pass', it looks odd.. Ryan Tseng 2013/12/03 22:57:11 Done. Show quoted text On 2013/12/03 01:33:41, Vadim Sh. wrote: > nit: remove 'pass', it looks odd.. Done.
	37 else:

	38 raise NotReadyToAuthenticate()

	39

	40 def GetAccessToken(self):
	Vadim Sh. 2013/12/03 01:33:41 How often is this called? Does it make sense to ca How often is this called? Does it make sense to cache it in some global variable to reuse between requests? I think oauth2 plugin implements in-memory cache for this. Ryan Tseng 2013/12/03 22:57:11 Implemented some simple in-memory + filesystem cac Show quoted text On 2013/12/03 01:33:41, Vadim Sh. wrote: > How often is this called? Does it make sense to cache it in some global variable > to reuse between requests? > > I think oauth2 plugin implements in-memory cache for this. Implemented some simple in-memory + filesystem cache
	41 username = '%s@google.com' % getpass.getuser()

	42 proc = subprocess.Popen(CMD, stdin=subprocess.PIPE, stdout=subprocess.PIPE)

	43 out, err = proc.communicate(STUBBY_CMD % username)

	44 token_match = re.search(r'oauth2_token: "(.*)"$', out)
	Vadim Sh. 2013/12/03 01:33:41 Check process exit code before parsing its output? Check process exit code before parsing its output? I assume stubby returns != 0 in case of error. Ryan Tseng 2013/12/03 22:57:11 Done. Show quoted text On 2013/12/03 01:33:41, Vadim Sh. wrote: > Check process exit code before parsing its output? I assume stubby returns != 0 > in case of error. Done.
	45 if token_match:

	46 return token_match.group(1)

	47 return None
	Vadim Sh. 2013/12/03 01:33:41 Raise some exception instead of returning None. It Raise some exception instead of returning None. It's better to fail early. Otherwise 'Authorization' header will be 'OAuth None', and request will blow up later with 403. Ryan Tseng 2013/12/03 22:57:11 Done. Show quoted text On 2013/12/03 01:33:41, Vadim Sh. wrote: > Raise some exception instead of returning None. It's better to fail early. > > Otherwise 'Authorization' header will be 'OAuth None', and request will blow up > later with 403. Done.
	48

	49 def add_auth(self, http_request):

	50 http_request.headers['Authorization'] = (

	51 'OAuth %s' % self.GetAccessToken())
	Vadim Sh. 2013/12/03 01:33:41 nit: is new line required? looks like it can fit o nit: is new line required? looks like it can fit on same line... Ryan Tseng 2013/12/03 22:57:11 Done. Show quoted text On 2013/12/03 01:33:41, Vadim Sh. wrote: > nit: is new line required? looks like it can fit on same line... Done.
	52

	53 @staticmethod

	54 def has_prodaccess():

	55 for path in os.environ["PATH"].split(os.pathsep):
	Vadim Sh. 2013/12/03 01:33:41 nit: single quote 'PATH' nit: single quote 'PATH' Ryan Tseng 2013/12/03 22:57:11 Done. Show quoted text On 2013/12/03 01:33:41, Vadim Sh. wrote: > nit: single quote 'PATH' Done.
	56 exe_file = os.path.join(path, 'prodaccess')

	57 if os.path.exists(exe_file) and os.access(exe_file, os.X_OK):

	58 return True

	59 return False

OLD	NEW

« third_party/gsutil/gslib/util.py ('K') | « third_party/gsutil/plugins/__init__.py ('k') | upload_to_google_storage.py » ('j') | no next file with comments »