def from_json(cls, json_data):
# TODO(issue 388): eliminate the circularity that is the reason for
# this non-top-level import.
from oauth2client.service_account import ServiceAccountCredentials
data = json.loads(_from_bytes(json_data))
# We handle service_account.ServiceAccountCredentials since it is a
# possible return type of GoogleCredentials.get_application_default()
if (data['_module'] == 'oauth2client.service_account' and
data['_class'] == 'ServiceAccountCredentials'):
return ServiceAccountCredentials.from_json(data)
token_expiry = _parse_expiry(data.get('token_expiry'))
google_credentials = cls(
data['access_token'],
data['client_id'],
data['client_secret'],
data['refresh_token'],
token_expiry,
data['token_uri'],
data['user_agent'],
revoke_uri=data.get('revoke_uri', None))
google_credentials.invalid = data['invalid']
return google_credentials
python类get_application_default()的实例源码
def get_or_create(cls, bucket_name, client=None):
"""
If the bucket exists with this name, get it. Else, create it
:param cls: :class:`gstorage.bucket.Bucket`
:type bucket_name: string
:param bucket_name: name of the bucket
:type client: gcloud.client.Client
:param client: (optional) instance of client to use
:return: :class:`Bucket <Bucket>` object
:raises gcloud.exceptions.BadRequest (400): not a valid bucket name
:raises gcloud.exceptions.Forbidden (403): The credentials are invalid
"""
if not client:
credentials = GoogleCredentials.get_application_default()
client = Client(credentials=credentials)
bucket = cls(client, name=bucket_name)
if not bucket.exists():
bucket.create()
return bucket
def tear_down_gce_cluster(conf):
credentials = GoogleCredentials.get_application_default()
gce = discovery.build("compute", "v1", credentials=credentials)
zone_operations = []
for node in conf["nodes"]:
print("Deleting node on virtual machine {}...".format(node["vmID"]))
zone_operations.append(delete_instance(gce, node["vmID"]))
for op in zone_operations:
while True:
result = gce.zoneOperations().get(project=GCP_PROJECT_ID, zone=GCE_ZONE_ID, operation=op["name"]).execute()
if result["status"] == "DONE":
# if "error" in result: raise Exception(result["error"]) # TODO handle error
print("Deleted node on virtual machine {}".format(result["targetLink"].split("/")[-1]))
break
sleep(1)
print("Cluster torn down correctly. Bye!")
def __init__(self, access_token, client_id, client_secret, refresh_token,
token_expiry, token_uri, user_agent,
revoke_uri=GOOGLE_REVOKE_URI):
"""Create an instance of GoogleCredentials.
This constructor is not usually called by the user, instead
GoogleCredentials objects are instantiated by
GoogleCredentials.from_stream() or
GoogleCredentials.get_application_default().
Args:
access_token: string, access token.
client_id: string, client identifier.
client_secret: string, client secret.
refresh_token: string, refresh token.
token_expiry: datetime, when the access_token expires.
token_uri: string, URI of token endpoint.
user_agent: string, The HTTP User-Agent to provide for this application.
revoke_uri: string, URI for revoke endpoint.
Defaults to GOOGLE_REVOKE_URI; a token can't be revoked if this is None.
"""
super(GoogleCredentials, self).__init__(
access_token, client_id, client_secret, refresh_token, token_expiry,
token_uri, user_agent, revoke_uri=revoke_uri)
def __init__(self, access_token, client_id, client_secret, refresh_token,
token_expiry, token_uri, user_agent,
revoke_uri=GOOGLE_REVOKE_URI):
"""Create an instance of GoogleCredentials.
This constructor is not usually called by the user, instead
GoogleCredentials objects are instantiated by
GoogleCredentials.from_stream() or
GoogleCredentials.get_application_default().
Args:
access_token: string, access token.
client_id: string, client identifier.
client_secret: string, client secret.
refresh_token: string, refresh token.
token_expiry: datetime, when the access_token expires.
token_uri: string, URI of token endpoint.
user_agent: string, The HTTP User-Agent to provide for this application.
revoke_uri: string, URI for revoke endpoint.
Defaults to GOOGLE_REVOKE_URI; a token can't be revoked if this is None.
"""
super(GoogleCredentials, self).__init__(
access_token, client_id, client_secret, refresh_token, token_expiry,
token_uri, user_agent, revoke_uri=revoke_uri)
def __init__(self, access_token, client_id, client_secret, refresh_token,
token_expiry, token_uri, user_agent,
revoke_uri=GOOGLE_REVOKE_URI):
"""Create an instance of GoogleCredentials.
This constructor is not usually called by the user, instead
GoogleCredentials objects are instantiated by
GoogleCredentials.from_stream() or
GoogleCredentials.get_application_default().
Args:
access_token: string, access token.
client_id: string, client identifier.
client_secret: string, client secret.
refresh_token: string, refresh token.
token_expiry: datetime, when the access_token expires.
token_uri: string, URI of token endpoint.
user_agent: string, The HTTP User-Agent to provide for this application.
revoke_uri: string, URI for revoke endpoint.
Defaults to GOOGLE_REVOKE_URI; a token can't be revoked if this is None.
"""
super(GoogleCredentials, self).__init__(
access_token, client_id, client_secret, refresh_token, token_expiry,
token_uri, user_agent, revoke_uri=revoke_uri)
def get_google_service(service_type=None,version=None):
'''
get_google service will use the requests library to get a url
:param service_type: the service to get (default is storage)
:param version: version to use (default is v1)
'''
if service_type == None:
service_type = "sheets"
if version == None:
version = "v4"
secrets=os.environ.get('GOOGLE_SHEETS_CREDENTIALS')
if secrets is not None:
return get_authenticated_service(secrets, service_type, version)
credentials = GoogleCredentials.get_application_default()
return discovery.build(service_type, version, credentials=credentials)
def get_google_service(service_type=None,version=None):
'''
get_url will use the requests library to get a url
:param service_type: the service to get (default is storage)
:param version: version to use (default is v1)
'''
if service_type == None:
service_type = "storage"
if version == None:
version = "v1"
credentials = GoogleCredentials.get_application_default()
return discovery.build(service_type, version, credentials=credentials)
#######################################################################
# METADATA ############################################################
#######################################################################
def send_log(params, success):
"""Send a log to Stackdriver with the result of a testcase run."""
credentials = GoogleCredentials.get_application_default()
http_auth = credentials.authorize(Http())
structure = {
'logName': 'projects/%s/logs/ci' % os.environ['PROJECT_ID'],
'resource': {
'type': 'project',
'labels': {
'project_id': os.environ['PROJECT_ID']}},
'entries': [{
'jsonPayload': params,
'severity': 'INFO' if success else 'ERROR'}]}
http_auth.request(
uri='https://logging.googleapis.com/v2/entries:write',
method='POST',
body=json.dumps(structure))
def main():
takephoto() # First take a picture
"""Run a label request on a single image"""
credentials = GoogleCredentials.get_application_default()
service = discovery.build('vision', 'v1', credentials=credentials)
with open('image.jpg', 'rb') as image:
image_content = base64.b64encode(image.read())
service_request = service.images().annotate(body={
'requests': [{
'image': {
'content': image_content.decode('UTF-8')
},
'features': [{
'type': 'FACE_DETECTION',
'maxResults': 10
}]
}]
})
response = service_request.execute()
print json.dumps(response, indent=4, sort_keys=True) #Print it out and make it somewhat pretty.
def main():
takephoto() # First take a picture
"""Run a label request on a single image"""
credentials = GoogleCredentials.get_application_default()
service = discovery.build('vision', 'v1', credentials=credentials)
with open('image.jpg', 'rb') as image:
image_content = base64.b64encode(image.read())
service_request = service.images().annotate(body={
'requests': [{
'image': {
'content': image_content.decode('UTF-8')
},
'features': [{
'type': 'LABEL_DETECTION',
'maxResults': 10
}]
}]
})
response = service_request.execute()
print json.dumps(response, indent=4, sort_keys=True) #Print it out and make it somewhat pretty.
def __init__(self, access_token, client_id, client_secret, refresh_token,
token_expiry, token_uri, user_agent,
revoke_uri=GOOGLE_REVOKE_URI):
"""Create an instance of GoogleCredentials.
This constructor is not usually called by the user, instead
GoogleCredentials objects are instantiated by
GoogleCredentials.from_stream() or
GoogleCredentials.get_application_default().
Args:
access_token: string, access token.
client_id: string, client identifier.
client_secret: string, client secret.
refresh_token: string, refresh token.
token_expiry: datetime, when the access_token expires.
token_uri: string, URI of token endpoint.
user_agent: string, The HTTP User-Agent to provide for this application.
revoke_uri: string, URI for revoke endpoint.
Defaults to GOOGLE_REVOKE_URI; a token can't be revoked if this is None.
"""
super(GoogleCredentials, self).__init__(
access_token, client_id, client_secret, refresh_token, token_expiry,
token_uri, user_agent, revoke_uri=revoke_uri)
def __init__(self, config_file):
self.config = yaml.load(open(config_file, 'r').read())
self.PROJECT_ID = self.config['GCE_PROJECT_ID']
self.GOOGLE_APPLICATION_CREDENTIALS = self.config['GCE_GOOGLE_APPLICATION_CREDENTIALS']
self.SNAPSHOT_SOURCE = self.config['GCE_SNAPSHOT_SOURCE']
self.MACHINE_TYPE = self.config['GCE_MACHINE_TYPE']
self.DISK_TYPE = self.config['GCE_DISK_TYPE']
self.ZONE_LIST = self.config['GCE_ZONE_LIST'].split(' ')
self.MIN_INSTANCE_COUNT = self.config['GCE_MIN_INSTANCE_COUNT']
self.MIN_ZONE_SPREAD_COUNT = self.config['GCE_MIN_ZONE_SPREAD_COUNT']
self.NON_PREEMPTIBLE_INSTANCE_MIN_ALIVE_HOUR = self.config['GCE_NON_PREEMPTIBLE_INSTANCE_MIN_ALIVE_HOUR']
self.PREEMPTIBLE_HIGH_DEMAND_ZONE_THRESHOLD = self.config['GCE_PREEMPTIBLE_HIGH_DEMAND_ZONE_THRESHOLD']
self.SLACKBOT_API_TOKEN = self.config['GCE_SLACKBOT_API_TOKEN']
self.SLACKBOT_LOGGING_CHANNEL = self.config['GCE_SLACKBOT_LOGGING_CHANNEL']
self.SLACKBOT_USER_LIST = self.config['GCE_SLACKBOT_USER_LIST'].split(' ')
self.EXCLUDED_INSTANCE_LIST = self.config['GCE_EXCLUDED_INSTANCE_LIST'].split(' ')
self.INSTANCE_NAME_PREFIX_LIST = self.config['GCE_INSTANCE_NAME_PREFIX_LIST'].split(' ')
self.INSTANCE_TAG_LIST = self.config['GCE_INSTANCE_TAG_LIST'].split(' ')
self.EMAIL_RECIPIENT_LIST = self.config['GCE_EMAIL_RECIPIENT_LIST'].split(' ')
os.environ["GOOGLE_APPLICATION_CREDENTIALS"] = self.GOOGLE_APPLICATION_CREDENTIALS
self.credentials = GoogleCredentials.get_application_default()
def authcheck():
scope='https://www.googleapis.com/auth/userinfo.email'
try:
credentials = GoogleCredentials.get_application_default()
if credentials.create_scoped_required():
credentials = credentials.create_scoped(scope)
except ApplicationDefaultCredentialsError:
return "Unable to acquire application default credentials"
http = httplib2.Http()
credentials.authorize(http)
service = build(serviceName='oauth2', version= 'v2',http=http)
resp = service.userinfo().get().execute()
return resp['email']
def _get_bigquery_service(self):
"""
Connect to the BigQuery service.
Calling ``GoogleCredentials.get_application_default`` requires that
you either be running in the Google Cloud, or have the
``GOOGLE_APPLICATION_CREDENTIALS`` environment variable set to the path
to a credentials JSON file.
:return: authenticated BigQuery service connection object
:rtype: `googleapiclient.discovery.Resource <http://google.github.io/\
google-api-python-client/docs/epy/googleapiclient.discovery.\
Resource-class.html>`_
"""
logger.debug('Getting Google Credentials')
credentials = GoogleCredentials.get_application_default()
logger.debug('Building BigQuery service instance')
bigquery_service = build('bigquery', 'v2', credentials=credentials)
return bigquery_service
def __init__(self, access_token, client_id, client_secret, refresh_token,
token_expiry, token_uri, user_agent,
revoke_uri=GOOGLE_REVOKE_URI):
"""Create an instance of GoogleCredentials.
This constructor is not usually called by the user, instead
GoogleCredentials objects are instantiated by
GoogleCredentials.from_stream() or
GoogleCredentials.get_application_default().
Args:
access_token: string, access token.
client_id: string, client identifier.
client_secret: string, client secret.
refresh_token: string, refresh token.
token_expiry: datetime, when the access_token expires.
token_uri: string, URI of token endpoint.
user_agent: string, The HTTP User-Agent to provide for this application.
revoke_uri: string, URI for revoke endpoint.
Defaults to GOOGLE_REVOKE_URI; a token can't be revoked if this is None.
"""
super(GoogleCredentials, self).__init__(
access_token, client_id, client_secret, refresh_token, token_expiry,
token_uri, user_agent, revoke_uri=revoke_uri)
def get_google_service(service_type=None,version=None):
'''
get_url will use the requests library to get a url
:param service_type: the service to get (default is storage)
:param version: version to use (default is v1)
'''
if service_type == None:
service_type = "storage"
if version == None:
version = "v1"
credentials = GoogleCredentials.get_application_default()
return build(service_type, version, credentials=credentials)
##########################################################################################
# GOOGLE STORAGE API #####################################################################
##########################################################################################
def wait_operation(operation):
# NOT thread safe
credentials = GoogleCredentials.get_application_default()
compute = discovery.build('compute', 'v1', credentials=credentials)
# Wait for confirmation that the instance is created
while True:
result = compute.zoneOperations().get(
project=project,
zone=zone,
operation=operation['name']).execute()
if result['status'] == 'DONE':
return False if ('error' in result) else True
sys.stdout.write(".")
sys.stdout.flush()
time.sleep(2)
# [END wait_operation]
# [START list_instances]
def list_instances(project, zone, globalinstances, distro, includeterm):
# NOT thread safe
credentials = GoogleCredentials.get_application_default()
compute = discovery.build('compute', 'v1', credentials=credentials)
result = compute.instances().list(project=project, zone=zone).execute()
if ('items' in result):
print('%s instances in zone %s:' % (project, zone))
instancenames = []
name = prefix + '-' + distro
if not globalinstances:
name += '-' + format(str(uuid.getnode())[:8:-1])
for instance in result['items']:
if name in instance['name']:
print(' - ' + instance['name'] + ' - ' + instance['status'])
if (instance['status'] == 'RUNNING' or includeterm):
instancenames.append(instance['name'])
return instancenames if (len(instancenames) > 0) else False
return False
# [END list_instances]
# [START check_gceproject]
def __init__(self, access_token, client_id, client_secret, refresh_token,
token_expiry, token_uri, user_agent,
revoke_uri=GOOGLE_REVOKE_URI):
"""Create an instance of GoogleCredentials.
This constructor is not usually called by the user, instead
GoogleCredentials objects are instantiated by
GoogleCredentials.from_stream() or
GoogleCredentials.get_application_default().
Args:
access_token: string, access token.
client_id: string, client identifier.
client_secret: string, client secret.
refresh_token: string, refresh token.
token_expiry: datetime, when the access_token expires.
token_uri: string, URI of token endpoint.
user_agent: string, The HTTP User-Agent to provide for this application.
revoke_uri: string, URI for revoke endpoint.
Defaults to GOOGLE_REVOKE_URI; a token can't be revoked if this is None.
"""
super(GoogleCredentials, self).__init__(
access_token, client_id, client_secret, refresh_token, token_expiry,
token_uri, user_agent, revoke_uri=revoke_uri)
def test_main(cloud_config, monkeypatch, capsys):
installed_app.CLIENT_SECRETS = cloud_config.client_secrets
# Replace the user credentials flow with Application Default Credentials.
# Unfortunately, there's no easy way to fully test the user flow.
def mock_run_flow(flow, storage, args):
return GoogleCredentials.get_application_default()
monkeypatch.setattr(installed_app.tools, 'run_flow', mock_run_flow)
args = Namespace(
project_id=cloud_config.project,
logging_level='INFO',
noauth_local_webserver=True)
installed_app.main(args)
out, _ = capsys.readouterr()
assert re.search(re.compile(
r'bigquery#datasetList', re.DOTALL), out)
def analyze_syntax(text):
"""Use the NL API to analyze the given text string, and returns the
response from the API. Requests an encodingType that matches
the encoding used natively by Python. Raises an
errors.HTTPError if there is a connection problem.
"""
credentials = GoogleCredentials.get_application_default()
scoped_credentials = credentials.create_scoped(
['https://www.googleapis.com/auth/cloud-platform'])
http = httplib2.Http()
scoped_credentials.authorize(http)
service = discovery.build(
'language', 'v1beta1', http=http)
body = {
'document': {
'type': 'PLAIN_TEXT',
'content': text,
},
'features': {
'extract_syntax': True,
},
'encodingType': get_native_encoding_type(),
}
request = service.documents().annotateText(body=body)
return request.execute()
def __init__(self, access_token, client_id, client_secret, refresh_token,
token_expiry, token_uri, user_agent,
revoke_uri=GOOGLE_REVOKE_URI):
"""Create an instance of GoogleCredentials.
This constructor is not usually called by the user, instead
GoogleCredentials objects are instantiated by
GoogleCredentials.from_stream() or
GoogleCredentials.get_application_default().
Args:
access_token: string, access token.
client_id: string, client identifier.
client_secret: string, client secret.
refresh_token: string, refresh token.
token_expiry: datetime, when the access_token expires.
token_uri: string, URI of token endpoint.
user_agent: string, The HTTP User-Agent to provide for this application.
revoke_uri: string, URI for revoke endpoint.
Defaults to GOOGLE_REVOKE_URI; a token can't be revoked if this is None.
"""
super(GoogleCredentials, self).__init__(
access_token, client_id, client_secret, refresh_token, token_expiry,
token_uri, user_agent, revoke_uri=revoke_uri)
def __init__(self, access_token, client_id, client_secret, refresh_token,
token_expiry, token_uri, user_agent,
revoke_uri=GOOGLE_REVOKE_URI):
"""Create an instance of GoogleCredentials.
This constructor is not usually called by the user, instead
GoogleCredentials objects are instantiated by
GoogleCredentials.from_stream() or
GoogleCredentials.get_application_default().
Args:
access_token: string, access token.
client_id: string, client identifier.
client_secret: string, client secret.
refresh_token: string, refresh token.
token_expiry: datetime, when the access_token expires.
token_uri: string, URI of token endpoint.
user_agent: string, The HTTP User-Agent to provide for this application.
revoke_uri: string, URI for revoke endpoint.
Defaults to GOOGLE_REVOKE_URI; a token can't be revoked if this is None.
"""
super(GoogleCredentials, self).__init__(
access_token, client_id, client_secret, refresh_token, token_expiry,
token_uri, user_agent, revoke_uri=revoke_uri)
def flush(self):
if not self.entries:
return
for _repeat in range(6):
try:
self.body['entries'] = self.entries
resp = self.connection.entries().write(
body=self.body).execute()
self.entries = []
break
except IOError as e:
sleep(_repeat * 2 + 1)
if e.errno == errno.EPIPE:
credentials = GoogleCredentials.get_application_default()
self.connection = build('logging', 'v2beta1', credentials=credentials)
except Exception:
sleep(_repeat * 2 + 5)
def Write(gs_path, data, suffix='.txt'):
"""Writes data to the cloud."""
credentials = GoogleCredentials.get_application_default()
service = discovery.build('storage', 'v1', credentials=credentials)
bucket_name, object_name = gs_path[5:].split('/', 1)
logging.info('Uploading file: %s/%s', bucket_name, object_name)
# Save the data off into a temp file.
tfile = tempfile.NamedTemporaryFile(delete=False, suffix=suffix)
tfile.write(data)
tfile.close()
# Upload the data.
logging.info('filename: %s %s %s', tfile.name, object_name, bucket_name)
req = service.objects().insert(media_body=tfile.name, name=object_name,
bucket=bucket_name)
_ = req.execute()
# Cleanup.
os.remove(tfile.name)
def delete(config, disk_name=None, disk_zone=None): # TODO: implement
# submit a request to the gce api for a new disk with the given parameters
# if inputs is not None, run a pipeline job to populate the disk
projectId = config.project_id
zones = [disk_zone if disk_zone is not None else x for x in config.zones.split(',')]
credentials = GoogleCredentials.get_application_default()
http = credentials.authorize(httplib2.Http())
if credentials.access_token_expired:
credentials.refresh(http)
gce = discovery.build('compute', 'v1', http=http)
for z in zones:
try:
resp = gce.disks().delete(project=projectId, zone=z, disk=disk_name).execute()
except HttpError as e:
raise DataDiskError("Couldn't delete data disk {n}: {reason}".format(n=disk_name, reason=e))
while True:
try:
result = gce.zoneOperations().get(project=projectId, zone=z, operation=resp['name']).execute()
except HttpError:
break
else:
if result['status'] == 'DONE':
break
def create(apiName, apiVersion):
credentials = GoogleCredentials.get_application_default()
http = credentials.authorize(httplib2.Http())
if credentials.access_token_expired:
credentials.refresh(http)
return discovery.build(apiName, apiVersion, http)
def get_gcloud_storage():
credentials = GoogleCredentials.get_application_default()
return discovery.build('storage', 'v1', credentials=credentials)
def create_bq_client(project_name, http=None):
credentials = GoogleCredentials.get_application_default()
return bigquery_get_client(project_name, credentials = credentials)
