def get_gcloud(ctx, version: str= 'v1'):
"""
Get a configured Google Compute API Client instance.
Note that the Google API Client is not threadsafe. Cache the instance locally
if you want to avoid OAuth overhead between calls.
Parameters
----------
version
Compute API version
"""
SCOPES = 'https://www.googleapis.com/auth/compute'
credentials = None
if ctx.config.get('gcloud_json_keyfile_name'):
credentials = ServiceAccountCredentials.from_json_keyfile_name(
ctx.config.get('gcloud_json_keyfile_name'),
scopes=SCOPES)
if ctx.config.get('gcloud_json_keyfile_string'):
keyfile = json.loads(ctx.config.get('gcloud_json_keyfile_string'))
credentials = ServiceAccountCredentials.from_json_keyfile_dict(
keyfile, scopes=SCOPES)
if not credentials:
credentials = GoogleCredentials.get_application_default()
if not credentials:
raise RuntimeError("Auth for Google Cloud was not configured")
compute = discovery.build(
'compute',
version,
credentials=credentials,
# https://github.com/google/google-api-python-client/issues/299#issuecomment-268915510
cache_discovery=False
)
return compute
python类from_json_keyfile_name()的实例源码
def _get_credentials():
if Spreadsheets.credentials is None:
Spreadsheets.credentials = ServiceAccountCredentials.from_json_keyfile_name(
filename=Config.OAUTH_CREDENTIALS_JSON,
scopes=SCOPES
)
def get_vision_service():
credentials = ServiceAccountCredentials.from_json_keyfile_name(
os.path.join(resources.__path__[0], 'vapi-acct.json'), SCOPES)
return discovery.build('vision', 'v1', credentials=credentials)
def get_cloudml_service():
credentials = ServiceAccountCredentials.from_json_keyfile_name(
os.path.join(resources.__path__[0], 'vapi-acct.json'), SCOPES)
return discovery.build('ml', 'v1', credentials=credentials)
def reciever():
# use creds to create a client to interact with the Google Drive API
scope = ['https://spreadsheets.google.com/feeds']
creds = ServiceAccountCredentials.from_json_keyfile_name('Lemur-key.json', scope)
client = gspread.authorize(creds)
sheet = client.open("Lemur Responses").sheet1
receipents = filter(None, sheet.col_values(3)[1:])
return receipents
def authorize(outh_file='client_secret.json', outh_creds_store=None, outh_nonlocal=False, service_file=None,
credentials=None, **client_kwargs):
"""Login to Google API using OAuth2 credentials.
This function instantiates :class:`Client` and performs authentication.
:param outh_file: path to outh2 credentials file, or tokens file
:param outh_creds_store: path to directory where tokens should be stored
'global' if you want to store in system-wide location
None if you want to store in current script directory
:param outh_nonlocal: if the authorization should be done in another computer,
this will provide a url which when run will ask for credentials
:param service_file: path to service credentials file
:param credentials: outh2 credentials object
:param no_cache: (http client arg) do not ask http client to use a cache in tmp dir, useful for environments where
filesystem access prohibited
default: False
:returns: :class:`Client` instance.
"""
# @TODO handle exceptions
if not credentials:
if service_file:
with open(service_file) as data_file:
data = jload(data_file)
print('service_email : '+str(data['client_email']))
credentials = ServiceAccountCredentials.from_json_keyfile_name(service_file, SCOPES)
elif outh_file:
credentials = get_outh_credentials(client_secret_file=outh_file, credential_dir=outh_creds_store,
outh_nonlocal=outh_nonlocal)
else:
raise AuthenticationError
rclient = Client(oauth=credentials, **client_kwargs)
return rclient
# @TODO
def __create_signed_url_for_resource(
self,
verb="GET",
bucket=None,
file_key=None,
duration=config.storage_signed_url_duration,
creds_file_path=config.gcp_creds_file_path,
):
"""
Create and return a signed URL for retrieving the specified file from GCP.
:param verb: The HTTP verb for the signed request.
:param bucket: The bucket where the file resides.
:param file_key: The key where the file resides within the bucket.
:param duration: The amount of time in seconds that the URL should be valid for.
:param creds_file_path: The local file path to where the GCP credentials to use to sign
the URL reside.
:return: A signed URL that can be used to retrieve the referenced file's contents.
"""
to_sign, expires_epoch = self.__get_signing_content_for_resource(
verb=verb,
bucket=bucket,
file_key=file_key,
duration=duration,
)
creds = ServiceAccountCredentials.from_json_keyfile_name(creds_file_path)
client_id = creds.service_account_email
signed_blob = creds.sign_blob(to_sign)[1]
encoded_sig = b64encode(signed_blob).replace("+", "%2B").replace("/", "%2F")
resource_url = "%s%s/%s" % (
self.base_url,
bucket,
file_key,
)
return "%s?GoogleAccessId=%s&Expires=%s&Signature=%s" % (
resource_url,
client_id,
expires_epoch,
encoded_sig,
)
def make_stub(options):
"""Helper function for making a stub to talk to service."""
if not stackdriver_available:
raise ImportError(
'You must "pip install google-api-python-client oauth2client" to get the stackdriver client library.')
stackdriver_config = options.get('stackdriver', {})
credentials_path = options.get('credentials_path', None)
if credentials_path is None:
credentials_path = stackdriver_config.get('credentials_path')
if credentials_path:
credentials_path = os.path.expandvars(credentials_path)
http = httplib2.Http()
http = apiclient.http.set_user_agent(
http, 'SpinnakerStackdriverAgent/0.001')
if credentials_path:
logging.info('Using Stackdriver Credentials from "%s"', credentials_path)
credentials = ServiceAccountCredentials.from_json_keyfile_name(
credentials_path, scopes=StackdriverMetricsService.WRITE_SCOPE)
else:
logging.info('Using Stackdriver Credentials from application default.')
credentials = GoogleCredentials.get_application_default()
http = credentials.authorize(http)
developer_key = os.environ.get('STACKDRIVER_API_KEY',
options.get('stackdriver', {}).get('api_key'))
if developer_key:
url = 'https://monitoring.googleapis.com/$discovery/rest?labels=DASHBOARD_TRUSTED_TESTER&key=' + developer_key
return apiclient.discovery.build(
'monitoring', 'v3', http=http,
discoveryServiceUrl=url)
else:
return apiclient.discovery.build('monitoring', 'v3', http=http)
def __init__(self, project_id, credential_path):
self.credential_path = credential_path
self.project_id = project_id
scopes = ['https://www.googleapis.com/auth/bigquery']
credentials = ServiceAccountCredentials.from_json_keyfile_name(
credential_path, scopes)
http_auth = credentials.authorize(Http())
bigquery = build('bigquery', 'v2', http=http_auth)
self.bigquery = bigquery
def _get_authorized_http(self):
if self.creds_file:
credentials = ServiceAccountCredentials.from_json_keyfile_name(self.creds_file, [SCOPE])
return credentials.authorize(httplib2.Http())
else:
return httplib2.Http()
register_service_account.py 文件源码
项目:firecloud-tools
作者: broadinstitute
项目源码
文件源码
阅读 14
收藏 0
点赞 0
评论 0
def main():
# The main argument parser
parser = DefaultArgsParser(description="Register a service account for use in FireCloud.")
# Core application arguments
parser.add_argument('-j', '--json_credentials', dest='json_credentials', action='store', required=True, help='Path to the json credentials file for this service account.')
parser.add_argument('-e', '--owner_email', dest='owner_email', action='store', required=True, help='Email address of the person who owns this service account')
args = parser.parse_args()
from oauth2client.service_account import ServiceAccountCredentials
scopes = ['https://www.googleapis.com/auth/userinfo.profile', 'https://www.googleapis.com/auth/userinfo.email']
credentials = ServiceAccountCredentials.from_json_keyfile_name(args.json_credentials, scopes=scopes)
headers = {"Authorization": "bearer " + credentials.get_access_token().access_token}
headers["User-Agent"] = firecloud_api.FISS_USER_AGENT
uri = "https://api.firecloud.org/register/profile"
profile_json = {"firstName":"None", "lastName": "None", "title":"None", "contactEmail":args.owner_email,
"institute":"None", "institutionalProgram": "None", "programLocationCity": "None", "programLocationState": "None",
"programLocationCountry": "None", "pi": "None", "nonProfitStatus": "false"}
request = requests.post(uri, headers=headers, json=profile_json)
if request.status_code == 200:
print "The service account %s is now registered with FireCloud. You can share workspaces with this address, or use it to call APIs." % credentials._service_account_email
else:
fail("Unable to register service account: %s" % request.text)
def auth_gss_client(path, scopes):
credentials = ServiceAccountCredentials.from_json_keyfile_name('webapp/auth.json', scopes)
return gspread.authorize(credentials)
def load(self):
"""
Load table data from a Google Spreadsheet.
This method consider :py:attr:`.source` as a path to the
credential JSON file to access Google Sheets API.
The method automatically search the header row start from
:py:attr:`.start_row`. The condition of the header row is that
all of the columns have value (except empty columns).
:return:
Loaded table data. Return one |TableData| for each sheet in
the workbook. The table name for data will be determined by
:py:meth:`~.GoogleSheetsTableLoader.make_table_name`.
:rtype: iterator of |TableData|
:raises pytablereader.InvalidDataError:
If the header row is not found.
:raises pytablereader.OpenError:
If the spread sheet not found.
"""
import gspread
from oauth2client.service_account import ServiceAccountCredentials
self._validate_table_name()
self._validate_title()
scope = ['https://spreadsheets.google.com/feeds']
credentials = ServiceAccountCredentials.from_json_keyfile_name(
self.source, scope)
gc = gspread.authorize(credentials)
try:
for worksheet in gc.open(self.title).worksheets():
self._worksheet = worksheet
self.__all_values = [row for row in worksheet.get_all_values()]
if self._is_empty_sheet():
continue
try:
self.__strip_empty_col()
except ValueError:
continue
value_matrix = self.__all_values[self._get_start_row_idx():]
try:
header_list = value_matrix[0]
record_list = value_matrix[1:]
except IndexError:
continue
self.inc_table_count()
yield TableData(
self.make_table_name(), header_list, record_list,
quoting_flags=self.quoting_flags)
except gspread.exceptions.SpreadsheetNotFound:
raise OpenError("spreadsheet '{}' not found".format(self.title))
def save_row(self, csv_type, data_type, data):
if data_type == 'entry':
if csv_type == 'run_logger':
tab = 'Runs'
last_column = 'Y'
total = 'AA1'
elif csv_type == 'arena_logger':
tab = 'Arena'
last_column = 'P'
total = 'R1'
elif csv_type == 'summon_logger':
tab = 'Summon'
last_column = 'F'
total = 'H1'
elif csv_type == 'raid_logger':
tab = 'Raid'
last_column = 'K'
total = 'M1'
elif csv_type == 'worldboss_logger':
tab = 'World Boss'
last_column = 'AA'
total = 'AC1'
elif csv_type == 'toa_logger':
tab = 'ToA'
last_column = 'O'
total = 'Q1'
elif csv_type == 'guild_battle_logger':
tab = 'Guild'
last_column = 'S'
total = 'U1'
names, row = data
key_file = self.config['google_key']
sheet_name = self.config['sheet_name']
scope = ['https://spreadsheets.google.com/feeds']
credentials = ServiceAccountCredentials.from_json_keyfile_name(key_file, scope)
gc = gspread.authorize(credentials)
wks = gc.open(sheet_name).worksheet(tab)
line = int(wks.acell(total).value) + 2
cl = wks.range('A%s:%s%s' % (line, last_column, line))
for (i, name) in enumerate(names):
if name in row:
cl[i].value = row[name]
wks.update_cells(cl)
def auth(
self,
client_secrets_file=None,
service_account_file=None,
sub_account=None,
):
"""Athenticate with gcloud application-default credentials."""
if client_secrets_file:
credentials = self.auth_stored_credentials(
client_secrets_file=client_secrets_file,
scopes=self.scopes
)
elif service_account_file:
credentials = ServiceAccountCredentials.from_json_keyfile_name(
service_account_file,
scopes=self.scopes,
)
if sub_account:
credentials = credentials.create_delegated(sub_account)
else:
# get application-default credentials from gcloud
credentials = GoogleCredentials.get_application_default()
self.credentials = credentials
self.http = credentials.authorize(httplib2.Http())
#
# build the various services that we'll need
#
# admin directory
self.admin = build('admin', 'directory_v1', credentials=credentials)
# build a cloud billing API service
self.billing = build('cloudbilling', 'v1', credentials=credentials)
# build a compute API service
self.compute = build('compute', 'v1', credentials=credentials)
self.compute_alpha = build('compute', 'alpha', credentials=credentials)
# build a cloud resource manager API service
self.crm = build('cloudresourcemanager', 'v1', credentials=credentials)
# build an iam API service
self.iam = build('iam', 'v1', credentials=credentials)
# build a service management API service
self.smgt = build('servicemanagement', 'v1', credentials=credentials)
# build a service management API service
self.storage = build('storage', 'v1', credentials=credentials)
def send_log(params, stacktrace=None):
"""Joins the params dict with info like user id and then sends logs."""
scopes = ['https://www.googleapis.com/auth/logging.write']
filename = common.get_resource(
0640, 'resources', 'clusterfuzz-tools-logging.json')
credentials = ServiceAccountCredentials.from_json_keyfile_name(
filename, scopes=scopes)
http_auth = credentials.authorize(Http())
params['version'] = common.get_version()
params['user'] = os.environ.get('USER')
params['sessionId'] = get_session_id()
if 'success' in params:
prefix = ('successfully finished' if params['success'] else
'unsuccessfully finished')
else:
prefix = 'started'
props = [str(params['testcase_id'])]
if params['current']:
props.append('current')
if params['enable_debug']:
props.append('debug')
params['message'] = '%s %s (%s, %s).' % (
params['user'], prefix, params['command'], ', '.join(props))
if stacktrace:
params['message'] += '\n%s' % stacktrace
structure = {
'logName': 'projects/clusterfuzz-tools/logs/client',
'resource': {
'type': 'project',
'labels': {
'project_id': 'clusterfuzz-tools'}},
'entries': [{
'jsonPayload': params,
'severity': 'ERROR' if stacktrace else 'INFO'}]}
http_auth.request(
uri='https://logging.googleapis.com/v2/entries:write',
method='POST',
body=json.dumps(structure))
