Python google.auth() Examples
The following are 30 code examples for showing how to use google.auth(). These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example.
You may check out the related API usage on the sidebar.
You may also want to check out all available functions/classes of the module
google
, or try the search function
.
Example 1
Project: dsub Author: DataBiosphere File: google_base.py License: Apache License 2.0 | 6 votes |
def retry_auth_check(exception, verbose): """Specific check for auth error codes. Return True if we should retry. False otherwise. Args: exception: An exception to test for transience. verbose: If true, output retry messages Returns: True if we should retry. False otherwise. """ if isinstance(exception, googleapiclient.errors.HttpError): if exception.resp.status in HTTP_AUTH_ERROR_CODES: _print_retry_error(exception, verbose) return True return False
Example 2
Project: dsub Author: DataBiosphere File: google_base.py License: Apache License 2.0 | 6 votes |
def setup_service(api_name, api_version, credentials=None): """Configures genomics API client. Args: api_name: Name of the Google API (for example: "genomics") api_version: Version of the API (for example: "v2alpha1") credentials: Credentials to be used for the gcloud API calls. Returns: A configured Google Genomics API client with appropriate credentials. """ # dsub is not a server application, so it is ok to filter this warning. warnings.filterwarnings( 'ignore', 'Your application has authenticated using end user credentials') if not credentials: credentials, _ = google.auth.default() return googleapiclient.discovery.build( api_name, api_version, credentials=credentials)
Example 3
Project: airflow Author: apache File: test_base_google.py License: Apache License 2.0 | 6 votes |
def test_default_creds_with_scopes(self): self.instance.extras = { 'extra__google_cloud_platform__project': default_project, 'extra__google_cloud_platform__scope': ( ','.join( ( 'https://www.googleapis.com/auth/bigquery', 'https://www.googleapis.com/auth/devstorage.read_only', ) ) ), } credentials = self.instance._get_credentials() if not hasattr(credentials, 'scopes') or credentials.scopes is None: # Some default credentials don't have any scopes associated with # them, and that's okay. return scopes = credentials.scopes self.assertIn('https://www.googleapis.com/auth/bigquery', scopes) self.assertIn( 'https://www.googleapis.com/auth/devstorage.read_only', scopes)
Example 4
Project: airflow Author: apache File: test_base_google.py License: Apache License 2.0 | 6 votes |
def test_provided_scopes(self): self.instance.extras = { 'extra__google_cloud_platform__project': default_project, 'extra__google_cloud_platform__scope': ( ','.join( ( 'https://www.googleapis.com/auth/bigquery', 'https://www.googleapis.com/auth/devstorage.read_only', ) ) ), } self.assertEqual( self.instance.scopes, [ 'https://www.googleapis.com/auth/bigquery', 'https://www.googleapis.com/auth/devstorage.read_only', ], )
Example 5
Project: google-auth-library-python Author: googleapis File: test_mtls_http.py License: Apache License 2.0 | 6 votes |
def test_requests(): credentials, project_id = google.auth.default() credentials = google.auth.credentials.with_scopes_if_required( credentials, ["https://www.googleapis.com/auth/pubsub"] ) authed_session = google.auth.transport.requests.AuthorizedSession(credentials) authed_session.configure_mtls_channel() # If the devices has default client cert source, then a mutual TLS channel # is supposed to be created. assert authed_session.is_mtls == mtls.has_default_client_cert_source() # Sleep 1 second to avoid 503 error. time.sleep(1) if authed_session.is_mtls: response = authed_session.get(MTLS_ENDPOINT.format(project_id)) else: response = authed_session.get(REGULAR_ENDPOINT.format(project_id)) assert response.ok
Example 6
Project: google-auth-library-python Author: googleapis File: test_mtls_http.py License: Apache License 2.0 | 6 votes |
def test_urllib3(): credentials, project_id = google.auth.default() credentials = google.auth.credentials.with_scopes_if_required( credentials, ["https://www.googleapis.com/auth/pubsub"] ) authed_http = google.auth.transport.urllib3.AuthorizedHttp(credentials) is_mtls = authed_http.configure_mtls_channel() # If the devices has default client cert source, then a mutual TLS channel # is supposed to be created. assert is_mtls == mtls.has_default_client_cert_source() # Sleep 1 second to avoid 503 error. time.sleep(1) if is_mtls: response = authed_http.request("GET", MTLS_ENDPOINT.format(project_id)) else: response = authed_http.request("GET", REGULAR_ENDPOINT.format(project_id)) assert response.status == 200
Example 7
Project: google-auth-library-python Author: googleapis File: test_mtls_http.py License: Apache License 2.0 | 6 votes |
def test_requests_with_default_client_cert_source(): credentials, project_id = google.auth.default() credentials = google.auth.credentials.with_scopes_if_required( credentials, ["https://www.googleapis.com/auth/pubsub"] ) authed_session = google.auth.transport.requests.AuthorizedSession(credentials) if mtls.has_default_client_cert_source(): authed_session.configure_mtls_channel( client_cert_callback=mtls.default_client_cert_source() ) assert authed_session.is_mtls # Sleep 1 second to avoid 503 error. time.sleep(1) response = authed_session.get(MTLS_ENDPOINT.format(project_id)) assert response.ok
Example 8
Project: google-auth-library-python Author: googleapis File: test_mtls_http.py License: Apache License 2.0 | 6 votes |
def test_urllib3_with_default_client_cert_source(): credentials, project_id = google.auth.default() credentials = google.auth.credentials.with_scopes_if_required( credentials, ["https://www.googleapis.com/auth/pubsub"] ) authed_http = google.auth.transport.urllib3.AuthorizedHttp(credentials) if mtls.has_default_client_cert_source(): assert authed_http.configure_mtls_channel( client_cert_callback=mtls.default_client_cert_source() ) # Sleep 1 second to avoid 503 error. time.sleep(1) response = authed_http.request("GET", MTLS_ENDPOINT.format(project_id)) assert response.status == 200
Example 9
Project: google-auth-library-python Author: googleapis File: test_grpc.py License: Apache License 2.0 | 6 votes |
def test_grpc_request_with_jwt_credentials(): credentials, project_id = google.auth.default() audience = "https://pubsub.googleapis.com/google.pubsub.v1.Publisher" credentials = google.auth.jwt.Credentials.from_signing_credentials( credentials, audience=audience ) transport = publisher_grpc_transport.PublisherGrpcTransport( address=publisher_client.PublisherClient.SERVICE_ADDRESS, credentials=credentials, ) # Create a pub/sub client. client = pubsub_v1.PublisherClient(transport=transport) # list the topics and drain the iterator to test that an authorized API # call works. list_topics_iter = client.list_topics(project="projects/{}".format(project_id)) list(list_topics_iter)
Example 10
Project: google-auth-library-python Author: googleapis File: test_grpc.py License: Apache License 2.0 | 6 votes |
def test_grpc_request_with_on_demand_jwt_credentials(): credentials, project_id = google.auth.default() credentials = google.auth.jwt.OnDemandCredentials.from_signing_credentials( credentials ) transport = publisher_grpc_transport.PublisherGrpcTransport( address=publisher_client.PublisherClient.SERVICE_ADDRESS, credentials=credentials, ) # Create a pub/sub client. client = pubsub_v1.PublisherClient(transport=transport) # list the topics and drain the iterator to test that an authorized API # call works. list_topics_iter = client.list_topics(project="projects/{}".format(project_id)) list(list_topics_iter)
Example 11
Project: google-auth-library-python Author: googleapis File: _default.py License: Apache License 2.0 | 6 votes |
def _get_gcloud_sdk_credentials(): """Gets the credentials and project ID from the Cloud SDK.""" from google.auth import _cloud_sdk # Check if application default credentials exist. credentials_filename = _cloud_sdk.get_application_default_credentials_path() if not os.path.isfile(credentials_filename): return None, None credentials, project_id = load_credentials_from_file(credentials_filename) if not project_id: project_id = _cloud_sdk.get_project_id() return credentials, project_id
Example 12
Project: python-docs-samples Author: GoogleCloudPlatform File: samples_test.py License: Apache License 2.0 | 6 votes |
def test_client_library_query_bqstorage(): # [START bigquery_migration_client_library_query_bqstorage] import google.auth from google.cloud import bigquery from google.cloud import bigquery_storage_v1beta1 # Create a BigQuery client and a BigQuery Storage API client with the same # credentials to avoid authenticating twice. credentials, project_id = google.auth.default( scopes=["https://www.googleapis.com/auth/cloud-platform"] ) client = bigquery.Client(credentials=credentials, project=project_id) bqstorage_client = bigquery_storage_v1beta1.BigQueryStorageClient( credentials=credentials ) sql = "SELECT * FROM `bigquery-public-data.irs_990.irs_990_2012`" # Use a BigQuery Storage API client to download results more quickly. df = client.query(sql).to_dataframe(bqstorage_client=bqstorage_client) # [END bigquery_migration_client_library_query_bqstorage] assert len(df) > 0
Example 13
Project: python-docs-samples Author: GoogleCloudPlatform File: main_test.py License: Apache License 2.0 | 6 votes |
def clients(): # [START bigquerystorage_pandas_tutorial_all] # [START bigquerystorage_pandas_tutorial_create_client] import google.auth from google.cloud import bigquery from google.cloud import bigquery_storage_v1beta1 # Explicitly create a credentials object. This allows you to use the same # credentials for both the BigQuery and BigQuery Storage clients, avoiding # unnecessary API calls to fetch duplicate authentication tokens. credentials, your_project_id = google.auth.default( scopes=["https://www.googleapis.com/auth/cloud-platform"] ) # Make clients. bqclient = bigquery.Client( credentials=credentials, project=your_project_id, ) bqstorageclient = bigquery_storage_v1beta1.BigQueryStorageClient( credentials=credentials ) # [END bigquerystorage_pandas_tutorial_create_client] # [END bigquerystorage_pandas_tutorial_all] return bqclient, bqstorageclient
Example 14
Project: python-docs-samples Author: GoogleCloudPlatform File: get_dag_prefix.py License: Apache License 2.0 | 6 votes |
def get_dag_prefix(project_id, location, composer_environment): # [START composer_get_environment_dag_prefix] import google.auth import google.auth.transport.requests # Authenticate with Google Cloud. # See: https://cloud.google.com/docs/authentication/getting-started credentials, _ = google.auth.default( scopes=['https://www.googleapis.com/auth/cloud-platform']) authed_session = google.auth.transport.requests.AuthorizedSession( credentials) # project_id = 'YOUR_PROJECT_ID' # location = 'us-central1' # composer_environment = 'YOUR_COMPOSER_ENVIRONMENT_NAME' environment_url = ( 'https://composer.googleapis.com/v1beta1/projects/{}/locations/{}' '/environments/{}').format(project_id, location, composer_environment) response = authed_session.request('GET', environment_url) environment_data = response.json() # Print the bucket name from the response body. print(environment_data['config']['dagGcsPrefix']) # [END composer_get_environment_dag_prefix]
Example 15
Project: alfred-gmail Author: fniephaus File: _default.py License: MIT License | 6 votes |
def _get_gcloud_sdk_credentials(): """Gets the credentials and project ID from the Cloud SDK.""" from google.auth import _cloud_sdk # Check if application default credentials exist. credentials_filename = ( _cloud_sdk.get_application_default_credentials_path()) if not os.path.isfile(credentials_filename): return None, None credentials, project_id = _load_credentials_from_file( credentials_filename) if not project_id: project_id = _cloud_sdk.get_project_id() return credentials, project_id
Example 16
Project: alfred-gmail Author: fniephaus File: _default.py License: MIT License | 6 votes |
def _get_gce_credentials(request=None): """Gets credentials and project ID from the GCE Metadata Service.""" # Ping requires a transport, but we want application default credentials # to require no arguments. So, we'll use the _http_client transport which # uses http.client. This is only acceptable because the metadata server # doesn't do SSL and never requires proxies. from google.auth import compute_engine from google.auth.compute_engine import _metadata if request is None: request = google.auth.transport._http_client.Request() if _metadata.ping(request=request): # Get the project ID. try: project_id = _metadata.get_project_id(request=request) except exceptions.TransportError: project_id = None return compute_engine.Credentials(), project_id else: return None, None
Example 17
Project: luci-py Author: luci File: _default.py License: Apache License 2.0 | 6 votes |
def _get_gcloud_sdk_credentials(): """Gets the credentials and project ID from the Cloud SDK.""" from google.auth import _cloud_sdk # Check if application default credentials exist. credentials_filename = ( _cloud_sdk.get_application_default_credentials_path()) if not os.path.isfile(credentials_filename): return None, None credentials, project_id = _load_credentials_from_file( credentials_filename) if not project_id: project_id = _cloud_sdk.get_project_id() return credentials, project_id
Example 18
Project: luci-py Author: luci File: _default.py License: Apache License 2.0 | 6 votes |
def _get_gcloud_sdk_credentials(): """Gets the credentials and project ID from the Cloud SDK.""" from google.auth import _cloud_sdk # Check if application default credentials exist. credentials_filename = ( _cloud_sdk.get_application_default_credentials_path()) if not os.path.isfile(credentials_filename): return None, None credentials, project_id = _load_credentials_from_file( credentials_filename) if not project_id: project_id = _cloud_sdk.get_project_id() return credentials, project_id
Example 19
Project: luci-py Author: luci File: _default.py License: Apache License 2.0 | 6 votes |
def _get_gcloud_sdk_credentials(): """Gets the credentials and project ID from the Cloud SDK.""" from google.auth import _cloud_sdk # Check if application default credentials exist. credentials_filename = ( _cloud_sdk.get_application_default_credentials_path()) if not os.path.isfile(credentials_filename): return None, None credentials, project_id = _load_credentials_from_file( credentials_filename) if not project_id: project_id = _cloud_sdk.get_project_id() return credentials, project_id
Example 20
Project: luci-py Author: luci File: _default.py License: Apache License 2.0 | 6 votes |
def _get_gcloud_sdk_credentials(): """Gets the credentials and project ID from the Cloud SDK.""" from google.auth import _cloud_sdk # Check if application default credentials exist. credentials_filename = ( _cloud_sdk.get_application_default_credentials_path()) if not os.path.isfile(credentials_filename): return None, None credentials, project_id = _load_credentials_from_file( credentials_filename) if not project_id: project_id = _cloud_sdk.get_project_id() return credentials, project_id
Example 21
Project: python-bigquery Author: googleapis File: magics.py License: Apache License 2.0 | 6 votes |
def project(self): """str: Default project to use for queries performed through IPython magics Note: The project does not need to be explicitly defined if you have an environment default project set. If you do not have a default project set in your environment, manually assign the project as demonstrated in the example below. Example: Manually setting the context project: >>> from google.cloud.bigquery import magics >>> magics.context.project = 'my-project' """ if self._project is None: _, self._project = google.auth.default() return self._project
Example 22
Project: a2ml Author: augerai File: a2ml.py License: Apache License 2.0 | 5 votes |
def evaluate(self): credentials, project = google.auth.default(scopes=['https://www.googleapis.com/auth/cloud-platform']) authed_session = AuthorizedSession(credentials) basename="https://automl.googleapis.com/v1beta1/" cmd = basename + self.operation_name response=authed_session.get(cmd) result=json.loads(response.content) self.ctx.log("Operation name: {}".format(result["name"])) if (("done" in result.keys()) and result["done"]): self.ctx.log("Model training complete.") self.model_name = result["response"]["name"] self.ctx.log("Model full name: {}".format(self.model_name)) self.ctx.config.set('model_name', self.model_name) self.ctx.config.write() response = self.client.list_model_evaluations(self.model_name) self.ctx.log("List of model evaluations:") for evaluation in response: self.ctx.log("Model evaluation name: {}".format(evaluation.name)) self.ctx.log("Model evaluation id: {}".format(evaluation.name.split("/")[-1])) self.ctx.log("Model evaluation example count: {}".format( evaluation.evaluated_example_count)) self.ctx.log("Model evaluation time: {} seconds".format(evaluation.create_time.seconds)) self.ctx.log("Full model evaluation: {}".format(inspect.getmembers(evaluation) )) self.ctx.log("\n") else: self.ctx.log("Model still training...")
Example 23
Project: incubator-dlab Author: apache File: actions_lib.py License: Apache License 2.0 | 5 votes |
def __init__(self, auth_type='service_account'): @backoff.on_exception(backoff.expo, google.auth.exceptions.DefaultCredentialsError, max_tries=15) def get_gcp_cred(): credentials, project = google.auth.default() return credentials, project self.auth_type = auth_type self.project = os.environ['gcp_project_id'] if os.environ['conf_resource'] == 'ssn': os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = "/root/service_account.json" credentials, project = google.auth.default() if credentials.requires_scopes: credentials = credentials.with_scopes( ['https://www.googleapis.com/auth/compute', 'https://www.googleapis.com/auth/iam', 'https://www.googleapis.com/auth/cloud-platform']) self.service = build('compute', 'v1', credentials=credentials) self.service_iam = build('iam', 'v1', credentials=credentials) self.dataproc = build('dataproc', 'v1', credentials=credentials) self.service_storage = build('storage', 'v1', credentials=credentials) self.storage_client = storage.Client(project=project, credentials=credentials) self.service_resource = build('cloudresourcemanager', 'v1', credentials=credentials) else: credentials, project = get_gcp_cred() self.service = build('compute', 'v1', credentials=credentials) self.service_iam = build('iam', 'v1', credentials=credentials) self.dataproc = build('dataproc', 'v1', credentials=credentials) self.service_storage = build('storage', 'v1', credentials=credentials) self.storage_client = storage.Client(project=project, credentials=credentials) self.service_resource = build('cloudresourcemanager', 'v1', credentials=credentials)
Example 24
Project: incubator-dlab Author: apache File: meta_lib.py License: Apache License 2.0 | 5 votes |
def __init__(self, auth_type='service_account'): @backoff.on_exception(backoff.expo, google.auth.exceptions.DefaultCredentialsError, max_tries=15) def get_gcp_cred(): credentials, project = google.auth.default() return credentials, project self.auth_type = auth_type self.project = os.environ['gcp_project_id'] if os.environ['conf_resource'] == 'ssn': os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = "/root/service_account.json" credentials, project = google.auth.default() if credentials.requires_scopes: credentials = credentials.with_scopes( ['https://www.googleapis.com/auth/compute', 'https://www.googleapis.com/auth/iam', 'https://www.googleapis.com/auth/cloud-platform']) self.service = build('compute', 'v1', credentials=credentials) self.service_iam = build('iam', 'v1', credentials=credentials) self.dataproc = build('dataproc', 'v1', credentials=credentials) self.service_storage = build('storage', 'v1', credentials=credentials) self.storage_client = storage.Client(project=project, credentials=credentials) self.service_resource = build('cloudresourcemanager', 'v1', credentials=credentials) else: credentials, project = get_gcp_cred() self.service = build('compute', 'v1', credentials=credentials) self.service_iam = build('iam', 'v1', credentials=credentials) self.dataproc = build('dataproc', 'v1', credentials=credentials) self.service_storage = build('storage', 'v1', credentials=credentials) self.storage_client = storage.Client(project=project, credentials=credentials) self.service_resource = build('cloudresourcemanager', 'v1', credentials=credentials)
Example 25
Project: hangouts-chat-samples Author: gsuitedevs File: bot.py License: Apache License 2.0 | 5 votes |
def receive_messages(): """Receives messages from a pull subscription.""" scopes = ['https://www.googleapis.com/auth/chat.bot'] credentials, project_id = google.auth.default() credentials = credentials.with_scopes(scopes=scopes) chat = build('chat', 'v1', credentials=credentials) subscription_id = os.environ.get('SUBSCRIPTION_ID') subscriber = pubsub_v1.SubscriberClient() subscription_path = subscriber.subscription_path( project_id, subscription_id) def callback(message): logging.info('Received message: %s', message.data) event = json.loads(message.data) space_name = event['space']['name'] # If the bot was removed, we don't need to return a response. if event['type'] == 'REMOVED_FROM_SPACE': logging.info('Bot removed rom space %s', space_name) return response = format_response(event) # Send the asynchronous response back to Hangouts Chat chat.spaces().messages().create( parent=space_name, body=response).execute() message.ack() subscriber.subscribe(subscription_path, callback=callback) logging.info('Listening for messages on %s', subscription_path) # Keep main thread from exiting while waiting for messages while True: time.sleep(60)
Example 26
Project: airflow Author: apache File: test_base_google.py License: Apache License 2.0 | 5 votes |
def test_get_credentials_and_project_id_with_default_auth_and_unsupported_delegate( self, mock_auth_default ): self.instance.delegate_to = "TEST_DELLEGATE_TO" mock_credentials = mock.MagicMock(spec=google.auth.compute_engine.Credentials) mock_auth_default.return_value = (mock_credentials, "PROJECT_ID") with self.assertRaisesRegex(AirflowException, re.escape( "The `delegate_to` parameter cannot be used here as the current authentication method does not " "support account impersonate. Please use service-account for authorization." )): self.instance._get_credentials_and_project_id()
Example 27
Project: airflow Author: apache File: test_base_google.py License: Apache License 2.0 | 5 votes |
def test_default_scopes(self): self.instance.extras = {'extra__google_cloud_platform__project': default_project} self.assertEqual(self.instance.scopes, ('https://www.googleapis.com/auth/cloud-platform',))
Example 28
Project: airflow Author: apache File: test_base_google.py License: Apache License 2.0 | 5 votes |
def test_provide_authorized_gcloud_key_path(self, mock_check_output, mock_project_id): key_path = '/test/key-path' self.instance.extras = {'extra__google_cloud_platform__key_path': key_path} with self.instance.provide_authorized_gcloud(): self.assertEqual(os.environ[CREDENTIALS], key_path) mock_check_output.has_calls( mock.call(['gcloud', 'config', 'set', 'core/project', 'PROJECT_ID']), mock.call(['gcloud', 'auth', 'activate-service-account', '--key-file=/test/key-path']) )
Example 29
Project: airflow Author: apache File: test_base_google.py License: Apache License 2.0 | 5 votes |
def test_provide_authorized_gcloud_via_gcloud_application_default( self, mock_file, mock_check_output, mock_cloud_sdk, mock_project_id ): # This file always exists. mock_cloud_sdk.get_application_default_credentials_path.return_value = __file__ file_content = json.dumps({ "client_id": "CLIENT_ID", "client_secret": "CLIENT_SECRET", "refresh_token": "REFRESH_TOKEN", "type": "authorized_user" }) with mock.patch(MODULE_NAME + '.open', mock.mock_open(read_data=file_content)): with self.instance.provide_authorized_gcloud(): # Do nothing pass mock_check_output.has_calls( [ mock.call(['gcloud', 'config', 'set', 'auth/client_id', 'CLIENT_ID']), mock.call(['gcloud', 'config', 'set', 'auth/client_secret', 'CLIENT_SECRET']), mock.call(['gcloud', 'config', 'set', 'core/project', 'PROJECT_ID']), mock.call(['gcloud', 'auth', 'activate-refresh-token', 'CLIENT_ID', 'REFRESH_TOKEN']) ], any_order=False )
Example 30
Project: airflow Author: apache File: base_google.py License: Apache License 2.0 | 5 votes |
def __init__(self, gcp_conn_id: str = 'google_cloud_default', delegate_to: Optional[str] = None) -> None: super().__init__() self.gcp_conn_id = gcp_conn_id self.delegate_to = delegate_to self.extras = self.get_connection(self.gcp_conn_id).extra_dejson # type: Dict self._cached_credentials: Optional[google.auth.credentials.Credentials] = None self._cached_project_id: Optional[str] = None