Python google.auth() Examples
The following are 30
code examples of google.auth().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
google
, or try the search function
.
.
Example #1
| Source File: samples_test.py From python-docs-samples with Apache License 2.0 | 7 votes |
|
def test_client_library_query_bqstorage():
# [START bigquery_migration_client_library_query_bqstorage]
import google.auth
from google.cloud import bigquery
from google.cloud import bigquery_storage_v1beta1
# Create a BigQuery client and a BigQuery Storage API client with the same
# credentials to avoid authenticating twice.
credentials, project_id = google.auth.default(
scopes=["https://www.googleapis.com/auth/cloud-platform"]
)
client = bigquery.Client(credentials=credentials, project=project_id)
bqstorage_client = bigquery_storage_v1beta1.BigQueryStorageClient(
credentials=credentials
)
sql = "SELECT * FROM `bigquery-public-data.irs_990.irs_990_2012`"
# Use a BigQuery Storage API client to download results more quickly.
df = client.query(sql).to_dataframe(bqstorage_client=bqstorage_client)
# [END bigquery_migration_client_library_query_bqstorage]
assert len(df) > 0
Example #2
| Source File: magics.py From python-bigquery with Apache License 2.0 | 6 votes |
|
def project(self):
"""str: Default project to use for queries performed through IPython
magics
Note:
The project does not need to be explicitly defined if you have an
environment default project set. If you do not have a default
project set in your environment, manually assign the project as
demonstrated in the example below.
Example:
Manually setting the context project:
>>> from google.cloud.bigquery import magics
>>> magics.context.project = 'my-project'
"""
if self._project is None:
_, self._project = google.auth.default()
return self._project
Example #3
| Source File: test_base_google.py From airflow with Apache License 2.0 | 6 votes |
|
def test_default_creds_with_scopes(self):
self.instance.extras = {
'extra__google_cloud_platform__project': default_project,
'extra__google_cloud_platform__scope': (
','.join(
(
'https://www.googleapis.com/auth/bigquery',
'https://www.googleapis.com/auth/devstorage.read_only',
)
)
),
}
credentials = self.instance._get_credentials()
if not hasattr(credentials, 'scopes') or credentials.scopes is None:
# Some default credentials don't have any scopes associated with
# them, and that's okay.
return
scopes = credentials.scopes
self.assertIn('https://www.googleapis.com/auth/bigquery', scopes)
self.assertIn(
'https://www.googleapis.com/auth/devstorage.read_only', scopes)
Example #4
| Source File: google_base.py From dsub with Apache License 2.0 | 6 votes |
|
def setup_service(api_name, api_version, credentials=None):
"""Configures genomics API client.
Args:
api_name: Name of the Google API (for example: "genomics")
api_version: Version of the API (for example: "v2alpha1")
credentials: Credentials to be used for the gcloud API calls.
Returns:
A configured Google Genomics API client with appropriate credentials.
"""
# dsub is not a server application, so it is ok to filter this warning.
warnings.filterwarnings(
'ignore', 'Your application has authenticated using end user credentials')
if not credentials:
credentials, _ = google.auth.default()
return googleapiclient.discovery.build(
api_name, api_version, credentials=credentials)
Example #5
| Source File: test_base_google.py From airflow with Apache License 2.0 | 6 votes |
|
def test_provided_scopes(self):
self.instance.extras = {
'extra__google_cloud_platform__project': default_project,
'extra__google_cloud_platform__scope': (
','.join(
(
'https://www.googleapis.com/auth/bigquery',
'https://www.googleapis.com/auth/devstorage.read_only',
)
)
),
}
self.assertEqual(
self.instance.scopes,
[
'https://www.googleapis.com/auth/bigquery',
'https://www.googleapis.com/auth/devstorage.read_only',
],
)
Example #6
| Source File: test_mtls_http.py From google-auth-library-python with Apache License 2.0 | 6 votes |
|
def test_requests():
credentials, project_id = google.auth.default()
credentials = google.auth.credentials.with_scopes_if_required(
credentials, ["https://www.googleapis.com/auth/pubsub"]
)
authed_session = google.auth.transport.requests.AuthorizedSession(credentials)
authed_session.configure_mtls_channel()
# If the devices has default client cert source, then a mutual TLS channel
# is supposed to be created.
assert authed_session.is_mtls == mtls.has_default_client_cert_source()
# Sleep 1 second to avoid 503 error.
time.sleep(1)
if authed_session.is_mtls:
response = authed_session.get(MTLS_ENDPOINT.format(project_id))
else:
response = authed_session.get(REGULAR_ENDPOINT.format(project_id))
assert response.ok
Example #7
| Source File: test_mtls_http.py From google-auth-library-python with Apache License 2.0 | 6 votes |
|
def test_urllib3():
credentials, project_id = google.auth.default()
credentials = google.auth.credentials.with_scopes_if_required(
credentials, ["https://www.googleapis.com/auth/pubsub"]
)
authed_http = google.auth.transport.urllib3.AuthorizedHttp(credentials)
is_mtls = authed_http.configure_mtls_channel()
# If the devices has default client cert source, then a mutual TLS channel
# is supposed to be created.
assert is_mtls == mtls.has_default_client_cert_source()
# Sleep 1 second to avoid 503 error.
time.sleep(1)
if is_mtls:
response = authed_http.request("GET", MTLS_ENDPOINT.format(project_id))
else:
response = authed_http.request("GET", REGULAR_ENDPOINT.format(project_id))
assert response.status == 200
Example #8
| Source File: test_mtls_http.py From google-auth-library-python with Apache License 2.0 | 6 votes |
|
def test_requests_with_default_client_cert_source():
credentials, project_id = google.auth.default()
credentials = google.auth.credentials.with_scopes_if_required(
credentials, ["https://www.googleapis.com/auth/pubsub"]
)
authed_session = google.auth.transport.requests.AuthorizedSession(credentials)
if mtls.has_default_client_cert_source():
authed_session.configure_mtls_channel(
client_cert_callback=mtls.default_client_cert_source()
)
assert authed_session.is_mtls
# Sleep 1 second to avoid 503 error.
time.sleep(1)
response = authed_session.get(MTLS_ENDPOINT.format(project_id))
assert response.ok
Example #9
| Source File: test_mtls_http.py From google-auth-library-python with Apache License 2.0 | 6 votes |
|
def test_urllib3_with_default_client_cert_source():
credentials, project_id = google.auth.default()
credentials = google.auth.credentials.with_scopes_if_required(
credentials, ["https://www.googleapis.com/auth/pubsub"]
)
authed_http = google.auth.transport.urllib3.AuthorizedHttp(credentials)
if mtls.has_default_client_cert_source():
assert authed_http.configure_mtls_channel(
client_cert_callback=mtls.default_client_cert_source()
)
# Sleep 1 second to avoid 503 error.
time.sleep(1)
response = authed_http.request("GET", MTLS_ENDPOINT.format(project_id))
assert response.status == 200
Example #10
| Source File: test_grpc.py From google-auth-library-python with Apache License 2.0 | 6 votes |
|
def test_grpc_request_with_jwt_credentials():
credentials, project_id = google.auth.default()
audience = "https://pubsub.googleapis.com/google.pubsub.v1.Publisher"
credentials = google.auth.jwt.Credentials.from_signing_credentials(
credentials, audience=audience
)
transport = publisher_grpc_transport.PublisherGrpcTransport(
address=publisher_client.PublisherClient.SERVICE_ADDRESS,
credentials=credentials,
)
# Create a pub/sub client.
client = pubsub_v1.PublisherClient(transport=transport)
# list the topics and drain the iterator to test that an authorized API
# call works.
list_topics_iter = client.list_topics(project="projects/{}".format(project_id))
list(list_topics_iter)
Example #11
| Source File: test_grpc.py From google-auth-library-python with Apache License 2.0 | 6 votes |
|
def test_grpc_request_with_on_demand_jwt_credentials():
credentials, project_id = google.auth.default()
credentials = google.auth.jwt.OnDemandCredentials.from_signing_credentials(
credentials
)
transport = publisher_grpc_transport.PublisherGrpcTransport(
address=publisher_client.PublisherClient.SERVICE_ADDRESS,
credentials=credentials,
)
# Create a pub/sub client.
client = pubsub_v1.PublisherClient(transport=transport)
# list the topics and drain the iterator to test that an authorized API
# call works.
list_topics_iter = client.list_topics(project="projects/{}".format(project_id))
list(list_topics_iter)
Example #12
| Source File: main_test.py From python-docs-samples with Apache License 2.0 | 6 votes |
|
def clients():
# [START bigquerystorage_pandas_tutorial_all]
# [START bigquerystorage_pandas_tutorial_create_client]
import google.auth
from google.cloud import bigquery
from google.cloud import bigquery_storage_v1beta1
# Explicitly create a credentials object. This allows you to use the same
# credentials for both the BigQuery and BigQuery Storage clients, avoiding
# unnecessary API calls to fetch duplicate authentication tokens.
credentials, your_project_id = google.auth.default(
scopes=["https://www.googleapis.com/auth/cloud-platform"]
)
# Make clients.
bqclient = bigquery.Client(
credentials=credentials,
project=your_project_id,
)
bqstorageclient = bigquery_storage_v1beta1.BigQueryStorageClient(
credentials=credentials
)
# [END bigquerystorage_pandas_tutorial_create_client]
# [END bigquerystorage_pandas_tutorial_all]
return bqclient, bqstorageclient
Example #13
| Source File: get_dag_prefix.py From python-docs-samples with Apache License 2.0 | 6 votes |
|
def get_dag_prefix(project_id, location, composer_environment):
# [START composer_get_environment_dag_prefix]
import google.auth
import google.auth.transport.requests
# Authenticate with Google Cloud.
# See: https://cloud.google.com/docs/authentication/getting-started
credentials, _ = google.auth.default(
scopes=['https://www.googleapis.com/auth/cloud-platform'])
authed_session = google.auth.transport.requests.AuthorizedSession(
credentials)
# project_id = 'YOUR_PROJECT_ID'
# location = 'us-central1'
# composer_environment = 'YOUR_COMPOSER_ENVIRONMENT_NAME'
environment_url = (
'https://composer.googleapis.com/v1beta1/projects/{}/locations/{}'
'/environments/{}').format(project_id, location, composer_environment)
response = authed_session.request('GET', environment_url)
environment_data = response.json()
# Print the bucket name from the response body.
print(environment_data['config']['dagGcsPrefix'])
# [END composer_get_environment_dag_prefix]
Example #14
| Source File: _default.py From alfred-gmail with MIT License | 6 votes |
|
def _get_gcloud_sdk_credentials():
"""Gets the credentials and project ID from the Cloud SDK."""
from google.auth import _cloud_sdk
# Check if application default credentials exist.
credentials_filename = (
_cloud_sdk.get_application_default_credentials_path())
if not os.path.isfile(credentials_filename):
return None, None
credentials, project_id = _load_credentials_from_file(
credentials_filename)
if not project_id:
project_id = _cloud_sdk.get_project_id()
return credentials, project_id
Example #15
| Source File: _default.py From alfred-gmail with MIT License | 6 votes |
|
def _get_gce_credentials(request=None):
"""Gets credentials and project ID from the GCE Metadata Service."""
# Ping requires a transport, but we want application default credentials
# to require no arguments. So, we'll use the _http_client transport which
# uses http.client. This is only acceptable because the metadata server
# doesn't do SSL and never requires proxies.
from google.auth import compute_engine
from google.auth.compute_engine import _metadata
if request is None:
request = google.auth.transport._http_client.Request()
if _metadata.ping(request=request):
# Get the project ID.
try:
project_id = _metadata.get_project_id(request=request)
except exceptions.TransportError:
project_id = None
return compute_engine.Credentials(), project_id
else:
return None, None
Example #16
| Source File: _default.py From luci-py with Apache License 2.0 | 6 votes |
|
def _get_gcloud_sdk_credentials():
"""Gets the credentials and project ID from the Cloud SDK."""
from google.auth import _cloud_sdk
# Check if application default credentials exist.
credentials_filename = (
_cloud_sdk.get_application_default_credentials_path())
if not os.path.isfile(credentials_filename):
return None, None
credentials, project_id = _load_credentials_from_file(
credentials_filename)
if not project_id:
project_id = _cloud_sdk.get_project_id()
return credentials, project_id
Example #17
| Source File: _default.py From luci-py with Apache License 2.0 | 6 votes |
|
def _get_gcloud_sdk_credentials():
"""Gets the credentials and project ID from the Cloud SDK."""
from google.auth import _cloud_sdk
# Check if application default credentials exist.
credentials_filename = (
_cloud_sdk.get_application_default_credentials_path())
if not os.path.isfile(credentials_filename):
return None, None
credentials, project_id = _load_credentials_from_file(
credentials_filename)
if not project_id:
project_id = _cloud_sdk.get_project_id()
return credentials, project_id
Example #18
| Source File: _default.py From google-auth-library-python with Apache License 2.0 | 6 votes |
|
def _get_gcloud_sdk_credentials():
"""Gets the credentials and project ID from the Cloud SDK."""
from google.auth import _cloud_sdk
# Check if application default credentials exist.
credentials_filename = _cloud_sdk.get_application_default_credentials_path()
if not os.path.isfile(credentials_filename):
return None, None
credentials, project_id = load_credentials_from_file(credentials_filename)
if not project_id:
project_id = _cloud_sdk.get_project_id()
return credentials, project_id
Example #19
| Source File: _default.py From luci-py with Apache License 2.0 | 6 votes |
|
def _get_gcloud_sdk_credentials():
"""Gets the credentials and project ID from the Cloud SDK."""
from google.auth import _cloud_sdk
# Check if application default credentials exist.
credentials_filename = (
_cloud_sdk.get_application_default_credentials_path())
if not os.path.isfile(credentials_filename):
return None, None
credentials, project_id = _load_credentials_from_file(
credentials_filename)
if not project_id:
project_id = _cloud_sdk.get_project_id()
return credentials, project_id
Example #20
| Source File: _default.py From luci-py with Apache License 2.0 | 6 votes |
|
def _get_gcloud_sdk_credentials():
"""Gets the credentials and project ID from the Cloud SDK."""
from google.auth import _cloud_sdk
# Check if application default credentials exist.
credentials_filename = (
_cloud_sdk.get_application_default_credentials_path())
if not os.path.isfile(credentials_filename):
return None, None
credentials, project_id = _load_credentials_from_file(
credentials_filename)
if not project_id:
project_id = _cloud_sdk.get_project_id()
return credentials, project_id
Example #21
| Source File: google_base.py From dsub with Apache License 2.0 | 6 votes |
|
def retry_auth_check(exception, verbose):
"""Specific check for auth error codes.
Return True if we should retry.
False otherwise.
Args:
exception: An exception to test for transience.
verbose: If true, output retry messages
Returns:
True if we should retry. False otherwise.
"""
if isinstance(exception, googleapiclient.errors.HttpError):
if exception.resp.status in HTTP_AUTH_ERROR_CODES:
_print_retry_error(exception, verbose)
return True
return False
Example #22
| Source File: _auth.py From pipelines with Apache License 2.0 | 5 votes |
|
def get_auth_token_from_sa(client_id):
"""Gets auth token from default service account.
If no service account credential is found, returns None.
"""
service_account_credentials = get_service_account_credentials(client_id)
if service_account_credentials:
return get_google_open_id_connect_token(service_account_credentials)
return None
Example #23
| Source File: _auth.py From pipelines with Apache License 2.0 | 5 votes |
|
def get_auth_token(client_id, other_client_id, other_client_secret):
"""Gets auth token from default service account or user account."""
if os.path.exists(LOCAL_KFP_CREDENTIAL):
# fetch IAP auth token using the locally stored credentials.
with open(LOCAL_KFP_CREDENTIAL, 'r') as f:
credentials = json.load(f)
if client_id in credentials:
return id_token_from_refresh_token(credentials[client_id]['other_client_id'],
credentials[client_id]['other_client_secret'],
credentials[client_id]['refresh_token'],
client_id)
if other_client_id is None or other_client_secret is None:
# fetch IAP auth token: service accounts
token = get_auth_token_from_sa(client_id)
else:
# fetch IAP auth token: user account
# Obtain the ID token for provided Client ID with user accounts.
# Flow: get authorization code -> exchange for refresh token -> obtain and return ID token
refresh_token = get_refresh_token_from_client_id(other_client_id, other_client_secret)
credentials = {}
if os.path.exists(LOCAL_KFP_CREDENTIAL):
with open(LOCAL_KFP_CREDENTIAL, 'r') as f:
credentials = json.load(f)
credentials[client_id] = {}
credentials[client_id]['other_client_id'] = other_client_id
credentials[client_id]['other_client_secret'] = other_client_secret
credentials[client_id]['refresh_token'] = refresh_token
#TODO: handle the case when the refresh_token expires.
# which only happens if the refresh_token is not used once for six months.
if not os.path.exists(os.path.dirname(LOCAL_KFP_CREDENTIAL)):
os.makedirs(os.path.dirname(LOCAL_KFP_CREDENTIAL))
with open(LOCAL_KFP_CREDENTIAL, 'w') as f:
json.dump(credentials, f)
token = id_token_from_refresh_token(other_client_id, other_client_secret, refresh_token, client_id)
return token
Example #24
| Source File: _auth.py From pipelines with Apache License 2.0 | 5 votes |
|
def get_gcp_access_token():
"""Get and return GCP access token for the current Application Default
Credentials. If not set, returns None. For more information, see
https://cloud.google.com/sdk/gcloud/reference/auth/application-default/print-access-token
"""
token = None
args = ['gcloud', 'auth', 'print-access-token']
try:
# Casting to string to accommodate API server request schema.
token = subprocess.check_output(args).rstrip().decode("utf-8")
except subprocess.CalledProcessError as e:
logging.warning('Failed to get GCP access token: %s', e)
return token
Example #25
| Source File: _default.py From luci-py with Apache License 2.0 | 5 votes |
|
def _get_gae_credentials():
"""Gets Google App Engine App Identity credentials and project ID."""
# While this library is normally bundled with app_engine, there are
# some cases where it's not available, so we tolerate ImportError.
try:
import google.auth.app_engine as app_engine
except ImportError:
return None, None
try:
credentials = app_engine.Credentials()
project_id = app_engine.get_project_id()
return credentials, project_id
except EnvironmentError:
return None, None
Example #26
| Source File: _default.py From luci-py with Apache License 2.0 | 5 votes |
|
def _get_gce_credentials(request=None):
"""Gets credentials and project ID from the GCE Metadata Service."""
# Ping requires a transport, but we want application default credentials
# to require no arguments. So, we'll use the _http_client transport which
# uses http.client. This is only acceptable because the metadata server
# doesn't do SSL and never requires proxies.
# While this library is normally bundled with compute_engine, there are
# some cases where it's not available, so we tolerate ImportError.
try:
from google.auth import compute_engine
from google.auth.compute_engine import _metadata
except ImportError:
return None, None
if request is None:
request = google.auth.transport._http_client.Request()
if _metadata.ping(request=request):
# Get the project ID.
try:
project_id = _metadata.get_project_id(request=request)
except exceptions.TransportError:
project_id = None
return compute_engine.Credentials(), project_id
else:
return None, None
Example #27
| Source File: _default.py From luci-py with Apache License 2.0 | 5 votes |
|
def _warn_about_problematic_credentials(credentials):
"""Determines if the credentials are problematic.
Credentials from the Cloud SDK that are associated with Cloud SDK's project
are problematic because they may not have APIs enabled and have limited
quota. If this is the case, warn about it.
"""
from google.auth import _cloud_sdk
if credentials.client_id == _cloud_sdk.CLOUD_SDK_CLIENT_ID:
warnings.warn(_CLOUD_SDK_CREDENTIALS_WARNING)
Example #28
| Source File: _default.py From luci-py with Apache License 2.0 | 5 votes |
|
def _get_gae_credentials():
"""Gets Google App Engine App Identity credentials and project ID."""
# While this library is normally bundled with app_engine, there are
# some cases where it's not available, so we tolerate ImportError.
try:
import google.auth.app_engine as app_engine
except ImportError:
return None, None
try:
credentials = app_engine.Credentials()
project_id = app_engine.get_project_id()
return credentials, project_id
except EnvironmentError:
return None, None
Example #29
| Source File: _default.py From luci-py with Apache License 2.0 | 5 votes |
|
def _get_gce_credentials(request=None):
"""Gets credentials and project ID from the GCE Metadata Service."""
# Ping requires a transport, but we want application default credentials
# to require no arguments. So, we'll use the _http_client transport which
# uses http.client. This is only acceptable because the metadata server
# doesn't do SSL and never requires proxies.
# While this library is normally bundled with compute_engine, there are
# some cases where it's not available, so we tolerate ImportError.
try:
from google.auth import compute_engine
from google.auth.compute_engine import _metadata
except ImportError:
return None, None
if request is None:
request = google.auth.transport._http_client.Request()
if _metadata.ping(request=request):
# Get the project ID.
try:
project_id = _metadata.get_project_id(request=request)
except exceptions.TransportError:
project_id = None
return compute_engine.Credentials(), project_id
else:
return None, None
Example #30
| Source File: meta_lib.py From incubator-dlab with Apache License 2.0 | 5 votes |
|
def __init__(self, auth_type='service_account'):
@backoff.on_exception(backoff.expo,
google.auth.exceptions.DefaultCredentialsError,
max_tries=15)
def get_gcp_cred():
credentials, project = google.auth.default()
return credentials, project
self.auth_type = auth_type
self.project = os.environ['gcp_project_id']
if os.environ['conf_resource'] == 'ssn':
os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = "/root/service_account.json"
credentials, project = google.auth.default()
if credentials.requires_scopes:
credentials = credentials.with_scopes(
['https://www.googleapis.com/auth/compute',
'https://www.googleapis.com/auth/iam',
'https://www.googleapis.com/auth/cloud-platform'])
self.service = build('compute', 'v1', credentials=credentials)
self.service_iam = build('iam', 'v1', credentials=credentials)
self.dataproc = build('dataproc', 'v1', credentials=credentials)
self.service_storage = build('storage', 'v1', credentials=credentials)
self.storage_client = storage.Client(project=project, credentials=credentials)
self.service_resource = build('cloudresourcemanager', 'v1', credentials=credentials)
else:
credentials, project = get_gcp_cred()
self.service = build('compute', 'v1', credentials=credentials)
self.service_iam = build('iam', 'v1', credentials=credentials)
self.dataproc = build('dataproc', 'v1', credentials=credentials)
self.service_storage = build('storage', 'v1', credentials=credentials)
self.storage_client = storage.Client(project=project, credentials=credentials)
self.service_resource = build('cloudresourcemanager', 'v1', credentials=credentials)
