OLD | NEW |
(Empty) | |
| 1 # Copyright 2016 Google Inc. |
| 2 # |
| 3 # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 # you may not use this file except in compliance with the License. |
| 5 # You may obtain a copy of the License at |
| 6 # |
| 7 # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 # |
| 9 # Unless required by applicable law or agreed to in writing, software |
| 10 # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 # See the License for the specific language governing permissions and |
| 13 # limitations under the License. |
| 14 |
| 15 """Helpers for transitioning from oauth2client to google-auth. |
| 16 |
| 17 .. warning:: |
| 18 This module is private as it is intended to assist first-party downstream |
| 19 clients with the transition from oauth2client to google-auth. |
| 20 """ |
| 21 |
| 22 from __future__ import absolute_import |
| 23 |
| 24 from google.auth import _helpers |
| 25 import google.auth.app_engine |
| 26 import google.oauth2.credentials |
| 27 import google.oauth2.service_account |
| 28 |
| 29 try: |
| 30 import oauth2client.client |
| 31 import oauth2client.contrib.gce |
| 32 import oauth2client.service_account |
| 33 except ImportError: |
| 34 raise ImportError('oauth2client is not installed.') |
| 35 |
| 36 try: |
| 37 import oauth2client.contrib.appengine |
| 38 _HAS_APPENGINE = True |
| 39 except ImportError: |
| 40 _HAS_APPENGINE = False |
| 41 |
| 42 |
| 43 _CONVERT_ERROR_TMPL = ( |
| 44 'Unable to convert {} to a google-auth credentials class.') |
| 45 |
| 46 |
| 47 def _convert_oauth2_credentials(credentials): |
| 48 """Converts to :class:`google.oauth2.credentials.Credentials`. |
| 49 |
| 50 Args: |
| 51 credentials (Union[oauth2client.client.OAuth2Credentials, |
| 52 oauth2client.client.GoogleCredentials]): The credentials to |
| 53 convert. |
| 54 |
| 55 Returns: |
| 56 google.oauth2.credentials.Credentials: The converted credentials. |
| 57 """ |
| 58 new_credentials = google.oauth2.credentials.Credentials( |
| 59 token=credentials.access_token, |
| 60 refresh_token=credentials.refresh_token, |
| 61 token_uri=credentials.token_uri, |
| 62 client_id=credentials.client_id, |
| 63 client_secret=credentials.client_secret, |
| 64 scopes=credentials.scopes) |
| 65 |
| 66 new_credentials._expires = credentials.token_expiry |
| 67 |
| 68 return new_credentials |
| 69 |
| 70 |
| 71 def _convert_service_account_credentials(credentials): |
| 72 """Converts to :class:`google.oauth2.service_account.Credentials`. |
| 73 |
| 74 Args: |
| 75 credentials (Union[ |
| 76 oauth2client.service_account.ServiceAccountCredentials, |
| 77 oauth2client.service_account._JWTAccessCredentials]): The |
| 78 credentials to convert. |
| 79 |
| 80 Returns: |
| 81 google.oauth2.service_account.Credentials: The converted credentials. |
| 82 """ |
| 83 info = credentials.serialization_data.copy() |
| 84 info['token_uri'] = credentials.token_uri |
| 85 return google.oauth2.service_account.Credentials.from_service_account_info( |
| 86 info) |
| 87 |
| 88 |
| 89 def _convert_gce_app_assertion_credentials(credentials): |
| 90 """Converts to :class:`google.auth.compute_engine.Credentials`. |
| 91 |
| 92 Args: |
| 93 credentials (oauth2client.contrib.gce.AppAssertionCredentials): The |
| 94 credentials to convert. |
| 95 |
| 96 Returns: |
| 97 google.oauth2.service_account.Credentials: The converted credentials. |
| 98 """ |
| 99 return google.auth.compute_engine.Credentials( |
| 100 service_account_email=credentials.service_account_email) |
| 101 |
| 102 |
| 103 def _convert_appengine_app_assertion_credentials(credentials): |
| 104 """Converts to :class:`google.auth.app_engine.Credentials`. |
| 105 |
| 106 Args: |
| 107 credentials (oauth2client.contrib.app_engine.AppAssertionCredentials): |
| 108 The credentials to convert. |
| 109 |
| 110 Returns: |
| 111 google.oauth2.service_account.Credentials: The converted credentials. |
| 112 """ |
| 113 # pylint: disable=invalid-name |
| 114 return google.auth.app_engine.Credentials( |
| 115 scopes=_helpers.string_to_scopes(credentials.scope), |
| 116 service_account_id=credentials.service_account_id) |
| 117 |
| 118 |
| 119 _CLASS_CONVERSION_MAP = { |
| 120 oauth2client.client.OAuth2Credentials: _convert_oauth2_credentials, |
| 121 oauth2client.client.GoogleCredentials: _convert_oauth2_credentials, |
| 122 oauth2client.service_account.ServiceAccountCredentials: |
| 123 _convert_service_account_credentials, |
| 124 oauth2client.service_account._JWTAccessCredentials: |
| 125 _convert_service_account_credentials, |
| 126 oauth2client.contrib.gce.AppAssertionCredentials: |
| 127 _convert_gce_app_assertion_credentials, |
| 128 } |
| 129 |
| 130 if _HAS_APPENGINE: |
| 131 _CLASS_CONVERSION_MAP[ |
| 132 oauth2client.contrib.appengine.AppAssertionCredentials] = ( |
| 133 _convert_appengine_app_assertion_credentials) |
| 134 |
| 135 |
| 136 def convert(credentials): |
| 137 """Convert oauth2client credentials to google-auth credentials. |
| 138 |
| 139 This class converts: |
| 140 |
| 141 - :class:`oauth2client.client.OAuth2Credentials` to |
| 142 :class:`google.oauth2.credentials.Credentials`. |
| 143 - :class:`oauth2client.client.GoogleCredentials` to |
| 144 :class:`google.oauth2.credentials.Credentials`. |
| 145 - :class:`oauth2client.service_account.ServiceAccountCredentials` to |
| 146 :class:`google.oauth2.service_account.Credentials`. |
| 147 - :class:`oauth2client.service_account._JWTAccessCredentials` to |
| 148 :class:`google.oauth2.service_account.Credentials`. |
| 149 - :class:`oauth2client.contrib.gce.AppAssertionCredentials` to |
| 150 :class:`google.auth.compute_engine.Credentials`. |
| 151 - :class:`oauth2client.contrib.appengine.AppAssertionCredentials` to |
| 152 :class:`google.auth.app_engine.Credentials`. |
| 153 |
| 154 Returns: |
| 155 google.auth.credentials.Credentials: The converted credentials. |
| 156 |
| 157 Raises: |
| 158 ValueError: If the credentials could not be converted. |
| 159 """ |
| 160 |
| 161 credentials_class = type(credentials) |
| 162 |
| 163 try: |
| 164 return _CLASS_CONVERSION_MAP[credentials_class](credentials) |
| 165 except KeyError: |
| 166 raise ValueError(_CONVERT_ERROR_TMPL.format(credentials_class)) |
OLD | NEW |