Index: client/third_party/google/auth/app_engine.py |
diff --git a/client/third_party/google/auth/app_engine.py b/client/third_party/google/auth/app_engine.py |
new file mode 100644 |
index 0000000000000000000000000000000000000000..6dc871256ba1e7462190db8d7b3d22c8aa913239 |
--- /dev/null |
+++ b/client/third_party/google/auth/app_engine.py |
@@ -0,0 +1,154 @@ |
+# Copyright 2016 Google Inc. |
+# |
+# Licensed under the Apache License, Version 2.0 (the "License"); |
+# you may not use this file except in compliance with the License. |
+# You may obtain a copy of the License at |
+# |
+# http://www.apache.org/licenses/LICENSE-2.0 |
+# |
+# Unless required by applicable law or agreed to in writing, software |
+# distributed under the License is distributed on an "AS IS" BASIS, |
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
+# See the License for the specific language governing permissions and |
+# limitations under the License. |
+ |
+"""Google App Engine standard environment support. |
+ |
+This module provides authentication and signing for applications running on App |
+Engine in the standard environment using the `App Identity API`_. |
+ |
+ |
+.. _App Identity API: |
+ https://cloud.google.com/appengine/docs/python/appidentity/ |
+""" |
+ |
+import datetime |
+ |
+from google.auth import _helpers |
+from google.auth import credentials |
+from google.auth import crypt |
+ |
+try: |
+ from google.appengine.api import app_identity |
+except ImportError: |
+ app_identity = None |
+ |
+ |
+class Signer(crypt.Signer): |
+ """Signs messages using the App Engine App Identity service. |
+ |
+ This can be used in place of :class:`google.auth.crypt.Signer` when |
+ running in the App Engine standard environment. |
+ """ |
+ |
+ @property |
+ def key_id(self): |
+ """Optional[str]: The key ID used to identify this private key. |
+ |
+ .. warning:: |
+ This is always ``None``. The key ID used by App Engine can not |
+ be reliably determined ahead of time. |
+ """ |
+ return None |
+ |
+ @_helpers.copy_docstring(crypt.Signer) |
+ def sign(self, message): |
+ message = _helpers.to_bytes(message) |
+ _, signature = app_identity.sign_blob(message) |
+ return signature |
+ |
+ |
+def get_project_id(): |
+ """Gets the project ID for the current App Engine application. |
+ |
+ Returns: |
+ str: The project ID |
+ |
+ Raises: |
+ EnvironmentError: If the App Engine APIs are unavailable. |
+ """ |
+ # pylint: disable=missing-raises-doc |
+ # Pylint rightfully thinks EnvironmentError is OSError, but doesn't |
+ # realize it's a valid alias. |
+ if app_identity is None: |
+ raise EnvironmentError( |
+ 'The App Engine APIs are not available.') |
+ return app_identity.get_application_id() |
+ |
+ |
+class Credentials(credentials.Scoped, credentials.Signing, |
+ credentials.Credentials): |
+ """App Engine standard environment credentials. |
+ |
+ These credentials use the App Engine App Identity API to obtain access |
+ tokens. |
+ """ |
+ |
+ def __init__(self, scopes=None, service_account_id=None): |
+ """ |
+ Args: |
+ scopes (Sequence[str]): Scopes to request from the App Identity |
+ API. |
+ service_account_id (str): The service account ID passed into |
+ :func:`google.appengine.api.app_identity.get_access_token`. |
+ If not specified, the default application service account |
+ ID will be used. |
+ |
+ Raises: |
+ EnvironmentError: If the App Engine APIs are unavailable. |
+ """ |
+ # pylint: disable=missing-raises-doc |
+ # Pylint rightfully thinks EnvironmentError is OSError, but doesn't |
+ # realize it's a valid alias. |
+ if app_identity is None: |
+ raise EnvironmentError( |
+ 'The App Engine APIs are not available.') |
+ |
+ super(Credentials, self).__init__() |
+ self._scopes = scopes |
+ self._service_account_id = service_account_id |
+ self._signer = Signer() |
+ |
+ @_helpers.copy_docstring(credentials.Credentials) |
+ def refresh(self, request): |
+ # pylint: disable=unused-argument |
+ token, ttl = app_identity.get_access_token( |
+ self._scopes, self._service_account_id) |
+ expiry = _helpers.utcnow() + datetime.timedelta(seconds=ttl) |
+ |
+ self.token, self.expiry = token, expiry |
+ |
+ @property |
+ def service_account_email(self): |
+ """The service account email.""" |
+ if self._service_account_id is None: |
+ self._service_account_id = app_identity.get_service_account_name() |
+ return self._service_account_id |
+ |
+ @property |
+ def requires_scopes(self): |
+ """Checks if the credentials requires scopes. |
+ |
+ Returns: |
+ bool: True if there are no scopes set otherwise False. |
+ """ |
+ return not self._scopes |
+ |
+ @_helpers.copy_docstring(credentials.Scoped) |
+ def with_scopes(self, scopes): |
+ return Credentials( |
+ scopes=scopes, service_account_id=self._service_account_id) |
+ |
+ @_helpers.copy_docstring(credentials.Signing) |
+ def sign_bytes(self, message): |
+ return self._signer.sign(message) |
+ |
+ @property |
+ @_helpers.copy_docstring(credentials.Signing) |
+ def signer_email(self): |
+ return self.service_account_email |
+ |
+ @property |
+ @_helpers.copy_docstring(credentials.Signing) |
+ def signer(self): |
+ return self._signer |