Fix error; DASA suggestions (#1236)

* userKey and customer is an invalid combination; userkey and domain is allowed * DASA suggestions I would not use OAUTHFILE to distinguish between normal/DASA, it seems to me that this might lead to oauth2service.json getting deleted by accident. By using enabledasa.txt you can flip between the two modes easily. * Update __init__.py Is this what yuou meant?
2026-06-29 18:31:38 +00:00 · 2020-09-11 08:33:06 -07:00
parent 487e1dc4c1
commit 908edff878
3 changed files with 20 additions and 9 deletions
--- a/src/gam/auth/init.py
+++ b/src/gam/auth/init.py
@@ -2,28 +2,30 @@

 import json
 import os
-import time

 from google.auth.jwt import Credentials as JWTCredentials

 from gam.auth import oauth
 from gam.var import _FN_OAUTH2_TXT
+from gam.var import _FN_OAUTH2SERVICE_JSON
 from gam.var import GC_OAUTH2_TXT
+from gam.var import GC_OAUTH2SERVICE_JSON
+from gam.var import GC_ENABLE_DASA
 from gam.var import GC_Values

 # TODO: Move logic that determines file name into this module. We should be able
 # to discover the file location without accessing a private member or waiting
 # for a global initialization.
-DEFAULT_OAUTH_STORAGE_FILE = _FN_OAUTH2_TXT


 def get_admin_credentials_filename():
    """Gets the name of the file that stores the admin account credentials."""
    # If the environment globals are loaded, use the set global value. It may have
    # some custom name in it. Otherwise, just use the default name.
-    if GC_Values[GC_OAUTH2_TXT]:
-        return GC_Values[GC_OAUTH2_TXT]
-    return DEFAULT_OAUTH_STORAGE_FILE
+    if GC_Values[GC_ENABLE_DASA]:
+        return GC_Values[GC_OAUTH2SERVICE_JSON] if GC_Values[GC_OAUTH2SERVICE_JSON] else _FN_OAUTH2SERVICE_JSON
+    else:
+        return GC_Values[GC_OAUTH2_TXT] if GC_Values[GC_OAUTH2_TXT] else _FN_OAUTH2_TXT


 def get_admin_credentials(api=None):
@@ -33,9 +35,12 @@ def get_admin_credentials(api=None):
        raise oauth.InvalidCredentialsFileError
    with open(credential_file, 'r') as f:
        creds_data = json.load(f)
-    if 'token' in creds_data:
-        return oauth.Credentials.from_credentials_file(credential_file)
-    elif 'private_key' in creds_data:
+    # Validate that enable DASA matches content of authorization file
+    if GC_Values[GC_ENABLE_DASA] and 'private_key' in creds_data:
        audience = f'https://{api}.googleapis.com/'
        return JWTCredentials.from_service_account_info(creds_data,
                                                        audience=audience)
+    elif not GC_Values[GC_ENABLE_DASA] and 'token' in creds_data:
+        return oauth.Credentials.from_credentials_file(credential_file)
+    else:
+        raise oauth.InvalidCredentialsFileError