deepblue/GoogleDriveManagement
1
0
Fork 0
mirror of https://github.com/GAM-team/GAM.git synced 2026-06-28 09:51:36 +00:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity
Files
1b7a43e82b1bedd33ee07f8f9d8551be9a4608ad
GoogleDriveManagement/src/gam/auth/__init__.py
Ross Scroggs 908edff878 Fix error; DASA suggestions (#1236) 
* userKey and customer is an invalid combination; userkey and domain is allowed

* DASA suggestions

I would not use OAUTHFILE to distinguish between normal/DASA, it seems to me that this might lead to oauth2service.json getting deleted by accident.

By using enabledasa.txt you can flip between the two modes easily.

* Update __init__.py

Is this what yuou meant?
2020-09-11 11:33:06 -04:00

47 lines
1.9 KiB
Python
Raw Blame History

"""Authentication/Credentials general purpose and convenience methods."""
import json
import os
from google.auth.jwt import Credentials as JWTCredentials
from gam.auth import oauth
from gam.var import _FN_OAUTH2_TXT
from gam.var import _FN_OAUTH2SERVICE_JSON
from gam.var import GC_OAUTH2_TXT
from gam.var import GC_OAUTH2SERVICE_JSON
from gam.var import GC_ENABLE_DASA
from gam.var import GC_Values
# TODO: Move logic that determines file name into this module. We should be able
# to discover the file location without accessing a private member or waiting
# for a global initialization.
def get_admin_credentials_filename():
"""Gets the name of the file that stores the admin account credentials."""
# If the environment globals are loaded, use the set global value. It may have
# some custom name in it. Otherwise, just use the default name.
if GC_Values[GC_ENABLE_DASA]:
return GC_Values[GC_OAUTH2SERVICE_JSON] if GC_Values[GC_OAUTH2SERVICE_JSON] else _FN_OAUTH2SERVICE_JSON
else:
return GC_Values[GC_OAUTH2_TXT] if GC_Values[GC_OAUTH2_TXT] else _FN_OAUTH2_TXT
def get_admin_credentials(api=None):
"""Gets oauth.Credentials that are authenticated as the domain's admin user."""
credential_file = get_admin_credentials_filename()
if not os.path.isfile(credential_file):
raise oauth.InvalidCredentialsFileError
with open(credential_file, 'r') as f:
creds_data = json.load(f)
# Validate that enable DASA matches content of authorization file
if GC_Values[GC_ENABLE_DASA] and 'private_key' in creds_data:
audience = f'https://{api}.googleapis.com/'
return JWTCredentials.from_service_account_info(creds_data,
audience=audience)
elif not GC_Values[GC_ENABLE_DASA] and 'token' in creds_data:
return oauth.Credentials.from_credentials_file(credential_file)
else:
raise oauth.InvalidCredentialsFileError
Reference in New Issue View Git Blame Copy Permalink