3 fY2*@sdZddlZddlZddlZddlZddlmZddlmZddlZ ej e Z dZ dZe efZdjejdjZd d Zd d Zd dZddZdddZdddZdS)zgApplication default credentials. Implements application default credentials and project ID detection. N)environment_vars) exceptionsZauthorized_userservice_accountz Could not automatically determine credentials. Please set {env} or explicitly create credential and re-run the application. For more information, please see https://developers.google.com/accounts/docs/application-default-credentials. )envc&Cshtjj|stjdj|tj|dJ}ytj |}Wn4t k rl}ztjdj||WYdd}~XnXWdQRX|j d}|t krddl m}y|j|}Wn4t k r}ztjdj||WYdd}~XnX|dfS|tkrNdd lm}y|jj|}Wn6t k r>}ztjd j||WYdd}~XnX||j d fStjd j||td dS)a'Loads credentials from a file. The credentials file must be a service account key or stored authorized user credentials. Args: filename (str): The full path to the credentials file. Returns: Tuple[google.auth.credentials.Credentials, Optional[str]]: Loaded credentials and the project ID. Authorized user credentials do not have the project ID information. Raises: google.auth.exceptions.DefaultCredentialsError: if the file is in the wrong format or is missing. zFile {} was not found.rz!File {} is not a valid json file.Ntyper) _cloud_sdkz2Failed to load authorized user credentials from {})rz2Failed to load service account credentials from {} project_idzZThe file {file} does not have a valid type. Type is {type}, expected one of {valid_types}.)filer valid_types)ospathexistsrDefaultCredentialsErrorformatioopenjsonload ValueErrorget_AUTHORIZED_USER_TYPE google.authrZ load_authorized_user_credentials_SERVICE_ACCOUNT_TYPEZ google.oauth2r CredentialsZfrom_service_account_info _VALID_TYPES)filenameZfile_objinfoexcZcredential_typer credentialsrr E/Users/olari/OneDrive/sandbox/awsBlog2/lambda/google/auth/_default.py_load_credentials_from_file-s>  *    r"cCsVddlm}|j}tjj|s$dSt|\}}|s<|j}|sNtj dt j ||fS)z7Gets the credentials and project ID from the Cloud SDK.r)rNzNo project ID could be determined from the Cloud SDK configuration. Consider running `gcloud config set project` or setting the %s environment variable)NN) rrZ(get_application_default_credentials_pathr r isfiler"get_project_id_LOGGERwarningrPROJECT)rZcredentials_filenamerr r r r!_get_gcloud_sdk_credentialsms   r(cCsPtjjtj}|dk rHttjtj\}}|s@tjdtjtj||fSdSdS)zRGets credentials from the GOOGLE_APPLICATION_CREDENTIALS environment variable.NziNo project ID could be determined from the credentials at %s Consider setting the %s environment variable)NN) r environrr CREDENTIALSr"r%r&r')Z explicit_filerr r r r!!_get_explicit_environ_credentialss r+c Cs>ddlm}y|j}|j}||fStk r8dSXdS)z?Gets Google App Engine App Identity credentials and project ID.r) app_engineN)NN)rr,rr$EnvironmentError)r,rr r r r!_get_gae_credentialss r.c Csddlm}ddlm}|dkr.tjjjj}|j |dry|j |d}Wn(t j k rrt jdtjd}YnX|j|fSdSdS)z>Gets credentials and project ID from the GCE Metadata Service.r)compute_engine) _metadataN)requestzyNo project ID could be determined from the Compute Engine metadata service. Consider setting the %s environment variable.)NN)rr/Zgoogle.auth.compute_enginer0googleauth transportZ _http_clientRequestpingr$rZTransportErrorr%r&rr'r)r1r/r0r r r r!_get_gce_credentialss     r7cs~ddlm}tjjtjtjjtj}tt t fddf}x4|D],}|\}}|dk r@|||}||ph|fSq@Wt j t dS)ao Gets the default credentials for the current environment. `Application Default Credentials`_ provides an easy way to obtain credentials to call Google APIs for server-to-server or local applications. This function acquires credentials from the environment in the following order: 1. If the environment variable ``GOOGLE_APPLICATION_CREDENTIALS`` is set to the path of a valid service account JSON private key file, then it is loaded and returned. The project ID returned is the project ID defined in the service account file if available (some older files do not contain project ID information). 2. If the `Google Cloud SDK`_ is installed and has application default credentials set they are loaded and returned. To enable application default credentials with the Cloud SDK run:: gcloud auth application-default login If the Cloud SDK has an active project, the project ID is returned. The active project can be set using:: gcloud config set project 3. If the application is running in the `App Engine standard environment`_ then the credentials and project ID from the `App Identity Service`_ are used. 4. If the application is running in `Compute Engine`_ or the `App Engine flexible environment`_ then the credentials and project ID are obtained from the `Metadata Service`_. 5. If no credentials are found, :class:`~google.auth.exceptions.DefaultCredentialsError` will be raised. .. _Application Default Credentials: https://developers.google.com /identity/protocols/application-default-credentials .. _Google Cloud SDK: https://cloud.google.com/sdk .. _App Engine standard environment: https://cloud.google.com/appengine .. _App Identity Service: https://cloud.google.com/appengine/docs/python /appidentity/ .. _Compute Engine: https://cloud.google.com/compute .. _App Engine flexible environment: https://cloud.google.com /appengine/flexible .. _Metadata Service: https://cloud.google.com/compute/docs /storing-retrieving-metadata Example:: import google.auth credentials, project_id = google.auth.default() Args: scopes (Sequence[str]): The list of scopes for the credentials. If specified, the credentials will automatically be scoped if necessary. request (google.auth.transport.Request): An object used to make HTTP requests. This is used to detect whether the application is running on Compute Engine. If not specified, then it will use the standard library http client to make requests. Returns: Tuple[~google.auth.credentials.Credentials, Optional[str]]: the current environment's credentials and project ID. Project ID may be None, which indicates that the Project ID could not be ascertained from the environment. Raises: ~google.auth.exceptions.DefaultCredentialsError: If no credentials were found, or if the credentials found were invalid. r)with_scopes_if_requiredcstS)N)r7r )r1r r!szdefault..N)Zgoogle.auth.credentialsr8r r)rrr'ZLEGACY_PROJECTr+r(r.rr _HELP_MESSAGE)scopesr1r8Zexplicit_project_idcheckerscheckerrr r )r1r!defaultsH    r>)N)NN)__doc__rrloggingr rrrZ"google.auth.transport._http_clientr2 getLogger__name__r%rrrrr*stripr:r"r(r+r.r7r>r r r r!s$   @