3 L(YC@sBdZddlmZddlmZddlmZGdddejejZdS)zGoogle Compute Engine credentials. This module provides authentication for application running on Google Compute Engine using the Compute Engine metadata server. ) credentials) exceptions) _metadatacsJeZdZdZd fdd ZddZddZed d Zed d Z Z S) CredentialsaCompute Engine Credentials. These credentials use the Google Compute Engine metadata server to obtain OAuth 2.0 access tokens associated with the instance's service account. For more information about Compute Engine authentication, including how to configure scopes, see the `Compute Engine authentication documentation`_. .. note:: Compute Engine instances can be created with scopes and therefore these credentials are considered to be 'scoped'. However, you can not use :meth:`~google.auth.credentials.ScopedCredentials.with_scopes` because it is not possible to change the scopes that the instance has. Also note that :meth:`~google.auth.credentials.ScopedCredentials.has_scopes` will not work until the credentials have been refreshed. .. _Compute Engine authentication documentation: https://cloud.google.com/compute/docs/authentication#using defaultcstt|j||_dS)z Args: service_account_email (str): The service account email to use, or 'default'. A Compute Engine instance may have multiple service accounts. N)superr__init___service_account_email)selfservice_account_email) __class__U/private/tmp/pip-build-nl73fm5q/google-auth/google/auth/compute_engine/credentials.pyr1szCredentials.__init__cCs(tj||jd}|d|_|d|_dS)zRetrieve information about the service account. Updates the scopes and retrieves the full service account email. Args: request (google.auth.transport.Request): The object used to make HTTP requests. )service_accountemailZscopesN)rZget_service_account_infor Z_scopes)r requestinfor r r_retrieve_info;s   zCredentials._retrieve_infocCsZy&|j|tj||jd\|_|_Wn.tjk rT}ztj|WYdd}~XnXdS)ajRefresh the access token and scopes. Args: request (google.auth.transport.Request): The object used to make HTTP requests. Raises: google.auth.exceptions.RefreshError: If the Compute Engine metadata service can't be reached if if the instance has not credentials. )rN) rrZget_service_account_tokenr tokenZexpiryrZTransportErrorZ RefreshError)r rexcr r rrefreshKs  zCredentials.refreshcCs|jS)zThe service account email. .. note: This is not guaranteed to be set until :meth`refresh` has been called. )r )r r r rr _sz!Credentials.service_account_emailcCsdS)z4False: Compute Engine credentials can not be scoped.Fr )r r r rrequires_scopeshszCredentials.requires_scopes)r) __name__ __module__ __qualname____doc__rrrpropertyr r __classcell__r r )r rrs   rN)rZ google.authrrZgoogle.auth.compute_enginerZReadOnlyScopedrr r r rs