Source Code for Module oauth2client.gce

 1  # Copyright (C) 2012 Google Inc. 
 2  # 
 3  # Licensed under the Apache License, Version 2.0 (the "License"); 
 4  # you may not use this file except in compliance with the License. 
 5  # You may obtain a copy of the License at 
 6  # 
 7  #      http://www.apache.org/licenses/LICENSE-2.0 
 8  # 
 9  # Unless required by applicable law or agreed to in writing, software 
10  # distributed under the License is distributed on an "AS IS" BASIS, 
11  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
12  # See the License for the specific language governing permissions and 
13  # limitations under the License. 
14   
15  """Utilities for Google Compute Engine 
16   
17  Utilities for making it easier to use OAuth 2.0 on Google Compute Engine. 
18  """ 
19   
20  __author__ = 'jcgregorio@google.com (Joe Gregorio)' 
21   
22  import httplib2 
23  import logging 
24  import uritemplate 
25   
26  from oauth2client import util 
27  from oauth2client.anyjson import simplejson 
28  from oauth2client.client import AccessTokenRefreshError 
29  from oauth2client.client import AssertionCredentials 
30   
31  logger = logging.getLogger(__name__) 
32   
33  # URI Template for the endpoint that returns access_tokens. 
34  META = ('http://metadata.google.internal/0.1/meta-data/service-accounts/' 
35          'default/acquire{?scope}') 
36   
37   
38 -class AppAssertionCredentials(AssertionCredentials): 
39    """Credentials object for Compute Engine Assertion Grants 
40   
41    This object will allow a Compute Engine instance to identify itself to 
42    Google and other OAuth 2.0 servers that can verify assertions. It can be used 
43    for the purpose of accessing data stored under an account assigned to the 
44    Compute Engine instance itself. 
45   
46    This credential does not require a flow to instantiate because it represents 
47    a two legged flow, and therefore has all of the required information to 
48    generate and refresh its own access tokens. 
49    """ 
50   
51    @util.positional(2) 
52 -  def __init__(self, scope, **kwargs): 
53      """Constructor for AppAssertionCredentials 
54   
55      Args: 
56        scope: string or iterable of strings, scope(s) of the credentials being 
57          requested. 
58      """ 
59      self.scope = util.scopes_to_string(scope) 
60   
61      # Assertion type is no longer used, but still in the parent class signature. 
62      super(AppAssertionCredentials, self).__init__(None) 
63   
64    @classmethod 
65 -  def from_json(cls, json): 
66      data = simplejson.loads(json) 
67      return AppAssertionCredentials(data['scope']) 
68   
69 -  def _refresh(self, http_request): 
70      """Refreshes the access_token. 
71   
72      Skip all the storage hoops and just refresh using the API. 
73   
74      Args: 
75        http_request: callable, a callable that matches the method signature of 
76          httplib2.Http.request, used to make the refresh request. 
77   
78      Raises: 
79        AccessTokenRefreshError: When the refresh fails. 
80      """ 
81      uri = uritemplate.expand(META, {'scope': self.scope}) 
82      response, content = http_request(uri) 
83      if response.status == 200: 
84        try: 
85          d = simplejson.loads(content) 
86        except StandardError, e: 
87          raise AccessTokenRefreshError(str(e)) 
88        self.access_token = d['accessToken'] 
89      else: 
90        raise AccessTokenRefreshError(content) 
91