Lines Matching full:credentials

15 """Application default credentials.
17 Implements application default credentials and project ID detection.
34 # Valid types accepted for file-based credentials.
40 # Help message when no credentials can be found.
42 Could not automatically determine credentials. Please set {env} or \
43 explicitly create credentials and re-run the application. For more \
47     env=environment_vars.CREDENTIALS
50 # Warning when using Cloud SDK user credentials
52 Your application has authenticated using end user credentials from Google \
59 # The subject token type used for AWS external_account credentials.
63 def _warn_about_problematic_credentials(credentials):  argument
64     """Determines if the credentials are problematic.
66     Credentials from the Cloud SDK that are associated with Cloud SDK's project
72     if credentials.client_id == _cloud_sdk.CLOUD_SDK_CLIENT_ID:
79     """Loads Google credentials from a file.
81     The credentials file must be a service account key, stored authorized
82     user credentials or external account credentials.
85         filename (str): The full path to the credentials file.
86         scopes (Optional[Sequence[str]]): The list of scopes for the credentials. If
87             specified, the credentials will automatically be scoped if
95             for a workload identity pool resource (external account credentials).
100         Tuple[google.auth.credentials.Credentials, Optional[str]]: Loaded
101             credentials and the project ID. Authorized user credentials do not
102             have the project ID information. External account credentials project
124     # credentials file or an authorized user credentials file.
128         from google.oauth2 import credentials
131             credentials = credentials.Credentials.from_authorized_user_info(
135             msg = "Failed to load authorized user credentials from {}".format(filename)
139             credentials = credentials.with_quota_project(quota_project_id)
140         if not credentials.quota_project_id:
141             _warn_about_problematic_credentials(credentials)
142         return credentials, None
148             credentials = service_account.Credentials.from_service_account_info(
152             msg = "Failed to load service account credentials from {}".format(filename)
156             credentials = credentials.with_quota_project(quota_project_id)
157         return credentials, info.get("project_id")
160         credentials, project_id = _get_external_account_credentials(
168             credentials = credentials.with_quota_project(quota_project_id)
169         return credentials, project_id
181     """Gets the credentials and project ID from the Cloud SDK."""
184     _LOGGER.debug("Checking Cloud SDK credentials as part of auth process...")
186     # Check if application default credentials exist.
190         _LOGGER.debug("Cloud SDK credentials not found on disk; not using them")
193     credentials, project_id = load_credentials_from_file(
200     return credentials, project_id
204     """Gets credentials from the GOOGLE_APPLICATION_CREDENTIALS environment
209     explicit_file = os.environ.get(environment_vars.CREDENTIALS)
212         "Checking %s for explicit credentials as part of auth process...", explicit_file
217         # file path is cloud sdk credentials path, then we should fall back
220 …"Explicit credentials path %s is the same as Cloud SDK credentials path, fall back to Cloud SDK cr…
226         credentials, project_id = load_credentials_from_file(
227             os.environ[environment_vars.CREDENTIALS], quota_project_id=quota_project_id
230         return credentials, project_id
237     """Gets Google App Engine App Identity credentials and project ID."""
253         credentials = app_engine.Credentials()
255         return credentials, project_id
258 …    "No App Engine library was found so cannot authentication via App Engine Identity Credentials."
264     """Gets credentials and project ID from the GCE Metadata Service."""
265     # Ping requires a transport, but we want application default credentials
289         return compute_engine.Credentials(), project_id
300     """Loads external account Credentials from the parsed external account info.
302     The credentials information must correspond to a supported external account
303     credentials.
307         filename (str): The full path to the credentials file.
308         scopes (Optional[Sequence[str]]): The list of scopes for the credentials. If
309             specified, the credentials will automatically be scoped if
315             for a workload identity pool resource (external account credentials).
320         Tuple[google.auth.credentials.Credentials, Optional[str]]: Loaded
321             credentials and the project ID. External account credentials project
328     # There are currently 2 types of external_account credentials.
330         # Check if configuration corresponds to an AWS credentials.
333         credentials = aws.Credentials.from_info(
338             # Check if configuration corresponds to an Identity Pool credentials.
341             credentials = identity_pool.Credentials.from_info(
346             # supported external_account credentials, raise an error.
348                 "Failed to load external account credentials from {}".format(filename)
353     return credentials, credentials.get_project_id(request=request)
357     """Gets the default credentials for the current environment.
359     `Application Default Credentials`_ provides an easy way to obtain
360     credentials to call Google APIs for server-to-server or local applications.
361     This function acquires credentials from the environment in the following
373        credentials from the current environment (AWS, Azure, etc).
379        credentials set they are loaded and returned.
381        To enable application default credentials with the Cloud SDK run::
391        (first generation) then the credentials and project ID from the
395        environment`_ (second generation) then the credentials and project ID
397     5. If no credentials are found,
400     .. _Application Default Credentials: https://developers.google.com\
401             /identity/protocols/application-default-credentials
417         credentials, project_id = google.auth.default()
420         scopes (Sequence[str]): The list of scopes for the credentials. If
421             specified, the credentials will automatically be scoped if
427             credentials). If not specified, then it will either use the standard
428             library http client to make requests for Compute Engine credentials
430             account credentials.
436         Tuple[~google.auth.credentials.Credentials, Optional[str]]:
437             the current environment's credentials and project ID. Project ID
443             If no credentials were found, or if the credentials found were
446     from google.auth.credentials import with_scopes_if_required
453         # Avoid passing scopes here to prevent passing scopes to user credentials.
455         # safely set on the returned credentials since requires_scopes will
456         # guard against setting scopes on user credentials.
464         credentials, project_id = checker()
465         if credentials is not None:
466             credentials = with_scopes_if_required(
467                 credentials, scopes, default_scopes=default_scopes
470             # For external account credentials, scopes are required to determine
474                 getattr(credentials, "get_project_id", None)
478                 project_id = credentials.get_project_id(request=request)
481                 credentials = credentials.with_quota_project(quota_project_id)
491             return credentials, effective_project_id