• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2016 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#      http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15"""Helper functions for loading data from a Google service account file."""
16
17import io
18import json
19
20import six
21
22from google.auth import crypt
23
24
25def from_dict(data, require=None):
26    """Validates a dictionary containing Google service account data.
27
28    Creates and returns a :class:`google.auth.crypt.Signer` instance from the
29    private key specified in the data.
30
31    Args:
32        data (Mapping[str, str]): The service account data
33        require (Sequence[str]): List of keys required to be present in the
34            info.
35
36    Returns:
37        google.auth.crypt.Signer: A signer created from the private key in the
38            service account file.
39
40    Raises:
41        ValueError: if the data was in the wrong format, or if one of the
42            required keys is missing.
43    """
44    keys_needed = set(require if require is not None else [])
45
46    missing = keys_needed.difference(six.iterkeys(data))
47
48    if missing:
49        raise ValueError(
50            "Service account info was not in the expected format, missing "
51            "fields {}.".format(", ".join(missing))
52        )
53
54    # Create a signer.
55    signer = crypt.RSASigner.from_service_account_info(data)
56
57    return signer
58
59
60def from_filename(filename, require=None):
61    """Reads a Google service account JSON file and returns its parsed info.
62
63    Args:
64        filename (str): The path to the service account .json file.
65        require (Sequence[str]): List of keys required to be present in the
66            info.
67
68    Returns:
69        Tuple[ Mapping[str, str], google.auth.crypt.Signer ]: The verified
70            info and a signer instance.
71    """
72    with io.open(filename, "r", encoding="utf-8") as json_file:
73        data = json.load(json_file)
74        return data, from_dict(data, require=require)
75