# Copyright 2021 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. """ Authentication validation to be called from ../pre_validations.py """ import google.auth import sys from googleapiclient.discovery import Resource from gce_rescue.tasks.validations.api import api_service from gce_rescue.test.mocks import mock_api_object PROJECT = '' def _get_auth(): global PROJECT try: credentials, adc_project = google.auth.default() if not adc_project and not PROJECT: msg = _info_no_project() print(msg, file=sys.stderr) sys.exit(1) if not PROJECT and adc_project: PROJECT = adc_project return credentials except google.auth.exceptions.DefaultCredentialsError: msg = _info_auth_cred() print(msg, file=sys.stderr) sys.exit(1) def authenticate_check( zone: str, instance_name: str, project: str = None, test_mode: bool = False ) -> Resource: global PROJECT PROJECT = project if test_mode: service = mock_api_object(['compute']) return service credentials = _get_auth() if not credentials: return False # service = googleapiclient.discovery.build( # 'compute', # 'v1', # credentials = credentials # ) service = api_service('compute', 'v1', credentials) request = service.instances().get( project = PROJECT, zone = zone, instance = instance_name) try: request.execute() return service except google.auth.exceptions.RefreshError: msg = _info_auth_refresh() print(msg, file=sys.stderr) sys.exit(1) def project_name() -> str: return PROJECT def _info_auth_refresh() -> str: return ( ' Please use application-default Credentials (ADC) to authenticate:\n' ' $ gcloud auth login --update-adc' ) def _info_auth_cred() -> str: return ( ' Please use application-default Credentions (ADC) to authenticate:\n' ' $ gcloud auth application-default login\n' f' $ gcloud auth application-default set-quota-project {PROJECT}' ) def _info_no_project() -> str: return ( ' Was not possible to find the project where the VM is created.\n' ' You can use the option --project to declare the project-id or ' 'set to your configuration:\n' ' $ gcloud config set project PROJECT_ID' )