| |
| |
| <!DOCTYPE html> |
| <!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]--> |
| <!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]--> |
| <head> |
| <meta charset="utf-8"> |
| |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> |
| |
| <title>apache_beam.internal.gcp.auth — Apache Beam documentation</title> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| <link rel="stylesheet" href="../../../../_static/css/theme.css" type="text/css" /> |
| |
| |
| |
| |
| |
| <link rel="index" title="Index" |
| href="../../../../genindex.html"/> |
| <link rel="search" title="Search" href="../../../../search.html"/> |
| <link rel="top" title="Apache Beam documentation" href="../../../../index.html"/> |
| <link rel="up" title="Module code" href="../../../index.html"/> |
| |
| |
| <script src="../../../../_static/js/modernizr.min.js"></script> |
| |
| </head> |
| |
| <body class="wy-body-for-nav" role="document"> |
| |
| |
| <div class="wy-grid-for-nav"> |
| |
| |
| <nav data-toggle="wy-nav-shift" class="wy-nav-side"> |
| <div class="wy-side-scroll"> |
| <div class="wy-side-nav-search"> |
| |
| |
| |
| <a href="../../../../index.html" class="icon icon-home"> Apache Beam |
| |
| |
| |
| </a> |
| |
| |
| |
| |
| |
| |
| |
| <div role="search"> |
| <form id="rtd-search-form" class="wy-form" action="../../../../search.html" method="get"> |
| <input type="text" name="q" placeholder="Search docs" /> |
| <input type="hidden" name="check_keywords" value="yes" /> |
| <input type="hidden" name="area" value="default" /> |
| </form> |
| </div> |
| |
| |
| </div> |
| |
| <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation"> |
| |
| |
| |
| |
| |
| |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../../../../apache_beam.coders.html">apache_beam.coders package</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../../../../apache_beam.internal.html">apache_beam.internal package</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../../../../apache_beam.io.html">apache_beam.io package</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../../../../apache_beam.metrics.html">apache_beam.metrics package</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../../../../apache_beam.options.html">apache_beam.options package</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../../../../apache_beam.portability.html">apache_beam.portability package</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../../../../apache_beam.runners.html">apache_beam.runners package</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../../../../apache_beam.testing.html">apache_beam.testing package</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../../../../apache_beam.tools.html">apache_beam.tools package</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../../../../apache_beam.transforms.html">apache_beam.transforms package</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../../../../apache_beam.typehints.html">apache_beam.typehints package</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../../../../apache_beam.utils.html">apache_beam.utils package</a></li> |
| </ul> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../../../../apache_beam.error.html">apache_beam.error module</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../../../../apache_beam.pipeline.html">apache_beam.pipeline module</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../../../../apache_beam.pvalue.html">apache_beam.pvalue module</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../../../../apache_beam.version.html">apache_beam.version module</a></li> |
| </ul> |
| |
| |
| |
| </div> |
| </div> |
| </nav> |
| |
| <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> |
| |
| |
| <nav class="wy-nav-top" role="navigation" aria-label="top navigation"> |
| |
| <i data-toggle="wy-nav-top" class="fa fa-bars"></i> |
| <a href="../../../../index.html">Apache Beam</a> |
| |
| </nav> |
| |
| |
| |
| <div class="wy-nav-content"> |
| <div class="rst-content"> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| <div role="navigation" aria-label="breadcrumbs navigation"> |
| |
| <ul class="wy-breadcrumbs"> |
| |
| <li><a href="../../../../index.html">Docs</a> »</li> |
| |
| <li><a href="../../../index.html">Module code</a> »</li> |
| |
| <li>apache_beam.internal.gcp.auth</li> |
| |
| |
| <li class="wy-breadcrumbs-aside"> |
| |
| |
| |
| </li> |
| |
| </ul> |
| |
| |
| <hr/> |
| </div> |
| <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article"> |
| <div itemprop="articleBody"> |
| |
| <h1>Source code for apache_beam.internal.gcp.auth</h1><div class="highlight"><pre> |
| <span></span><span class="c1">#</span> |
| <span class="c1"># Licensed to the Apache Software Foundation (ASF) under one or more</span> |
| <span class="c1"># contributor license agreements. See the NOTICE file distributed with</span> |
| <span class="c1"># this work for additional information regarding copyright ownership.</span> |
| <span class="c1"># The ASF licenses this file to You under the Apache License, Version 2.0</span> |
| <span class="c1"># (the "License"); you may not use this file except in compliance with</span> |
| <span class="c1"># the License. You may obtain a copy of the License at</span> |
| <span class="c1">#</span> |
| <span class="c1"># http://www.apache.org/licenses/LICENSE-2.0</span> |
| <span class="c1">#</span> |
| <span class="c1"># Unless required by applicable law or agreed to in writing, software</span> |
| <span class="c1"># distributed under the License is distributed on an "AS IS" BASIS,</span> |
| <span class="c1"># WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span> |
| <span class="c1"># See the License for the specific language governing permissions and</span> |
| <span class="c1"># limitations under the License.</span> |
| <span class="c1">#</span> |
| |
| <span class="sd">"""Dataflow credentials and authentication."""</span> |
| |
| <span class="kn">from</span> <span class="nn">__future__</span> <span class="k">import</span> <span class="n">absolute_import</span> |
| |
| <span class="kn">import</span> <span class="nn">datetime</span> |
| <span class="kn">import</span> <span class="nn">json</span> |
| <span class="kn">import</span> <span class="nn">logging</span> |
| <span class="kn">import</span> <span class="nn">os</span> |
| |
| <span class="kn">from</span> <span class="nn">future.moves.urllib.request</span> <span class="k">import</span> <span class="n">Request</span> |
| <span class="kn">from</span> <span class="nn">future.moves.urllib.request</span> <span class="k">import</span> <span class="n">urlopen</span> |
| <span class="kn">from</span> <span class="nn">oauth2client.client</span> <span class="k">import</span> <span class="n">GoogleCredentials</span> |
| <span class="kn">from</span> <span class="nn">oauth2client.client</span> <span class="k">import</span> <span class="n">OAuth2Credentials</span> |
| |
| <span class="kn">from</span> <span class="nn">apache_beam.utils</span> <span class="k">import</span> <span class="n">retry</span> |
| |
| <span class="c1"># When we are running in GCE, we can authenticate with VM credentials.</span> |
| <span class="n">is_running_in_gce</span> <span class="o">=</span> <span class="kc">False</span> |
| |
| <span class="c1"># When we are running in GCE, this value is set based on worker startup</span> |
| <span class="c1"># information.</span> |
| <span class="n">executing_project</span> <span class="o">=</span> <span class="kc">None</span> |
| |
| |
| <div class="viewcode-block" id="set_running_in_gce"><a class="viewcode-back" href="../../../../apache_beam.internal.gcp.auth.html#apache_beam.internal.gcp.auth.set_running_in_gce">[docs]</a><span class="k">def</span> <span class="nf">set_running_in_gce</span><span class="p">(</span><span class="n">worker_executing_project</span><span class="p">):</span> |
| <span class="sd">"""For internal use only; no backwards-compatibility guarantees.</span> |
| |
| <span class="sd"> Informs the authentication library that we are running in GCE.</span> |
| |
| <span class="sd"> When we are running in GCE, we have the option of using the VM metadata</span> |
| <span class="sd"> credentials for authentication to Google services.</span> |
| |
| <span class="sd"> Args:</span> |
| <span class="sd"> worker_executing_project: The project running the workflow. This information</span> |
| <span class="sd"> comes from worker startup information.</span> |
| <span class="sd"> """</span> |
| <span class="k">global</span> <span class="n">is_running_in_gce</span> |
| <span class="k">global</span> <span class="n">executing_project</span> |
| <span class="n">is_running_in_gce</span> <span class="o">=</span> <span class="kc">True</span> |
| <span class="n">executing_project</span> <span class="o">=</span> <span class="n">worker_executing_project</span></div> |
| |
| |
| <div class="viewcode-block" id="AuthenticationException"><a class="viewcode-back" href="../../../../apache_beam.internal.gcp.auth.html#apache_beam.internal.gcp.auth.AuthenticationException">[docs]</a><span class="k">class</span> <span class="nc">AuthenticationException</span><span class="p">(</span><span class="n">retry</span><span class="o">.</span><span class="n">PermanentException</span><span class="p">):</span> |
| <span class="k">pass</span></div> |
| |
| |
| <span class="k">class</span> <span class="nc">_GCEMetadataCredentials</span><span class="p">(</span><span class="n">OAuth2Credentials</span><span class="p">):</span> |
| <span class="sd">"""For internal use only; no backwards-compatibility guarantees.</span> |
| |
| <span class="sd"> Credential object initialized using access token from GCE VM metadata."""</span> |
| |
| <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">user_agent</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span> |
| <span class="sd">"""Create an instance of GCEMetadataCredentials.</span> |
| |
| <span class="sd"> These credentials are generated by contacting the metadata server on a GCE</span> |
| <span class="sd"> VM instance.</span> |
| |
| <span class="sd"> Args:</span> |
| <span class="sd"> user_agent: string, The HTTP User-Agent to provide for this application.</span> |
| <span class="sd"> """</span> |
| <span class="nb">super</span><span class="p">(</span><span class="n">_GCEMetadataCredentials</span><span class="p">,</span> <span class="bp">self</span><span class="p">)</span><span class="o">.</span><span class="fm">__init__</span><span class="p">(</span> |
| <span class="kc">None</span><span class="p">,</span> <span class="c1"># access_token</span> |
| <span class="kc">None</span><span class="p">,</span> <span class="c1"># client_id</span> |
| <span class="kc">None</span><span class="p">,</span> <span class="c1"># client_secret</span> |
| <span class="kc">None</span><span class="p">,</span> <span class="c1"># refresh_token</span> |
| <span class="n">datetime</span><span class="o">.</span><span class="n">datetime</span><span class="p">(</span><span class="mi">2010</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">1</span><span class="p">),</span> <span class="c1"># token_expiry, set to time in past.</span> |
| <span class="kc">None</span><span class="p">,</span> <span class="c1"># token_uri</span> |
| <span class="n">user_agent</span><span class="p">)</span> |
| |
| <span class="nd">@retry</span><span class="o">.</span><span class="n">with_exponential_backoff</span><span class="p">(</span> |
| <span class="n">retry_filter</span><span class="o">=</span><span class="n">retry</span><span class="o">.</span><span class="n">retry_on_server_errors_and_timeout_filter</span><span class="p">)</span> |
| <span class="k">def</span> <span class="nf">_refresh</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">http_request</span><span class="p">):</span> |
| <span class="n">refresh_time</span> <span class="o">=</span> <span class="n">datetime</span><span class="o">.</span><span class="n">datetime</span><span class="o">.</span><span class="n">utcnow</span><span class="p">()</span> |
| <span class="n">metadata_root</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">environ</span><span class="o">.</span><span class="n">get</span><span class="p">(</span> |
| <span class="s1">'GCE_METADATA_ROOT'</span><span class="p">,</span> <span class="s1">'metadata.google.internal'</span><span class="p">)</span> |
| <span class="n">token_url</span> <span class="o">=</span> <span class="p">(</span><span class="s1">'http://</span><span class="si">{}</span><span class="s1">/computeMetadata/v1/instance/service-accounts/'</span> |
| <span class="s1">'default/token'</span><span class="p">)</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">metadata_root</span><span class="p">)</span> |
| <span class="n">req</span> <span class="o">=</span> <span class="n">Request</span><span class="p">(</span><span class="n">token_url</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="s1">'Metadata-Flavor'</span><span class="p">:</span> <span class="s1">'Google'</span><span class="p">})</span> |
| <span class="n">token_data</span> <span class="o">=</span> <span class="n">json</span><span class="o">.</span><span class="n">loads</span><span class="p">(</span><span class="n">urlopen</span><span class="p">(</span><span class="n">req</span><span class="p">)</span><span class="o">.</span><span class="n">read</span><span class="p">())</span> |
| <span class="bp">self</span><span class="o">.</span><span class="n">access_token</span> <span class="o">=</span> <span class="n">token_data</span><span class="p">[</span><span class="s1">'access_token'</span><span class="p">]</span> |
| <span class="bp">self</span><span class="o">.</span><span class="n">token_expiry</span> <span class="o">=</span> <span class="p">(</span><span class="n">refresh_time</span> <span class="o">+</span> |
| <span class="n">datetime</span><span class="o">.</span><span class="n">timedelta</span><span class="p">(</span><span class="n">seconds</span><span class="o">=</span><span class="n">token_data</span><span class="p">[</span><span class="s1">'expires_in'</span><span class="p">]))</span> |
| |
| |
| <div class="viewcode-block" id="get_service_credentials"><a class="viewcode-back" href="../../../../apache_beam.internal.gcp.auth.html#apache_beam.internal.gcp.auth.get_service_credentials">[docs]</a><span class="k">def</span> <span class="nf">get_service_credentials</span><span class="p">():</span> |
| <span class="sd">"""For internal use only; no backwards-compatibility guarantees.</span> |
| |
| <span class="sd"> Get credentials to access Google services."""</span> |
| <span class="n">user_agent</span> <span class="o">=</span> <span class="s1">'beam-python-sdk/1.0'</span> |
| <span class="k">if</span> <span class="n">is_running_in_gce</span><span class="p">:</span> |
| <span class="c1"># We are currently running as a GCE taskrunner worker.</span> |
| <span class="c1">#</span> |
| <span class="c1"># TODO(ccy): It's not entirely clear if these credentials are thread-safe.</span> |
| <span class="c1"># If so, we can cache these credentials to save the overhead of creating</span> |
| <span class="c1"># them again.</span> |
| <span class="k">return</span> <span class="n">_GCEMetadataCredentials</span><span class="p">(</span><span class="n">user_agent</span><span class="o">=</span><span class="n">user_agent</span><span class="p">)</span> |
| <span class="k">else</span><span class="p">:</span> |
| <span class="n">client_scopes</span> <span class="o">=</span> <span class="p">[</span> |
| <span class="s1">'https://www.googleapis.com/auth/bigquery'</span><span class="p">,</span> |
| <span class="s1">'https://www.googleapis.com/auth/cloud-platform'</span><span class="p">,</span> |
| <span class="s1">'https://www.googleapis.com/auth/devstorage.full_control'</span><span class="p">,</span> |
| <span class="s1">'https://www.googleapis.com/auth/userinfo.email'</span><span class="p">,</span> |
| <span class="s1">'https://www.googleapis.com/auth/datastore'</span> |
| <span class="p">]</span> |
| |
| <span class="k">try</span><span class="p">:</span> |
| <span class="n">credentials</span> <span class="o">=</span> <span class="n">GoogleCredentials</span><span class="o">.</span><span class="n">get_application_default</span><span class="p">()</span> |
| <span class="n">credentials</span> <span class="o">=</span> <span class="n">credentials</span><span class="o">.</span><span class="n">create_scoped</span><span class="p">(</span><span class="n">client_scopes</span><span class="p">)</span> |
| <span class="n">logging</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="s1">'Connecting using Google Application Default '</span> |
| <span class="s1">'Credentials.'</span><span class="p">)</span> |
| <span class="k">return</span> <span class="n">credentials</span> |
| <span class="k">except</span> <span class="ne">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> |
| <span class="n">logging</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span> |
| <span class="s1">'Unable to find default credentials to use: </span><span class="si">%s</span><span class="se">\n</span><span class="s1">'</span> |
| <span class="s1">'Connecting anonymously.'</span><span class="p">,</span> <span class="n">e</span><span class="p">)</span> |
| <span class="k">return</span> <span class="kc">None</span></div> |
| </pre></div> |
| |
| </div> |
| <div class="articleComments"> |
| |
| </div> |
| </div> |
| <footer> |
| |
| |
| <hr/> |
| |
| <div role="contentinfo"> |
| <p> |
| © Copyright . |
| |
| </p> |
| </div> |
| Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>. |
| |
| </footer> |
| |
| </div> |
| </div> |
| |
| </section> |
| |
| </div> |
| |
| |
| |
| |
| |
| <script type="text/javascript"> |
| var DOCUMENTATION_OPTIONS = { |
| URL_ROOT:'../../../../', |
| VERSION:'', |
| COLLAPSE_INDEX:false, |
| FILE_SUFFIX:'.html', |
| HAS_SOURCE: true, |
| SOURCELINK_SUFFIX: '.txt' |
| }; |
| </script> |
| <script type="text/javascript" src="../../../../_static/jquery.js"></script> |
| <script type="text/javascript" src="../../../../_static/underscore.js"></script> |
| <script type="text/javascript" src="../../../../_static/doctools.js"></script> |
| |
| |
| |
| |
| |
| <script type="text/javascript" src="../../../../_static/js/theme.js"></script> |
| |
| |
| |
| |
| <script type="text/javascript"> |
| jQuery(function () { |
| SphinxRtdTheme.StickyNav.enable(); |
| }); |
| </script> |
| |
| |
| </body> |
| </html> |