aiden
/
depot_tools
mirror of https://chromium.googlesource.com/chromium/tools/depot_tools
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
chrome/4147
chrome/3987
chrome/3865
chrome/3904
infra/config
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c59424e3'
${ noResults }
depot_tools/auth.py

157 lines
4.7 KiB
Python
Raw Normal View History Unescape Escape

Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
# Copyright 2015 The Chromium Authors. All rights reserved.
Extract authentication options handling into a separate function. It is done in preparation for switching to OAuth2 as default (and only) authentication method. Having all auth options handled by the same code makes it easier to gradually add OAuth2 support. As part of this, some options that would no longer work with OAuth2 (and that are not being used from anywhere now, as far as I can tell) are removed: * Passing account password for authentication via command line. * Overriding 'Host' header when making requests to Rietveld (won't work with SSL anyway). * --account_type option (seems to be ClientLogin specific). R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1075723002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294746 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
"""Google OAuth2 related functions."""
Extract authentication options handling into a separate function. It is done in preparation for switching to OAuth2 as default (and only) authentication method. Having all auth options handled by the same code makes it easier to gradually add OAuth2 support. As part of this, some options that would no longer work with OAuth2 (and that are not being used from anywhere now, as far as I can tell) are removed: * Passing account password for authentication via command line. * Overriding 'Host' header when making requests to Rietveld (won't work with SSL anyway). * --account_type option (seems to be ClientLogin specific). R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1075723002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294746 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
Convert print statements to Python 3 style Ran "2to3 -w -n -f print ./" and manually added imports. Ran "^\s*print " and "\s+print " to find batch/shell scripts, comments and the like with embedded code, and updated them manually. Also manually added imports to files, which used print as a function, but were missing the import. The scripts still work with Python 2. There are no intended behaviour changes. Bug: 942522 Change-Id: Id777e4d4df4adcdfdab1b18bde89f235ef491b9f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1595684 Reviewed-by: Dirk Pranke <dpranke@chromium.org> Commit-Queue: Dirk Pranke <dpranke@chromium.org> Auto-Submit: Raul Tambre <raul@tambre.ee>
6 years ago
from __future__ import print_function
Extract authentication options handling into a separate function. It is done in preparation for switching to OAuth2 as default (and only) authentication method. Having all auth options handled by the same code makes it easier to gradually add OAuth2 support. As part of this, some options that would no longer work with OAuth2 (and that are not being used from anywhere now, as far as I can tell) are removed: * Passing account password for authentication via command line. * Overriding 'Host' header when making requests to Rietveld (won't work with SSL anyway). * --account_type option (seems to be ClientLogin specific). R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1075723002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294746 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
import collections
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
import datetime
import functools
import json
import logging
import os
auth: Use luci-auth to get credentials. Bug: 1001756 Change-Id: Ieab5391662e92ec9e2715a81fce2cef41717c2e3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1790607 Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Andrii Shyshkalov <tandrii@google.com>
6 years ago
import subprocess2
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
Revert "Reland "depot_tools: Add httplib2 to .vpython"" This reverts commit 88d7869db09169044c1a0b2d1fbb57f11ffaee2a. Reason for revert: Broke luci-go-presubmit. luci-go development has stopped. https://ci.chromium.org/p/infra/builders/try/luci-go-try-presubmit Original change's description: > Reland "depot_tools: Add httplib2 to .vpython" > > This is a reland of e1410883a38ac3a3491ed470883ec405193442f6 > > Use vpython to execute git_cl.py, gerrit_util.py and presubmit_support.py on recipes. > > Original change's description: > > depot_tools: Add httplib2 to .vpython > > > > Check that things won't break before further changes are made. > > > > Bug: 1002153 > > Change-Id: I41866f26334bf9ec2732bc0f25007234a95130e4 > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1854749 > > Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org> > > Commit-Queue: Andrii Shyshkalov <tandrii@google.com> > > Reviewed-by: Andrii Shyshkalov <tandrii@google.com> > > Bug: 1002153 > Recipe-Nontrivial-Roll: build > Recipe-Nontrivial-Roll: chromiumos > Recipe-Nontrivial-Roll: infra > Recipe-Nontrivial-Roll: skia > Recipe-Nontrivial-Roll: build_limited_scripts_slave > Recipe-Nontrivial-Roll: release_scripts > Change-Id: Id94057eae8830dec197257df3ea35c0c4ff946b7 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1856650 > Reviewed-by: Andrii Shyshkalov <tandrii@google.com> > Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> TBR=tandrii@google.com,ehmaldonado@chromium.org,apolito@google.com Change-Id: Ieecf0bf9164a14542a70ee6343763781a098a4a8 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 1002153 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1858280 Reviewed-by: Nodir Turakulov <nodir@chromium.org> Commit-Queue: Nodir Turakulov <nodir@chromium.org>
5 years ago
from third_party import httplib2
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
[gerrit_util] learn about and use LUCI_CONTEXT when available. Unfortunately, w/o rewrite of gerrit_util, one can't take advantage of existing auth.Authenticator (which also doesn't know about ~/.netrc or .gitcookies, but that's fixable). This rewrite, however, will likely cause issues for nasty scripts outside of depot_tools which use gerrit_util as a Python library. So, I followed outdated way of gerrit_util :( Also contains refactoring of auth library, which was kept backwards compatible for the same reasons as above. R=vadimsh@chromium.org Test-with: led tool Test-artifact: https://ci.chromium.org/swarming/task/3cf4687dfd26ca10?server=chromium-swarm.appspot.com Bug: 834536 Change-Id: I6b84b8b5732aee5d345e2b2ba44f47aaecc0f6c5 Reviewed-on: https://chromium-review.googlesource.com/1018488 Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Andrii Shyshkalov <tandrii@chromium.org>
7 years ago
# This is what most GAE apps require for authentication.
OAUTH_SCOPE_EMAIL = 'https://www.googleapis.com/auth/userinfo.email'
# Gerrit and Git on *.googlesource.com require this scope.
OAUTH_SCOPE_GERRIT = 'https://www.googleapis.com/auth/gerritcodereview'
# Deprecated. Use OAUTH_SCOPE_EMAIL instead.
OAUTH_SCOPES = OAUTH_SCOPE_EMAIL
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
Extract authentication options handling into a separate function. It is done in preparation for switching to OAuth2 as default (and only) authentication method. Having all auth options handled by the same code makes it easier to gradually add OAuth2 support. As part of this, some options that would no longer work with OAuth2 (and that are not being used from anywhere now, as far as I can tell) are removed: * Passing account password for authentication via command line. * Overriding 'Host' header when making requests to Rietveld (won't work with SSL anyway). * --account_type option (seems to be ClientLogin specific). R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1075723002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294746 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
Reland "depot_tools: Stop using oauth2client" This is a reland of 55e5853e5ce49fda2589948c5a0fa6a56d4b3015 Original change's description: > depot_tools: Stop using oauth2client > > Bug: 1001756 > Change-Id: I8a0ca2b0f44b20564a9d3192543a7a69788d8d87 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1854898 > Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> > Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Bug: 1001756 Recipe-Nontrivial-Roll: chromiumos Recipe-Nontrivial-Roll: skia Change-Id: If2f584ce0b327324cfb67ce5f29d80986260bd61 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1867109 Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org>
5 years ago
# Mockable datetime.datetime.utcnow for testing.
def datetime_now():
return datetime.datetime.utcnow()
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
# OAuth access token with its expiration time (UTC datetime or None if unknown).
[gerrit_util] learn about and use LUCI_CONTEXT when available. Unfortunately, w/o rewrite of gerrit_util, one can't take advantage of existing auth.Authenticator (which also doesn't know about ~/.netrc or .gitcookies, but that's fixable). This rewrite, however, will likely cause issues for nasty scripts outside of depot_tools which use gerrit_util as a Python library. So, I followed outdated way of gerrit_util :( Also contains refactoring of auth library, which was kept backwards compatible for the same reasons as above. R=vadimsh@chromium.org Test-with: led tool Test-artifact: https://ci.chromium.org/swarming/task/3cf4687dfd26ca10?server=chromium-swarm.appspot.com Bug: 834536 Change-Id: I6b84b8b5732aee5d345e2b2ba44f47aaecc0f6c5 Reviewed-on: https://chromium-review.googlesource.com/1018488 Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Andrii Shyshkalov <tandrii@chromium.org>
7 years ago
class AccessToken(collections.namedtuple('AccessToken', [
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
'token',
'expires_at',
[gerrit_util] learn about and use LUCI_CONTEXT when available. Unfortunately, w/o rewrite of gerrit_util, one can't take advantage of existing auth.Authenticator (which also doesn't know about ~/.netrc or .gitcookies, but that's fixable). This rewrite, however, will likely cause issues for nasty scripts outside of depot_tools which use gerrit_util as a Python library. So, I followed outdated way of gerrit_util :( Also contains refactoring of auth library, which was kept backwards compatible for the same reasons as above. R=vadimsh@chromium.org Test-with: led tool Test-artifact: https://ci.chromium.org/swarming/task/3cf4687dfd26ca10?server=chromium-swarm.appspot.com Bug: 834536 Change-Id: I6b84b8b5732aee5d345e2b2ba44f47aaecc0f6c5 Reviewed-on: https://chromium-review.googlesource.com/1018488 Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Andrii Shyshkalov <tandrii@chromium.org>
7 years ago
])):
depot_tools: Clean up auth.py Bug: 1001756 Change-Id: I495991c30f7f00de17e7c098e2d88ef7783aff3c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1865265 Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org>
5 years ago
def needs_refresh(self):
[gerrit_util] learn about and use LUCI_CONTEXT when available. Unfortunately, w/o rewrite of gerrit_util, one can't take advantage of existing auth.Authenticator (which also doesn't know about ~/.netrc or .gitcookies, but that's fixable). This rewrite, however, will likely cause issues for nasty scripts outside of depot_tools which use gerrit_util as a Python library. So, I followed outdated way of gerrit_util :( Also contains refactoring of auth library, which was kept backwards compatible for the same reasons as above. R=vadimsh@chromium.org Test-with: led tool Test-artifact: https://ci.chromium.org/swarming/task/3cf4687dfd26ca10?server=chromium-swarm.appspot.com Bug: 834536 Change-Id: I6b84b8b5732aee5d345e2b2ba44f47aaecc0f6c5 Reviewed-on: https://chromium-review.googlesource.com/1018488 Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Andrii Shyshkalov <tandrii@chromium.org>
7 years ago
"""True if this AccessToken should be refreshed."""
if self.expires_at is not None:
Reland "depot_tools: Stop using oauth2client" This is a reland of 55e5853e5ce49fda2589948c5a0fa6a56d4b3015 Original change's description: > depot_tools: Stop using oauth2client > > Bug: 1001756 > Change-Id: I8a0ca2b0f44b20564a9d3192543a7a69788d8d87 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1854898 > Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> > Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Bug: 1001756 Recipe-Nontrivial-Roll: chromiumos Recipe-Nontrivial-Roll: skia Change-Id: If2f584ce0b327324cfb67ce5f29d80986260bd61 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1867109 Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org>
5 years ago
# Allow 30s of clock skew between client and backend.
depot_tools: Clean up auth.py Bug: 1001756 Change-Id: I495991c30f7f00de17e7c098e2d88ef7783aff3c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1865265 Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org>
5 years ago
return datetime_now() + datetime.timedelta(seconds=30) >= self.expires_at
[gerrit_util] learn about and use LUCI_CONTEXT when available. Unfortunately, w/o rewrite of gerrit_util, one can't take advantage of existing auth.Authenticator (which also doesn't know about ~/.netrc or .gitcookies, but that's fixable). This rewrite, however, will likely cause issues for nasty scripts outside of depot_tools which use gerrit_util as a Python library. So, I followed outdated way of gerrit_util :( Also contains refactoring of auth library, which was kept backwards compatible for the same reasons as above. R=vadimsh@chromium.org Test-with: led tool Test-artifact: https://ci.chromium.org/swarming/task/3cf4687dfd26ca10?server=chromium-swarm.appspot.com Bug: 834536 Change-Id: I6b84b8b5732aee5d345e2b2ba44f47aaecc0f6c5 Reviewed-on: https://chromium-review.googlesource.com/1018488 Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Andrii Shyshkalov <tandrii@chromium.org>
7 years ago
# Token without expiration time never expires.
return False
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
depot_tools: Clean up auth.py Bug: 1001756 Change-Id: I495991c30f7f00de17e7c098e2d88ef7783aff3c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1865265 Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org>
5 years ago
class LoginRequiredError(Exception):
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
"""Interaction with the user is required to authenticate."""
auth: Use luci-auth to get credentials. Bug: 1001756 Change-Id: Ieab5391662e92ec9e2715a81fce2cef41717c2e3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1790607 Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Andrii Shyshkalov <tandrii@google.com>
6 years ago
def __init__(self, scopes=OAUTH_SCOPE_EMAIL):
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
msg = (
'You are not logged in. Please login first by running:\n'
auth: Use luci-auth to get credentials. Bug: 1001756 Change-Id: Ieab5391662e92ec9e2715a81fce2cef41717c2e3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1790607 Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Andrii Shyshkalov <tandrii@google.com>
6 years ago
' luci-auth login -scopes %s' % scopes)
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
super(LoginRequiredError, self).__init__(msg)
[gerrit_util] learn about and use LUCI_CONTEXT when available. Unfortunately, w/o rewrite of gerrit_util, one can't take advantage of existing auth.Authenticator (which also doesn't know about ~/.netrc or .gitcookies, but that's fixable). This rewrite, however, will likely cause issues for nasty scripts outside of depot_tools which use gerrit_util as a Python library. So, I followed outdated way of gerrit_util :( Also contains refactoring of auth library, which was kept backwards compatible for the same reasons as above. R=vadimsh@chromium.org Test-with: led tool Test-artifact: https://ci.chromium.org/swarming/task/3cf4687dfd26ca10?server=chromium-swarm.appspot.com Bug: 834536 Change-Id: I6b84b8b5732aee5d345e2b2ba44f47aaecc0f6c5 Reviewed-on: https://chromium-review.googlesource.com/1018488 Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Andrii Shyshkalov <tandrii@chromium.org>
7 years ago
def has_luci_context_local_auth():
depot_tools: Clean up auth.py Bug: 1001756 Change-Id: I495991c30f7f00de17e7c098e2d88ef7783aff3c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1865265 Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org>
5 years ago
"""Returns whether LUCI_CONTEXT should be used for ambient authentication."""
return bool(os.environ.get('LUCI_CONTEXT'))
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
class Authenticator(object):
"""Object that knows how to refresh access tokens when needed.
Args:
depot_tools: Clean up auth.py Bug: 1001756 Change-Id: I495991c30f7f00de17e7c098e2d88ef7783aff3c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1865265 Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org>
5 years ago
scopes: space separated oauth scopes. Defaults to OAUTH_SCOPE_EMAIL.
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
"""
depot_tools: Clean up auth.py Bug: 1001756 Change-Id: I495991c30f7f00de17e7c098e2d88ef7783aff3c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1865265 Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org>
5 years ago
def __init__(self, scopes=OAUTH_SCOPE_EMAIL):
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
self._access_token = None
my_activity.py: update to use oauth for projecthosting BUG=491889 Review URL: https://codereview.chromium.org/1176243002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@295626 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
self._scopes = scopes
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
def has_cached_credentials(self):
Reland "depot_tools: Stop using oauth2client" This is a reland of 55e5853e5ce49fda2589948c5a0fa6a56d4b3015 Original change's description: > depot_tools: Stop using oauth2client > > Bug: 1001756 > Change-Id: I8a0ca2b0f44b20564a9d3192543a7a69788d8d87 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1854898 > Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> > Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Bug: 1001756 Recipe-Nontrivial-Roll: chromiumos Recipe-Nontrivial-Roll: skia Change-Id: If2f584ce0b327324cfb67ce5f29d80986260bd61 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1867109 Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org>
5 years ago
"""Returns True if credentials can be obtained.
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
Reland "depot_tools: Stop using oauth2client" This is a reland of 55e5853e5ce49fda2589948c5a0fa6a56d4b3015 Original change's description: > depot_tools: Stop using oauth2client > > Bug: 1001756 > Change-Id: I8a0ca2b0f44b20564a9d3192543a7a69788d8d87 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1854898 > Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> > Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Bug: 1001756 Recipe-Nontrivial-Roll: chromiumos Recipe-Nontrivial-Roll: skia Change-Id: If2f584ce0b327324cfb67ce5f29d80986260bd61 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1867109 Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org>
5 years ago
If returns False, get_access_token() later will probably ask for interactive
depot_tools: Clean up auth.py Bug: 1001756 Change-Id: I495991c30f7f00de17e7c098e2d88ef7783aff3c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1865265 Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org>
5 years ago
login by raising LoginRequiredError.
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
Reland "depot_tools: Stop using oauth2client" This is a reland of 55e5853e5ce49fda2589948c5a0fa6a56d4b3015 Original change's description: > depot_tools: Stop using oauth2client > > Bug: 1001756 > Change-Id: I8a0ca2b0f44b20564a9d3192543a7a69788d8d87 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1854898 > Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> > Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Bug: 1001756 Recipe-Nontrivial-Roll: chromiumos Recipe-Nontrivial-Roll: skia Change-Id: If2f584ce0b327324cfb67ce5f29d80986260bd61 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1867109 Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org>
5 years ago
If returns True, get_access_token() won't ask for interactive login.
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
"""
depot_tools: Clean up auth.py Bug: 1001756 Change-Id: I495991c30f7f00de17e7c098e2d88ef7783aff3c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1865265 Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org>
5 years ago
return bool(self._get_luci_auth_token())
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
depot_tools: Clean up auth.py Bug: 1001756 Change-Id: I495991c30f7f00de17e7c098e2d88ef7783aff3c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1865265 Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org>
5 years ago
def get_access_token(self):
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
"""Returns AccessToken, refreshing it if necessary.
Raises:
depot_tools: Clean up auth.py Bug: 1001756 Change-Id: I495991c30f7f00de17e7c098e2d88ef7783aff3c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1865265 Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org>
5 years ago
LoginRequiredError if user interaction is required.
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
"""
depot_tools: Clean up auth.py Bug: 1001756 Change-Id: I495991c30f7f00de17e7c098e2d88ef7783aff3c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1865265 Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org>
5 years ago
if self._access_token and not self._access_token.needs_refresh():
return self._access_token
depot_tools: Stop using oauth2client Bug: 1001756 Change-Id: I8a0ca2b0f44b20564a9d3192543a7a69788d8d87 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1854898 Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org>
5 years ago
depot_tools: Clean up auth.py Bug: 1001756 Change-Id: I495991c30f7f00de17e7c098e2d88ef7783aff3c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1865265 Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org>
5 years ago
# Token expired or missing. Maybe some other process already updated it,
# reload from the cache.
self._access_token = self._get_luci_auth_token()
if self._access_token and not self._access_token.needs_refresh():
return self._access_token
Reland "depot_tools: Stop using oauth2client" This is a reland of 55e5853e5ce49fda2589948c5a0fa6a56d4b3015 Original change's description: > depot_tools: Stop using oauth2client > > Bug: 1001756 > Change-Id: I8a0ca2b0f44b20564a9d3192543a7a69788d8d87 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1854898 > Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> > Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Bug: 1001756 Recipe-Nontrivial-Roll: chromiumos Recipe-Nontrivial-Roll: skia Change-Id: If2f584ce0b327324cfb67ce5f29d80986260bd61 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1867109 Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org>
5 years ago
depot_tools: Clean up auth.py Bug: 1001756 Change-Id: I495991c30f7f00de17e7c098e2d88ef7783aff3c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1865265 Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org>
5 years ago
# Nope, still expired. Needs user interaction.
logging.error('Failed to create access token')
raise LoginRequiredError(self._scopes)
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
def authorize(self, http):
"""Monkey patches authentication logic of httplib2.Http instance.
The modified http.request method will add authentication headers to each
request.
Args:
http: An instance of httplib2.Http.
Returns:
A modified instance of http that was passed in.
"""
# Adapted from oauth2client.OAuth2Credentials.authorize.
request_orig = http.request
@functools.wraps(request_orig)
def new_request(
uri, method='GET', body=None, headers=None,
redirections=httplib2.DEFAULT_MAX_REDIRECTS,
connection_type=None):
headers = (headers or {}).copy()
Fix typo in Authorization header name. This code path is not actually used yet, so the typo wasn't caught earlier. Also make sure access tokens have 'str' type, not 'unicode'. R=nodir@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1082133002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294789 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
headers['Authorization'] = 'Bearer %s' % self.get_access_token().token
Reland "depot_tools: Stop using oauth2client" This is a reland of 55e5853e5ce49fda2589948c5a0fa6a56d4b3015 Original change's description: > depot_tools: Stop using oauth2client > > Bug: 1001756 > Change-Id: I8a0ca2b0f44b20564a9d3192543a7a69788d8d87 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1854898 > Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> > Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Bug: 1001756 Recipe-Nontrivial-Roll: chromiumos Recipe-Nontrivial-Roll: skia Change-Id: If2f584ce0b327324cfb67ce5f29d80986260bd61 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1867109 Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org>
5 years ago
return request_orig(
Add OAuth2 support for end users (i.e. 3-legged flow with the browser). This CL introduces new top level command for managing cached auth tokens: $ depot-tools-auth login codereview.chromium.org $ depot-tools-auth info codereview.chromium.org $ depot-tools-auth logout codereview.chromium.org All scripts that use rietveld.Rietveld internally should be able to use cached credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth' is the only way to run login flow. If some scripts stumbles over expired or revoked token, it dies with the error, asking user to run 'depot-tools-auth login <hostname>'. Password login is still default. OAuth2 can be enabled by passing --oauth2 to all scripts. R=maruel@chromium.org BUG=356813 Review URL: https://codereview.chromium.org/1074673002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
10 years ago
uri, method, body, headers, redirections, connection_type)
http.request = new_request
return http
## Private methods.
Reland "depot_tools: Stop using oauth2client" This is a reland of 55e5853e5ce49fda2589948c5a0fa6a56d4b3015 Original change's description: > depot_tools: Stop using oauth2client > > Bug: 1001756 > Change-Id: I8a0ca2b0f44b20564a9d3192543a7a69788d8d87 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1854898 > Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> > Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Bug: 1001756 Recipe-Nontrivial-Roll: chromiumos Recipe-Nontrivial-Roll: skia Change-Id: If2f584ce0b327324cfb67ce5f29d80986260bd61 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1867109 Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org>
5 years ago
def _run_luci_auth_login(self):
"""Run luci-auth login.
Revert "depot_tools: Stop using oauth2client" This reverts commit 55e5853e5ce49fda2589948c5a0fa6a56d4b3015. Reason for revert: File "PRESUBMIT.py", line 11, in CheckChangeOnCommit return input_api.canned_checks.CheckChangedLUCIConfigs(input_api, output_api) File "/usr/local/google/home/abennetts/cr/depot_tools/presubmit_canned_checks.py", line 1421, in CheckChangedLUCIConfigs acc_tkn = authenticator.get_access_token() File "/usr/local/google/home/abennetts/cr/depot_tools/auth.py", line 414, in get_access_token if not self._external_token and allow_user_interaction: AttributeError: 'Authenticator' object has no attribute '_external_token' Original change's description: > depot_tools: Stop using oauth2client > > Bug: 1001756 > Change-Id: I8a0ca2b0f44b20564a9d3192543a7a69788d8d87 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1854898 > Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> > Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> TBR=vadimsh@chromium.org,ehmaldonado@chromium.org Change-Id: I94cf38e82e53e51c66efcb99c51f0e1418e86f49 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 1001756, 1015285 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1866184 Reviewed-by: Edward Lesmes <ehmaldonado@chromium.org> Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org>
5 years ago
Returns:
Reland "depot_tools: Stop using oauth2client" This is a reland of 55e5853e5ce49fda2589948c5a0fa6a56d4b3015 Original change's description: > depot_tools: Stop using oauth2client > > Bug: 1001756 > Change-Id: I8a0ca2b0f44b20564a9d3192543a7a69788d8d87 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1854898 > Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> > Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Bug: 1001756 Recipe-Nontrivial-Roll: chromiumos Recipe-Nontrivial-Roll: skia Change-Id: If2f584ce0b327324cfb67ce5f29d80986260bd61 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1867109 Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org>
5 years ago
AccessToken with credentials.
Revert "depot_tools: Stop using oauth2client" This reverts commit 55e5853e5ce49fda2589948c5a0fa6a56d4b3015. Reason for revert: File "PRESUBMIT.py", line 11, in CheckChangeOnCommit return input_api.canned_checks.CheckChangedLUCIConfigs(input_api, output_api) File "/usr/local/google/home/abennetts/cr/depot_tools/presubmit_canned_checks.py", line 1421, in CheckChangedLUCIConfigs acc_tkn = authenticator.get_access_token() File "/usr/local/google/home/abennetts/cr/depot_tools/auth.py", line 414, in get_access_token if not self._external_token and allow_user_interaction: AttributeError: 'Authenticator' object has no attribute '_external_token' Original change's description: > depot_tools: Stop using oauth2client > > Bug: 1001756 > Change-Id: I8a0ca2b0f44b20564a9d3192543a7a69788d8d87 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1854898 > Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> > Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> TBR=vadimsh@chromium.org,ehmaldonado@chromium.org Change-Id: I94cf38e82e53e51c66efcb99c51f0e1418e86f49 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 1001756, 1015285 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1866184 Reviewed-by: Edward Lesmes <ehmaldonado@chromium.org> Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org>
5 years ago
"""
Reland "depot_tools: Stop using oauth2client" This is a reland of 55e5853e5ce49fda2589948c5a0fa6a56d4b3015 Original change's description: > depot_tools: Stop using oauth2client > > Bug: 1001756 > Change-Id: I8a0ca2b0f44b20564a9d3192543a7a69788d8d87 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1854898 > Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> > Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Bug: 1001756 Recipe-Nontrivial-Roll: chromiumos Recipe-Nontrivial-Roll: skia Change-Id: If2f584ce0b327324cfb67ce5f29d80986260bd61 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1867109 Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org> Reviewed-by: Vadim Shtayura <vadimsh@chromium.org>
5 years ago
logging.debug('Running luci-auth login')
subprocess2.check_call(['luci-auth', 'login', '-scopes', self._scopes])
return self._get_luci_auth_token()
def _get_luci_auth_token(self):
logging.debug('Running luci-auth token')
try:
out, err = subprocess2.check_call_out(
['luci-auth', 'token', '-scopes', self._scopes, '-json-output', '-'],
stdout=subprocess2.PIPE, stderr=subprocess2.PIPE)
logging.debug('luci-auth token stderr:\n%s', err)
token_info = json.loads(out)
return AccessToken(
token_info['token'],
datetime.datetime.utcfromtimestamp(token_info['expiry']))
except subprocess2.CalledProcessError:
return None