OAuth token cache file (as implemented by oauth2client library) stores refresh
token and can in theory be deployed via Puppet as the credential. But it is
mutated by the library (to store access tokens, rotated each hour), and so it is
not static and managing it via Puppet (or however else) is a big pain.
Instead, now depot_tools accepts --auth-refresh-token-json parameter with a path
to a static JSON file (with minimal body being {"refresh_token": "....."}). It
can be used to pass previously prepared refresh tokens of role accounts. It
will be used for blink DEPS roller account and similar @chromium.org accounts.
R=maruel@chromium.org
BUG=356813
Review URL: https://codereview.chromium.org/1060193005
git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294870 0039d316-1c4b-4281-b951-d872f2087c98
This code path is not actually used yet, so the typo wasn't caught earlier.
Also make sure access tokens have 'str' type, not 'unicode'.
R=nodir@chromium.org
BUG=356813
Review URL: https://codereview.chromium.org/1082133002
git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294789 0039d316-1c4b-4281-b951-d872f2087c98
This CL introduces new top level command for managing cached auth tokens:
$ depot-tools-auth login codereview.chromium.org
$ depot-tools-auth info codereview.chromium.org
$ depot-tools-auth logout codereview.chromium.org
All scripts that use rietveld.Rietveld internally should be able to use cached
credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth'
is the only way to run login flow. If some scripts stumbles over expired or
revoked token, it dies with the error, asking user to run
'depot-tools-auth login <hostname>'.
Password login is still default. OAuth2 can be enabled by passing --oauth2 to
all scripts.
R=maruel@chromium.org
BUG=356813
Review URL: https://codereview.chromium.org/1074673002
git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
It is done in preparation for switching to OAuth2 as default (and only)
authentication method. Having all auth options handled by the same code makes it
easier to gradually add OAuth2 support.
As part of this, some options that would no longer work with OAuth2 (and that
are not being used from anywhere now, as far as I can tell) are removed:
* Passing account password for authentication via command line.
* Overriding 'Host' header when making requests to Rietveld (won't work with
SSL anyway).
* --account_type option (seems to be ClientLogin specific).
R=maruel@chromium.org
BUG=356813
Review URL: https://codereview.chromium.org/1075723002
git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294746 0039d316-1c4b-4281-b951-d872f2087c98
vadimsh@chromium.org