lib/gce.py: Use the new usable auth feature
I spoke with the Google API Python client library authors. They confirmed that a
complete solution for service account json keys is not yet available, but there
is already a publich API that we can use in non-interpersonate cases.
GoogleCredentials implements whatever I had to manually do for json key parsing.
BUG=brillo:1196
TEST=Unit tests in CL:299694 and a trybot run against a config that has GCE
tests enabled.
Change-Id: I7180463b1fb392e90068e0999cd47462ce1b1419
Reviewed-on: https://chromium-review.googlesource.com/302043
Commit-Ready: Daniel Wang <wonderfly@google.com>
Tested-by: Daniel Wang <wonderfly@google.com>
Reviewed-by: Fang Deng <fdeng@chromium.org>
diff --git a/lib/gce.py b/lib/gce.py
index c172896..609c90c 100644
--- a/lib/gce.py
+++ b/lib/gce.py
@@ -10,14 +10,11 @@
from __future__ import print_function
-import json
-
from chromite.lib import cros_logging as logging
from chromite.lib import timeout_util
from googleapiclient.discovery import build
from googleapiclient import errors
-from oauth2client.client import SERVICE_ACCOUNT
-from oauth2client.service_account import _ServiceAccountCredentials
+from oauth2client.client import GoogleCredentials
class Error(Exception):
@@ -43,7 +40,7 @@
self.error = error
def __str__(self):
- return ('GCE API failure. %s: %s' % (type(self.error), str(self.error)))
+ return 'GCE API failure. %s: %s' % (type(self.error), str(self.error))
class GceContext(object):
@@ -87,22 +84,8 @@
Returns:
GceContext.
"""
- with open(json_key_file) as keyfile:
- service_account_info = json.load(keyfile)
-
- account_type = service_account_info.get('type')
- if account_type != SERVICE_ACCOUNT:
- raise CredentialsError(
- 'Invalid service account credentials: %s' % (json_key_file))
- # pylint: disable=protected-access
- credentials = _ServiceAccountCredentials(
- service_account_id=service_account_info['client_id'],
- service_account_email=service_account_info['client_email'],
- private_key_id=service_account_info['private_key_id'],
- private_key_pkcs8_text=service_account_info['private_key'],
- scopes=cls.GCE_SCOPES)
- # pylint: enable=protected-access
-
+ credentials = GoogleCredentials.from_stream(json_key_file).create_scoped(
+ cls.GCE_SCOPES)
return GceContext(project, zone, network, credentials)
def CreateInstance(self, name, image, machine_type=DEFAULT_MACHINE_TYPE,