lib/gce.py: Use the new usable auth feature

I spoke with the Google API Python client library authors. They confirmed that a
complete solution for service account json keys is not yet available, but there
is already a publich API that we can use in non-interpersonate cases.
GoogleCredentials implements whatever I had to manually do for json key parsing.

BUG=brillo:1196
TEST=Unit tests in CL:299694 and a trybot run against a config that has GCE
tests enabled.

Change-Id: I7180463b1fb392e90068e0999cd47462ce1b1419
Reviewed-on: https://chromium-review.googlesource.com/302043
Commit-Ready: Daniel Wang <wonderfly@google.com>
Tested-by: Daniel Wang <wonderfly@google.com>
Reviewed-by: Fang Deng <fdeng@chromium.org>
diff --git a/lib/gce.py b/lib/gce.py
index c172896..609c90c 100644
--- a/lib/gce.py
+++ b/lib/gce.py
@@ -10,14 +10,11 @@
 
 from __future__ import print_function
 
-import json
-
 from chromite.lib import cros_logging as logging
 from chromite.lib import timeout_util
 from googleapiclient.discovery import build
 from googleapiclient import errors
-from oauth2client.client import SERVICE_ACCOUNT
-from oauth2client.service_account import _ServiceAccountCredentials
+from oauth2client.client import GoogleCredentials
 
 
 class Error(Exception):
@@ -43,7 +40,7 @@
     self.error = error
 
   def __str__(self):
-    return ('GCE API failure. %s: %s' % (type(self.error), str(self.error)))
+    return 'GCE API failure. %s: %s' % (type(self.error), str(self.error))
 
 
 class GceContext(object):
@@ -87,22 +84,8 @@
     Returns:
       GceContext.
     """
-    with open(json_key_file) as keyfile:
-      service_account_info = json.load(keyfile)
-
-    account_type = service_account_info.get('type')
-    if account_type != SERVICE_ACCOUNT:
-        raise CredentialsError(
-            'Invalid service account credentials: %s' % (json_key_file))
-    # pylint: disable=protected-access
-    credentials = _ServiceAccountCredentials(
-        service_account_id=service_account_info['client_id'],
-        service_account_email=service_account_info['client_email'],
-        private_key_id=service_account_info['private_key_id'],
-        private_key_pkcs8_text=service_account_info['private_key'],
-        scopes=cls.GCE_SCOPES)
-    # pylint: enable=protected-access
-
+    credentials = GoogleCredentials.from_stream(json_key_file).create_scoped(
+        cls.GCE_SCOPES)
     return GceContext(project, zone, network, credentials)
 
   def CreateInstance(self, name, image, machine_type=DEFAULT_MACHINE_TYPE,