1# Copyright 2014 Google Inc. All Rights Reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#     http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15"""Boto auth plugin for OAuth2.0 for Google Cloud Storage."""
16
17from __future__ import absolute_import
18
19from boto.auth_handler import AuthHandler
20from boto.auth_handler import NotReadyToAuthenticate
21
22from gcs_oauth2_boto_plugin import oauth2_client
23from gcs_oauth2_boto_plugin import oauth2_helper
24
25IS_SERVICE_ACCOUNT = False
26
27
28class OAuth2Auth(AuthHandler):
29
30  capability = ['google-oauth2', 's3']
31
32  def __init__(self, path, config, provider):
33    self.oauth2_client = None
34    if (provider.name == 'google'):
35      if config.has_option('Credentials', 'gs_oauth2_refresh_token'):
36        self.oauth2_client = oauth2_helper.OAuth2ClientFromBotoConfig(config)
37      elif config.has_option('GoogleCompute', 'service_account'):
38        self.oauth2_client = oauth2_client.CreateOAuth2GCEClient()
39    if not self.oauth2_client:
40      raise NotReadyToAuthenticate()
41
42  def add_auth(self, http_request):
43    http_request.headers['Authorization'] = \
44        self.oauth2_client.GetAuthorizationHeader()
45
46
47class OAuth2ServiceAccountAuth(AuthHandler):
48
49  capability = ['google-oauth2', 's3']
50
51  def __init__(self, path, config, provider):
52    if (provider.name == 'google'
53        and config.has_option('Credentials', 'gs_service_key_file')):
54      self.oauth2_client = oauth2_helper.OAuth2ClientFromBotoConfig(config,
55          cred_type=oauth2_client.CredTypes.OAUTH2_SERVICE_ACCOUNT)
56
57      # If we make it to this point, then we will later attempt to authenticate
58      # as a service account based on how the boto auth plugins work. This is
59      # global so that command.py can access this value once it's set.
60      # TODO: replace this approach with a way to get the current plugin
61      # from boto so that we don't have to have global variables.
62      global IS_SERVICE_ACCOUNT
63      IS_SERVICE_ACCOUNT = True
64    else:
65      raise NotReadyToAuthenticate()
66
67  def add_auth(self, http_request):
68    http_request.headers['Authorization'] = \
69        self.oauth2_client.GetAuthorizationHeader()
70
71