libcloud.common.google module

Module for Google Connection and Authentication classes.

Information about setting up your Google OAUTH2 credentials:

For libcloud, there are two basic methods for authenticating to Google using OAUTH2: Service Accounts and Client IDs for Installed Applications.

Both are initially set up from the Cloud Console Console - https://cloud.google.com/console

Setting up Service Account authentication (note that you need the cryptography package installed to use this):

Go to the Console
Go to your project and then to “APIs & auth” on the left
Click on “Credentials”
Click on “Create New Client ID…”
Select “Service account” and click on “Create Client ID”
Download the Private Key (should happen automatically). The key you download is in JSON format.
Move the .json file to a safe location.
Optionally, you may choose to Generate a PKCS12 key from the Console. It needs to be converted to the PEM format. Please note, the PKCS12 format is deprecated and may be removed in a future release. - Convert the key using OpenSSL (the default password is ‘notasecret’). - Move the .pem file to a safe location.
To Authenticate, you will need to pass the Service Account’s “Email address” in as the user_id and the path to the .pem file as the key.

Setting up Installed Application authentication:

Go to the Console
Go to your project and then to “APIs & auth” on the left
Click on “Credentials”
Select “Installed application” and “Other” then click on “Create Client ID”
To Authenticate, pass in the “Client ID” as the user_id and the “Client secret” as the key
The first time that you do this, the libcloud will give you a URL to visit. Copy and paste the URL into a browser.
When you go to the URL it will ask you to log in (if you aren’t already) and ask you if you want to allow the project access to your account.
Click on Accept and you will be given a code.
Paste that code at the prompt given to you by the Google libcloud connection.
At that point, a token & refresh token will be stored in your home directory and will be used for authentication.

Please remember to secure your keys and access tokens.

exception libcloud.common.google.GoogleAuthError(value)[source]

Bases: LibcloudError

Generic Error class for various authentication errors.

class libcloud.common.google.GoogleAuthType[source]

Bases: object

SA (Service Account), IA (Installed Application), GCE (Auth from a GCE instance with service account enabled) GCS_S3 (Cloud Storage S3 interoperability authentication)

ALL_TYPES = ['SA', 'IA', 'GCE', 'GCS_S3']

GCE = 'GCE'

GCS_S3 = 'GCS_S3'

IA = 'IA'

OAUTH2_TYPES = ['SA', 'IA', 'GCE']

SA = 'SA'

classmethod guess_type(user_id)[source]

classmethod is_oauth2(auth_type)[source]

class libcloud.common.google.GoogleBaseAuthConnection(user_id, key=None, scopes=None, redirect_uri='http://127.0.0.1', login_hint=None, **kwargs)[source]

Bases: ConnectionUserAndKey

Base class for Google Authentication. Should be subclassed for specific types of authentication.

Parameters:

user_id (str) – The email address (for service accounts) or Client ID (for installed apps) to be used for authentication.
key (str) – The RSA Key (for service accounts) or file path containing key or Client Secret (for installed apps) to be used for authentication.
scopes (list) – A list of urls defining the scope of authentication to grant.
redirect_uri (str) – The Redirect URI for the authentication request. See Google OAUTH2 documentation for more info.
login_hint (str) – Login hint for authentication request. Useful for Installed Application authentication.

add_default_headers(headers)[source]: Add defaults for ‘Content-Type’ and ‘Host’ headers.

auth_path = '/o/oauth2/auth'

driver: alias of GoogleBaseDriver

host: str = 'accounts.google.com'

name = 'Google Auth'

redirect_uri_port = 8087

refresh_token(token_info)[source]

Refresh the current token.

Fetch an updated refresh token from internal metadata service.

Parameters:: token_info (dict) – Dictionary containing token information. (Not used, but here for compatibility)
Returns:: A dictionary containing updated token information.
Return type:: dict

responseCls: alias of GoogleResponse

class libcloud.common.google.GoogleBaseConnection(user_id, key=None, auth_type=None, credential_file=None, scopes=None, **kwargs)[source]

Bases: ConnectionUserAndKey, PollingConnection

Base connection class for interacting with Google APIs.

Determine authentication type, set up appropriate authentication connection and get initial authentication information.

Parameters:

user_id (str) – The email address (for service accounts) or Client ID (for installed apps) to be used for authentication.
key (str) – The RSA Key (for service accounts) or file path containing key or Client Secret (for installed apps) to be used for authentication.
auth_type (str) – See GoogleAuthType class for list and description of accepted values. If not supplied, auth_type will be guessed based on value of user_id or if the code is running on a GCE instance.
credential_file (str) – Path to file for caching authentication information.
scopes (list) – List of OAuth2 scope URLs. The empty default sets read/write access to Compute, Storage, and DNS.

add_default_headers(headers)[source]: @inherits: Connection.add_default_headers

driver: alias of GoogleBaseDriver

encode_data(data)[source]: Encode data to JSON

get_poll_request_kwargs(response, context, request_kwargs)[source]: @inherits: PollingConnection.get_poll_request_kwargs

has_completed(response)[source]

Determine if operation has completed based on response.

Parameters:: response (I{responseCls}) – JSON response
Returns:: True if complete, False otherwise
Return type:: bool

host: str = 'www.googleapis.com'

morph_action_hook(action)[source]

Update action to correct request path.

In many places, the Google API returns a full URL to a resource. This will strip the scheme and host off of the path and just return the request. Otherwise, it will prepend the base request_path to the action.

Parameters:: action (str) – The action to be called in the http request
Returns:: The modified request based on the action
Return type:: str

poll_interval = 2.0

pre_connect_hook(params, headers)[source]

Check to make sure that token hasn’t expired. If it has, get an updated token. Also, add the token to the headers.

@inherits: Connection.pre_connect_hook

request(*args, **kwargs)[source]: @inherits: Connection.request

responseCls: alias of GoogleResponse

timeout: int | float | None = 180

class libcloud.common.google.GoogleBaseDriver(key, secret=None, secure=True, host=None, port=None, api_version=None, region=None, **kwargs)[source]

Bases: BaseDriver

Parameters:

key (str) – API key or username to be used (required)
secret (str) – Secret password to be used (required)
secure (bool) – Whether to use HTTPS or HTTP. Note: Some providers only support HTTPS, and it is on by default.
host (str) – Override hostname used for connections.
port (int) – Override port used for connections.
api_version (str) – Optional API version. Only used by drivers which support multiple API versions.
region (str) – Optional driver region. Only used by drivers which support multiple regions.

Return type:

None

name = 'Google API'

exception libcloud.common.google.GoogleBaseError(value, http_code, code, driver=None)[source]: Bases: ProviderError

class libcloud.common.google.GoogleGCEServiceAcctAuthConnection(user_id, key=None, scopes=None, redirect_uri='http://127.0.0.1', login_hint=None, **kwargs)[source]

Bases: GoogleBaseAuthConnection

Authentication class for self-authentication when used with a GCE instance that supports serviceAccounts.

Parameters:

user_id (str) – The email address (for service accounts) or Client ID (for installed apps) to be used for authentication.
key (str) – The RSA Key (for service accounts) or file path containing key or Client Secret (for installed apps) to be used for authentication.
scopes (list) – A list of urls defining the scope of authentication to grant.
redirect_uri (str) – The Redirect URI for the authentication request. See Google OAUTH2 documentation for more info.
login_hint (str) – Login hint for authentication request. Useful for Installed Application authentication.

get_new_token()[source]

Get a new token from the internal metadata service.

Returns:: Dictionary containing token information
Return type:: dict

class libcloud.common.google.GoogleInstalledAppAuthConnection(user_id, key=None, scopes=None, redirect_uri='http://127.0.0.1', login_hint=None, **kwargs)[source]

Bases: GoogleBaseAuthConnection

Authentication connection for “Installed Application” authentication.

Parameters:

user_id (str) – The email address (for service accounts) or Client ID (for installed apps) to be used for authentication.
key (str) – The RSA Key (for service accounts) or file path containing key or Client Secret (for installed apps) to be used for authentication.
scopes (list) – A list of urls defining the scope of authentication to grant.
redirect_uri (str) – The Redirect URI for the authentication request. See Google OAUTH2 documentation for more info.
login_hint (str) – Login hint for authentication request. Useful for Installed Application authentication.

get_code()[source]

Give the user a URL that they can visit to authenticate.

Mocked in libcloud.test.common.google.GoogleTestCase.

Returns:: Code supplied by the user after authenticating
Return type:: str

get_new_token()[source]

Get a new token. Generally used when no previous token exists or there is no refresh token

Returns:: Dictionary containing token information
Return type:: dict

refresh_token(token_info)[source]

Use the refresh token supplied in the token info to get a new token.

Parameters:: token_info (dict) – Dictionary containing current token information
Returns:: A dictionary containing updated token information.
Return type:: dict

class libcloud.common.google.GoogleOAuth2Credential(user_id, key, auth_type=None, credential_file=None, scopes=None, **kwargs)[source]

Bases: object

property access_token

default_credential_file = '~/.google_libcloud_auth'

property token_expire_utc_datetime

class libcloud.common.google.GoogleResponse(response, connection)[source]

Bases: JsonResponse

Google Base Response class.

Parameters:

response (httplib.HTTPResponse) – HTTP response object. (optional)
connection (Connection) – Parent connection object.

parse_body()[source]

Parse the JSON response body, or raise exceptions as appropriate.

Returns:: JSON dictionary
Return type:: dict

success()[source]

Determine if the request was successful.

For the Google response class, tag all responses as successful and raise appropriate Exceptions from parse_body.

Returns:: C{True}

class libcloud.common.google.GoogleServiceAcctAuthConnection(user_id, key, *args, **kwargs)[source]

Bases: GoogleBaseAuthConnection

Authentication class for “Service Account” authentication.

Check to see if cryptography is available, and convert PEM key file into a key string, or extract the key from JSON object, string or file.

Parameters:

user_id (str) – Email address to be used for Service Account authentication.
key – The path to a PEM/JSON file containing the private RSA

key, or a str/dict containing the PEM/JSON. :type key: str or dict

get_new_token()[source]

Get a new token using the email address and RSA Key.

Returns:: Dictionary containing token information
Return type:: dict

exception libcloud.common.google.InvalidRequestError(value, http_code, code, driver=None)[source]: Bases: GoogleBaseError

exception libcloud.common.google.JsonParseError(value, http_code, code, driver=None)[source]: Bases: GoogleBaseError

exception libcloud.common.google.QuotaExceededError(value, http_code, code, driver=None)[source]: Bases: GoogleBaseError

exception libcloud.common.google.ResourceExistsError(value, http_code, code, driver=None)[source]: Bases: GoogleBaseError

exception libcloud.common.google.ResourceInUseError(value, http_code, code, driver=None)[source]: Bases: GoogleBaseError

exception libcloud.common.google.ResourceNotFoundError(value, http_code, code, driver=None)[source]: Bases: GoogleBaseError