Python google.appengine.api.app_identity.get_service_account_name() Examples
The following are 22
code examples of google.appengine.api.app_identity.get_service_account_name().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
google.appengine.api.app_identity
, or try the search function
.
.
Example #1
| Source File: main.py From python-docs-samples with Apache License 2.0 | 6 votes |
|
def get(self):
auth_token, _ = app_identity.get_access_token(
'https://www.googleapis.com/auth/cloud-platform')
logging.info(
'Using token {} to represent identity {}'.format(
auth_token, app_identity.get_service_account_name()))
response = urlfetch.fetch(
'https://www.googleapis.com/storage/v1/b?project={}'.format(
app_identity.get_application_id()),
method=urlfetch.GET,
headers={
'Authorization': 'Bearer {}'.format(auth_token)
}
)
if response.status_code != 200:
raise Exception(
'Call failed. Status code {}. Body {}'.format(
response.status_code, response.content))
result = json.loads(response.content)
self.response.headers['Content-Type'] = 'application/json'
self.response.write(json.dumps(result, indent=2))
Example #2
| Source File: dschat.py From dschat with MIT License | 5 votes |
|
def create_custom_token(uid, valid_minutes=59):
"""Create a secure token for the given id.
This method is used to create secure custom JWT tokens to be passed to
clients. It takes a unique id (user_id) that will be used by Firebase's
security rules to prevent unauthorized access.
"""
# use the app_identity service from google.appengine.api to get the
# project's service account email automatically
client_email = app_identity.get_service_account_name()
now = int(time.time())
# encode the required claims
# per https://firebase.google.com/docs/auth/server/create-custom-tokens
payload = base64.b64encode(json.dumps({
'iss': client_email,
'sub': client_email,
'aud': _IDENTITY_ENDPOINT,
'uid': uid, # the important parameter, as it will be the channel id
'iat': now,
'exp': now + (valid_minutes * 60),
}))
# add standard header to identify this as a JWT
header = base64.b64encode(json.dumps({'typ': 'JWT', 'alg': 'RS256'}))
to_sign = '{}.{}'.format(header, payload)
# Sign the jwt using the built in app_identity service
return '{}.{}'.format(to_sign, base64.b64encode(
app_identity.sign_blob(to_sign)[1]))
Example #3
| Source File: app_engine.py From aws-kube-codesuite with Apache License 2.0 | 5 votes |
|
def service_account_email(self):
"""The service account email."""
if self._service_account_id is None:
self._service_account_id = app_identity.get_service_account_name()
return self._service_account_id
Example #4
| Source File: appengine.py From jarvis with GNU General Public License v2.0 | 5 votes |
|
def service_account_email(self):
"""Get the email for the current service account.
Returns:
string, The email associated with the Google App Engine
service account.
"""
if self._service_account_email is None:
self._service_account_email = (
app_identity.get_service_account_name())
return self._service_account_email
Example #5
| Source File: app_identity_test.py From python-compat-runtime with Apache License 2.0 | 5 votes |
|
def test_get_service_account_name():
assert app_identity.get_service_account_name()
Example #6
| Source File: app_engine.py From luci-py with Apache License 2.0 | 5 votes |
|
def service_account_email(self):
"""The service account email."""
if self._service_account_id is None:
self._service_account_id = app_identity.get_service_account_name()
return self._service_account_id
Example #7
| Source File: utils.py From luci-py with Apache License 2.0 | 5 votes |
|
def get_service_account_name(): """Same as app_identity.get_service_account_name(), but caches the result. app_identity.get_service_account_name() does an RPC on each call, yet the result is always the same. """ return app_identity.get_service_account_name()
Example #8
| Source File: app_engine.py From luci-py with Apache License 2.0 | 5 votes |
|
def service_account_email(self):
"""The service account email."""
if self._service_account_id is None:
self._service_account_id = app_identity.get_service_account_name()
return self._service_account_id
Example #9
| Source File: utils.py From luci-py with Apache License 2.0 | 5 votes |
|
def get_service_account_name(): """Same as app_identity.get_service_account_name(), but caches the result. app_identity.get_service_account_name() does an RPC on each call, yet the result is always the same. """ return app_identity.get_service_account_name()
Example #10
| Source File: app_engine.py From luci-py with Apache License 2.0 | 5 votes |
|
def service_account_email(self):
"""The service account email."""
if self._service_account_id is None:
self._service_account_id = app_identity.get_service_account_name()
return self._service_account_id
Example #11
| Source File: app_engine.py From luci-py with Apache License 2.0 | 5 votes |
|
def service_account_email(self):
"""The service account email."""
if self._service_account_id is None:
self._service_account_id = app_identity.get_service_account_name()
return self._service_account_id
Example #12
| Source File: utils.py From luci-py with Apache License 2.0 | 5 votes |
|
def get_service_account_name(): """Same as app_identity.get_service_account_name(), but caches the result. app_identity.get_service_account_name() does an RPC on each call, yet the result is always the same. """ return app_identity.get_service_account_name()
Example #13
| Source File: app_engine.py From luci-py with Apache License 2.0 | 5 votes |
|
def service_account_email(self):
"""The service account email."""
if self._service_account_id is None:
self._service_account_id = app_identity.get_service_account_name()
return self._service_account_id
Example #14
| Source File: app_engine.py From luci-py with Apache License 2.0 | 5 votes |
|
def service_account_email(self):
"""The service account email."""
if self._service_account_id is None:
self._service_account_id = app_identity.get_service_account_name()
return self._service_account_id
Example #15
| Source File: utils.py From luci-py with Apache License 2.0 | 5 votes |
|
def get_service_account_name(): """Same as app_identity.get_service_account_name(), but caches the result. app_identity.get_service_account_name() does an RPC on each call, yet the result is always the same. """ return app_identity.get_service_account_name()
Example #16
| Source File: app_engine.py From alfred-gmail with MIT License | 5 votes |
|
def service_account_email(self):
"""The service account email."""
if self._service_account_id is None:
self._service_account_id = app_identity.get_service_account_name()
return self._service_account_id
Example #17
| Source File: appengine.py From alfred-gmail with MIT License | 5 votes |
|
def service_account_email(self):
"""Get the email for the current service account.
Returns:
string, The email associated with the Google App Engine
service account.
"""
if self._service_account_email is None:
self._service_account_email = (
app_identity.get_service_account_name())
return self._service_account_email
Example #18
| Source File: firetactoe.py From python-docs-samples with Apache License 2.0 | 5 votes |
|
def create_custom_token(uid, valid_minutes=60):
"""Create a secure token for the given id.
This method is used to create secure custom JWT tokens to be passed to
clients. It takes a unique id (uid) that will be used by Firebase's
security rules to prevent unauthorized access. In this case, the uid will
be the channel id which is a combination of user_id and game_key
"""
# use the app_identity service from google.appengine.api to get the
# project's service account email automatically
client_email = app_identity.get_service_account_name()
now = int(time.time())
# encode the required claims
# per https://firebase.google.com/docs/auth/server/create-custom-tokens
payload = base64.b64encode(json.dumps({
'iss': client_email,
'sub': client_email,
'aud': _IDENTITY_ENDPOINT,
'uid': uid, # the important parameter, as it will be the channel id
'iat': now,
'exp': now + (valid_minutes * 60),
}))
# add standard header to identify this as a JWT
header = base64.b64encode(json.dumps({'typ': 'JWT', 'alg': 'RS256'}))
to_sign = '{}.{}'.format(header, payload)
# Sign the jwt using the built in app_identity service
return '{}.{}'.format(to_sign, base64.b64encode(
app_identity.sign_blob(to_sign)[1]))
Example #19
| Source File: appengine.py From aqua-monitor with GNU Lesser General Public License v3.0 | 5 votes |
|
def service_account_email(self):
"""Get the email for the current service account.
Returns:
string, The email associated with the Google App Engine
service account.
"""
if self._service_account_email is None:
self._service_account_email = (
app_identity.get_service_account_name())
return self._service_account_email
Example #20
| Source File: app_engine.py From google-auth-library-python with Apache License 2.0 | 5 votes |
|
def service_account_email(self):
"""The service account email."""
if self._service_account_id is None:
self._service_account_id = app_identity.get_service_account_name()
return self._service_account_id
Example #21
| Source File: main.py From billing-export-python with Apache License 2.0 | 5 votes |
|
def SendEmail(context, recipients):
"""Send alert/daily summary email."""
emailbody = EMAIL_TEMPLATE.render(context)
if not recipients:
logging.info('no recipients for email, using configured default: ' +
config.default_to_email)
recipients = [config.default_to_email]
mail.send_mail(sender=app_identity.get_service_account_name(),
subject='Billing Summary For ' + context['project'],
body=emailbody,
html=emailbody,
to=recipients)
logging.info('sending email to ' + ','.join(recipients) + emailbody)
Example #22
| Source File: cloud_storage.py From personfinder with Apache License 2.0 | 4 votes |
|
def sign_url(self, object_name, url_lifetime):
""" Generates Cloud Storage signed URL to download Google Cloud Storage
object without sign in.
See: https://cloud.google.com/storage/docs/access-control/signed-urls
This only works on a real App Engine app, not in a dev app server.
Args:
object_name (str): The name of the object which is signed.
url_lifetime (datetime.timedelta): Lifetime of the signed URL. The
server rejects any requests received after this time from now.
"""
if utils.is_dev_app_server():
# Not working on a dev app server because it doesn't support
# app_identity.sign_blob(). An alternative implementation would
# be needed to make it work on a dev app server.
raise Exception(
'sign_url only works on a real App Engine app, not on a dev '
'app server.')
method = 'GET'
expiration_time = utils.get_utcnow() + url_lifetime
expiration_sec = int(time.mktime(expiration_time.timetuple()))
path = '/%s/%s' % (self.bucket_name, object_name)
# These are unused in our use case.
content_md5 = ''
content_type = ''
signed_text = '\n'.join([
method,
content_md5,
content_type,
str(expiration_sec),
path,
])
(_, signature) = app_identity.sign_blob(signed_text.encode('utf-8'))
query_params = {
'GoogleAccessId': app_identity.get_service_account_name(),
'Expires': str(expiration_sec),
'Signature': base64.b64encode(signature),
}
return 'https://storage.googleapis.com%s?%s' % (path, urllib.urlencode(query_params))
