Blame SOURCES/bz1685814-fence_gce-add-serviceaccount-file-support.patch

f73ff4
diff --color -uNr a/agents/gce/fence_gce.py b/agents/gce/fence_gce.py
f73ff4
--- a/agents/gce/fence_gce.py	2021-06-11 14:28:37.751959830 +0200
f73ff4
+++ b/agents/gce/fence_gce.py	2021-06-11 14:54:03.638926494 +0200
f73ff4
@@ -15,9 +15,15 @@
f73ff4
   import urllib2 as urlrequest
f73ff4
 sys.path.append("@FENCEAGENTSLIBDIR@")
f73ff4
 
f73ff4
-import googleapiclient.discovery
f73ff4
 from fencing import fail_usage, run_delay, all_opt, atexit_handler, check_input, process_input, show_docs, fence_action
f73ff4
-
f73ff4
+try:
f73ff4
+  import googleapiclient.discovery
f73ff4
+  try:
f73ff4
+    from google.oauth2.credentials import Credentials as GoogleCredentials
f73ff4
+  except:
f73ff4
+    from oauth2client.client import GoogleCredentials
f73ff4
+except:
f73ff4
+  pass
f73ff4
 
f73ff4
 METADATA_SERVER = 'http://metadata.google.internal/computeMetadata/v1/'
f73ff4
 METADATA_HEADERS = {'Metadata-Flavor': 'Google'}
f73ff4
@@ -175,12 +181,21 @@
f73ff4
 		"required" : "0",
f73ff4
 		"order" : 4
f73ff4
 	}
f73ff4
+	all_opt["serviceaccount"] = {
f73ff4
+		"getopt" : ":",
f73ff4
+		"longopt" : "serviceaccount",
f73ff4
+		"help" : "--serviceaccount=[filename]    Service account json file location e.g. serviceaccount=/somedir/service_account.json",
f73ff4
+		"shortdesc" : "Service Account to use for authentication to the google cloud APIs.",
f73ff4
+		"required" : "0",
f73ff4
+		"order" : 9
f73ff4
+	}
f73ff4
 
f73ff4
 
f73ff4
 def main():
f73ff4
 	conn = None
f73ff4
 
f73ff4
-	device_opt = ["port", "no_password", "zone", "project", "stackdriver-logging", "method"]
f73ff4
+	device_opt = ["port", "no_password", "zone", "project", "stackdriver-logging",
f73ff4
+		"method", "serviceaccount"]
f73ff4
 
f73ff4
 	atexit.register(atexit_handler)
f73ff4
 
f73ff4
@@ -226,10 +241,24 @@
f73ff4
 
f73ff4
 	# Prepare cli
f73ff4
 	try:
f73ff4
-		credentials = None
f73ff4
-		if tuple(googleapiclient.__version__) < tuple("1.6.0"):
f73ff4
-			import oauth2client.client
f73ff4
-			credentials = oauth2client.client.GoogleCredentials.get_application_default()
f73ff4
+		serviceaccount = options.get("--serviceaccount")
f73ff4
+		if serviceaccount:
f73ff4
+			scope = ['https://www.googleapis.com/auth/cloud-platform']
f73ff4
+			logging.debug("using credentials from service account")
f73ff4
+			try:
f73ff4
+				from google.oauth2.service_account import Credentials as ServiceAccountCredentials
f73ff4
+				credentials = ServiceAccountCredentials.from_service_account_file(filename=serviceaccount, scopes=scope)
f73ff4
+			except ImportError:
f73ff4
+				from oauth2client.service_account import ServiceAccountCredentials
f73ff4
+				credentials = ServiceAccountCredentials.from_json_keyfile_name(serviceaccount, scope)
f73ff4
+		else:
f73ff4
+			try:
f73ff4
+				from googleapiclient import _auth
f73ff4
+				credentials = _auth.default_credentials();
f73ff4
+			except:
f73ff4
+				credentials = GoogleCredentials.get_application_default()
f73ff4
+			logging.debug("using application default credentials")
f73ff4
+
f73ff4
 		conn = googleapiclient.discovery.build('compute', 'v1', credentials=credentials)
f73ff4
 	except Exception as err:
f73ff4
 		fail_usage("Failed: Create GCE compute v1 connection: {}".format(str(err)))