|
|
f73ff4 |
diff --color -uNr a/agents/gce/fence_gce.py b/agents/gce/fence_gce.py
|
|
|
f73ff4 |
--- a/agents/gce/fence_gce.py 2021-06-11 14:28:37.751959830 +0200
|
|
|
f73ff4 |
+++ b/agents/gce/fence_gce.py 2021-06-11 14:54:03.638926494 +0200
|
|
|
f73ff4 |
@@ -15,9 +15,15 @@
|
|
|
f73ff4 |
import urllib2 as urlrequest
|
|
|
f73ff4 |
sys.path.append("@FENCEAGENTSLIBDIR@")
|
|
|
f73ff4 |
|
|
|
f73ff4 |
-import googleapiclient.discovery
|
|
|
f73ff4 |
from fencing import fail_usage, run_delay, all_opt, atexit_handler, check_input, process_input, show_docs, fence_action
|
|
|
f73ff4 |
-
|
|
|
f73ff4 |
+try:
|
|
|
f73ff4 |
+ import googleapiclient.discovery
|
|
|
f73ff4 |
+ try:
|
|
|
f73ff4 |
+ from google.oauth2.credentials import Credentials as GoogleCredentials
|
|
|
f73ff4 |
+ except:
|
|
|
f73ff4 |
+ from oauth2client.client import GoogleCredentials
|
|
|
f73ff4 |
+except:
|
|
|
f73ff4 |
+ pass
|
|
|
f73ff4 |
|
|
|
f73ff4 |
METADATA_SERVER = 'http://metadata.google.internal/computeMetadata/v1/'
|
|
|
f73ff4 |
METADATA_HEADERS = {'Metadata-Flavor': 'Google'}
|
|
|
f73ff4 |
@@ -175,12 +181,21 @@
|
|
|
f73ff4 |
"required" : "0",
|
|
|
f73ff4 |
"order" : 4
|
|
|
f73ff4 |
}
|
|
|
f73ff4 |
+ all_opt["serviceaccount"] = {
|
|
|
f73ff4 |
+ "getopt" : ":",
|
|
|
f73ff4 |
+ "longopt" : "serviceaccount",
|
|
|
f73ff4 |
+ "help" : "--serviceaccount=[filename] Service account json file location e.g. serviceaccount=/somedir/service_account.json",
|
|
|
f73ff4 |
+ "shortdesc" : "Service Account to use for authentication to the google cloud APIs.",
|
|
|
f73ff4 |
+ "required" : "0",
|
|
|
f73ff4 |
+ "order" : 9
|
|
|
f73ff4 |
+ }
|
|
|
f73ff4 |
|
|
|
f73ff4 |
|
|
|
f73ff4 |
def main():
|
|
|
f73ff4 |
conn = None
|
|
|
f73ff4 |
|
|
|
f73ff4 |
- device_opt = ["port", "no_password", "zone", "project", "stackdriver-logging", "method"]
|
|
|
f73ff4 |
+ device_opt = ["port", "no_password", "zone", "project", "stackdriver-logging",
|
|
|
f73ff4 |
+ "method", "serviceaccount"]
|
|
|
f73ff4 |
|
|
|
f73ff4 |
atexit.register(atexit_handler)
|
|
|
f73ff4 |
|
|
|
f73ff4 |
@@ -226,10 +241,24 @@
|
|
|
f73ff4 |
|
|
|
f73ff4 |
# Prepare cli
|
|
|
f73ff4 |
try:
|
|
|
f73ff4 |
- credentials = None
|
|
|
f73ff4 |
- if tuple(googleapiclient.__version__) < tuple("1.6.0"):
|
|
|
f73ff4 |
- import oauth2client.client
|
|
|
f73ff4 |
- credentials = oauth2client.client.GoogleCredentials.get_application_default()
|
|
|
f73ff4 |
+ serviceaccount = options.get("--serviceaccount")
|
|
|
f73ff4 |
+ if serviceaccount:
|
|
|
f73ff4 |
+ scope = ['https://www.googleapis.com/auth/cloud-platform']
|
|
|
f73ff4 |
+ logging.debug("using credentials from service account")
|
|
|
f73ff4 |
+ try:
|
|
|
f73ff4 |
+ from google.oauth2.service_account import Credentials as ServiceAccountCredentials
|
|
|
f73ff4 |
+ credentials = ServiceAccountCredentials.from_service_account_file(filename=serviceaccount, scopes=scope)
|
|
|
f73ff4 |
+ except ImportError:
|
|
|
f73ff4 |
+ from oauth2client.service_account import ServiceAccountCredentials
|
|
|
f73ff4 |
+ credentials = ServiceAccountCredentials.from_json_keyfile_name(serviceaccount, scope)
|
|
|
f73ff4 |
+ else:
|
|
|
f73ff4 |
+ try:
|
|
|
f73ff4 |
+ from googleapiclient import _auth
|
|
|
f73ff4 |
+ credentials = _auth.default_credentials();
|
|
|
f73ff4 |
+ except:
|
|
|
f73ff4 |
+ credentials = GoogleCredentials.get_application_default()
|
|
|
f73ff4 |
+ logging.debug("using application default credentials")
|
|
|
f73ff4 |
+
|
|
|
f73ff4 |
conn = googleapiclient.discovery.build('compute', 'v1', credentials=credentials)
|
|
|
f73ff4 |
except Exception as err:
|
|
|
f73ff4 |
fail_usage("Failed: Create GCE compute v1 connection: {}".format(str(err)))
|