Blame SOURCES/bz1685814-fence_gce-add-serviceaccount-file-support.patch

df1f87
diff --color -uNr a/agents/gce/fence_gce.py b/agents/gce/fence_gce.py
df1f87
--- a/agents/gce/fence_gce.py	2021-06-11 14:28:37.751959830 +0200
df1f87
+++ b/agents/gce/fence_gce.py	2021-06-11 14:54:03.638926494 +0200
df1f87
@@ -15,9 +15,15 @@
df1f87
   import urllib2 as urlrequest
df1f87
 sys.path.append("@FENCEAGENTSLIBDIR@")
df1f87
 
df1f87
-import googleapiclient.discovery
df1f87
 from fencing import fail_usage, run_delay, all_opt, atexit_handler, check_input, process_input, show_docs, fence_action
df1f87
-
df1f87
+try:
df1f87
+  import googleapiclient.discovery
df1f87
+  try:
df1f87
+    from google.oauth2.credentials import Credentials as GoogleCredentials
df1f87
+  except:
df1f87
+    from oauth2client.client import GoogleCredentials
df1f87
+except:
df1f87
+  pass
df1f87
 
df1f87
 METADATA_SERVER = 'http://metadata.google.internal/computeMetadata/v1/'
df1f87
 METADATA_HEADERS = {'Metadata-Flavor': 'Google'}
df1f87
@@ -175,12 +181,21 @@
df1f87
 		"required" : "0",
df1f87
 		"order" : 4
df1f87
 	}
df1f87
+	all_opt["serviceaccount"] = {
df1f87
+		"getopt" : ":",
df1f87
+		"longopt" : "serviceaccount",
df1f87
+		"help" : "--serviceaccount=[filename]    Service account json file location e.g. serviceaccount=/somedir/service_account.json",
df1f87
+		"shortdesc" : "Service Account to use for authentication to the google cloud APIs.",
df1f87
+		"required" : "0",
df1f87
+		"order" : 9
df1f87
+	}
df1f87
 
df1f87
 
df1f87
 def main():
df1f87
 	conn = None
df1f87
 
df1f87
-	device_opt = ["port", "no_password", "zone", "project", "stackdriver-logging", "method"]
df1f87
+	device_opt = ["port", "no_password", "zone", "project", "stackdriver-logging",
df1f87
+		"method", "serviceaccount"]
df1f87
 
df1f87
 	atexit.register(atexit_handler)
df1f87
 
df1f87
@@ -226,10 +241,24 @@
df1f87
 
df1f87
 	# Prepare cli
df1f87
 	try:
df1f87
-		credentials = None
df1f87
-		if tuple(googleapiclient.__version__) < tuple("1.6.0"):
df1f87
-			import oauth2client.client
df1f87
-			credentials = oauth2client.client.GoogleCredentials.get_application_default()
df1f87
+		serviceaccount = options.get("--serviceaccount")
df1f87
+		if serviceaccount:
df1f87
+			scope = ['https://www.googleapis.com/auth/cloud-platform']
df1f87
+			logging.debug("using credentials from service account")
df1f87
+			try:
df1f87
+				from google.oauth2.service_account import Credentials as ServiceAccountCredentials
df1f87
+				credentials = ServiceAccountCredentials.from_service_account_file(filename=serviceaccount, scopes=scope)
df1f87
+			except ImportError:
df1f87
+				from oauth2client.service_account import ServiceAccountCredentials
df1f87
+				credentials = ServiceAccountCredentials.from_json_keyfile_name(serviceaccount, scope)
df1f87
+		else:
df1f87
+			try:
df1f87
+				from googleapiclient import _auth
df1f87
+				credentials = _auth.default_credentials();
df1f87
+			except:
df1f87
+				credentials = GoogleCredentials.get_application_default()
df1f87
+			logging.debug("using application default credentials")
df1f87
+
df1f87
 		conn = googleapiclient.discovery.build('compute', 'v1', credentials=credentials)
df1f87
 	except Exception as err:
df1f87
 		fail_usage("Failed: Create GCE compute v1 connection: {}".format(str(err)))