File manager

File manager - Edit - /home/u478019808/domains/bestandroidphones.store/public_html/static/img/logo/samples.tar

Back
cloud-client/snippets/idtoken_from_impersonated_credentials.py��0000644��00000006266�15025173673�0021177 0��ustar�00��# Copyright 2022 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # [auth_cloud_idtoken_impersonated_credentials] import google from google.auth import impersonated_credentials import google.auth.transport.requests def idtoken_from_impersonated_credentials( impersonated_service_account: str, scope: str, target_audience: str): """ Use a service account (SA1) to impersonate as another service account (SA2) and obtain id token for the impersonated account. To obtain token for SA2, SA1 should have the "roles/iam.serviceAccountTokenCreator" permission on SA2. Args: impersonated_service_account: The name of the privilege-bearing service account for whom the credential is created. Examples: name@project.service.gserviceaccount.com scope: Provide the scopes that you might need to request to access Google APIs, depending on the level of access you need. For this example, we use the cloud-wide scope and use IAM to narrow the permissions. https://cloud.google.com/docs/authentication#authorization_for_services For more information, see: https://developers.google.com/identity/protocols/oauth2/scopes target_audience: The service name for which the id token is requested. Service name refers to the logical identifier of an API service, such as "iap.googleapis.com". Examples: iap.googleapis.com """ # Construct the GoogleCredentials object which obtains the default configuration from your # working environment. credentials, project_id = google.auth.default() # Create the impersonated credential. target_credentials = impersonated_credentials.Credentials( source_credentials=credentials, target_principal=impersonated_service_account, # delegates: The chained list of delegates required to grant the final accessToken. # For more information, see: # https://cloud.google.com/iam/docs/create-short-lived-credentials-direct#sa-credentials-permissions # Delegate is NOT USED here. delegates=[], target_scopes=[scope], lifetime=300) # Set the impersonated credential, target audience and token options. id_creds = impersonated_credentials.IDTokenCredentials( target_credentials, target_audience=target_audience, include_email=True) # Get the ID token. # Once you've obtained the ID token, use it to make an authenticated call # to the target audience. request = google.auth.transport.requests.Request() id_creds.refresh(request) # token = id_creds.token print("Generated ID token.") # [auth_cloud_idtoken_impersonated_credentials] ��cloud-client/snippets/requirements.txt��0000644��00000000131�15025173673�0014263 0��ustar�00��google-cloud-compute==1.5.1 google-cloud-storage==2.5.0 google-auth==2.11.0 pytest==7.1.2��cloud-client/snippets/noxfile.py��0000644��00000004417�15025173673�0013030 0��ustar�00��# Copyright 2019 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. import pathlib import nox CURRENT_DIRECTORY = pathlib.Path(__file__).parent.absolute() # https://github.com/psf/black/issues/2964, pin click version to 8.0.4 to # avoid incompatiblity with black. CLICK_VERSION = "click==8.0.4" BLACK_VERSION = "black==19.3b0" BLACK_PATHS = [ "google", "tests", "tests_async", "noxfile.py", "setup.py", "docs/conf.py", ] # Error if a python version is missing nox.options.error_on_missing_interpreters = True # # Style Checks # # Linting with flake8. # # We ignore the following rules: # E203: whitespace before ‘:’ # E266: too many leading ‘#’ for block comment # E501: line too long # I202: Additional newline in a section of imports # # We also need to specify the rules which are ignored by default: # ['E226', 'W504', 'E126', 'E123', 'W503', 'E24', 'E704', 'E121'] FLAKE8_COMMON_ARGS = [ "--show-source", "--builtin=gettext", "--max-complexity=20", "--exclude=.nox,.cache,env,lib,generated_pb2,_pb2.py,_pb2_grpc.py", "--ignore=E121,E123,E126,E203,E226,E24,E266,E501,E704,W503,W504,I202", "--max-line-length=88", ] @nox.session(python=["3.7", "3.8", "3.9", "3.10", "3.11", "3.12"]) def unit(session): # constraints_path = str( # CURRENT_DIRECTORY / "testing" / f"constraints-{session.python}.txt" # ) session.install("-r", "requirements.txt") # session.install("-e", ".") session.run( "pytest", f"--junitxml=unit_{session.python}_sponge_log.xml", "snippets_test.py", # "tests_async", ) @nox.session def lint(session: nox.sessions.Session) -> None: session.install("flake8") args = FLAKE8_COMMON_ARGS + [ ".", ] session.run("flake8", args) ��cloud-client/snippets/noxfile_config.py��0000644��00000003075�15025173673�0014354 0��ustar�00��# Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Default TEST_CONFIG_OVERRIDE for python repos. # You can copy this file into your directory, then it will be inported from # the noxfile.py. # The source of truth: # https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/noxfile_config.py TEST_CONFIG_OVERRIDE = { # You can opt out from the test for specific Python versions. "ignored_versions": ["2.7"], # Old samples are opted out of enforcing Python type hints # All new samples should feature them "enforce_type_hints": True, # An envvar key for determining the project id to use. Change it # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a # build specific Cloud project. You can also use your own string # to use your own Cloud project. # "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", # A dictionary you want to inject into your test. Don't put any # secrets here. These values will override predefined values. "envs": {}, } ��cloud-client/snippets/idtoken_from_service_account.py��0000644��00000003674�15025173673�0017304 0��ustar�00��# Copyright 2022 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # [START auth_cloud_idtoken_service_account] import google.auth import google.auth.transport.requests from google.oauth2 import service_account def get_idToken_from_serviceaccount(json_credential_path: str, target_audience: str): """ TODO(Developer): Replace the below variables before running the code. NOTE: Using service account keys introduces risk; they are long-lived, and can be used by anyone that obtains the key. Proper rotation and storage reduce this risk but do not eliminate it. For these reasons, you should consider an alternative approach that does not use a service account key. Several alternatives to service account keys are described here: https://cloud.google.com/docs/authentication/external/set-up-adc Args: json_credential_path: Path to the service account json credential file. target_audience: The url or target audience to obtain the ID token for. Examples: http://www.abc.com """ # Obtain the id token by providing the json file path and target audience. credentials = service_account.IDTokenCredentials.from_service_account_file( filename=json_credential_path, target_audience=target_audience) request = google.auth.transport.requests.Request() credentials.refresh(request) print("Generated ID token.") # [END auth_cloud_idtoken_service_account] ��cloud-client/snippets/snippets_test.py��0000644��00000005214�15025173673�0014264 0��ustar�00��# Copyright 2022 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. import re from _pytest.capture import CaptureFixture import authenticate_explicit_with_adc import authenticate_implicit_with_adc import idtoken_from_metadata_server import idtoken_from_service_account # from system_tests.noxfile import SERVICE_ACCOUNT_FILE import verify_google_idtoken import google from google.oauth2 import service_account import google.auth.transport.requests import os CREDENTIALS, PROJECT = google.auth.default() SERVICE_ACCOUNT_FILE = os.getenv("GOOGLE_APPLICATION_CREDENTIALS") def test_authenticate_explicit_with_adc(capsys: CaptureFixture): authenticate_explicit_with_adc.authenticate_explicit_with_adc() out, err = capsys.readouterr() assert re.search("Listed all storage buckets.", out) def test_authenticate_implicit_with_adc(capsys: CaptureFixture): authenticate_implicit_with_adc.authenticate_implicit_with_adc(PROJECT) out, err = capsys.readouterr() assert re.search("Listed all storage buckets.", out) def test_idtoken_from_metadata_server(capsys: CaptureFixture): idtoken_from_metadata_server.idtoken_from_metadata_server("https://www.google.com") out, err = capsys.readouterr() assert re.search("Generated ID token.", out) def test_idtoken_from_service_account(capsys: CaptureFixture): idtoken_from_service_account.get_idToken_from_serviceaccount( SERVICE_ACCOUNT_FILE, "iap.googleapis.com") out, err = capsys.readouterr() assert re.search("Generated ID token.", out) def test_verify_google_idtoken(): idtoken = get_idtoken_from_service_account(SERVICE_ACCOUNT_FILE, "iap.googleapis.com") verify_google_idtoken.verify_google_idtoken( idtoken, "iap.googleapis.com", "https://www.googleapis.com/oauth2/v3/certs" ) def get_idtoken_from_service_account(json_credential_path: str, target_audience: str): credentials = service_account.IDTokenCredentials.from_service_account_file( filename=json_credential_path, target_audience=target_audience) request = google.auth.transport.requests.Request() credentials.refresh(request) return credentials.token ��cloud-client/snippets/verify_google_idtoken.py��0000644��00000005463�15025173673�0015743 0��ustar�00��# Copyright 2022 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # [START auth_cloud_verify_google_idtoken] import google import google.auth.transport.requests from google.oauth2 import id_token def verify_google_idtoken(idtoken: str, audience="iap.googleapis.com", jwk_url="https://www.googleapis.com/oauth2/v3/certs"): """ Verifies the obtained Google id token. This is done at the receiving end of the OIDC endpoint. The most common use case for verifying the ID token is when you are protecting your own APIs with IAP. Google services already verify credentials as a platform, so verifying ID tokens before making Google API calls is usually unnecessary. Args: idtoken: The Google ID token to verify. audience: The service name for which the id token is requested. Service name refers to the logical identifier of an API service, such as "iap.googleapis.com". jwk_url: To verify id tokens, get the Json Web Key endpoint (jwk). OpenID Connect allows the use of a "Discovery document," a JSON document found at a well-known location containing key-value pairs which provide details about the OpenID Connect provider's configuration. For more information on validating the jwt, see: https://developers.google.com/identity/protocols/oauth2/openid-connect#validatinganidtoken Here, we validate Google's token using Google's OpenID Connect service (jwkUrl). For more information on jwk,see: https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-sets """ request = google.auth.transport.requests.Request() # Set the parameters and verify the token. # Setting "certs_url" is optional. When verifying a Google ID token, this is set by default. result = id_token.verify_token(idtoken, request, audience, clock_skew_in_seconds=10) # Verify that the token contains subject and email claims. # Get the User id. if not result["sub"] is None: print(f"User id: {result['sub']}") # Optionally, if "INCLUDE_EMAIL" was set in the token options, check if the # email was verified. if result['email_verified'] == "True": print(f"Email verified {result['email']}") # [END auth_cloud_verify_google_idtoken] ��cloud-client/snippets/idtoken_from_metadata_server.py��0000644��00000003526�15025173673�0017272 0��ustar�00��# Copyright 2022 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # [START auth_cloud_idtoken_metadata_server] import google import google.oauth2.credentials from google.auth import compute_engine import google.auth.transport.requests def idtoken_from_metadata_server(url: str): """ Use the Google Cloud metadata server in the Cloud Run (or AppEngine or Kubernetes etc.,) environment to create an identity token and add it to the HTTP request as part of an Authorization header. Args: url: The url or target audience to obtain the ID token for. Examples: http://www.example.com """ request = google.auth.transport.requests.Request() # Set the target audience. # Setting "use_metadata_identity_endpoint" to "True" will make the request use the default application # credentials. Optionally, you can also specify a specific service account to use by mentioning # the service_account_email. credentials = compute_engine.IDTokenCredentials( request=request, target_audience=url, use_metadata_identity_endpoint=True ) # Get the ID token. # Once you've obtained the ID token, use it to make an authenticated call # to the target audience. credentials.refresh(request) # print(credentials.token) print("Generated ID token.") # [END auth_cloud_idtoken_metadata_server] ��cloud-client/snippets/authenticate_explicit_with_adc.py��0000644��00000004232�15025173673�0017600 0��ustar�00��# Copyright 2022 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # [START auth_cloud_explicit_adc] from google.cloud import storage import google.oauth2.credentials import google.auth def authenticate_explicit_with_adc(): """ List storage buckets by authenticating with ADC. // TODO(Developer): // 1. Before running this sample, // set up ADC as described in https://cloud.google.com/docs/authentication/external/set-up-adc // 2. Replace the project variable. // 3. Make sure you have the necessary permission to list storage buckets: "storage.buckets.list" """ # Construct the Google credentials object which obtains the default configuration from your # working environment. # google.auth.default() will give you ComputeEngineCredentials # if you are on a GCE (or other metadata server supported environments). credentials, project_id = google.auth.default() # If you are authenticating to a Cloud API, you can let the library include the default scope, # https://www.googleapis.com/auth/cloud-platform, because IAM is used to provide fine-grained # permissions for Cloud. # If you need to provide a scope, specify it as follows: # credentials = google.auth.default(scopes=scope) # For more information on scopes to use, # see: https://developers.google.com/identity/protocols/oauth2/scopes # Construct the Storage client. storage_client = storage.Client(credentials=credentials, project=project_id) buckets = storage_client.list_buckets() print("Buckets:") for bucket in buckets: print(bucket.name) print("Listed all storage buckets.") # [END auth_cloud_explicit_adc] ��cloud-client/snippets/authenticate_implicit_with_adc.py��0000644��00000003473�15025173673�0017577 0��ustar�00��# Copyright 2022 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # [START auth_cloud_implicit_adc] from google.cloud import storage def authenticate_implicit_with_adc(project_id="your-google-cloud-project-id"): """ When interacting with Google Cloud Client libraries, the library can auto-detect the credentials to use. // TODO(Developer): // 1. Before running this sample, // set up ADC as described in https://cloud.google.com/docs/authentication/external/set-up-adc // 2. Replace the project variable. // 3. Make sure that the user account or service account that you are using // has the required permissions. For this sample, you must have "storage.buckets.list". Args: project_id: The project id of your Google Cloud project. """ # This snippet demonstrates how to list buckets. # NOTE*: Replace the client created below with the client required for your application. # Note that the credentials are not specified when constructing the client. # Hence, the client library will look for credentials using ADC. storage_client = storage.Client(project=project_id) buckets = storage_client.list_buckets() print("Buckets:") for bucket in buckets: print(bucket.name) print("Listed all storage buckets.") # [END auth_cloud_implicit_adc] ��

| ver. 1.4 | Github | . | PHP 8.2.28 | Generation time: 0.02 | proxy | phpinfo | Settings