diff --git a/start_esp/client_secret.json b/start_esp/client_secret.json new file mode 100644 index 000000000..258ad8ab8 --- /dev/null +++ b/start_esp/client_secret.json @@ -0,0 +1,12 @@ +{ + "type": "service_account", + "project_id": "esp-dummy", + "private_key_id": "9c1cfdd6e638b41e07a0e37ac65a08090908c398", + "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCwsntxMKAjVtQ9\n/FzRCeOSP/EftRYazpSTyWHj34MHQwb7+MJKKqeGnkte7bWGpJAhAtqeI0gdY/aK\nn94y33SbMdzufkD+uv6wa6U9U13i9ZXcF9SXmxzuMpi+fTmaQP28mAdNEEMHJnsb\nkIf3heQPZfGNtqq6vrw9BWnfJfFugVpzPizL0Gz+ojgFvMZxEQ+S2fqSkE2Z+Agw\nVThmYtn7yY+7EmqHDhvE2DYUyuuGrXDe+IMn5H5dcOdrshN/3V6XOdbPzTRorBzs\nsJOxE6TwYl4cbQR+dU6bqtiYeL+2C4pH4Qf+gsKXzwDq5QD6t+YoAeXi9MN8xSZ7\nydjsWlN9AgMBAAECggEAFn9PFMEQbpdwVAkU5z+nVDhkcrlLfHPHeo6WMl2DsRHB\naqUIVcmbBVqTtZ018tPyjuVuYNqUpLtUyV8j+x202sqtOsdj7prv8RXvlsCN0Gcc\n4sY8+OWUuCZEiOJoSmHSfKftrAvxQNCPNZoAGc2YFTbRW84BbF/7FxjgmzsZQ4yp\nv3k0x0QYO3dT1qJ/E+l1JGhbn+qmA+kgzrL1bIxrwsu9Hondnmv7TWb/2oJskk+G\nFOcj9pzi1sgZ10hnCiRkDigPLNvXhXsiXs/3tMpQ1Jx+fZBYKRdw6Cye9VwIZ/tu\ndUr6A83tUDKxwl9NBxB1/U3sfGagmWxdUFCuNgjMiQKBgQDrawWP9k9AIpyR6kld\nTb9K2OFynzOCk9GY5J6b3f2bnbY+yAjJd16barsPjzcABDBiGMdimqjc3NAtXqsV\nOuqFlNaFC2osJeoAINI3BO1rYTxtH5DFtK7YDnJllL5iN/G8k5S6EIUXIGWoEQay\nJqFFNJNftvAfj32m9a7Wc8mcqQKBgQDAJTURrc0XrFYNIZWNAWbb8pFBEG5OP1cv\nmiNaLghpkM/sRdHjA5g5Tw1dk5EkFXEecEA9tnarABi8GDu6x7FZEL4bKtGLbCID\ns7CxzQ924fdQBjr8POvO4gizIs6RP7vVRntP0MUpYVZPwpaW2nxI3GyunQIlyQg+\nk6yAC2QQtQKBgQChoNmxzFb+3oSGfcce4xkZxyuJ6ZmQ5fH6OcRXmSLca3xLQEUg\nJO90XuPNO/Nz9GxPfVmu7iZPdN8MtzlYmxmW2ugpcfvUEbfFnMMW+TAUEC9PcGOS\nCYodVlXePjAz+NrkMKLk2CC4DwscR4xEVddVT1J7XXshAAAx1+3Q2LAr+QKBgQCA\nsCrD5WiII2caslSMNNUkGGjKb+vAwlFtU0m8GzqNIWzwbK6u4XhxYY2tD6lUxnuV\njE6qRmtiCdWHHJ/cb+RKp5j7bwka3NhHLHD6FEH4OE1ALnwQ9ehlDiQPfg9lXo85\nv1PVWBjEpyl8j/H1pO06i07K/+MxVVwNNTCCLZ7eRQKBgQCRINUTqCenWcq1hA46\n8IbGNSLVsIy363ZxyrhWq+lW3yzwIKHvST75flPH0KhsZIGr71dMD3qgct7e3OpZ\n/KgZcWFuo7fZxyfRSvqGvOv6+yG+G1wjAfOLmQP13eUPkYAbLX6AI6adNgVchCd2\njOsOKBZwsT8yvhg/+NQptRdKXA==\n-----END PRIVATE KEY-----\n", + "client_email": "esp-dummy@esp-dummy.iam.gserviceaccount.com", + "client_id": "113295335540042081321", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/esp-dummy%40esp-dummy.iam.gserviceaccount.com" +} \ No newline at end of file diff --git a/start_esp/fetch_service_config.py b/start_esp/fetch_service_config.py index 0ae6a2fe0..49337699d 100755 --- a/start_esp/fetch_service_config.py +++ b/start_esp/fetch_service_config.py @@ -29,7 +29,8 @@ import json import logging import urllib3 -from google.oauth2.service_account import Credentials +import google.oauth2.service_account +from google.auth.transport.requests import Request # Service management service SERVICE_MGMT_ROLLOUTS_URL_TEMPLATE = ( @@ -144,12 +145,17 @@ def fetch_metadata_attributes(metadata): def make_access_token(secret_token_json): """Construct an access token from service account token.""" logging.info("Constructing an access token with scope " + _GOOGLE_API_SCOPE) - credentials = Credentials.from_service_account_info( + cred = google.oauth2.service_account.Credentials.from_service_account_file( secret_token_json, scopes=[_GOOGLE_API_SCOPE]) - logging.info("Service account email: " + credentials.service_account_email) - token = credentials.get_access_token().access_token - return token + logging.info("Service account email: " + cred.service_account_email) + body = { + 'assertion': cred._make_authorization_grant_assertion(), + 'grant_type': google.oauth2._client._JWT_GRANT_TYPE, + } + token_response = google.oauth2._client._token_endpoint_request( + google.auth.transport.requests.Request(), cred._token_uri, body) + return token_response["access_token"] if "access_token" in token_response else "" def fetch_access_token(metadata): """Fetch access token from metadata URL.""" diff --git a/start_esp/fetch_service_config_test.py b/start_esp/fetch_service_config_test.py new file mode 100644 index 000000000..2ca62ebf4 --- /dev/null +++ b/start_esp/fetch_service_config_test.py @@ -0,0 +1,39 @@ +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +############################################################################### +# +import unittest +import sys + +from fetch_service_config import make_access_token + +class TestFecthServiceConfig(unittest.TestCase): + + def test_make_access_token(self): + token = make_access_token("client_secret.json") + print(token) + assert token + + +if __name__ == '__main__': + unittest.main() \ No newline at end of file