cloudendpoints · TAOXUY · Oct 9, 2019
diff --git a/start_esp/client_secret.json b/start_esp/client_secret.json
@@ -0,0 +1,12 @@
+{
+  "type": "service_account",
+  "project_id": "esp-dummy",
+  "private_key_id": "9c1cfdd6e638b41e07a0e37ac65a08090908c398",
+  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCwsntxMKAjVtQ9\n/FzRCeOSP/EftRYazpSTyWHj34MHQwb7+MJKKqeGnkte7bWGpJAhAtqeI0gdY/aK\nn94y33SbMdzufkD+uv6wa6U9U13i9ZXcF9SXmxzuMpi+fTmaQP28mAdNEEMHJnsb\nkIf3heQPZfGNtqq6vrw9BWnfJfFugVpzPizL0Gz+ojgFvMZxEQ+S2fqSkE2Z+Agw\nVThmYtn7yY+7EmqHDhvE2DYUyuuGrXDe+IMn5H5dcOdrshN/3V6XOdbPzTRorBzs\nsJOxE6TwYl4cbQR+dU6bqtiYeL+2C4pH4Qf+gsKXzwDq5QD6t+YoAeXi9MN8xSZ7\nydjsWlN9AgMBAAECggEAFn9PFMEQbpdwVAkU5z+nVDhkcrlLfHPHeo6WMl2DsRHB\naqUIVcmbBVqTtZ018tPyjuVuYNqUpLtUyV8j+x202sqtOsdj7prv8RXvlsCN0Gcc\n4sY8+OWUuCZEiOJoSmHSfKftrAvxQNCPNZoAGc2YFTbRW84BbF/7FxjgmzsZQ4yp\nv3k0x0QYO3dT1qJ/E+l1JGhbn+qmA+kgzrL1bIxrwsu9Hondnmv7TWb/2oJskk+G\nFOcj9pzi1sgZ10hnCiRkDigPLNvXhXsiXs/3tMpQ1Jx+fZBYKRdw6Cye9VwIZ/tu\ndUr6A83tUDKxwl9NBxB1/U3sfGagmWxdUFCuNgjMiQKBgQDrawWP9k9AIpyR6kld\nTb9K2OFynzOCk9GY5J6b3f2bnbY+yAjJd16barsPjzcABDBiGMdimqjc3NAtXqsV\nOuqFlNaFC2osJeoAINI3BO1rYTxtH5DFtK7YDnJllL5iN/G8k5S6EIUXIGWoEQay\nJqFFNJNftvAfj32m9a7Wc8mcqQKBgQDAJTURrc0XrFYNIZWNAWbb8pFBEG5OP1cv\nmiNaLghpkM/sRdHjA5g5Tw1dk5EkFXEecEA9tnarABi8GDu6x7FZEL4bKtGLbCID\ns7CxzQ924fdQBjr8POvO4gizIs6RP7vVRntP0MUpYVZPwpaW2nxI3GyunQIlyQg+\nk6yAC2QQtQKBgQChoNmxzFb+3oSGfcce4xkZxyuJ6ZmQ5fH6OcRXmSLca3xLQEUg\nJO90XuPNO/Nz9GxPfVmu7iZPdN8MtzlYmxmW2ugpcfvUEbfFnMMW+TAUEC9PcGOS\nCYodVlXePjAz+NrkMKLk2CC4DwscR4xEVddVT1J7XXshAAAx1+3Q2LAr+QKBgQCA\nsCrD5WiII2caslSMNNUkGGjKb+vAwlFtU0m8GzqNIWzwbK6u4XhxYY2tD6lUxnuV\njE6qRmtiCdWHHJ/cb+RKp5j7bwka3NhHLHD6FEH4OE1ALnwQ9ehlDiQPfg9lXo85\nv1PVWBjEpyl8j/H1pO06i07K/+MxVVwNNTCCLZ7eRQKBgQCRINUTqCenWcq1hA46\n8IbGNSLVsIy363ZxyrhWq+lW3yzwIKHvST75flPH0KhsZIGr71dMD3qgct7e3OpZ\n/KgZcWFuo7fZxyfRSvqGvOv6+yG+G1wjAfOLmQP13eUPkYAbLX6AI6adNgVchCd2\njOsOKBZwsT8yvhg/+NQptRdKXA==\n-----END PRIVATE KEY-----\n",
+  "client_email": "esp-dummy@esp-dummy.iam.gserviceaccount.com",
+  "client_id": "113295335540042081321",
+  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+  "token_uri": "https://oauth2.googleapis.com/token",
+  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/esp-dummy%40esp-dummy.iam.gserviceaccount.com"
+}
diff --git a/start_esp/fetch_service_config.py b/start_esp/fetch_service_config.py
@@ -29,7 +29,8 @@
 import json
 import logging
 import urllib3
-from google.oauth2.service_account import Credentials
+import google.oauth2.service_account
+from google.auth.transport.requests import Request
 
 # Service management service
 SERVICE_MGMT_ROLLOUTS_URL_TEMPLATE = (
@@ -144,12 +145,17 @@ def fetch_metadata_attributes(metadata):
 def make_access_token(secret_token_json):
     """Construct an access token from service account token."""
     logging.info("Constructing an access token with scope " + _GOOGLE_API_SCOPE)
-    credentials = Credentials.from_service_account_info(
+    cred = google.oauth2.service_account.Credentials.from_service_account_file(
         secret_token_json,
         scopes=[_GOOGLE_API_SCOPE])
-    logging.info("Service account email: " + credentials.service_account_email)
-    token = credentials.get_access_token().access_token
-    return token
+    logging.info("Service account email: " + cred.service_account_email)
+    body = {
+        'assertion': cred._make_authorization_grant_assertion(),
+        'grant_type': google.oauth2._client._JWT_GRANT_TYPE,
+    }
+    token_response = google.oauth2._client._token_endpoint_request(
+        google.auth.transport.requests.Request(), cred._token_uri, body)
+    return  token_response["access_token"] if "access_token" in token_response else ""
 
 def fetch_access_token(metadata):
     """Fetch access token from metadata URL."""

diff --git a/start_esp/fetch_service_config_test.py b/start_esp/fetch_service_config_test.py
@@ -0,0 +1,39 @@
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+###############################################################################
+#
+import unittest
+import sys
+
+from fetch_service_config import make_access_token
+
+class TestFecthServiceConfig(unittest.TestCase):
+
+  def test_make_access_token(self):
+    token = make_access_token("client_secret.json")
+    print(token)
+    assert token
+
+
+if __name__ == '__main__':
+    unittest.main()