From 133b62278a12ed4c93dce46db710eb5598a919eb Mon Sep 17 00:00:00 2001
From: Jon Wayne Parrott <jon.wayne.parrott@gmail.com>
Date: Fri, 22 Apr 2016 10:51:31 -0700
Subject: [PATCH] Adding compute auth examples

Change-Id: I90be79bf47428f1f98a1bb9f27b3cde507b94655
---
 compute/auth/access_token.py             | 78 ++++++++++++++++++++++++
 compute/auth/access_token_test.py        | 34 +++++++++++
 compute/auth/application_default.py      | 62 +++++++++++++++++++
 compute/auth/application_default_test.py | 18 ++++++
 compute/auth/requirements.txt            |  2 +
 5 files changed, 194 insertions(+)
 create mode 100644 compute/auth/access_token.py
 create mode 100644 compute/auth/access_token_test.py
 create mode 100644 compute/auth/application_default.py
 create mode 100644 compute/auth/application_default_test.py
 create mode 100644 compute/auth/requirements.txt

diff --git a/compute/auth/access_token.py b/compute/auth/access_token.py
new file mode 100644
index 000000000000..7091c6da16ec
--- /dev/null
+++ b/compute/auth/access_token.py
@@ -0,0 +1,78 @@
+#!/usr/bin/env python
+
+# Copyright 2016 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Example of authenticating using access tokens directly on Compute Engine.
+
+For more information, see the README.md under /compute.
+"""
+
+# [START all]
+
+import argparse
+
+import requests
+
+
+METADATA_URL = 'http://metadata.google.internal/computeMetadata/v1/'
+METADATA_HEADERS = {'Metadata-Flavor': 'Google'}
+SERVICE_ACCOUNT = 'default'
+
+
+def get_access_token():
+    url = '{}instance/service-accounts/{}/token'.format(
+        METADATA_URL, SERVICE_ACCOUNT)
+
+    # Request an access token from the metadata server.
+    r = requests.get(url, headers=METADATA_HEADERS)
+    r.raise_for_status()
+
+    # Extract the access token from the respose.
+    access_token = r.json()['access_token']
+
+    return access_token
+
+
+def list_buckets(project_id, access_token):
+    url = 'https://www.googleapis.com/storage/v1/b'
+    params = {
+        'project': project_id
+    }
+    headers = {
+        'Authenication': 'Bearer {}'.format(access_token)
+    }
+
+    r = requests.get(url, params=params, headers=headers)
+    r.raise_for_status()
+
+    return r.json()
+
+
+def main(project_id):
+    access_token = get_access_token()
+    buckets = list_buckets(project_id, access_token)
+    print(buckets)
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(
+        description=__doc__,
+        formatter_class=argparse.RawDescriptionHelpFormatter)
+    parser.add_argument('project_id', help='Your Google Cloud project ID.')
+
+    args = parser.parse_args()
+
+    main(args.project_id)
+# [END all]
diff --git a/compute/auth/access_token_test.py b/compute/auth/access_token_test.py
new file mode 100644
index 000000000000..0e2daa1ec9ef
--- /dev/null
+++ b/compute/auth/access_token_test.py
@@ -0,0 +1,34 @@
+# Copyright 2016, Google, Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import access_token
+import mock
+
+
+@mock.patch('access_token.requests')
+def test_main(requests_mock, cloud_config):
+    metadata_response = mock.Mock()
+    metadata_response.status_code = 200
+    metadata_response.json.return_value = {
+        'access_token': '123'
+    }
+    bucket_response = mock.Mock()
+    bucket_response.status_code = 200
+    bucket_response.json.return_value = [{'bucket': 'name'}]
+
+    requests_mock.get.side_effect = [
+        metadata_response, bucket_response]
+
+    access_token.main(cloud_config.project)
+
+    assert requests_mock.get.call_count == 2
diff --git a/compute/auth/application_default.py b/compute/auth/application_default.py
new file mode 100644
index 000000000000..5f7f1bb277fc
--- /dev/null
+++ b/compute/auth/application_default.py
@@ -0,0 +1,62 @@
+#!/usr/bin/env python
+
+# Copyright 2016 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Example of authenticating using Application Default Credentials on
+Compute Engine.
+
+For more information, see the README.md under /compute.
+"""
+
+# [START all]
+
+import argparse
+
+from googleapiclient import discovery
+from oauth2client.client import GoogleCredentials
+
+
+def create_service():
+    # Get the application default credentials. When running locally, these are
+    # available after running `gcloud auth`. When running on compute
+    # engine, these are available from the environment.
+    credentials = GoogleCredentials.get_application_default()
+
+    # Construct the service object for interacting with the Cloud Storage API -
+    # the 'storage' service, at version 'v1'.
+    return discovery.build('storage', 'v1', credentials=credentials)
+
+
+def list_buckets(service, project_id):
+    buckets = service.buckets().list(project=project_id).execute()
+    return buckets
+
+
+def main(project_id):
+    service = create_service()
+    buckets = list_buckets(service, project_id)
+    print(buckets)
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(
+        description=__doc__,
+        formatter_class=argparse.RawDescriptionHelpFormatter)
+    parser.add_argument('project_id', help='Your Google Cloud Project ID.')
+
+    args = parser.parse_args()
+
+    main(args.project_id)
+# [END all]
diff --git a/compute/auth/application_default_test.py b/compute/auth/application_default_test.py
new file mode 100644
index 000000000000..0336c329148b
--- /dev/null
+++ b/compute/auth/application_default_test.py
@@ -0,0 +1,18 @@
+# Copyright 2016, Google, Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from application_default import main
+
+
+def test_main(cloud_config):
+    main(cloud_config.project)
diff --git a/compute/auth/requirements.txt b/compute/auth/requirements.txt
new file mode 100644
index 000000000000..2de3cd956403
--- /dev/null
+++ b/compute/auth/requirements.txt
@@ -0,0 +1,2 @@
+requests==2.9.1
+google-api-python-client==1.5.0