mik-laj commented on a change in pull request #9848: URL: https://github.com/apache/airflow/pull/9848#discussion_r458638921
########## File path: airflow/providers/google/common/utils/id_token_credentials.py ########## @@ -0,0 +1,215 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +""" +You can execute this module to get ID Token. + + python -m airflow.providers.google.common.utils.id_token_credentials_provider + +To obtain info about this token, run the following commands: + + ID_TOKEN="$(python -m airflow.providers.google.common.utils.id_token_credentials_provider)" + curl "https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${ID_TOKEN}"; -v +""" + +import json +import os +from typing import Optional + +import google.auth.transport +from google.auth import credentials as google_auth_credentials, environment_vars, exceptions +from google.auth._default import _AUTHORIZED_USER_TYPE, _HELP_MESSAGE, _SERVICE_ACCOUNT_TYPE, _VALID_TYPES +from google.oauth2 import credentials as oauth2_credentials + + +class IDTokenCredentialsAdapter(google_auth_credentials.Credentials): + """Convert Credentials with "openid" scope to IDTokenCredentials.""" + + def __init__(self, credentials: oauth2_credentials.Credentials): + super().__init__() + self.credentials = credentials + self.token = credentials.id_token + + @property + def expired(self): + return self.credentials.expired + + def refresh(self, request): + self.credentials.refresh(request) + self.token = self.credentials.id_token + + +def _load_credentials_from_file( + filename: str, target_audience: Optional[str] +) -> Optional[google_auth_credentials.Credentials]: + """ + Loads credentials from a file. + + The credentials file must be a service account key or a stored authorized user credential. + + :param filename: The full path to the credentials file. + :type filename: str + :return Loaded credentials + :rtype google.auth.credentials.Credentials + :raise google.auth.exceptions.DefaultCredentialsError: if the file is in the wrong format or is missing. + """ + if not os.path.exists(filename): + raise exceptions.DefaultCredentialsError(f"File {filename} was not found.") + + with open(filename) as file_obj: + try: + info = json.load(file_obj) + except json.JSONDecodeError: + raise exceptions.DefaultCredentialsError(f"File {filename} is not a valid json file.") Review comment: I do it. https://www.python.org/dev/peps/pep-3134/ ```python try: raise Exception("AAA") except: raise Exception("BBB") ``` ``` Traceback (most recent call last): File "a.py", line 4, in <module> raise Exception("AAA") Exception: AAA During handling of the above exception, another exception occurred: Traceback (most recent call last): File "a.py", line 6, in <module> raise Exception("BBB") Exception: BBB ``` Did I miss something? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
