Use a default all scopes to create credentials.
Seperate scopes for each api call will ask user to go oauth2 flow
multiple times.This cl try to use a default all scopes to create
credential and reuse it for all cloud api call.
Bug: 118287079
Test: rm ~/.acloud_oauth2.dat &&
run acloud create/delete cmd only see oauth2 flow once
atest acloud_test
Change-Id: Ie8a204c8825b82e300a5f5e4dba548658dc8a45f
diff --git a/internal/lib/auth.py b/internal/lib/auth.py
index 09cfcba..966e72e 100644
--- a/internal/lib/auth.py
+++ b/internal/lib/auth.py
@@ -51,6 +51,14 @@
logger = logging.getLogger(__name__)
HOME_FOLDER = os.path.expanduser("~")
+# If there is no specific scope use case, we will always use this default full
+# scopes to run CreateCredentials func and user will only go oauth2 flow once
+# after login with this full scopes credentials.
+_ALL_SCOPES = " ".join(["https://www.googleapis.com/auth/compute",
+ "https://www.googleapis.com/auth/logging.write",
+ "https://www.googleapis.com/auth/androidbuild.internal",
+ "https://www.googleapis.com/auth/devstorage.read_write",
+ "https://www.googleapis.com/auth/userinfo.email"])
def _CreateOauthServiceAccountCreds(email, private_key_path, scopes):
@@ -77,7 +85,7 @@
" error message: %s" % (private_key_path, str(e)))
return credentials
-
+# pylint: disable=invalid-name
def _CreateOauthServiceAccountCredsWithJsonKey(json_private_key_path, scopes):
"""Create credentials with a normal service account from json key file.
@@ -173,9 +181,13 @@
return _RunAuthFlow(storage, client_id, client_secret, user_agent, scopes)
-def CreateCredentials(acloud_config, scopes):
+def CreateCredentials(acloud_config, scopes=_ALL_SCOPES):
"""Create credentials.
+ If no specific scope provided, we create a full scopes credentials for
+ authenticating and user will only go oauth2 flow once after login with
+ full scopes credentials.
+
Args:
acloud_config: An AcloudConfig object.
scopes: A string representing for scopes, separted by space,