diff options
| author | AlexSm <alex@ydb.tech> | 2023-12-27 23:31:58 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-27 23:31:58 +0100 |
| commit | d67bfb4b4b7549081543e87a31bc6cb5c46ac973 (patch) | |
| tree | 8674f2f1570877cb653e7ddcff37ba00288de15a /contrib/python/google-auth/py3/google/oauth2/service_account.py | |
| parent | 1f6bef05ed441c3aa2d565ac792b26cded704ac7 (diff) | |
| download | ydb-d67bfb4b4b7549081543e87a31bc6cb5c46ac973.tar.gz | |
Import libs 4 (#758)
Diffstat (limited to 'contrib/python/google-auth/py3/google/oauth2/service_account.py')
| -rw-r--r-- | contrib/python/google-auth/py3/google/oauth2/service_account.py | 35 |
1 files changed, 23 insertions, 12 deletions
diff --git a/contrib/python/google-auth/py3/google/oauth2/service_account.py b/contrib/python/google-auth/py3/google/oauth2/service_account.py index e08899f8e5..68db41af40 100644 --- a/contrib/python/google-auth/py3/google/oauth2/service_account.py +++ b/contrib/python/google-auth/py3/google/oauth2/service_account.py @@ -182,10 +182,7 @@ class Credentials( self._quota_project_id = quota_project_id self._token_uri = token_uri self._always_use_jwt_access = always_use_jwt_access - if not universe_domain: - self._universe_domain = _DEFAULT_UNIVERSE_DOMAIN - else: - self._universe_domain = universe_domain + self._universe_domain = universe_domain or _DEFAULT_UNIVERSE_DOMAIN if universe_domain != _DEFAULT_UNIVERSE_DOMAIN: self._always_use_jwt_access = True @@ -196,7 +193,7 @@ class Credentials( self._additional_claims = additional_claims else: self._additional_claims = {} - self._trust_boundary = "0" + self._trust_boundary = {"locations": [], "encoded_locations": "0x0"} @classmethod def _from_signer_and_info(cls, signer, info, **kwargs): @@ -328,6 +325,22 @@ class Credentials( cred._always_use_jwt_access = always_use_jwt_access return cred + def with_universe_domain(self, universe_domain): + """Create a copy of these credentials with the given universe domain. + + Args: + universe_domain (str): The universe domain value. + + Returns: + google.auth.service_account.Credentials: A new credentials + instance. + """ + cred = self._make_copy() + cred._universe_domain = universe_domain + if universe_domain != _DEFAULT_UNIVERSE_DOMAIN: + cred._always_use_jwt_access = True + return cred + def with_subject(self, subject): """Create a copy of these credentials with the specified subject. @@ -417,13 +430,11 @@ class Credentials( @_helpers.copy_docstring(credentials.Credentials) def refresh(self, request): - if ( - self._universe_domain != _DEFAULT_UNIVERSE_DOMAIN - and not self._jwt_credentials - ): - raise exceptions.RefreshError( - "self._jwt_credentials is missing for non-default universe domain" - ) + if self._always_use_jwt_access and not self._jwt_credentials: + # If self signed jwt should be used but jwt credential is not + # created, try to create one with scopes + self._create_self_signed_jwt(None) + if self._universe_domain != _DEFAULT_UNIVERSE_DOMAIN and self._subject: raise exceptions.RefreshError( "domain wide delegation is not supported for non-default universe domain" |