8000 Cleaned up service account request code · chairy/python-docs-samples@36f7c0d · GitHub
[go: up one dir, main page]
Skip to content

Commit 36f7c0d

Browse files
engelkeengelke
committed
Cleaned up service account request code
1 parent 93d9319 commit 36f7c0d

File tree

1 file changed

+5
-14
lines changed

1 file changed

+5
-14
lines changed

iap/service_account_iap_request.py

Lines changed: 5 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
# See the License for the specific language governing permissions and
1414
# limitations under the License.rom googleapiclient import discovery
1515

16-
"""Use a service account to access an IAP protected resource"""
16+
"""Use a service account and key file to access an IAP protected resource"""
1717

1818

1919
def get_private_key(json_file_name):
@@ -25,7 +25,6 @@ def get_private_key(json_file_name):
2525
Returns:
2626
The private key from the file
2727
"""
28-
2928
import json
3029

3130
with open(json_file_name, 'r') as f:
@@ -41,7 +40,6 @@ def build_claim(client_id, service_account):
4140
client_id: the OAuth client ID. Available from API/Credentials console
4241
service_account: the service account email
4342
44-
4543
Returns:
4644
The claim
4745
"""
@@ -65,14 +63,14 @@ def create_assertion(claim, private_key):
6563
"""Creates an assertion - a signed claim of authorization
6664
6765
Args:
68-
claim: the claim to send to the OAuth2 service (from build_claim)
66+
claim: the claim to send to the OAuth2 service
6967
private_key: the service account's private key (in PEM format)
7068
7169
Returns:
7270
The assertion
7371
"""
7472
import jwt
75-
73+
7674
assertion = jwt.encode(
7775
claim,
7876
private_key,
@@ -86,13 +84,12 @@ def get_id_token(claim, private_key):
8684
"""Gets an OpenID Connect token for the given private key
8785
8886
Args:
89-
claim: the claim to send to the OAuth2 service (from build_claim)
87+
claim: the claim to send to the OAuth2 service
9088
private_key: the service account's private key (in PEM format)
9189
9290
Returns:
9391
An OpenID connect token to authenticate requests from the service acct
9492
"""
95-
9693
import json
9794
import requests
9895

@@ -109,8 +106,6 @@ def get_id_token(claim, private_key):
109106
}
110107
)
111108

112-
print(response.text)
113-
114109
id_token = response.json()['id_token']
115110
return id_token
116111

@@ -131,7 +126,6 @@ def request(client_id, service_account, private_key, method, url, **kwargs):
131126
Returns:
132127
The requests Response object from the request
133128
"""
134-
135129
import requests
136130

137131
# Add Authorization header using service account and client information
@@ -147,24 +141,21 @@ def request(client_id, service_account, private_key, method, url, **kwargs):
147141

148142

149143
def main():
150-
"""Make a GET request to the IAP-protected URL using service account creds
144+
"""Make a GET request to the IAP-protected URL using service account key
151145
"""
152146

153147
import argparse
154148

155149
parser = argparse.ArgumentParser(
156150
description='Call IAP protected resource with service account'
157151
)
158-
159152
parser.add_argument('client_id', help="The protected site's client ID")
160153
parser.add_argument('service_account', help="The service account's email")
161154
parser.add_argument('key_file', help="The service account's key file")
162155
parser.add_argument('url', help="URL to access")
163-
164156
args = parser.parse_args()
165157

166158
private_key = get_private_key(args.key_file)
167-
168159
response = request(
169160
args.client_id, args.service_account, private_key, 'GET', args.url
170161
)

0 commit comments

Comments
 (0)
0