我们从Python开源项目中,提取了以下14个代码示例,用于说明如何使用google.appengine.api.app_identity.get_service_account_name()。
def get(self): auth_token, _ = app_identity.get_access_token( 'https://www.googleapis.com/auth/cloud-platform') logging.info( 'Using token {} to represent identity {}'.format( auth_token, app_identity.get_service_account_name())) response = urlfetch.fetch( 'https://www.googleapis.com/storage/v1/b?project={}'.format( app_identity.get_application_id()), method=urlfetch.GET, headers={ 'Authorization': 'Bearer {}'.format(auth_token) } ) if response.status_code != 200: raise Exception( 'Call failed. Status code {}. Body {}'.format( response.status_code, response.content)) result = json.loads(response.content) self.response.headers['Content-Type'] = 'application/json' self.response.write(json.dumps(result, indent=2))
def service_account_email(self): """Get the email for the current service account. Returns: string, The email associated with the Google App Engine service account. """ if self._service_account_email is None: self._service_account_email = ( app_identity.get_service_account_name()) return self._service_account_email
def create_custom_token(uid, valid_minutes=60): """Create a secure token for the given id. This method is used to create secure custom JWT tokens to be passed to clients. It takes a unique id (uid) that will be used by Firebase's security rules to prevent unauthorized access. In this case, the uid will be the channel id which is a combination of user_id and game_key """ # use the app_identity service from google.appengine.api to get the # project's service account email automatically client_email = app_identity.get_service_account_name() now = int(time.time()) # encode the required claims # per https://firebase.google.com/docs/auth/server/create-custom-tokens payload = base64.b64encode(json.dumps({ 'iss': client_email, 'sub': client_email, 'aud': _IDENTITY_ENDPOINT, 'uid': uid, # the important parameter, as it will be the channel id 'iat': now, 'exp': now + (valid_minutes * 60), })) # add standard header to identify this as a JWT header = base64.b64encode(json.dumps({'typ': 'JWT', 'alg': 'RS256'})) to_sign = '{}.{}'.format(header, payload) # Sign the jwt using the built in app_identity service return '{}.{}'.format(to_sign, base64.b64encode( app_identity.sign_blob(to_sign)[1]))
def service_account_email(self): """The service account email.""" if self._service_account_id is None: self._service_account_id = app_identity.get_service_account_name() return self._service_account_id
def sign_gcs_url(gcs_filename, expires_after_seconds=6): """ cloudstorage signed url to download cloudstorage object without login Docs : https://cloud.google.com/storage/docs/access-control?hl=bg#Signed-URLs API : https://cloud.google.com/storage/docs/reference-methods?hl=bg#getobject """ GCS_API_ACCESS_ENDPOINT = 'https://storage.googleapis.com' google_access_id = app_identity.get_service_account_name() method = 'GET' content_md5, content_type = None, None # expiration : number of seconds since epoch expiration_dt = datetime.utcnow() + timedelta( seconds=expires_after_seconds) expiration = int(time.mktime(expiration_dt.timetuple())) # Generate the string to sign. signature_string = '\n'.join([ method, content_md5 or '', content_type or '', str(expiration), gcs_filename]) signature_bytes = app_identity.sign_blob(str(signature_string))[1] # Set the right query parameters. we use a gae service account for the id query_params = {'GoogleAccessId': google_access_id, 'Expires': str(expiration), 'Signature': base64.b64encode(signature_bytes)} # Return the built URL. result = '{endpoint}{resource}?{querystring}'.format( endpoint=GCS_API_ACCESS_ENDPOINT, resource=gcs_filename, querystring=urllib.urlencode(query_params)) return str(result)
