|
|
|
|
Name: gsutil
|
|
|
|
|
URL: https://github.com/GoogleCloudPlatform/gsutil
|
|
|
|
|
Version: 3.25
|
|
|
|
|
License: Apache 2.0
|
|
|
|
|
|
|
|
|
|
Description:
|
|
|
|
|
Set of tools to allow querying, uploading, and downloading objects from
|
|
|
|
|
Google Storage.
|
|
|
|
|
|
|
|
|
|
Modifications:
|
|
|
|
|
* Removed gsutil/gslib/commands/test.py
|
|
|
|
|
* Removed gsutil/pkg_gen.sh
|
|
|
|
|
* Removed gsutil/gslib/tests/
|
|
|
|
|
* Moved gsutil/boto as a depot_tools third_party lib
|
|
|
|
|
* Moved gsutil/third_party into our own third_party directory
|
|
|
|
|
* Append sys.path in gsutil/gsutil to find the moved third_party modules
|
|
|
|
|
* Removed oauth2_client certificate SHA1 check
|
Adds SSO auth to gsutil
Code path:
1. plugins.sso_auth is imported, which adds the AuthHandler class to the global state.
2. HasConfiguredCredentials() in gslib/utils.py is called by gsutil, and will return true if "prodaccess" exists on the system, which tells the system that we don't want a no-op auth handler.
3. When a command is called, all the auth handlers are cycled through and sso_auth.SSOAuth is called, which calls a stubby command to emit a gaiamint'ed oauth2 access token, which is then used as the Authorization Header
if --bypass_prodaccess is passed in, then:
1. HasConfiguredCredentials() will bypass the check for prodaccess, as if it didn't exist.
2. plugins.sso_auth does not get imported.
Which will essentially cause gsutil to behave as if this patch never existed.
So the expected behavior is:
=.boto file does not exist, prodaccess exists, but unauthenticated=
Failure: No handler was ready to authenticate. 3 handlers were checked. ['OAuth2Auth', 'HmacAuthV1Handler', 'SSOAuth'] Check your credentials.
=.boto file exists, prodaccess exists, but unauthenticated=
sso_auth will raise NotReadyToAuthenticate, and the .boto file will be used instead
=.boto file exists, prodaccess exists, authenticated=
sso_auth will be run _after_ the default gsutil authenticator, which causes the sso_auth to be used over whatever the default authentication is.
bypass_prodaccess is passed in by default to upload_to_google_storage because we expect people who use upload_to_google_storage to not need prodaccess and have their own boto file already. Also the sso_auth plugin will only request a readonlyi token, which will not work for uploading.
BUG=258152
Review URL: https://codereview.chromium.org/86123002
git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@240266 0039d316-1c4b-4281-b951-d872f2087c98
11 years ago
|
|
|
* Removed code to remove http_proxy before boto.config invocation.
|
|
|
|
|
* Added and imports gsutil/plugins/sso_auth.py to support prodaccess
|
|
|
|
|
based authentication.
|
|
|
|
|
* Added flag to bypass prodaccess authentication.
|
|
|
|
|
* Remove autolaunching the browser during gsutil config.
|
|
|
|
|
* Remove prompt for default project ID (Defaults to "0" now).
|
|
|
|
|
|
|
|
|
|
Full license is in the COPYING file.
|
