From 4b74fcd721c0729ed2bf0ca8a38ca927677e58da Mon Sep 17 00:00:00 2001 From: "hinoka@google.com" Date: Fri, 10 Jan 2014 23:36:24 +0000 Subject: [PATCH] Force download_from_google_storage --config to produce a read-only token When download_from_google_storage --config is run, it should be implied that the user just wants to download, not upload. This change passes the '-r' flag into gsutil config, which requests a read-only scoped token rather than write token. This is saved in ~/.boto.depot_tools so that it doesn't conflict with a ~/.boto file crated later that may have write permissions. BUG= Review URL: https://codereview.chromium.org/135153002 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@244276 0039d316-1c4b-4281-b951-d872f2087c98 --- download_from_google_storage.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/download_from_google_storage.py b/download_from_google_storage.py index a51b16a25..bfb1b3c1c 100755 --- a/download_from_google_storage.py +++ b/download_from_google_storage.py @@ -325,7 +325,8 @@ def main(args): parser.add_option('-g', '--config', action='store_true', help='Alias for "gsutil config". Run this if you want ' 'to initialize your saved Google Storage ' - 'credentials.') + 'credentials. This will create a read-only ' + 'credentials file in ~/.boto.depot_tools.') parser.add_option('-n', '--no_auth', action='store_true', help='Skip auth checking. Use if it\'s known that the ' 'target bucket is a public bucket.') @@ -361,7 +362,8 @@ def main(args): # Passing in -g/--config will run our copy of GSUtil, then quit. if options.config: - return gsutil.call('config') + return gsutil.call('config', '-r', '-o', + os.path.expanduser('~/.boto.depot_tools')) if not args: parser.error('Missing target.')