The Telemetry workflow happily uses this gsutil to download artifacts, but they would also like to use the same workflow to upload artifacts.
I don't see a big harm in enabling read_write access for prodaccess based gsutil since its already more restrictive than the normal gsutil auth flow. I could also be convinced to make this full_control, but that need has not arisen yet.
BUG= 341665
Review URL: https://codereview.chromium.org/148203012
git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@259761 0039d316-1c4b-4281-b951-d872f2087c98
By default, if loasd is not running, loas_check retries twice, waiting 5 seconds between retries. This is in case loasd is restarting due to reinstallation. Unfortunately, if the user has never run prodaccess, this check takes an extra 10 seconds. So, just disable the retries.
BUG=
Review URL: https://codereview.chromium.org/137853024
git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@245399 0039d316-1c4b-4281-b951-d872f2087c98
Code path:
1. plugins.sso_auth is imported, which adds the AuthHandler class to the global state.
2. HasConfiguredCredentials() in gslib/utils.py is called by gsutil, and will return true if "prodaccess" exists on the system, which tells the system that we don't want a no-op auth handler.
3. When a command is called, all the auth handlers are cycled through and sso_auth.SSOAuth is called, which calls a stubby command to emit a gaiamint'ed oauth2 access token, which is then used as the Authorization Header
if --bypass_prodaccess is passed in, then:
1. HasConfiguredCredentials() will bypass the check for prodaccess, as if it didn't exist.
2. plugins.sso_auth does not get imported.
Which will essentially cause gsutil to behave as if this patch never existed.
So the expected behavior is:
=.boto file does not exist, prodaccess exists, but unauthenticated=
Failure: No handler was ready to authenticate. 3 handlers were checked. ['OAuth2Auth', 'HmacAuthV1Handler', 'SSOAuth'] Check your credentials.
=.boto file exists, prodaccess exists, but unauthenticated=
sso_auth will raise NotReadyToAuthenticate, and the .boto file will be used instead
=.boto file exists, prodaccess exists, authenticated=
sso_auth will be run _after_ the default gsutil authenticator, which causes the sso_auth to be used over whatever the default authentication is.
bypass_prodaccess is passed in by default to upload_to_google_storage because we expect people who use upload_to_google_storage to not need prodaccess and have their own boto file already. Also the sso_auth plugin will only request a readonlyi token, which will not work for uploading.
BUG=258152
Review URL: https://codereview.chromium.org/86123002
git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@240266 0039d316-1c4b-4281-b951-d872f2087c98
hinoka@google.com
dtu@chromium.org
hinoka@chromium.org