-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathterra_auth.py
70 lines (56 loc) · 2.92 KB
/
terra_auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
"""
Support for auth with Terra backend services.
"""
from azure.core.exceptions import ClientAuthenticationError
from google.auth.exceptions import DefaultCredentialsError
from terra_notebook_utils import azure_auth, gs, ExecutionPlatform
from terra_notebook_utils.logger import logger
from terra_notebook_utils.utils import get_execution_context
class AuthenticationError(Exception):
pass
class TerraAuthTokenProvider:
"""
Provides auth bearer tokens suitable for use with Terra backend services.
"""
def __init__(self):
self.execution_context = get_execution_context()
@staticmethod
def _identify_valid_access_token() -> str:
"""
Try to obtain an auth bearer token suitable for use with Terra backend services
from the Terra supported auth providers. First try Google, then try Azure.
Return the first successfully obtained token, otherwise raise AuthenticationError.
:return: auth bearer token suitable for use with Terra backend services
:raises: AuthenticationError
"""
try:
logger.debug("Attempting to obtain a Google access token to use with Terra backend services.")
google_token = gs.get_access_token()
logger.debug("Using Google access token to use with Terra backend services.")
return google_token
except DefaultCredentialsError as ex:
logger.debug("Failed to obtain a Google access token to use with Terra backend services.", exc_info=ex)
try:
logger.debug("Attempting to obtain a Azure access token to use with Terra backend services.")
azure_token = azure_auth.get_azure_access_token()
logger.debug("Using Azure access token to use with Terra backend services.")
return azure_token
except ClientAuthenticationError as ex:
logger.debug("Failed to obtain a Azure access token to use with Terra backend services.", exc_info=ex)
raise AuthenticationError("Failed to obtain a Google or Azure token to auth with Terra backend services.")
def get_terra_access_token(self) -> str:
if self.execution_context.execution_platform == ExecutionPlatform.GOOGLE:
logger.debug("Using Google default credentials to auth with Terra services.")
return gs.get_access_token()
elif self.execution_context.execution_platform == ExecutionPlatform.AZURE:
logger.debug("Using Azure default credentials to auth with Terra services.")
return azure_auth.get_azure_access_token()
else:
return self._identify_valid_access_token()
# Single instance of TerraAuthTokenProvider.
TERRA_AUTH_TOKEN_PROVIDER = TerraAuthTokenProvider()
def get_terra_access_token() -> str:
""" Return an auth bearer token suitable for use with Terra backend services.
:raises: AuthenticationError
"""
return TERRA_AUTH_TOKEN_PROVIDER.get_terra_access_token()