Merge pull request #840 from dhermes/create-scoped-help

Adding scope to credentials in Connection constructors.

Author: dhermes

gcloud/connection.py

@@ -21,7 +21,6 @@
 
 import httplib2
 
-from gcloud.credentials import get_credentials
 from gcloud.exceptions import make_exception
 
 
@@ -94,6 +93,25 @@ def http(self):
                 self._http = self._credentials.authorize(self._http)
         return self._http
 
+    @staticmethod
+    def _create_scoped_credentials(credentials, scope):
+        """Create a scoped set of credentials if it is required.
+
+        :type credentials: :class:`oauth2client.client.OAuth2Credentials` or
+                           :class:`NoneType`
+        :param credentials: The OAuth2 Credentials to add a scope to.
+
+        :type scope: list of URLs
+        :param scope: the effective service auth scopes for the connection.
+
+        :rtype: :class:`oauth2client.client.OAuth2Credentials` or
+                :class:`NoneType`
+        :returns: A new credentials object that has a scope added (if needed).
+        """
+        if credentials and credentials.create_scoped_required():
+            credentials = credentials.create_scoped(scope)
+        return credentials
+
 
 class JSONConnection(Connection):
     """A connection to a Google JSON-based API.
@@ -320,20 +338,3 @@ def api_request(self, method, path, query_params=None,
             return json.loads(content)
 
         return content
-
-
-def get_scoped_connection(klass, scopes):
-    """Create a scoped connection to GCloud.
-
-    :type klass: subclass of :class:`gcloud.connection.Connection`
-    :param klass: the specific ``Connection`` class to instantiate.
-
-    :type scopes: list of URLs
-    :param scopes: the effective service auth scopes for the connection.
-
-    :rtype: instance of ``klass``
-    :returns: A connection defined with the proper credentials.
-    """
-    implicit_credentials = get_credentials()
-    scoped_credentials = implicit_credentials.create_scoped(scopes)
-    return klass(credentials=scoped_credentials)

gcloud/datastore/__init__.py

@@ -48,7 +48,6 @@
   when race conditions may occur.
 """
 
-from gcloud.datastore._implicit_environ import SCOPE
 from gcloud.datastore._implicit_environ import get_connection
 from gcloud.datastore._implicit_environ import get_default_connection
 from gcloud.datastore._implicit_environ import get_default_dataset_id
@@ -59,6 +58,7 @@
 from gcloud.datastore.api import get
 from gcloud.datastore.api import put
 from gcloud.datastore.batch import Batch
+from gcloud.datastore.connection import SCOPE
 from gcloud.datastore.connection import Connection
 from gcloud.datastore.dataset import Dataset
 from gcloud.datastore.entity import Entity

gcloud/datastore/_implicit_environ.py

@@ -23,14 +23,10 @@
 from gcloud._helpers import _app_engine_id
 from gcloud._helpers import _compute_engine_id
 from gcloud._helpers import _lazy_property_deco
-from gcloud.connection import get_scoped_connection
+from gcloud.credentials import get_credentials
 from gcloud.datastore.connection import Connection
 
 
-SCOPE = ('https://www.googleapis.com/auth/datastore',
-         'https://www.googleapis.com/auth/userinfo.email')
-"""The scopes required for authenticating as a Cloud Datastore consumer."""
-
 _DATASET_ENV_VAR_NAME = 'GCLOUD_DATASET_ID'
 _GCD_DATASET_ENV_VAR_NAME = 'DATASTORE_DATASET'
 
@@ -126,7 +122,8 @@ def get_connection():
     :rtype: :class:`gcloud.datastore.connection.Connection`
     :returns: A connection defined with the proper credentials.
     """
-    return get_scoped_connection(Connection, SCOPE)
+    credentials = get_credentials()
+    return Connection(credentials=credentials)
 
 
 def set_default_connection(connection=None):

gcloud/datastore/connection.py

@@ -21,6 +21,10 @@
 from gcloud.datastore import _datastore_v1_pb2 as datastore_pb
 
 
+SCOPE = ('https://www.googleapis.com/auth/datastore',
+         'https://www.googleapis.com/auth/userinfo.email')
+"""The scopes required for authenticating as a Cloud Datastore consumer."""
+
 _GCD_HOST_ENV_VAR_NAME = 'DATASTORE_HOST'
 
 
@@ -46,6 +50,7 @@ class Connection(connection.Connection):
     """A template for the URL of a particular API call."""
 
     def __init__(self, credentials=None, http=None, api_base_url=None):
+        credentials = self._create_scoped_credentials(credentials, SCOPE)
         super(Connection, self).__init__(credentials=credentials, http=http)
         if api_base_url is None:
             api_base_url = os.getenv(_GCD_HOST_ENV_VAR_NAME,

gcloud/datastore/test__implicit_environ.py

@@ -305,7 +305,7 @@ def _callFUT(self):
 
     def test_it(self):
         from gcloud import credentials
-        from gcloud.datastore._implicit_environ import SCOPE
+        from gcloud.datastore.connection import SCOPE
         from gcloud.datastore.connection import Connection
         from gcloud.test_credentials import _Client
         from gcloud._testing import _Monkey

gcloud/datastore/test_connection.py

@@ -97,7 +97,12 @@ def test_ctor_defaults(self):
         self.assertEqual(conn.credentials, None)
 
     def test_ctor_explicit(self):
-        creds = object()
+        class Creds(object):
+
+            def create_scoped_required(self):
+                return False
+
+        creds = Creds()
         conn = self._makeOne(creds)
         self.assertTrue(conn.credentials is creds)
 
@@ -122,6 +127,10 @@ class Creds(object):
             def authorize(self, http):
                 self._called_with = http
                 return authorized
+
+            def create_scoped_required(self):
+                return False
+
         creds = Creds()
         conn = self._makeOne(creds)
         self.assertTrue(conn.http is authorized)

gcloud/pubsub/__init__.py

@@ -26,20 +26,17 @@
 
 from gcloud._helpers import get_default_project
 from gcloud._helpers import set_default_project
-from gcloud.connection import get_scoped_connection
+from gcloud.credentials import get_credentials
 from gcloud.pubsub import _implicit_environ
 from gcloud.pubsub._implicit_environ import get_default_connection
 from gcloud.pubsub.api import list_subscriptions
 from gcloud.pubsub.api import list_topics
+from gcloud.pubsub.connection import SCOPE
 from gcloud.pubsub.connection import Connection
 from gcloud.pubsub.subscription import Subscription
 from gcloud.pubsub.topic import Topic
 
 
-SCOPE = ('https://www.googleapis.com/auth/pubsub',
-         'https://www.googleapis.com/auth/cloud-platform')
-
-
 def set_default_connection(connection=None):
     """Set default connection either explicitly or implicitly as fall-back.
 
@@ -78,4 +75,5 @@ def get_connection():
     :rtype: :class:`gcloud.pubsub.connection.Connection`
     :returns: A connection defined with the proper credentials.
     """
-    return get_scoped_connection(Connection, SCOPE)
+    credentials = get_credentials()
+    return Connection(credentials=credentials)

gcloud/pubsub/connection.py

@@ -17,6 +17,11 @@
 from gcloud import connection as base_connection
 
 
+SCOPE = ('https://www.googleapis.com/auth/pubsub',
+         'https://www.googleapis.com/auth/cloud-platform')
+"""The scopes required for authenticating as a Cloud Pub/Sub consumer."""
+
+
 class Connection(base_connection.JSONConnection):
     """A connection to Google Cloud Pubsub via the JSON REST API."""
 
@@ -28,3 +33,7 @@ class Connection(base_connection.JSONConnection):
 
     API_URL_TEMPLATE = '{api_base_url}/{api_version}{path}'
     """A template for the URL of a particular API call."""
+
+    def __init__(self, credentials=None, http=None):
+        credentials = self._create_scoped_credentials(credentials, SCOPE)
+        super(Connection, self).__init__(credentials=credentials, http=http)

gcloud/storage/__init__.py

@@ -43,7 +43,6 @@
 from gcloud._helpers import get_default_project
 from gcloud._helpers import set_default_project
 from gcloud.storage import _implicit_environ
-from gcloud.storage._implicit_environ import SCOPE
 from gcloud.storage._implicit_environ import get_connection
 from gcloud.storage._implicit_environ import get_default_bucket
 from gcloud.storage._implicit_environ import get_default_connection
@@ -55,6 +54,7 @@
 from gcloud.storage.batch import Batch
 from gcloud.storage.blob import Blob
 from gcloud.storage.bucket import Bucket
+from gcloud.storage.connection import SCOPE
 from gcloud.storage.connection import Connection
 
 

gcloud/storage/_implicit_environ.py

@@ -20,15 +20,10 @@
 
 
 from gcloud._helpers import _lazy_property_deco
-from gcloud.connection import get_scoped_connection
+from gcloud.credentials import get_credentials
 from gcloud.storage.connection import Connection
 
 
-SCOPE = ('https://www.googleapis.com/auth/devstorage.full_control',
-         'https://www.googleapis.com/auth/devstorage.read_only',
-         'https://www.googleapis.com/auth/devstorage.read_write')
-
-
 class _DefaultsContainer(object):
     """Container for defaults.
 
@@ -83,7 +78,8 @@ def get_connection():
     :rtype: :class:`gcloud.storage.connection.Connection`
     :returns: A connection defined with the proper credentials.
     """
-    return get_scoped_connection(Connection, SCOPE)
+    credentials = get_credentials()
+    return Connection(credentials=credentials)
 
 
 def set_default_connection(connection=None):