HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/current/platform/bq/auth/
Upload Files
File: //snap/google-cloud-cli/current/platform/bq/auth/main_credential_loader.py
#!/usr/bin/env python
"""Utilities to create Google Auth credentials."""

import logging
from typing import Union

from absl import app
from google.auth.compute_engine import credentials as compute_engine
from google.oauth2 import credentials as google_oauth2
from google.oauth2 import service_account

import bq_auth_flags
import bq_flags
import bq_utils
from auth import gcloud_credential_loader
from utils import bq_error


GoogleAuthCredentialsUnionType = Union[
    google_oauth2.Credentials,
    service_account.Credentials,
    compute_engine.Credentials,
]


def GetCredentialsFromFlags() -> GoogleAuthCredentialsUnionType:
  """Returns credentials based on BQ CLI auth flags.

  Returns: An OAuth2, compute engine, or service account credentials objects
  based on BQ CLI auth flag values.

  Raises:
  app.UsageError, invalid flag values.
  bq_error.BigqueryError, error getting credentials.
  """
  if bq_auth_flags.APPLICATION_DEFAULT_CREDENTIAL_FILE.value:
    raise app.UsageError(
        'The --application_default_credential_file flag is being deprecated.'
        ' For now, this flag can still be used by forcing the legacy'
        ' authentication library with --nouse_google_auth.'
    )
  if (
      bq_auth_flags.SERVICE_ACCOUNT_PRIVATE_KEY_PASSWORD.default
      != bq_auth_flags.SERVICE_ACCOUNT_PRIVATE_KEY_PASSWORD.value
  ):
    raise app.UsageError(bq_error.P12_DEPRECATION_MESSAGE)

  if bq_auth_flags.OAUTH_ACCESS_TOKEN.value:
    logging.info('Loading auth credentials from --oauth_access_token')
    return google_oauth2.Credentials(
        token=bq_auth_flags.OAUTH_ACCESS_TOKEN.value,
        quota_project_id=bq_utils.GetResolvedQuotaProjectID(
            bq_auth_flags.QUOTA_PROJECT_ID.value, bq_flags.PROJECT_ID.value
        ),
    )
  else:
    logging.info('No `oauth_access_token`, load credentials elsewhere')

  if bq_auth_flags.USE_GCE_SERVICE_ACCOUNT.value:
    logging.info('Loading auth credentials with --use_gce_service_account')
    return compute_engine.Credentials(
        quota_project_id=bq_utils.GetResolvedQuotaProjectID(
            bq_auth_flags.QUOTA_PROJECT_ID.value, bq_flags.PROJECT_ID.value
        ),
    )
  else:
    logging.info('No `use_gce_service_account`, load credentials elsewhere')

  if bq_auth_flags.SERVICE_ACCOUNT.value:
    raise app.UsageError(
        'The flag --service_account is not supported. '
        'To use a service account please follow'
        ' https://cloud.google.com/docs/authentication/'
        'use-service-account-impersonation#gcloud-config.'
    )


  return gcloud_credential_loader.LoadCredential()
@ Telegram