iterative / PyDrive2

Google Drive API Python wrapper library. Maintained fork of PyDrive.
https://docs.iterative.ai/PyDrive2
Other
580 stars 69 forks source link

Migrating to Google Auth Library #221

Closed junpeng-jp closed 1 year ago

junpeng-jp commented 2 years ago

Summary of changes

89

89

173

Removing manual refresh & authorization header injection code as this is now handle by the Google Auth library

junpeng-jp commented 2 years ago

@shcheklein I've raise a new PR above. Please do take a look when you have time

shcheklein commented 2 years ago

@junpeng-jp hey, sure. Please don't hesitate to Request a review via a link at the top. Otherwise it was not clear if it's still in progress or not. Thanks again for the effort. I'll try to find time to review it this week.

junpeng-jp commented 2 years ago

@shcheklein Not sure why but I don't see a button to request a reviewer for this PR. Are you able to help me here?

Screenshot of what I see below image

shcheklein commented 2 years ago

@junpeng-jp ah, no worries. If it doesn't work- that's fine. Just ping me in the comment.

Sorry for the delay, this PR needs more attention and I need to find time to check it out.

lappazos commented 2 years ago

@shcheklein @junpeng-jp any update on this PR? I really need the automatic auth using GCP service account credentials.

shcheklein commented 2 years ago

@lappazos please give it a try https://docs.iterative.ai/PyDrive2/oauth/#authentication-with-a-service-account . You don't need to wait for this PR to be merged.

lappazos commented 1 year ago

@shcheklein so i did - i couldn't find where this function is implemented. i tried to implement it by myself (copy pate), but the GCP environment couldn't find the "client_json_file_path": "service-secrets.json",

shcheklein commented 1 year ago

@lappazos please, let's move this to a separate issue/discussion. This is not related I think to this PR.

lappazos commented 1 year ago

@junpeng-jp @shcheklein is this PR stuck?

shcheklein commented 1 year ago

Closing as stale

el-abcd commented 12 months ago

Just noting that it would be nice if this PR can be "brought back to life/completed" to enable features like "service account impersonation", etc.

Background: I was working on a small hobby project (and attempting to learn some of the "best practices" for service accounts/authentication, etc.).

IIUC, it seems like using "service account impersonation" is preferred to downloading a "service account key", as the key is long-lived, requires manual rotation, etc. Whereas "impersonation" allows you to just fetch a temporary token for the service account (using your existing user credentials) service account key

While I'm not 100% certain it is required, I think that using the updated google oauth libraries are probably the best way to enable these features.
And I did have success using the https://github.com/junpeng-jp/PyDrive2 fork for this...

I was able to get it running locally (using mostly default settings for PyDrive2, and creating "impersonated application-default credentials" with:

gcloud auth application-default login --impersonate-service-account SERVICE_ACCT_EMAIL

To make the "application default credentials" be the "impersonated service account" ones.

I was ALSO able to get a test version running on a google cloud run container (where a google managed "service account" is used to run the service, and I was able to get that service account to "impersonate" an existing service account (which already has access to certain drive folders) and get things working that way also. It did require a bit of work (monkey patching the GoogleAuth.ServiceAuth() method to set self._credential to be the impersonated one). I think that would be a "fairly small update" to allow impersonated service accounts cleanly (if this PR is revived).

At any rate, just noting that this PR does appear to be pretty useful, and hoping that this can be brought back to life / completed (as it appears to be pretty far along / functional).

Eric