Credential¶
- class geodesic.account.credentials.Credential(**credential)[source]¶
Bases:
geodesic.bases._APIObject
Credentials to access secure resources such as a cloud storage bucket. Credentials have a name, type and data. Credentials can be created or deleted but not accessed again except by internal services. This is for security reasons. Credentials are stored using symmetric PGP encryption at rest.
- uid¶
(str) - the unique ID for this credential. Set automatically
Descriptor:
_StringDescr
- name¶
(str) - the name of this credential. Unique to the user and how a user will typically reference it
Descriptor:
_StringDescr
- type¶
(str) - the type of the credential. Supported types are SERVICE_ACCOUNT_KEY, AWS_KEY_PAIR, AZURE_ACCESS_KEY, JWT, OAUTH2_CLIENT_CREDENTIALS, OAUTH2_REFRESH_TOKEN, BASIC_AUTH, API_KEY, DOCKER_PULL
Descriptor:
_StringDescr
- from_docker_registry(*, username, host, email, password=None)[source]¶
creates a new Docker Pull Credential for a Docker Registry
Creates a Credential object that allows internal resources to pull a container image from a registry. Most registries support this method of pulling images and specifically this is how this is done in Kubernetes in most cases.
Details for GCP/GCR: https://cloud.google.com/container-registry/docs/advanced-authentication#json-key
- Parameters
name – the name of the Credential to create
username – the username (varies by registry provider, username for Dockerhub, “_json_key” for GCR, etc)
host – the hostname for the registry (e.g. https://docker.io)
email – the email address associated with this account
password – the password or token for this account
- Returns
a new Credential object that can be saved to the backend.
- static from_gcp_service_account(*, name, key=None)[source]¶
creates new GCP Service Account Credential
Creates a new Credential object for a GCP Service Account (e.g. Google Earth Engine, BigQuery, etc)
- Parameters
name – the name of the Credential to create
key – the full service account, either a string or dict. If None, user will be prompted via stdin
- Returns
a new Credential object that can be saved to backend
- static from_aws_key_pair(*, name, aws_access_key_id, aws_secret_access_key=None)[source]¶
creates new AWS Key Pair Credential
Creates a new Credential object for an AWS Key Pair (such as from an IAM User)
- Parameters
name – the name of the Credential to create
aws_access_key_id – the access key id
aws_secret_access_key – the secret key. If None, user will be prompted via stdin.
- Returns
a new Credential object that can be saved to backend
- static from_azure_storage_account(*, name, account_name, account_key=None)[source]¶
creates new Azure Storage Account Credential
Creates a new Credential object for an Azure Storage Account (e.g. Blob storage)
- Parameters
name – the name of the Credential to create
account_name – the Azure account name
account_key – the secret key for the account. If None, user will be prompted via stdin.
- Returns
a new Credential object that can be saved to backend
- static from_azure_connection_string(*, name, connection_string=None)[source]¶
creates new Azure Storage Account Credential
Creates a new Credential object for an Azure Storage Account (e.g. Blob storage)
- Parameters
name – the name of the Credential to create
connection_string – the Azure account’s connection string. If None, user will be prompted via stdin.
- Returns
a new Credential object that can be saved to backend
- static from_jwt(*, name, jwt=None)[source]¶
creates new JSON Web Token Credential
Creates a new Credential object for an arbitrary JWT
- Parameters
name – the name of the Credential to create
jwt – the string/encoded JWT. If None, user will be prompted via stdin.
- Returns
a new Credential object that can be saved to backend
- static from_oauth2_client_credentials(*, name, client_id, client_secret=None, token_url=None, authorization_url=None, audience=None, scope=None)[source]¶
creates new OAuth2 Client Credentials Credential
Creates a new Credential object for an OAuth2 Application
- Parameters
name – the name of the Credential to create
client_id – the client_id of the oauth2 app
client_secret – the client secret of the oauth2 app. If None, user will be prompted via stdin.
token_url – the token url/uri to request an access token
authorization_url – the authorization url for certain auth flows
audience – (optional) the audience of the access_token
scope – (optional) custom scope to be requested with the token
- Returns
a new Credential object that can be saved to backend
- static from_basic_auth(*, name, username, password=None)[source]¶
creates new Basic Auth Credential
Creates a new Credential object for a username/password
- Parameters
name – the name of the Credential to create
username – the username
password – the password. If None, user will be prompted via stdin.
- Returns
a new Credential object that can be saved to backend