Credential¶
- class geodesic.account.credentials.Credential(**credential)[source]¶
Bases:
geodesic.bases._APIObject
Credentials to access secure resources such as a cloud storage bucket. Credentials have a name, type and data. Credentials can be created or deleted but not accessed again except by internal services. This is for security reasons. Credentials are stored using symmetric PGP encryption at rest.
- uid¶
(str) - the unique ID for this credential. Set automatically
Descriptor:
_StringDescr
- name¶
(str) - the name of this credential. Unique to the user and how a user will typically reference it
Descriptor:
_StringDescr
- type¶
(str) - the type of the credential. Supported types are SERVICE_ACCOUNT_KEY, AWS_KEY_PAIR, AZURE_ACCESS_KEY, JWT, OAUTH2_CLIENT_CREDENTIALS, OAUTH2_REFRESH_TOKEN, BASIC_AUTH, API_KEY, DOCKER_PULL
Descriptor:
_StringDescr
- from_docker_registry(*, username, host, email, password=None)[source]¶
creates a new Docker Pull Credential for a Docker Registry
Creates a Credential object that allows internal resources to pull a container image from a registry. Most registries support this method of pulling images and specifically this is how this is done in Kubernetes in most cases.
Details for GCP/GCR: https://cloud.google.com/container-registry/docs/advanced-authentication#json-key
- Parameters
name (str) – the name of the Credential to create
username (str) – the username (varies by registry provider, username for Dockerhub, “_json_key” for GCR, etc)
host (str) – the hostname for the registry (e.g. https://docker.io)
email (str) – the email address associated with this account
password (Optional[str]) – the password or token for this account
- Returns
a new Credential object that can be saved to the backend. User must call create to save it
- static from_gcp_service_account(*, name, key=None)[source]¶
creates new GCP Service Account Credential
Creates a new Credential object for a GCP Service Account (e.g. Google Earth Engine, BigQuery, etc)
- static from_aws_key_pair(*, name, aws_access_key_id, aws_secret_access_key=None)[source]¶
creates new AWS Key Pair Credential
Creates a new Credential object for an AWS Key Pair (such as from an IAM User)
- static from_azure_storage_account(*, name, account_name, account_key=None)[source]¶
creates new Azure Storage Account Credential
Creates a new Credential object for an Azure Storage Account (e.g. Blob storage)
- Parameters
- Returns
a new Credential object that can be saved to backend. User must call create to save it
- static from_azure_connection_string(*, name, connection_string=None)[source]¶
creates new Azure Storage Account Credential
Creates a new Credential object for an Azure Storage Account (e.g. Blob storage)
- static from_jwt(*, name, jwt=None)[source]¶
creates new JSON Web Token Credential
Creates a new Credential object for an arbitrary JWT
- static from_oauth2_client_credentials(*, name, client_id, client_secret=None, token_url=None, authorization_url=None, audience=None, scope=None)[source]¶
creates new OAuth2 Client Credentials Credential
Creates a new Credential object for an OAuth2 Application
- Parameters
name (str) – the name of the Credential to create
client_id (str) – the client_id of the oauth2 app
client_secret (Optional[str]) – the client secret of the oauth2 app. If None, user will be prompted via stdin.
token_url (Optional[str]) – the token url/uri to request an access token
authorization_url (Optional[str]) – the authorization url for certain auth flows
audience (Optional[str]) – (optional) the audience of the access_token
scope (Optional[str]) – (optional) custom scope to be requested with the token
- Returns
a new Credential object that can be saved to backend. User must call create to save it