MSrSSKJr SSKJr SSKJr SSKrSSKJr SSK J r SSK J r SS K Jr SS K Jr SS KJr SSKJ r SS KJr SS KJr SSKJr "SS\ R25rSrg)z>A simple auth command to bootstrap authentication with oauth2.)absolute_import)division)unicode_literalsN)service_account)base) exceptions)log) properties) console_io)store)encoding)filesc.\rSrSrSr\S5rSrSrg)ActivateServiceAccount$aAuthorize access to Google Cloud with a service account. To allow `gcloud` (and other tools in Google Cloud CLI) to use service account credentials to make requests, use this command to import these credentials from a file that contains a private authorization key, and activate them for use in `gcloud`. {command} serves the same function as `gcloud auth login` but uses a service account rather than Google user credentials. For more information on authorization and credential types, see: [](https://cloud.google.com/sdk/docs/authorizing). _Key File_ To obtain the key file for this command, use either the [Google Cloud Console](https://console.cloud.google.com) or `gcloud iam service-accounts keys create`. The key file can be .json (preferred) or .p12 (legacy) format. In the case of legacy .p12 files, a separate password might be required and is displayed in the Console when you create the key. _Credentials_ Credentials will also be activated (similar to running `gcloud config set account [ACCOUNT_NAME]`). If a project is specified using the `--project` flag, the project is set in active configuration, which is the same as running `gcloud config set project [PROJECT_NAME]`. Any previously active credentials, will be retained (though no longer default) and can be displayed by running `gcloud auth list`. If you want to delete previous credentials, see `gcloud auth revoke`. _Note:_ Service accounts use client quotas for tracking usage. ## EXAMPLES To authorize `gcloud` to access Google Cloud using an existing service account while also specifying a project, run: $ {command} SERVICE_ACCOUNT@DOMAIN.COM \ --key-file=/path/key.json --project=PROJECT_ID cURSSSS9 URSSSS9 UR5nURS S S 9 URS S SS9 g)zSet args for serviceauth.account?z&E-mail address of the service account.)nargshelpz --key-filezPath to the private key file.T)rrequired--password-filezbPath to a file containing the password for the service account private key (only for a .p12 file).)rz--prompt-for-password store_truezSPrompt for the password for the service account private key (only for a .p12 file).)actionrN) add_argumentadd_mutually_exclusive_group)parsergroups ,lib/surface/auth/activate_service_account.pyArgsActivateServiceAccount.ArgsPs  EG  =!%'  / / 1E (79 .|CEc[UR5up#U(a[R"U5nUR(dUR (a[ R"SS5eURnUR(a'URU:wa[ R"SS5eOURnU(d[ R"SS5eSnUR(a0[R"UR5R5nO'UR (a[ R""S5n[R$"X%US9n[&R("XT5 UR4nU(a9[6R8"[6R:R<R4U5 [.R>RAS RCU55 g![Ran[ R"SU5eSnAff=f![*R,a%n[.R0R3U5 eSnAff=f) z#Create service account credentials.rz8A .json service account key does not require a password.ACCOUNTz|The given account name does not match the account name in the key file. This argument can be omitted when using .json keys.z+An account is required when using .p12 keysNz Password: )passwordz0Activated service account credentials for: [{0}])" _IsJsonFilekey_fileauth_service_account CredentialsFromAdcDictGoogleAuth password_fileprompt_for_passwordc_excInvalidArgumentExceptionservice_account_emailrRequiredArgumentExceptionrReadFileContentsstripErrorUnknownArgumentExceptionr PromptPasswordCredentialsFromP12Keyc_storeActivateCredentialscreds_exceptionsTokenRefreshErrorr file_only_logger exceptionprojectr PersistPropertyVALUEScorestatusPrintformat) selfargs file_contentis_jsoncredrr%er<s rRunActivateServiceAccount.Runas( 6L ! B B d  t77,,  FH H**g $,,'1,,  IJ J  g -- DF Fh   E++D,>,>?EEG(  # #,,\: ! 7 7 (4d  !!'0 llG  !2!2!7!7!?!?IJJGfWo'%{{ E../@!D D E  - -  $$Q'  s01.G.H!.HHH!I5 IIN) __name__ __module__ __qualname____firstlineno____doc__ staticmethodr rI__static_attributes__rKr"rrr$s#)VEE -'r"rc0[R"USS9n[R"[R "U55S4$![ aHnURS5(a%[R"SRX55eSnAUS4$SnAff=f)z9Check and validate if given filename is proper json file.T)binaryz.jsonz!Could not read json file {0}: {1}NF) r ReadFromFileOrStdinjsonloadsr Decode ValueErrorendswithr(BadCredentialFileExceptionrB)filenamecontentrHs rr&r&s  * *8D A'C ::hoog. / 55 C!! ; ; - 4 4X A CC" % Cs+A B ;BB)rP __future__rrrrVgooglecloudsdk.api_lib.authrr(googlecloudsdk.callioperrr,googlecloudsdk.corer r googlecloudsdk.core.consoler googlecloudsdk.core.credentialsr8r r6googlecloudsdk.core.utilr r SilentCommandrr&rKr"rrfsO E&' O(7#*2J<-*j'T//j'Z r"