googleapis · arithmetic1728 · Jul 9, 2024 · Jul 9, 2024 · Jul 9, 2024
@@ -241,6 +241,8 @@ def _get_gcloud_sdk_credentials(quota_project_id=None):
     if not project_id:
         project_id = _cloud_sdk.get_project_id()
 
+    credentials._cred_file_path = credentials_filename
+
     return credentials, project_id
 
 
@@ -270,6 +272,7 @@ def _get_explicit_environ_credentials(quota_project_id=None):
         credentials, project_id = load_credentials_from_file(
             os.environ[environment_vars.CREDENTIALS], quota_project_id=quota_project_id
         )
+        credentials._cred_file_path = explicit_file
 
         return credentials, project_id
 

@@ -157,6 +157,10 @@ def universe_domain(self):
         self._universe_domain_cached = True
         return self._universe_domain
 
+    @_helpers.copy_docstring(credentials.Credentials)
+    def _get_cred_info(self):
+        return f"This API call is authenticated as {self.service_account_email} from the metadata server."
+
     @_helpers.copy_docstring(credentials.CredentialsWithQuotaProject)
     def with_quota_project(self, quota_project_id):
         creds = self.__class__(

@@ -62,6 +62,9 @@ def __init__(self):
         self._universe_domain = DEFAULT_UNIVERSE_DOMAIN
         """Optional[str]: The universe domain value, default is googleapis.com
         """
+        self._cred_file_path = None
+        """Optional[str]: The credential file path.
+        """
 
         self._use_non_blocking_refresh = False
         self._refresh_worker = RefreshThreadManager()
@@ -128,6 +131,10 @@ def universe_domain(self):
         """The universe domain value."""
         return self._universe_domain
 
+    def _get_cred_info(self):
+        """The credential information string."""
+        return None
+
     @abc.abstractmethod
     def refresh(self, request):
         """Refreshes the access token.

@@ -321,11 +321,20 @@ def token_info_url(self):
 
         return self._token_info_url
 
+    @_helpers.copy_docstring(credentials.Credentials)
+    def _get_red_info(self):
+        if self._cred_file_path and self.service_account_email:
+            return f"This API call is authenticated as {self.service_account_email} from {self._cred_file_path} via the GOOGLE_APPLICATION_CREDENTIALS environment variable."
+        elif self._cred_file_path:
+            return f"This API call is authenticated from {self._cred_file_path} via the GOOGLE_APPLICATION_CREDENTIALS environment variable."
+        return None
+
     @_helpers.copy_docstring(credentials.Scoped)
     def with_scopes(self, scopes, default_scopes=None):
         kwargs = self._constructor_args()
         kwargs.update(scopes=scopes, default_scopes=default_scopes)
         scoped = self.__class__(**kwargs)
+        scoped._cred_file_path = self._cred_file_path
         scoped._metrics_options = self._metrics_options
         return scoped
 
@@ -448,6 +457,7 @@ def with_quota_project(self, quota_project_id):
         kwargs = self._constructor_args()
         kwargs.update(quota_project_id=quota_project_id)
         new_cred = self.__class__(**kwargs)
+        new_cred._cred_file_path = self._cred_file_path
         new_cred._metrics_options = self._metrics_options
         return new_cred
 
@@ -456,6 +466,7 @@ def with_token_uri(self, token_uri):
         kwargs = self._constructor_args()
         kwargs.update(token_url=token_uri)
         new_cred = self.__class__(**kwargs)
+        new_cred._cred_file_path = self._cred_file_path
         new_cred._metrics_options = self._metrics_options
         return new_cred
 
@@ -464,6 +475,7 @@ def with_universe_domain(self, universe_domain):
         kwargs = self._constructor_args()
         kwargs.update(universe_domain=universe_domain)
         new_cred = self.__class__(**kwargs)
+        new_cred._cred_file_path = self._cred_file_path
         new_cred._metrics_options = self._metrics_options
         return new_cred
 
@@ -593,7 +605,7 @@ def from_info(cls, info, **kwargs):
             universe_domain=info.get(
                 "universe_domain", credentials.DEFAULT_UNIVERSE_DOMAIN
             ),
-            **kwargs
+            **kwargs,
         )
 
     @classmethod

@@ -316,9 +316,15 @@ def signer(self):
     def requires_scopes(self):
         return not self._target_scopes
 
+    @_helpers.copy_docstring(credentials.Credentials)
+    def _get_cred_info(self):
+        if self._cred_file_path:
+            return f"This API call is authenticated as {self._target_principal}, using the {self._cred_file_path} file via the GOOGLE_APPLICATION_CREDENTIALS environment variable."
+        return None
+
     @_helpers.copy_docstring(credentials.CredentialsWithQuotaProject)
     def with_quota_project(self, quota_project_id):
-        return self.__class__(
+        cred = self.__class__(
             self._source_credentials,
             target_principal=self._target_principal,
             target_scopes=self._target_scopes,
@@ -327,10 +333,12 @@ def with_quota_project(self, quota_project_id):
             quota_project_id=quota_project_id,
             iam_endpoint_override=self._iam_endpoint_override,
         )
+        cred._cred_file_path = self._cred_file_path
+        return cred
 
     @_helpers.copy_docstring(credentials.Scoped)
     def with_scopes(self, scopes, default_scopes=None):
-        return self.__class__(
+        cred = self.__class__(
             self._source_credentials,
             target_principal=self._target_principal,
             target_scopes=scopes or default_scopes,
@@ -339,6 +347,8 @@ def with_scopes(self, scopes, default_scopes=None):
             quota_project_id=self._quota_project_id,
             iam_endpoint_override=self._iam_endpoint_override,
         )
+        cred._cred_file_path = self._cred_file_path
+        return cred
 
 
 class IDTokenCredentials(credentials.CredentialsWithQuotaProject):

@@ -189,6 +189,7 @@ def __setstate__(self, d):
         self._universe_domain = (
             d.get("_universe_domain") or credentials.DEFAULT_UNIVERSE_DOMAIN
         )
+        self._cred_file_path = d.get("_cred_file_path")
         # The refresh_handler setter should be used to repopulate this.
         self._refresh_handler = None
         self._refresh_worker = None
@@ -278,10 +279,8 @@ def account(self):
         """str: The user account associated with the credential. If the account is unknown an empty string is returned."""
         return self._account
 
-    @_helpers.copy_docstring(credentials.CredentialsWithQuotaProject)
-    def with_quota_project(self, quota_project_id):
-
-        return self.__class__(
+    def _make_copy(self):
+        cred = self.__class__(
             self.token,
             refresh_token=self.refresh_token,
             id_token=self.id_token,
@@ -291,34 +290,33 @@ def with_quota_project(self, quota_project_id):
             scopes=self.scopes,
             default_scopes=self.default_scopes,
             granted_scopes=self.granted_scopes,
-            quota_project_id=quota_project_id,
+            quota_project_id=self.quota_project_id,
             rapt_token=self.rapt_token,
             enable_reauth_refresh=self._enable_reauth_refresh,
             trust_boundary=self._trust_boundary,
             universe_domain=self._universe_domain,
             account=self._account,
         )
+        cred._cred_file_path = self._cred_file_path
+        return cred
+
+    @_helpers.copy_docstring(credentials.Credentials)
+    def _get_cred_info(self):
+        if self._cred_file_path:
+            return f"This API call is authenticated from {self._cred_file_path}."
+        return None
+
+    @_helpers.copy_docstring(credentials.CredentialsWithQuotaProject)
+    def with_quota_project(self, quota_project_id):
+        cred = self._make_copy()
+        cred._quota_project_id = quota_project_id
+        return cred
 
     @_helpers.copy_docstring(credentials.CredentialsWithTokenUri)
     def with_token_uri(self, token_uri):
-
-        return self.__class__(
-            self.token,
-            refresh_token=self.refresh_token,
-            id_token=self.id_token,
-            token_uri=token_uri,
-            client_id=self.client_id,
-            client_secret=self.client_secret,
-            scopes=self.scopes,
-            default_scopes=self.default_scopes,
-            granted_scopes=self.granted_scopes,
-            quota_project_id=self.quota_project_id,
-            rapt_token=self.rapt_token,
-            enable_reauth_refresh=self._enable_reauth_refresh,
-            trust_boundary=self._trust_boundary,
-            universe_domain=self._universe_domain,
-            account=self._account,
-        )
+        cred = self._make_copy()
+        cred._token_uri = token_uri
+        return cred
 
     def with_account(self, account):
         """Returns a copy of these credentials with a modified account.
@@ -329,45 +327,15 @@ def with_account(self, account):
         Returns:
             google.oauth2.credentials.Credentials: A new credentials instance.
         """
-
-        return self.__class__(
-            self.token,
-            refresh_token=self.refresh_token,
-            id_token=self.id_token,
-            token_uri=self._token_uri,
-            client_id=self.client_id,
-            client_secret=self.client_secret,
-            scopes=self.scopes,
-            default_scopes=self.default_scopes,
-            granted_scopes=self.granted_scopes,
-            quota_project_id=self.quota_project_id,
-            rapt_token=self.rapt_token,
-            enable_reauth_refresh=self._enable_reauth_refresh,
-            trust_boundary=self._trust_boundary,
-            universe_domain=self._universe_domain,
-            account=account,
-        )
+        cred = self._make_copy()
+        cred._account = account
+        return cred
 
     @_helpers.copy_docstring(credentials.CredentialsWithUniverseDomain)
     def with_universe_domain(self, universe_domain):
-
-        return self.__class__(
-            self.token,
-            refresh_token=self.refresh_token,
-            id_token=self.id_token,
-            token_uri=self._token_uri,
-            client_id=self.client_id,
-            client_secret=self.client_secret,
-            scopes=self.scopes,
-            default_scopes=self.default_scopes,
-            granted_scopes=self.granted_scopes,
-            quota_project_id=self.quota_project_id,
-            rapt_token=self.rapt_token,
-            enable_reauth_refresh=self._enable_reauth_refresh,
-            trust_boundary=self._trust_boundary,
-            universe_domain=universe_domain,
-            account=self._account,
-        )
+        cred = self._make_copy()
+        cred._universe_domain = universe_domain
+        return cred
 
     def _metric_header_for_usage(self):
         return metrics.CRED_TYPE_USER

@@ -220,7 +220,7 @@ def _from_signer_and_info(cls, signer, info, **kwargs):
                 "universe_domain", credentials.DEFAULT_UNIVERSE_DOMAIN
             ),
             trust_boundary=info.get("trust_boundary"),
-            **kwargs
+            **kwargs,
         )
 
     @classmethod
@@ -294,6 +294,7 @@ def _make_copy(self):
             always_use_jwt_access=self._always_use_jwt_access,
             universe_domain=self._universe_domain,
         )
+        cred._cred_file_path = self._cred_file_path
         return cred
 
     @_helpers.copy_docstring(credentials.Scoped)
@@ -503,6 +504,14 @@ def signer(self):
     def signer_email(self):
         return self._service_account_email
 
+    @_helpers.copy_docstring(credentials.Credentials)
+    def _get_cred_info(self):
+        if self._cred_file_path and self.service_account_email:
+            return f"This API call is authenticated as {self.service_account_email} from {self._cred_file_path} via the GOOGLE_APPLICATION_CREDENTIALS environment variable."
+        if self._cred_file_path:
+            return f"This API call is authenticated from {self._cred_file_path} via the GOOGLE_APPLICATION_CREDENTIALS environment variable."
+        return None
+
 
 class IDTokenCredentials(
     credentials.Signing,