Add from_impersonated_account_info method to ImperstonatedCredentials

Author: nolanleastin

google/auth/impersonated_credentials.py

@@ -410,6 +410,92 @@ def with_scopes(self, scopes, default_scopes=None):
         cred._target_scopes = scopes or default_scopes
         return cred
 
+    @classmethod
+    def _source_credentials_from_impersonated_account_info(cls, info):
+        """Creates a Credentials instance from parsed authorized user info.
+
+        Args:
+            info (Mapping[str, str]): The authorized user info in Google
+                format.
+
+        Returns:
+            google.oauth2.credentials.Credentials: The constructed
+                credentials.
+
+        Raises:
+            InvalidType: If the source_credentials are not a support impersonation type
+            ValueError: If the info is not in the expected format.
+        """
+        _AUTHORIZED_USER_TYPE = "authorized_user"
+        _SERVICE_ACCOUNT_TYPE = "service_account"
+        _EXTERNAL_ACCOUNT_AUTHORIZED_USER_TYPE = "external_account_authorized_user"
+
+        source_credentials_info = info.get("source_credentials")
+        source_credentials_type = source_credentials_info.get("type")
+        if source_credentials_type == _AUTHORIZED_USER_TYPE:
+            from google.oauth2 import credentials
+            source_credentials, _ = credentials.Credentials.from_authorized_user_info(
+                info
+            )
+        elif source_credentials_type == _SERVICE_ACCOUNT_TYPE:
+            from google.oauth2 import service_account
+            source_credentials, _ = service_account.Credentials.from_service_account_info(
+                source_credentials_info
+            )
+        elif source_credentials_type == _EXTERNAL_ACCOUNT_AUTHORIZED_USER_TYPE:
+            from google.auth import external_account_authorized_user
+            source_credentials = external_account_authorized_user.Credentials.from_info(
+                source_credentials_info
+            )
+        else:
+            raise exceptions.InvalidType(
+                "source credential of type {} is not supported.".format(
+                    source_credentials_type
+                )
+            )
+
+        return source_credentials
+
+    @classmethod
+    def from_impersonated_account_info(cls, info, scopes=None):
+        """Creates a Credentials instance from parsed authorized user info.
+
+        Args:
+            info (Mapping[str, str]): The authorized user info in Google
+                format.
+            scopes (Sequence[str]): Optional list of scopes to include in the
+                credentials.
+
+        Returns:
+            google.oauth2.credentials.Credentials: The constructed
+                credentials.
+
+        Raises:
+            InvalidType: If the source_credentials are not a support impersonation type
+            ValueError: If the info is not in the expected format.
+        """
+        source_credentials = cls._source_credentials_from_impersonated_account_info(info)
+
+        impersonation_url = info.get("service_account_impersonation_url")
+        start_index = impersonation_url.rfind("/")
+        end_index = impersonation_url.find(":generateAccessToken")
+        if start_index == -1 or end_index == -1 or start_index > end_index:
+            raise exceptions.InvalidValue(
+                "Cannot extract target principal from {}".format(impersonation_url)
+            )
+        target_principal = impersonation_url[start_index + 1 : end_index]
+
+        delegates = info.get("delegates")
+        quota_project_id = info.get("quota_project_id")
+
+        return cls(
+            source_credentials,
+            target_principal,
+            scopes,
+            delegates,
+            quota_project_id=quota_project_id
+        )
+
 
 class IDTokenCredentials(credentials.CredentialsWithQuotaProject):
     """Open ID Connect ID Token-based service account credentials.