lucky/GeminiKeyManagement
1
0
Fork 0
mirror of https://github.com/not-lucky/GeminiKeyManagement.git synced 2025-12-06 08:44:01 +05:30
Code Issues Packages Projects Releases Wiki Activity

better format; using ruff now

Browse Source
This commit is contained in:
not-lucky
2025-08-25 14:10:22 +05:30
parent 5311c68c58
commit 23299b7bb2
7 changed files with 346 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

170
gemini_key_manager/actions.py
View File

@@ -6,9 +6,9 @@ This module handles:
- Thread-safe database interactions
- Interactive Terms of Service acceptance workflows
"""
import logging
import threading
import time
import concurrent.futures
from datetime import datetime, timezone
from google.api_core import exceptions as google_exceptions
@@ -16,9 +16,10 @@ from google.cloud import resourcemanager_v3, api_keys_v2
from . import config, gcp_api, database, utils
from .exceptions import TermsOfServiceNotAcceptedError
class TempKey:
"""Mock key object compatible with database operations.
Provides a temporary representation of an API key for database insertion
when direct API key string retrieval is not possible.
@@ -31,6 +32,7 @@ class TempKey:
update_time (datetime): Last update timestamp
restrictions (api_keys_v2.Restrictions): Key usage restrictions
"""
def __init__(self, cloud_key, key_string):
self.key_string = key_string
self.uid = cloud_key.uid
@@ -40,9 +42,10 @@ class TempKey:
self.update_time = cloud_key.update_time
self.restrictions = cloud_key.restrictions
class TosAcceptanceHelper:
"""Manages Terms of Service acceptance workflow with thread synchronization.
Coordinates interactive ToS acceptance across multiple threads to prevent
duplicate prompts and ensure proper sequencing.
@@ -51,14 +54,16 @@ class TosAcceptanceHelper:
prompted_event (threading.Event): Signals ToS acceptance completion
prompt_in_progress (bool): Indicates active prompt display status
"""
def __init__(self):
self.lock = threading.Lock()
self.prompted_event = threading.Event()
self.prompt_in_progress = False
def _enable_api_with_interactive_retry(project_id, creds, dry_run, tos_helper):
"""Attempts to enable API with retry logic for ToS acceptance.
Args:
project_id (str): Target GCP project ID
creds (Credentials: Authenticated Google credentials
@@ -67,7 +72,7 @@ def _enable_api_with_interactive_retry(project_id, creds, dry_run, tos_helper):
Returns:
bool: True if API enabled successfully
Raises:
GoogleAPICallError: For non-ToS related API failures
"""
@@ -89,16 +94,17 @@ def _enable_api_with_interactive_retry(project_id, creds, dry_run, tos_helper):
logging.error(f"API enablement error for {project_id}: {e}", exc_info=True)
return False
def reconcile_project_keys(project, creds, dry_run, db_lock, account_entry):
"""Reconciles cloud and local database API key states.
Args:
project (Project): GCP Project resource
creds (Credentials): Authenticated credentials
dry_run (bool): Simulation mode flag
db_lock (threading.Lock): Database access lock
account_entry (dict): Account data structure
Returns:
bool: True if Gemini key exists, False otherwise
"""
@@ -109,30 +115,43 @@ def reconcile_project_keys(project, creds, dry_run, db_lock, account_entry):
try:
api_keys_client = api_keys_v2.ApiKeysClient(credentials=creds)
parent = f"projects/{project_id}/locations/global"
cloud_keys_list = list(api_keys_client.list_keys(parent=parent))
for key in cloud_keys_list:
if key.display_name in [config.GEMINI_API_KEY_DISPLAY_NAME, config.GENERATIVE_LANGUAGE_API_KEY_DISPLAY_NAME]:
if key.display_name in [
config.GEMINI_API_KEY_DISPLAY_NAME,
config.GENERATIVE_LANGUAGE_API_KEY_DISPLAY_NAME,
]:
gemini_key_exists = True
cloud_keys = {key.uid: key for key in cloud_keys_list}
project_entry = next((p for p in account_entry["projects"] if p.get("project_info", {}).get("project_id") == project_id), None)
project_entry = next(
(
p
for p in account_entry["projects"]
if p.get("project_info", {}).get("project_id") == project_id
),
None,
)
if not project_entry:
project_entry = {
"project_info": {
"project_id": project.project_id,
"project_name": project.display_name,
"project_number": project.name.split('/')[-1],
"state": str(project.state)
"project_number": project.name.split("/")[-1],
"state": str(project.state),
},
"api_keys": []
"api_keys": [],
}
with db_lock:
account_entry["projects"].append(project_entry)
local_keys = {key['key_details']['key_id']: key for key in project_entry.get('api_keys', [])}
local_keys = {
key["key_details"]["key_id"]: key
for key in project_entry.get("api_keys", [])
}
cloud_uids = set(cloud_keys.keys())
local_uids = set(local_keys.keys())
@@ -150,9 +169,11 @@ def reconcile_project_keys(project, creds, dry_run, db_lock, account_entry):
if dry_run:
logging.info(f"[DRY RUN] Would fetch key string for {uid}")
continue
try:
key_string_response = api_keys_client.get_key_string(name=key_object.name)
key_string_response = api_keys_client.get_key_string(
name=key_object.name
)
hydrated_key = TempKey(key_object, key_string_response.key_string)
with db_lock:
database.add_key_to_database(account_entry, project, hydrated_key)
@@ -166,11 +187,13 @@ def reconcile_project_keys(project, creds, dry_run, db_lock, account_entry):
if dry_run:
logging.info(f"[DRY RUN] Would deactivate {uid}")
continue
with db_lock:
local_keys[uid]['state'] = 'INACTIVE'
local_keys[uid]['key_details']['last_updated_timestamp_utc'] = datetime.now(timezone.utc).isoformat()
local_keys[uid]["state"] = "INACTIVE"
local_keys[uid]["key_details"]["last_updated_timestamp_utc"] = (
datetime.now(timezone.utc).isoformat()
)
return gemini_key_exists
except google_exceptions.PermissionDenied:
@@ -180,9 +203,12 @@ def reconcile_project_keys(project, creds, dry_run, db_lock, account_entry):
logging.error(f"API error during reconciliation: {err}")
return False
def _create_and_process_new_project(project_number, creds, dry_run, db_lock, account_entry, tos_helper):
def _create_and_process_new_project(
project_number, creds, dry_run, db_lock, account_entry, tos_helper
):
"""Creates and initializes new GCP project with API key.
Args:
project_number (str): Sequential project identifier
creds (Credentials): Authenticated credentials
@@ -194,7 +220,7 @@ def _create_and_process_new_project(project_number, creds, dry_run, db_lock, acc
random_string = utils.generate_random_string()
project_id = f"project{project_number}-{random_string}"
display_name = f"Project{project_number}"
logging.info(f"Creating project: {display_name} ({project_id})")
if dry_run:
@@ -203,7 +229,9 @@ def _create_and_process_new_project(project_number, creds, dry_run, db_lock, acc
try:
resource_manager = resourcemanager_v3.ProjectsClient(credentials=creds)
project_to_create = resourcemanager_v3.Project(project_id=project_id, display_name=display_name)
project_to_create = resourcemanager_v3.Project(
project_id=project_id, display_name=display_name
)
operation = resource_manager.create_project(project=project_to_create)
logging.info(f"Awaiting project creation: {display_name}")
created_project = operation.result()
@@ -214,16 +242,21 @@ def _create_and_process_new_project(project_number, creds, dry_run, db_lock, acc
key_object = gcp_api.create_api_key(project_id, creds, dry_run=dry_run)
if key_object:
with db_lock:
database.add_key_to_database(account_entry, created_project, key_object)
database.add_key_to_database(
account_entry, created_project, key_object
)
else:
logging.error(f"API enablement failed for {display_name}")
except Exception as e:
logging.error(f"Project creation failed: {e}", exc_info=True)
def process_project_for_action(project, creds, action, dry_run, db_lock, account_entry, tos_helper):
def process_project_for_action(
project, creds, action, dry_run, db_lock, account_entry, tos_helper
):
"""Executes specified action on a single GCP project.
Args:
project (Project): Target GCP project
creds (Credentials): Authenticated credentials
@@ -236,8 +269,10 @@ def process_project_for_action(project, creds, action, dry_run, db_lock, account
project_id = project.project_id
logging.info(f"Processing {project_id} ({project.display_name})")
if action == 'create':
gemini_key_exists = reconcile_project_keys(project, creds, dry_run, db_lock, account_entry)
if action == "create":
gemini_key_exists = reconcile_project_keys(
project, creds, dry_run, db_lock, account_entry
)
if gemini_key_exists:
logging.info(f"Existing Gemini key in {project_id}")
return
@@ -247,17 +282,22 @@ def process_project_for_action(project, creds, action, dry_run, db_lock, account
if key_object:
with db_lock:
database.add_key_to_database(account_entry, project, key_object)
elif action == 'delete':
elif action == "delete":
deleted_keys_uids = gcp_api.delete_api_keys(project_id, creds, dry_run=dry_run)
if deleted_keys_uids:
with db_lock:
database.remove_keys_from_database(account_entry, project_id, deleted_keys_uids)
database.remove_keys_from_database(
account_entry, project_id, deleted_keys_uids
)
logging.info(f"Completed processing {project_id}")
def process_account(email, creds, action, api_keys_data, schema, dry_run=False, max_workers=5):
def process_account(
email, creds, action, api_keys_data, schema, dry_run=False, max_workers=5
):
"""Orchestrates account-level key management operations.
Args:
email (str): Service account email
creds (Credentials): Authenticated credentials
@@ -275,31 +315,40 @@ def process_account(email, creds, action, api_keys_data, schema, dry_run=False,
logging.warning(f"Invalid credentials for {email}")
return
account_entry = next((acc for acc in api_keys_data["accounts"] if acc.get("account_details", {}).get("email") == email), None)
account_entry = next(
(
acc
for acc in api_keys_data["accounts"]
if acc.get("account_details", {}).get("email") == email
),
None,
)
if not account_entry:
account_entry = {
"account_details": {
"email": email,
"authentication_details": {
"token_file": f"{config.CREDENTIALS_DIR}/{email}.json",
"scopes": config.SCOPES
}
"scopes": config.SCOPES,
},
},
"projects": []
"projects": [],
}
api_keys_data["accounts"].append(account_entry)
try:
resource_manager = resourcemanager_v3.ProjectsClient(credentials=creds)
existing_projects = list(resource_manager.search_projects())
if not existing_projects and action == 'create':
if not existing_projects and action == "create":
logging.warning(f"No projects found for {email}")
logging.warning("Possible reasons: No projects or unaccepted ToS")
logging.warning(f"Verify ToS: https://console.cloud.google.com/iam-admin/settings?user={email}")
logging.warning(
f"Verify ToS: https://console.cloud.google.com/iam-admin/settings?user={email}"
)
projects_to_create_count = 0
if action == 'create':
if action == "create":
if len(existing_projects) < 12:
projects_to_create_count = 12 - len(existing_projects)
@@ -309,13 +358,34 @@ def process_account(email, creds, action, api_keys_data, schema, dry_run=False,
with concurrent.futures.ThreadPoolExecutor(max_workers=max_workers) as executor:
futures = []
for project in existing_projects:
futures.append(executor.submit(process_project_for_action, project, creds, action, dry_run, db_lock, account_entry, tos_helper))
futures.append(
executor.submit(
process_project_for_action,
project,
creds,
action,
dry_run,
db_lock,
account_entry,
tos_helper,
)
)
if action == 'create' and projects_to_create_count > 0:
if action == "create" and projects_to_create_count > 0:
for i in range(len(existing_projects), 12):
project_number = str(i + 1).zfill(2)
futures.append(executor.submit(_create_and_process_new_project, project_number, creds, dry_run, db_lock, account_entry, tos_helper))
futures.append(
executor.submit(
_create_and_process_new_project,
project_number,
creds,
dry_run,
db_lock,
account_entry,
tos_helper,
)
)
for future in concurrent.futures.as_completed(futures):
try:
future.result()