Adding scope to credentials in Connection constructors.

[dhermes]

This also obsoletes get_scoped_connection() so it is removed.

FYI @jgeewax thanks for nudging in this direction. It moves the scope adding behavior into the Connection constructors.

[coveralls]

Coverage remained the same at 100.0% when pulling 0cb6fc9 on dhermes:create-scoped-help into 286207b on GoogleCloudPlatform:master.

[tseaver]

I might be misremembering, but it feels like we've been around a complete circle here.

[dhermes]

What's the circle? I don't recall the Connection constructors adding scope, but maybe it happened? AFAIK I am the only "resident expert" when it comes to oauth2client.

[tseaver]

6ebc65e moved the scope handling from gcloud.datastore._implicit_environ.get_connection and gcloud.storage._implicit_environ.get_connection up to gcloud._helpers.get_scoped_connection
5588987 moved the function from gcloud._helpers to gcloud.connection.
Now we are pushing the scope handling back down into gcloud.datastore.connection and gcloud.storage.connection.

[dhermes]

The idea behind this commit is not just churn / moving the code.

We want people to be able to get credentials from elsewhere and pass them in to a connection without worrying about adding the scopes.

If we never expect people to construct a Connection themselves, then this PR is totally moot, but we'd still need to add credentials to the get_connection() methods to allow people a BYOC (bring your own credentials).

---

This was all brought about by @jgeewax pointing out some alternate auth / credentials flows.

[dhermes]

@tseaver Can we keep moving on this?

[jgeewax]

If I recall correctly, the difference this makes becomes apparent when you look at the case where you want to use some credentials from a specific file to talk to a service.

Old way:

from gcloud.credentials import get_for_service_account_json
from gcloud import pubsub

credentials = get_for_service_account_json('/path/to/key.json')
credentials = credentials.create_scoped(pubsub.SCOPE)  # <-- The thing I don't want to have to type...
connection = pubsub.Connection(credentials=credentials)
pubsub.set_default_connection(connection)
pubsub.Topic('topic_name').create()

(Also note that in gcloud.datastore SCOPE was inside _implicit_environ which made the code much less readable....)

New way

from gcloud.credentials import get_for_service_account_json
from gcloud import pubsub

credentials = get_for_service_account_json('/path/to/key.json')
connection = pubsub.Connection(credentials=credentials)  # Scoping happens here, where we know we need it...
pubsub.set_default_connection(connection)
pubsub.Topic('topic_name').create()

Is there a reason why you'd want to keep the "scope credentials" action separate from the "create connection" action? I can't think of a reason but maybe you guys know more about this... If there isn't then I fully support this change -- seems much more convenient to do this when creating the connection (and expecting the connection to know which scopes are necessary on the credentials you supplied).

[dhermes]

I also fully support this change FWIW

[dhermes]

@tseaver PTAL

[dhermes]

Just rebased on top of HEAD in master.

@tseaver Can we resolve the discussion and move forward here?

[coveralls]

Coverage remained the same at 100.0% when pulling 7cfc884 on dhermes:create-scoped-help into a9bc7fe on GoogleCloudPlatform:master.

[dhermes]

@tseaver Can we wrap this up?

[tseaver]

LGTM, module my comments this morning on the SCOPE docstrings.

[dhermes]

Rebased on top of master (#879 #881 in particular) and added the docstrings into the original PR. Will merge when Travis finishes.