Revert "autoninja.py: disallow external account from corp machine"

This reverts commit 0d0f28a4fc7b8493532e731d873475ad927043d8.

Reason for revert:
http://b/309720176#comment7

Original change's description:
> autoninja.py: disallow external account from corp machine
>
> This disallows Googler to use non-google account with reclient and
> siso from corp machine.
>
> Bug: b/309720176
> Change-Id: I8077eff8bbf47f579462e1fefa3609a5d492a013
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/5035266
> Reviewed-by: Philipp Wollermann <philwo@chromium.org>
> Reviewed-by: Josip Sokcevic <sokcevic@chromium.org>
> Commit-Queue: Takuto Ikuta <tikuta@chromium.org>

Bug: b/309720176
Change-Id: I62b4891b1e2e2554d088d162057982b95c8adcd7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/5065849
Reviewed-by: Philipp Wollermann <philwo@chromium.org>
Owners-Override: Takuto Ikuta <tikuta@chromium.org>
Commit-Queue: Takuto Ikuta <tikuta@chromium.org>
Auto-Submit: Takuto Ikuta <tikuta@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>

.vpython3

@@ -65,33 +65,3 @@ wheel: <
   name: "infra/python/wheels/certifi-py2_py3"
   version: "version:2021.5.30"
 >
-
-# Used by:
-#   autoninja.py
-wheel: <
-  name: "infra/python/wheels/google-auth-py3"
-  version: "version:2.16.2"
->
-wheel: <
-  name: "infra/python/wheels/cachetools-py3"
-  version: "version:4.2.2"
->
-wheel: <
-  name: "infra/python/wheels/pyasn1_modules-py2_py3"
-  version: "version:0.2.8"
->
-wheel: <
-  name: "infra/python/wheels/rsa-py3"
-  version: "version:4.7.2"
->
-wheel: <
-  name: "infra/python/wheels/pyasn1-py2_py3"
-  version: "version:0.4.8"
->
-
-# Used by:
-#   tests/autoninja_test.py
-wheel: <
-  name: "infra/python/wheels/parameterized-py2_py3"
-  version: "version:0.8.1"
->

autoninja

@@ -20,7 +20,7 @@ fi
 
 # Execute whatever is printed by autoninja.py.
 # Also print it to reassure that the right settings are being used.
-vpython3 "$(dirname -- "$0")/autoninja.py" "$@"
+python3 "$(dirname -- "$0")/autoninja.py" "$@"
 retval=$?
 
 if [ "$retval" == "0" ] && [ "$NINJA_SUMMARIZE_BUILD" == "1" ]; then

autoninja.bat

@@ -30,7 +30,7 @@ if "%NINJA_SUMMARIZE_BUILD%" == "1" set "NINJA_STATUS=[%%r processes, %%f/%%t @
 :: should be consistent between autoninja.bat and the autoninja script used by
 :: git bash.
 
-@call %scriptdir%\vpython3.bat %scriptdir%autoninja.py "%%*"
+@call %scriptdir%python-bin\python3.bat %scriptdir%autoninja.py "%%*"
 @if errorlevel 1 goto buildfailure
 
 :: Use call to invoke python script here, because we use python via python3.bat.

autoninja.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env vpython3
+#!/usr/bin/env python3
 # Copyright (c) 2017 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
@@ -14,19 +14,13 @@ does handle import statements, but it can't handle conditional setting of build
 settings.
 """
 
-import json
 import multiprocessing
 import os
 import platform
 import re
 import shlex
-import shutil
 import subprocess
 import sys
-import warnings
-
-import google.auth
-from google.auth.transport.requests import AuthorizedSession
 
 import autosiso
 import ninja
@@ -49,62 +43,6 @@ _UNSAFE_FOR_CMD = set("^<>&|()%")
 _ALL_META_CHARS = _UNSAFE_FOR_CMD.union(set('"'))
 
 
-def _adc_account():
-    """Returns account used to authenticate with GCP application default credentials."""
-
-    try:
-        # Suppress warnings from google.auth.default.
-        # https://github.com/googleapis/google-auth-library-python/issues/271
-        warnings.filterwarnings(
-            "ignore",
-            "Your application has authenticated using end user credentials from"
-            " Google Cloud SDK without a quota project.",
-        )
-        credentials, _ = google.auth.default(
-            scopes=["https://www.googleapis.com/auth/userinfo.email"])
-    except google.auth.exceptions.DefaultCredentialsError:
-        # Application Default Crendetials is not configured.
-        return None
-    finally:
-        warnings.resetwarnings()
-
-    with AuthorizedSession(credentials) as session:
-        response = session.get("https://www.googleapis.com/oauth2/v1/userinfo")
-    return response.json().get("email")
-
-
-def _gcloud_auth_account():
-    """Returns active account authenticated with `gcloud auth login`."""
-    if shutil.which("gcloud") is None:
-        return None
-
-    accounts = json.loads(
-        subprocess.check_output("gcloud auth list --format=json",
-                                shell=True,
-                                text=True))
-    for account in accounts:
-        if account["status"] == "ACTIVE":
-            return account["account"]
-    return None
-
-
-def _is_google_corp_machine():
-    """This assumes that corp machine has gcert binary in known location."""
-    return shutil.which("gcert") is not None
-
-
-def _is_google_corp_machine_using_external_account():
-    if not _is_google_corp_machine():
-        return False
-
-    account = _adc_account()
-    if account and not account.endswith("@google.com"):
-        return True
-
-    account = _gcloud_auth_account()
-    return account and not account.endswith("@google.com")
-
-
 def _quote_for_cmd(arg):
     # First, escape the arg so that CommandLineToArgvW will parse it properly.
     if arg == "" or " " in arg or '"' in arg:
@@ -271,18 +209,6 @@ def main(args):
                             use_goma = True
                             break
 
-    if use_remoteexec or use_siso:
-        if _is_google_corp_machine_using_external_account():
-            print(
-                "You can't use a non-@google.com account (%s and/or %s) on a"
-                " corp machine.\n"
-                "Please login via `gcloud auth login --update-adc` with your"
-                " @google.com account instead.\n" %
-                (_adc_account(), _gcloud_auth_account()),
-                file=sys.stderr,
-            )
-            return 1
-
     # Strip -o/--offline so ninja doesn't see them.
     input_args = [arg for arg in input_args if arg not in ("-o", "--offline")]
 

tests/autoninja_test.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env vpython3
+#!/usr/bin/env python3
 # Copyright (c) 2022 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
@@ -12,8 +12,6 @@ import unittest
 import contextlib
 from unittest import mock
 
-from parameterized import parameterized
-
 ROOT_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 sys.path.insert(0, ROOT_DIR)
 
@@ -154,29 +152,6 @@ class AutoninjaTest(trial_dir.TestCase):
         self.assertIn('-C', args)
         self.assertEqual(args[args.index('-C') + 1], out_dir)
 
-    @parameterized.expand([
-        ("non corp machine", False, None, None, False),
-        ("non corp adc account", True, "foo@chromium.org", None, True),
-        ("corp adc account", True, "foo@google.com", None, False),
-        ("non corp gcloud auth account", True, None, "foo@chromium.org", True),
-        ("corp gcloud auth account", True, None, "foo@google.com", False),
-    ])
-    def test_is_corp_machine_using_external_account(self, _, is_corp,
-                                                    adc_account,
-                                                    gcloud_auth_account,
-                                                    expected):
-        with mock.patch('autoninja._is_google_corp_machine',
-                        return_value=is_corp), mock.patch(
-                            'autoninja._adc_account',
-                            return_value=adc_account), mock.patch(
-                                'autoninja._gcloud_auth_account',
-                                return_value=gcloud_auth_account):
-            self.assertEqual(
-                bool(
-                    # pylint: disable=line-too-long
-                    autoninja._is_google_corp_machine_using_external_account()),
-                expected)
-
     def test_gn_lines(self):
         out_dir = os.path.join('out', 'dir')
         # Make sure nested import directives work. This is based on the