a w=ic&@sdZzddlmZWney2ddlmZYn0ddlZddlZddlZddlm Z ddlm Z ddlm Z Gddde j Z dS) a Identity Pool Credentials. This module provides credentials to access Google Cloud resources from on-prem or non-Google Cloud platforms which support external credentials (e.g. OIDC ID tokens) retrieved from local file locations or local servers. This includes Microsoft Azure and OIDC identity providers (e.g. K8s workloads registered with Hub with Hub workload identity enabled). These credentials are recommended over the use of service account credentials in on-prem/non-Google Cloud platforms as they do not involve the management of long-live service account private keys. Identity Pool Credentials are initialized using external_account arguments which are typically loaded from an external credentials file or an external credentials URL. Unlike other Credentials that can be initialized with a list of explicit arguments, secrets or credentials, external account clients use the environment and hints/guidelines provided by the external_account JSON file to retrieve credentials and exchange them for Google access tokens. )MappingN)_helpers) exceptions)external_accountcsveZdZdZfddZeejddZ ddZ dd Z d d Z dddZ efddZefddZZS) Credentialsz9External account credentials sourced from files and URLs.cstt|j|||||d|t|ts8d|_d|_n|d|_|d|_|d|_|di}|dptd|_ d |vrt d |j d vrt d |j |j d kr|d|_ |j durt dnd|_ |jr|jrt d|js|jst ddS)aInstantiates an external account credentials object from a file/URL. Args: audience (str): The STS audience field. subject_token_type (str): The subject token type. token_url (str): The STS endpoint URL. credential_source (Mapping): The credential source dictionary used to provide instructions on how to retrieve external credential to be exchanged for Google access tokens. Example credential_source for url-sourced credential:: { "url": "http://www.example.com", "format": { "type": "json", "subject_token_field_name": "access_token", }, "headers": {"foo": "bar"}, } Example credential_source for file-sourced credential:: { "file": "/path/to/token/file.txt" } args (List): Optional positional arguments passed into the underlying :meth:`~external_account.Credentials.__init__` method. kwargs (Mapping): Optional keyword arguments passed into the underlying :meth:`~external_account.Credentials.__init__` method. Raises: google.auth.exceptions.RefreshError: If an error is encountered during access token retrieval logic. ValueError: For invalid parameters. .. note:: Typically one of the helper constructors :meth:`from_file` or :meth:`from_info` are used instead of calling the constructor directly. )audiencesubject_token_type token_urlcredential_sourceNfileurlheadersformattypetextZenvironment_idz>Invalid Identity Pool credential_source field 'environment_id')rjsonz%Invalid credential_source format '{}'rsubject_token_field_namezBMissing subject_token_field_name for JSON credential_source formatzEAmbiguous credential_source. 'file' is mutually exclusive with 'url'.z>Missing credential_source. A 'file' or 'url' must be provided.) superr__init__ isinstancer_credential_source_file_credential_source_urlget_credential_source_headers_credential_source_format_type ValueErrorr_credential_source_field_name)selfrrr r argskwargsZcredential_source_format __class__j/home/droni/.local/share/virtualenvs/DPS-5Je3_V2c/lib/python3.9/site-packages/google/auth/identity_pool.pyr5sZ0            zCredentials.__init__cCs||||j|jSN)_parse_token_data_get_token_datarrrrequestr"r"r#retrieve_subject_tokens z"Credentials.retrieve_subject_tokencCs(|jr||jS|||j|jSdSr$)r_get_file_data _get_url_datarrr'r"r"r#r&s   zCredentials._get_token_datacCs\tj|std|tj|ddd}||fWdS1sN0YdS)NzFile '{}' was not found.rutf-8)encoding) ospathexistsr RefreshErrorrioopenread)rfilenameZfile_objr"r"r#r*s zCredentials._get_file_datacCsJ||d|d}t|jdr&|jdn|j}|jdkrBtd|||fS)NGET)r methodr decoder-z.Unable to retrieve Identity Pool subject token)hasattrdatar9statusrr2)rr(r r responseZ response_bodyr"r"r#r+s  zCredentials._get_url_datarNc Csh|\}}|dkr|}n@zt|}||}Wn(ttfyTtd||Yn0|sdtd|S)Nrz@Unable to parse subject_token from JSON file '{}' using key '{}'z3Missing subject_token in the credential_source file)rloadsKeyErrorrrr2r)rZ token_contentZ format_typercontentr6tokenZ response_datar"r"r#r%s"   zCredentials._parse_token_datac stt|j|fi|S)aCreates an Identity Pool Credentials instance from parsed external account info. Args: info (Mapping[str, str]): The Identity Pool external account info in Google format. kwargs: Additional arguments to pass to the constructor. Returns: google.auth.identity_pool.Credentials: The constructed credentials. Raises: ValueError: For invalid parameters. )rr from_info)clsinforr r"r#rCszCredentials.from_infoc stt|j|fi|S)atCreates an IdentityPool Credentials instance from an external account json file. Args: filename (str): The path to the IdentityPool external account json file. kwargs: Additional arguments to pass to the constructor. Returns: google.auth.identity_pool.Credentials: The constructed credentials. )rr from_file)rDr6rr r"r#rFs zCredentials.from_file)rN)__name__ __module__ __qualname____doc__rrZcopy_docstringrrr)r&r*r+r% classmethodrCrF __classcell__r"r"r r#r2s f   r) rJcollections.abcr ImportError collectionsr3rr/Z google.authrrrrr"r"r"r#s