|
Server : LiteSpeed System : Linux server51.dnsbootclub.com 4.18.0-553.62.1.lve.el8.x86_64 #1 SMP Mon Jul 21 17:50:35 UTC 2025 x86_64 User : nandedex ( 1060) PHP Version : 8.1.33 Disable Function : NONE Directory : /opt/cppython/lib/python3.8/site-packages/google/auth/__pycache__/ |
U
����O��g�C����������������������@���s����d�Z�zddlmZ�W�n �ek
r4���ddlmZ�Y�nX�ddlZddlZddlZddlZddl Z ddl
m
Z
�ddl
m
Z
�ddl
m
Z
�dZdZd Zd
ZdZd
ZG�d
d
��d
e
j�ZdS�)a���Pluggable Credentials.
Pluggable Credentials are initialized using external_account arguments which
are typically loaded from third-party executables. Unlike other
credentials that can be initialized with a list of explicit arguments, secrets
or credentials, external account clients use the environment and hints/guidelines
provided by the external_account JSON file to retrieve credentials and exchange
them for Google access tokens.
Example credential_source for pluggable credential:
{
"executable": {
"command": "/path/to/get/credentials.sh --arg1=value1 --arg2=value2",
"timeout_millis": 5000,
"output_file": "/path/to/generated/cached/credentials"
}
}
�����)�MappingN)�_helpers)�
exceptions)�external_account����i0u��i���i���i@w�c�����������������������s����e�Zd�ZdZ��fdd�Ze�ej�dd���Z dd��Z
e
dd ���Z
e
��fd
d
��Ze
��fd
d
��Zdd��Zdd��Zdd��Zdd��Zdd��Z��fdd�Z���ZS�)�
Credentialsz6External account credentials sourced from executables.c��������������������s
��|��dd�|�_tt|��j|||||d�|���t|t�sHd|�_t� d��|�
d�|�_|�jsdt� d��|�j�
d�|�_
|�j�
d �|�_
|�j�
d
�|�_
|�j�
d
�|�_d
|�_|�j
s�t� d
��|�j
s�t|�_
n
|�j
tk�s�|�j
tkr�t�d��|�j
�r|�j
tk�s�|�j
tk�rt�d��dS�)ad��Instantiates an external account credentials object from a executables.
Args:
audience (str): The STS audience field.
subject_token_type (str): The subject token type.
token_url (str): The STS endpoint URL.
credential_source (Mapping): The credential source dictionary used to
provide instructions on how to retrieve external credential to be
exchanged for Google access tokens.
Example credential_source for pluggable credential:
{
"executable": {
"command": "/path/to/get/credentials.sh --arg1=value1 --arg2=value2",
"timeout_millis": 5000,
"output_file": "/path/to/generated/cached/credentials"
}
}
args (List): Optional positional arguments passed into the underlying :meth:`~external_account.Credentials.__init__` method.
kwargs (Mapping): Optional keyword arguments passed into the underlying :meth:`~external_account.Credentials.__init__` method.
Raises:
google.auth.exceptions.RefreshError: If an error is encountered during
access token retrieval logic.
google.auth.exceptions.InvalidValue: For invalid parameters.
google.auth.exceptions.MalformedError: For invalid parameters.
.. note:: Typically one of the helper constructors
:meth:`from_file` or
:meth:`from_info` are used instead of calling the constructor directly.
�
interactiveF)�audience�subject_token_type� token_url�credential_sourceNz?Missing credential_source. The credential_source is not a dict.�
executablez<Missing credential_source. An 'executable' must be provided.�commandZtimeout_millisZinteractive_timeout_millis�
output_file��z;Missing command field. Executable command must be provided.z*Timeout must be between 5 and 120 seconds.z>Interactive timeout must be between 30 seconds and 30 minutes.)�popr����superr����__init__�
isinstancer���Z
_credential_source_executabler����MalformedError�get�%_credential_source_executable_command�,_credential_source_executable_timeout_millis�8_credential_source_executable_interactive_timeout_millis�)_credential_source_executable_output_file�_tokeninfo_username�!EXECUTABLE_TIMEOUT_MILLIS_DEFAULT�%EXECUTABLE_TIMEOUT_MILLIS_LOWER_BOUND�%EXECUTABLE_TIMEOUT_MILLIS_UPPER_BOUND�
InvalidValue�1EXECUTABLE_INTERACTIVE_TIMEOUT_MILLIS_LOWER_BOUND�1EXECUTABLE_INTERACTIVE_TIMEOUT_MILLIS_UPPER_BOUND)�selfr ���r
���r
���r
����args�kwargs�� __class__���B/opt/cppython/lib/python3.8/site-packages/google/auth/pluggable.pyr���>���sz����*
���
�
�����������
�����zCredentials.__init__c�����������
��� ���C���s���|������|�jd�k r�z(t|�jdd��}t�|�}W�5�Q�R�X�W�n�tk
rN���Y�nVX�z
|��|�}d|krjtj�W�n2�tj tj
fk
r������Y�n�tjk
r����Y�nX�|S�t
�
��s�t�d��t
j���}|��|��d|d<�|�jr�|�jd�n|�jd�}|�jr�tjnd�}|�j�r
tjntj}|�j�r
tjntj} tj|�j�
��|||| |d�}
|
j
d k�rbt�d
�
|
j
|
j���|
j�r|t� |
j� d��nd�}|�s�|�jd�k �r�t�t|�jdd��}|��|�}|S�)
N�utf-8)�encoding�expiration_time�0Pluggable auth is only supported for python 3.7+�0�
GOOGLE_EXTERNAL_ACCOUNT_REVOKE����)�timeout�stdin�stdout�stderr�envr���z9Executable exited with non-zero return code {}. Error: {})!�_validate_running_moder����open�json�load� Exception�_parse_subject_tokenr����
RefreshErrorr���r ���r����
is_python_3�os�environ�copy�_inject_env_variablesr���r���r����sysr1���r2����
subprocess�PIPE�STDOUT�runr����split�
returncode�format�loads�decode)
r"����requestr����responseZ
subject_tokenr4���Z
exe_timeoutZ exe_stdinZ
exe_stdoutZ
exe_stderr�resultr'���r'���r(����retrieve_subject_token����sr����
��
�
�
�
��
���
�
z"Credentials.retrieve_subject_tokenc�����������������C���s����|�j�st�d��|�����t���s*t�d��tj� ��}|��
|��d|d<�t
j
|�j
���|�jd�t
jt
j|d�}|jdkr�t�d�|j|j���t�|j�d ��}|��|��d
S�)
aG��Revokes the subject token using the credential_source object.
Args:
request (google.auth.transport.Request): A callable used to make
HTTP requests.
Raises:
google.auth.exceptions.RefreshError: If the executable revocation
not properly executed.
z.Revoke is only enabled under interactive mode.r,����1r.���r/���)r0���r2���r3���r4���r���zNAuth revoke failed on executable. Exit with non-zero return code {}. Error: {}r)���N)r���r���r ���r5���r���r<���r;���r=���r>���r?���r@���rB���rE���r���rF���r���rC���rD���rG���rH���r2���r7���rI���rJ����_validate_revoke_response)r"���rK���r4���rM���rL���r'���r'���r(����revoke����s<����
��
��
���zCredentials.revokec�����������������C���s
���|�j�p
|�jS�)a1��Returns the external account identifier.
When service account impersonation is used the identifier is the service
account email.
Without service account impersonation, this returns None, unless it is
being used by the Google Cloud CLI which populates this field.
)�service_account_emailr���)r"���r'���r'���r(����external_account_id
��s����
z Credentials.external_account_idc�����������������
���s���t�t|��j|f|�S�)a'��Creates a Pluggable Credentials instance from parsed external account info.
Args:
info (Mapping[str, str]): The Pluggable external account info in Google
format.
kwargs: Additional arguments to pass to the constructor.
Returns:
google.auth.pluggable.Credentials: The constructed
credentials.
Raises:
google.auth.exceptions.InvalidValue: For invalid parameters.
google.auth.exceptions.MalformedError: For invalid parameters.
)r���r���� from_info)�cls�infor$���r%���r'���r(���rT���+��s����zCredentials.from_infoc�����������������
���s���t�t|��j|f|�S�)aj��Creates an Pluggable Credentials instance from an external account json file.
Args:
filename (str): The path to the Pluggable external account json file.
kwargs: Additional arguments to pass to the constructor.
Returns:
google.auth.pluggable.Credentials: The constructed
credentials.
)r���r���� from_file)rU����filenamer$���r%���r'���r(���rW���>��s����
zCredentials.from_filec�����������������C���s\���|�j�|d<�|�j|d<�|�j|d<�|�jr(dnd|d<�|�jd�k rD|�j|d<�|�jd�k rX|�j|d<�d�S�) NZ GOOGLE_EXTERNAL_ACCOUNT_AUDIENCEZ"GOOGLE_EXTERNAL_ACCOUNT_TOKEN_TYPEZGOOGLE_EXTERNAL_ACCOUNT_IDrO���r-���Z#GOOGLE_EXTERNAL_ACCOUNT_INTERACTIVEZ*GOOGLE_EXTERNAL_ACCOUNT_IMPERSONATED_EMAILZ#GOOGLE_EXTERNAL_ACCOUNT_OUTPUT_FILE)Z _audienceZ_subject_token_typerS���r���Z"_service_account_impersonation_urlrR���r���)r"���r4���r'���r'���r(���r@���L��s
����
��
��z!Credentials._inject_env_variablesc�����������������C���s����|���|��|d�sFd|ks"d|kr,t�d��t�d�|d�|d����d|krh|d�t���k�rht�d��d|krzt�d ��|d�d
ks�|d�d
kr�|d
�S�|d�d
kr�|d�S�t�d��d�S�)N�success�code�messagez;Error code and message fields are required in the response.zAExecutable returned unsuccessful response: code: {}, message: {}.r+���z0The token returned by the executable is expired.�
token_typez8The executable response is missing the token_type field.z$urn:ietf:params:oauth:token-type:jwtz)urn:ietf:params:oauth:token-type:id_tokenZid_tokenz&urn:ietf:params:oauth:token-type:saml2Z
saml_responsez+Executable returned unsupported token type.)�_validate_response_schemar���r���r;���rH����time�r"���rL���r'���r'���r(���r:���[��s8����
������
�
�
z Credentials._parse_subject_tokenc�����������������C���s ���|���|��|d�s
t�d��d�S�)NrY���z)Revoke failed with unsuccessful response.)r]���r���r;���r_���r'���r'���r(���rP���y��s����
z%Credentials._validate_revoke_responsec�����������������C���sH���d|krt��d��|d�tkr2t��d�|d����d|krDt��d��d�S�)N�versionz5The executable response is missing the version field.z+Executable returned unsupported version {}.rY���z5The executable response is missing the success field.)r���r���� EXECUTABLE_SUPPORTED_MAX_VERSIONr;���rH���r_���r'���r'���r(���r]���~��s
�����
���z%Credentials._validate_response_schemac�����������������C���sd���t�j�d�}|dkr
t�d��|�jr4|�js4t�d��|�jrJ|�jsJt�d��|�jr`|�j s`t�
d��d�S�)NZ)GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLESrO���zhExecutables need to be explicitly allowed (set GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES to '1') to run.zVAn output_file must be specified in the credential configuration for interactive mode.z;Interactive mode cannot run without an interactive timeout.z4Interactive mode is only enabled for workforce pool.)
r=���r>���r���r���r���r���r���r����InvalidOperationZis_workforce_poolr ���)r"���Zenv_allow_executablesr'���r'���r(���r5������s,������
����
�z"Credentials._validate_running_modec��������������������s���t�t|�����}d|d<�|S�)Nr
����source)r���r���� _create_default_metrics_options)r"���Zmetrics_optionsr%���r'���r(���rd������s����z+Credentials._create_default_metrics_options)�__name__�
__module__�
__qualname__�__doc__r���r���Zcopy_docstringr���r���rN���rQ����propertyrS����
classmethodrT���rW���r@���r:���rP���r]���r5���rd����
__classcell__r'���r'���r%���r(���r���;���s"���
h
H/
r���)rh����collections.abcr����
ImportError�
collectionsr7���r=���rB���rA���r^���Z
google.authr���r���r���ra���r
���r
���r
���r ���r!���r���r'���r'���r'���r(����<module>���s&���