o i@sddlZddlZddlmZmZmZddlmZddlm Z m Z ddl m Z ddl mZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZdZdZdddgdeedddddZGdddeZ de!dede fddZ"de ddfdd Z#Gd!d"d"eZ$dS)#N)AnyOptionalDict)PipelineResponse)ClientAuthenticationErrorHttpResponseError) HttpRequest)AccessTokenInfo) RetryPolicy)CredentialUnavailableError)EnvironmentVariables)within_credential_chain)ManagedIdentityClient)MsalManagedIdentityClientzhttp://169.254.169.254z/metadata/identity/oauth2/tokeng?<)iiiiX)connection_timeoutZretry_backoff_factorZretry_backoff_maxZretry_on_status_codesZ retry_status retry_totalcsTeZdZdZdeddffdd Zdeeefdeeefde ffd d Z Z S) ImdsRetryPolicyaRCustom retry policy for IMDS credential with extended retry duration for 410 responses. This policy ensures that specifically for 410 status codes, the total exponential backoff duration is at least 70 seconds to handle temporary IMDS endpoint unavailability. For other status codes, it uses the standard retry behavior. kwargsreturnNc sd|_tjdi|dS)Ng@)backoff_factor_for_410super__init__selfr __class__rW/home/app/Keep/.python/lib/python3.10/site-packages/azure/identity/_credentials/imds.pyr,szImdsRetryPolicy.__init__settingsresponsecs0|jjdkr |j|d<n|j|d<t||S)Nrbackoff) http_response status_coderbackoff_factorris_retry)rr"r#rrr!r(2s   zImdsRetryPolicy.is_retry) __name__ __module__ __qualname____doc__rrrstrrboolr( __classcell__rrrr!r$s2rscopeidentity_configrcCs:tjtjtdt}td|t d|dfi|dS)N/GETz 2018-02-01)z api-versionresource)params) osenvirongetr !AZURE_POD_IDENTITY_AUTHORITY_HOSTIMDS_AUTHORITYstripIMDS_TOKEN_PATHrdict)r0r1urlrrr! _get_request:s  r?excCs>|jdkr|jrd|jvrd|j}t|d|dSdSdS)aSpecial case handling for Docker Desktop. Docker Desktop proxies all HTTP traffic, and if the IMDS endpoint is unreachable, it responds with a 403 with a message that contains "unreachable". :param ~azure.core.exceptions.HttpResponseError ex: The exception raised by the request :raises ~azure.core.exceptions.CredentialUnavailableError: When the IMDS endpoint is unreachable iZ unreachablez=ManagedIdentityCredential authentication unavailable. Error: messageN)r&rBr )r@ error_messagerrr!_check_forbidden_responseBs   rDcspeZdZdeddffdd ZdddZdd Zdd d Zd edede ffd d Z ddedefddZ Z S)ImdsCredentialrrNc sV|dd|_tjddtittfi|||_tj t j vr&d|_ dSd|_ dS)N_enable_imds_probeZretry_policy_classTr) poprFrrrr=PIPELINE_SETTINGS_configr r9r6r7_endpoint_availablerrrr!rRs "   zImdsCredential.__init__cCs|j|SN)_client __enter__rrrr!rM_s zImdsCredential.__enter__cGs|jj|dSrK)rL__exit__)rargsrrr!rOcszImdsCredential.__exit__cCs |dSrK)rOrNrrr!closefs zImdsCredential.closescopesc s|jdur|jnt}|rZ|jsZzttfittfi|j}|j |dddd|_Wn+t yG}z t |d|_WYd}~nd}~wt yY}zd}t ||d}~wwz tj|i|}W|St ynt y}z%|jdkrd}|jr|d|j7}t |d |t |t|j|jd |d}~wtjjy}zt d d |d}~wt y}zd}t ||d}~ww) Nr)rrTzYManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint.izeManagedIdentityCredential authentication unavailable. No identity has been assigned to this resource.z Error: rA)rBr#z5ManagedIdentityCredential authentication unavailable.)rFrr8rJrr?r=rHrIZ request_tokenrrD Exceptionr r_request_tokenr&rBrr#jsondecoderJSONDecodeError)rrRrZdo_probeclientr@rCZ token_inforrr!rUisN        zImdsCredential._request_tokendesccCs d|S)NzZManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint. r)rr[rrr!get_unavailable_messages z&ImdsCredential.get_unavailable_message)rrE)rN)rZ) r)r*r+rrrMrOrQr-r rUr\r/rrrr!rEQs  1rE)%r6rVtypingrrrZazure.core.pipelinerZazure.core.exceptionsrrZazure.core.restrZazure.core.credentialsr Zazure.core.pipeline.policiesr rZr _constantsr _internalrZ!_internal.managed_identity_clientrZ&_internal.msal_managed_identity_clientrr:r<listrangerHrr-r?rDrErrrr!s4