o i@sddlZddlZddlmZddlmZddlmZddlm Z ddl m Z m Z ddl mZGd d d eZd ed ed edefddZde defddZdefddZdeddfddZGddde ZdS)N)Dict)ClientAuthenticationError) HttpRequest) HTTPPolicy)PipelineRequestPipelineResponse)MsalManagedIdentityClientc@s eZdZddedefddZdS)AzureArcCredentialdescreturncCs d|S)NzCAzure Arc managed identity configuration not found in environment. )selfr rr\/home/app/Keep/.python/lib/python3.10/site-packages/azure/identity/_credentials/azure_arc.pyget_unavailable_messages z*AzureArcCredential.get_unavailable_messageN)r )__name__ __module__ __qualname__strrrrrrr sr urlscopeidentity_configr cCs.|rtddtd|td|dfi|dS)NaUser assigned managed identities are not supported by Azure Arc. To authenticate with the system assigned identity omit the client id when constructing the credential, and if authenticating with DefaultAzureCredential ensure the AZURE_CLIENT_ID environment variable is not set.messageGETz 2020-06-01)z api-versionresource)params)rrdict)rrrrrr _get_requests  rresponsec Cs|jjd}|stddz |dd}Wnty,}z td|d|d}~wwzt|WntyH}z td|d|d}~wwt |dd d $}z | WWdSt ys}z td ||d|d}~ww1swwYdS) NzWWW-Authenticatez4Did not receive a value from WWW-Authenticate headerr=z@Did not receive a correct value from WWW-Authenticate header: {}z The key file path is invalid: {}rzutf-8)encodingz#Could not read file {} contents: {}) http_responseheadersgetrsplit IndexErrorformat_validate_key_file ValueErroropenread Exception)r headerkey_fileexfileerrorrrr_get_secret_key!s@   r5cCsVtjdrdStjdr#tjd}|stdtj|ddStdtj) zReturns the expected path for the Azure Arc MSI key file based on the current platform. Only Linux and Windows are supported. :return: The expected path. :rtype: str :raises ValueError: If the current platform is not supported. linuxz/var/opt/azcmagent/tokenswinZ PROGRAMDATAz8PROGRAMDATA environment variable is not set or is empty.ZAzureConnectedMachineAgentZTokensz0Azure Arc MSI is not supported on this platform ) sysplatform startswithosenvironr'r,pathjoin)Zprogram_data_pathrrr_get_key_file_path>s   r? file_pathcCsx|stdtj|std|t}tj||ks%td||ds.tdtj|dkr:tddS) aaValidates that a given Azure Arc MSI file path is valid for use. A valid file will: 1. Be in the expected path for the current platform. 2. Have a `.key` extension. 3. Be at most 4096 bytes in size. :param str file_path: The path to the key file. :raises ClientAuthenticationError: If the file path is invalid. z The file path must not be empty.zThe file path does not exist: z)Unexpected file path from HIMDS service: z.keyz+The file path must have a '.key' extension.iz7The file size must be less than or equal to 4096 bytes.N)r,r;r=existsr?dirnameendswithgetsize)r@Zexpected_directoryrrrr+Qs   r+c@s"eZdZdZdedefddZdS)ArcChallengeAuthPolicyz8Policy for handling Azure Arc's challenge authenticationrequestr cCsNd|jjd<|j|}|jjdkr%t|}d||jjd<|j|}|S)NtrueZMetadataizBasic {} Authorization) http_requestr&nextsendr% status_coder5r*)rrFr Z secret_keyrrrrKps    zArcChallengeAuthPolicy.sendN)rrr__doc__rrrKrrrrrEmsrE)r;r8typingrZazure.core.exceptionsrZazure.core.restrZazure.core.pipeline.policiesrZazure.core.pipelinerrZ&_internal.msal_managed_identity_clientr r rrr5r?r+rErrrrs