o iR' @sddlZddlZddlZddlZddlmZddlmZmZddl m Z m Z ddl m Z ddlmZddlmZmZed d d Zed d d ZeeZeeed ZeeedZeeedZdedefddZdefddZdeddfddZdeddfddZ deddfddZ! d0ddd ede ed!e e edefd"d#Z"d$e#d%e#d&e#de#fd'd(Z$de e%fd)d*Z&de'fd+d,Z(d-edefd.d/Z)dS)1N) ContextVar) ascii_lettersdigits)ListOptional)urlparse)ClientAuthenticationError)EnvironmentVariablesKnownAuthoritieswithin_credential_chainF)default within_dacz-.z_-.:/z_-. authorityreturncCs>t|}|jsd|dS|jdkrtd||dS)zEnsure authority uses https, strip trailing spaces and /. :param str authority: authority to normalize :return: normalized authority :rtype: str :raises: ValueError if authority is not a valid https URL zhttps://z /httpszL'{}' is an invalid authority. The value must be a TLS protected (https) URL.)rschemerstrip ValueErrorformat)rparsedrU/home/app/Keep/.python/lib/python3.10/site-packages/azure/identity/_internal/utils.pynormalize_authoritys   rcCstjtjtj}t|SN)osenvirongetr ZAZURE_AUTHORITY_HOSTr ZAZURE_PUBLIC_CLOUDr)rrrrget_default_authority0srscopecC"|r tdd|DrtddS)zRaise ValueError if scope is empty or contains a character invalid for a scope :param str scope: scope to validate :raises: ValueError if scope is empty or contains a character invalid for a scope. cs|]}|tvVqdSr)VALID_SCOPE_CHARACTERS.0crrr ;z!validate_scope..zeAn invalid scope was provided. Only alphanumeric characters, '.', '-', '_', ':', and '/' are allowed.Nanyr)rrrrvalidate_scope5 r* tenant_idcCr )zRaise ValueError if tenant_id is empty or contains a character invalid for a tenant ID. :param str tenant_id: tenant ID to validate :raises: ValueError if tenant_id is empty or contains a character invalid for a tenant ID. csr!r)VALID_TENANT_ID_CHARACTERSr#rrrr&Gr'z%validate_tenant_id..zInvalid tenant ID provided. You can locate your tenant ID by following the instructions here: https://learn.microsoft.com/partner-center/find-ids-and-domain-namesNr()r,rrrvalidate_tenant_idAr+r. subscriptioncCs*|r tdd|Drtd|ddS)a Raise ValueError if subscription is empty or contains a character invalid for a subscription name/ID. :param str subscription: subscription ID to validate :raises: ValueError if subscription is empty or contains a character invalid for a subscription ID. csr!r)VALID_SUBSCRIPTION_CHARACTERSr#rrrr&Tr'z(validate_subscription..zSubscription 'z' contains invalid characters. If this is the name of a subscription, use its ID instead. You can locate your subscription by following the instructions listed here: https://learn.microsoft.com/azure/azure-portal/get-subscription-tenant-idNr()r/rrrvalidate_subscriptionNs  r1)additionally_allowed_tenantsdefault_tenantr2cKs|dus||kr |S|dkstjtjrtd|||S|s"|S|dur(g}d|vs0||vr9td|||S|sA|dkrA|Std|d) aReturns the correct tenant for a token request given a credential's configuration. :param str default_tenant: The tenant ID configured on the credential. :param str tenant_id: The tenant ID requested by the user. :keyword list[str] additionally_allowed_tenants: The list of additionally allowed tenants. :return: The tenant ID to use for the token request. :rtype: str :raises: ~azure.core.exceptions.ClientAuthenticationError NZadfszA token was request for a different tenant than was configured on the credential, but the configured value was used since multi tenant authentication has been disabled. Configured tenant ID: %s, Requested tenant ID %s*zA token was requested for a different tenant than was configured on the credential, and the requested tenant ID was used to authenticate. Configured tenant ID: %s, Requested tenant ID %sZ organizationsaThe current credential is not configured to acquire tokens for tenant {}. To enable acquiring tokens for this tenant add it to the additionally_allowed_tenants when creating the credential, or add "*" to additionally_allowed_tenants to allow acquiring tokens for any tenant.)message) rrrr Z&AZURE_IDENTITY_DISABLE_MULTITENANTAUTH_LOGGERinforr)r3r,r2_rrrresolve_tenant\s4 r9credential_config exclude_flags user_excludesc Cs"tjtjd}|dkr hd}|D]}||v||<qn^|dkr4hd}|D]}||v||<q*nJ|r~dd|D}||vr]ddgt|}t dtjd |d d |d d } | D]\}} | d|krr|} nqc|D]}|| k||<qu| D] \}} | d ur| ||<q|S)aProcess credential exclusions based on environment variable and user overrides. This method handles the AZURE_TOKEN_CREDENTIALS environment variable to determine which credentials should be excluded from the credential chain, and then applies any user-provided exclude overrides which take precedence over environment settings. :param credential_config: Configuration mapping for all available credentials, containing exclude parameter names, environment names, and default exclude settings :type credential_config: dict :param exclude_flags: Dictionary of exclude flags for each credential (will be modified) :type exclude_flags: dict :param user_excludes: User-provided exclude overrides from constructor kwargs :type user_excludes: dict :return: Dictionary of final exclude flags for each credential :rtype: dict :raises ValueError: If token_credentials_env contains an invalid credential name dev> powershellZbrokercliZshared_token_cacheZvisual_studio_codeZ developer_cliprod>Zworkload_identity environmentZmanaged_identitycSsh|] }d|vr|dqS)env_namer)r$configrrr sz0process_credential_exclusions..zInvalid value for z: z. Valid values are: z, .NrC) rrrr ZAZURE_TOKEN_CREDENTIALSstriplowervaluessortedrjoinitems) r:r;r<Ztoken_credentials_envZdev_credentialsZcred_keyZprod_credentialsZvalid_credentialsZ valid_valuesZselected_cred_keyrDZ user_valuerrrprocess_credential_exclusionssBrMcCs(z ddlm}|WStyYdSw)zReturn the InteractiveBrowserBrokerCredential class if available, otherwise None. :return: InteractiveBrowserBrokerCredential class or None :rtype: Optional[type] r"InteractiveBrowserBrokerCredentialN)Zazure.identity.brokerrO ImportErrorrNrrrget_broker_credentials   rQcCs@t}t|d|d}t|d|d}|dkod|vS)Nsystemrreleaser linuxZ microsoft)platformunamegetattrrH)rVZ platform_namerSrrris_wslsrXscCst|d}|dS)Nzutf-8)base64 b64encodeencodedecode)rYencodedrrr encode_base64s r_r)*rZrrUlogging contextvarsrstringrrtypingrr urllib.parserZazure.core.exceptionsr _constantsr r r r getLogger__name__r6 frozensetr-r"r0strrrr*r.r1r9dictrMtyperQboolrXr_rrrrsJ          5>