o i-@sddlZddlZddlZddlZddlmZmZddlmZmZddl Z ddl m Z ddl mZddlmZddlmZddlmZmZmZdd lmZmZmZmZmZeeZd d Z d d Z!ddZ"ddZ#GdddeZ$GdddZ%GdddZ&GdddZ'GdddZ(dS)N)datetime timedelta) NamedTupleOptional)tzutc)UNSIGNED) total_seconds)Config) ClientErrorInvalidConfigErrorTokenRetrievalError)CachedProperty JSONFileCacheSSOTokenLoadercreate_nested_clientget_token_from_environmentcCs ttSN)rnowrrrF/home/app/Keep/.python/lib/python3.10/site-packages/botocore/tokens.py_utc_now*s rcCst|t|g}t|dS)N) providers)ScopedEnvTokenProviderSSOTokenProviderTokenProviderChain)sessionrrrrcreate_token_resolver.s rcCst|tr |dS|S)Nz%Y-%m-%dT%H:%M:%SZ) isinstancerstrftimeobjrrr_serialize_utc_timestamp6s  r!cCstj|tdS)N)default)jsondumpsr!rrrr_sso_json_dumps<sr%c@s&eZdZUeed<dZeeed<dS)FrozenAuthTokentokenN expiration)__name__ __module__ __qualname__str__annotations__r(rrrrrrr&@s r&c@sLeZdZdZdZdZefddZddZdd Z d d Z d d Z ddZ dS)DeferredRefreshableTokeniX<cCs,||_||_||_t|_d|_d|_dSr) _time_fetcher_refresh_usingmethod threadingLock _refresh_lock _frozen_token _next_refresh)selfr3Z refresh_using time_fetcherrrr__init__Ns   z!DeferredRefreshableToken.__init__cCs||jSr)_refreshr7r9rrrget_frozen_tokenXsz)DeferredRefreshableToken.get_frozen_tokencCsN|}|sdS|dk}|j|r%z |W|jdS|jwdS)N mandatory)_should_refreshr6acquire_protected_refreshrelease)r9 refresh_typeZblock_for_refreshrrrr<\s  z!DeferredRefreshableToken._refreshcCs|}|sdSz|}|t|jd|_||_Wnty2tj d|dd|dkr0Ynw| r>t |j dddS)Nsecondsz5Refreshing token failed during the %s refresh period.Texc_infor?z$Token has expired and refresh failed)provider error_msg) r@r1r_attempt_timeoutr8r2r7 Exceptionloggerwarning _is_expiredr r3)r9rDrrrrrBjs.  z+DeferredRefreshableToken._protected_refreshcCs.|jdurdS|jj}t||}|dkS)NFr)r7r(rr1)r9r( remainingrrrrOs z$DeferredRefreshableToken._is_expiredcCsd|jdurdS|jj}|durdS|}||jkrdSt||}||jkr)dS||jkr0dSdS)Nr?Zadvisory)r7r(r1r8r_mandatory_refresh_timeout_advisory_refresh_timeout)r9r(rrPrrrr@s     z(DeferredRefreshableToken._should_refreshN) r)r*r+rRrQrKrr;r>r<rBrOr@rrrrr.Es   r.c@seZdZdddZddZdS)rNcCs|durg}||_dSr) _providers)r9rrrrr;s zTokenProviderChain.__init__cKs0|jD]}|jdi|}|dur|SqdS)Nr)rS load_token)r9kwargsrIr'rrrrTs zTokenProviderChain.load_tokenr)r)r*r+r;rTrrrrrs  rc@seZdZdZdZejejddddZ ddgZ dZ e Z d ed fd d Zd d ZeddZeddZddZddZddZddZd S)rZssor/~z.awscache sso_start_url sso_regionZ refresh_tokenNcCsR||_|dur|j|jtd}||_||_t|jd|_|p%|jdp%d|_ dS)N)Z dumps_func)rWZprofiler") _sessionDEFAULT_CACHE_CLS_SSO_TOKEN_CACHE_DIRr%_now_cacher _token_loaderZget_config_variable _profile_name)r9rrWr:Z profile_namerrrr;s zSSOTokenProvider.__init__c Cs|jj}|di}|di}||ji}d|vrdS|d}||d}|s8d|jd|d}t|dg}|jD] } | |vrH|| q=|rZd|jd|d }t|d||d |d d S) Nprofiles sso_sessionsZ sso_sessionz The profile "z7" is configured to use the SSO token provider but the "z+" sso_session configuration does not exist.)rJzZ" is configured to use the SSO token provider but is missing the following configuration: .rYrX) session_namerYrX)rZZ full_configgetr`r _SSO_CONFIG_VARSappend) r9Z loaded_configrarbZprofile_configZsso_session_nameZ sso_configrJZmissing_configsvarrrr_load_sso_configs:         z!SSOTokenProvider._load_sso_configcCs|Sr)rir=rrr _sso_configszSSOTokenProvider._sso_configcCs"t|jdtd}t|jd|dS)NrY)Z region_nameZsignature_versionzsso-oidc)config)r rjrrrZ)r9rkrrr_clients zSSOTokenProvider._clientcCs|jj|j|d|d|dd}t|dd}|jd|jd|d |||d|d|d d }d|vr>|d|d<td |S) NclientId clientSecret refreshToken)Z grantTypermrnroZ expiresInrErXrY accessTokenregistrationExpiresAt)ZstartUrlregionrp expiresAtrmrnrqzSSO Token refresh succeeded)rlZ create_token _GRANT_TYPErrjr]rMinfo)r9r'responseZ expires_inZ new_tokenrrr_attempt_create_tokens&   z&SSOTokenProvider._attempt_create_tokencsd}fdd|D}|rd|}t|dStjd}t||dkr3td|dSz|WStyJtj dd d YdSw) N)rormrnrqcsg|]}|vr|qSrr).0kr'rr $sz:SSOTokenProvider._refresh_access_token..z+Unable to refresh SSO token: missing keys: rqrz$SSO token registration expired at %sz SSO token refresh attempt failedTrG) rMrudateutilparserparserr]rwr rN)r9r'keysZ missing_keysmsgZexpiryrrzr_refresh_access_tokens      z&SSOTokenProvider._refresh_access_tokencCs|jd}|jd}td||j||d}tj|d}td|t|| }||j krJ| |}|durJ|}|d}|jj |||dt |d|dS) NrXrdzLoading cached SSO token for %s)rdrszCached SSO token expires at %srp)r()rjrMrur_r|r}r~debugrr]_REFRESH_WINDOWrZ save_tokenr&)r9Z start_urlrdZ token_dictr(rPZnew_token_dictrrr _refresher5s$      zSSOTokenProvider._refreshercKs"|jdurdSt|j|j|jdS)N)r:)rjr.METHODrr])r9rUrrrrTKs  zSSOTokenProvider.load_token)r)r*r+rrospath expanduserjoinr\rfrtrr[rr;rir rjrlrwrrrTrrrrrs, '   rc@s&eZdZdZdZdddZddZdS) rzn Token provider that loads tokens from environment variables scoped to a specific `signing_name`. envNcCs||_|dur tj}||_dSr)rZrenviron)r9rrrrrr;\s zScopedEnvTokenProvider.__init__cKs@|d}|dur dSt||j}|durtdt|SdS)N signing_namez%Found token in environment variables.)rerrrMrur&)r9rUrr'rrrrTbs   z!ScopedEnvTokenProvider.load_tokenr)r)r*r+__doc__rr;rTrrrrrTs   r))r#loggingrr4rrtypingrrZdateutil.parserr|Z dateutil.tzrZbotocorerZbotocore.compatrZbotocore.configr Zbotocore.exceptionsr r r Zbotocore.utilsr rrrr getLoggerr)rMrrr!r%r&r.rrrrrrrs0      a!