o ưi-@s.ddlZddlZddlZddlmZmZddlZddlZddlm Z ddl m Z ddl m Z ddlmZddlmZe Zddeejd e fd d Zd eed eefd dZ ddedeeeefd eefddZ ddedeed eefddZ ddedeeeeffddZd efddZdS)N)OptionalUnion)verbose_logger) DualCache) HTTPHandler)get_azure_ad_token_provider)get_secret_from_managertimeoutreturncCs |dur tjddd}t|dS)a2 Factory function to create HTTPHandler for OIDC requests. This function can be mocked in tests. Args: timeout: Optional timeout for HTTP requests. Defaults to 600.0 seconds with 5.0 connect timeout. Returns: HTTPHandler instance configured for OIDC requests. Ng@g@)r connectr )httpxTimeoutrr rS/home/app/Keep/.python/lib/python3.10/site-packages/litellm/secret_managers/main.py_get_oidc_http_handlers  rvaluecCs@|durdSdh}dh}|}||vrdS||vrdSdS)a Converts a string to a boolean if it's a recognized boolean string. Returns None if the string is not a recognized boolean value. :param value: The string to be checked. :return: True or False if the string is a recognized boolean, otherwise None. NtruefalseTF)striplower)rZ true_valuesZ false_valuesZ value_lowerrrr str_to_bool's r secret_name default_valuecCs&t||d}|durt|tsdS|S)zi Guarantees response from 'get_secret' is either string or none. Used for fixing linting errors. )rrN) get_secret isinstancestr)rrrrrrget_secret_str?s rcCs,t||}|dur dSt|tr|St|S)aP Guarantees response from 'get_secret' is either boolean or none. Used for fixing linting errors. Args: secret_name: The name of the secret to get. default_value: The default value to return if the secret is not found. Returns: The secret value as a boolean or None if the secret is not found. N)rrboolr)rrZ _secret_valuerrrget_secret_boolMs  rc Cstj}tj}d}|dr|dd}|dr|dd}|dd\}}d|ddd}|dkrhtj|d}|durC|St } | j dd |id d id } | j d krd| j }tj ||dd|Std|dkr{td} | durytd| S|dkrtd} | durtd| S|dkrtd} td} | dus| durtdtj|d}|dur|St } | j | d |id| ddd } | j d kr|  dd}tj ||dd|Std |d!krEtd"}|dur(td#t|d$}z|}|durtd%|WSty'}zd&t|}t|t|d}~wwt|d'}|}|WdS1s?wYns|d(krgt|d'}|}|WdS1sawYnQ|d)krt|}|dur~td*|d+|S|d,krt|}|durtd*|d+t|d'}|}|WdS1swYntd-ztrCtjdurCz*tj}d.}|dur|j}|dur|jdur||jvrd.}t||||d/}Wn*ty}ztd0|d1t|d2t t|}WYd}~nd}~wwzt!|tr2t"#|}t!|t$r.|WWS|WWSWWdStyB|YWSwtj% |}|durRt&|nd}|durbt!|t$rb|WS|WSty}z|durz|WYd}~S|d}~ww)3Nz os.environ/zoidc//Zgoogle)keyz]http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/identityZaudiencezMetadata-FlavorZGoogle)paramsheadersi )r#rttlzGoogle OIDC provider failedZcircleciZCIRCLE_OIDC_TOKENz*CIRCLE_OIDC_TOKEN not found in environmentZ circleci_v2ZCIRCLE_OIDC_TOKEN_V2z-CIRCLE_OIDC_TOKEN_V2 not found in environmentZgithubZACTIONS_ID_TOKEN_REQUEST_URLZACTIONS_ID_TOKEN_REQUEST_TOKENzWACTIONS_ID_TOKEN_REQUEST_URL or ACTIONS_ID_TOKEN_REQUEST_TOKEN not found in environmentzBearer z!application/json; api-version=2.0) AuthorizationAcceptri'zGithub OIDC provider failedZazureZAZURE_FEDERATED_TOKEN_FILEzTAZURE_FEDERATED_TOKEN_FILE not found in environment will use Azure AD token provider)Z azure_scopez'Azure OIDC provider returned None tokenzAzure OIDC provider failed: rfileenvzEnvironment variable z not foundZenv_pathzUnsupported OIDC providerlocal)client key_managerrkey_management_settingsz'Defaulting to os.environ value for key=z. An exception occurred - z. )'litellmZ_key_management_system_key_management_settings startswithreplacesplitjoin oidc_cacheZ get_cacherget status_codetextZ set_cache ValueErrorosgetenvjsonrwarningr Exceptionrerroropenread'_should_read_secret_from_secret_managersecret_manager_clientrZ hosted_keysr traceback format_excrast literal_evalrenvironr)rrZkey_management_systemr0secretZsecret_name_splitZ oidc_providerZoidc_audZ oidc_tokenZ oidc_clientresponseZ env_secretZactions_id_token_request_urlZactions_id_token_request_tokenZazure_federated_token_fileZazure_token_providere error_msgfZtoken_file_pathr.r/Zsecret_value_as_boolrrrrds                   $  $       $           rcCs4tjdurtjdurtjjdkstjjdkrdSdS)a Returns True if the secret manager should be used to read the secret, False otherwise - If the secret manager client is not set, return False - If the `_key_management_settings` access mode is "read_only" or "read_and_write", return True - Otherwise, return False NZ read_onlyZread_and_writeTF)r1rEr2Z access_moderrrrrD s    rD)N)rHr<rFtypingrrr r1Zlitellm._loggingrZlitellm.caching.cachingrZ&litellm.llms.custom_httpx.http_handlerrZ3litellm.secret_managers.get_azure_ad_token_providerrZ.litellm.secret_managers.secret_manager_handlerrr7rrrrrrrrrDrrrrsL        (