ee[c@sddlZddlZddlZddlZddlZddlZddlZddlZddlm Z ddl m Z ddl m Z ddlZddlmZddlmZddlZddlZddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddlmZddl m!Z!m"Z"ddl m#Z#ej$e%Z&e ddddgZ'e(dZ)dZ*dZ+dZ,e-dZ.dZ/dZ0de1fdYZ2d e1fd!YZ3d"e3fd#YZ4d$e4fd%YZ5d&e1fd'YZ6d(e6fd)YZ7d*e1fd+YZ8d,e8fd-YZ9d.e8fd/YZ:d0e8fd1YZ;d2e8fd3YZ<d4e8fd5YZ=d6e8fd7YZ>d8e8fd9YZ?d:e8fd;YZ@d<e1fd=YZAd>e8fd?YZBd@e1fdAYZCdS(BiN(t namedtuple(tdeepcopy(tsha1(tparse(ttzlocal(t total_seconds(tcompat_shell_split(tUnknownCredentialError(tPartialCredentialsError(tConfigNotFound(tInvalidConfigError(tInfiniteLoopConfigError(tRefreshWithMFAUnsupportedError(tMetadataRetrievalError(tCredentialRetrievalError(tInstanceMetadataFetchertparse_key_val_file(tContainerMetadataFetchertReadOnlyCredentialst access_keyt secret_keyttokencsjdpd}jd}jd}jd}jd}|dkrfi}nt}t}tdtd|d |d j} td fd d jd|d|dt ||| g} || t d|d|t d|d fdt d|d|t t|| g } jddd} | dk r| j|tjdntd| } | S(sCreate a default credential resolver. This creates a pre-configured credential resolver that includes the default lookup chain for credentials. tprofiletdefaulttcredentials_filet config_filetmetadata_service_timeouttmetadata_service_num_attemptstiam_role_fetcherttimeoutt num_attemptst user_agentt load_configcsjS(N(t full_config((tsession(s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pytLstclient_creatortcachet profile_nametcredential_sourcertcreds_filenamecsjS(N(R!((R"(s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR#\stconfig_filenametmethodstinstancesWSkipping environment variable credential check because profile name was explicitly set.t providersN(sinstance(tget_config_variabletNonet EnvProvidertContainerProvidertInstanceMetadataProviderRRtAssumeRoleProvidert create_clienttCanonicalNameCredentialSourcertSharedCredentialProvidertProcessProvidertConfigProvidertOriginalEC2Providert BotoProvidertremovetloggertdebugtCredentialResolver(R"R%R&tcredential_fileRtmetadata_timeoutRt env_providertcontainer_providertinstance_metadata_providertassume_role_providerR,texplicit_profiletresolver((R"s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pytcreate_credential_resolver3sP           cCst|}|jS(N(RFtload_credentials(R"RE((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pytget_credentialss cCstjjtS(N(tdatetimetnowR(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyt _local_nowscCs t|tjr|St|S(N(t isinstanceRIR(tvalue((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyt_parse_if_neededscCs3t|tjr/|r"|jS|jdS|S(Ns%Y-%m-%dT%H:%M:%S%Z(RLRIt isoformattstrftime(RMtiso((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyt_serialize_if_neededs   csfd}|S(NcsOj}|d}i|dd6|dd6|dd6t|dd 6S( Nt Credentialst AccessKeyIdRtSecretAccessKeyRt SessionTokenRt Expirationt expiry_time(t assume_roleRR(tresponset credentials(tclienttparams(s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pytrefreshs    ((R\R]R^((R\R]s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pytcreate_assume_role_refreshers cCs dtfdY}||S(Nt _RefreshercBseZdZdZRS(cSs||_t|_dS(N(t_refreshtFalset_has_been_called(tselfR^((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyt__init__s cSs(|jrtnt|_|jS(N(RcR tTrueRa(Rd((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyt__call__s   (t__name__t __module__ReRg(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR`s (tobject(tactual_refreshR`((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pytcreate_mfa_serial_refresherst JSONFileCachecBseeZdZejjejjddddZedZdZ dZ dZ d Z RS( sJSON file cache. This provides a dict like interface that stores JSON serializable objects. The objects are serialized to JSON and stored in a file. These values can be retrieved at a later time. t~s.awstbotoR%cCs ||_dS(N(t _working_dir(Rdt working_dir((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRescCs|j|}tjj|S(N(t_convert_cache_keytostpathtisfile(Rdt cache_keyt actual_key((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyt __contains__scCsb|j|}y&t|}tj|SWdQXWn&tttfk r]t|nXdS(s Retrieve value from a cache key.N(RrtopentjsontloadtOSErrort ValueErrortIOErrortKeyError(RdRvRwtf((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyt __getitem__s cCs|j|}ytj|dt}Wn'ttfk rQtd|nXtjj|j sztj |j ntj tj |tj tjBdd}|j|j|WdQXdS(NRs5Value cannot be cached, must be JSON serializable: %sitw(RrRztdumpsRRt TypeErrorR}RsRttisdirRptmakedirstfdopenRytO_WRONLYtO_CREATttruncatetwrite(RdRvRMtfull_keyt file_contentR((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyt __setitem__s cCs tjj|j|d}|S(Ns.json(RsRttjoinRp(RdRvt full_path((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRrs( RhRit__doc__RsRtt expanduserRt CACHE_DIRReRxRRRr(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRms'   RScBs/eZdZdddZdZdZRS(s\ Holds the credentials needed to authenticate requests. :ivar access_key: The access key part of the credentials. :ivar secret_key: The secret key part of the credentials. :ivar token: The security token, valid only for session credentials. :ivar method: A string which identifies where the credentials were found. cCsG||_||_||_|dkr0d}n||_|jdS(Ntexplicit(RRRR.tmethodt _normalize(RdRRRR((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRes      cCs4tjj|j|_tjj|j|_dS(N(tbotocoretcompattensure_unicodeRR(Rd((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRscCst|j|j|jS(N(RRRR(Rd((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pytget_frozen_credentialss N(RhRiRR.ReRR(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRSs   tRefreshableCredentialscBseZdZdZdZedZdZedZ e dZ e j dZ e d Z e j d Z e d Zej d Zd ZddZdZdZdZedZdZdZRS(s Holds the credentials needed to authenticate requests. In addition, it knows how to refresh itself. :ivar access_key: The access key part of the credentials. :ivar secret_key: The secret key part of the credentials. :ivar token: The security token, valid only for session credentials. :ivar method: A string which identifies where the credentials were found. ii<i cCsq||_||_||_||_||_||_tj|_||_ t ||||_ |j dS(N( t_refresh_usingt _access_keyt _secret_keyt_tokent _expiry_timet _time_fetchert threadingtLockt _refresh_lockRRt_frozen_credentialsR(RdRRRRXt refresh_usingRt time_fetcher((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRes       cCs4tjj|j|_tjj|j|_dS(N(RRRRR(Rd((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR.sc CsJ|d|dd|dd|dd|j|dd|d|}|S(NRRRRXRR(t_expiry_datetime(tclstmetadataRRR+((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pytcreate_from_metadata2s    cCs|j|jS(sWarning: Using this property can lead to race conditions if you access another property subsequently along the refresh boundary. Please use get_frozen_credentials instead. (RaR(Rd((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR>s cCs ||_dS(N(R(RdRM((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRGscCs|j|jS(sWarning: Using this property can lead to race conditions if you access another property subsequently along the refresh boundary. Please use get_frozen_credentials instead. (RaR(Rd((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRKs cCs ||_dS(N(R(RdRM((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRTscCs|j|jS(sWarning: Using this property can lead to race conditions if you access another property subsequently along the refresh boundary. Please use get_frozen_credentials instead. (RaR(Rd((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRXs cCs ||_dS(N(R(RdRM((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRascCs|j|j}t|S(N(RRR(Rdtdelta((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyt_seconds_remainingescCsR|jdkrtS|dkr+|j}n|j|krAtStjdtS(sCheck if a refresh is needed. A refresh is needed if the expiry time associated with the temporary credentials is less than the provided ``refresh_in``. If ``time_delta`` is not provided, ``self.advisory_refresh_needed`` will be used. For example, if your temporary credentials expire in 10 minutes and the provided ``refresh_in`` is ``15 * 60``, then this function will return ``True``. :type refresh_in: int :param refresh_in: The number of seconds before the credentials expire in which refresh attempts should be made. :return: True if refresh neeeded, False otherwise. s!Credentials need to be refreshed.N(RR.Rbt_advisory_refresh_timeoutRR;R<Rf(Rdt refresh_in((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pytrefresh_neededis   cCs|jddS(NRi(R(Rd((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyt _is_expiredscCs|j|jsdS|jjtr|z@|j|jsAdS|j|j}|jd|dSWd|jjXnK|j|jr|j+|j|jsdS|jdtWdQXndS(Nt is_mandatory( RRRtacquireRbt_mandatory_refresh_timeoutt_protected_refreshtreleaseRf(Rdtis_mandatory_refresh((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRas   cCsy|j}WnHtk rZ}|r.dnd}tjd|dt|rVndSX|j|t|j|j|j |_ |j rd}tj|t |ndS(Nt mandatorytadvisorysARefreshing temporary credentials failed during %s refresh period.texc_infosLCredentials were refreshed, but the refreshed credentials are still expired.( Rt ExceptionR;twarningRft_set_from_dataRRRRRRt RuntimeError(RdRRtet period_nametmsg((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRs      cCs t|S(N(R(ttime_str((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRscCs[|d|_|d|_|d|_t|d|_tjd|j|jdS(NRRRRXs(Retrieved credentials will expire at: %s(RRRRRR;R<R(Rdtdata((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRs     cCs|j|jS(sReturn immutable credentials. The ``access_key``, ``secret_key``, and ``token`` properties on this class will always check and refresh credentials if needed before returning the particular credentials. This has an edge case where you can get inconsistent credentials. Imagine this: # Current creds are "t1" tmp.access_key ---> expired? no, so return t1.access_key # ---- time is now expired, creds need refreshing to "t2" ---- tmp.secret_key ---> expired? yes, refresh and return t2.secret_key This means we're using the access key from t1 with the secret key from t2. To fix this issue, you can request a frozen credential object which is guaranteed not to change. The frozen credentials returned from this method should be used immediately and then discarded. The typical usage pattern would be:: creds = RefreshableCredentials(...) some_code = SomeSignerObject() # I'm about to sign the request. # The frozen credentials are only used for the # duration of generate_presigned_url and will be # immediately thrown away. request = some_code.sign_some_request( with_credentials=creds.get_frozen_credentials()) print("Signed request:", request) (RaR(Rd((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRs" iiXN(RhRiRRRRKReRt classmethodRtpropertyRtsetterRRRR.RRRaRt staticmethodRRR(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR s(        "   ! tDeferredRefreshableCredentialscBs&eZdZedZddZRS(syRefreshable credentials that don't require initial credentials. refresh_using will be called upon first access. cCs[||_d|_d|_d|_d|_||_tj|_ ||_ d|_ dS(N( RR.RRRRRRRRRR(RdRRR((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRes       cCs)|jdkrtStt|j|S(N(RR.RftsuperRR(RdR((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRsN(RhRiRRKReR.R(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRs tCachedCredentialFetchercBs_eZd d dZdZdZdZdZdZdZ d Z d Z RS( i<icCs:|dkri}n||_|j|_||_dS(N(R.t_cachet_create_cache_keyt _cache_keyt_expiry_window_seconds(RdR%texpiry_window_seconds((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRes    cCstddS(Ns_create_cache_key()(tNotImplementedError(Rd((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR scCs4|jddjtjjd}|jddS(Nt:t_t/(treplaceRsRttsep(Rdtfilename((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyt_make_file_safe#s$cCstddS(Ns_get_credentials()(R(Rd((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyt_get_credentials(scCs |jS(N(t_get_cached_credentials(Rd((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pytfetch_credentials+scCs|j}|d kr4|j}|j|n tjd|d}t|ddt}i|dd6|dd6|d d 6|d 6S( sGet up-to-date credentials. This will check the cache for up-to-date credentials, calling assume role if none are available. s*Credentials for role retrieved from cache.RSRWRQRTRRURRVRRXN(t_load_from_cacheR.Rt_write_to_cacheR;R<RRRf(RdRZtcredst expiration((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR.s        cCsO|j|jkrKt|j|j}|j|s;|StjdndS(Ns6Credentials were found in cache, but they are expired.(RRRRR;R<R.(RdR((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRDs cCst||j|jeZdZejdZdZdZedZ RS(scustom-processcCs(||_||_d|_||_dS(N(t _profile_namet _load_configR.t_loaded_configt_popen(RdR&R tpopen((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRes   c sjdkrdSj}|jddk r_tj|fdjStd|dd|dd|jddjS(NRXcs jS(N(t_retrieve_credentials_using((tcredential_processRd(s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR# sRRRR(t_credential_processR.RRRRR RS(Rdt creds_dict((RRds8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR{s     c CsAt|}|j|dtjdtj}|j\}}|jdkrrtd|jd|jdnt j j j |jd}|j dd}|d krtd|jdd |ny>i|d d 6|d d6|j dd6|j dd6SWn/tk r<}td|jdd|nXdS(NtstdouttstderriR t error_msgsutf-8tVersionsisOUnsupported version '%s' for credential process provider, supported versions: 1RTRRURRVRRWRXs$Missing required key in response: %s(RRt subprocesstPIPEt communicatet returncodeRR tdecodeRRRzRRR( RdRt process_listtpRRtparsedtversionR((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRs2          cCsR|jdkr!|j|_n|jjdij|ji}|jdS(NtprofilesR(RR.RRR(Rdtprofile_config((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR5s  ( RhRiR R tPopenReR{RRR(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR6s   R1cBs&eZdZdZdZdZRS(siam-roletEc2InstanceMetadatacCs ||_dS(N(t _role_fetcher(RdR((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyReBscCsX|j}|j}|sdStjd|dtj|d|jd|j}|S(Ns#Found credentials from IAM Role: %st role_nameRR(R-tretrieve_iam_role_credentialsR.R;R<RRR (RdtfetcherRR((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR{Es      (RhRiR RReR{(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR1>s R/cBs\eZdZdZdZdZddgZdZd d dZ dZ d Z d Z RS( tenvt EnvironmenttAWS_ACCESS_KEY_IDtAWS_SECRET_ACCESS_KEYtAWS_SECURITY_TOKENtAWS_SESSION_TOKENtAWS_CREDENTIAL_EXPIRATIONcCs7|dkrtj}n||_|j||_dS(s :param environ: The environment variables (defaults to ``os.environ`` if no value is provided). :param mapping: An optional mapping of variable names to environment variable names. Use this if you want to change the mapping of access_key->AWS_ACCESS_KEY_ID, etc. The dict can have up to 3 keys: ``access_key``, ``secret_key``, ``session_token``. N(R.Rstenviront_build_mappingt_mapping(RdR8R ((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyReds   cCsi}|dkrI|j|d<|j|d<|j|d<|j|dR.ReR9R{RC(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR/Zs   R8cBs>eZdZdZdZdZdZdddZdZ RS(sec2-credentials-filet Ec2ConfigtAWS_CREDENTIAL_FILEtAWSAccessKeyIdt AWSSecretKeycCsC|dkrtj}n|dkr-t}n||_||_dS(N(R.RsR8Rt_environt_parser(RdR8tparser((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRes      cCsd|jkrtjj|jd}|j|}|j|krtjd||j}||j}t ||d|j SndSdS(sN Search for a credential file used by original EC2 CLI tools. RFs)Found credentials in AWS_CREDENTIAL_FILE.RN( RIRsRtRRJR;R;RBR<RSR R.(RdRRRR((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR{s    N( RhRiR Rt CRED_FILE_ENVR;R<R.ReR{(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR8sR5cBsMeZdZdZdZdZddgZd d dZdZ dZ RS( sshared-credentials-filetSharedCredentialsRRtaws_security_tokenRcCsO||_|dkrd}n||_|dkrBtjj}n||_dS(NR(t_creds_filenameR.RRt configloadertraw_config_parset _ini_parser(RdR(R&t ini_parser((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRes     cCsy|j|j}Wntk r*dSX|j|kr||j}|j|krtjd|j|j||j|j \}}|j |}t |||d|j SndS(Ns0Found credentials in shared credentials file: %sR( RRROR R.RR;R;RBRR<t_get_session_tokenRSR (Rdtavailable_credstconfigRRR((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR{s    cCs,x%|jD]}||kr ||Sq WdS(N(R=(RdRVt token_envvar((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRTs N( RhRiR RR;R<R=R.ReR{RT(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR5s  R7cBsPeZdZdZdZdZdZddgZd dZ dZ d Z RS( s0INI based config provider with profile sections.s config-filet SharedConfigRRRNRcCs:||_||_|dkr-tjj}n||_dS(s :param config_filename: The session configuration scoped to the current profile. This is available via ``session.config``. :param profile_name: The name of the current profile. :param config_parser: A config parser callable. N(t_config_filenameRR.RRPR t_config_parser(RdR)R&t config_parser((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRe!s   cCsy|j|j}Wntk r*dSX|j|dkr|d|j}|j|krtjd|j|j||j|j \}}|j |}t |||d|j SndSdS(sr If there is are credentials in the configuration associated with the session, use those. R)s$Credentials found in config file: %sRN( RZRYR R.RR;R;RBRR<RTRSR (RdR!R*RRR((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR{0s    cCs,x%|jD]}||kr ||Sq WdS(N(R=(RdR*t token_name((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRTFs N( RhRiRR RR;R<R=R.ReR{RT(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR7s   R9cBsJeZdZdZdZddgZdZdZd d dZ dZ RS( s boto-configt Boto2Configt BOTO_CONFIGs /etc/boto.cfgs~/.botoRRcCsI|dkrtj}n|dkr3tjj}n||_||_dS(N(R.RsR8RRPRQRIRR(RdR8RS((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyReUs     cCs|j|jkr(|j|jg}n |j}x|D]}y|j|}Wntk rgq8nXd|kr8|d}|j|krtjd||j||j|j \}}t ||d|j Sq8q8WdS(s; Look for credentials in boto config file. RSs)Found credentials in boto config file: %sRN( tBOTO_CONFIG_ENVRItDEFAULT_CONFIG_FILENAMESRRR R;R;RBRR<RSR (Rdtpotential_locationsRRVR[RR((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR{]s"       N( RhRiR RR_R`R;R<R.ReR{(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR9Ls R2cBseZdZdZdZdZejddZdZ dZ dZ dZ d Z d Zd Zd Zd ZdZdZdZRS(s assume-roleRi<icCsR||_||_||_||_||_i|_||_|jg|_dS(s :type load_config: callable :param load_config: A function that accepts no arguments, and when called, will return the full configuration dictionary for the session (``session.full_config``). :type client_creator: callable :param client_creator: A factory function that will create a client when called. Has the same interface as ``botocore.session.Session.create_client``. :type cache: dict :param cache: An object that supports ``__getitem__``, ``__setitem__``, and ``__contains__``. An example of this is the ``JSONFileCache`` class in the CLI. :type profile_name: str :param profile_name: The name of the profile. :type prompter: callable :param prompter: A callable that returns input provided by the user (i.e raw_input, getpass.getpass, etc.). :type credential_sourcer: CanonicalNameCredentialSourcer :param credential_sourcer: A credential provider that takes a configuration, which is used to provide the source credentials for the STS call. N(R%RRRt _prompterRt_credential_sourcert_visited_profiles(RdR R$R%R&tprompterR'((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRes#       cCs\|j|_|jjdi}|j|ji}|j|rX|j|jSdS(NR)(RRRRt_has_assume_role_config_varst_load_creds_via_assume_role(RdR)R((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR{s cCs |j|kS(N(tROLE_CONFIG_VAR(RdR((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRfsc Cs|j|}|j||}i}|jd}|dk rO||d[s(Rv(RdRt static_keys((Rs8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRwYs cCsR|jd}|dk r+|j||S|d}|jj||j|S(NRqRp(RR.t _resolve_credentials_from_sourceRdR t!_resolve_credentials_from_profile(RdRnR&RqRp((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRm]s   cCsH|jjdi}||}|j|r;|j|S|j|S(NR)(RRRwt(_resolve_static_credentials_from_profileRg(RdR&R)R((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRhs   cCsfy.td|dd|dd|jdSWn1tk ra}td|jdt|nXdS( NRRRRRRR R (RSRRRR tstr(RdRR((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRqs  cCs>|jj|}|dkr:td|dd|n|S(NR RsBNo credentials found in credential_source referenced in profile %s(RcRR.R(RdRqR&R[((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR|s    Ni(RhRiR R.RRhtEXPIRY_WINDOW_SECONDSRReR{RfRgRlRrRxRsRwRmRRR(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR2vs"4   ( +  0  R4cBs>eZdZdZdZdZdZdZRS(cCs ||_dS(N(t _providers(RdR,((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRescCs#|g|jD]}|j^q kS(sLValidates a given source name. :type source_name: str :param source_name: The value of credential_source in the config file. This is the canonical name of the credential provider. :rtype: bool :returns: True if the credential provider is supported, False otherwise. (RR(Rdt source_nameR&((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRts cCs2|j|}t|tr(|jS|jS(sLoads source credentials based on the provided configuration. :type source_name: str :param source_name: The value of credential_source in the config file. This is the canonical name of the credential provider. :rtype: Credentials (t _get_providerRLR=RGR{(RdRtsource((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRs  cCs|j|}|jdkr_|jd}|dk r_|dkrL|St||gSn|dkr}td|n|S(s#Return a credential provider by its canonical name. :type canonical_name: str :param canonical_name: The canonical name of the provider. :raises UnknownCredentialError: Raised if no credential provider by the provided name is found. t sharedconfigtsharedcredentialss assume-roletname(RRN(t_get_provider_by_canonical_nametlowert_get_provider_by_methodR.R=R(Rdtcanonical_nameR RC((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRs    cCsCx<|jD]1}|j}|r |j|jkr |Sq WdS(sReturn a credential provider by its canonical name. This function is strict, it does not attempt to address compatibility issues. N(RRR(RdRR R((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRs cCs+x$|jD]}|j|kr |Sq WdS(s0Return a credential provider by its METHOD name.N(RR (RdRR ((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRs(RhRiReRtRRRR(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR4s    & R0cBsbeZdZdZdZdZdZd d dZdZ dZ dZ d Z d Z RS( scontainer-rolet EcsContainert&AWS_CONTAINER_CREDENTIALS_RELATIVE_URIt"AWS_CONTAINER_CREDENTIALS_FULL_URIt!AWS_CONTAINER_AUTHORIZATION_TOKENcCsF|dkrtj}n|dkr0t}n||_||_dS(N(R.RsR8RRIt_fetcher(RdR8R0((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRes      cCs2|j|jks$|j|jkr.|jSdS(N(tENV_VARRIt ENV_VAR_FULLt_retrieve_or_fail(Rd((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR{s$c Cs|jr+|jj|j|j}n|j|j}|j}|j||}|}td|dd|dd|dd|j dt |dd|S(NRRRRRXR( t_provided_relative_uriRtfull_urlRIRRt_build_headerst_create_fetcherRR RN(Rdtfull_uritheadersR0R((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRs       cCs6i}|jj|j}|dk r2i|d6SdS(Nt Authorization(RIRtENV_VAR_AUTH_TOKENR.(RdRt auth_token((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR s  csfd}|S(Ncsyjjd}WnGtk re}tjd|dttdjdt|nXi|dd6|dd 6|d d 6|d d 6S(NRs'Error retrieving container metadata: %sRR RRTRRURtTokenRRWRX( Rtretrieve_full_uriR R;R<RfRR R(RZR(RRRd(s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyt fetch_credss    ((RdRRR((RRRds8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRscCs|j|jkS(N(RRI(Rd((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR$sN(RhRiR RRRRR.ReR{RRRR(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR0s    R=cBsGeZdZdZdZdZdZdZdZRS(cCs ||_dS(sQ :param providers: A list of ``CredentialProvider`` instances. N(R,(RdR,((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRe)scCsfy,g|jD]}|j^q j|}Wn tk rNtd|nX|jj||dS(s= Inserts a new instance of ``CredentialProvider`` into the chain that will be tried before an existing one. :param name: The short name of the credentials you'd like to insert the new credentials before. (ex. ``env`` or ``config``). Existing names & ordering can be discovered via ``self.available_methods``. :type name: string :param cred_instance: An instance of the new ``Credentials`` object you'd like to add to the chain. :type cred_instance: A subclass of ``Credentials`` RN(R,R tindexR}Rtinsert(RdRtcredential_providerR&toffset((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyt insert_before1s , cCs*|j|}|jj|d|dS(s9 Inserts a new type of ``Credentials`` instance into the chain that will be tried after an existing one. :param name: The short name of the credentials you'd like to insert the new credentials after. (ex. ``env`` or ``config``). Existing names & ordering can be discovered via ``self.available_methods``. :type name: string :param cred_instance: An instance of the new ``Credentials`` object you'd like to add to the chain. :type cred_instance: A subclass of ``Credentials`` iN(t_get_provider_offsetR,R(RdRRR((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyt insert_afterEscCsRg|jD]}|j^q }||kr/dS|j|}|jj|dS(s Removes a given ``Credentials`` instance from the chain. :param name: The short name of the credentials instance to remove. :type name: string N(R,R Rtpop(RdRR&tavailable_methodsR((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR:Vs  cCs|j|j|S(sReturn a credential provider by name. :type name: str :param name: The name of the provider. :raises UnknownCredentialError: Raised if no credential provider by the provided name is found. (R,R(RdR((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyt get_provideres cCsQy*g|jD]}|j^q j|SWn tk rLtd|nXdS(NR(R,R RR}R(RdRR&((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRqs* cCsGx@|jD]5}tjd|j|j}|dk r |Sq WdS(sw Goes through the credentials chain, returning the first ``Credentials`` that could be loaded. sLooking for credentials via: %sN(R,R;R<R R{R.(RdR R((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyRGws   ( RhRiReRRR:RRRG(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pyR=(s     (DRRItloggingRsRRRzR t collectionsRtcopyRthashlibRtdateutil.parserRt dateutil.tzRtbotocore.configloaderRtbotocore.compatRRtbotocore.exceptionsRRR R R R R Rtbotocore.utilsRRRt getLoggerRhR;RR.RFRHRKRNRbRRR_RlRjRmRSRRRRRR6R1R/R8R5R7R9R2R4R0R=(((s8/tmp/pip-install-xdEqop/botocore/botocore/credentials.pytsp            M      -'Ar-Fo"*7*XE