U!\c@sddlZddlZddlZddlZddlZddlZddlZddlZddlm Z ddl m Z ddl m Z ddlZddlmZddlmZddlZddlZddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddlmZddl m!Z!m"Z"ddl m#Z#ej$e%Z&e ddddgZ'e(dZ)dZ*dZ+dZ,e-dZ.dZ/dZ0de1fdYZ2d e1fd!YZ3d"e3fd#YZ4d$e4fd%YZ5d&e1fd'YZ6d(e6fd)YZ7d*e1fd+YZ8d,e8fd-YZ9d.e8fd/YZ:d0e8fd1YZ;d2e8fd3YZ<d4e8fd5YZ=d6e8fd7YZ>d8e8fd9YZ?d:e8fd;YZ@d<e1fd=YZAd>e8fd?YZBd@e1fdAYZCdS(BiN(t namedtuple(tdeepcopy(tsha1(tparse(ttzlocal(t total_seconds(tcompat_shell_split(tUnknownCredentialError(tPartialCredentialsError(tConfigNotFound(tInvalidConfigError(tInfiniteLoopConfigError(tRefreshWithMFAUnsupportedError(tMetadataRetrievalError(tCredentialRetrievalError(tInstanceMetadataFetchertparse_key_val_file(tContainerMetadataFetchertReadOnlyCredentialst access_keyt secret_keyttokenc sjdpd}jd}jd}jd}jd}|dkrfi}nt}t}tdtd|d |d j} td fd d jd|d|dt ||| g} || t d|d|t d|d fdt d|d|t t|| g } jjddk ry| j|tjdntd| } | S(sCreate a default credential resolver. This creates a pre-configured credential resolver that includes the default lookup chain for credentials. tprofiletdefaulttcredentials_filet config_filetmetadata_service_timeouttmetadata_service_num_attemptstiam_role_fetcherttimeoutt num_attemptst user_agentt load_configcsjS(N(t full_config((tsession(s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pytLstclient_creatortcachet profile_nametcredential_sourcertcreds_filenamecsjS(N(R!((R"(s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR#\stconfig_filenamesWSkipping environment variable credential check because profile name was explicitly set.t providersN(tget_config_variabletNonet EnvProvidertContainerProvidertInstanceMetadataProviderRRtAssumeRoleProvidert create_clienttCanonicalNameCredentialSourcertSharedCredentialProvidertProcessProvidertConfigProvidertOriginalEC2Providert BotoProvidertinstance_variablestgettremovetloggertdebugtCredentialResolver( R"R%R&tcredential_fileRtmetadata_timeoutRt env_providertcontainer_providertinstance_metadata_providertassume_role_providerR*tresolver((R"s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pytcreate_credential_resolver3sL        cCst|}|jS(N(REtload_credentials(R"RD((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pytget_credentials}s cCstjjtS(N(tdatetimetnowR(((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyt _local_nowscCs t|tjr|St|S(N(t isinstanceRHR(tvalue((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyt_parse_if_neededscCs3t|tjr/|r"|jS|jdS|S(Ns%Y-%m-%dT%H:%M:%S%Z(RKRHt isoformattstrftime(RLtiso((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyt_serialize_if_neededs   csfd}|S(NcsOj}|d}i|dd6|dd6|dd6t|dd 6S( Nt Credentialst AccessKeyIdRtSecretAccessKeyRt SessionTokenRt Expirationt expiry_time(t assume_roleRQ(tresponset credentials(tclienttparams(s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pytrefreshs    ((R[R\R]((R[R\s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pytcreate_assume_role_refreshers cCs dtfdY}||S(Nt _RefreshercBseZdZdZRS(cSs||_t|_dS(N(t_refreshtFalset_has_been_called(tselfR]((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyt__init__s cSs(|jrtnt|_|jS(N(RbR tTrueR`(Rc((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyt__call__s   (t__name__t __module__RdRf(((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR_s (tobject(tactual_refreshR_((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pytcreate_mfa_serial_refresherst JSONFileCachecBseeZdZejjejjddddZedZdZ dZ dZ d Z RS( sJSON file cache. This provides a dict like interface that stores JSON serializable objects. The objects are serialized to JSON and stored in a file. These values can be retrieved at a later time. t~s.awstbotoR%cCs ||_dS(N(t _working_dir(Rct working_dir((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRdscCs|j|}tjj|S(N(t_convert_cache_keytostpathtisfile(Rct cache_keyt actual_key((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyt __contains__scCsb|j|}y&t|}tj|SWdQXWn&tttfk r]t|nXdS(s Retrieve value from a cache key.N(RqtopentjsontloadtOSErrort ValueErrortIOErrortKeyError(RcRuRvtf((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyt __getitem__s cCs|j|}ytj|dt}Wn'ttfk rQtd|nXtjj|j sztj |j ntj tj |tj tjBdd}|j|j|WdQXdS(NRs5Value cannot be cached, must be JSON serializable: %sitw(RqRytdumpsRQt TypeErrorR|RrRstisdirRotmakedirstfdopenRxtO_WRONLYtO_CREATttruncatetwrite(RcRuRLtfull_keyt file_contentR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyt __setitem__s cCs tjj|j|d}|S(Ns.json(RrRstjoinRo(RcRut full_path((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRqs( RgRht__doc__RrRst expanduserRt CACHE_DIRRdRwRRRq(((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRls'   RRcBs/eZdZdddZdZdZRS(s\ Holds the credentials needed to authenticate requests. :ivar access_key: The access key part of the credentials. :ivar secret_key: The secret key part of the credentials. :ivar token: The security token, valid only for session credentials. :ivar method: A string which identifies where the credentials were found. cCsG||_||_||_|dkr0d}n||_|jdS(Ntexplicit(RRRR,tmethodt _normalize(RcRRRR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRds      cCs4tjj|j|_tjj|j|_dS(N(tbotocoretcompattensure_unicodeRR(Rc((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRscCst|j|j|jS(N(RRRR(Rc((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pytget_frozen_credentialss N(RgRhRR,RdRR(((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRRs   tRefreshableCredentialscBseZdZdZdZedZdZedZ e dZ e j dZ e d Z e j d Z e d Zej d Zd ZddZdZdZdZedZdZdZRS(s Holds the credentials needed to authenticate requests. In addition, it knows how to refresh itself. :ivar access_key: The access key part of the credentials. :ivar secret_key: The secret key part of the credentials. :ivar token: The security token, valid only for session credentials. :ivar method: A string which identifies where the credentials were found. ii<i cCsq||_||_||_||_||_||_tj|_||_ t ||||_ |j dS(N( t_refresh_usingt _access_keyt _secret_keyt_tokent _expiry_timet _time_fetchert threadingtLockt _refresh_lockRRt_frozen_credentialsR(RcRRRRWt refresh_usingRt time_fetcher((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRds       cCs4tjj|j|_tjj|j|_dS(N(RRRRR(Rc((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR+sc CsJ|d|dd|dd|dd|j|dd|d|}|S(NRRRRWRR(t_expiry_datetime(tclstmetadataRRtinstance((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pytcreate_from_metadata/s    cCs|j|jS(sWarning: Using this property can lead to race conditions if you access another property subsequently along the refresh boundary. Please use get_frozen_credentials instead. (R`R(Rc((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR;s cCs ||_dS(N(R(RcRL((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRDscCs|j|jS(sWarning: Using this property can lead to race conditions if you access another property subsequently along the refresh boundary. Please use get_frozen_credentials instead. (R`R(Rc((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRHs cCs ||_dS(N(R(RcRL((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRQscCs|j|jS(sWarning: Using this property can lead to race conditions if you access another property subsequently along the refresh boundary. Please use get_frozen_credentials instead. (R`R(Rc((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRUs cCs ||_dS(N(R(RcRL((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR^scCs|j|j}t|S(N(RRR(Rctdelta((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyt_seconds_remainingbscCsR|jdkrtS|dkr+|j}n|j|krAtStjdtS(sCheck if a refresh is needed. A refresh is needed if the expiry time associated with the temporary credentials is less than the provided ``refresh_in``. If ``time_delta`` is not provided, ``self.advisory_refresh_needed`` will be used. For example, if your temporary credentials expire in 10 minutes and the provided ``refresh_in`` is ``15 * 60``, then this function will return ``True``. :type refresh_in: int :param refresh_in: The number of seconds before the credentials expire in which refresh attempts should be made. :return: True if refresh neeeded, False otherwise. s!Credentials need to be refreshed.N(RR,Rat_advisory_refresh_timeoutRR;R<Re(Rct refresh_in((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pytrefresh_neededfs   cCs|jddS(NRi(R(Rc((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyt _is_expiredscCs|j|jsdS|jjtr|z@|j|jsAdS|j|j}|jd|dSWd|jjXnK|j|jr|j+|j|jsdS|jdtWdQXndS(Nt is_mandatory( RRRtacquireRat_mandatory_refresh_timeoutt_protected_refreshtreleaseRe(Rctis_mandatory_refresh((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR`s   cCsy|j}WnHtk rZ}|r.dnd}tjd|dt|rVndSX|j|t|j|j|j |_ |j rd}tj|t |ndS(Nt mandatorytadvisorysARefreshing temporary credentials failed during %s refresh period.texc_infosLCredentials were refreshed, but the refreshed credentials are still expired.( Rt ExceptionR;twarningRet_set_from_dataRRRRRRt RuntimeError(RcRRtet period_nametmsg((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRs      cCs t|S(N(R(ttime_str((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRscCsddddg}|s!|}n%g|D]}||kr(|^q(}|rzd}td|jd|dj|n|d|_|d|_|d|_t|d|_tj d |j|j dS( NRRRRWs7Credential refresh failed, response did not contain: %stprovidert error_msgs, s(Retrieved credentials will expire at: %s( RRRRRRRRR;R<R(Rctdatat expected_keyst missing_keystktmessage((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRs  %      cCs|j|jS(sReturn immutable credentials. The ``access_key``, ``secret_key``, and ``token`` properties on this class will always check and refresh credentials if needed before returning the particular credentials. This has an edge case where you can get inconsistent credentials. Imagine this: # Current creds are "t1" tmp.access_key ---> expired? no, so return t1.access_key # ---- time is now expired, creds need refreshing to "t2" ---- tmp.secret_key ---> expired? yes, refresh and return t2.secret_key This means we're using the access key from t1 with the secret key from t2. To fix this issue, you can request a frozen credential object which is guaranteed not to change. The frozen credentials returned from this method should be used immediately and then discarded. The typical usage pattern would be:: creds = RefreshableCredentials(...) some_code = SomeSignerObject() # I'm about to sign the request. # The frozen credentials are only used for the # duration of generate_presigned_url and will be # immediately thrown away. request = some_code.sign_some_request( with_credentials=creds.get_frozen_credentials()) print("Signed request:", request) (R`R(Rc((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRs" iiXN(RgRhRRRRJRdRt classmethodRtpropertyRtsetterRRRR,RRR`Rt staticmethodRRR(((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR s(        "   ! tDeferredRefreshableCredentialscBs&eZdZedZddZRS(syRefreshable credentials that don't require initial credentials. refresh_using will be called upon first access. cCs[||_d|_d|_d|_d|_||_tj|_ ||_ d|_ dS(N( RR,RRRRRRRRRR(RcRRR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRds       cCs)|jdkrtStt|j|S(N(RR,RetsuperRR(RcR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRsN(RgRhRRJRdR,R(((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR s tCachedCredentialFetchercBs_eZd d dZdZdZdZdZdZdZ d Z d Z RS( i<icCs:|dkri}n||_|j|_||_dS(N(R,t_cachet_create_cache_keyt _cache_keyt_expiry_window_seconds(RcR%texpiry_window_seconds((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRd#s    cCstddS(Ns_create_cache_key()(tNotImplementedError(Rc((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR*scCs4|jddjtjjd}|jddS(Nt:t_t/(treplaceRrRstsep(Rctfilename((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyt_make_file_safe-s$cCstddS(Ns_get_credentials()(R(Rc((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyt_get_credentials2scCs |jS(N(t_get_cached_credentials(Rc((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pytfetch_credentials5scCs|j}|d kr4|j}|j|n tjd|d}t|ddt}i|dd6|dd6|d d 6|d 6S( sGet up-to-date credentials. This will check the cache for up-to-date credentials, calling assume role if none are available. s*Credentials for role retrieved from cache.RRRVRPRSRRTRRURRWN(t_load_from_cacheR,Rt_write_to_cacheR;R<RQRe(RcRYtcredst expiration((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR8s        cCsO|j|jkrKt|j|j}|j|s;|StjdndS(Ns6Credentials were found in cache, but they are expired.(RRRRR;R<R,(RcR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRNs cCst||j|jeZdZejdZdZdZedZ RS(scustom-processcCs(||_||_d|_||_dS(N(t _profile_namet _load_configR,t_loaded_configt_popen(RcR&R tpopen((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRd s   c sjdkrdSj}|jddk r_tj|fdjStd|dd|dd|jddjS(NRWcs jS(N(t_retrieve_credentials_using((tcredential_processRc(s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR#sRRRR(t_credential_processR,RR9RRRRR(Rct creds_dict((RRcs8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRzs     c CsAt|}|j|dtjdtj}|j\}}|jdkrrtd|jd|jdnt j j j |jd}|j dd}|d krtd|jdd |ny>i|d d 6|d d6|j dd6|j dd6SWn/tk r<}td|jdd|nXdS(NtstdouttstderriRRsutf-8tVersionsisOUnsupported version '%s' for credential process provider, supported versions: 1RSRRTRRURRVRWs$Missing required key in response: %s(RRt subprocesstPIPEt communicatet returncodeRRtdecodeRRRyRR9R~( RcRt process_listtpR"R#tparsedtversionR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR$s2          cCsR|jdkr!|j|_n|jjdij|ji}|jdS(NtprofilesR(RR,RR9R(Rctprofile_config((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR Cs  ( RgRhRR%tPopenRdRzRRR (((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR4s   R/cBs&eZdZdZdZdZRS(siam-roletEc2InstanceMetadatacCs ||_dS(N(t _role_fetcher(RcR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRdPscCsX|j}|j}|sdStjd|dtj|d|jd|j}|S(Ns#Found credentials from IAM Role: %st role_nameRR(R2tretrieve_iam_role_credentialsR,R;R<RRR(RctfetcherRR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRzSs      (RgRhRRRdRz(((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR/Ls R-cBs\eZdZdZdZdZddgZdZd d dZ dZ d Z d Z RS( tenvt EnvironmenttAWS_ACCESS_KEY_IDtAWS_SECRET_ACCESS_KEYtAWS_SECURITY_TOKENtAWS_SESSION_TOKENtAWS_CREDENTIAL_EXPIRATIONcCs7|dkrtj}n||_|j||_dS(s :param environ: The environment variables (defaults to ``os.environ`` if no value is provided). :param mapping: An optional mapping of variable names to environment variable names. Use this if you want to change the mapping of access_key->AWS_ACCESS_KEY_ID, etc. The dict can have up to 3 keys: ``access_key``, ``secret_key``, ``session_token``. N(R,Rrtenviront_build_mappingt_mapping(RcR=R((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRdrs   cCsi}|dkrI|j|d<|j|d<|j|d<|j|ds"    c Cs|jd|jkrtjd|j}|dt}|d}|d k rt|}t|d|d|d|d|d|j St |d|d|dd|j Sd Sd S( sK Search for credentials in explicit environment variables. Rs+Found credentials in environment variables.trequire_expiryRWRRRRN( R?R=R;tinfot_create_credentials_fetcherRaR,RRRRR(RcR5RZRW((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRzs      cs7|j|j|jtfd}|S(Ncsi}jd}|dkrAtdddn||d<jd}|dkrtdddn||dRzRH(((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR-hs   R6cBs>eZdZdZdZdZdZdddZdZ RS(sec2-credentials-filet Ec2ConfigtAWS_CREDENTIAL_FILEtAWSAccessKeyIdt AWSSecretKeycCsC|dkrtj}n|dkr-t}n||_||_dS(N(R,RrR=Rt_environt_parser(RcR=tparser((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRds      cCsd|jkrtjj|jd}|j|}|j|krtjd||j}||j}t ||d|j SndSdS(sN Search for a credential file used by original EC2 CLI tools. RKs)Found credentials in AWS_CREDENTIAL_FILE.RN( RNRrRsRROR@R;RGRARRRR,(RcRRRR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRzs    N( RgRhRRt CRED_FILE_ENVR@RAR,RdRz(((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR6sR3cBsMeZdZdZdZdZddgZd d dZdZ dZ RS( sshared-credentials-filetSharedCredentialsR R taws_security_tokenR cCsO||_|dkrd}n||_|dkrBtjj}n||_dS(NR(t_creds_filenameR,RRt configloadertraw_config_parset _ini_parser(RcR(R&t ini_parser((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRds     cCsy|j|j}Wntk r*dSX|j|kr||j}|j|krtjd|j|j||j|j \}}|j |}t |||d|j SndS(Ns0Found credentials in shared credentials file: %sR( RWRTR R,RR@R;RGRRAt_get_session_tokenRRR(Rctavailable_credstconfigRRR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRz s    cCs,x%|jD]}||kr ||Sq WdS(N(RB(RcR[t token_envvar((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRYs N( RgRhRRR@RARBR,RdRzRY(((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR3s  R5cBsPeZdZdZdZdZdZddgZd dZ dZ d Z RS( s0INI based config provider with profile sections.s config-filet SharedConfigR R RSR cCs:||_||_|dkr-tjj}n||_dS(s :param config_filename: The session configuration scoped to the current profile. This is available via ``session.config``. :param profile_name: The name of the current profile. :param config_parser: A config parser callable. N(t_config_filenameRR,RRUR t_config_parser(RcR)R&t config_parser((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRd/s   cCsy|j|j}Wntk r*dSX|j|dkr|d|j}|j|krtjd|j|j||j|j \}}|j |}t |||d|j SndSdS(sr If there is are credentials in the configuration associated with the session, use those. R.s$Credentials found in config file: %sRN( R_R^R R,RR@R;RGRRARYRRR(RcR!R/RRR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRz>s    cCs,x%|jD]}||kr ||Sq WdS(N(RB(RcR/t token_name((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRYTs N( RgRhRRRR@RARBR,RdRzRY(((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR5#s   R7cBsJeZdZdZdZddgZdZdZd d dZ dZ RS( s boto-configt Boto2Configt BOTO_CONFIGs /etc/boto.cfgs~/.botoR R cCsI|dkrtj}n|dkr3tjj}n||_||_dS(N(R,RrR=RRURVRNRW(RcR=RX((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRdcs     cCs|j|jkr(|j|jg}n |j}x|D]}y|j|}Wntk rgq8nXd|kr8|d}|j|krtjd||j||j|j \}}t ||d|j Sq8q8WdS(s; Look for credentials in boto config file. RRs)Found credentials in boto config file: %sRN( tBOTO_CONFIG_ENVRNtDEFAULT_CONFIG_FILENAMESRWR R@R;RGRRARRR(Rctpotential_locationsRR[RZRR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRzks"       N( RgRhRRRdReR@RAR,RdRz(((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR7Zs R0cBseZdZdZdZdZejddZdZ dZ dZ dZ d Z d Zd Zd Zd ZdZdZdZRS(s assume-roleRi<icCsR||_||_||_||_||_i|_||_|jg|_dS(s :type load_config: callable :param load_config: A function that accepts no arguments, and when called, will return the full configuration dictionary for the session (``session.full_config``). :type client_creator: callable :param client_creator: A factory function that will create a client when called. Has the same interface as ``botocore.session.Session.create_client``. :type cache: dict :param cache: An object that supports ``__getitem__``, ``__setitem__``, and ``__contains__``. An example of this is the ``JSONFileCache`` class in the CLI. :type profile_name: str :param profile_name: The name of the profile. :type prompter: callable :param prompter: A callable that returns input provided by the user (i.e raw_input, getpass.getpass, etc.). :type credential_sourcer: CanonicalNameCredentialSourcer :param credential_sourcer: A credential provider that takes a configuration, which is used to provide the source credentials for the STS call. N(R%RRRt _prompterRt_credential_sourcert_visited_profiles(RcR R$R%R&tprompterR'((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRds#       cCs\|j|_|jjdi}|j|ji}|j|rX|j|jSdS(NR.(RRR9Rt_has_assume_role_config_varst_load_creds_via_assume_role(RcR.R((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRzs cCs |j|kS(N(tROLE_CONFIG_VAR(RcR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRksc CsA|j|}|j||}i}|jd}|dk rO||dts(R{(RcRt static_keys((Rs8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR|rs cCsR|jd}|dk r+|j||S|d}|jj||j|S(NRvRu(R9R,t _resolve_credentials_from_sourceRiRt!_resolve_credentials_from_profile(RcRsR&RvRu((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRrvs   cCsH|jjdi}||}|j|r;|j|S|j|S(NR.(RR9R|t(_resolve_static_credentials_from_profileRl(RcR&R.R((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRs   cCsfy.td|dd|dd|jdSWn1tk ra}td|jdt|nXdS( NRR RR RR RR(RRR9R~RRtstr(RcRR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRs  cCs>|jj|}|dkr:td|dd|n|S(NRRsBNo credentials found in credential_source referenced in profile %s(RhRR,R(RcRvR&RZ((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRs    Ni(RgRhRR,RRmtEXPIRY_WINDOW_SECONDSRRdRzRkRlRqRwR}RxR|RrRRR(((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR0s"4   , 2  0  R2cBs>eZdZdZdZdZdZdZRS(cCs ||_dS(N(t _providers(RcR*((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRdscCs#|g|jD]}|j^q kS(sLValidates a given source name. :type source_name: str :param source_name: The value of credential_source in the config file. This is the canonical name of the credential provider. :rtype: bool :returns: True if the credential provider is supported, False otherwise. (RR(Rct source_nameR+((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRys cCs2|j|}t|tr(|jS|jS(sLoads source credentials based on the provided configuration. :type source_name: str :param source_name: The value of credential_source in the config file. This is the canonical name of the credential provider. :rtype: Credentials (t _get_providerRKR=RFRz(RcRtsource((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRs  cCs|j|}|jdkr_|jd}|dk r_|dkrL|St||gSn|dkr}td|n|S(s#Return a credential provider by its canonical name. :type canonical_name: str :param canonical_name: The canonical name of the provider. :raises UnknownCredentialError: Raised if no credential provider by the provided name is found. t sharedconfigtsharedcredentialss assume-roletname(RRN(t_get_provider_by_canonical_nametlowert_get_provider_by_methodR,R=R(Rctcanonical_nameRRC((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRs    cCsCx<|jD]1}|j}|r |j|jkr |Sq WdS(sReturn a credential provider by its canonical name. This function is strict, it does not attempt to address compatibility issues. N(RRR(RcRRR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRs cCs+x$|jD]}|j|kr |Sq WdS(s0Return a credential provider by its METHOD name.N(RR(RcRR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRs(RgRhRdRyRRRR(((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR2s    & R.cBsbeZdZdZdZdZdZd d dZdZ dZ dZ d Z d Z RS( scontainer-rolet EcsContainert&AWS_CONTAINER_CREDENTIALS_RELATIVE_URIt"AWS_CONTAINER_CREDENTIALS_FULL_URIt!AWS_CONTAINER_AUTHORIZATION_TOKENcCsF|dkrtj}n|dkr0t}n||_||_dS(N(R,RrR=RRNt_fetcher(RcR=R5((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRds      cCs2|j|jks$|j|jkr.|jSdS(N(tENV_VARRNt ENV_VAR_FULLt_retrieve_or_fail(Rc((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRz s$c Cs|jr+|jj|j|j}n|j|j}|j}|j||}|}td|dd|dd|dd|j dt |dd|S(NRRRRRWR( t_provided_relative_uriRtfull_urlRNRRt_build_headerst_create_fetcherRRRM(Rctfull_uritheadersR5R((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRs       cCs6i}|jj|j}|dk r2i|d6SdS(Nt Authorization(RNR9tENV_VAR_AUTH_TOKENR,(RcRt auth_token((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR"s  csfd}|S(Ncsyjjd}WnGtk re}tjd|dttdjdt|nXi|dd6|dd 6|d d 6|d d 6S(NRs'Error retrieving container metadata: %sRRRRSRRTRtTokenRRVRW( Rtretrieve_full_uriR R;R<ReRRR(RYR(RRRc(s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyt fetch_creds+s    ((RcRRR((RRRcs8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR*scCs|j|jkS(N(RRN(Rc((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR=sN(RgRhRRRRRR,RdRzRRRR(((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR.s    R=cBsGeZdZdZdZdZdZdZdZRS(cCs ||_dS(sQ :param providers: A list of ``CredentialProvider`` instances. N(R*(RcR*((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRdBscCsfy,g|jD]}|j^q j|}Wn tk rNtd|nX|jj||dS(s= Inserts a new instance of ``CredentialProvider`` into the chain that will be tried before an existing one. :param name: The short name of the credentials you'd like to insert the new credentials before. (ex. ``env`` or ``config``). Existing names & ordering can be discovered via ``self.available_methods``. :type name: string :param cred_instance: An instance of the new ``Credentials`` object you'd like to add to the chain. :type cred_instance: A subclass of ``Credentials`` RN(R*RtindexR|Rtinsert(RcRtcredential_providerR+toffset((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyt insert_beforeJs , cCs*|j|}|jj|d|dS(s9 Inserts a new type of ``Credentials`` instance into the chain that will be tried after an existing one. :param name: The short name of the credentials you'd like to insert the new credentials after. (ex. ``env`` or ``config``). Existing names & ordering can be discovered via ``self.available_methods``. :type name: string :param cred_instance: An instance of the new ``Credentials`` object you'd like to add to the chain. :type cred_instance: A subclass of ``Credentials`` iN(t_get_provider_offsetR*R(RcRRR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyt insert_after^scCsRg|jD]}|j^q }||kr/dS|j|}|jj|dS(s Removes a given ``Credentials`` instance from the chain. :param name: The short name of the credentials instance to remove. :type name: string N(R*RRtpop(RcRR+tavailable_methodsR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR:os  cCs|j|j|S(sReturn a credential provider by name. :type name: str :param name: The name of the provider. :raises UnknownCredentialError: Raised if no credential provider by the provided name is found. (R*R(RcR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyt get_provider~s cCsQy*g|jD]}|j^q j|SWn tk rLtd|nXdS(NR(R*RRR|R(RcRR+((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRs* cCsGx@|jD]5}tjd|j|j}|dk r |Sq WdS(sw Goes through the credentials chain, returning the first ``Credentials`` that could be loaded. sLooking for credentials via: %sN(R*R;R<RRzR,(RcRR((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyRFs   ( RgRhRdRRR:RRRF(((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pyR=As     (DRRHtloggingRrRRRyR%t collectionsRtcopyRthashlibRtdateutil.parserRt dateutil.tzRtbotocore.configloaderRtbotocore.compatRRtbotocore.exceptionsRRR R R R R Rtbotocore.utilsRRRt getLoggerRgR;RR,RERGRJRMRaRQR^RkRiRlRRRRRRRR4R/R-R6R3R5R7R0R2R.R=(((s8/tmp/pip-install-usGedi/botocore/botocore/credentials.pytsr            J      -'Av-Fo"*7*!XE