o ?cK*@sddlZddlZddlZddlZddlmZmZddlmZmZddl Z ddl m Z ddl mZddlmZddlmZddlmZdd lmZmZmZdd lmZmZeeZd d Zd dZ ddZ!ddZ"GdddeZ#GdddZ$GdddZ%GdddZ&dS)N)datetime timedelta) NamedTupleOptional)tzutc)UNSIGNED) total_seconds)Config) JSONFileCache) ClientErrorInvalidConfigErrorTokenRetrievalError)CachedPropertySSOTokenLoadercCs ttSN)rnowrrrj/private/var/folders/cw/wlscbxl13mj6wd668h7l9g9sllkg5j/T/pip-target-b31awkwq/lib/python/botocore/tokens.py_utc_now%s rcCst|g}t|dS)N) providers)SSOTokenProviderTokenProviderChain)sessionrrrrcreate_token_resolver)s rcCst|tr |dS|S)Nz%Y-%m-%dT%H:%M:%SZ) isinstancerstrftimeobjrrr_serialize_utc_timestamp0s  rcCstj|tdS)N)default)jsondumpsrrrrr_sso_json_dumps6sr"c@s&eZdZUeed<dZeeed<dS)FrozenAuthTokentokenN expiration)__name__ __module__ __qualname__str__annotations__r%rrrrrrr#:s r#c@sLeZdZdZdZdZefddZddZdd Z d d Z d d Z ddZ dS)DeferredRefreshableTokeniX<cCs,||_||_||_t|_d|_d|_dSr) _time_fetcher_refresh_usingmethod threadingLock _refresh_lock _frozen_token _next_refresh)selfr0Z refresh_using time_fetcherrrr__init__Hs   z!DeferredRefreshableToken.__init__cCs||jSr)_refreshr4r6rrrget_frozen_tokenRsz)DeferredRefreshableToken.get_frozen_tokencCsN|}|sdS|dk}|j|r%z |W|jdS|jwdS)N mandatory)_should_refreshr3acquire_protected_refreshrelease)r6 refresh_typeZblock_for_refreshrrrr9Vs  z!DeferredRefreshableToken._refreshcCs|}|sdSz|}|t|jd|_||_Wnty2tj d|dd|dkr0Ynw| r>t |j dddS)Nsecondsz5Refreshing token failed during the %s refresh period.Texc_infor<z$Token has expired and refresh failed)provider error_msg) r=r.r_attempt_timeoutr5r/r4 Exceptionloggerwarning _is_expiredr r0)r6rArrrrr?ds.  z+DeferredRefreshableToken._protected_refreshcCs.|jdurdS|jj}t||}|dkS)NFr)r4r%rr.)r6r% remainingrrrrLs z$DeferredRefreshableToken._is_expiredcCsd|jdurdS|jj}|durdS|}||jkrdSt||}||jkr)dS||jkr0dSdS)Nr<Zadvisory)r4r%r.r5r_mandatory_refresh_timeout_advisory_refresh_timeout)r6r%rrMrrrr=s     z(DeferredRefreshableToken._should_refreshN) r&r'r(rOrNrHrr8r;r9r?rLr=rrrrr+?s   r+c@seZdZdddZddZdS)rNcCs|durg}||_dSr) _providers)r6rrrrr8s zTokenProviderChain.__init__cCs(|jD]}|}|dur|SqdSr)rP load_token)r6rFr$rrrrQs zTokenProviderChain.load_tokenr)r&r'r(r8rQrrrrrs  rc@seZdZdZdZejejddddZ ddgZ dZ d e fd d Z d d ZeddZeddZddZddZddZddZd S)rZssor,~z.awscache sso_start_url sso_regionZ refresh_tokenNcCs:||_|durt|jtd}||_||_t|jd|_dS)N)Z dumps_func)rS)_sessionr _SSO_TOKEN_CACHE_DIRr"_now_cacher _token_loader)r6rrSr7rrrr8szSSOTokenProvider.__init__c Cs|jj}|di}|di}|jd}|sd}||i}d|vr&dS|d}||d}|s@d|d|d}t|d g} |jD] } | |vrP| | qE| rad|d | d }t|d ||d |d dS)Nprofiles sso_sessionsZprofilerZ sso_sessionz The profile "z7" is configured to use the SSO token provider but the "z+" sso_session configuration does not exist.)rGzZ" is configured to use the SSO token provider but is missing the following configuration: .rUrT) session_namerUrT)rVZ full_configgetZget_config_variabler _SSO_CONFIG_VARSappend) r6Z loaded_configr[r\Z profile_nameZprofile_configZsso_session_nameZ sso_configrGZmissing_configsvarrrr_load_sso_configs@         z!SSOTokenProvider._load_sso_configcCs|Sr)rcr:rrr _sso_configszSSOTokenProvider._sso_configcCs"t|jdtd}|jjd|dS)NrU)Z region_nameZsignature_versionzsso-oidc)config)r rdrrVZ create_client)r6rerrr_clients zSSOTokenProvider._clientcCs|jj|j|d|d|dd}t|dd}|jd|jd|d |||d|d|d d }d|vr>|d|d<td |S) NclientId clientSecret refreshToken)Z grantTypergrhriZ expiresInrBrTrU accessTokenregistrationExpiresAt)ZstartUrlregionrj expiresAtrgrhrkzSSO Token refresh succeeded)rfZ create_token _GRANT_TYPErrdrXrJinfo)r6r$responseZ expires_inZ new_tokenrrr_attempt_create_tokens&   z&SSOTokenProvider._attempt_create_tokencsd}fdd|D}|rd|}t|dStjd}t||dkr5td|dSz|WStyLtj dd d YdSw) N)rirgrhrkcsg|]}|vr|qSrr).0kr$rr sz:SSOTokenProvider._refresh_access_token..z+Unable to refresh SSO token: missing keys: rkrz"SSO token registration expired at z SSO token refresh attempt failedTrD) rJrodateutilparserparserrXrqr rK)r6r$keysZ missing_keysmsgZexpiryrrtr_refresh_access_tokens     z&SSOTokenProvider._refresh_access_tokencCs|jd}|jd}td||j||d}tj|d}td|t|| }||j krN| |}|durN|}|d}|jj |||dt |d|dS) NrTr^zLoading cached SSO token for )r^rmzCached SSO token expires at rj)r%)rdrJrorZrvrwrxdebugrrX_REFRESH_WINDOWr{Z save_tokenr#)r6Z start_urlr^Z token_dictr%rMZnew_token_dictrrr _refresher*s$    zSSOTokenProvider._refreshercCs"|jdurdSt|j|j|jdS)N)r7)rdr+METHODr~rXr:rrrrQ@s  zSSOTokenProvider.load_token)r&r'r(rr}ospath expanduserjoinrWr`rnrr8rcrrdrfrqr{r~rQrrrrrs( *   r)'r loggingrr1rrtypingrrZdateutil.parserrvZ dateutil.tzrZbotocorerZbotocore.compatrZbotocore.configr Zbotocore.credentialsr Zbotocore.exceptionsr r r Zbotocore.utilsrr getLoggerr&rJrrrr"r#r+rrrrrrs.       a