o ?c~@sddlZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddl Z ddlZddlmZddlmZddlZddlZddlZddlmZddlmZddlmZddlmZddlmZdd lmZdd lmZdd lmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,dd l-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7m8Z8m9Z9m:Z:m;Z;mZ>m?Z?m@Z@mAZAmBZBmCZCmDZDdd lEmFZFmGZGeHeIZJdZKdZLdZMdZNdZOe PdZQe=e2e0e1fZRdgZSiddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5id6d7d8d9d:d;dd?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTdOdUdVidWdXdYdZd[d\d]d^d_d^d`d5dad7dbd?dcdddedfdgdhdidjdkdldmdndodpdqdZdrdsidtdudvdudwdxdydjdzd{d|d}d~ddddddddddddlddddddddddddddIddZTe jPde jUdZVddZWddZXddZYddZZddZ[ddZ\ddZ]ddZ^ddZ_d ddZ`ddZaGdddebZcGdddebZdGdddZeGdddeeZfGdddZgGdddeeZhd!ddZiddZjekfddZldd„ZmeOfddĄZneOfddƄZoddȄZpddʄZqdd̄Zrd"dd΄Zsd!ddЄZtdd҄ZuddԄZvGddքdփZwGdd؄d؃ZxddڄZydd܄ZzddބZ{ddZ|ddZ}ddZ~ d"ddZ d"ddZddZddZddZddZd ddZd ddZddZddZGdddZGdddeZGdddZGdddZGdddZGdddZGdddZGdddZd d Zd d Zd dZd#ddZddZddZddZddZGdddZGdddZGdddZdS($N)tzutc)LocationParseError)HEX_PAT)IPV4_PAT)IPV6_ADDRZ_PAT)IPV6_PAT)LS32_PAT)UNRESERVED_PAT) ZONE_ID_PAT)HAS_CRTIPV4_RE IPV6_ADDRZ_RE MD5_AVAILABLEUNSAFE_URL_CHARS OrderedDictget_md5get_tzinfo_optionsjsonquoteurlparseurlsplit urlunsplit zip_longest) ClientErrorConfigNotFoundConnectionClosedErrorConnectTimeoutErrorEndpointConnectionErrorHTTPClientErrorInvalidDNSNameError!InvalidEndpointConfigurationErrorInvalidExpressionErrorInvalidHostLabelErrorInvalidIMDSEndpointErrorInvalidIMDSEndpointModeErrorInvalidRegionErrorMetadataRetrievalErrorMissingDependencyExceptionReadTimeoutErrorSSOTokenLoadErrorUnsupportedOutpostResourceError*UnsupportedS3AccesspointConfigurationErrorUnsupportedS3ArnErrorUnsupportedS3ConfigurationErrorUnsupportedS3ControlArnError&UnsupportedS3ControlConfigurationError) getproxies proxy_bypasszhttp://169.254.169.254/zhttp://[fd00:ec2::254]/)ipv4ipv6z-._~z-z0-9][a-z0-9\-]*[a-z0-9] dualstackZa4bzalexa-for-businessZalexaforbusinesszapi.mediatailorZ mediatailorz api.pricingZpricingz api.sagemakerZ sagemakerZ apigatewayz api-gatewayzapplication-autoscalingzapplication-auto-scalingZ appstream2Z appstreamZ autoscalingz auto-scalingzautoscaling-planszauto-scaling-plansZcez cost-explorerZ cloudhsmv2z cloudhsm-v2Zcloudsearchdomainzcloudsearch-domainz cognito-idpzcognito-identity-providerconfigzconfig-servicecurzcost-and-usage-report-servicezdata.iotziot-data-planez data.jobs.iotziot-jobs-data-planezdata.mediastorezmediastore-dataZ datapipelinez data-pipelineZ devicefarmz device-farmzdevices.iot1clickziot-1click-devices-serviceZ directconnectzdirect-connectZ discoveryzapplication-discovery-serviceZdmszdatabase-migration-serviceZdszdirectory-serviceZdynamodbstreamszdynamodb-streamsZelasticbeanstalkzelastic-beanstalkZelasticfilesystemZefsZelasticloadbalancingzelastic-load-balancingZelasticmapreduceZemrZelastictranscoderzelastic-transcoderZelbZelbv2zelastic-load-balancing-v2emailZseszentitlement.marketplacezmarketplace-entitlement-serviceeszelasticsearch-serviceeventsZ eventbridgezcloudwatch-eventsziot-dataz iot-jobs-dataziot1click-devicesziot1click-projectsziot-1click-projectsZkinesisanalyticszkinesis-analyticsZ kinesisvideoz kinesis-videoz lex-modelszlex-model-building-servicez lex-runtimezlex-runtime-serviceZlogszcloudwatch-logsZmachinelearningzmachine-learningzmarketplace-entitlementZmarketplacecommerceanalyticszmarketplace-commerce-analyticszmetering.marketplacezmarketplace-meteringZmeteringmarketplaceZmghz migration-hubz models.lexZ monitoringZ cloudwatchzmturk-requesterZmturkz opsworks-cmZ opsworkscmzprojects.iot1clickZresourcegroupstaggingapizresource-groups-tagging-apiZroute53zroute-53Zroute53domainszroute-53-domainsz runtime.lexzruntime.sagemakerzsagemaker-runtimeZsdbZsimpledbZsecretsmanagerzsecrets-managerZserverlessrepoZserverlessapplicationrepositoryZservicecatalogzservice-catalogsfnzstorage-gateway)ZstatesZ stepfunctionsZstoragegatewayzstreams.dynamodbZtaggingz^X-Amz-Checksum-([a-z0-9]*)$)flagscCs(t|tr|St|tr|dkSdS)z~Ensures a boolean value if a string or boolean is provided For strings, the value for True/False is case insensitive trueF) isinstanceboolstrlowervalrDi/private/var/folders/cw/wlscbxl13mj6wd668h7l9g9sllkg5j/T/pip-target-b31awkwq/lib/python/botocore/utils.pyensure_booleans   rFcCsP|d}|dur|}|tvr|td}tdi||S|dr&dSdS)zResolving IMDS endpoint mode to either IPv6 or IPv4. ec2_metadata_service_endpoint_mode takes precedence over imds_use_ipv6. "ec2_metadata_service_endpoint_modeN)modeZ valid_modesZ imds_use_ipv6r4r3rD)get_config_variablerAMETADATA_ENDPOINT_MODESr$)sessionZ endpoint_modeZlendpoint_modeZerror_msg_kwargsrDrDrEresolve_imds_endpoint_modes rLcCs2t|do|jddo|jddko|jdkS)zDetermines if the provided shape is the special header type jsonvalue. :type shape: botocore.shape :param shape: Shape to be inspected for the jsonvalue trait. :return: True if this type is a jsonvalue, False otherwise :rtype: Bool serializationZ jsonvalueFlocationheaderstring)hasattrrMget type_name)shaperDrDrEis_json_value_headers rUcCs<|durdSt|tjjr||vS|dd|DvS)z&Case-insensitive check for header key.NFcSsg|]}|qSrDrA).0keyrDrDrE szhas_header..)r>botocore awsrequestZ HeadersDictrAkeys) header_nameheadersrDrDrE has_headers r_cCsD|jd|jd|j}|dd}|dd}tdd|}|S)zvReturns the module name for a service This is the value used in both the documentation and client class name ZserviceAbbreviationZserviceFullNameZAmazonZAWSz\W+)metadatarRZ service_namereplaceresub)Z service_modelnamerDrDrEget_service_module_names  rfcCs|sdSt|S)N/)remove_dot_segmentspathrDrDrEnormalize_url_pathsrkcCs|dur|St|S)zLReturns None if val is None, otherwise ensure value converted to booleanN)rFrBrDrDrEnormalize_booleansrlcCs|sdS|d}g}|D]}|r%|dkr%|dkr |r|q ||q |ddkr/d}nd}|ddkr<|rkwargsrRrr#)rrsr^riresponseerDrDrE_fetch_metadata_tokensF        z!IMDSFetcher._fetch_metadata_tokenc Cs||dur |j}||}i}|dur||d<||t|jD]9}ztjjd||d}|j | }||sA|WSWq$t y]} zt jd|| ddWYd} ~ q$d} ~ ww|)aZMake a get request to the Instance Metadata Service. :type url_path: str :param url_path: The path component of the URL to make a get request. This arg is appended to the base_url that was provided in the initializer. :type retry_func: callable :param retry_func: A function that takes the response as an argument and determines if it needs to retry. By default empty and non 200 OK responses are retried. :type token: str :param token: Metadata token to send along with GET requests to IMDS. Nzx-aws-ec2-metadata-tokenGETrrTr)r_default_retryrrrrrZr[rrrrrrr_RETRIES_EXCEEDED_ERROR_CLS) rurl_path retry_functokenrsr^rrrrrDrDrE _get_requests6   zIMDSFetcher._get_requestcCs|jdur |j|d<dSdS)Nz User-Agent)r)rr^rDrDrEr s zIMDSFetcher._add_user_agentcCs|jr td|dS)Nz)Access to EC2 metadata has been disabled.)rrrrrrDrDrEr s zIMDSFetcher._assert_enabledcC||p ||Sr_is_non_ok_response _is_emptyrrrDrDrErzIMDSFetcher._default_retrycCs"|jdkr|j|ddddSdS)Nrznon-200Tlog_bodyF)r_log_imds_responserrDrDrErs zIMDSFetcher._is_non_ok_responsecCs|js |j|ddddSdS)Nzno bodyTrF)contentrrrDrDrErszIMDSFetcher._is_emptyFcCs@d}||j|jg}|r|d7}||jtj|g|RdS)NzHMetadata service returned %s response with status code of %s for url: %sz, content body: %s)rrsrqrrr)rrZ reason_to_logrZ statementZ logger_argsrDrDrEr!s zIMDSFetcher._log_imds_responserF)rrrrrrr DEFAULT_METADATA_SERVICE_TIMEOUTrrrrrrrrrrrrrrDrDrDrErss,  $*rc@s\eZdZdZgdZddZdddZddd Zd d Zd d Z ddZ ddZ ddZ dS)InstanceMetadataFetcherz*latest/meta-data/iam/security-credentials/) AccessKeyIdSecretAccessKeyToken Expirationc Csz=|}||}|||}||r-||d|d|d|dd}|||WSd|vr;d|vr;td|iWS|jyOtd |jYiSt yh}ztd |j WYd}~iSd}~ww) Nrrrr) role_nameZ access_keyZ secret_keyr expiry_timeCodeMessagez7Error response received when retrievingcredentials: %s.\Max number of attempts exceeded (%s) when attempting to retrieve data from metadata service.zBad IMDS request: %s) r _get_iam_role_get_credentials_contains_all_credential_fields_evaluate_expirationrrrrrr)rrr credentialsrrDrDrEretrieve_iam_role_credentials6s<     z5InstanceMetadataFetcher.retrieve_iam_role_credentialsNcCs|j|j|j|djSNrrr)r _URL_PATH_needs_retry_for_role_namer)rrrDrDrEr_sz%InstanceMetadataFetcher._get_iam_rolecCs$|j|j||j|d}t|jSr)rr_needs_retry_for_credentialsrloadsr)rrrrrDrDrErfs  z(InstanceMetadataFetcher._get_credentialscCs4z t|jWdSty||dYdSw)NFz invalid jsonT)rrr ValueErrorrrrDrDrE_is_invalid_jsonns   z(InstanceMetadataFetcher._is_invalid_jsoncCrrrrrDrDrErvrz2InstanceMetadataFetcher._needs_retry_for_role_namecCs||p||p||Sr)rrrrrDrDrErys z4InstanceMetadataFetcher._needs_retry_for_credentialscCs*|jD]}||vrtd|dSqdS)Nz3Retrieved credentials is missing required field: %sFT)_REQUIRED_CREDENTIAL_FIELDSrr)rrfieldrDrDrErs z7InstanceMetadataFetcher._contains_all_credential_fieldsc Cs|d}|dur dSzHtj|d}|jdd}tdd}||}tj}tj|d}||}||krQ||} | d|d<t d|dd d WdSWdSt ygt d |dYdSw) Nrz%Y-%m-%dT%H:%M:%SZZec2_credential_refresh_windowiXx)secondszAttempting credential expiration extension due to a credential service availability issue. A refresh of these credentials will be attempted again within the next <z.0fz minutes.zUnable to parse expiry_time in ) rRdatetimestrptimerrandomrandintutcnow timedeltastrftimerinforr) rrZ expirationZrefresh_intervalZjitterZrefresh_interval_with_jitter current_timeZrefresh_offsetZextension_timeZnew_timerDrDrErsB       z,InstanceMetadataFetcher._evaluate_expirationr) rrrrrrrrrrrrrrDrDrDrEr-s )  rc@s6eZdZd ddZddZddZdd Zd d ZdS) IMDSRegionProviderNcCs$||_|dur tj}||_||_dS)aUInitialize IMDSRegionProvider. :type session: :class:`botocore.session.Session` :param session: The session is needed to look up configuration for how to contact the instance metadata service. Specifically the whether or not it should use the IMDS region at all, and if so how to configure the timeout and number of attempts to reach the service. :type environ: None or dict :param environ: A dictionary of environment variables to use. If ``None`` is the argument then ``os.environ`` will be used by default. :type fecther: :class:`botocore.utils.InstanceMetadataRegionFetcher` :param fetcher: The class to actually handle the fetching of the region from the IMDS. If not provided a default one will be created. N)rrr_environ_fetcher)rrKrfetcherrDrDrErs  zIMDSRegionProvider.__init__cCs |}|S)z#Provide the region value from IMDS.)_get_instance_metadata_region)rZinstance_regionrDrDrEprovideszIMDSRegionProvider.providecCs|}|}|Sr) _get_fetcherretrieve_region)rrrrDrDrErsz0IMDSRegionProvider._get_instance_metadata_regioncCs|jdur ||_|jSr)r_create_fetcherrrDrDrErs  zIMDSRegionProvider._get_fetchercCsN|jd}|jd}|jdt|jd}t|||j|j|d}|S)NZmetadata_service_timeoutZmetadata_service_num_attemptsr)rrG)rrrrr6)rrIrLInstanceMetadataRegionFetcherrr)rZmetadata_timeoutZmetadata_num_attemptsZ imds_configrrDrDrErs*z"IMDSRegionProvider._create_fetcherNN)rrrrrrrrrDrDrDrErs   rc@ eZdZdZddZddZdS)rz-latest/meta-data/placement/availability-zone/cCs4z|}|WS|jytd|jYdSw)aRGet the current region from the instance metadata service. :rvalue: str :returns: The region the current instance is running in or None if the instance metadata service cannot be contacted or does not give a valid response. :rtype: None or str :returns: Returns the region as a string if it is configured to use IMDS as a region source. Otherwise returns ``None``. It will also return ``None`` if it fails to get the region from IMDS due to exhausting its retries or not being able to connect. rN) _get_regionrrrr)rrrDrDrErs z-InstanceMetadataRegionFetcher.retrieve_regioncCs2|}|j|j|j|d}|j}|dd}|S)Nrrn)rrrrr)rrrZavailability_zonerrDrDrErs z)InstanceMetadataRegionFetcher._get_regionN)rrrrrrrDrDrDrErs rFcCs|D]M}t||tr$||vr||vrt||||q||||<qt||trI|rI||vrBt||trB||||q||||<q||||<qdS)zGiven two dict, merge the second dict into the first. The dicts can have arbitrary nesting. :param append_lists: If true, instead of clobbering a list with the new value, append all of the new values onto the original list. N)r>dict merge_dictslistextend)Zdict1Zdict2Z append_listsrXrDrDrErsrcCs"i}|D] }||||<q|S)zDCopies the given dictionary ensuring all keys are lowercase strings.rV)originalrrXrDrDrElowercase_dict/sr#cCsZz ||}|}t|WdWS1swYWdSty,t|dw)Nri)readparse_key_val_file_contentsOSErrorr)filename_openfcontentsrDrDrEparse_key_val_file7s (  r+cCsHi}|D]}d|vr q|dd\}}|}|}|||<q|S)N=r2) splitlinesrostrip)r*finallinerXrCrDrDrEr%@s  r%cCsg}t|dr |}n|}|D]+\}}t|tr-|D]}|t|dt|qq|t|dt|qd|S)afUrlencode a dict or list into a string. This is similar to urllib.urlencode except that: * It uses quote, and not quote_plus * It has a default list of safe chars that don't need to be encoded, which matches what AWS services expect. If any value in the input ``mapping`` is a list type, then each list element wil be serialized. This is the equivalent to ``urlencode``'s ``doseq=True`` argument. This function should be preferred over the stdlib ``urlencode()`` function. :param mapping: Either a dict to urlencode or a list of ``(key, value)`` pairs. itemsr,&)rQr1r>r rqpercent_encoderr)mappingsafeZ encoded_pairspairsrXrelementrDrDrEpercent_encode_sequenceOs     r8cCs6t|ttfs t|}t|ts|d}t||dS)aUrlencodes a string. Whereas percent_encode_sequence handles taking a dict/sequence and producing a percent encoded string, this function deals only with taking a string (not a dict/sequence) and percent encoding it. If given the binary type, will simply URL encode it. If given the text type, will produce the binary type by UTF-8 encoding the text. If given something else, will convert it to the text type first. utf-8)r5)r>bytesr@encoder) input_strr5rDrDrEr3us     r3c Cst|ttfrtj||Sz tjt||WSttfy%Ynwz tjj |dt idWSttfyJ}z td|d|d}~ww)z.Parse timestamp with pluggable tzinfo options.GMT)ZtzinfoszInvalid timestamp "z": N) r>intfloatr fromtimestamp TypeErrorrdateutilparserparserrtzinforrDrDrE_parse_timestamp_with_tzinfosrGc Cs^tD]%}zt||WSty(}ztjd|j|dWYd}~qd}~wwtd|)zParse a timestamp into a datetime object. Supported formats: * iso8601 * rfc822 * epoch (value is an integer) This will return a ``datetime.datetime`` object. z2Unable to parse timestamp with "%s" timezone info.rNz4Unable to calculate correct timezone offset for "%s")rrGr&rrr RuntimeErrorrErDrDrEparse_timestamps rIcCsFt|tjr |}nt|}|jdur|jtd}|S|t}|S)aConverted the passed in value to a datetime object with tzinfo. This function can be used to normalize all timestamp inputs. This function accepts a number of different types of inputs, but will always return a datetime.datetime object with time zone information. The input param ``value`` can be one of several types: * A datetime object (both naive and aware) * An integer representing the epoch time (can also be a string of the integer, i.e '0', instead of 0). The epoch time is considered to be UTC. * An iso8601 formatted timestamp. This does not need to be a complete timestamp, it can contain just the date portion without the time component. The returned value will be a datetime object that will have tzinfo. If no timezone info was provided in the input value, then UTC is assumed, not local time. NrF)r>rrIrFrbr astimezone)r datetime_objrDrDrEparse_to_aware_datetimes   rMcCs~tddd}|jdur|durt}|j|d}|jdd||}t|dr.|S|j|j|j ddddS) awCalculate the timestamp based on the given datetime instance. :type dt: datetime :param dt: A datetime object to be converted into timestamp :type default_timezone: tzinfo :param default_timezone: If it is provided as None, we treat it as tzutc(). But it is only used when dt is a naive datetime. :returns: The timestamp r2NrJ total_secondsii@B) rrFrrb utcoffsetrQrO microsecondsrdays)dtZdefault_timezoneepochdrDrDrEdatetime2timestamps   rWcs>t}tfdddD]}||q |r|S|S)aCalculate a sha256 checksum. This method will calculate the sha256 checksum of a file like object. Note that this method will iterate through the entire file contents. The caller is responsible for ensuring the proper starting position of the file and ``seek()``'ing the file back to its starting location if other consumers need to read from the file like object. :param body: Any file like object. The file must be opened in binary mode such that a ``.read()`` call returns bytes. :param as_hex: If True, then the hex digest is returned. If False, then the digest (as binary bytes) is returned. :returns: The sha256 checksum c dSNr$rDbodyrDrE z"calculate_sha256..)hashlibsha256iterupdate hexdigestdigest)r]Zas_hexchecksumchunkrDr\rEcalculate_sha256s  ricsg}dtj}tfdddD] }|||q|s%|dSt|dkrSg}t|D]\}}|durE||||q1||q1|}t|dks+t |d dS) a\Calculate a tree hash checksum. For more information see: http://docs.aws.amazon.com/amazonglacier/latest/dev/checksum-calculations.html :param body: Any file like object. This has the same constraints as the ``body`` param in calculate_sha256 :rtype: str :returns: The hex version of the calculated tree hash rZcs Srr[rDr]Zrequired_chunk_sizerDrEr^'r_z%calculate_tree_hash..r`r2Nrascii) rarbrcrqrfrer _in_pairsbinasciihexlifydecode)r]chunksrbrhZ new_chunksrusecondrDrjrEcalculate_tree_hashs      rrcCst|}t||Sr)rcr)iterableZ shared_iterrDrDrErl7s rlc@r)CachedPropertyzA read only property that caches the initially computed value. This descriptor will only call the provided ``fget`` function once. Subsequent access to this property will return the cached value. cCrr)_fget)rfgetrDrDrErPrzCachedProperty.__init__cCs(|dur|S||}||j|jj<|Sr)ru__dict__r)robjclsZcomputed_valuerDrDrE__get__Ss  zCachedProperty.__get__N)rrrrrrzrDrDrDrErtHs rtc@sDeZdZdZdddZddZddd Zd d Zd d ZddZ dS)ArgumentGeneratoraGenerate sample input based on a shape model. This class contains a ``generate_skeleton`` method that will take an input/output shape (created from ``botocore.model``) and generate a sample dictionary corresponding to the input/output shape. The specific values used are place holder values. For strings either an empty string or the member name can be used, for numbers 0 or 0.0 is used. The intended usage of this class is to generate the *shape* of the input structure. This can be useful for operations that have complex input shapes. This allows a user to just fill in the necessary data instead of worrying about the specific structure of the input arguments. Example usage:: s = botocore.session.get_session() ddb = s.get_service_model('dynamodb') arg_gen = ArgumentGenerator() sample_input = arg_gen.generate_skeleton( ddb.operation_model('CreateTable').input_shape) print("Sample input for dynamodb.CreateTable: %s" % sample_input) FcCrr)_use_member_names)rZuse_member_namesrDrDrErwrzArgumentGenerator.__init__cCsg}|||S)zGenerate a sample input. :type shape: ``botocore.model.Shape`` :param shape: The input shape. :return: The generated skeleton input corresponding to the provided input shape. )_generate_skeleton)rrTstackrDrDrEgenerate_skeletonzs z#ArgumentGenerator.generate_skeletonr`cCs>||jz|jdkr|||W|S|jdkr'|||W|S|jdkr7|||W|S|jdkr[|jrF|W|S|jrTt |jW|SW|dS|jdvrgW|dS|jdvrsW|d S|jd krW|d S|jd krt d dddddW|SW|dS|w)NZ structurer maprPr`)integerlongr)r?doublegbooleanT timestamprNr2) rqrerS_generate_type_structurerp_generate_type_list_generate_type_mapr|enumr choicerrrTr~rerDrDrEr}sD                    z$ArgumentGenerator._generate_skeletoncCsF||jdkr iSt}|jD]\}}|j|||d||<q|S)Nr2)re)countrermembersr1r})rrTr~Zskeleton member_nameZ member_shaperDrDrErs z*ArgumentGenerator._generate_type_structurecCs$d}|jr |jj}||j||gS)Nr`)r|memberrer}rrDrDrErs z%ArgumentGenerator._generate_type_listcCs0|j}|j}|jdks Jtd|||fgS)NrPZKeyName)rXrrSrr})rrTr~Z key_shapeZ value_shaperDrDrErsz$ArgumentGenerator._generate_type_mapNr)r`) rrrrrrr}rrrrDrDrDrEr{\s   r{cCs.t|rdSdt|jd}t|duS)NFryrz)r intersectionrhostnamer match endpoint_urlrrDrDrEis_valid_ipv6_endpoint_urls rcCst|j}t|duSr)rrr rrrDrDrEis_valid_ipv4_endpoint_urls rcCsht|rdSt|}|j}|durdSt|dkrdS|ddkr(|dd}tdtj}||S)zVerify the endpoint_url is valid. :type endpoint_url: string :param endpoint_url: An endpoint_url. Must have at least a scheme and a hostname. :return: True if the endpoint url is valid. False otherwise. FNrnrmz;^((?!-)[A-Z\d-]{1,63}(?        rcCs |jdS)Nz ?location)rsrrrDrDrErm rcs"jtfdd}|S)aMethod decorator for caching method calls to a single instance. **This is not a general purpose caching decorator.** In order to use this, you *must* provide an ``_instance_cache`` attribute on the instance. This decorator is used to cache method calls. The cache is only scoped to a single instance though such that multiple instances will maintain their own cache. In order to keep things simple, this decorator requires that you provide an ``_instance_cache`` attribute on your instance. csb|f}|rtt|}||f}|j|}|dur|S|g|Ri|}||j|<|Sr)tuplesortedr1Z_instance_cacherR)rargsr cache_keyZ kwarg_itemsresultfunc func_namerDrE _cache_guards   z$instance_cache.._cache_guard)r functoolswraps)rrrDrrEinstance_cacheqs rcKsht|jjd}dd|D}d}t|dkr!|d|d7}|d7}|dvr+dSt||d d dS) z?Switches the current s3 endpoint with an S3 Accelerate endpointrmcSsg|]}|tvr|qSrDS3_ACCELERATE_WHITELISTrWprDrDrErYsz-switch_host_s3_accelerate..zhttps://s3-accelerate.r amazonaws.com)Z ListBuckets CreateBucketZ DeleteBucketNF)use_new_scheme)rrsrrorrr _switch_hosts)rZoperation_namerrrrDrDrEswitch_host_s3_accelerates rcCs6t|jd}||r||}t||dSdS)zBSwitches the host using a parameter value from a JSON request bodyr9N)rrdatarorRr)r param_nameZ request_json new_endpointrDrDrEswitch_host_with_params  rcCst|j||}||_dSr)_get_new_endpointrs)rrrfinal_endpointrDrDrErs rcCsVt|}t|}|j}|r|j}||j|j|jdf}t|}td|d||SNr`zUpdating URI from  to )rrrrjrrrr)Zoriginal_endpointrrZnew_endpoint_componentsZoriginal_endpoint_componentsrZfinal_endpoint_componentsrrDrDrErsrcCsR|D]$}||vr t||tr t||tr t||||q||||<qdS)zDeeply two dictionaries, overriding existing keys in the base. :param base: The base dictionary which will be merged into. :param extra: The dictionary to merge into the base. Keys from this dictionary will take precedence. N)r>r deep_merge)baseextrarXrDrDrErs  rcCs|ddS)zcTranslate the form used for event emitters. :param service_id: The service_id to convert.  -)rbrA)Z service_idrDrDrEhyphenize_service_idsrc@sHeZdZdddZdddZddZdd Zd d Zd d ZddZ dS)S3RegionRedirectorNcCs,||_||_|jduri|_t||_dSr)_endpoint_resolver_cacheweakrefproxy_client)rZendpoint_bridgeclientcacherDrDrErs  zS3RegionRedirector.__init__cCs<|p|jjj}|d|j|d|j|d|jdS)Nzneeds-retry.s3zbefore-call.s3before-parameter-build.s3)rmetar:registerredirect_from_errorset_request_urlredirect_from_cache)r event_emitterZemitterrDrDrErszS3RegionRedirector.registercKs|durdS||dirtddS|didr&tddS|ddi}|d}|dd i}|d voC|jd k}|d voT|jd koTd |div} |dko\d|v} |dduoi|djdv} |dk} t|| | | | gsydS|ddd} |dd}|| |}|durtd|| fdStd|| |f|j d|}|d}|| |d}||dd<||j | <| ||dd|dd<dS)a An S3 request sent to the wrong region will return an error that contains the endpoint the request should be sent to. This handler will add the redirect information to the signing context and then redirect the request. Nrz=S3 request was previously to an accesspoint, not redirecting.Z s3_redirectedz6S3 request was previously redirected, not redirecting.r2ErrorrResponseMetadata)Z301Z400Z HeadObjectZ HeadBucketx-amz-bucket-region HTTPHeadersZAuthorizationHeaderMalformedRegionr)i-i.i3ZPermanentRedirectsigningbucket client_regionzS3 client configured for region %s but the bucket %s is not in that region and the proper region could not be automatically determined.zS3 client configured for region %s but the bucket %s is in region %s; Please configure the proper region to avoid multiple unnecessary redirects and signing attempts.s3r)rrrT) _is_s3_accesspointrRrrreranyget_bucket_regionrresolverr)rZ request_dictrZ operationrrZ error_codeZresponse_metadataZis_special_head_objectZis_special_head_bucketZis_wrong_signing_regionZis_redirect_statusis_permanent_redirectrrZ new_regionrsigning_contextrDrDrErs       z&S3RegionRedirector.redirect_from_errorc Cs|d}|dd}d|vr|dS|didd}|dur"|Sz|jj|d}|dd}WntyJ}z |jdd}WYd}~nd}~ww|dd}|S) a. There are multiple potential sources for the new region to redirect to, but they aren't all universally available for use. This will try to find region from response elements, but will fall back to calling HEAD on the bucket if all else fails. :param bucket: The bucket to find the region for. This is necessary if the region is not available in the error response. :param response: A response representing a service request that failed due to incorrect region configuration. r2rrrrrN)Bucket)rRrZ head_bucketrr)rrrZservice_responseresponse_headersrr^rrDrDrErSs   z$S3RegionRedirector.get_bucket_regioncKs8|didd}|durt|d|d|d<dSdS)NrrrsF)rRrrparamsrrrrDrDrErtsz"S3RegionRedirector.set_request_urlcKsH||rdS|d}|j|}|dur||d<dSd|i|d<dS)z This handler retrieves a given bucket's signing context from the cache and adds it into the request context. Nrrr)rrRr)rrrrrrrDrDrErys    z&S3RegionRedirector.redirect_from_cachecCsd|vSNrrD)rrrDrDrErsz%S3RegionRedirector._is_s3_accesspointr) rrrrrrrrrrrDrDrDrErs  _! rc@s eZdZdS)InvalidArnExceptionN)rrrrDrDrDrErsrc@r) ArnParsercCsH|dd}t|dkrtd||d|d|d|d|dd S) N:zUProvided ARN: %s must be of the format: arn:partition:service:region:account:resourcer2rr) partitionserviceraccountresource)rorr)rarnZ arn_partsrDrDrE parse_arns  zArnParser.parse_arnN)rrrrrDrDrDrErrrc@s`eZdZedZedZdgZdddZddZ d d Z d d Z d dZ ddZ ddZdS)S3ArnParamHandlerzA^(?Paccesspoint|outpost)[/:](?P.+)$zc^(?P[a-zA-Z0-9\-]{1,63})[/:]accesspoint[/:](?P[a-zA-Z0-9\-]{1,63}$)rNcC||_|dur t|_dSdSr _arn_parserrrZ arn_parserrDrDrEr zS3ArnParamHandler.__init__cC|d|jdS)Nrr handle_arnrrrDrDrErzS3ArnParamHandler.registercKsf|j|jvrdS||}|durdS|ddkr"||||dS|ddkr1||||dSdS)N resource_type accesspointoutpost)re_BLACKLISTED_OPERATIONS"_get_arn_details_from_bucket_param_store_accesspoint_store_outpost)rrmodelrr arn_detailsrDrDrEr s    zS3ArnParamHandler.handle_arncCsHd|vr"z|d}|j|}||||WSty!YdSwdS)Nr)rr_add_resource_type_and_namer)rrrrrDrDrErs   z4S3ArnParamHandler._get_arn_details_from_bucket_paramcCs>|j|d}|r|d|d<|d|d<dSt|d)Nrr resource_name)r)_RESOURCE_REGEXrgroupr,)rrrrrDrDrErs  z-S3ArnParamHandler._add_resource_type_and_namecCs8|d|d<|d|d|d|d|dd|d<dS) Nrrrrrr)rerrrrrrD)rrrrrDrDrErs z$S3ArnParamHandler._store_accesspointcCsd|d}|j|}|st|d|d}||d<|d||d|d|d|d d |d <dS) Nr)raccesspoint_namer outpost_namerrrr)rrerrrrr)_OUTPOST_RESOURCE_REGEXrr*r)rrrrrrrrDrDrErs   z S3ArnParamHandler._store_outpostr)rrrrcrrrrrrr rrrrrDrDrDrErs    rc@seZdZdZdZ     d7ddZddZd d Zd d Zd dZ ddZ ddZ ddZ ddZ ddZddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/d0Zed1d2Zed3d4Zed5d6ZdS)8S3EndpointSetterawsrNFcCJ||_||_||_||_|duri|_||_||_|dur#|j|_dSdSrr_region _s3_config_use_fips_endpoint _endpoint_url _partition_DEFAULT_PARTITIONrendpoint_resolverrZ s3_configrruse_fips_endpointrDrDrErs  zS3EndpointSetter.__init__cCs.|d|j|d|j|d|jdS)Nzbefore-sign.s3zchoose-signer.s3z%before-call.s3.WriteGetObjectResponse)r set_endpoint set_signer#update_endpoint_to_s3_object_lambdarrDrDrErs zS3EndpointSetter.registercKsh|jrtdd||d|jrdS|j}|d|j}dj|d|dd}t|d|d |d<dS) NzOS3 client does not support accelerate endpoints for S3 Object Lambda operationsmsgs3-object-lambdazhttps://{host_prefix}{hostname} host_prefixr)r3rrsF) _use_accelerate_endpointr-_override_signing_namer'rconstruct_endpointr$formatr)rrrrresolverresolvedrrDrDrEr/s  z4S3EndpointSetter.update_endpoint_to_s3_object_lambdacKs||r&||||||||}|||||dS|jr=|jr4t d|j dt dd|i||j rL|j dd|i|dSdS)Nz{Client is configured to use the FIPS psuedo region for "%s", but S3 Accelerate does not have any FIPS compatible endpoints.r0rrD) _use_accesspoint_endpoint_validate_accesspoint_supported_validate_fips_supported_validate_global_regions(_resolve_region_for_accesspoint_endpoint._resolve_signing_name_for_accesspoint_endpoint_switch_to_accesspoint_endpointr4r&r-r$r_s3_addressing_handler)rrrrrDrDrEr-1s*      zS3EndpointSetter.set_endpointcC d|jvSrrrrDrDrEr:Irz*S3EndpointSetter._use_accesspoint_endpointcCs|jsdSd|jddvrtdhdd|jdvr#td|jd|jdd}||jkr@|jdd sBtd |j|fddSdS) Nfipsrr,Invalid ARN, FIPS region not allowed in ARN.r0rzhClient is configured to use the FIPS psuedo-region "%s", but outpost ARNs do not support FIPS endpoints.use_arn_regionTzClient is configured to use the FIPS psuedo-region for "%s", but the access-point ARN provided is for the "%s" region. For clients using a FIPS psuedo-region calls to access-point ARNs in another region are not allowed.)r&rr+r$r%rRrrZaccesspoint_regionrDrDrEr<Ls, z)S3EndpointSetter._validate_fips_supportedcCs0|jddr dS|jdvrtd|jddS)NrFT)z aws-globalz s3-external-1zClient is configured to use the global psuedo-region "%s". When providing access-point ARNs a regional endpoint must be specified.r0)r%rRr$r+rrDrDrEr=ls z)S3EndpointSetter._validate_global_regionscCs|jrtdd|jdd}||jkrtd|j|fd|jdd}|dkr5|jdr5td d|jdd }|rJ|jdrJtd d||dS) NzZClient does not support s3 accelerate configuration when an access-point ARN is specified.r0rrzClient is configured for "%s" partition, but access-point ARN provided is for "%s" partition. The client and access-point partition must be the same.rr2use_dualstack_endpointzjClient does not support s3 dualstack configuration when an S3 Object Lambda access point ARN is specified.rzTClient does not support s3 dualstack configuration when an outpost ARN is specified.)r4r+rr(rRr%_validate_mrap_s3_config)rrZrequest_partitionZ s3_servicerrDrDrEr;xs0 z0S3EndpointSetter._validate_accesspoint_supportedcCs>t|jsdS|jdrtdd|jdrtdddS)NZ$s3_disable_multiregion_access_pointszCInvalid configuration, Multi-Region Access Point ARNs are disabled.r0rHzeClient does not support s3 dualstack configuration when a Multi-Region Access Point ARN is specified.)rrr%rRr+rrDrDrErIs   z)S3EndpointSetter._validate_mrap_s3_configcCsNt|jr||d|jS|jddr$|jdd}||||S|jS)Nr{rFTrr)rr_override_signing_regionr%rRr$rGrDrDrEr>s   z9S3EndpointSetter._resolve_region_for_accesspoint_endpointcKst|r trdStdddS)NZs3v4azzUsing S3 with an MRAP arn requires an additional dependency. You will need to pip install botocore[crt] before proceeding.r0)rr r')rrrrDrDrEr.szS3EndpointSetter.set_signercCs |jdd}||j|dS)Nrrrr5)rrZaccesspoint_servicerDrDrEr?sz?S3EndpointSetter._resolve_signing_name_for_accesspoint_endpointcCsXt|j}t|j||j|||j|j|jdf}t d|jd|||_dSr) rrsrr _get_netlocr_get_accesspoint_pathrjrrr)rrroriginal_componentsZaccesspoint_endpointrDrDrEr@s    z0S3EndpointSetter._switch_to_accesspoint_endpointcCst|r ||S|||Sr)r_get_mrap_netloc_get_accesspoint_netloc)rrequest_contextrrDrDrErLs  zS3EndpointSetter._get_netloccCs\|d}d}|dg}|jrt|jj}||n|d}|d|||gd|S)Nrz s3-globalrerrrm)r'rrrqr!_get_partition_dns_suffixrr)rrQrrZmrap_netloc_componentsendpoint_url_netlocrrDrDrErOs    z!S3EndpointSetter._get_mrap_netlocc Cs|d}d|d|dg}|d}|jr*|r||t|jj}||n>|r6|dg}||n|ddkrH|d|}||n |d |}|||jd r^|d ||| |gd |S) Nrz{}-{}rerr s3-outpostsrr2zs3-accesspointrHr5rm) r7rRr'rqrrr!_inject_fips_if_neededr%_get_dns_suffixrr) rrQrrZaccesspoint_netloc_componentsrrSZ outpost_host componentrDrDrErPs6            z(S3EndpointSetter._get_accesspoint_netloccCs|jrd|S|S)Nz%s-fipsr&)rrWrQrDrDrErUsz'S3EndpointSetter._inject_fips_if_neededcCs"|dd}|d|ddpdS)Nrrergr`r2)rb)rZ original_pathrQrerDrDrErMs z&S3EndpointSetter._get_accesspoint_pathcCs|j|}|dur |j}|Sr)rget_partition_dns_suffix_DEFAULT_DNS_SUFFIX)rZpartition_name dns_suffixrDrDrErR$s z*S3EndpointSetter._get_partition_dns_suffixcC,|jd|}|j}|rd|vr|d}|SNrZ dnsSuffixrr6rZrrr9r[rDrDrErV, z S3EndpointSetter._get_dns_suffixcC$|jdi}||d<||jd<dSNrrrrRrrrrrDrDrErJ5z)S3EndpointSetter._override_signing_regioncCs |di}||d<||d<dSNr signing_namer)rrrgrrDrDrEr5>s  z'S3EndpointSetter._override_signing_namecCs|jdrdS|jdurdSt|jj}|dsdS|d}|ddkr)dS|dd }t|tt|kr;dSt d d |DS) Nuse_accelerate_endpointTFrrmrz s3-accelerater2css|]}|tvVqdSrrrrDrDrE hsz.) r%rRr'rrrrorsetall)rrrZ feature_partsrDrDrEr4Gs       z)S3EndpointSetter._use_accelerate_endpointcCs"|jrdS|jd}|r|SdS)NvirtualZaddressing_style)r4r%rR)rZconfigured_addressing_stylerDrDrE_addressing_stylejs  z"S3EndpointSetter._addressing_stylecCsH|jdkr tdtS|jdks|jdurtddStdtS)Nrmz'Using S3 virtual host style addressing.rjzUsing S3 path style addressing.zSDefaulting to S3 virtual host style addressing with path style addressing fallback.)rnrrrr'rrrDrDrErAvs   z'S3EndpointSetter._s3_addressing_handlerNNNNF)rrrr)rZrrr/r-r:r<r=r;rIr>r.r?r@rLrOrPrUrMrRrVrJr5rtr4rnrArDrDrDrEr sH   &       "  r c@seZdZdZdZedZ     d6ddZdd Z d d Z d d Z ddZ ddZ ddZddZddZddZddZddZddZd d!Zd"d#Zd$d%Zd&d'Zd(d)Zd*d+Zd,d-Zd.d/Zd0d1Zd2d3Zd4d5ZdS)7S3ControlEndpointSetterr!rz^[a-zA-Z0-9\-]{1,63}$NFcCr"rr#r*rDrDrErs  z S3ControlEndpointSetter.__init__cCr )Nzbefore-sign.s3-control)rr-rrDrDrErrz S3ControlEndpointSetter.registercKs||r!||||}|||||||dS||r?||||d| |j }| ||dSdSNrT) _use_endpoint_from_arn_details-_validate_endpoint_from_arn_details_supported _resolve_region_from_arn_details&_resolve_signing_name_from_arn_details"_resolve_endpoint_from_arn_details_add_headers_from_arn_details_use_endpoint_from_outpost_id#_validate_outpost_redirection_validr5_construct_outpost_endpointr$_update_request_netloc)rrrr new_netlocrDrDrEr-s         z$S3ControlEndpointSetter.set_endpointcCrB)NrrCrrDrDrErrrz6S3ControlEndpointSetter._use_endpoint_from_arn_detailscCrB)N outpost_idrCrrDrDrErxrz5S3ControlEndpointSetter._use_endpoint_from_outpost_idcCsd|jddvrt|jdddd|jdds3|jdd}||jkr3d ||jf}t|d |jdd }||jkrItd |j|fd |jd rTtdd d|jdvrb||dSdS)NrDrrr"rErr1rFFzpThe use_arn_region configuration is disabled but received arn for "%s" when the client is configured to use "%s"r0rzClient is configured for "%s" partition, but arn provided is for "%s" partition. The client and arn partition must be the same.rhz7S3 control client does not support accelerate endpointsr)rr.r%rRr$r/r(ry)rr arn_region error_msgZrequest_partionrDrDrErss4     zES3ControlEndpointSetter._validate_endpoint_from_arn_details_supportedcCs|jdr tdddS)NrHzPClient does not support s3 dualstack configuration when an outpost is specified.r0)r%rRr/rrDrDrErys z;S3ControlEndpointSetter._validate_outpost_redirection_validcCs2|jddr|jdd}||||S|jS)NrFFrr)r%rRrrJr$)rrrrDrDrErts  z8S3ControlEndpointSetter._resolve_region_from_arn_detailscCs|jdd}||||S)NrrrK)rrZ arn_servicerDrDrErus z>S3ControlEndpointSetter._resolve_signing_name_from_arn_detailscCs|||}|||dSr) _resolve_netloc_from_arn_detailsr{)rrrr|rDrDrErvsz:S3ControlEndpointSetter._resolve_endpoint_from_arn_detailscCsDt|j}t|j||j|jdf}td|jd|||_dSr)rrsrrrjrrr)rrr|rNZarn_details_endpointrDrDrEr{s   z.S3ControlEndpointSetter._update_request_netloccCs0|jd}d|vr||S|d}|||S)Nrrr)rrz_construct_s3_control_endpoint)rrrrrrDrDrEr s   z8S3ControlEndpointSetter._resolve_netloc_from_arn_detailscCs |j|Sr)_HOST_LABEL_REGEXr)rlabelrDrDrE_is_valid_host_label rz,S3ControlEndpointSetter._is_valid_host_labelcGs"|D] }||st|dqdS)N)r)rr")rlabelsrrDrDrE_validate_host_labels s   z-S3ControlEndpointSetter._validate_host_labelscCs\||||jrt|jj}||g}n|dg}||||}|||g||S)Nz s3-control)rr'rr_add_dualstackrVr!_construct_netloc)rrrrSrr[rDrDrEr s      z6S3ControlEndpointSetter._construct_s3_control_endpointcCs@|||jrt|jjSd|||g}||||Srq)rr'rrrV _add_fipsr)rrrrDrDrErz) s    z3S3ControlEndpointSetter._construct_outpost_endpointcCs d|S)Nrm)rrrrrDrDrEr6 rz)S3ControlEndpointSetter._construct_netloccCs|jr |dd|d<dSdS)Nrz-fipsrXrrDrDrEr9 sz!S3ControlEndpointSetter._add_fipscCs|jdr |ddSdS)NrHr5)r%rRrqrrDrDrEr= s z&S3ControlEndpointSetter._add_dualstackcCr\r]r^r_rDrDrErVA r`z'S3ControlEndpointSetter._get_dns_suffixcCrarbrcrdrDrDrErJJ rez0S3ControlEndpointSetter._override_signing_regioncCrarfrc)rrrgrrDrDrEr5S rez.S3ControlEndpointSetter._override_signing_namecCs,|jd}|d}|r|||dSdS)Nrr)rrR_add_outpost_id_header)rrrrrDrDrErw\ s  z5S3ControlEndpointSetter._add_headers_from_arn_detailscCs||jd<dS)Nzx-amz-outpost-id)r^)rrrrDrDrErb sz.S3ControlEndpointSetter._add_outpost_id_headerro) rrrr)rZrcrrrrr-rrrxrsryrtrurvr{rrrrrzrrrrVrJr5rwrrDrDrDrErpsB          rpc@seZdZedZdddZddZddZd d Z d d Z d dZ ddZ ddZ ddZddZddZddZddZdS)S3ControlArnParamHandlerz[/:]NcCrrrr rDrDrEri r z!S3ControlArnParamHandler.__init__cCr )Nz!before-parameter-build.s3-controlr rrDrDrErn sz!S3ControlArnParamHandler.registercKs<|jdvr||||dS||||||||dS)N)rZListRegionalBuckets)re_handle_outpost_id_param_handle_name_param_handle_bucket_param)rrrrrrDrDrEr t s z#S3ControlArnParamHandler.handle_arncCsR||vrdSz||}|j|}||d<|||d<|WSty(YdSw)Nr" resources)rr_split_resourcer)rrrrrrDrDrE_get_arn_details_from_param~ s  z4S3ControlArnParamHandler._get_arn_details_from_paramcCs|j|dS)Nr)_RESOURCE_SPLIT_REGEXro)rrrDrDrEr z(S3ControlArnParamHandler._split_resourcecCsD|d}d|vr|d|krd|d}t|d|d||d<dS)NrZ AccountIdzGAccount ID in arn does not match the AccountId parameter provided: "%s"r"r~)r.)rrrZ account_idrrDrDrE_override_account_id_param s z3S3ControlArnParamHandler._override_account_id_paramcCsd|vrdS|d|d<dS)NZ OutpostIdr}rD)rrrrrDrDrEr sz1S3ControlArnParamHandler._handle_outpost_id_paramcCsV|jdkrdS||d}|durdS||r!||||dSd}t|d|d)NZCreateAccessPointNamez4The Name parameter does not support the provided ARNr"r~)rer_is_outpost_accesspoint_store_outpost_accesspointr.rrrrrrrDrDrEr s   z+S3ControlArnParamHandler._handle_name_paramcC@|ddkrdS|d}t|dkrdS|ddko|dd kS) NrrTFrrrrrrrrrrrDrDrEr  z0S3ControlArnParamHandler._is_outpost_accesspointcCD||||dd}||d<||d<|dd|d<||d<dS)Nrrrrr2rrr)rrrrrrDrDrEr   z3S3ControlArnParamHandler._store_outpost_accesspointcCsH||d}|dur dS||r||||dSd}t|d|d)Nrz6The Bucket parameter does not support the provided ARNr"r~)r_is_outpost_bucket_store_outpost_bucketr.rrDrDrEr s  z-S3ControlArnParamHandler._handle_bucket_paramcCr) NrrTFrrrrrrrrrDrDrEr rz+S3ControlArnParamHandler._is_outpost_bucketcCr)Nrrrrr2rrr)rrrrrrDrDrEr rz.S3ControlArnParamHandler._store_outpost_bucketr)rrrrcrrrrr rrrrrrrrrrrDrDrDrErf s       rc@sreZdZdZdZdZdZeddgZdej fdd Z dd d Z d d Z ddZ ddZdddZddZddZdS)ContainerMetadataFetcherrrr2z 169.254.170.2 localhostz 127.0.0.1NcCs(|dur tjj|jd}||_||_dS)N)r)rZrrTIMEOUT_SECONDSr_sleep)rrKsleeprDrDrEr s  z!ContainerMetadataFetcher.__init__cCs|||||S)zRetrieve JSON metadata from container metadata. :type full_url: str :param full_url: The full URL of the metadata service. This should include the scheme as well, e.g "http://localhost:123/foo" )_validate_allowed_url_retrieve_credentials)rfull_urlr^rDrDrEretrieve_full_uri s z*ContainerMetadataFetcher.retrieve_full_uricCs:tj|}||j}|std|jd|jfdS)NzGUnsupported host '%s'. Can only retrieve metadata from these hosts: %sz, )rZcompatr_check_if_whitelisted_hostrrrr_ALLOWED_HOSTS)rrparsedZis_whitelisted_hostrDrDrEr s  z.ContainerMetadataFetcher._validate_allowed_urlcCs||jvrdSdS)NTF)r)rrrDrDrEr s z3ContainerMetadataFetcher._check_if_whitelisted_hostcCs||}||S)zRetrieve JSON metadata from ECS metadata. :type relative_uri: str :param relative_uri: A relative URI, e.g "/foo/bar?id=123" :return: The parsed JSON response. )rr)r relative_urirrDrDrE retrieve_uri s z%ContainerMetadataFetcher.retrieve_uric Csddi}|dur ||d} z ||||jWStyC}ztjd|dd||j|d7}||jkr9WYd}~nd}~wwq)NAcceptzapplication/jsonrTzAReceived error when attempting to retrieve container metadata: %srr2) rd _get_responserr&rrr SLEEP_TIMERETRY_ATTEMPTS)rr extra_headersr^ZattemptsrrDrDrEr s.    z.ContainerMetadataFetcher._retrieve_credentialsc CszEtjj}|d||d}|j|}|jd}|jdkr)t d|j|fdzt |WWSt yEd}t d||t |dwtyZ} z d | }t |dd} ~ ww) Nrrr9rz4Received non 200 response (%s) from ECS metadata: %srz8Unable to parse JSON returned from ECS metadata servicesz%s:%sz;Received error when attempting to retrieve ECS metadata: %s)rZr[rrrrrrorr&rrrrrr) rrr^rrrrZ response_textrrrDrDrEr. s6     z&ContainerMetadataFetcher._get_responsecCsd|j|S)Nzhttp://) IP_ADDRESS)rrrDrDrErJ rz!ContainerMetadataFetcher.full_urlr)rrrrrrrrtimerrrrrrrrrrDrDrDrEr s      rcCst|riStSr)should_bypass_proxiesr0rsrDrDrErN src Cs6z tt|jr WdSWdSttjfyYdSw)z: Returns whether we should bypass proxies or not. TF)r1rrrAsocketgaierrorrrDrDrErU s rc Cs|sdSzt|WSttfyYnwt|drCt|drCz|}|dd|}||||WStjyBYdSwdS)Nrseektellr)rAttributeErrorrArQrrioUnsupportedOperation)r]Zorig_posZ end_file_posrDrDrEdetermine_content_lengthj s&    r ISO-8859-1cCsF|d}|s dSt|\}}d|vr|ddSd|vr!|SdS)zReturns encodings from given HTTP Header Dict. :param headers: dictionary to extract encoding from. :param default: default encoding if the content-type is text z content-typeNcharsetz'"r)rRcgiZ parse_headerr.)r^default content_typerrDrDrEget_encoding_from_headers s rcKs0t|ttfr t|}nt|}t|dS)Nrk)r>r: bytearray_calculate_md5_from_bytes_calculate_md5_from_filebase64 b64encodero)r]rZ binary_md5rDrDrE calculate_md5 s rcCst|}|Sr)rrf)Z body_bytesmd5rDrDrEr srcsB}t}tfdddD]}||q||S)NcrXrYr[rDfileobjrDrEr^ r_z*_calculate_md5_from_file..r`)rrrcrdrrf)rZstart_positionrrhrDrrEr s   rcKs|d}|d}|didi}|d}|r|dkrdS|D] }t|r+dSq!trF|durHd|vrJt|fi|}||dd<dSdSdSdS) z1Only add a Content-MD5 if the system supports it.r^r]rrgZrequest_algorithmzconditional-md5Nz Content-MD5)rRCHECKSUM_HEADER_PATTERNrrr)rrr^r]Zchecksum_contextZchecksum_algorithmrOZ md5_digestrDrDrEconditionally_calculate_md5 s    rc@s eZdZefddZddZdS)FileWebIdentityTokenLoadercCs||_||_dSr)_web_identity_token_pathr()rZweb_identity_token_pathr(rDrDrEr s z#FileWebIdentityTokenLoader.__init__cCs8||j }|WdS1swYdSr)r(rr$)rZ token_filerDrDrE__call__ s$z#FileWebIdentityTokenLoader.__call__N)rrropenrrrDrDrDrEr s  rc@s2eZdZd ddZddZd ddZd dd ZdS) SSOTokenLoaderNcCs|duri}||_dSr)r)rrrDrDrEr s zSSOTokenLoader.__init__cCs$|}|dur|}t|dS)Nr9)rasha1r;re)r start_url session_namer<rDrDrE_generate_cache_key sz"SSOTokenLoader._generate_cache_keycCs|||}||j|<dSr)rr)rrrrrrDrDrE save_token s zSSOTokenLoader.save_tokencCs|||}td|||jvr&|}|dur|}d|d}t|d|j|}d|vs3d|vr>d|d}t|d|S)NzChecking for cached token at: z Token for z does not existrZ accessTokenZ expiresAtz is invalid)rrrrr))rrrrrerrrDrDrEr s       zSSOTokenLoader.__call__r)rrrrrrrrDrDrDrEr s   rc@s@eZdZdZdZdddZddZdd Zd d Zdd d Z dS)EventbridgeSignerSetterr!rNcCs||_||_||_dSr)rr$r')rr+rrrDrDrEr s z EventbridgeSignerSetter.__init__cCs |d|j|d|jdS)Nz'before-parameter-build.events.PutEventszbefore-call.events.PutEvents)rcheck_for_global_endpointset_endpoint_urlrrDrDrEr sz EventbridgeSignerSetter.registercKs:d|vr|d}td|dd|||d<dSdS)Neventbridge_endpointzRewriting URL from rsr)rrrrDrDrEr s  z(EventbridgeSignerSetter.set_endpoint_urlc Ks|d}|dur dSt|dkrtddtstdd|d}d}|dur6|jr0tdd|jr6dg}|jdurTtd |}|j |krLtd d|j ||d }n|j}||d <d |d<dS)NZ EndpointIdrz+EndpointId must not be a zero length stringr0zqUsing EndpointId requires an additional dependency. You will need to pip install botocore[crt] before proceeding.Z client_configz>FIPS is not supported with EventBridge multi-region endpoints.r5https://z-EndpointId is not a valid hostname component.endpoint_variant_tagsrZv4aZ auth_type) rRrr r r'r,rHr'rr_get_global_endpoint) rrrrrr6rrZresolved_endpointrDrDrEr s@      z1EventbridgeSignerSetter.check_for_global_endpointcCsN|j}||j}|dur|j}|j||d}|dur|j}d|d|dS)Nrrz.endpoint.events.rg)rZget_partition_for_regionr$r)rYrZ)rrrr8rr[rDrDrEr4 s z,EventbridgeSignerSetter._get_global_endpointrr) rrrr)rZrrrrrrDrDrDrEr s  ,r)Trr)r)rrmrrrrarloggingrr rcrrrZdateutil.parserrBZ dateutil.tzrZurllib3.exceptionsrrZZbotocore.awsrequestZbotocore.httpsessionZbotocore.compatrrrrrr r r r r rrrrrrrrrrrZbotocore.exceptionsrrrrrrrr r!r"r#r$r%r&r'r(r)r*r+r,r-r.r/Z*botocore.vendored.six.moves.urllib.requestr0r1 getLoggerrrrrrrJZ SAFE_CHARSrrrrZ EVENT_ALIASESrrrFrLrUr_rfrkrlrhr}rr Exceptionrrrrrrrr#rr+r%r8r3rGrIrMrWrirrrlrtr{rrrrrrrrrrrrrrrrrrrrrr rprrrrrrrrrrrrrrDrDrDrEs          @d        !"#$%&'()*+,-./0123456789:;<=>?@ABCDEN    ;? &   & - !d   @!  )UX{ m       !