9(Zc@sqddlZddlZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl Z ddlmZddlmZddlZddlZddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddlmZddl m!Z!m"Z"ddl m#Z#ej$e%Z&eddddgZ'dZ(dZ)dZ*dZ+e,dZ-dZ.dZ/de0fdYZ1d e1fd!YZ2d"e2fd#YZ3d$e0fd%YZ4d&e4fd'YZ5d(e0fd)YZ6d*e6fd+YZ7d,e6fd-YZ8d.e6fd/YZ9d0e6fd1YZ:d2e6fd3YZ;d4e6fd5YZ<d6e6fd7YZ=d8e6fd9YZ>d:e0fd;YZ?d<e6fd=YZ@d>e0fd?YZAdS(@iN(t namedtuple(tdeepcopy(tsha1(tparse(ttzlocal(t total_seconds(tcompat_shell_split(tUnknownCredentialError(tPartialCredentialsError(tConfigNotFound(tInvalidConfigError(tInfiniteLoopConfigError(tRefreshWithMFAUnsupportedError(tMetadataRetrievalError(tCredentialRetrievalError(tInstanceMetadataFetchertparse_key_val_file(tContainerMetadataFetchertReadOnlyCredentialst access_keyt secret_keyttokenc sqjdpd}jd}jd}jd}jd}t}t}tdtd|d |}td fd d jd id|dt|||g} || td|d|t d|d fdt d|d|t t ||g } jddd} | dk r^| j|tjdntd| } | S(sCreate a default credential resolver. This creates a pre-configured credential resolver that includes the default lookup chain for credentials. tprofiletdefaulttcredentials_filet config_filetmetadata_service_timeouttmetadata_service_num_attemptstiam_role_fetcherttimeoutt num_attemptst load_configcsjS(N(t full_config((tsession(s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pytHstclient_creatortcachet profile_nametcredential_sourcertcreds_filenamecsjS(N(R ((R!(s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR"Xstconfig_filenametmethodstinstancesWSkipping environment variable credential check because profile name was explicitly set.t providers(sinstanceN(tget_config_variablet EnvProvidertContainerProvidertInstanceMetadataProviderRtAssumeRoleProvidert create_clienttCanonicalNameCredentialSourcertSharedCredentialProvidertProcessProvidertConfigProvidertOriginalEC2Providert BotoProvidertNonetremovetloggertdebugtCredentialResolver( R!R%tcredential_fileRtmetadata_timeoutRt env_providertcontainer_providertinstance_metadata_providertassume_role_providerR+texplicit_profiletresolver((R!s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pytcreate_credential_resolver2sJ          cCst|}|jS(N(REtload_credentials(R!RD((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pytget_credentials|s cCstjjtS(N(tdatetimetnowR(((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyt _local_nowscCs t|tjr|St|S(N(t isinstanceRHR(tvalue((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyt_parse_if_neededscCs3t|tjr/|r"|jS|jdS|S(Ns%Y-%m-%dT%H:%M:%S%Z(RKRHt isoformattstrftime(RLtiso((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyt_serialize_if_neededs   csfd}|S(NcsOj}|d}i|dd6|dd6|dd6t|dd 6S( Nt Credentialst AccessKeyIdRtSecretAccessKeyRt SessionTokenRt Expirationt expiry_time(t assume_roleRQ(tresponset credentials(tclienttparams(s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pytrefreshs    ((R[R\R]((R[R\s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pytcreate_assume_role_refreshers cCs dtfdY}||S(Nt _RefreshercBseZdZdZRS(cSs||_t|_dS(N(t_refreshtFalset_has_been_called(tselfR]((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyt__init__s cSs(|jrtnt|_|jS(N(RbR tTrueR`(Rc((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyt__call__s   (t__name__t __module__RdRf(((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR_s (tobject(tactual_refreshR_((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pytcreate_mfa_serial_refreshersRRcBs/eZdZdddZdZdZRS(s\ Holds the credentials needed to authenticate requests. :ivar access_key: The access key part of the credentials. :ivar secret_key: The secret key part of the credentials. :ivar token: The security token, valid only for session credentials. :ivar method: A string which identifies where the credentials were found. cCsG||_||_||_|dkr0d}n||_|jdS(Ntexplicit(RRRR8tmethodt _normalize(RcRRRRm((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRds      cCs4tjj|j|_tjj|j|_dS(N(tbotocoretcompattensure_unicodeRR(Rc((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRnscCst|j|j|jS(N(RRRR(Rc((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pytget_frozen_credentialss N(RgRht__doc__R8RdRnRr(((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRRs   tRefreshableCredentialscBseZdZdZdZedZdZedZ e dZ e j dZ e d Z e j d Z e d Zej d Zd ZddZdZdZdZedZdZdZRS(s Holds the credentials needed to authenticate requests. In addition, it knows how to refresh itself. :ivar access_key: The access key part of the credentials. :ivar secret_key: The secret key part of the credentials. :ivar token: The security token, valid only for session credentials. :ivar method: A string which identifies where the credentials were found. ii<i cCsq||_||_||_||_||_||_tj|_||_ t ||||_ |j dS(N( t_refresh_usingt _access_keyt _secret_keyt_tokent _expiry_timet _time_fetchert threadingtLockt _refresh_lockRmRt_frozen_credentialsRn(RcRRRRWt refresh_usingRmt time_fetcher((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRds       cCs4tjj|j|_tjj|j|_dS(N(RoRpRqRvRw(Rc((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRnsc CsJ|d|dd|dd|dd|j|dd|d|}|S(NRRRRWRmR(t_expiry_datetime(tclstmetadataRRmR*((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pytcreate_from_metadatas    cCs|j|jS(sWarning: Using this property can lead to race conditions if you access another property subsequently along the refresh boundary. Please use get_frozen_credentials instead. (R`Rv(Rc((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR s cCs ||_dS(N(Rv(RcRL((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRscCs|j|jS(sWarning: Using this property can lead to race conditions if you access another property subsequently along the refresh boundary. Please use get_frozen_credentials instead. (R`Rw(Rc((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRs cCs ||_dS(N(Rw(RcRL((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR#scCs|j|jS(sWarning: Using this property can lead to race conditions if you access another property subsequently along the refresh boundary. Please use get_frozen_credentials instead. (R`Rx(Rc((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR's cCs ||_dS(N(Rx(RcRL((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR0scCs|j|j}t|S(N(RyRzR(Rctdelta((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyt_seconds_remaining4scCsR|jdkrtS|dkr+|j}n|j|krAtStjdtS(sCheck if a refresh is needed. A refresh is needed if the expiry time associated with the temporary credentials is less than the provided ``refresh_in``. If ``time_delta`` is not provided, ``self.advisory_refresh_needed`` will be used. For example, if your temporary credentials expire in 10 minutes and the provided ``refresh_in`` is ``15 * 60``, then this function will return ``True``. :type refresh_in: int :param refresh_in: The number of seconds before the credentials expire in which refresh attempts should be made. :return: True if refresh neeeded, False otherwise. s!Credentials need to be refreshed.N(RyR8Rat_advisory_refresh_timeoutRR:R;Re(Rct refresh_in((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pytrefresh_needed8s   cCs|jddS(NRi(R(Rc((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyt _is_expiredZscCs|j|jsdS|jjtr|z@|j|jsAdS|j|j}|jd|dSWd|jjXnK|j|jr|j+|j|jsdS|jdtWdQXndS(Nt is_mandatory( RRR}tacquireRat_mandatory_refresh_timeoutt_protected_refreshtreleaseRe(Rctis_mandatory_refresh((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR`^s   cCsy|j}WnHtk rZ}|r.dnd}tjd|dt|rVndSX|j||jrd}tj|t|nt|j |j |j |_ dS(Nt mandatorytadvisorysARefreshing temporary credentials failed during %s refresh period.texc_infosLCredentials were refreshed, but the refreshed credentials are still expired.( Rut ExceptionR:twarningRet_set_from_dataRt RuntimeErrorRRvRwRxR~(RcRRtet period_nametmsg((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR{s      cCs t|S(N(R(ttime_str((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRscCs[|d|_|d|_|d|_t|d|_tjd|j|jdS(NRRRRWs(Retrieved credentials will expire at: %s(RRRRRyR:R;Rn(Rctdata((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRs     cCs|j|jS(sReturn immutable credentials. The ``access_key``, ``secret_key``, and ``token`` properties on this class will always check and refresh credentials if needed before returning the particular credentials. This has an edge case where you can get inconsistent credentials. Imagine this: # Current creds are "t1" tmp.access_key ---> expired? no, so return t1.access_key # ---- time is now expired, creds need refreshing to "t2" ---- tmp.secret_key ---> expired? yes, refresh and return t2.secret_key This means we're using the access key from t1 with the secret key from t2. To fix this issue, you can request a frozen credential object which is guaranteed not to change. The frozen credentials returned from this method should be used immediately and then discarded. The typical usage pattern would be:: creds = RefreshableCredentials(...) some_code = SomeSignerObject() # I'm about to sign the request. # The frozen credentials are only used for the # duration of generate_presigned_url and will be # immediately thrown away. request = some_code.sign_some_request( with_credentials=creds.get_frozen_credentials()) print("Signed request:", request) (R`R~(Rc((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRrs" iiXN(RgRhRsRRRJRdRnt classmethodRtpropertyRtsetterRRRR8RRR`Rt staticmethodRRRr(((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRts(        "   ! tDeferredRefreshableCredentialscBs&eZdZedZddZRS(syRefreshable credentials that don't require initial credentials. refresh_using will be called upon first access. cCs[||_d|_d|_d|_d|_||_tj|_ ||_ d|_ dS(N( RuR8RvRwRxRyRzR{R|R}RmR~(RcRRmR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRds       cCs<td|j|jgDr&tStt|j|S(Ncss|]}|dkVqdS(N(R8(t.0tpart((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pys s(tanyRvRwRetsuperRR(RcR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRs"N(RgRhRsRJRdR8R(((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRs tCachedCredentialFetchercBs_eZd d dZdZdZdZdZdZdZ d Z d Z RS( i<icCs:|dkri}n||_|j|_||_dS(N(R8t_cachet_create_cache_keyt _cache_keyt_expiry_window_seconds(RcR$texpiry_window_seconds((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRds    cCstddS(Ns_create_cache_key()(tNotImplementedError(Rc((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRscCs4|jddjtjjd}|jddS(Nt:t_t/(treplacetostpathtsep(Rctfilename((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyt_make_file_safes$cCstddS(Ns_get_credentials()(R(Rc((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyt_get_credentialsscCs |jS(N(t_get_cached_credentials(Rc((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pytfetch_credentialsscCs|j}|d kr4|j}|j|n tjd|d}t|ddt}i|dd6|dd6|d d 6|d 6S( sGet up-to-date credentials. This will check the cache for up-to-date credentials, calling assume role if none are available. s*Credentials for role retrieved from cache.RRRVRPRSRRTRRURRWN(t_load_from_cacheR8Rt_write_to_cacheR:R;RQRe(RcRYtcredst expiration((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRs        cCsO|j|jkrKt|j|j}|j|s;|StjdndS(Ns6Credentials were found in cache, but they are expired.(RRRRR:R;R8(RcR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRs cCst||j|jeZdZejdZdZdZedZ RS(scustom-processcCs(||_||_d|_||_dS(N(t _profile_namet _load_configR8t_loaded_configt_popen(RcR%Rtpopen((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRds   c sjdkrdSj}|jddk r_tj|fdjStd|dd|dd|jddjS(NRWcs jS(N(t_retrieve_credentials_using((tcredential_processRc(s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR"sRRRRm(t_credential_processR8RRRtRRRR(Rct creds_dict((RRcs6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRs     c CsAt|}|j|dtjdtj}|j\}}|jdkrrtd|jd|jdnt j j j |jd}|j dd}|d krtd|jdd |ny>i|d d 6|d d6|j dd6|j dd6SWn/tk r<}td|jdd|nXdS(NtstdouttstderriRt error_msgsutf-8tVersionsisOUnsupported version '%s' for credential process provider, supported versions: 1RSRRTRRURRVRWs$Missing required key in response: %s(RRt subprocesstPIPEt communicatet returncodeRRtdecodeRoRpRRRR( RcRt process_listtpRRtparsedtversionR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRs2          cCsR|jdkr!|j|_n|jjdij|ji}|jdS(NtprofilesR(RR8RRR(Rctprofile_config((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRs  ( RgRhRRtPopenRdRRRR(((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR4s   R/cBs&eZdZdZdZdZRS(siam-roletEc2InstanceMetadatacCs ||_dS(N(t _role_fetcher(RcR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRdscCsX|j}|j}|sdStjd|dtj|d|jd|j}|S(Ns#Found credentials from IAM Role: %st role_nameRmR(Rtretrieve_iam_role_credentialsR8R:R;RtRR(RctfetcherRR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRs      (RgRhRRRdR(((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR/ s R-cBs\eZdZdZdZdZddgZdZd d dZ dZ d Z d Z RS( tenvt EnvironmenttAWS_ACCESS_KEY_IDtAWS_SECRET_ACCESS_KEYtAWS_SECURITY_TOKENtAWS_SESSION_TOKENtAWS_CREDENTIAL_EXPIRATIONcCs7|dkrtj}n||_|j||_dS(s :param environ: The environment variables (defaults to ``os.environ`` if no value is provided). :param mapping: An optional mapping of variable names to environment variable names. Use this if you want to change the mapping of access_key->AWS_ACCESS_KEY_ID, etc. The dict can have up to 3 keys: ``access_key``, ``secret_key``, ``session_token``. N(R8Rtenviront_build_mappingt_mapping(RcRR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRd3s   cCsi}|dkrI|j|d<|j|d<|j|d<|j|deZdZdZdZdZdZdddZdZ RS(sec2-credentials-filet Ec2ConfigtAWS_CREDENTIAL_FILEtAWSAccessKeyIdt AWSSecretKeycCsC|dkrtj}n|dkr-t}n||_||_dS(N(R8RRRt_environt_parser(RcRtparser((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRds      cCsd|jkrtjj|jd}|j|}|j|krtjd||j}||j}t ||d|j SndSdS(sN Search for a credential file used by original EC2 CLI tools. R(s)Found credentials in AWS_CREDENTIAL_FILE.RmN( R+RRt expanduserR,RR:R$RRRRR8(Rct full_pathRRR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRs    N( RgRhRRt CRED_FILE_ENVRRR8RdR(((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR6sR3cBsMeZdZdZdZdZddgZd d dZdZ dZ RS( sshared-credentials-filetSharedCredentialsRRtaws_security_tokenRcCsO||_|dkrd}n||_|dkrBtjj}n||_dS(NR(t_creds_filenameR8RRot configloadertraw_config_parset _ini_parser(RcR'R%t ini_parser((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRds     cCsy|j|j}Wntk r*dSX|j|kr||j}|j|krtjd|j|j||j|j \}}|j |}t |||d|j SndS(Ns0Found credentials in shared credentials file: %sRm( R6R3R R8RRR:R$RRt_get_session_tokenRRR(Rctavailable_credstconfigRRR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRs    cCs,x%|jD]}||kr ||Sq WdS(N(R(RcR:t token_envvar((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR8s N( RgRhRRRRRR8RdRR8(((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR3s  R5cBsPeZdZdZdZdZdZddgZd dZ dZ d Z RS( s0INI based config provider with profile sections.s config-filet SharedConfigRRR2RcCs:||_||_|dkr-tjj}n||_dS(s :param config_filename: The session configuration scoped to the current profile. This is available via ``session.config``. :param profile_name: The name of the current profile. :param config_parser: A config parser callable. N(t_config_filenameRR8RoR4Rt_config_parser(RcR(R%t config_parser((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRds   cCsy|j|j}Wntk r*dSX|j|dkr|d|j}|j|krtjd|j|j||j|j \}}|j |}t |||d|j SndSdS(sr If there is are credentials in the configuration associated with the session, use those. R s$Credentials found in config file: %sRmN( R>R=R R8RRR:R$RRR8RRR(RcR R RRR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRs    cCs,x%|jD]}||kr ||Sq WdS(N(R(RcR t token_name((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR8s N( RgRhRsRRRRRR8RdRR8(((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR5s   R7cBsJeZdZdZdZddgZdZdZd d dZ dZ RS( s boto-configt Boto2Configt BOTO_CONFIGs /etc/boto.cfgs~/.botoRRcCsI|dkrtj}n|dkr3tjj}n||_||_dS(N(R8RRRoR4R5R+R6(RcRR7((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRd$s     cCs|j|jkr(|j|jg}n |j}x|D]}y|j|}Wntk rgq8nXd|kr8|d}|j|krtjd||j||j|j \}}t ||d|j Sq8q8WdS(s; Look for credentials in boto config file. RRs)Found credentials in boto config file: %sRmN( tBOTO_CONFIG_ENVR+tDEFAULT_CONFIG_FILENAMESR6R RR:R$RRRRR(Rctpotential_locationsRR:RZRR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR,s"       N( RgRhRRRCRDRRR8RdR(((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR7s R0cBseZdZdZdZdZejddZdZ dZ dZ dZ d Z d Zd Zd Zd ZdZdZRS(s assume-roleRi<icCsR||_||_||_||_||_i|_||_|jg|_dS(s :type load_config: callable :param load_config: A function that accepts no arguments, and when called, will return the full configuration dictionary for the session (``session.full_config``). :type client_creator: callable :param client_creator: A factory function that will create a client when called. Has the same interface as ``botocore.session.Session.create_client``. :type cache: dict :param cache: An object that supports ``__getitem__``, ``__setitem__``, and ``__contains__``. An example of this is the ``JSONFileCache`` class in the CLI. :type profile_name: str :param profile_name: The name of the profile. :type prompter: callable :param prompter: A callable that returns input provided by the user (i.e raw_input, getpass.getpass, etc.). :type credential_sourcer: CanonicalNameCredentialSourcer :param credential_sourcer: A credential provider that takes a configuration, which is used to provide the source credentials for the STS call. N(R$RRRt _prompterRt_credential_sourcert_visited_profiles(RcRR#R$R%tprompterR&((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRdSs#       cCs/|j|_|jr+|j|jSdS(N(RRt_has_assume_role_config_varst_load_creds_via_assume_roleR(Rc((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRs cCs1|jjdi}|j|j|jikS(NR (RRtROLE_CONFIG_VARR(RcR ((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRJsc Cs|j|}|j||}i}|jd}|dk rO||ds(R(RcRt static_keys((Rs6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR[s cCsR|jd}|dk r+|j||S|d}|jj||j|S(NRURT(RR8t _resolve_credentials_from_sourceRHRt!_resolve_credentials_from_profile(RcRRR%RURT((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRQs   cCsH|jjdi}||}|j|r;|j|S|j|S(NR (RRR[t(_resolve_static_credentials_from_profileRK(RcR%R R((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR_#s   cCsfy.td|dd|dd|jdSWn1tk ra}td|jdt|nXdS( NRRRRRRRR(RRRRRRtstr(RcRR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR`,s  cCs>|jj|}|dkr:td|dd|n|S(NRRsBNo credentials found in credential_source referenced in profile %s(RGRR8R(RcRUR%RZ((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR^7s    Ni(RgRhRR8RRLtEXPIRY_WINDOW_SECONDSRRdRRJRKRPRVRWR[RQR_R`R^(((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR0Es 4   ( + #  R2cBs>eZdZdZdZdZdZdZRS(cCs ||_dS(N(t _providers(RcR+((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRdGscCs#|g|jD]}|j^q kS(sLValidates a given source name. :type source_name: str :param source_name: The value of credential_source in the config file. This is the canonical name of the credential provider. :rtype: bool :returns: True if the credential provider is supported, False otherwise. (RcR(Rct source_nameR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRXJs cCs2|j|}t|tr(|jS|jS(sLoads source credentials based on the provided configuration. :type source_name: str :param source_name: The value of credential_source in the config file. This is the canonical name of the credential provider. :rtype: Credentials (t _get_providerRKR<RFR(RcRdtsource((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRWs  cCs|j|}|jdkr_|jd}|dk r_|dkrL|St||gSn|dkr}td|n|S(s#Return a credential provider by its canonical name. :type canonical_name: str :param canonical_name: The canonical name of the provider. :raises UnknownCredentialError: Raised if no credential provider by the provided name is found. t sharedconfigtsharedcredentialss assume-roletname(RgRhN(t_get_provider_by_canonical_nametlowert_get_provider_by_methodR8R<R(Rctcanonical_nameRRB((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRees    cCsCx<|jD]1}|j}|r |j|jkr |Sq WdS(sReturn a credential provider by its canonical name. This function is strict, it does not attempt to address compatibility issues. N(RcRRk(RcRmRRi((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRjs cCs+x$|jD]}|j|kr |Sq WdS(s0Return a credential provider by its METHOD name.N(RcR(RcRmR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRls(RgRhRdRXRReRjRl(((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR2Fs    & R.cBsbeZdZdZdZdZdZd d dZdZ dZ dZ d Z d Z RS( scontainer-rolet EcsContainert&AWS_CONTAINER_CREDENTIALS_RELATIVE_URIt"AWS_CONTAINER_CREDENTIALS_FULL_URIt!AWS_CONTAINER_AUTHORIZATION_TOKENcCsF|dkrtj}n|dkr0t}n||_||_dS(N(R8RRRR+t_fetcher(RcRR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRds      cCs2|j|jks$|j|jkr.|jSdS(N(tENV_VARR+t ENV_VAR_FULLt_retrieve_or_fail(Rc((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRs$c Cs|jr+|jj|j|j}n|j|j}|j}|j||}|}td|dd|dd|dd|j dt |dd|S(NRRRRmRWR( t_provided_relative_uriRrtfull_urlR+RsRtt_build_headerst_create_fetcherRtRRM(Rctfull_uritheadersRR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRus       cCs6i}|jj|j}|dk r2i|d6SdS(Nt Authorization(R+RtENV_VAR_AUTH_TOKENR8(RcR{t auth_token((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRxs  csfd}|S(Ncsyjjd}WnGtk re}tjd|dttdjdt|nXi|dd6|dd 6|d d 6|d d 6S(NR{s'Error retrieving container metadata: %sRRRRSRRTRtTokenRRVRW( Rrtretrieve_full_uriR R:R;ReRRRa(RYR(RzR{Rc(s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyt fetch_credss    ((RcRzR{R((RzR{Rcs6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRyscCs|j|jkS(N(RsR+(Rc((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRvsN(RgRhRRRsRtR}R8RdRRuRxRyRv(((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR.s    R<cBsGeZdZdZdZdZdZdZdZRS(cCs ||_dS(sQ :param providers: A list of ``CredentialProvider`` instances. N(R+(RcR+((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRdscCsfy,g|jD]}|j^q j|}Wn tk rNtd|nX|jj||dS(s= Inserts a new instance of ``CredentialProvider`` into the chain that will be tried before an existing one. :param name: The short name of the credentials you'd like to insert the new credentials before. (ex. ``env`` or ``config``). Existing names & ordering can be discovered via ``self.available_methods``. :type name: string :param cred_instance: An instance of the new ``Credentials`` object you'd like to add to the chain. :type cred_instance: A subclass of ``Credentials`` RiN(R+Rtindext ValueErrorRtinsert(RcRitcredential_providerRtoffset((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyt insert_befores , cCs*|j|}|jj|d|dS(s9 Inserts a new type of ``Credentials`` instance into the chain that will be tried after an existing one. :param name: The short name of the credentials you'd like to insert the new credentials after. (ex. ``env`` or ``config``). Existing names & ordering can be discovered via ``self.available_methods``. :type name: string :param cred_instance: An instance of the new ``Credentials`` object you'd like to add to the chain. :type cred_instance: A subclass of ``Credentials`` iN(t_get_provider_offsetR+R(RcRiRR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyt insert_afterscCsRg|jD]}|j^q }||kr/dS|j|}|jj|dS(s Removes a given ``Credentials`` instance from the chain. :param name: The short name of the credentials instance to remove. :type name: string N(R+RRtpop(RcRiRtavailable_methodsR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR9s  cCs|j|j|S(sReturn a credential provider by name. :type name: str :param name: The name of the provider. :raises UnknownCredentialError: Raised if no credential provider by the provided name is found. (R+R(RcRi((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyt get_provider s cCsQy*g|jD]}|j^q j|SWn tk rLtd|nXdS(NRi(R+RRRR(RcRiR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR,s* cCsGx@|jD]5}tjd|j|j}|dk r |Sq WdS(sw Goes through the credentials chain, returning the first ``Credentials`` that could be loaded. sLooking for credentials via: %sN(R+R:R;RRR8(RcRR((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyRF2s   ( RgRhRdRRR9RRRF(((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pyR<s     (BRRHtloggingRRR{Rt collectionsRtcopyRthashlibRRtdateutil.parserRt dateutil.tzRtbotocore.configloaderRotbotocore.compatRRtbotocore.exceptionsRRR R R R R Rtbotocore.utilsRRRt getLoggerRgR:RRERGRJRMRaRQR^RkRiRRRtRRRRR4R/R-R6R3R5R7R0R2R.R<(((s6/tmp/pip-build-wDUJoH/botocore/botocore/credentials.pytsl           J      'Ar-Fo"*7*XE