B ㊇c8h@sdZddlZddlZddlZddlZddlZddlZddlZddlm Z ddl Z ddl Z ddl m Z ddl mZmZmZmZmZmZmZmZmZmZmZddlmZmZmZddlmZddlm Z m!Z!m"Z"dd l#m$Z$dd l%m&Z&m'Z'm(Z(dd l)m*Z*m+Z+m,Z,m-Z-m.Z.dd l m/Z/dd l m0Z0ddl m1Z1ddlm2Z2ddl)m3Z3ddl)m4Z4e5e6Z7e8Z9e8Z:e;dZe;d?e=e>gZ@dZAe;dZBddiZCddZDddZEddZFd d!ZGd"d#ZHd$d%ZId&d'ZJd(d)ZKd*d+ZLd,d-ZMd.d/ZNd0d1ZOd2d3ZPdd5d6ZQd7d8ZRd9d:ZSd;d<ZTGd=d>d>ZUd?d@ZVdAdBZWdCdDZXdEdFZYdGdHZZdIdJZ[dKdLZ\dMdNZ]dOdPZ^dQdRZ_dSdTZ`dUdVZadWdXZbdYdZZcd[d\Zdd]d^Zed_d`ZfdadbZgdcddZhdedfZidgdhZjdidjZkdkdlZldmdnZmdodpZndqdrZodsdtZpdudvZqdwdxZrdydzZsd{d|ZtGd}d~d~ZuGdddZvGdddZwddZxddZyddZzddZ{ddZ|ddZ}ddZ~deDfdevdfdese:fdese:fde(fde'fdelfdeyfde^fdeJfdeMfde`fdeKfdeNfde{fdenfdenfdenfdeWfdeWfdecfdecfdecfde|fdeVfdeVfde~fdeEfdeTfdeffdegfde,fde,fdeFfdeFfdehfdehfde\fdezfdekfdeGe9fdeGe9fdeGe9fdeSfdeSfdeSfdeSfdeSfdeSfdeIfdeOfdeOfdeOfdeOfdePfdeOfdeOfdeOfdePfdeOfdeafdeafdedfdeefde}fdeofdepfdeqfdemfdeddσjfdedуjfdedуjfdeifdejfdebdփfdebdփfdedكjfdedڃjfded܃jfded݃jfdebd߃fdedddddddddddddddg jfde&fde]fde]fde]fde]fde]fdedjfdedjfdedjfdedjfdedjfde]fde]fdedjfdedjfde]fde]fdedjfdedjfdeUdjfdexfggZetedS(z_Builtin event handlers. This module contains builtin handlers for events emitted by botocore. N)BytesIO)utils) ETree OrderedDict XMLParseError ensure_bytesget_md5jsonquoteunquote unquote_strurlsplit urlunsplit)AppendParamDocumentationAutoPopulatedParamHideParamFromOperations)VALID_HOST_LABEL_RE)AliasConflictParameterErrorParamValidationErrorUnsupportedTLSVersionWarning)EndpointResolverBuiltins)add_generate_db_auth_tokenadd_generate_presigned_postadd_generate_presigned_url) SAFE_CHARS ArnParserconditionally_calculate_md5percent_encodeswitch_host_with_param) retryhandler) translate) MD5_AVAILABLE)MissingServiceIdError)hyphenize_service_id)is_global_accesspointz^[a-zA-Z0-9.\-_]{1,255}$z]^arn:(aws).*:(s3|s3-object-lambda):[a-z\-0-9]*:[0-9]{12}:accesspoint[/:][a-zA-Z0-9\-.]{1,63}$zt^arn:(aws).*:s3-outposts:[a-z\-0-9]+:[0-9]{12}:outpost[/:][a-zA-Z0-9\-]{1,63}[/:]accesspoint[/:][a-zA-Z0-9\-]{1,63}$|)s3z s3-outpostszs3-object-lambdaz\?versionId=[^\s]+$zruntime.sagemakerzsagemaker-runtimecKs t||S)N)SERVICE_NAME_ALIASESget) service_namekwargsr+l/private/var/folders/8c/hx9_v10d5x38qmnzt13b7b8j1k3n5b/T/pip-target-x6xd5gna/lib/python/botocore/handlers.pyhandle_service_name_aliasisr-cKsBdtjk}tjd}|r>|r>|d}d|kr>t|dd|d<dS)NZAWS_LAMBDA_FUNCTION_NAMEZ_X_AMZN_TRACE_IDheaderszX-Amzn-Trace-Idz -=;:+&[]{}"',)safe)osenvironr(r )paramsr*Zhas_lambda_nameZtrace_idr.r+r+r,add_recursion_detection_headerms   r3cKs<|d}d|kr|dd}d|kr0|dd}||d<dS)Nbody s  s )replace)r2r*r4r+r+r,escape_xml_payloadvs   r8cKs2|dkr dS|\}}t|r.td|d|_dS)NzWError found for response with 200 status code, errors: %s, changing status code to 500.i)_looks_like_special_case_errorloggerdebug status_code)responser* http_responseparsedr+r+r,check_for_200_errorsr@cCs\|jdkrXy*tjtdd}||j|}Wntk rHdSX|jdkrXdSdS)Nzutf-8)targetencodingTErrorF) r<r XMLParser TreeBuilderfeedcontentclosertag)r>parserrootr+r+r,r9s    r9cKs|d}|sdS|dkr tjS|dkr,dS|dr|dkrnd|d}d |kr`|d |n||d <d}nd}|d krd |d <|tkrd |}|SdS)a'Choose the operation-specific signer. Individual operations may have a different auth type than the service as a whole. This will most often manifest as operations that should not be authenticated at all, but can include other auth modes such as sigv4 without body signing. auth_typeNnoneZbearerZv4Zv4a*)region signing_namesigningzv4-unsigned-bodyFZpayload_signing_enabledr&)r(botocoreUNSIGNED startswithupdateS3_SIGNING_NAMES)contextrQr*rMrRZsignature_versionr+r+r,set_operation_specific_signers(    rYc Ks^d|krZy(tt|dddd}||d<Wn(tttfk rXtjdddYnXdS)NOutputzlatin-1zutf-8r7zError decoding base64T)exc_info) base64 b64decodebytesdecode ValueError TypeErrorAttributeErrorr:r;)r?r*valuer+r+r,decode_console_outputs rdcKsBx<|jD]2}||krtt||<td|||fqWdS)Nz1injecting idempotency token (%s) into param '%s'.)Zidempotent_membersstruuiduuid4r:r;)r2modelr*namer+r+r,generate_idempotent_uuids  rjc Cs>ytt|}Wn&ttfk r8tjdddYnX|S)NzError loading quoted JSONT)r[)r loadsr r`rar:r;)rcr+r+r,decode_quoted_jsondocs rlc KsRd|krNytj|dtd}||d<Wn&ttfk rLtjdddYnXdS)N TemplateBody)object_pairs_hookzerror loading JSONT)r[)r rkrr`rar:r;)r?r*rcr+r+r,json_decode_template_bodys rocKsRd|kr dS|d}t|sNt|sNd|dtjdtjd}t|ddS)NBucketzInvalid bucket name "z%": Bucket name must match the regex "z#" or be an ARN matching the regex "")report) VALID_BUCKETsearch VALID_S3_ARNpatternr)r2r*bucket error_msgr+r+r,validate_bucket_names rycKst|ddS)z S3 server-side encryption requires the encryption key to be sent to the server base64 encoded, as well as a base64-encoded MD5 hash of the encryption key. This handler does both if the MD5 has not been set by the caller. SSECustomerN)_sse_md5)r2r*r+r+r,sse_md5 sr|cKst|ddS)a1 S3 server-side encryption requires the encryption key to be sent to the server base64 encoded, as well as a base64-encoded MD5 hash of the encryption key. This handler does both if the MD5 has not been set by the caller specifically if the parameter is for the copy-source sse-c key. ZCopySourceSSECustomerN)r{)r2r*r+r+r,copy_source_sse_md5*sr}rzcCsvt||sdS|d}|d}||}t|tr:|d}tt|d}t|d}|||<|||<dS)NKeyKeyMD5zutf-8) _needs_s3_sse_customization isinstancereencoder\ b64encoderdigestr_)r2sse_member_prefixZsse_key_memberZsse_md5_memberZ key_as_bytesZ key_md5_strZkey_b64_encodedr+r+r,r{4s   r{cCs||ddk o|d|kS)Nr~r)r()r2rr+r+r,rEsrcKstjS)zk This handler disables request signing by setting the signer name to a special sentinel value. )rSrT)r*r+r+r,disable_signingLsrcKsJ|jdddkrdSd|krF|d}t|drFtdd|dd <dS) Nmethod)PUTPOSTr4readz-Adding expect 100 continue header to request.z 100-continuer.ZExpect)httpr(hasattrr:r;)rhr2r*r4r+r+r,add_expect_headerTs  rc@seZdZddZddZdS)DeprecatedServiceDocumentercCs ||_dS)N)_replacement_service_name)selfZreplacement_service_namer+r+r,__init__asz$DeprecatedServiceDocumenter.__init__cKs>|j|d|j|j|j|d|jdS)Nz.This service client is deprecated. Please use z instead.)styleZstart_importantwriterefrZ end_important)rsection event_namer*r+r+r,inject_deprecation_noticeds   z5DeprecatedServiceDocumenter.inject_deprecation_noticeN)__name__ __module__ __qualname__rrr+r+r+r,r`src Ksd|kr:|d}|d}|d}||dnJd|kr|d}|d}||d|d }||d dS) Nzrequest-examplezstructure-value CopySourcez member-valuezH'string' or {'Bucket': 'string', 'Key': 'string', 'VersionId': 'string'}zrequest-paramsz param-typez:type CopySource: str or dictzparam-documentationaqThe name of the source bucket, key name of the source object, and optional version ID of the source object. You can either provide this value as a string or a dictionary. The string form is {bucket}/{key} or {bucket}/{key}?versionId={versionId} if you want to copy a specific version. You can also provide this value as a dictionary. The dictionary format is recommended over the string format because it is more explicit. The dictionary format is: {'Bucket': 'bucket', 'Key': 'key', 'VersionId': 'id'}. Note that the VersionId key is optional and may be omitted. To specify an S3 access point, provide the access point ARN for the ``Bucket`` key in the copy source dictionary. If you want to provide the copy source for an S3 access point as a string instead of a dictionary, the ARN provided must be the full S3 access point object ARN (i.e. {accesspoint_arn}/object/{key})) get_section clear_textr) rrr*parent param_line value_portion param_section type_sectionZ doc_sectionr+r+r,document_copy_source_formos        rcKsH|d}|dkrdSt|tr.t||d<nt|trDt||d<dS)aHConvert CopySource param for CopyObject/UploadPartCopy. This handler will deal with two cases: * CopySource provided as a string. We'll make a best effort to URL encode the key name as required. This will require parsing the bucket and version id from the CopySource value and only encoding the key. * CopySource provided as a dict. In this case we're explicitly given the Bucket, Key, and VersionId so we're able to encode the key and ensure this value is serialized and correctly sent to S3. rN)r(rre_quote_source_headerdict_quote_source_header_from_dict)r2r*sourcer+r+r,handle_copy_source_params   rc CsyF|d}|d}|d}t|r6|d|}n|d|}Wn6tk r|}ztdt|dWdd}~XYnXt|tdd}|dk r|d |7}|S) Nrpr~Z VersionIdz/object//zMissing required parameter: )rr)r/z ?versionId=%s)r(rurtKeyErrorrrerr)Z source_dictrwkey version_idfinaler+r+r,rs  $ rcCs\t|}|dkr"t|tddS|d|||d}}t|tdd|SdS)Nr)r/)VERSION_ID_SUFFIXrtrrstart)rcresultfirstrr+r+r,rs  "rcCsLt|}||dd<|d|||d<d|d<i|d<|j|||jdS)Nr4DestinationRegionurlGETrr.)Z region_nameZoperation_name)copydeepcopyr7Zgenerate_presigned_urlri)request_signer request_dictrh source_regiondestination_regionZrequest_dict_copyr+r+r,_get_cross_region_presigned_urls   rcCs|j}|d}||fS)N SourceRegion)Z _region_namer()rr2rrr+r+r,1_get_presigned_url_source_and_destination_regionss rcKsNd|dkrdSt||d\}}t|||||}||dd<||dd<dS)N PresignedUrlr4r)rr)r2rrhr*srcdestrr+r+r,inject_presigned_url_ec2s  rcKs\d|dkrdSt||d\}}|dd=d|dkrr*Z response_bodyrKrLrPr+r+r,parse_get_bucket_location3s  rcKsDd|kr@t|dtr(|dd|d<t|dd|d<dS)NUserDatazutf-8)rrerr\rr_)r2r*r+r+r,base64_encode_user_dataCs rcCsd}t||}|jS)Nzw**This value will be base64 encoded automatically. Do not base64 encode this value prior to performing the operation.**)rappend_documentation)param descriptionappendr+r+r,document_base64_encodingMs rc Ksz|d}|rt|tsdSxX|D]L\}}y|d|dWq&tk rpd||f}t|dYq&Xq&WdS)aEVerify S3 Metadata only contains ascii characters. From: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html "Amazon S3 stores user-defined metadata in lowercase. Each name, value pair must conform to US-ASCII when using REST and UTF-8 when using SOAP or browser-based uploads via POST." ZMetadataNasciizvNon ascii characters found in S3 metadata for key "%s", value: "%s". S3 metadata can only contain ASCII characters. )rr)r(rrrrUnicodeEncodeErrorr)r2r*metadatarrcrxr+r+r,validate_ascii_metadataWs   rcKst|j}|rt|dsdSdd|jD}xB|D]:}||kr2||}|dd||<td||||q2WdS)z Check for and split apart Route53 resource IDs, setting only the last piece. This allows the output of one operation (e.g. ``'foo/1234'``) to be used as input in another operation (e.g. it expects just ``'1234'``). rNcSsg|]\}}|jdkr|qS))Z ResourceIdZDelegationSetIdZChangeId)ri).0rirr+r+r, sz#fix_route53_ids..rz %s %s -> %s) input_shaperrrsplitr:r;)r2rhr*rrriZ orig_valuer+r+r,fix_route53_idsvs rcKs|ddkrd|d<dS)N accountId-)r()r2r*r+r+r,inject_account_idsrcKs|}|jd|dd<dS)NZ apiVersionr.zx-amz-glacier-version)r)rhr2r*rr+r+r,add_glacier_versionsrcKs(|ddddkr$|}d|dd<dS)Nr.Acceptzapplication/json)r()rhr2r*rr+r+r,add_accept_headersrcKsv|}|d}|d}t|tr&t|}|}d|krHtj|dd|d<||d|krht||d<||dS)zAdd glacier checksums to the http request. This will add two headers to the http request: * x-amz-content-sha256 * x-amz-sha256-tree-hash These values will only be added if they are not present in the HTTP request. r.r4zx-amz-content-sha256T)Zas_hexzx-amz-sha256-tree-hashN)rr^rtellrZcalculate_sha256seekZcalculate_tree_hash)r2r*rr.r4Zstarting_positionr+r+r,add_glacier_checksumss   rcCsd}td|jS)Na This is a required field. Ideally you will want to compute this value with checksums from previous uploaded parts, using the algorithm described in `Glacier documentation `_. But if you prefer, you can also use botocore.utils.calculate_tree_hash() to compute it from raw file by:: checksum = calculate_tree_hash(open('your_file.txt', 'rb')) checksum)rr)docr+r+r,#document_glacier_tree_hash_checksums rcKsld|kr0|d}|d}||dn8d|krh|d}|d}|d}||ddS) Nzresponse-paramsrmz param-typez (*dict*) --zresponse-examplezstructure-valuez member-valuez{})rrr)rrr*Ztemplate_body_sectionrrrrr+r+r,0document_cloudformation_get_template_return_types      rcKst|ddS)NZPredictEndpoint)r)requestr*r+r+r,switch_host_machinelearningsrcKsFddl}y$|j}|dkr*td|jtWntk r@YnXdS)Nr)rrzCurrently installed openssl version: %s does not support TLS 1.2, which is required for use of iot-data. Please use python installed with openssl version 1.0.1 or higher.)sslOPENSSL_VERSION_INFOwarningswarnOPENSSL_VERSIONrrb)r*rZopenssl_version_tupler+r+r,&check_openssl_supports_tls_version_1_2s rcKs>|jdkr:d|jkr:d|jd<d|_|jdd\|_|_dS)Nr?z!application/x-www-form-urlencodedz Content-Typerr)rrr.rdata)rr*r+r+r,change_get_to_posts rcKsd|krd|d<d|d<dS)N EncodingTypeTencoding_type_auto_setrr+)r2rXr*r+r+r,"set_list_objects_encoding_type_urlsrcKstdddgddg||ddS)N DelimiterMarkerZ NextMarker)Contentsr~)CommonPrefixesPrefix)top_level_keys nested_keysr?rX)_decode_list_object)r?rXr*r+r+r,decode_list_objects r cKstdddgddg||ddS)NrrZ StartAfter)rr~)rr)rrr?rX)r)r?rXr*r+r+r,decode_list_object_v2s r cKs"tddddgdddg||ddS) NZ KeyMarkerZ NextKeyMarkerrr)ZVersionsr~)Z DeleteMarkersr~)rr)rrr?rX)r)r?rXr*r+r+r,decode_list_object_versions,sr cCs~|ddkrz|drzx$|D]}||krt||||<qWx:|D]2\}}||krDx ||D]}t||||<q^WqDWdS)Nrrr)r(r )rrr?rXrZtop_keyZ child_keyrr+r+r,rBs rcKsNd|krJt|dtr,tt|d|d<nt|dtrJt|d|d<dS)NZBody)rrerrr^)r2r*r+r+r, convert_body_to_file_like_objectQs r c Csvdddd}xd|D]X\}}|dd\}}t||}d||jtf}d|d |jf}||||qWdS) NZFiltersZfromTimeZ returnFields)z ec2.*.Filterzlogs.CreateExportTask.fromzcloudsearchdomain.Search.return.rzbefore-parameter-build.zdocs.*.z.complete-section)rrsplitParameterAliasalias_parameter_in_callREGISTER_FIRST alias_parameter_in_documentationr) Z handler_listaliasesoriginalnew_nameZ event_portion original_nameZparameter_aliasZ#parameter_build_event_handler_tupleZdocs_event_handler_tupler+r+r,_add_parameter_aliasesYs   rc@s,eZdZddZddZddZddZd S) rcCs||_||_dS)N)_original_name _alias_name)rrZ alias_namer+r+r,r{szParameterAlias.__init__cKsR|jrN|j|jjkrN|j|krN|j|kreZdZdZedejZddZddZ ddZ d d Z d S) HeaderToHostHoisterz;Takes a header and moves it to the front of the hoststring.z(?!-)[a-z\d-]{1,63}(?Operation requires h2 which is currently unsupported in PythonZstart_conversationNr+)Zclass_attributesr*r+r+r, remove_lex_v2_start_conversationsr<c sN|jdsdS|j}d|d<d}fdd|D}d||d<dS) Nretriesz invocation-idzamz-sdk-invocation-id)ttlattemptmaxcs&g|]}|kr|d|qS)=r+)rr)retries_contextr+r,rsz%add_retry_headers..z; zamz-sdk-request)rXr(r.r0)rr*r.Zsdk_retry_keysZsdk_request_headersr+)rBr,add_retry_headerss   rCcKsR|jd}d}||rN|t|d|jd<||k}|rD|dn||jd<dS)aStrips leading `{Bucket}/` from any operations that have it. The original value is retained in a separate "authPath" field. This is used in the HmacV1Auth signer. See HmacV1Auth.canonical_resource in botocore/auth.py for details. This change is applied to the operation model during the first time the operation is invoked and then stays in effect for the lifetime of the client object. When the ruleset based endpoint resolver is in effect, both the endpoint ruleset AND the service model place the bucket name in the final URL. The result is an invalid URL. This handler modifies the operation model to no longer place the bucket name. Previous versions of botocore fixed the URL after the fact when necessary. Since the introduction of ruleset based endpoint resolution, the problem exists in ALL URLs that contain a bucket name and can therefore be addressed before the URL gets assembled. Z requestUriz /{Bucket}NrZauthPath)rrUlen)r2rhrXr*Zreq_uriZ bucket_pathZ needs_slashr+r+r,'remove_bucket_from_url_paths_from_models   rEcKs>tdd|jD}|jdk r:|jddkr:|r:|jd=dS)aPRemoves the `{AccountId}.` prefix from the operation model. This change is applied to the operation model during the first time the operation is invoked and then stays in effect for the lifetime of the client object. When the ruleset based endpoint resolver is in effect, both the endpoint ruleset AND the service model place the {AccountId}. prefix in the URL. The result is an invalid endpoint. This handler modifies the operation model to remove the `endpoint.hostPrefix` field while leaving the `RequiresAccountId` static context parameter in place. css"|]}|jdko|jdkVqdS)ZRequiresAccountIdTN)rirc)rZ ctx_paramr+r+r, 2sz6remove_accid_host_prefix_from_model..NZ hostPrefixz {AccountId}.)anyZstatic_context_parametersZendpointr()r2rhrXr*Z has_ctx_paramr+r+r,#remove_accid_host_prefix_from_model$s   rHcKs^|j}t|trZ|drZ|d}t|dkrZtt|drZd d|dd|_dS)Nz/arn%3Arrr)r) auth_pathrrerUrrDris_arnr r0)rr*rJZauth_path_partsr+r+r,remove_arn_from_signing_path=s  rLc Ks|d}|dk ot|}|jdkr2d|tj<n|r@d|tj<|dk oRt| }|tj}|dr|s|s|sd|tj<d|tj <dS)aModify builtin parameter values for endpoint resolver Modifies the builtins dict in place. Changes are in effect for one call. The corresponding event is emitted only if at least one builtin parameter value is required for endpoint resolution for the operation. rpNZGetBucketLocationTFZuse_global_endpointz aws-global) r(rrKrirZAWS_S3_FORCE_PATH_STYLErr-Z AWS_REGIONZAWS_S3_USE_GLOBAL_ENDPOINT) builtinsrhr2rXr*Z bucket_nameZ bucket_is_arnZpath_style_requiredZpath_style_requestedr+r+r,$customize_endpoint_resolver_builtinsGs      rNzchoose-service-namez/getattr.mturk.list_hi_ts_for_qualification_typeZ list_hits_for_qualification_typez$before-parameter-build.s3.UploadPartz#before-parameter-build.s3.PutObjectzcreating-client-classzcreating-client-class.s3zcreating-client-class.iot-dataz$creating-client-class.lex-runtime-v2zafter-call.iamzafter-call.ec2.GetConsoleOutputz%after-call.cloudformation.GetTemplatezafter-call.s3.GetBucketLocationzbefore-parameter-buildzbefore-parameter-build.s3z%before-parameter-build.s3.ListObjectsz'before-parameter-build.s3.ListObjectsV2z,before-parameter-build.s3.ListObjectVersionsz$before-parameter-build.s3.CopyObjectz(before-parameter-build.s3.UploadPartCopyz/before-parameter-build.s3.CreateMultipartUploadz!before-parameter-build.s3-controlz%docs.*.s3.CopyObject.complete-sectionz)docs.*.s3.UploadPartCopy.complete-sectionzbefore-endpoint-resolution.s3z before-callzbefore-call.s3zbefore-call.glacierzbefore-call.apigatewayzbefore-call.s3.PutObjectzbefore-call.s3.UploadPartzbefore-call.s3.DeleteObjectsz.before-call.s3.PutBucketLifecycleConfigurationz!before-call.glacier.UploadArchivez'before-call.glacier.UploadMultipartPartzbefore-call.ec2.CopySnapshotzrequest-createdz'request-created.machinelearning.Predictzneeds-retry.s3.UploadPartCopyzneeds-retry.s3.CopyObjectz&needs-retry.s3.CompleteMultipartUploadz$choose-signer.cognito-identity.GetIdz-choose-signer.cognito-identity.GetOpenIdTokenz-choose-signer.cognito-identity.UnlinkIdentityz8choose-signer.cognito-identity.GetCredentialsForIdentityz$choose-signer.sts.AssumeRoleWithSAMLz+choose-signer.sts.AssumeRoleWithWebIdentityz choose-signerz$before-parameter-build.s3.HeadObjectz#before-parameter-build.s3.GetObjectz-before-parameter-build.s3.SelectObjectContentz'before-parameter-build.ec2.RunInstanceszs  4             1      %     !  !21 2