B ㊇cZ*@sddlZddlZddlZddlZddlmZmZddlmZmZddl Z ddl m Z ddl mZddlmZddlmZddlmZmZmZdd lmZmZmZeeZd d Zd d ZddZ ddZ!GdddeZ"GdddZ#GdddZ$GdddZ%dS)N)datetime timedelta) NamedTupleOptional)tzutc)UNSIGNED) total_seconds)Config) ClientErrorInvalidConfigErrorTokenRetrievalError)CachedProperty JSONFileCacheSSOTokenLoadercCs ttS)N)rnowrrrj/private/var/folders/8c/hx9_v10d5x38qmnzt13b7b8j1k3n5b/T/pip-target-x6xd5gna/lib/python/botocore/tokens.py_utc_now$srcCst|g}t|dS)N) providers)SSOTokenProviderTokenProviderChain)sessionrrrrcreate_token_resolver(s rcCst|tr|dS|S)Nz%Y-%m-%dT%H:%M:%SZ) isinstancerstrftime)objrrr_serialize_utc_timestamp/s  rcCstj|tdS)N)default)jsondumpsr)rrrr_sso_json_dumps5sr c@s&eZdZUeed<dZeeed<dS)FrozenAuthTokentokenN expiration)__name__ __module__ __qualname__str__annotations__r#rrrrrrr!9s r!c@sLeZdZdZdZdZefddZddZdd Z d d Z d d Z ddZ dS)DeferredRefreshableTokeniiX<cCs,||_||_||_t|_d|_d|_dS)N) _time_fetcher_refresh_usingmethod threadingLock _refresh_lock _frozen_token _next_refresh)selfr-Z refresh_using time_fetcherrrr__init__Gs  z!DeferredRefreshableToken.__init__cCs||jS)N)_refreshr1)r3rrrget_frozen_tokenQsz)DeferredRefreshableToken.get_frozen_tokencCsB|}|sdS|dk}|j|r>z |Wd|jXdS)N mandatory)_should_refreshr0acquire_protected_refreshrelease)r3 refresh_typeZblock_for_refreshrrrr6Us  z!DeferredRefreshableToken._refreshcCs|}|sdSy(|}|t|jd|_||_Wn.tk rftj d|dd|dkrbYnX| r~t |j dddS)N)secondsz5Refreshing token failed during the %s refresh period.T)exc_infor8z$Token has expired and refresh failed)provider error_msg) r9r+r_attempt_timeoutr2r,r1 Exceptionloggerwarning _is_expiredr r-)r3r=rrrrr;cs$z+DeferredRefreshableToken._protected_refreshcCs.|jdkrdS|jj}t||}|dkS)NFr)r1r#rr+)r3r# remainingrrrrFs  z$DeferredRefreshableToken._is_expiredcCsd|jdkrdS|jj}|dkr"dS|}||jkr8dSt||}||jkrRdS||jkr`dSdS)Nr8Zadvisory)r1r#r+r2r_mandatory_refresh_timeout_advisory_refresh_timeout)r3r#rrGrrrr9s     z(DeferredRefreshableToken._should_refreshN) r$r%r&rIrHrBrr5r7r6r;rFr9rrrrr)>s r)c@seZdZdddZddZdS)rNcCs|dkr g}||_dS)N) _providers)r3rrrrr5szTokenProviderChain.__init__cCs(x"|jD]}|}|dk r|SqWdS)N)rJ load_token)r3r@r"rrrrKs  zTokenProviderChain.load_token)N)r$r%r&r5rKrrrrrs rc@seZdZdZdZejejddddZ ddgZ dZ e Z d efd d Zd d ZeddZeddZddZddZddZddZd S)rZssoi~z.awscache sso_start_url sso_regionZ refresh_tokenNcCs<||_|dkr|j|jtd}||_||_t|jd|_dS)N)Z dumps_func)rM)_sessionDEFAULT_CACHE_CLS_SSO_TOKEN_CACHE_DIRr _now_cacher _token_loader)r3rrMr4rrrr5szSSOTokenProvider.__init__c Cs|jj}|di}|di}|jd}|s4d}||i}d|krLdS|d}||d}|sd|d|d}t|d g} x |jD]} | |kr| | qW| rd|d | d }t|d ||d |d dS)Nprofiles sso_sessionsZprofilerZ sso_sessionz The profile "z7" is configured to use the SSO token provider but the "z+" sso_session configuration does not exist.)rAzZ" is configured to use the SSO token provider but is missing the following configuration: .rOrN) session_namerOrN)rPZ full_configgetZget_config_variabler _SSO_CONFIG_VARSappend) r3Z loaded_configrVrWZ profile_nameZprofile_configZsso_session_nameZ sso_configrAZmissing_configsvarrrr_load_sso_configs0        z!SSOTokenProvider._load_sso_configcCs|S)N)r^)r3rrr _sso_configszSSOTokenProvider._sso_configcCs"t|jdtd}|jjd|dS)NrO)Z region_nameZsignature_versionzsso-oidc)config)r r_rrPZ create_client)r3r`rrr_clientszSSOTokenProvider._clientcCs|jj|j|d|d|dd}t|dd}|jd|jd|d |||d|d|d d }d|kr||d|d<td |S) NclientId clientSecret refreshToken)Z grantTyperbrcrdZ expiresIn)r>rNrO accessTokenregistrationExpiresAt)ZstartUrlregionre expiresAtrbrcrfzSSO Token refresh succeeded)raZ create_token _GRANT_TYPErr_rSrDinfo)r3r"responseZ expires_inZ new_tokenrrr_attempt_create_tokens"     z&SSOTokenProvider._attempt_create_tokencsd}fdd|D}|r2d|}t|dStjd}t||dkrjtd|dSy |Stk rtj dd d dSXdS) N)rdrbrcrfcsg|]}|kr|qSrr).0k)r"rr sz:SSOTokenProvider._refresh_access_token..z+Unable to refresh SSO token: missing keys: rfrz"SSO token registration expired at z SSO token refresh attempt failedT)r?) rDrjdateutilparserparserrSrlr rE)r3r"keysZ missing_keysmsgZexpiryr)r"r_refresh_access_tokens   z&SSOTokenProvider._refresh_access_tokencCs|jd}|jd}td||j||d}tj|d}td|t|| }||j kr| |}|dk r|}|d}|jj |||dt |d|dS) NrNrYzLoading cached SSO token for )rYrhzCached SSO token expires at re)r#)r_rDrjrUrprqrrdebugrrS_REFRESH_WINDOWruZ save_tokenr!)r3Z start_urlrYZ token_dictr#rGZnew_token_dictrrr _refresher*s      zSSOTokenProvider._refreshercCs"|jdkrdSt|j|j|jdS)N)r4)r_r)METHODrxrS)r3rrrrK@s zSSOTokenProvider.load_token)r$r%r&ryrwospath expanduserjoinrRr[rirrQrr5r^r r_rarlrurxrKrrrrrs  *  r)&rloggingrzr.rrtypingrrZdateutil.parserrpZ dateutil.tzrZbotocorerZbotocore.compatrZbotocore.configr Zbotocore.exceptionsr r r Zbotocore.utilsr rr getLoggerr$rDrrrr r!r)rrrrrr s*     a