U M8c~@sdZddlZddlZddlZddlmZddlmZmZddl m Z m Z ddl m Z ddlmZddlmZmZmZmZmZmZmZmZmZmZmZmZmZmZdd lm Z m!Z!e"e#Z$d Z%d iiZ&Gd d d Z'Gddde'Z(Gddde)eZ*GdddZ+dS)zResolves regions and endpoints. This module implements endpoint resolution, including resolving endpoints for a given service and region and resolving the available endpoints for a service in a specific AWS partition. N)Enum)UNSIGNED xform_name)AUTH_TYPE_MAPSHAS_CRTCRT_SUPPORTED_AUTH_TYPES)EndpointProvider)EndpointProviderErrorEndpointVariantError!InvalidEndpointConfigurationErrorInvalidHostLabelErrorMissingDependencyException NoRegionErrorParamValidationError$UnknownEndpointResolutionBuiltInNameUnknownRegionErrorUnknownSignatureVersionError*UnsupportedS3AccesspointConfigurationErrorUnsupportedS3ConfigurationErrorUnsupportedS3ControlArnError&UnsupportedS3ControlConfigurationError)ensure_booleaninstance_cachez{service}.{region}.{dnsSuffix} endpointsc@s,eZdZdZd ddZddZd d d ZdS) BaseEndpointResolverz3Resolves regions and endpoints. Must be subclassed.NcCstdS)a7Resolves an endpoint for a service and region combination. :type service_name: string :param service_name: Name of the service to resolve an endpoint for (e.g., s3) :type region_name: string :param region_name: Region/endpoint name to resolve (e.g., us-east-1) if no region is provided, the first found partition-wide endpoint will be used if available. :rtype: dict :return: Returns a dict containing the following keys: - partition: (string, required) Resolved partition name - endpointName: (string, required) Resolved endpoint name - hostname: (string, required) Hostname to use for this endpoint - sslCommonName: (string) sslCommonName to use for this endpoint. - credentialScope: (dict) Signature version 4 credential scope - region: (string) region name override when signing. - service: (string) service name override when signing. - signatureVersions: (list) A list of possible signature versions, including s3, v4, v2, and s3v4 - protocols: (list) A list of supported protocols (e.g., http, https) - ...: Other keys may be included as well based on the metadata NNotImplementedError)self service_name region_namer!4/tmp/pip-unpacked-wheel-ozje0y8b/botocore/regions.pyconstruct_endpoint6sz'BaseEndpointResolver.construct_endpointcCstdS)zLists the partitions available to the endpoint resolver. :return: Returns a list of partition names (e.g., ["aws", "aws-cn"]). Nrrr!r!r"get_available_partitionsSsz-BaseEndpointResolver.get_available_partitionsawsFcCstdS)aLists the endpoint names of a particular partition. :type service_name: string :param service_name: Name of a service to list endpoint for (e.g., s3) :type partition_name: string :param partition_name: Name of the partition to limit endpoints to. (e.g., aws for the public AWS endpoints, aws-cn for AWS China endpoints, aws-us-gov for AWS GovCloud (US) Endpoints, etc. :type allow_non_regional: bool :param allow_non_regional: Set to True to include endpoints that are not regional endpoints (e.g., s3-external-1, fips-us-gov-west-1, etc). :return: Returns a list of endpoint names (e.g., ["us-east-1"]). Nr)rrpartition_nameallow_non_regionalr!r!r"get_available_endpointsZsz,BaseEndpointResolver.get_available_endpoints)N)r&F)__name__ __module__ __qualname____doc__r#r%r)r!r!r!r"r3s  rc@seZdZdZddgZd%ddZd&dd Zd d Zd'd dZd(ddZ d)ddZ ddZ d*ddZ ddZ ddZddZddZdd Zd!d"Zd#d$Zd S)+EndpointResolverz7Resolves endpoints based on partition endpoint metadatazaws-isoz aws-iso-bFcCs d|krtd||_||_dS)a :type endpoint_data: dict :param endpoint_data: A dict of partition data. :type uses_builtin_data: boolean :param uses_builtin_data: Whether the endpoint data originates in the package's data directory. partitionsz%Missing "partitions" in endpoint dataN) ValueError_endpoint_datauses_builtin_data)r endpoint_datar2r!r!r"__init__us zEndpointResolver.__init__r&cCsB|jdD]2}|d|krq |d}||kr.q ||dSdS)Nr/ partitionservicesr)r1)rrr'r5r6r!r!r"get_service_endpoints_datas z+EndpointResolver.get_service_endpoints_datacCs&g}|jdD]}||dq|S)Nr/r5)r1append)rresultr5r!r!r"r%sz)EndpointResolver.get_available_partitionsNc Csg}|jdD]}|d|kr q|d}||kr2q||d}|D]J} | |dk} |rz| rz||| |} | r|| qB|s| rB|| qBq|S)Nr/r5r6rregions)r1_retrieve_variant_datar8) rrr'r(endpoint_variant_tagsr9r5r6Zservice_endpoints endpoint_nameZis_regional_endpointZ variant_datar!r!r"r)s(    z(EndpointResolver.get_available_endpointscCs\|jdD]L}|d|kr |rJ||d|}|rVd|krV|dSq |dSq dS)Nr/r5defaults dnsSuffix)r1r;get)rr'r<r5variantr!r!r"get_partition_dns_suffixs  z)EndpointResolver.get_partition_dns_suffixc Cs|dkr|r|dkrd}|dk rhd}|jdD]}|d|kr.|}q.|dk rd||||||d}|SdS|jdD]6}|r|d|jkrqr||||||}|rr|SqrdS)Ns3z us-east-1r/r5T)r1_endpoint_for_partition!_UNSUPPORTED_DUALSTACK_PARTITIONS) rrr r'use_dualstack_endpointuse_fips_endpointZvalid_partitionr5r9r!r!r"r#sN  z#EndpointResolver.construct_endpointcCs8|jdD]}|||r |dSq t|dddS)Nr/r5z,No partition found for provided region_name.)r error_msg)r1 _region_matchr)rr r5r!r!r"get_partition_for_regions z)EndpointResolver.get_partition_for_regionc Cs|d}|r,||jkr,d|}tdg|d|d|t} |dkr\d| krV| d}nt||| |||d} || dkr|jf| S|||s|r| d} | d d } | r| std ||| | | d <|jf| Std |||jf| SdS)Nr5z@Dualstack endpoints are currently not supported for %s partition dualstacktagsrHr6ZpartitionEndpoint)r5r service_datar=rFrGrZisRegionalizedTz'Using partition endpoint for %s, %s: %sr=z*Creating a regex based endpoint for %s, %s) rEr r@DEFAULT_SERVICE_DATAr_resolverILOGdebug) rr5rr rFrGZforce_partitionr'rHrNZresolve_kwargsZpartition_endpointZis_regionalizedr!r!r"rDsZ       z(EndpointResolver._endpoint_for_partitioncCs0||dkrdSd|kr,t|d|SdS)Nr:TZ regionRegexF)recompilematch)rr5r r!r!r"rI9s  zEndpointResolver._region_matchcCs>|dg}|D](}t|dt|kr|}|SqdS)NvariantsrM)r@setcopy)rr3rMrVrAr9r!r!r"r;@s  z'EndpointResolver._retrieve_variant_datacCs$g}|r|d|r |d|S)NrKZfips)r8)rrFrGrMr!r!r"_create_tag_listGs   z!EndpointResolver._create_tag_listcCs4i}|||fD] }|||}|r|||q|SN)r; _merge_keys)rrMr3service_defaultspartition_defaultsr9rVrAr!r!r"_resolve_variantOs  z!EndpointResolver._resolve_variantc Cs$|di|i}|dr,td||di}|di} |||} | r|| ||| } | ikrd|d|} t| | d||| n|} d| kr|d| d<|d | d <|| d <||| || | ||| d ||| d| d <d | kr ||| d ||| d| d <| S) Nr deprecatedz5Client is configured with the deprecated endpoint: %sr>zEndpoint does not exist for z in region rLr?r5Z endpointNamehostnameZ sslCommonName)r@rQwarningrYr^r r[_expand_template) rr5rrNr=rFrGr3r\r]rMr9rHr!r!r"rPYs`           zEndpointResolver._resolvecCs"|D]}||kr||||<qdSrZr!)rZ from_datar9keyr!r!r"r[szEndpointResolver._merge_keyscCs|j|||dS)N)Zserviceregionr?)format)rr5templaterr=r?r!r!r"rbs z!EndpointResolver._expand_template)F)r&)r&FN)N)NNFF)F)r*r+r,r-rEr4r7r%r)rBr#rJrDrIr;rYr^rPr[rbr!r!r!r"r.ps4      2 A Br.c@s8eZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d S) EndpointResolverBuiltinsz AWS::Regionz AWS::UseFIPSzAWS::UseDualStackzAWS::STS::UseGlobalEndpointzAWS::S3::UseGlobalEndpointzAWS::S3::AcceleratezAWS::S3::ForcePathStylezAWS::S3::UseArnRegionzAWS::S3Control::UseArnRegionz'AWS::S3::DisableMultiRegionAccessPointsz SDK::EndpointN)r*r+r,Z AWS_REGIONZ AWS_USE_FIPSZAWS_USE_DUALSTACKZAWS_STS_USE_GLOBAL_ENDPOINTZAWS_S3_USE_GLOBAL_ENDPOINTZAWS_S3_ACCELERATEZAWS_S3_FORCE_PATH_STYLEZAWS_S3_USE_ARN_REGIONZAWS_S3CONTROL_USE_ARN_REGIONZAWS_S3_DISABLE_MRAPZ SDK_ENDPOINTr!r!r!r"rgsrgc@seZdZdZd$ddZddZdd Zd d Zd d ZddZ ddZ ddZ e ddZ e ddZe ddZddZddZddZd d!Zd"d#ZdS)%EndpointRulesetResolverz5Resolves endpoints using a service's endpoint rulesetTNc CsHt||d|_|jjj|_||_||_||_||_||_ ||_ i|_ dS)N)Z ruleset_datapartition_data) r _providerZruleset parameters_param_definitions_service_model _builtins_client_context_event_emitter_use_ssl_requested_auth_schemeZ_instance_cache) rZendpoint_ruleset_datariZ service_modelbuiltinsZclient_contextZ event_emitterZuse_sslZrequested_auth_schemer!r!r"r4s  z EndpointRulesetResolver.__init__c Cs|dkr i}|dkri}||||}td|z|jjf|}Wn@tk r}z"|||}|dkrpn||W5d}~XYnXtd|j|js|j dr|j d|jddd}|j dd |j Dd }|S) zAInvokes the provider with params defined in the service's rulesetNz-Calling endpoint provider with parameters: %szEndpoint provider result: %szhttps://zhttp://)urlcSsi|]\}}||dqS)rr!).0rcvalr!r!r" sz>EndpointRulesetResolver.construct_endpoint..)headers) _get_provider_paramsrQrRrjZresolve_endpointr #ruleset_error_to_botocore_exceptionrurq startswith_replaceryitems)roperation_model call_argsrequest_contextprovider_paramsZprovider_resultexZbotocore_exceptionr!r!r"r#sFz*EndpointRulesetResolver.construct_endpointc Csli}||||}|jD]J\}}|j|||d}|dkrV|jdk rV|j|j|d}|dk r|||<q|S)aResolve a value for each parameter defined in the service's ruleset The resolution order for parameter values is: 1. Operation-specific static context values from the service definition 2. Operation-specific dynamic context values from API parameters 3. Client-specific context parameters 4. Built-in values such as region, FIPS usage, ... ) param_namerrN) builtin_namers)_get_customized_builtinsrlr~_resolve_param_from_contextbuiltin_resolve_param_as_builtin) rrrrrcustomized_builtinsrZ param_defZ param_valr!r!r"rzs(  z,EndpointRulesetResolver._get_provider_paramscCs<|||}|dk r|S||||}|dk r2|S||SrZ)&_resolve_param_as_static_context_param'_resolve_param_as_dynamic_context_param&_resolve_param_as_client_context_param)rrrrZstaticZdynamicr!r!r"r5sz3EndpointRulesetResolver._resolve_param_from_contextcCs||}||SrZ)_get_static_context_paramsr@)rrrZstatic_ctx_paramsr!r!r"rDs z>EndpointRulesetResolver._resolve_param_as_static_context_paramcCs(||}||kr$||}||SdSrZ)_get_dynamic_context_paramsr@)rrrrZdynamic_ctx_params member_namer!r!r"rJs z?EndpointRulesetResolver._resolve_param_as_dynamic_context_paramcCs(|}||kr$||}|j|SdSrZ)_get_client_context_paramsror@)rrZclient_ctx_paramsZclient_ctx_varnamer!r!r"rRsz>EndpointRulesetResolver._resolve_param_as_client_context_paramcCs"|tjkrt|d||S)Nname)rg __members__valuesrr@)rrrsr!r!r"rXs z1EndpointRulesetResolver._resolve_param_as_builtincCsdd|jDS)z=Mapping of param names to static param value for an operationcSsi|]}|j|jqSr!)rvaluervparamr!r!r"rx`szFEndpointRulesetResolver._get_static_context_params..)Zstatic_context_parametersrrr!r!r"r]sz2EndpointRulesetResolver._get_static_context_paramscCsdd|jDS)z7Mapping of param names to member names for an operationcSsi|]}|j|jqSr!)rrrr!r!r"rxhszGEndpointRulesetResolver._get_dynamic_context_params..)Zcontext_parametersrr!r!r"resz3EndpointRulesetResolver._get_dynamic_context_paramscCsdd|jjDS)z7Mapping of param names to client configuration variablecSsi|]}|jt|jqSr!)rrrr!r!r"rxpszFEndpointRulesetResolver._get_client_context_params..)rmZclient_context_parametersr$r!r!r"rmsz2EndpointRulesetResolver._get_client_context_paramscCs6|jj}t|j}|jjd|||||d|S)Nzbefore-endpoint-resolution.%s)rsmodelparamscontext)rm service_idZ hyphenizerXrnrpemit)rrrrrrr!r!r"rus  z0EndpointRulesetResolver._get_customized_builtinscst|trt|dkrtdtdddd|DjjtkrPdifSfdd|D}jd k rzt fd d |D\}}Wnt k rd ifYSXn~zt d d |D\}}Wnbt k r&d }dd|D}t st dd |D}|rt ddntd|dYnXi}d|krD|d|d<n,d|krpt|ddkrp|dd|d<d|kr|j|ddd|krt|d|d<td|d||||fS)aConvert an Endpoint's authSchemes property to a signing_context dict :type auth_schemes: list :param auth_schemes: A list of dictionaries taken from the ``authSchemes`` property of an Endpoint object returned by ``EndpointProvider``. :rtype: str, dict :return: Tuple of auth type string (to be used in ``request_context['auth_type']``) and signing context dict (for use in ``request_context['signing']``). rz&auth_schemes must be a non-empty list.z_Selecting from endpoint provider's list of auth schemes: %s. User selected auth scheme is: "%s"z, cSsg|]}d|ddqS)"r)r@rvsr!r!r" szGEndpointRulesetResolver.auth_schemes_to_signing_ctx..nonecs"g|]}|d|diqSr)_strip_sig_prefixrvschemer$r!r"rsNc3s*|]"}j|drj|fVqdSrN)._does_botocore_authname_match_ruleset_authnamerrrr$r!r" s zFEndpointRulesetResolver.auth_schemes_to_signing_ctx..css&|]}|dtkr|d|fVqdSr)rrr!r!r"rs FcSsg|] }|dqSrr!rr!r!r"rscss|]}|tkVqdSrZrrr!r!r"rszbThis operation requires an additional dependency. Use pip install botocore[crt] before proceeding.msg)Zsignature_versionZ signingRegionrdZsigningRegionSetZ signingName)Z signing_nameZdisableDoubleEncodingz?Selected auth type "%s" as "%s" with signing context params: %sr) isinstancelistlen TypeErrorrQrRjoinrrrnext StopIterationranyrrupdater)rZ auth_schemesrrZfixable_with_crtZauth_type_optionsZsigning_contextr!r$r"auth_schemes_to_signing_ctxsp          z3EndpointRulesetResolver.auth_schemes_to_signing_ctxcCs|dr|ddS|S)z6Normalize auth type names by removing any "sig" prefixsigN)r|)rZ auth_namer!r!r"rsz)EndpointRulesetResolver._strip_sig_prefixcCs>||}|dd}|dkr6|dr6|dd}||kS)a\ Whether a valid string provided as signature_version parameter for client construction refers to the same auth methods as a string returned by the endpoint ruleset provider. This accounts for: * The ruleset prefixes auth names with "sig" * The s3 and s3control rulesets don't distinguish between v4[a] and s3v4[a] signers * The v2, v3, and HMAC v1 based signers (s3, s3-*) are botocore legacy features and do not exist in the rulesets * Only characters up to the first dash are considered Example matches: * v4, sigv4 * v4, v4 * s3v4, sigv4 * s3v7, sigv7 (hypothetical example) * s3v4a, sigv4a * s3v4-query, sigv4 Example mismatches: * v4a, sigv4 * s3, sigv4 * s3-presign-post, sigv4 -rrCN)rsplitr|)rZbotonameZrsnamer!r!r"rs   zFEndpointRulesetResolver._does_botocore_authname_match_ruleset_authnamecCsz|jd}|dkrdS|drXz|dd}Wntk rL|}YnXt|dS|jj}|dkr|dksx|d krt|d S|d s|d s|d s|ds|ds|drt |d S| drt |dS|dkrB|dr |d}t ||dS|ds$|dr.t |d S|dkrBt |dS|dkrv|drbt|d S|dkrvt|d SdS)zAttempts to translate ruleset errors to pre-existing botocore exception types by string matching exception strings. rNzInvalid region in ARN: `)labelrCz/S3 Object Lambda does not support S3 Acceleratez#Accelerate cannot be used with FIPSrzS3 Outposts does not supportzS3 MRAP does not supportz!S3 Object Lambda does not supportzAccess Points do not supportzInvalid configuration:z#Client was configured for partitionz invalid arn:)reportZ s3controlz Invalid ARN:ZBucket)arnrz!AccountId is required but not seteventszUInvalid Configuration: FIPS is not supported with EventBridge multi-region endpoints.z&EndpointId must be a valid host label.)kwargsr@r|r IndexErrorr rmrrrlowerrrrr )rZruleset_exceptionrrrrrr!r!r"r{ sb                  z;EndpointRulesetResolver.ruleset_error_to_botocore_exception)TN)r*r+r,r-r4r#rzrrrrrrrrrrrrrr{r!r!r!r"rhs,  2!   a rh),r-rXloggingrSenumrZbotocorerrZ botocore.authrrZ botocore.crtrZbotocore.endpoint_providerr Zbotocore.exceptionsr r r r rrrrrrrrrrZbotocore.utilsrr getLoggerr*rQZDEFAULT_URI_TEMPLATErOrr.strrgrhr!r!r!r" s&   @ =: