U M8cZ*@sddlZddlZddlZddlZddlmZmZddlmZmZddl Z ddl m Z ddl mZddlmZddlmZddlmZmZmZdd lmZmZmZeeZd d Zd d ZddZ ddZ!GdddeZ"GdddZ#GdddZ$GdddZ%dS)N)datetime timedelta) NamedTupleOptional)tzutc)UNSIGNED) total_seconds)Config) ClientErrorInvalidConfigErrorTokenRetrievalError)CachedProperty JSONFileCacheSSOTokenLoadercCs ttSN)rnowrrr3/tmp/pip-unpacked-wheel-ozje0y8b/botocore/tokens.py_utc_now$srcCst|g}t|dS)N) providers)SSOTokenProviderTokenProviderChain)sessionrrrrcreate_token_resolver(srcCst|tr|dS|S)Nz%Y-%m-%dT%H:%M:%SZ) isinstancerstrftimeobjrrr_serialize_utc_timestamp/s  rcCstj|tdS)N)default)jsondumpsrrrrr_sso_json_dumps5sr"c@s&eZdZUeed<dZeeed<dS)FrozenAuthTokentokenN expiration)__name__ __module__ __qualname__str__annotations__r%rrrrrrr#9s r#c@sLeZdZdZdZdZefddZddZdd Z d d Z d d Z ddZ dS)DeferredRefreshableTokeniX<cCs,||_||_||_t|_d|_d|_dSr) _time_fetcher_refresh_usingmethod threadingLock _refresh_lock _frozen_token _next_refresh)selfr0Z refresh_using time_fetcherrrr__init__Gs  z!DeferredRefreshableToken.__init__cCs||jSr)_refreshr4r6rrrget_frozen_tokenQsz)DeferredRefreshableToken.get_frozen_tokencCsB|}|sdS|dk}|j|r>z |W5|jXdS)N mandatory)_should_refreshr3acquirerelease_protected_refresh)r6 refresh_typeZblock_for_refreshrrrr9Us  z!DeferredRefreshableToken._refreshcCs|}|sdSz(|}|t|jd|_||_Wn.tk rftj d|dd|dkrbYnX| r~t |j dddS)Nsecondsz5Refreshing token failed during the %s refresh period.Texc_infor<z$Token has expired and refresh failed)provider error_msg) r=r.r_attempt_timeoutr5r/r4 Exceptionloggerwarning _is_expiredr r0)r6rArrrrr@cs(z+DeferredRefreshableToken._protected_refreshcCs.|jdkrdS|jj}t||}|dkS)NFr)r4r%rr.)r6r% remainingrrrrLs  z$DeferredRefreshableToken._is_expiredcCsd|jdkrdS|jj}|dkr"dS|}||jkr8dSt||}||jkrRdS||jkr`dSdS)Nr<Zadvisory)r4r%r.r5r_mandatory_refresh_timeout_advisory_refresh_timeout)r6r%rrMrrrr=s     z(DeferredRefreshableToken._should_refreshN) r&r'r(rOrNrHrr8r;r9r@rLr=rrrrr+>s r+c@seZdZdddZddZdS)rNcCs|dkr g}||_dSr) _providers)r6rrrrr8szTokenProviderChain.__init__cCs(|jD]}|}|dk r|SqdSr)rP load_token)r6rFr$rrrrQs   zTokenProviderChain.load_token)N)r&r'r(r8rQrrrrrs rc@seZdZdZdZejejddddZ ddgZ dZ e Z d efd d Zd d ZeddZeddZddZddZddZddZd S)rZssor,~z.awscache sso_start_url sso_regionZ refresh_tokenNcCs<||_|dkr|j|jtd}||_||_t|jd|_dS)N)Z dumps_func)rS)_sessionDEFAULT_CACHE_CLS_SSO_TOKEN_CACHE_DIRr"_now_cacher _token_loader)r6rrSr7rrrr8szSSOTokenProvider.__init__c Cs|jj}|di}|di}|jd}|s4d}||i}d|krLdS|d}||d}|sd|d|d}t|d g} |jD]} | |kr| | q| rd|d | d }t|d ||d |d dS)Nprofiles sso_sessionsZprofilerZ sso_sessionz The profile "z7" is configured to use the SSO token provider but the "z+" sso_session configuration does not exist.)rGzZ" is configured to use the SSO token provider but is missing the following configuration: .rUrT) session_namerUrT)rVZ full_configgetZget_config_variabler _SSO_CONFIG_VARSappend) r6Z loaded_configr\r]Z profile_nameZprofile_configZsso_session_nameZ sso_configrGZmissing_configsvarrrr_load_sso_configs6         z!SSOTokenProvider._load_sso_configcCs|Sr)rdr:rrr _sso_configszSSOTokenProvider._sso_configcCs"t|jdtd}|jjd|dS)NrU)Z region_nameZsignature_versionzsso-oidc)config)r rerrVZ create_client)r6rfrrr_clients zSSOTokenProvider._clientcCs|jj|j|d|d|dd}t|dd}|jd|jd|d |||d|d|d d }d|kr||d|d<td |S) NclientId clientSecret refreshToken)Z grantTyperhrirjZ expiresInrBrTrU accessTokenregistrationExpiresAt)ZstartUrlZregionrk expiresAtrhrirlzSSO Token refresh succeeded)rgZ create_token _GRANT_TYPErrerYrJinfo)r6r$responseZ expires_in new_tokenrrr_attempt_create_tokens&    z&SSOTokenProvider._attempt_create_tokencsd}fdd|D}|r2d|}t|dStjd}t||dkrjtd|dSz |WStk rtj dd d YdSXdS) N)rjrhrirlcsg|]}|kr|qSrr).0kr$rr sz:SSOTokenProvider._refresh_access_token..z+Unable to refresh SSO token: missing keys: rlrz"SSO token registration expired at z SSO token refresh attempt failedTrD) rJrodateutilparserparserrYrrr rK)r6r$keysZ missing_keysmsgZexpiryrrur_refresh_access_tokens   z&SSOTokenProvider._refresh_access_tokencCs|jd}|jd}td||j||d}tj|d}td|t|| }||j kr| |}|dk r|}|d}|jj |||dt |d|dS) NrTr_zLoading cached SSO token for )r_rmzCached SSO token expires at rk)r%)rerJror[rwrxrydebugrrY_REFRESH_WINDOWr|Z save_tokenr#)r6Z start_urlr_Z token_dictr%rMZnew_token_dictrrr _refresher*s*    zSSOTokenProvider._refreshercCs"|jdkrdSt|j|j|jdS)N)r7)rer+METHODrrYr:rrrrQ@s zSSOTokenProvider.load_token)r&r'r(rr~ospath expanduserjoinrXrarnrrWrr8rdr rergrrr|rrQrrrrrs( *  r)&r loggingrr1rrtypingrrZdateutil.parserrwZ dateutil.tzrZbotocorerZbotocore.compatrZbotocore.configr Zbotocore.exceptionsr r r Zbotocore.utilsr rr getLoggerr&rJrrrr"r#r+rrrrrr s*     a