Pe*2ddlZddlZddlZddlZddlmZmZddlmZmZddl Z ddl m Z ddl mZddlmZddlmZddlmZmZmZdd lmZmZmZej6eZd Zd Zd Z d Z!GddeZ"GddZ#GddZ$GddZ%y)N)datetime timedelta) NamedTupleOptional)tzutc)UNSIGNED) total_seconds)Config) ClientErrorInvalidConfigErrorTokenRetrievalError)CachedProperty JSONFileCacheSSOTokenLoaderc<tjtSN)rnowr1/usr/lib/python3/dist-packages/botocore/tokens.py_utc_nowr$s <<  rc2t|g}t|S)N) providers)SSOTokenProviderTokenProviderChain)sessionrs rcreate_token_resolverr(s!I  22rcHt|tr|jdS|S)Nz%Y-%m-%dT%H:%M:%SZ) isinstancerstrftimeobjs r_serialize_utc_timestampr#/s!#x ||011 Jrc8tj|tS)N)default)jsondumpsr#r!s r_sso_json_dumpsr(5s ::c#; <r8r= Exceptionloggerwarning _is_expiredr r9)r?rMrs rrKz+DeferredRefreshableToken._protected_refreshcs++-  $$&C!$y9N9N'O!OD !%!4!4!6D     %@    NNG   {*+  sAB'B*)B*c|jy|jj}t||jz }|dkS)NFr)r=r,r r7)r?r, remainings rrZz$DeferredRefreshableToken._is_expiredsD    %''22 !*t/A/A/C"CD A~rc|jy|jj}|y|j}||jkryt ||z }||j kry||j kryy)NrHadvisory)r=r,r7r>r _mandatory_refresh_timeout_advisory_refresh_timeout)r?r,rr\s rrIz(DeferredRefreshableToken._should_refreshs~    %''22    " ## #!*s"23 t66 6 77 7rN) r-r.r/r`r_rVrrBrFrDrKrZrIrrrr3r3>s7!(!(;C"" -8rr3ceZdZddZdZy)rNc|g}||_yr) _providers)r?rs rrBzTokenProviderChain.__init__s  I#rcR|jD]}|j}||cSyr)rc load_token)r?rTr+s rrezTokenProviderChain.load_tokens3 H'')E   rr)r-r.r/rBrerrrrrs $ rrceZdZdZdZej jej jddddZ ddgZ dZ e Z d ed fd Zd Zed Zed ZdZdZdZdZy )rssor4~z.awscache sso_start_url sso_region refresh_tokenNc||_|!|j|jt}||_||_t |j |_|xs|jjdxsd|_ y)N) dumps_func)riprofiler%) _sessionDEFAULT_CACHE_CLS_SSO_TOKEN_CACHE_DIRr(_now_cacher _token_loaderget_config_variable _profile_name)r?rrirA profile_names rrBzSSOTokenProvider.__init__s|  =**))*+E!  +$++>  }}00;  rc|jj}|jdi}|jdi}|j|ji}d|vry|d}|j|d}|sd|jd|d}t |g}|j D]} | |vs|j | |rd|jd|d }t |||d |d d S) Nprofiles sso_sessions sso_sessionz The profile "z7" is configured to use the SSO token provider but the "z+" sso_session configuration does not exist.)rUzZ" is configured to use the SSO token provider but is missing the following configuration: .rkrj) session_namerkrj)rp full_configgetrwr _SSO_CONFIG_VARSappend) r? loaded_configrzr{profile_configsso_session_name sso_configrUmissing_configsvars r_load_sso_configz!SSOTokenProvider._load_sso_configs3 11  $$Z4$((< !d&8&8"=  . )-8!%%&6=  2 234++;*<=01  %y9 9(( ,C*$&&s+ ,  2 234N"#1&  %y9 9-$\2'8  rc"|jSr)rrEs r _sso_configzSSOTokenProvider._sso_configs$$&&rcxt|jdt}|jj d|S)Nrk) region_namesignature_versionzsso-oidc)config)r rrrp create_client)r?rs r_clientzSSOTokenProvider._clients9((6& }}**:f*EErcL|jj|j|d|d|d}t|d}|jd|jd|d |j |z|d|d|d d }d|vr|d|d<t jd |S) NclientId clientSecret refreshToken) grantTyperrr expiresInrPrjrk accessTokenregistrationExpiresAt)startUrlregionr expiresAtrrrzSSO Token refresh succeeded)r create_token _GRANT_TYPErrrsrXinfo)r?r+response expires_in new_tokens r_attempt_create_tokenz&SSOTokenProvider._attempt_create_tokens<<,,&&:&~.~. -  x '<= ((9&&|4#M2z1j)!.1%*+B%C   X %(0(@In % 12rcd}|Dcgc] }||vs| }}|rd|}tj|ytjj |d}t ||j z dkrtjd|y |j|Scc}w#t$rtjddYywxYw) N)rrrrz+Unable to refresh SSO token: missing keys: rrz"SSO token registration expired at z SSO token refresh attempt failedTrR) rXrdateutilparserparser rsrr rY)r?r+keysk missing_keysmsgexpirys r_refresh_access_tokenz&SSOTokenProvider._refresh_access_tokens  $(:a1E>: : ? ~NC KK &&u-D'EF $))+- .! 3 KKBC'' 'M __**:k+BC  3J<@A!*tyy{":; t++ +!77 CN)+ ' 4 ""--z . } %*  rct|jyt|j|j|jS)N)rA)rr3METHODrrsrEs rrezSSOTokenProvider.load_tokenDs1    #' KKtyy  r)r-r.r/rrospath expanduserjoinrrrrrrqrrBrrrrrrrrerrrrrs FO77--  S&%1 "K%"t $% N''FF.0 , rr)&r&loggingrr:rrtypingrrdateutil.parserr dateutil.tzrbotocorerbotocore.compatr botocore.configr botocore.exceptionsr r r botocore.utilsrrr getLoggerr-rXrrr#r(r*r3rrrrrrs  (')" IH   8 $!3 =*j* ^^B  ] ] r