dZddlmZddlmZddlmZddlmZddlmZ ddl m Z ddl mZdd l mZd Zd Zd Zd ZdZdZddZdZdZy)z3Support library for the login-config auth commands.)absolute_import)division)unicode_literals) external_account_authorized_user)util) exceptions)config) propertiesCLOUDSDK_AUTH_LOGIN_CONFIG_FILEz cloud.googlez&https://sdk.cloud.google/authcode.htmlzhttps://sdk.{}/authcodez8https://sdk.cloud.google/applicationdefaultauthcode.htmlz)https://sdk.{}/applicationdefaultauthcodec tj|}|jdddk7rtjdt ||}|d}|j d}d}|dk7r||dzd}|jd d}|sV|jd d} | r | tk(r|r t|d <n-t|d <n#|rt} nt} | j| |d <tjtjf|d |id |} t!| t"j$rM|jd d} | xs2t&j(j*j,j/| _| j2s|| _| S)aDoWorkforceHeadfulLogin attempts to log in with appropriate login configuration. It will return the account and credentials of the user if it succeeds Args: login_config_file (str): The path to the workforce headful login configuration file. is_adc (str): Whether the flow is initiated via application-default login. **kwargs (Mapping): Extra Arguments to pass to the method creating the flow. Returns: (google.auth.credentials.Credentials): The account and credentials of the user who logged in typeN-external_account_authorized_user_login_configzOnly external account authorized user login config JSON credential file types are supported for Workforce Identity Federation login configurations.audiencez /locations/auth_proxy_redirect_uriuniverse_cloud_web_domain provider_name) client_config query_paramsuniverse_domain) auth_utilGetCredentialsConfigFromFilegetcalliope_exceptionsBadFileException_MakeThirdPartyClientConfigfindGOOGLE_DEFAULT_CLOUD_WEB_DOMAINADC_AUTH_PROXY_URL_GDUAUTH_PROXY_URL_GDU#ADC_AUTH_PROXY_URL_TEMPLATE_NON_GDUAUTH_PROXY_URL_TEMPLATE_NON_GDUformat#DoInstalledAppBrowserFlowGoogleAuthr CLOUDSDK_EXTERNAL_ACCOUNT_SCOPES isinstancer Credentialsr VALUEScorerGet_universe_domainr _audience) login_config_fileis_adckwargslogin_config_datarr path_startrrrtemplatecredsuniverse_domain_from_configs =lib/googlecloudsdk/command_lib/auth/workforce_login_config.pyDoWorkforceHeadfulLoginr7(s <<=NO dFG  . .   ..?H- z *(}}]+*-2 Z!^_-M#JJ'@$G 1 5 5#T! & $(G G ,B(),>() 62*2// #+f &'  7 7 -- ! =   %7CCD"3"7"78I4"P $ 8    ! ! 1 1 5 5 7  EO ,cftjjjj S)a>_GetWorkforceLoginConfig gets the correct Credential Configuration. It will first check from the supplied argument if present, then from an environment variable if present, and finally from the project settings, if present. Returns: Optional[str]: The name of the Credential Configuration File to use. )r r)authr.r+r8r6GetWorkforceLoginConfigr<zs%      1 1 5 5 77r8c ttj}tj}d|||d|d|d|dd|diS)N installedauth_url token_urltoken_info_urlrT) client_id client_secretauth_uri token_urirAr3pir/)r CLOUDSDK_CLIENT_IDCLOUDSDK_CLIENT_NOTSOSECRET)r1r/rBrCs r6rrsY'')44- (' 3(5-.>?( 3   r8N)F)__doc__ __future__rrr google.authrgooglecloudsdk.api_lib.authrrgooglecloudsdk.callioperrgooglecloudsdk.corer r r rr!r#r r"r7r<rr;r8r6rOs] :&'89E&*"C"0=";>0$ Od 8 r8