cdZddlmZddlmZddlmZddlmZddlmZddl mZ ddl mZ ddl mZddlmZddlmZdd lmZdd lmZdd lmZdd lZd ZdZdZy )z?Common utility functions for sql generate-login-token commands.)absolute_import)division)unicode_literals) credentials) exceptions)log)requests)creds)google_auth_credentials)storeNctjddd}tjj |}|tjj k(rEt |t |jz }|r"tjdt|dt||}tj|tj|r |j}n |j}|stjd|S)zGenearete a down-coped access token with given scopes for IAM DB authentication from gcloud credentials. Args: scopes: scopes to be included in the down-scoped token. Returns: Down-scoped access token. T)allow_account_impersonationuse_google_authcache_only_raptzMissed the following scopes: zK. Please run "gcloud auth login", consent the missing scopes and try again.z?No access token could be obtained from the current credentials.)c_storeLoadc_credsCredentialTypeGoogleAuthFromCredentials USER_ACCOUNT frozensetscopesauth_exceptionsInvalidCredentialsErrorlist_downscope_credentialRefreshIsGoogleAuthCredentialstoken access_token)rcred cred_type missing_scopers ?lib/googlecloudsdk/command_lib/sql/generate_login_token_util.py%generate_login_token_from_gcloud_authr%"s "& $ ..>>tD)'22???f% $++(>>M  3 3 )$}*=)>?L L  tV ,$ //$ $$T* JJE   E   1 1I KK ,c2 tjj|\}}t||}t|tjrtjj!|}t#j$d5|j't)j*ddd|S#tj$rD}t j |dtjtj|d}~wwxYw#1swY|SxYw)zGenearete a down-coped access token with given scopes for IAM DB authentication from application default credentials. Args: scopes: scopes to be included in the down-scoped token. Returns: Down-scoped access token. )rT)exc_infoN)for_adc)rGetGoogleAuthDefaultdefaultgoogle_auth_exceptionsDefaultCredentialsErrorrdebugc_exc ToolExceptionsix text_typer isinstancegoogle_auth_creds Credentials c_google_authFromGoogleAuthUserCredentialsr'HandleGoogleAuthCredentialsRefreshErrorrefreshr GoogleAuthRequest)rr _es r$generate_login_token_from_adcr=Hs0++-556HE1 v .%(445  % % C C  E66tD MM(,,./E , 7 70IIa$   cmmA. //0E ,s#'B2$D 2D ?DD  Dctjj|}|tjjtjjtjj fvr.t jdj|jt|tjr|j|}|S||_|S)zGenearte a down-scoped credential. Args: creds: end user credential scopes: scopes to be included in the down-scoped credential Returns: Down-scoped credential. z:This command may not work as expected for account type {}.)rrrrSERVICE_ACCOUNTIMPERSONATED_ACCOUNTrwarningformatkeyr3rScoped with_scopes_scopes)r rr"s r$rrds..>>uE) &&33 &&66 &&;; KK %vimm4{))*   f %E ,EM ,r&)__doc__ __future__rrr google.authrrr, google.oauth2r4googlecloudsdk.api_lib.authrgooglecloudsdk.callioper/googlecloudsdk.corerr googlecloudsdk.core.credentialsr rr r6r rr1r%r=rr&r$rPsEF&'#<:E7#(<T< #L8r&