3,dZddlmZddlmZddlmZddlmZddlm Z ddl m Z ddl mZddl m Z dd l mZdd lmZdd lmZd gZd ZGd dej*Z ddZGddej.ej0e j2Zy)z@A module to get a credentialed http object for making API calls.)absolute_import)division)unicode_literals)external_account)requests)base) exceptions) transport)storeiceZdZdZy)ErrorzExceptions for this module.N)__name__ __module__ __qualname____doc__/lib/googlecloudsdk/core/credentials/requests.pyrr#s#rrNctj|||||}t}tj}t j ||} |j|||d| }|j||| }|S)aGet requests.Session object for working with the Google API. Args: timeout: double, The timeout in seconds to pass to httplib2. This is the socket level timeout. If timeout is None, timeout is infinite. If default argument 'unset' is given, a sensible default is selected. ca_certs: str, absolute filename of a ca_certs file that overrides the default enable_resource_quota: bool, By default, we are going to tell APIs to use the quota of the project being operated on. For some APIs we want to use gcloud's quota, so you can explicitly disable that behavior by passing False here. allow_account_impersonation: bool, True to allow use of impersonated service account credentials for calls made with this client. If False, the active user credentials will always be used. session: requests.Session instance. Otherwise, a new requests.Session will be initialized. streaming_response_body: bool, True indicates that the response body will be a streaming body. redact_request_body_reason: str, the reason why the request body must be redacted if --log-http is used. If None, the body is not redacted. Returns: 1. A regular requests.Session object if no credentials are available; 2. Or an authorized requests.Session object authorized by google-auth credentials. Raises: creds_exceptions.Error: If an error loading the credentials occurs. )timeoutca_certssessionstreaming_response_bodyredact_request_body_reasonT credentials) r GetSessionRequestWrapperr UseGoogleAuthr LoadIfEnabled WrapQuotaWrapCredentials) rrenable_resource_quotaallow_account_impersonationrrrrequest_wrapperuse_google_authrs rrr'sJ   5!;  '#$/&&(/##!?+  % % !  & '  + + *  , ' .rc eZdZdZdZ ddZy)rz-Class for wrapping requests.Session requests.c|jdditjdfd }|_S)z=Returns an http_client authorized with the given credentials.attemptrc j} _ j|||| _ ||f||xsid|}|jtvrst t j r jsMdtkrAdxxdz cc< jtj ||f||xsid|}|S)N)dataheadersr*r ) requestbefore_request status_codeREFRESH_STATUS_CODES isinstancegoogle_auth_external_account CredentialsvalidMAX_REFRESH_ATTEMPTSrefreshrGoogleAuthRequest) methodurlr,r-kwargswrapped_requestresponse auth_requestcredential_refresh_statecreds http_client orig_requests rWrappedRequestz6RequestWrapper.AuthorizeClient..WrappedRequestss#++o(k <g>+k #C '-RC;ACh   "6 6%!=!I!IJ{{ "9 -0D D +q0+ h0023 CE"GMrE=CEor)NN)r.google_auth_requestsRequest)selfrAr@rCr>r?rBs `` @@@rAuthorizeClientzRequestWrapper.AuthorizeClientmsB&&L )1~'// .RequestWithRetrys!$1&1h    $&&l"++F~/F/Fh)mmog.y9 )#* NN7 #9 : NN8 $ (K(K K NN8 $ (K(K Kt.v. . $ o #()s$ CC1'C40C11C44 C=) QuotaProjectr.QuotaWrappedRequestr#UserProjectQuotaWithFallbackEnabled) rFrAr$r%r'r quota_projectr[rBr<s @@rr"zRequestWrapper.WrapQuotas%%# &M  &&L..{MJOB //1,k ,k r)N)rrrrrGr"rrrrrfs 6H 9rr)unsetNTTNFN)r __future__rrr google.authrr3google.auth.transportrrDgooglecloudsdk.calliopergooglecloudsdk.corer r rOgooglecloudsdk.core.credentialsr r1r6rrCredentialWrappingMixinQuotaHandlerMixinrrrrris G&'HB(*(;15u$J  $%)+/',*. <~^ %%  ^r