Ë €Ï¦ãóŽ—dZddlZddlZddlZddlmZddlmZdZeje «Z dZ Gd„dej«Zy) zoUtilities for Google Compute Engine Utilities for making it easier to use OAuth 2.0 on Google Compute Engine. éN)Úclient)Ú _metadataz$jcgregorio@google.com (Joe Gregorio)z÷You have requested explicit scopes to be used with a GCE service account. Using this argument will have no effect on the actual scopes for tokens requested. These scopes are set at VM instance creation time and can't be overridden in the request. cóh‡—eZdZdZd ˆfd„ Zed„«Zd„Zd„Zd„Z d„Z e d„«Z d „Z d „ZˆxZS) ÚAppAssertionCredentialsa÷Credentials object for Compute Engine Assertion Grants This object will allow a Compute Engine instance to identify itself to Google and other OAuth 2.0 servers that can verify assertions. It can be used for the purpose of accessing data stored under an account assigned to the Compute Engine instance itself. This credential does not require a flow to instantiate because it represents a two legged flow, and therefore has all of the required information to generate and refresh its own access tokens. Note that :attr:`service_account_email` and :attr:`scopes` will both return None until the credentials have been refreshed. To check whether credentials have previously been refreshed use :attr:`invalid`. c󢕗d|vrtjt«d|d<tt|dg|¢­i|¤Ž||_d|_d|_y)aYConstructor for AppAssertionCredentials Args: email: an email that specifies the service account to use. Only necessary if using custom service accounts (see https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#createdefaultserviceaccount). ÚscopesNT) ÚwarningsÚwarnÚ_SCOPES_WARNINGÚsuperrÚ__init__Úservice_account_emailrÚinvalid)ÚselfÚemailÚargsÚkwargsÚ __class__s €ú+lib/third_party/oauth2client/contrib/gce.pyr z AppAssertionCredentials.__init__;sUø€ð vÑ Ü M‰Mœ/Ô *Ø#ˆF8Ñ ô Ô% tÑ5°dÐL¸TÒLÀVÒLà%*ˆÔ"؈Œ ؈ ócó—td«‚©Nz6Cannot serialize credentials for GCE service accounts.©ÚNotImplementedError)ÚclsÚ json_datas rÚ from_jsonz!AppAssertionCredentials.from_jsonOó€ä!Ø DóFð Frcó—td«‚rr©rs rÚto_jsonzAppAssertionCredentials.to_jsonTs€Ü!Ø DóFð FrcóP—|j|j«|jS)a„Retrieves the canonical list of scopes for this access token. Overrides client.Credentials.retrieve_scopes. Fetches scopes info from the metadata server. Args: http: httplib2.Http, an http object to be used to make the refresh request. Returns: A set of strings containing the canonical list of scopes. )Ú_retrieve_infoÚrequestr)rÚhttps rÚretrieve_scopesz'AppAssertionCredentials.retrieve_scopesXs €ð ×јDŸL™LÔ)Ø{‰{Ðrcóž—|jrAtj||jxsd¬«}d|_|d|_|d|_yy)a-Validates invalid service accounts by retrieving service account info. Args: http_request: callable, a callable that matches the method signature of httplib2.Http.request, used to make the request to the metadata server Údefault©Úservice_accountFrrN)rrÚget_service_account_inforr)rÚ http_requestÚinfos rr#z&AppAssertionCredentials._retrieve_infohsR€ð <Š<Ü×5Ñ5ØØ $× :Ñ :Ò G¸iôIˆDð!ˆDŒLØ)-¨g©ˆDÔ &ؘx™.ˆDKð rcóö— |j|«tj||j¬«\|_|_y#t j$r#}tjt|««‚d}~wwxYw)aŠRefreshes the access_token. Skip all the storage hoops and just refresh using the API. Args: http_request: callable, a callable that matches the method signature of httplib2.Http.request, used to make the refresh request. Raises: HttpAccessTokenRefreshError: When the refresh fails. r)N) r#rÚ get_tokenrÚ access_tokenÚ token_expiryÚhttplib2Ú HttpLib2ErrorrÚHttpAccessTokenRefreshErrorÚstr)rr,Úes rÚ_refreshz AppAssertionCredentials._refreshxsg€ð =Ø × Ñ   Ô -Ü3<×3FÑ3Fبd×.HÑ.Hô4JÑ 0ˆDÔ ˜tÕ0øä×%Ñ%ò =Ü×4Ñ4´S¸³VÓ<Ð <ûð =ús‚?AÁA8ÁA3Á3A8có—td«‚rrr s rÚserialization_dataz*AppAssertionCredentials.serialization_dataŒrrcó—y)NF©r s rÚcreate_scoped_requiredz.AppAssertionCredentials.create_scoped_required‘s€Ørcó—td«‚)auCryptographically sign a blob (of bytes). This method is provided to support a common interface, but the actual key used for a Google Compute Engine service account is not available, so it can't be used to sign content. Args: blob: bytes, Message to be signed. Raises: NotImplementedError, always. z1Compute Engine service accounts cannot sign blobsr)rÚblobs rÚ sign_blobz!AppAssertionCredentials.sign_blob”s€ô"Ø ?óAð Ar)N)Ú__name__Ú __module__Ú __qualname__Ú__doc__r Ú classmethodrr!r&r#r7Úpropertyr9r<r?Ú __classcell__)rs@rrr)sYø„ñõ"ð(ñFóðFòFòò )ò =ð(ñFóðFòöArr)rCÚloggingr r2Ú oauth2clientrÚoauth2client.contribrÚ __author__Ú getLoggerr@Úloggerr ÚAssertionCredentialsrr;rrÚrNsQðñó ÛãåÝ*ð4€ à ˆ× Ñ ˜8Ó $€ð€ôyA˜f×9Ñ9õyAr