ddlZddlmZddlZddlZddlZddlZddl Z ddl m Z m Z ddl m Z ddl mZddl mZddl mZddlmZdZd Zd Zd Zd Zd ZdZdj5eZeezZdZddgZdZdZ dZ!dZ"dZ#dZ$dZ%dZ&dZ'dZ(dZ)dZ*dZ+d Z,d!Z-gd"Z.gd#Z/gd$Z0gd%Z1d&d'd(d)d*d+d,d-d.id/d,d+d0d1d.d2d3fd&d'd(d)d*d+d4d-d.id/d4d+d0d1d.d2d3fd&d'd(d)d*d+d5d-d.id/d5d+d0d1d.d2d3fd&d'd(d)d*d+d6d-d.id/d6d+d7d1d.d2d3fd&d'd(d)d*d+d8d-d.id/d8d+d9d1d.d2d3fd&d'd(d)d*d+d:d-d.id/d:d+d;d1d.d2d3fd&d'd(d)d*d+dj5ejdjgd?d-d.id/d>j5ejdjgd?d+d@d1d.d2d3fd&d'd(d)d*dAdBd.dCdDd/dBdAdEd1d.dCdFd3fd&d'd(d)d*dAdBd.dGdHd/dBdAdId1d.dGdJd3fd&d'd(d)d*dAdBd.dKdLd/dBdAdMd1d.dKdNd3fd&d'd(d)d*dAdBdOd.dPdQdRdBdAdSd1dOd.dTdQdUfd&d'd(d)d*dAdVd-d.id/dVdAdWd1d.d2d3fdXdYe*e+e,dZd+d[d\d[d+d]e*zd^zd_d`e,dad3fdXdYe*e+e,dZdAdbd\dbdAd]e*zdczddd`e,dad3fdXdYe*e+d*dAdbd\dbdAd]e*zdezddd`dfd3fdXdYe*e+e,dZdAdgdhdidje-dRdgdAd]e*zdkzdld`dhdie,dme-dUfgZ4Gdndoe5Z6Gdpdqe jnZ8Gdrdse5Z9y)tN)_helpersexternal_account)aws)environment_vars) exceptions) transport)DEFAULT_UNIVERSE_DOMAINz9gl-python/3.7 auth/1.1 auth-request-type/at cred-type/impzgl-python/3.7 auth/1.1usernamepasswordzdXNlcm5hbWU6cGFzc3dvcmQ=z1service-1234@service-name.iam.gserviceaccount.comz.https://us-east1-iamcredentials.googleapis.comz5/v1/projects/-/serviceAccounts/{}:generateAccessTokenQUOTA_PROJECT_IDscope1scope2z#https://sts.googleapis.com/v1/tokenz(https://sts.googleapis.com/v1/introspectz+urn:ietf:params:aws:token-type:aws4_requestzi//iam.googleapis.com/projects/123456/locations/global/workloadIdentityPools/POOL_ID/providers/PROVIDER_IDzChttp://169.254.169.254/latest/meta-data/placement/availability-zonez'http://169.254.169.254/latest/api/tokenz@http://169.254.169.254/latest/meta-data/iam/security-credentialszChttp://[fd00:ec2::254]/latest/meta-data/placement/availability-zonez'http://[fd00:ec2::254]/latest/api/tokenz@http://[fd00:ec2::254]/latest/meta-data/iam/security-credentialszNhttps://sts.{region}.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15AKIAIOSFODNN7EXAMPLEz(wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEYzAQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAEz{"KeySchema":[{"KeyType":"HASH","AttributeName":"Id"}],"TableName":"TestTable","AttributeDefinitions":[{"AttributeName":"Id","AttributeType":"S"}],"ProvisionedThroughput":{"WriteCapacityUnits":5,"ReadCapacityUnits":5}}) https://sts.googleapis.comz$https://us-east-1.sts.googleapis.comz$https://US-EAST-1.sts.googleapis.comz$https://sts.us-east-1.googleapis.comz$https://sts.US-WEST-1.googleapis.comz$https://us-east-1-sts.googleapis.comz$https://US-WEST-1-sts.googleapis.comz/https://us-west-1-sts.googleapis.com/path?queryz&https://sts-us-east-1.p.googleapis.com)%https://iamcredentials.googleapis.comzsts.googleapis.comhttps://zhttp://sts.googleapis.comzhttps://st.s.googleapis.comz$https://us-eas -1.sts.googleapis.comz#https:/us-east-1.sts.googleapis.comz%https://US-WE/ST-1-sts.googleapis.comz$https://sts-us-east-1.googleapis.comz$https://sts-US-WEST-1.googleapis.comz(testhttps://us-east-1.sts.googleapis.comz,https://us-east-1.sts.googleapis.comevil.comz.https://us-east-1.us-east-1.sts.googleapis.comz$https://us-ea.s.t.sts.googleapis.comz"https://sts.googleapis.comevil.comz%hhttps://us-east-1.sts.googleapis.comz!https://us- -1.sts.googleapis.comzhttps://-sts.googleapis.comz-https://us-east-1.sts.googleapis.com.evil.comzhttps://sts.pgoogleapis.comhttps://p.googleapis.comzhttps://sts.p.comzhttp://sts.p.googleapis.comz https://xyz-sts.p.googleapis.comz$https://sts-xyz.123.p.googleapis.comz!https://sts-xyz.p1.googleapis.comzhttps://sts-xyz.p.foo.comz$https://sts-xyz.p.foo.googleapis.com) rz/https://us-east-1.iamcredentials.googleapis.comz/https://US-EAST-1.iamcredentials.googleapis.comz/https://iamcredentials.us-east-1.googleapis.comz/https://iamcredentials.US-WEST-1.googleapis.comz/https://us-east-1-iamcredentials.googleapis.comz/https://US-WEST-1-iamcredentials.googleapis.comz:https://us-west-1-iamcredentials.googleapis.com/path?queryz1https://iamcredentials-us-east-1.p.googleapis.com)rziamcredentials.googleapis.comrz$http://iamcredentials.googleapis.comz&https://iamcre.dentials.googleapis.comz/https://us-eas -1.iamcredentials.googleapis.comz.https:/us-east-1.iamcredentials.googleapis.comz0https://US-WE/ST-1-iamcredentials.googleapis.comz/https://iamcredentials-us-east-1.googleapis.comz/https://iamcredentials-US-WEST-1.googleapis.comz3testhttps://us-east-1.iamcredentials.googleapis.comz7https://us-east-1.iamcredentials.googleapis.comevil.comz9https://us-east-1.us-east-1.iamcredentials.googleapis.comz/https://us-ea.s.t.iamcredentials.googleapis.comz-https://iamcredentials.googleapis.comevil.comz0hhttps://us-east-1.iamcredentials.googleapis.comz,https://us- -1.iamcredentials.googleapis.comz&https://-iamcredentials.googleapis.comz8https://us-east-1.iamcredentials.googleapis.com.evil.comz&https://iamcredentials.pgoogleapis.comrzhttps://iamcredentials.p.comz&http://iamcredentials.p.googleapis.comz+https://xyz-iamcredentials.p.googleapis.comz/https://iamcredentials-xyz.123.p.googleapis.comz,https://iamcredentials-xyz.p1.googleapis.comz$https://iamcredentials-xyz.p.foo.comz/https://iamcredentials-xyz.p.foo.googleapis.comz us-east-1z2011-09-09T23:36:00Z AKIDEXAMPLEz(wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY) access_key_idsecret_access_keyGETzhttps://host.foo.comdatezMon, 09 Sep 2011 23:36:00 GMT)methodurlheaderszAWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470z host.foo.com) Authorizationhostrrrrz"https://host.foo.com/foo/bar/../..zhttps://host.foo.com/./zhttps://host.foo.com/./foozAWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=910e4d6c9abafaf87898e1eb4c929135782ea25bb0279703146455745391e63azhttps://host.foo.com/%E1%88%B4zAWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=8d6634c189aa8c75c2e51e106b6b5121bed103fdb351f7d7d4381c738823af74z%https://host.foo.com/?foo=Zoo&foo=ahazAWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=be7148d34ebccdc6423b19085378aa0bee970bdc61d144bd1a8c48c33079ab09z!https://host.foo.com/?foo=b&foo=azAWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=feb926e49e382bec75c9d7dcb2a1b6dc8aa50ca43c25d2bc51143768c0875acczhttps://host.foo.com/?{}=barz %E1%88%B4zAWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=6fb359e9a05394cc7074e0feb42573a2601abc0c869a953e8c5c12e4e01f1a8cPOSTzhttps://host.foo.com/zoobar)rZOOzAWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host;zoo, Signature=b7a95a52518abbca0964a999a880429ab734f35ebbf1235bd79a5de87756dc4a)rrrr!ZOOBAR)rzoozAWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host;zoo, Signature=273313af9d0c265c531e11db70bbd653f3ba074c1009239e8559d3987039cad7)rrrr#phfft)rpzAWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host;p, Signature=debf546796015d6f6ded8626f5ce98597c33b47b9164cf6b17b4642036fcb592)rrrr%!application/x-www-form-urlencoded) Content-Typerzfoo=bar)rrrdatazAWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=content-type;date;host, Signature=5a15b22cf462f047318703b92e6f4f38884e4a7ab7b1d6426ca46a8bd1c26cbc)rrr'r)rrrr(zhttps://host.foo.com/?foo=barzAWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, SignedHeaders=date;host, Signature=b6e3b79003ce0743a491606ba1035a804593b0efb1e20a11cba83f8c25a57a92 us-east-22020-08-11T06:55:22Z)rrsecurity_tokenzMhttps://ec2.us-east-2.amazonaws.com?Action=DescribeRegions&Version=2013-10-15)rrzAWS4-HMAC-SHA256 Credential=z/20200811/us-east-2/ec2/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token, Signature=41e226f997bf917ec6c9b2b14218df0874225f13bb153236c247881e614fafc9zec2.us-east-2.amazonaws.com20200811T065522Z)rr x-amz-datex-amz-security-tokenOhttps://sts.us-east-2.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15z/20200811/us-east-2/sts/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token, Signature=596aa990b792d763465d73703e684ca273c45536c6d322c31be01a41d02e5b60zsts.us-east-2.amazonaws.comz/20200811/us-east-2/sts/aws4_request, SignedHeaders=host;x-amz-date, Signature=9e722e5b7bfa163447e2a14df118b45ebd283c5aea72019bdf921d6e7dc01a9a)rrr-z)https://dynamodb.us-east-2.amazonaws.com/zapplication/x-amz-json-1.0zDynamoDB_20120810.CreateTable)r' x-amz-targetz/20200811/us-east-2/dynamodb/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-security-token;x-amz-target, Signature=eb8bce0e63654bba672d4a8acb07e72d69210c1797d56ce024dbbc31beb2a2c7z dynamodb.us-east-2.amazonaws.com)rrr-r'r0r.ceZdZejj deejddZ dZ dZ dZ y)TestRequestSignerz;region, time, credentials, original_request, signed_requestgoogle.auth._helpers.utcnowc tjj|d|_tj|}tj |j d|j d|j d}|j||j d|j d|j d|j d} | |k(sJy) N%Y-%m-%dT%H:%M:%SZrrr+rrr(r)datetimestrptime return_valuer RequestSignerAwsSecurityCredentialsgetget_request_options) selfutcnowregiontime credentialsoriginal_requestsigned_requestrequest_signercredentials_objectactual_signed_requests Hplatform/gsutil/third_party/google-auth-library-python/tests/test_aws.pytest_get_request_optionsz*TestRequestSigner.test_get_request_optionsbs'//88?ST**62 77 OOO , OO/ 0 OO, -  !/ B B    '   *   (   + ! %666ctjd}tjt5}|j tj ttdddddjdsJy#1swYxYw)Nr)invalidrInvalid AWS service URL rr9pytestraises ValueErrorr<r: ACCESS_KEY_IDSECRET_ACCESS_KEYmatchr=rDexcinfos rG0test_get_request_options_with_missing_scheme_urlzBTestRequestSigner.test_get_request_options_with_missing_scheme_urlzsh**;7 ]]: &'  . .**=:KL '}}7888' & 0A;;Bctjd}tjt5}|j tj ttdddddjdsJy#1swYxYw)Nr)zhttp://invalidrrLrMrTs rG0test_get_request_options_with_invalid_scheme_urlzBTestRequestSigner.test_get_request_options_with_invalid_scheme_urlsh**;7 ]]: &'  . .**=:KL  '}}7888' &rWctjd}tjt5}|j tj ttdddddjdsJy#1swYxYw)Nr)rrrLrMrTs rG2test_get_request_options_with_missing_hostname_urlzDTestRequestSigner.test_get_request_options_with_missing_hostname_urlsh**;7 ]]: &'  . .**=:KL '}}7888' &rWN) __name__ __module__ __qualname__rNmark parametrize TEST_FIXTURESmockpatchrHrVrYr[rIrGr2r2asM [[E}TZZ-.7/7( 9 9 9rIr2c*eZdZ ddZdZdZy)"TestAwsSecurityCredentialsSupplierNcJ||_||_||_||_||_yN)_security_credentials_region_credentials_exception_region_exception_expected_context)r=security_credentialsr?credentials_exceptionregion_exceptionexpected_contexts rG__init__z+TestAwsSecurityCredentialsSupplier.__init__s+&:" &;#!1!1rIc|j|j|k(sJ|j |j|jSrh)rmrkrir=contextrequests rGget_aws_security_credentialsz?TestAwsSecurityCredentialsSupplier.get_aws_security_credentialssF  ! ! -))W4 44  & & 2-- -)))rIc|j|j|k(sJ|j |j|jSrh)rmrlrjrts rGget_aws_regionz1TestAwsSecurityCredentialsSupplier.get_aws_regionsD  ! ! -))W4 44  ! ! -(( (||rI)NNNNN)r\r]r^rrrwryrdrIrGrfrfs""" 2*rIrfc eZdZdZdZeeedZdZ dZ de e e dZdeee edZd d d d d j'edZe dMdZe dNdZeddeeddddddf dZe dOdZeefdZeefdZe jBjEe#jHdddZ%e jBjEe#jHdddZ&e jBjEe#jHdddZ'e jBjEe#jHdddZ(e jBjEe#jHdddZ)dZ*dZ+dZ,d Z-d!Z.d"Z/d#Z0d$Z1d%Z2d&Z3d'Z4d(Z5d)Z6d*Z7d+Z8e jBd,d-Z9e jBd,e jBjue;jxid.Z=e jBd,e jBjue;jxe>jee>j~eid/Z@e jBd,e jBjue;jxe>jee>jeid0ZBe jBd,e jBjue;jxe>jeid1ZCe jBd,e jBjue;jxe>jee>j~ee>jeid2ZDe jBd,d3ZEe jBd,d4ZFe jBd,d5ZGe jBd,d6ZHe jBd,d7ZIe jBd,d8ZJe jBd,d9ZKe jBd,d:ZLd;ZMd<ZNd=ZOd>ZPe jBd?eQe jBd,d@ZRe jBd?eQe jBd,dAZSe jBdBeTe jBd?eQe jBd,dCZUe jBdBeTe jBd?eQe jBd,dDZVdEZWe jBd,dFZXe jBd,dGZYe jBd,dHZZdIZ[dJZ\e jBd?eQe jBd,dKZ]e jBd?eQe jBd,dLZ^y)PTestCredentialsr)z gcp-aws-role) AccessKeyIdSecretAccessKeyTokenawsimdsv2sessiontokenr*aws1)environment_id region_urlrregional_cred_verification_url)rrrrimdsv2_session_token_url ACCESS_TOKEN-urn:ietf:params:oauth:token-type:access_tokenBearer ) access_tokenissued_token_type token_type expires_inscopectj|}|j||d}|jd|jdd|jdjddd|jdjddd|jdjddgd }|jA|jdj d |jdjd d|jdj d t dftjjtj|d d S)zUtility to generate serialize AWS signed requests. This makes it easy to assert generated subject tokens based on the provided AWS security credentials, regions and AWS STS endpoint. rrrrr)keyvaluerr-rr.zx-goog-cloud-target-resource),:T) separators sort_keys) rr9r<r; session_tokenappendAUDIENCEurllibparsequotejsondumps)clsaws_security_credentials region_namerrDrCreformatted_signed_requests rG"make_serialized_aws_signed_requestz2TestCredentials.make_serialized_aws_signed_requestsW**;7';; $c6 "%%e,$((2++// :>>O););I)F)J)J6)RS'+// :>>|L & " $ 1 1 = & * *9 5 < <1+// :>>?UV  #&&y1882X F  ||!! JJ*zT   rINc dg} |r| rDtjtjd}| |_| |_| j |tjtjd}||_|r%dj|jd|_| j || rDtjtjd}| |_| |_| j ||rUtjtjd}||_|r|jd|_| j ||rhtjtjd}||_|r)tj|jd|_| j ||rftjtjd}||_tj|jd|_| j || rftjtjd}| |_tj| jd|_| j |tjtj}| |_ |S)zUtility function to generate a mock HTTP request object. This will facilitate testing various edge cases by specify how the various endpoints will respond while generating a Google Access token in an AWS environment. T)instancez{}butf-8) rbcreate_autospecrResponsestatusr(rformatencoderrRequest side_effect)r region_statusr role_status role_namesecurity_credentials_statussecurity_credentials_data token_status token_dataimpersonation_statusimpersonation_dataimdsv2_session_token_statusimdsv2_session_token_data responsesimdsv2_session_responseregion_response role_responsesecurity_credentials_responsetoken_responseimpersonation_responservs rGmake_mock_requestz!TestCredentials.make_mock_request sQ* **.*>*>&&+'2M'./H',  !89#2293E3EPTUO%2O "',||K'@'G'G'P$   _ - &&*&:&:""T' #.I # *+D # (   4 5  001C1CdSM#.M %.%5%5g%> "   ] + &,0,@,@""T- )4O ) 0(59ZZ-6&/.2   : ; !11)2D2DtTN$0N !"&**Z"8"?"?"HN    ^ , %)%9%9""T& "-A " )*.**5G*H*O*OPW*X " '   3 4&&y'8'89'rIc Ttjtt||| |||||||  S)N) audiencesubject_token_type token_urltoken_info_url!service_account_impersonation_urlcredential_source!aws_security_credentials_supplier client_id client_secretquota_project_idscopesdefault_scopes)r CredentialsrSUBJECT_TOKEN_TYPE) rrrrrrrrrrrs rGmake_credentialsz TestCredentials.make_credentialsfs91).O/.O'-)  rIcf|d|k(sJ|d|k(sJ|r |d|k(s Jd|vs|dJd|vsJy)Nrrrbodyrd)rrequest_kwargsrrrs rG"assert_aws_metadata_request_kwargsz2TestCredentials.assert_aws_metadata_request_kwargssfe$+++h'6111 !),7 77N2nY6O6W WW^+++rIcD|d|k(sJ|ddk(sJ|d|k(sJ|dJtjj|d}t|t|j k(sJ|D]-\}}|j d||j dk(r-JyNrrrrrr)rr parse_qsllenkeysdecode)rrr request_datar body_tupleskvs rGassert_token_request_kwargsz+TestCredentials.assert_token_request_kwargsse$ 111h'6111i(G333f%111ll,,^F-CD ;3|'8'8':#;;;;!FQ88G$ QXXg5F(GG GG"rIc|d|k(sJ|ddk(sJ|d|k(sJ|dJtj|djd}||k(sJyr)rloadsr)rrrrr body_jsons rG#assert_impersonation_request_kwargsz3TestCredentials.assert_impersonation_request_kwargss{e$(IIIIh'6111i(G333f%111JJ~f5<TestCredentials.test_constructor_missing_cred_verification_urlwsi 22779>? ]]: &'  ! !4E ! F'}}IJJJ' &s A44A=c|jj}d|d<tjt5}|j |dddj dsJy#1swYxYw)Naws3rr z6aws version '3' is not supported in the current build.rrs rG/test_constructor_invalid_environment_id_versionz?TestCredentials.test_constructor_invalid_environment_id_versionsf 22779.4*+ ]]: &'  ! !4E ! F'}}VWWW' &rc |j|jj}|jdtt t t|jtdk(sJy)Nr r)typerrrrrr) rrrrrrrrr r=rAs rG test_infozTestCredentials.test_infosc++"4499;, & "4",!%!7!76$    rIc|j|jj}|jtk(sJy)Nr )rrrrrr%s rGtest_token_info_urlz#TestCredentials.test_token_info_urls?++"4499;, ))^;;;rIctD]D}|j|jj|dz}|j|dzk(rDJy)Nz /introspectrr)VALID_TOKEN_URLSrrrrr=rrAs rGtest_token_info_url_customz*TestCredentials.test_token_info_url_customsV#C//"&"8"8"="="? #m 30K --# 2EF FF $rIcv|j|jjd}|jrJy)Nr*)rrrrr%s rGtest_token_info_url_negativez,TestCredentials.test_token_info_url_negatives?++"4499;D, -----rIctD]D}|j|jj|dz}|j|dzk(rDJy)Nz/token)rr)r+rrr _token_urlr,s rGtest_token_url_customz%TestCredentials.test_token_url_customsT#C//"&"8"8"="="?>0K ))cHn= == $rIctD]L}|j|jj|tz}|j |tzk(rLJy)N)rr)(VALID_SERVICE_ACCOUNT_IMPERSONATION_URLSrrr'SERVICE_ACCOUNT_IMPERSONATION_URL_ROUTE"_service_account_impersonation_urlr,s rG-test_service_account_impersonation_url_customz=TestCredentials.test_service_account_impersonation_url_customs_;C//"&"8"8"="="?AA0KAA== 6 $    rIctjtt|jj d}|j dttd|jj ddk(sJy)Nztestdomain.org)rrrrrz#https://sts.testdomain.org/v1/tokenr9)rrrrrrrr%s rG5test_info_with_default_token_url_with_universe_domainzETestCredentials.test_info_with_default_token_url_with_universe_domainskoo1"4499;,  & "4>!%!7!7!/ $    rIc6|jj}|jd|j|}t j t j5}|jddddjdsJy#1swYxYw)Nrr zUnable to determine AWS region) rrrrrNrOr RefreshErrorretrieve_subject_tokenrS)r=rrArUs rG.test_retrieve_subject_token_missing_region_urlz>TestCredentials.test_retrieve_subject_token_missing_region_urls!22779l+++>O+P ]]:22 3w  . .t 44}}>???4 3s !BBr3ctjj|jd|_|j t j |jt j |jt j |j}|j|j}|j|}||jtjt t"t$k(sJ|j'|j(ddt*|j'|j(ddt,|j'|j(dddj/t,|jdd i|j t j |jt j |j }|j|t1|j(dk(sJ|j'|j(ddt,|j'|j(dddj/t,|jdd iy) Nr5rrrrrrr r{}/{}r'application/json)rrrr)r6r7AWS_SIGNATURE_TIMEr8r http_clientOK AWS_REGIONAWS_ROLE!AWS_SECURITY_CREDENTIALS_RESPONSErrr?rrr:rQrRTOKENrcall_args_list REGION_URLSECURITY_CREDS_URLrr)r=r>rvrA subject_token new_requests rGBtest_retrieve_subject_token_success_temp_creds_no_environment_varszRTestCredentials.test_retrieve_subject_token_success_temp_creds_no_environment_varss'//88  # #%9 ((%..#mm(3&*&L&L ) ++d>T>T+U #::7C  G G  & &}6G O!     //  " "1 %a (*  //  " "1 %a (*<  //  " "1 %a ( NN-t}} = / 0 ,,#mm(3&*&L&L -  **;7;--.!333 //  & &q )! ,.@  //  & &q )! , NN-t}} = / 0 rIc tjj|jd|_|j t j |jt j |jt j |jt j |j}|jj}t|d<|j|}|j|}||j!t#j$t&t(t*k(sJ|j-|j.ddtddid |j-|j.ddt0d |ji|j-|j.d dtddid |j-|j.d dt2d |ji|j-|j.d ddj5t2|jd|jd|j t j |jt j |jt j |j}|j|t7|j.d k(sJ|j-|j.ddtddid |j-|j.ddt2d |ji|j-|j.d ddj5t2|jd|jdy)Nr5rrrrrrrrrr rrC$X-aws-ec2-metadata-token-ttl-seconds300PUTX-aws-ec2-metadata-tokenrDrErFr'rYrrrrrr)r6r7rGr8rrHrIrJrKrLAWS_IMDSV2_SESSION_TOKENrrIMDSV2_SESSION_TOKEN_URLrr?rrr:rQrRrMrrNrOrPrr)r=r>rvcredential_source_token_urlrArQrRs rGItest_retrieve_subject_token_success_temp_creds_no_environment_vars_idmsv2zYTestCredentials.test_retrieve_subject_token_success_temp_creds_no_environment_vars_idmsv20s. '//88  # #%9 ((%..#mm(3&*&L&L(3&*&C&C)  '+&<&<&A&A&C# % $ & ++9, $::7C  G G  & &}6G O!     //  " "1 %a ( $ 3U ;    //  " "1 %a (  ')F)F G //  " "1 %a ( $ 3U ;    //  " "1 %a (  ')F)F G //  " "1 %a ( NN-t}} = 2,0,I,I  ,,#mm(3&*&L&L(3&*&C&C -  **;7;--.!333 //  " "1 %a ( $ 3U ;    //  & &q )! ,  ')F)F G //  & &q )! , NN-t}} = 2,0,I,I  rIcptjj|jd|_|j t j |jt j |jt j |j}|jj}t|d<|j|}|j|}||jt!j"t$t&t(k(sJ|j+|j,ddtddid |j+|j,ddt.d |ji|j+|j,d dd j1t.|jd |jdyNr5r]rr rrCrVrWrXrYrDrErFr\r6r7rGr8rrHrIrKrLr^rrr_rr?rrr:rQrRrMrrNrPrr=r>rvr`rArQs rG`test_retrieve_subject_token_success_temp_creds_environment_vars_missing_secret_access_key_idmsv2zpTestCredentials.test_retrieve_subject_token_success_temp_creds_environment_vars_missing_secret_access_key_idmsv2'//88  # #%9 ((#mm(3&*&L&L(3&*&C&C ) '+&<&<&A&A&C# % $ & ++9, $::7C  G G  & &}6G O!     //  " "1 %a ( $ 3U ;    //  " "1 %a (  ')F)F G //  " "1 %a ( NN-t}} = 2,0,I,I  rIcptjj|jd|_|j t j |jt j |jt j |j}|jj}t|d<|j|}|j|}||jt!j"t$t&t(k(sJ|j+|j,ddtddid |j+|j,ddt.d |ji|j+|j,d dd j1t.|jd |jdyrcrdres rG\test_retrieve_subject_token_success_temp_creds_environment_vars_missing_access_key_id_idmsv2zlTestCredentials.test_retrieve_subject_token_success_temp_creds_environment_vars_missing_access_key_id_idmsv2rgrIcptjj|jd|_|j t j |jt j |jt j |j}|jj}t|d<|j|}|j|}||jt!j"t$t&t(k(sJ|j+|j,ddtddid |j+|j,ddt.d |ji|j+|j,d dd j1t.|jd |jdyrcrdres rGTtest_retrieve_subject_token_success_temp_creds_environment_vars_missing_creds_idmsv2zdTestCredentials.test_retrieve_subject_token_success_temp_creds_environment_vars_missing_creds_idmsv2 s '//88  # #%9 ((#mm(3&*&L&L(3&*&C&C ) '+&<&<&A&A&C# % $ & ++9, $::7C  G G  & &}6G O!     //  " "1 %a ( $ 3U ;    //  " "1 %a (  ')F)F G //  " "1 %a ( NN-t}} = 2,0,I,I  rIc`tjj|jd|_|j t j |j}|jj}t|d<|j|}|j||jrJy)Nr5)rrrr )r6r7rGr8rrHrIrKrrr_rr?called)r=r>rvr`rAs rG5test_retrieve_subject_token_success_temp_creds_idmsv2zETestCredentials.test_retrieve_subject_token_success_temp_creds_idmsv2=s'//88  # #%9 ((#$--) '+&<&<&A&A&C# % $ & ++9,  **73>>!!>rIc Ltjj|jd|_|j t j |jt j |jt j |jt j |j}|jj}|j|}|j|}||jt!j"t$t&t(k(sJ|j+|j,ddt.ddid|j+|j,ddt0d |ji|j+|j,d dt.ddid|j+|j,d dt2d |ji|j+|j,d dd j5t2|jd|jdy)Nr5rUr rrCrVrWrXrYrDrZr[rErFr\)r6r7rGr8rrHrIrJrKrLr^CREDENTIAL_SOURCE_IPV6rrr?rrr:rQrRrMrrNIMDSV2_SESSION_TOKEN_URL_IPV6REGION_URL_IPV6SECURITY_CREDS_URL_IPV6rres rG(test_retrieve_subject_token_success_ipv6z8TestCredentials.test_retrieve_subject_token_success_ipv6Xs&//88  # #%9 ((%..#mm(3&*&L&L(3&*&C&C)  '+&A&A&F&F&H#++9, $::7C  G G  & &}6G O!     //  " "1 %a ( ) 3U ;    //  " "1 %a (  ')F)F G //  " "1 %a ( ) 3U ;    //  " "1 %a ( # ')F)F G //  " "1 %a ( NN2DMM B 2,0,I,I  rIctjj|jd|_|j t j d}|jj}t|d<|j|}tjtj5}|j|dddj!dsJ|j#|j$ddtd d id y#1swYGxYw) Nr5 unauthorized)rrrr z$Unable to retrieve AWS Session TokenrrCrVrWrX)r6r7rGr8rrH UNAUTHORIZEDrrr_rrNrOrr>r?rSrrN)r=r>rvr`rArUs rG0test_retrieve_subject_token_session_error_idmsv2z@TestCredentials.test_retrieve_subject_token_session_error_idmsv2s&//88  # #%9 (((3(@(@&4) '+&<&<&A&A&C# % $ & ++9, ]]:22 3w  . .w 74}}DEEE //  " "1 %a ( $ 3U ;   4 3s )DD c |jj}|jdtjj |j d|_|jtj|jtj|jtj|}|j|j}|j|}||jt!j"t$t&k(sJy)Nr~r5rBr )rLrrr6r7rGr8rrHrIrJrKrrr?rrr:rQrR)r=r>security_creds_responservrArQs rGGtest_retrieve_subject_token_success_permanent_creds_no_environment_varszWTestCredentials.test_retrieve_subject_token_success_permanent_creds_no_environment_varss #'"H"H"M"M"O##G,&//88  # #%9 ((%..#mm(3&= ) ++d>T>T+U #::7C  G G  & &}6G H!    rIcV|jtjt|jtjt |jtj t|jtj|jtjj|jd|_ |j|j}|jd}||j!t#j$tt tk(sJyNr5r )setenvrAWS_ACCESS_KEY_IDrQAWS_SECRET_ACCESS_KEYrRAWS_SESSION_TOKENrMrJr6r7rGr8rrr?rrr:r=r> monkeypatchrArQs rG4test_retrieve_subject_token_success_environment_varszDTestCredentials.test_retrieve_subject_token_success_environment_varss+==}M+AACTU+==uE+66H&//88  # #%9 ++d>T>T+U #::4@  G G  & &}6G O!    rIcV|jtjt|jtjt |jtj t|jtj|jtjj|jd|_ |j|j}|j!d}||j#t%j&tt tk(sJyr}r~rrrQrrRrrMAWS_DEFAULT_REGIONrJr6r7rGr8rrr?rrr:rs rGHtest_retrieve_subject_token_success_environment_vars_with_default_regionzXTestCredentials.test_retrieve_subject_token_success_environment_vars_with_default_regions +==}M+AACTU+==uE+>>P&//88  # #%9 ++d>T>T+U #::4@  G G  & &}6G O!    rIc|jtjt|jtjt |jtj t|jtjd|jtj|jtjj|jd|_ |j|j}|j!d}||j#t%j&tt tk(sJy)NzMalformed AWS Regionr5r rrs rGJtest_retrieve_subject_token_success_environment_vars_with_both_regions_setzZTestCredentials.test_retrieve_subject_token_success_environment_vars_with_both_regions_sets +==}M+AACTU+==uE+>>@VW +66H&//88  # #%9 ++d>T>T+U #::4@  G G  & &}6G O!    rIc|jtjt|jtjt |jtj |j tjj|jd|_ |j|j}|jd}||jtj tt k(sJyr})r~rrrQrrRrJr6r7rGr8rrr?rrr:rs rGEtest_retrieve_subject_token_success_environment_vars_no_session_tokenzUTestCredentials.test_retrieve_subject_token_success_environment_vars_no_session_token s +==}M+AACTU+66H&//88  # #%9 ++d>T>T+U #::4@  G G  & &}6G H!    rIcX|jtjt|jtjt |jtj ttjj|jd|_ |jtj|j}|j!|j"}|j%|}||j't)j*tt tk(sJy)Nr5rrr )r~rrrQrrRrrMr6r7rGr8rrHrIrJrrr?rrr:)r=r>rrvrArQs rGBtest_retrieve_subject_token_success_environment_vars_except_regionzRTestCredentials.test_retrieve_subject_token_success_environment_vars_except_regions +==}M+AACTU+==uE&//88  # #%9 ((%..doo) ++d>T>T+U #::7C  G G  & &}6G O!    rIc4|jtj}|j|j}t j tj5}|j|dddjdsJy#1swYxYwN)rr zUnable to retrieve AWS region) rrH BAD_REQUESTrrrNrOrr>r?rSr=rvrArUs rG8test_retrieve_subject_token_error_determining_aws_regionzHTestCredentials.test_retrieve_subject_token_error_determining_aws_region1sy(({7N7N(O++d>T>T+U ]]:22 3w  . .w 74}}=>>>4 3 BBch|jtj|jtj}|j |j }tjtj5}|j|dddjdsJy#1swYxYw)N)rrrr z Unable to retrieve AWS role name) rrHrIrJrrrrNrOrr>r?rSrs rG6test_retrieve_subject_token_error_determining_aws_rolezFTestCredentials.test_retrieve_subject_token_error_determining_aws_role;s((%..#//)  ++d>T>T+U ]]:22 3w  . .w 74}}@AAA4 3s :B((B1c|jj}|jd|jtj |j }|j|}tjtj5}|j|dddjdsJy#1swYxYw)Nrrr zIUnable to determine the AWS metadata server security credentials endpoint)rrrrrHrIrJrrNrOrr>r?rS)r=rrvrArUs rG@test_retrieve_subject_token_error_determining_security_creds_urlzPTestCredentials.test_retrieve_subject_token_error_determining_security_creds_urlIs!22779e$((%..doo) ++>O+P ]]:22 3w  . .w 74}} X   4 3s B::Cc|jtj|jtj|jtj }|j |j}tjtj5}|j|dddjdsJy#1swYxYw)N)rrrrrr z+Unable to retrieve AWS security credentials)rrHrIrJrKrrrrNrOrr>r?rSrs rG@test_retrieve_subject_token_error_determining_aws_security_credszPTestCredentials.test_retrieve_subject_token_error_determining_aws_security_credsZs((%..#mm(3(?(? ) ++d>T>T+U ]]:22 3w  . .w 74}}KLLL4 3s CC z/google.auth.metrics.python_and_auth_lib_versionc tjj|jd|_|j t j ttt}ddtzdd}dtddjt|td }|jt j"|j$t j"|j&t j"|j(t j"|j* }|j-t.t0|j2t4td g }|j7|t9|j:d k(sJ|j=|j:dd|||j>|j*dk(sJ|j@t4k(sJ|jBtk(sJ|jDd gk(sJy)Nr5r&Basic _gl-python/3.7 auth/1.1 google-byoid-sdk sa-impersonation/false config-lifetime/false source/awsr'rx-goog-api-client/urn:ietf:params:oauth:grant-type:token-exchangerr grant_typerrequested_token_typerrQrrrrrrrrrignoredrrrrrrr[rZrCr#r6r7rGr8rrr:rQrRrMBASIC_AUTH_ENCODINGrrSCOPESrrrHrIrJrKrLSUCCESS_RESPONSErrrrr refreshrrNrtokenrrrr=r>mock_auth_lib_valueexpected_subject_token token_headerstoken_request_datarvrAs rG@test_refresh_success_without_impersonation_ignore_default_scopeszPTestCredentials.test_refresh_success_without_impersonation_ignore_default_scopesjs'//88  # #%9 "&!H!H  & &}6G O" @%(;;"C L $SXXf%3"4  ((%..#mm(3&*&L&L$,,)  ++'"44-%;,  G$7))*a/// ((  " "1 %a (-9K   D$9$9.$IIII++/????!!V+++))i[888rIc tjj|jd|_|j t j ttt}ddtzdd}dtddjt|td }|jt j"|j$t j"|j&t j"|j(t j"|j* }|j-t.t0|j2t4dt }|j7|t9|j:d k(sJ|j=|j:d d|||j>|j*dk(sJ|j@t4k(sJ|jBJ|jDtk(sJy)Nr5r&rrrrrrrrrr[rZrCrrrs rG=test_refresh_success_without_impersonation_use_default_scopeszMTestCredentials.test_refresh_success_without_impersonation_use_default_scopess'//88  # #%9 "&!H!H  & &}6G O" @%(;;"C L $SXXf%3"4  ((%..#mm(3&*&L&L$,,)  ++'"44-!,  G$7))*a/// ((  " "1 %a (-9K   D$9$9.$IIII++/????!!)))))V333rIz:google.auth.metrics.token_request_access_token_impersonatec tjj|jd|_t j j dtjdzjddz}|jtjttt}dd tzd d }d t d d|t"d}d|d}ddj%|j&dt(t*dd} dt,dd} |j/t0j2|j4t0j2|j6t0j2|j8t0j2|j&t0j2| } |j;t<t>|j@tBt(t,dg} | jE| tG| jHdk(sJ|jK| jHdd|||jM| jHdd| | | jN|d k(sJ| jPt(k(sJ| jRt,k(sJ| jTdgk(sJy)!Nr5r microsecondrsecondsTZr&r^gl-python/3.7 auth/1.1 google-byoid-sdk sa-impersonation/true config-lifetime/false source/awsrrr#https://www.googleapis.com/auth/iamrSA_ACCESS_TOKEN accessToken expireTimerF Bearer {}r0x0r' authorizationzx-goog-user-projectrzx-allowed-locations3600s delegatesrlifetime rrrrrrrrrrrrrrrrrrrZrCr[r+r6r7rGr8rr>replace timedelta isoformatrrr:rQrRrMrrrrrr 5IMPERSONATE_ACCESS_TOKEN_REQUEST_METRICS_HEADER_VALUErrrHrIrJrKrLrrrrrrrrNrrrrrr r=r>mock_metrics_header_valuer expire_timerrrrimpersonation_headersimpersonation_request_datarvrAs rG=test_refresh_success_with_impersonation_ignore_default_scopeszMTestCredentials.test_refresh_success_with_impersonation_ignore_default_scopess{'//88  # #%9  OO  % %! % 4x7I7IRV7W W )C.3 "&!H!H  & &}6G O" @%(;;"B L $S:3"4  -%"  /(//0E0En0UV#3!V#( ! & " ((%..#mm(3&*&L&L$,,!,5)  ++'"44.O-%;,   G$7))*a/// ((  " "1 %a (-9K 00  " "1 %a ( ! &   $:=$IIII++/????!!V+++))i[888rIc  tjj|jd|_t j j dtjdzjddz}|jtjttt}dd tzd d }d t d d|t"d}d|d}ddj%|j&dt(t*dd} dt,dd} |j/t0j2|j4t0j2|j6t0j2|j8t0j2|j&t0j2| } |j;t<t>|j@tBt(dt,} | jE| tG| jHdk(sJ|jK| jHdd|||jM| jHdd| | | jN|dk(sJ| jPt(k(sJ| jRJ| jTt,k(sJy) Nr5rrrrrrr&rrrrrrrrrrFrrrrrrrrrrZrCr[rrrs rG:test_refresh_success_with_impersonation_use_default_scopeszJTestCredentials.test_refresh_success_with_impersonation_use_default_scopes=su'//88  # #%9  OO  % %! % 4x7I7IRV7W W )C.3 "&!H!H  & &}6G O" @%(;;"B L $S:3"4  -%"  /(//0E0En0UV#3!V#( ! & " ((%..#mm(3&*&L&L$,,!,5)  ++'"44.O-!,   G$7))*a/// ((  " "1 %a (-9K 00  " "1 %a ( ! &   $:=$IIII++/????!!)))))V333rIc4|jtj}|j|j}t j tj5}|j|dddjdsJy#1swYxYwr) rrHrrrrNrOrr>rrSrs rG.test_refresh_with_retrieve_subject_token_errorz>TestCredentials.test_refresh_with_retrieve_subject_token_errorsy(({7N7N(O++d>T>T+U ]]:22 3w    (4}}=>>>4 3rctjj|jd|_|j }t j tt}t||j}|j|}|j|}||jt j ttk(sJyNr5rnr?r)r6r7rGr8rrr:rQrRrfrJrr?rr=r>rvrnrrArQs rG1test_retrieve_subject_token_success_with_supplierzATestCredentials.test_retrieve_subject_token_success_with_suppliers&//88  # #%9 ((*"99 , 6!5doo ++h+W #::7C  G G  & &}6G H!    rIctjj|jd|_|j }t j ttt}t||j}|j|}|j|}||jt j tttk(sJyr)r6r7rGr8rrr:rQrRrMrfrJrr?rrs rG?test_retrieve_subject_token_success_with_supplier_session_tokenzOTestCredentials.test_retrieve_subject_token_success_with_supplier_session_tokens&//88  # #%9 ((*"99 ,e 6!5doo ++h+W #::7C  G G  & &}6G O!    rIcptjj|jd|_|j }t j tt}tjtt}t||j|}|j|}|j!|y)Nr5)rnr?rqr)r6r7rGr8rrSupplierContextrrrr:rQrRrfrJrr?)r=r>rvrqrnrrAs rGAtest_retrieve_subject_token_success_with_supplier_correct_contextzQTestCredentials.test_retrieve_subject_token_success_with_supplier_correct_contexts&//88  # #%9 ((*+;;   #99 , 6!5??-  ++h+W **73rIcX|j}tjd}t|j|}|j |}t jtj5}|j|dddjdsJy#1swYxYw)N Test error)r?ror) rrr>rfrJrrNrOrrS)r=rvexpected_exceptionrrArUs rG/test_retrieve_subject_token_error_with_supplierz?TestCredentials.test_retrieve_subject_token_error_with_suppliers((*'44\B5??:L ++h+W ]]:22 3w    (4}}]+++4 3s 2B  B)c|j}tjd}tjt t }t||}|j|}tjtj5}|j|dddjdsJy#1swYxYw)Nr)rnrpr) rrr>rr:rQrRrfrrNrOrrS)r=rvrrnrrArUs rG6test_retrieve_subject_token_error_with_supplier_regionzFTestCredentials.test_retrieve_subject_token_error_with_supplier_regions((*'44\B"99 , 6!5/  ++h+W ]]:22 3w    (4}}]+++4 3s B44B=c tjj|jd|_t j j dtjdzjddz}|jtjttt}dd tzd d }d t d d|t"d}d|d}ddj%|j&dt(t*dd}dt,dd} |j/t0j2|j&t0j2|} t5tjttt|j6} |j9t:t<| t>t(t,dg} | jA| tC| jDdk(sJ|jG| jDdd|||jI| jDdd|| | jJ|dk(sJ| jLt(k(sJ| jNt,k(sJ| jPdgk(sJy) Nr5rrrrrrr&rzggl-python/3.7 auth/1.1 google-byoid-sdk sa-impersonation/true config-lifetime/false source/programmaticrrrrrrrrFrrrrrr)rrrrrr)rrrrrrrrDrCr))r6r7rGr8rr>rrrrrr:rQrRrMrrrrrr rrrrHrIrfrJrrrrrrrNrrrrrr) r=r>rrrrrrrrrvrrAs rG5test_refresh_success_with_supplier_with_impersonationzETestCredentials.test_refresh_success_with_supplier_with_impersonation st'//88  # #%9  OO  % %! % 4x7I7IRV7W W )C.3 "&!H!H  & &}6G O" @%(;;"K L $S:3"4  -%"  /(//0E0En0UV#3!V#( ! & " (($,,!,5 ) 6!$!;!;0%"??  ++'.6.O-%;,   G$7))*a/// ((  " "1 %a (-9K 00  " "1 %a ( ! &   $:=$IIII++/????!!V+++))i[888rIctjj|jd|_|j t j ttt}ddtzdd}dtddjt|td }|jt j"|j$ }t't j ttt|j( }|j+t,t.|t0td g }|j3|t5|j6dk(sJ|j9|j6dd|||j:|j$dk(sJ|j<t0k(sJ|j>tk(sJ|j@d gk(sJy)Nr5r&rzhgl-python/3.7 auth/1.1 google-byoid-sdk sa-impersonation/false config-lifetime/false source/programmaticrrrrr)rrrr)rrrrrrrCrr)!r6r7rGr8rrr:rQrRrMrrrrrrrHrIrrfrJrrrr rrrNrrrrr) r=r>rrrrrvrrAs rG"test_refresh_success_with_supplierz2TestCredentials.test_refresh_success_with_supplier_ s '//88  # #%9 "&!H!H  & &}6G O" @%(;;"L L $SXXf%3"4  (($D4I4I) 6!$!;!;0%"??  ++'.6-%;,  G$7))*a/// ((  " "1 %a (-9K   D$9$9.$IIII++/????!!V+++))i[888rI)r)r/) NNNNNNNNNNNN)Nr)_r\r]r^rJrKrQrRrMrLr^rGrOrPCRED_VERIFICATION_URLrrrrsrqrprrr classmethodrrrrrrrrrrbrcobjectrrrrrrr rrrrrr"r&r(r-r/r2r7r:r<r@rSdictosenvironrarrrfrrirkrnrtrxr{rrrrrrrrr!LANG_LIBRARY_METRICS_HEADER_VALUErrrrrrrrrrrrrrdrIrGr{r{suJH$,)% 7/  !*? !%&*?$A 'L&!  ] - - ^$("&!$("&WWr*.%*.  87< , ,>G H H +L ) ) ZZs F  G  D ZZs F G 8 ZZs F G < ZZs F" G" H ZZs F G :K   KKX  <G.>   " @TZZ-.9 /9 vTZZ-. ZZ__RZZ$d %/d LTZZ-. ZZ__  ' '  . .  / // bTZZ-. ZZ__  ' '  2 24E / // bTZZ-. ZZ__RZZ"2"="=z!JK/ L// bTZZ-. ZZ__  ' '  . .  2 24E "/"$TZZ-.: /: xTZZ-. / :TZZ-. / 4TZZ-. / TZZ-. / $TZZ-. / ,TZZ-. / "TZZ-. / *? B "M TZZ96TZZ-.49/  49lTZZ96TZZ-.44/  44lTZZDJTZZ96TZZ-.R9/  R9hTZZDJTZZ96TZZ-.R4/  R4h?TZZ-. / (TZZ-. / (TZZ-.4/4, ,,$TZZ96TZZ-.T9/  T9lTZZ96TZZ-.39/  39rIr{):r6 http.clientclientrHrr urllib.parserrbrN google.authrrrrrrgoogle.auth.credentialsr rrrrrSERVICE_ACCOUNT_EMAIL&SERVICE_ACCOUNT_IMPERSONATION_URL_BASErr5rr rrrrrrOr_rPrrrqrsrrQrRrMREQUEST_PARAMSr+INVALID_TOKEN_URLSr4*INVALID_SERVICE_ACCOUNT_IMPERSONATION_URLSrunquoterarr2AwsSecurityCredentialsSupplierrfr{rdrIrGrs!  2("!;@6%=!   0K4'+b*h*h+'+-TT"& H  1 ;B v R DWW IFU' > zn < ,(.*F *!K ) ?@ *"U&7 4 *!K 7 ?@ 8"U&7 4 *!K , ?@ -"U&7 4 *!K / ?@ 0"U&7 4 *!K 3 ?@ 4"U&7 4 *!K : ?@ ;"U&7 4 *!K 6 ?@ 7"U&7 4 *!K 188 $$[1 ?@  288 $$[1"U&7 < *!K * ?Q +"Y&7  6 *!K * ?Q +"Y&7  6 *!K * ?gN +"W&7  6 *!K * C7 +"b& C7   !@ *!K 2 ?@ 3"U&7 0 *!2# b c!?" y"y60(-  6 *!2# d e!?" y"y60(-  6 '>OPd e!?" d"d60  , *!2# > < ?# ?!?" X"X;0 < ?(- # # { ~ B;9;9|)K)K