a !f7@s\dZddlZddlZddlmZddlmZddlmZe e Z dZ Gdddej ZdS) zoUtilities for Google Compute Engine Utilities for making it easier to use OAuth 2.0 on Google Compute Engine. N) http_client)client) _metadatazYou have requested explicit scopes to be used with a GCE service account. Using this argument will have no effect on the actual scopes for tokens requested. These scopes are set at VM instance creation time and can't be overridden in the request. csjeZdZdZdfdd ZeddZddZd d Zd d Z d dZ e ddZ ddZ ddZZS)AppAssertionCredentialsaCredentials object for Compute Engine Assertion Grants This object will allow a Compute Engine instance to identify itself to Google and other OAuth 2.0 servers that can verify assertions. It can be used for the purpose of accessing data stored under an account assigned to the Compute Engine instance itself. This credential does not require a flow to instantiate because it represents a two legged flow, and therefore has all of the required information to generate and refresh its own access tokens. Note that :attr:`service_account_email` and :attr:`scopes` will both return None until the credentials have been refreshed. To check whether credentials have previously been refreshed use :attr:`invalid`. NcsNd|vrttd|d<tt|jdg|Ri|||_d|_d|_dS)aYConstructor for AppAssertionCredentials Args: email: an email that specifies the service account to use. Only necessary if using custom service accounts (see https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#createdefaultserviceaccount). scopesNT) warningswarn_SCOPES_WARNINGsuperr__init__service_account_emailrinvalid)selfemailargskwargs __class__Y/var/www/html/python-backend/venv/lib/python3.9/site-packages/oauth2client/contrib/gce.pyr 9s z AppAssertionCredentials.__init__cCs tddSNz6Cannot serialize credentials for GCE service accounts.NotImplementedError)clsZ json_datarrr from_jsonMsz!AppAssertionCredentials.from_jsoncCs tddSrrrrrrto_jsonRszAppAssertionCredentials.to_jsoncCs|||jS)aRetrieves the canonical list of scopes for this access token. Overrides client.Credentials.retrieve_scopes. Fetches scopes info from the metadata server. Args: http: httplib2.Http, an http object to be used to make the refresh request. Returns: A set of strings containing the canonical list of scopes. )_retrieve_infor)rhttprrrretrieve_scopesVs z'AppAssertionCredentials.retrieve_scopescCs8|jr4tj||jpdd}d|_|d|_|d|_dS)zRetrieves service account info for invalid credentials. Args: http: an object to be used to make HTTP requests. defaultZservice_accountFrrN)r rZget_service_account_infor r)rrinforrrrfs z&AppAssertionCredentials._retrieve_infoc Cs`z&||tj||jd\|_|_Wn4tjyZ}zt t |WYd}~n d}~00dS)aRefreshes the access token. Skip all the storage hoops and just refresh using the API. Args: http: an object to be used to make HTTP requests. Raises: HttpAccessTokenRefreshError: When the refresh fails. r!N) rr get_tokenr Z access_tokenZ token_expiryr HTTPExceptionrZHttpAccessTokenRefreshErrorstr)rrerrrrr_refreshts  z AppAssertionCredentials._refreshcCs tddSrrrrrrserialization_datasz*AppAssertionCredentials.serialization_datacCsdS)NFrrrrrcreate_scoped_requiredsz.AppAssertionCredentials.create_scoped_requiredcCs tddS)auCryptographically sign a blob (of bytes). This method is provided to support a common interface, but the actual key used for a Google Compute Engine service account is not available, so it can't be used to sign content. Args: blob: bytes, Message to be signed. Raises: NotImplementedError, always. z1Compute Engine service accounts cannot sign blobsNr)rZblobrrr sign_blobs z!AppAssertionCredentials.sign_blob)N)__name__ __module__ __qualname____doc__r classmethodrrrrr'propertyr(r)r* __classcell__rrrrr's  r)r.loggingrZ six.movesrZ oauth2clientrZoauth2client.contribr getLoggerr+loggerr ZAssertionCredentialsrrrrrs