a !f|$@s~dZddlZddlZddlZddlmZddlmZddlm Z ddlm Z ddlm Z dd Z d d Z d d ZdddZdS)z7A simple wrapper around the OAuth2 credentials library.N) urlencode)client)UTC)_NOW)_microseconds_from_datetimecCs tjS)a$Gets credentials implicitly from the current environment. .. note:: You should not need to use this function directly. Instead, use a helper method which uses this method under the hood. Checks environment in order of precedence: * Google App Engine (production and testing) * Environment variable :envvar:`GOOGLE_APPLICATION_CREDENTIALS` pointing to a file with stored credentials information. * Stored "well known" file associated with ``gcloud`` command line tool. * Google Compute Engine production environment. The file referred to in :envvar:`GOOGLE_APPLICATION_CREDENTIALS` is expected to contain information about credentials that are ready to use. This means either service account information or user account information with a ready-to-use refresh token: .. code:: json { 'type': 'authorized_user', 'client_id': '...', 'client_secret': '...', 'refresh_token': '...' } or .. code:: json { 'type': 'service_account', 'client_id': '...', 'client_email': '...', 'private_key_id': '...', 'private_key': '...' } The second of these is simply a JSON key downloaded from the Google APIs console. The first is a close cousin of the "client secrets" JSON file used by :mod:`oauth2client.clientsecrets` but differs in formatting. :rtype: :class:`oauth2client.client.GoogleCredentials`, :class:`oauth2client.contrib.appengine.AppAssertionCredentials`, :class:`oauth2client.contrib.gce.AppAssertionCredentials`, :class:`oauth2client.service_account.ServiceAccountCredentials` :returns: A new credentials instance corresponding to the implicit environment. )rZGoogleCredentialsZget_application_defaultrrS/var/www/html/python-backend/venv/lib/python3.9/site-packages/gcloud/credentials.pyget_credentialss5r cCsHt|dstdt|||\}}t|}|j}|t||dS)alGets query parameters for creating a signed URL. :type credentials: :class:`oauth2client.client.AssertionCredentials` :param credentials: The credentials used to create a private key for signing text. :type expiration: int or long :param expiration: When the signed URL should expire. :type string_to_sign: string :param string_to_sign: The string to be signed by the credentials. :raises AttributeError: If :meth: sign_blob is unavailable. :rtype: dict :returns: Query parameters matching the signing credentials with a signed payload. sign_blobzyou need a private key to sign credentials.the credentials you are currently using %s just contains a token. see https://googlecloudplatform.github.io/gcloud-python/stable/gcloud-auth.html#setting-up-a-service-account for more details.)ZGoogleAccessIdZExpires Signature)hasattrAttributeErrortyper base64 b64encodeZservice_account_emailstr) credentials expirationstring_to_sign_Zsignature_bytes signatureZservice_account_namerrr_get_signed_query_paramsUs  rcCs^t|tjr"tjtd}||}t|tjr>t|}|d}t|tjsZt dt ||S)aIConvert 'expiration' to a number of seconds in the future. :type expiration: int, long, datetime.datetime, datetime.timedelta :param expiration: When the signed URL should expire. :raises TypeError: When expiration is not an integer. :rtype: int :returns: a timestamp as an absolute number of seconds. )tzinfoi@Bz=Expected an integer timestamp, datetime, or timedelta. Got %s) isinstancedatetime timedeltarreplacerrsix integer_types TypeErrorr)rnowmicrosrrr_get_expiration_secondszs   r"GETc Csxt|}d||pd|pdt||g} t||| } |durD|| d<|durT|| d<| durd| | d<dj||t| dS) a Generate signed URL to provide query-string auth'n to a resource. .. note:: Assumes ``credentials`` implements a ``sign_blob()`` method that takes bytes to sign and returns a pair of the key ID (unused here) and the signed bytes (this is abstract in the base class :class:`oauth2client.client.AssertionCredentials`). Also assumes ``credentials`` has a ``service_account_email`` property which identifies the credentials. .. note:: If you are on Google Compute Engine, you can't generate a signed URL. Follow `Issue 922`_ for updates on this. If you'd like to be able to generate a signed URL from GCE, you can use a standard service account from a JSON file rather than a GCE service account. See headers `reference`_ for more details on optional arguments. .. _Issue 922: https://github.com/GoogleCloudPlatform/ gcloud-python/issues/922 .. _reference: https://cloud.google.com/storage/docs/reference-headers :type credentials: :class:`oauth2client.appengine.AppAssertionCredentials` :param credentials: Credentials object with an associated private key to sign text. :type resource: string :param resource: A pointer to a specific resource (typically, ``/bucket-name/path/to/blob.txt``). :type expiration: :class:`int`, :class:`long`, :class:`datetime.datetime`, :class:`datetime.timedelta` :param expiration: When the signed URL should expire. :type api_access_endpoint: str :param api_access_endpoint: Optional URI base. Defaults to empty string. :type method: str :param method: The HTTP verb that will be used when requesting the URL. Defaults to ``'GET'``. :type content_md5: str :param content_md5: (Optional) The MD5 hash of the object referenced by ``resource``. :type content_type: str :param content_type: (Optional) The content type of the object referenced by ``resource``. :type response_type: str :param response_type: (Optional) Content type of responses to requests for the signed URL. Used to over-ride the content type of the underlying resource. :type response_disposition: str :param response_disposition: (Optional) Content disposition of responses to requests for the signed URL. :type generation: str :param generation: (Optional) A value that indicates which generation of the resource to fetch. :rtype: string :returns: A signed URL you can use to access the resource until expiration.  r#Nzresponse-content-typezresponse-content-disposition generationz"{endpoint}{resource}?{querystring})ZendpointresourceZ querystring)r"joinrrformatr) rr'rZapi_access_endpointmethodZ content_md5 content_typeZ response_typeZresponse_dispositionr&rZ query_paramsrrrgenerate_signed_urls,Ir,)r#r$NNNNN)__doc__rrrZsix.moves.urllib.parserZ oauth2clientrZgcloud._helpersrrrr rr"r,rrrrs      8%