o €Ï·ã@sºdZddlmZddlmZddlmZddlZddlmZddlm Z ddlm Z dd l mZd ZGd d „d ejƒZGd d„deƒZGdd„deƒZdd„Zdd„Zdd„Zdd„ZdS)z$Manages logic for external accounts.é)Úabsolute_import)Údivision)Úunicode_literalsN)Ú exceptions©Úcreds)Ú introspect)ÚfilesÚexternal_accountc@óeZdZdZdS)ÚErrorzErrors raised by this module.N©Ú__name__Ú __module__Ú __qualname__Ú__doc__©rrúI/tmp/google-cloud-sdk/lib/googlecloudsdk/api_lib/auth/external_account.pyr ór c@r )ÚBadCredentialFileExceptionz Raised when file cannot be read.Nr rrrrr#rrc@r )ÚBadCredentialJsonFileExceptionz2Raised when the JSON file is in an invalid format.Nr rrrrr'rrc CsRt |¡}zt |¡}Wnty }ztd ||¡ƒ‚d}~wwt|ƒr'|SdS)aReturns the JSON content if the file corresponds to an external account. This function is useful when the content of a file need to be inspected first before determining how to handle it. More specifically, it would check a config file contains an external account cred and return its content which can then be used with CredentialsFromAdcDictGoogleAuth (if the contents correspond to an external account cred) to avoid having to open the file twice. Args: filename (str): The filepath to the ADC file representing an external account credentials. Returns: Optional(Mapping): The JSON content if the configuration represents an external account. Otherwise None is returned. Raises: BadCredentialFileException: If JSON parsing of the file fails. z!Could not read json file {0}: {1}N)r ÚReadFileContentsÚjsonÚloadsÚ ValueErrorrÚformatÚIsExternalAccountConfig)ÚfilenameÚcontentÚ content_jsonÚerrrÚ#GetExternalAccountCredentialsConfig+s ÿ€þr!cCs|pi d¡tkS)zGReturns whether a JSON content corresponds to an external account cred.Útype)ÚgetÚ_EXTERNAL_ACCOUNT_TYPE)rrrrrNsrcCs,d|vs |dtkrtdƒ‚t t |¡¡S)a Creates external account creds from a dict of application default creds. Args: external_config (Mapping): The configuration dictionary representing the credentials. This is loaded from the ADC file typically. Returns: google.auth.external_account.Credentials: The initialized external account credentials. Raises: BadCredentialJsonFileException: If the config format is invalid. googlecloudsdk.core.credentials.creds.InvalidCredentialsError: If the provided configuration is invalid or unsupported. r"z@The provided credentials configuration is not in a valid format.)r$rÚc_credsÚFromJsonGoogleAuthrÚdumps)Úexternal_configrrrÚ CredentialsFromAdcDictGoogleAuthSs  ÿr)cCs8t |¡st |¡st |¡rt|ddƒpt |¡SdS)aFReturns the account identifier corresponding to the external account creds. Args: creds (google.auth.credentials.Credentials): The credentials whose account ID is to be returned. Returns: Optional(str): The corresponding account ID, or None if the credentials are not external_account credentials. Úservice_account_emailN)r%ÚIsExternalAccountCredentialsÚ IsExternalAccountUserCredentialsÚ*IsExternalAccountAuthorizedUserCredentialsÚgetattrÚ c_introspectÚGetExternalAccountIdrrrrr0ks ÿþ ÿr0)rÚ __future__rrrrÚgooglecloudsdk.corerÚgooglecloudsdk.core.credentialsrr%rr/Úgooglecloudsdk.core.utilr r$r rrr!rr)r0rrrrÚs"       #