SrSSKJr SSKJr SSKJr SSKrSSKJr SSKJ r SSKJ r SS K Jr S r"S S \R 5r"S S\5r"SS\5rSrSrSrSrg)z$Manages logic for external accounts.)absolute_import)division)unicode_literalsN) exceptionscreds) introspect)filesexternal_accountc\rSrSrSrSrg)ErrorzErrors raised by this module.N__name__ __module__ __qualname____firstlineno____doc____static_attributes__r3lib/googlecloudsdk/api_lib/auth/external_account.pyr r s%rr c\rSrSrSrSrg)BadCredentialFileException#z Raised when file cannot be read.rNrrrrrr#s(rrc\rSrSrSrSrg)BadCredentialJsonFileException'z2Raised when the JSON file is in an invalid format.rNrrrrrr's:rrc[R"U5n[R"U5n[U5(aU$g![an[ SR X55eSnAff=f)aReturns the JSON content if the file corresponds to an external account. This function is useful when the content of a file need to be inspected first before determining how to handle it. More specifically, it would check a config file contains an external account cred and return its content which can then be used with CredentialsFromAdcDictGoogleAuth (if the contents correspond to an external account cred) to avoid having to open the file twice. Args: filename (str): The filepath to the ADC file representing an external account credentials. Returns: Optional(Mapping): The JSON content if the configuration represents an external account. Otherwise None is returned. Raises: BadCredentialFileException: If JSON parsing of the file fails. z!Could not read json file {0}: {1}N)r ReadFileContentsjsonloads ValueErrorrformatIsExternalAccountConfig)filenamecontent content_jsones r#GetExternalAccountCredentialsConfigr*+sm,  " "8 ,'::g&L \**    $%H%O%O& sA A* A%%A*cDU=(d 0RS5[:H$)zGReturns whether a JSON content corresponds to an external account cred.type)get_EXTERNAL_ACCOUNT_TYPE)r(s rr%r%Ns  " ! !& )-C CCrcSU;d US[:wa [S5e[R"[R "U55$)a Creates external account creds from a dict of application default creds. Args: external_config (Mapping): The configuration dictionary representing the credentials. This is loaded from the ADC file typically. Returns: google.auth.external_account.Credentials: The initialized external account credentials. Raises: BadCredentialJsonFileException: If the config format is invalid. googlecloudsdk.core.credentials.creds.InvalidCredentialsError: If the provided configuration is invalid or unsupported. r,z@The provided credentials configuration is not in a valid format.)r.rc_credsFromJsonGoogleAuthr!dumps)external_configs r CredentialsFromAdcDictGoogleAuthr4SsH  O#f!77 (J LL  # #DJJ$? @@rc[R"U5(d6[R"U5(d"U5(a*[ USS5=(d [ R "U5$g)a8Returns the account identifier corresponding to the external account creds. Args: creds (google.auth.credentials.Credentials): The credentials whose account ID is to be returned. Returns: Optional(str): The corresponding account ID, or None if the credentials are not external_account credentials. service_account_emailN)r0IsExternalAccountCredentials IsExternalAccountUserCredentials*IsExternalAccountAuthorizedUserCredentialsgetattr c_introspectGetExternalAccountIdrs rr<r<ks_**511 ..u55 88?? E2D 9 5  - -e 46 r)r __future__rrrr!googlecloudsdk.corergooglecloudsdk.core.credentialsrr0r r;googlecloudsdk.core.utilr r.r rrr*r%r4r<rrrrAsi+&' *<F*+&J  &));U; FD A0r