@PSrSSKJr SSKJr SSKJr SSKrSSKrSSKrSSKJ r SSK J r SSK J r SS K J r SS K Jr SS K Jr SS KJr SS KJr SSKJr SSKrSrSrSrSrSrSrSr\\\\/rSr"SS\ R@5r "SS\ 5r!"SS\ 5r"Sr#Sr$"SS \RJ"\RL\'55r("S!S"\(5r)"S#S$\(5r*"S%S&\(5r+"S'S(\(5r,"S)S*\(5r-"S+S,\(5r.S3S-jr/S.r0S/r1S4S0jr2S1r3S2r4g)5z#A library to support auth commands.)absolute_import)division)unicode_literalsN) check_browser)config) exceptions)log) properties)yaml) console_io)creds)fileszH764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.comzd-FL95Q19q7MQmFpd7hHD0Tyz.https://www.googleapis.com/auth/cloud-platformz0https://www.googleapis.com/auth/sqlservice.loginz%https://www.googleapis.com/auth/drivez.https://www.googleapis.com/auth/userinfo.emailopenid installedc\rSrSrSrSrg)Error;z A base exception for this class.N__name__ __module__ __qualname____firstlineno____doc____static_attributes__r'lib/googlecloudsdk/api_lib/auth/util.pyrr;s(rrc\rSrSrSrSrg)InvalidClientSecretsError@z:An error for when we fail to load the client secrets file.rNrrrrrr@sBrrc\rSrSrSrSrg)BadCredentialFileExceptionEz,Raised when credentials file cannot be read.rNrrrrr"r"Es4rr"cL[R"U5n[ U[5(d[SR U55eU$![an[SR X55eSnAf[R an[SR X55eSnAff=f)aReturns the JSON content of a credentials config file. This function is useful when the content of a file need to be inspected first before determining how to handle it (how to initialize the underlying credentials). Only UTF-8 JSON files are supported. Args: filename (str): The filepath to the ADC file representing credentials. Returns: Optional(Mapping): The JSON content. Raises: BadCredentialFileException: If JSON parsing of the file fails. z"File {0} is not utf-8 encoded: {1}Nz!Could not read json file {0}: {1}zCould not read json file {0})r load_pathUnicodeDecodeErrorr"formatYAMLParseError isinstancedict)filenamecontentes rGetCredentialsConfigFromFiler.Js"nnX&G GT " " $&--h7 99 . B $,33H@ BB   $%H%O%O& s#A B#A--B#BB#cSSKJn URU5(a/[R"UR R 55 g[R"U5 g)z2Prints help messages when auth flow throws errors.r) context_awareN)googlecloudsdk.corer0IsContextAwareAccessDeniedErrorr errorContextAwareAccessErrorGet)excdefault_help_msgr0s r_HandleFlowErrorr8ms@022377IIm33779:IIrcP\rSrSrSrSrS Sjr\RS5r Sr Sr g) FlowRunnerxzBase auth flow runner class. Attributes: _scopes: [str], The list of scopes to authorize. _client_config: The client configuration in the Google client secrets format. z,There was a problem with web authentication.NcRXlX lX0lUR5UlgN)_scopes_client_config _redirect_uri _CreateFlow_flow)selfscopes client_config redirect_uris r__init__FlowRunner.__init__s#L'%!!#DJrcgr=r)rCs rrAFlowRunner._CreateFlowsrc SSKJn URR"S0UD6$!URan[ X0R 5 eSnAff=f)Nrflowr)googlecloudsdk.core.credentialsrMrBRunrr8_FLOW_ERROR_HELP_MSG)rCkwargsc_flowr-s rrOFlowRunner.RunsE> ZZ^^ %f %% << q334  s$AA  A)r?rBr@r>r=) rrrrrrPrGabcabstractmethodrArOrrrrr:r:xs4H$    rr:c\rSrSrSrSrSrg) OobFlowRunnerzA flow runner to run OobFlow.cSSKJn URRURUR [ RRRR5(+S9$NrrLautogenerate_code_verifier) rNrMOobFlowfrom_client_configr?r>r VALUESauthdisable_code_verifierGetBoolrCrRs rrAOobFlowRunner._CreateFlowsQ> >> , ,  '1'8'8'='=  wwy$) - **rrNrrrrrrArrrrrWrWs %*rrWc\rSrSrSrSrSrg)NoBrowserFlowRunnerz#A flow runner to run NoBrowserFlow.cSSKJn URRURUR [ RRRR5(+S9$rZ) rNrM NoBrowserFlowr^r?r>r r_r`rarbrcs rrANoBrowserFlowRunner._CreateFlowsS>    2 2  '1'8'8'='=  wwy$) 3 **rrNrerrrrgrgs +*rrgc\rSrSrSrSrSrg)"RemoteLoginWithAuthProxyFlowRunnerz2A flow runner to run RemoteLoginWithAuthProxyFlow.cSSKJn URRURUR [ RRRR5(+URS9$)NrrL)r\rF) rNrMRemoteLoginWithAuthProxyFlowr^r?r>r r_r`rarbr@rcs rrA.RemoteLoginWithAuthProxyFlowRunner._CreateFlows]>  . . A A  '1'8'8'='=  wwy$)'' B ))rrNrerrrrmrms : )rrmc\rSrSrSrSrSrg)NoBrowserHelperRunnerz)A flow runner to run NoBrowserHelperFlow.c.SSKJn URRURUR [ RRRR5(+S9$!URa [R"S5 ef=f)NrrLr[zCannot start a local server to handle authorization redirection. Please run this command on a machine where gcloud can start a local server.)rNrMNoBrowserHelperFlowr^r?r>r r_r`rarbLocalServerCreationErrorr r3rcs rrA!NoBrowserHelperRunner._CreateFlows>   ' ' : :    ,,)3):):)?)? &+;,,  * *  ii34  s A#A,,(BrNrerrrrsrss 1 rrsc"\rSrSrSrSrSrSrg) BrowserFlowWithOobFallbackRunnerz?A flow runner to try normal web flow and fall back to oob flow.zXThere was a problem with web authentication. Try running again with --no-launch-browser.c2SSKJn URRURUR [ RRRR5(+S9$!URan[R"U5 [R"S5 URRURUR [ RRRR5(+S9sSnA$SnAff=f)NrrLr[z"Defaulting to URL copy/paste mode.)rNrM FullWebFlowr^r?r>r r_r`rarbrwr warningr]rCrRr-s rrA,BrowserFlowWithOobFallbackRunner._CreateFlows> ,    2 2    ,,)3):):)?)? &+3,,  * *, kk!n kk67 ^^ . .    ,,)3):):)?)? &+/,,,A#A,,Dr r_r`rarbrwr r~rjrs rrA2BrowserFlowWithNoBrowserFallbackRunner._CreateFlows> ,    2 2    ,,)3):):)?)? &+3,,  * *, kk!n kk45  ! ! 4 4    ,,)3):):)?)? &+5,,,rrNrrrrrrsMA,rrcU(a6[R"U5n[R"U5sSSS5 $[ 5$!,(df  [ 5$=f)zECreates a client config from a client id file or gcloud's properties.N)r FileReaderjsonload+_CreateGoogleAuthClientConfigFromProperties)client_id_filefs r_CreateGoogleAuthClientConfigr sC   . )Q YYq\ * ) 4 66 * ) 4 66s A Acd[RRRR SS9n[ R "5n[RRRR SS9n[RRRR SS9nSUUUUS.0$)z1Creates a client config from gcloud's properties.T)requiredr) client_id client_secretauth_uri token_uri) r r_r` auth_hostr5r GetDefaultTokenUrirr)rrrrs rrrs    # # - - 1 14 1 @(&&()$$..22D2A)##((66::D:I- (  rc@USS[R[4;$)Nrr)rCLOUDSDK_CLIENT_ID%DEFAULT_CREDENTIALS_DEFAULT_CLIENT_ID)rEs r_IsGoogleOwnedClientIDr$s*  $[ 1'')N O PQrcTSSKJn SSKJn SSKJn U(a [ U5 U(d [U5nU(d0n[R"SS9n U(a[X5R"S 0UD6n OU(a6U (dU RS5e[X5R"S SU0UD6n OU(a[XU5R"S 0UD6n OrU (dPU(a,[U5(d[X5R"S 0UD6n O8[XU5R"S 0UD6n O[!X5R"S 0UD6n U (aX[#XR$5(a!SS KJn U R$R)U 5$[#XR$5(aU $g g ) aLaunches a 3LO oauth2 flow to get google-auth credentials. Args: scopes: [str], The list of scopes to authorize. client_id_file: str, The path to a file containing the client id and secret to use for the flow. If None, the default client id for the Cloud SDK is used. client_config: Optional[Mapping], the client secrets and urls that should be used for the OAuth flow. no_launch_browser: bool, True if users specify --no-launch-browser flag to use the remote login with auth proxy flow. no_browser: bool, True if users specify --no-browser flag to ask another gcloud instance to help with authorization. remote_bootstrap: str, The auth parameters specified by --remote-bootstrap flag. Once used, it means the command is to help authorize another gcloud (i.e. gcloud without access to browser). query_params: Optional[Mapping], extra params to pass to the flow during `Run`. These params end up getting used as query params for authorization_url. auth_proxy_redirect_uri: str, The uri where OAuth service will redirect the user to once the authentication is complete for a remote login with auth proxy flow. Returns: core.credentials.google_auth_credentials.Credentials, The credentials obtained from the flow. r) external_account_authorized_user) credentialsrLT)attempt_launch_browserzbCannot launch browser. Please run this command on a machine where gcloud can launch a web browser.partial_auth_url)google_auth_credentialsNr) google.authr google.oauth2rrNrM!AssertClientSecretIsInstalledTyperrShouldLaunchBrowserrgrOWebBrowserInaccessiblersrmrrr) CredentialsrFromGoogleAuthUserCredentials)rDrrEno_launch_browser no_browserremote_bootstrap query_paramsauth_proxy_redirect_uriroauth2_credentialsrRcan_launch_browser user_creds c_google_auths r#DoInstalledAppBrowserFlowGoogleAuthr)sF;=<%n5 1.AM L$88!#$V;??O,OJ   ) ) 3 44'v=AA;);-9;J36 c  J 4]CC&v=AA j6 !8  j8"s#3%13J*<<==[  & & D DZ PP*JJKK LrcSn[R"[R"U55n[U5S:wa[ SU35e[U5SnU[:wa[ S [S US U35eg ![Ra [ SUS35e[R a [ SUSU35ef=f) zDAssert that the file is a valid json file for installed application.zTo obtain a valid client ID file, create a Desktop App following the steps outlined in https://support.google.com/cloud/answer/6158849?hl=en#zippy=%2Cnative-applications%2Cdesktop-apps.zCannot read file: "z".zClient ID file z is not a valid JSON file. zNExpected a JSON object with a single property for an "installed" application. rzOnly client IDs of type 'z%' are allowed, but encountered type 'z'. N) rloadsrReadFileContentsrrJSONDecodeErrorlentupleCLIENT_SECRET_INSTALLED_TYPE)ractionable_messageobj client_types rrrsl  **U++N; rsX *'' 9&*#*$21* )s%,F)GD<C    +J     F  ##CKK8 @ *J * ** * ) ) J (,z,4,Z,47"Q 8<6::?389=59@DUp:Ar