*SrSSKJr SSKJr SSKJr SSKJr SSKrSSKrSSKrSSK r SSK r SSK r SSK r SSK Jr SSKJr SS KJr SS KJr "S S \R,5r"S S\5r\R55 Sr\R8S5rg)z+Library for integrating Cloud Run with GKE.)absolute_import)division)print_function)unicode_literalsN) api_adapter)base) exceptions)filesc\rSrSrSrg) NoCaCertError$N)__name__ __module__ __qualname____firstlineno____static_attributes__r%lib/googlecloudsdk/api_lib/run/gke.pyr r $srr cr\rSrSrSrSr\S5r\S5rSr \ RS5r Sr S rS rg) _AddressPatches(z/Singleton class to hold patches on getaddrinfo.NcBUR(aeU"5UlgN _instanceclss r Initialize_AddressPatches.Initialize-s}} ECMrc@UR(deUR$rrrs rGet_AddressPatches.Get2s === ==rcpSUlSUlSUlSUl[R "5Ulgr) _host_to_ip _ip_to_host_old_getaddrinfo_old_match_hostname threadingLock_lock)selfs r__init___AddressPatches.__init__7s0DD D#D!DJrc## UR [[S5nURcT0Ul0UlU(a*[R UlUR[l[RUl XR;a[SRU55eX R;a[SRU55eX RU'XRU'SSS5 Uv UR URU URU UR(d*SUlSUlW(aUR [lSSS5 g!,(df  N~=f!,(df  g=f!UR URU URU UR(d*SUlSUlW(aUR [lSSS5 f!,(df  f=f=f7f)zDChange ssl address checking so the given ip answers to the hostname.match_hostnameNz$Cannot re-patch the same address: {}) r+hasattrsslr%r&r0r(_MatchHostnamesocket getaddrinfor' ValueErrorformat)r,hostnameipmatch_hostname_existss rMonkeypatchAddressChecking*_AddressPatches.MonkeypatchAddressChecking>s %c+;<   ! %(%7%7$ "#22#  & 2 2 %% % 2 9 9( CE E   2 9 9" =? ?#%x %r# $ : h ::   X &   R !$ !$  "!%!9!9C  :+ * :4::   X &   R !$ !$  "!%!9!9C  ::sg H C E'/H 8F < H AE8 H ' E51H 8 FH  HAG5, H5 H ?HH cUR URceXR;aURUnSSS5 UR"U/UQ70UD6$!,(df  N$=f)z/Like socket.getaddrinfo, only with translation.N)r+r%r')r,hostargskwargss r _GetAddrInfo_AddressPatches._GetAddrInfo_sa     )) ) !! !%    7 7 77 s .A A'cUR URceX R;aURUnSSS5 URX5$!,(df  N=fr)r+r&r()r,certr8s rr3_AddressPatches._MatchHostnamegsY     )) ) %% %##H-   # #D 33 s .A A")r%r&r+r'r()rrrr__doc__r classmethodrr"r- contextlibcontextmanagerr;rAr3rrrrrr(sZ7)"::@8 4rrcH[R5RX5$)aManipulate SSL address checking so we can talk to GKE. GKE provides an IP address for talking to the k8s control plane, and a ca_certs that signs the tls certificate the control plane provides. Unfortunately, that tls certificate is for `kubernetes`, `kubernetes.default`, `kubernetes.default.svc`, or `kubernetes.default.svc.cluster.local`. In Python 3, we do this by patching ssl.match_hostname to allow the `kubernetes.default` when we connect to the given IP address. In Python 2, httplib2 does its own hosname checking so this isn't available. Instead, we change getaddrinfo to allow a "fake /etc/hosts" effect. This allows us to use `kubernetes.default` as the hostname while still connecting to the ip address we know is the kubernetes server. This is all ok, because we got the ca_cert that it'll use directly from the gke api. Calls to `getaddrinfo` that specifically ask for a given hostname can be redirected to the ip address we provide for the hostname, as if we had edited /etc/hosts, without editing /etc/hosts. Arguments: hostname: hostname to replace ip: ip address to replace the hostname with Returns: A context manager that patches an internal function for its duration, and yields the endpoint to actually connect to. )rr"r;)r8r9s rr;r;us8     9 9( GGrc#b# [R"5 [R"S5nUR U5nSSS5 WR nU(aUR (a UR nO [S5e[R"5upV[R"U5 [R"U[R"U5SS9 UR U4v [R""U5 g!,(df  N=f![R""U5 f=f7f)aGet the info we need to use to connect to a GKE cluster. Arguments: cluster_ref: reference to the cluster to connect to. Yields: A tuple of (endpoint, ca_certs), where endpoint is the ip address of the GKE control plane, and ca_certs is the absolute path of a temporary file (lasting the life of the python process) holding the ca_certs to connect to the GKE cluster. Raises: NoCaCertError: if the cluster is missing certificate authority data. v1Nz.Cluster is missing certificate authority data.T)private) calliope_baseWithLegacyQuotar NewAPIAdapter GetCluster masterAuthclusterCaCertificater tempfilemkstemposcloser WriteBinaryFileContentsbase64 b64decodeendpointremove) cluster_refadapterclusterauthca_datafdfilenames rClusterConnectionInfords$$&''-G  -G'   $ d''''G H II!!#,"((2,  )4   H $$IIh%'&$IIhs5D/(DBD/D,D/ D D/D,,D/)rF __future__rrrrrYrHrVr4r2rTr) googlecloudsdk.api_lib.containerrgooglecloudsdk.callioperrNgooglecloudsdk.corer googlecloudsdk.core.utilr Errorr objectrrr;rIrdrrrrls2&%'  89**J$$H4fH4TH> r