SrSSKJr SSKJr SSKJr SSKrSSKrSSKrSSKrSSK r SSK r SSK r SSK r SSK Jr SSKJr SSKJr SS KJr SS KJr SS KJr SS KJr SS KJr SSKJr SSKJr SSKJr SSKJr! SSK"r"SSK#J$r$ SSK%J&r& Sr'Sr(\(S-r)"SS\RT5r*"SS\*5r+"SS\*5r,"SS\*5r-"SS\*5r."S S!\*5r/S"r0S?S#jr1\RdS$5r3"S%S&\ RhRj5r5S'r6"S(S)\"Rn"\Rp\Rr55r9"S*S+\95r:"S,S-\95r;"S.S/\<5r=S0r>S1RS2R\>55rAS3rBS?S4jrCS5rD"S6S7\95rE"S8S9\95rF"S:S;\95rGS<rH"S=S>\<5rIg)@zRun a web flow for oauth2.)absolute_import)division)unicode_literalsN)flow)config) exceptions)log) properties)requests) console_attr) console_io)universe_descriptor) pkg_resources)errors)input)parsezFailed to start a local webserver listening on any port between {start_port} and {end_port}. Please check your firewall settings or locally running programs that may be blocking or using those ports.idc\rSrSrSrSrg)Error9zExceptions for the flow module.N__name__ __module__ __qualname____firstlineno____doc____static_attributes__r+lib/googlecloudsdk/core/credentials/flow.pyrr9s'rrc\rSrSrSrSrg)AuthRequestRejectedError=z;Exception for when the authentication request was rejected.rNrrrr r"r"=sCrr"c\rSrSrSrSrg)AuthRequestFailedErrorAz5Exception for when the authentication request failed.rNrrrr r%r%As=rr%c\rSrSrSrSrg)LocalServerCreationErrorEz4Exception for when a local server cannot be created.rNrrrr r(r(Es[R"US9n[[U]UUUUUUS9 X0lU(a[ Ul[5Ul [URUR[[5Ul SRURURR5UlOU(aX@lOUR"UlUR$R'S5SLUlg)N)session) redirect_uri code_verifierautogenerate_code_verifier http://{}:{}/3pi)r GetSessionsuperr__init__original_client_config _LOCALHOSThost_RedirectWSGIAppappCreateLocalServer_PORT_SEARCH_START_PORT_SEARCH_ENDserverr; server_portr_OOB_REDIRECT_URIr?getinclude_client_id) rT oauth2session client_typer?rrrrequire_local_serverr __class__s r rInstalledAppFlow.__init__s!!-8G D*!##= +?#0di!#dh%dhh ;M&68dk)00151H1HJd &00d!//33E:dBDrc p[5 UR"S0UD6sSSS5 $!,(df  g=f)Nr)rL_RunrTkwargss r RunInstalledAppFlow.Runs#  ! YY   " ! !s' 5c grbrrs r rInstalledAppFlow._RunsrcURRS5=(d, URRS5[R:g$)z3If the flow is for application default credentials.is_adc client_id)r?rrCLOUDSDK_CLIENT_IDrTs r _for_adcInstalledAppFlow._for_adc sB x( L    ! !+ .&2K2K Krc(UR(agg)N%gcloud auth application-default logingcloud auth login)rrs r _target_command InstalledAppFlow._target_commands }} 4 rctURURURRURS9$)z>Creates an instance of the current flow from an existing flow.)r)from_client_configrrscoper)cls source_flows r FromInstalledAppFlow%InstalledAppFlow.FromInstalledAppFlows?  ! !**!!''#.#I#I " KKr)rrrrrr)NNFF)rrrrrrrabcabstractmethodrpropertyrr classmethodrr __classcell__rs@r rrsy  !!*/$)C>!     ! ! KKrrcB^\rSrSrSrSU4SjjrSrSrSrU=r $) FullWebFlowi$auThe complete OAuth 2.0 authorization flow. This class supports user account login using "gcloud auth login" with browser. Specifically, it does the following: 1. Try to find an available port for the local server which handles the redirect. 2. Create a WSGI app on the local server which can direct browser to Google's confirmation pages for authentication. c 4>[[U] UUUUUUSS9 gNTrrrr)rrrrTrrr?rrrrs r rFullWebFlow.__init__/s. +t%!##=!&#rc hUR"S 0UD6up#[R"USSS9 Sn[RR UR US95 URR5 URR5 URR(d [S5eURRRSS5nS [RS 'UR!UUR"S S 9 [RS UR%5 UR&$)aRun the flow using the server strategy. The server strategy instructs the user to open the authorization URL in their browser and will attempt to automatically open the URL for them. It will start a local web server to listen for the authorization response. Once authorization is complete the authorization server will redirect the user's browser to the local web server. The web server will get the authorization code from the response and shutdown. The code is then exchanged for a token. Args: **kwargs: Additional keyword arguments passed through to "authorization_url". Returns: google.oauth2.credentials.Credentials: The OAuth 2.0 credentials for the user. Raises: LocalServerTimeoutError: If the local server handling redirection timeout before receiving the request. AuthRequestFailedError: If the user did not consent to the required cloud-platform scope. Tnew autoraise2Your browser has been opened to visit: {url} r6@Local server timed out before receiving the redirection request.http:https:1OAUTHLIB_RELAX_TOKEN_SCOPENauthorization_responserverifyr)authorization_url webbrowseropenr r9r:r;rr~ server_closerlast_request_urir+replaceosenviron fetch_tokenr _CheckScopes credentials)rTrauth_urlrmauthorization_prompt_messagers r rFullWebFlow._Run?s2((262KHOOH!t4 @!GGMM.55(5CDKK KK 88 $ $ # L NN"XX66>>03BJJ+,500 /0   rc [URR5nURRRR S5n[ U5[ U5- nSU;a [ S5eU(aC[RRSUSUS[U5S35 X Rlgg) z+Checks requested scopes and granted scopes. z.https://www.googleapis.com/auth/cloud-platformzhttps://www.googleapis.com/auth/cloud-platform scope is required but not consented. Please run the login command again and consent in the login page.zYou have consented to only few of the requested scopes, so some features may not work as expected. If you would like to give consent to all scopes, you can run the login command again. Requested scopes: z. Scopes you consented for: z. Missing scopes: .N) listrrtokensplit frozensetr%r statuswrite)rT orig_scope granted_scope missing_scopes r rFullWebFlow._CheckScopesusd((../J&&,,2288=Mj)Im,DDM7=H "    jj !+|,_/]0C/DA  G"/rrNNF) rrrrrrrrrrrs@r rr$s(!!*/ # 4l//rrc<^\rSrSrSrSU4SjjrSrSrU=r$)OobFlowizeOut-of-band flow. This class supports user account login using "gcloud auth login" without browser. c 4>[[U] UUUUUUSS9 gNFr)rrrrs r rOobFlow.__init__s. '4!!##=""$rc URSS5 UR"S0UD6up#Sn[XB5nURUSSS9 UR$)Run the flow using the console strategy. The console strategy instructs the user to open the authorization URL in their browser. Once the authorization is complete the authorization server will give the user a code. The user then must copy & paste this code into the application. The code is then exchanged for a token. Args: **kwargs: Additional keyword arguments passed through to "authorization_url". Returns: google.oauth2.credentials.Credentials: The OAuth 2.0 credentials for the user. promptconsentz5Go to the following link in your browser: {url} TNcoderrr) setdefaultrr@rrrTrrrmrrs r r OobFlow._Runs`  h *((262KH C! 9 DD$$tD   rrr rrrrrrrrrrs@r rrs"!!*/ $ rrcH\rSrSrSrSrSrSrSrSr Sr S r S r S r g ) UrlManagerizA helper for url manipulation.cb[R"U5UlURRURRURR URR 4uUlUlUl Ul [R"UR5Ul grb) rurlparse _parse_urlschemenetlocpathquery_scheme_netloc_path_query parse_qsl _parsed_query)rTr7s r rUrlManager.__init__ssnnS)DO  6 68L8L ;7DL$, DK5DrctUH2up#URU5 URRX#45 M4 g)zUpdates query params in the url using query_params. Args: query_params: A list of two-element tuples. The first element in the tuple is the query key and the second element is the query value. N)_RemoveQueryParamrrd)rT query_paramskeyvalues r UpdateQueryParamsUrlManager.UpdateQueryParamss4#  S!  -#rc8UHnURU5 M g)zXRemoves query params from the url. Args: query_keys: A list of query keys to remove. N)r)rT query_keysps r RemoveQueryParamsUrlManager.RemoveQueryParamss  QrcvURVs/sHo"SU:wdM UPM snURSS&gs snfrYr)rT query_keyrs r rUrlManager._RemoveQueryParams5(,(:(:P(:1di>OQ(:PDqPs 66cURVVs1sHup#UiM nnn[UVs/sHoUU;PM sn5$s snnfs snf)zIf the url contains the query keys in query_key. Args: query_keys: A list of query keys to check in the url. Returns: True if all query keys in query_keys are contained in url. Otherwise, return False. )rall)rTrkvparsed_query_keysrs r ContainQueryParamsUrlManager.ContainQueryParamssI*.););<);v);<  ; 1&& ; <<=;s ?Ac@URHup#X:XdM Us $ g)zGets the value of the query_key. Args: query_key: str, A query key to get the value for. Returns: The value of the query_key. None if query_key does not exist in the url. Nr)rTrr#r$s r GetQueryParamUrlManager.GetQueryParams "" #rc[R"UR5n[R"URUR UR SUS45$)z*Gets the current url in the string format.)r urlencoder urlunparser r r )rT encoded_querys r GetUrlUrlManager.GetUrlsGOOD$6$67M    t||TZZ]BG IIrcvURRSS5up[U5$![a gf=f)N:r)r rsplitintrI)rTrmports r GetPortUrlManager.GetPorts; ##C+ga Y  s (+ 88)r rrr r r N)rrrrrrrrrr&r)r0r7rrrr rrs/&6 . Q = I rr)staterz[The provided authorization response is invalid. Expect a url with query parameters of [{}].z, ch[U5R[5(ag[[5erb)rr&'_REQUIRED_QUERY_PARAMS_IN_AUTH_RESPONSEr%_AUTH_RESPONSE_ERR_MSG) auth_responses r _ValidateAuthResponser>s, 11-// 566rc[U5 [RRU5 [RRS5 [ U5R 5$)N )r8r r9r:rr<) helper_msg prompt_msgr?s r PromptForAuthResponserCs>''-- ''-- z  ""rcUbUSU;aN[RRS5(d$[RRS5(aSSKngggg)Nrdarlinuxr)sysplatform startswithreadline)r?rJs r r8r8#sN = << " "5 ) )S\\-D-DW-M-M  .N ! rcV^\rSrSrSrSrSrSrSrSr S U4Sjjr S r S r S r U=r$) NoBrowserFlowi0aFlow to authorize gcloud on a machine without access to web browsers. Out-of-band flow (OobFlow) is deprecated. This flow together with the helper flow NoBrowserHelperFlow is the replacement. gcloud in environments without access to browsers (i.e. access via ssh) can use this flow to authorize gcloud. This flow will print authorization parameters which will be taken by the helper flow to build the final authorization request. The helper flow (run by a gcloud instance with access to browsers) will launch the browser and ask for user's authorization. After the authorization, the helper flow will print the authorization response to pass back to this flow to continue the process (exchanging for the refresh/access tokens). z506.0.0z420.0.0z372.0.0a You are authorizing {target} without access to a web browser. Please run the following command on a machine with a web browser and copy its output back here. Make sure the installed gcloud version is {version} or newer. {command} --remote-bootstrap="{partial_url}"z'Enter the output of the above command: c 4>[[U] UUUUUUSS9 gr)rrLrrs r rNoBrowserFlow.__init__Ls. -'!##="($rcUR(dSnSnOSnSn[RRRnUbM[RRRR 5UR :wa URnO9URRS5(a URnO URnURRUUUUS9n[X`RUR5$)Nz gcloud CLIrzclient librariesrr)targetversioncommand partial_url)rr VALUEScoreuniverse_domainGetdefault _REQUIRED_GCLOUD_VERSION_FOR_TPCr?r"_REQUIRED_GCLOUD_VERSION_FOR_BYOID_REQUIRED_GCLOUD_VERSION _HELPER_MSGr;rC _PROMPT_MSG)rTrSrPrRuniverse_domain_propertyrequired_gcloud_versionrAs r _PromptForAuthResponse$NoBrowserFlow._PromptForAuthResponse\s ==f#g!f7g)0055EE ,    " " 2 2 6 6 8 # + + ,!% E E     & & $ G G $ = =!!((' )J !$$d&8&8 rc UR"S0UD6up#[U5nURS/5 URS/5 UR UR 55n[ U5 [U5R5nSR[U5Ul URRS5SLnURUUSS9 UR$)Nr) token_usageremoterrrr)rrrrr`r0r>r7r;rrr?rrr)rTrrrm url_managerr= redirect_portrs r rNoBrowserFlow._Run{s((262KHX&K!!>"23!!#<"=>// 0B0B0DEM-(}-557M (..z=ID**..u5=,+   r)rr)rrrrrrYrZr[r\r]rr`rrrrs@r rLrL0sJ "&/"'0$&@+ :+ !!*/ $ >rrLcd^\rSrSrSrSrSrSrS U4Sjjr\ S5r Sr S r S r S rU=r$) NoBrowserHelperFlowiaHelper flow for the NoBrowserFlow to help another gcloud to authorize. This flow takes the authorization parameters (i.e. requested scopes) generated by the NoBrowserFlow and launches the browser for users to authorize. After users authorize, print the authorization response which will be taken by NoBrowserFlow to continue the login process (exchanging for refresh/access token). zRCopy the following line back to the gcloud CLI waiting to continue the login flow.z{bold}WARNING: The following line enables access to your Google Cloud resources. Only copy it to the trusted machine that you ran the `{command} --no-browser` command on earlier.{normal}zDO NOT PROCEED UNLESS YOU ARE BOOTSTRAPPING GCLOUD ON A TRUSTED MACHINE WITHOUT A WEB BROWSER AND THE ABOVE COMMAND WAS THE OUTPUT OF `{command} --no-browser` FROM THE TRUSTED MACHINE.c B>[[U] UUUUUUSS9 SUlgr)rrirpartial_auth_urlrs r rNoBrowserHelperFlow.__init__s9 t-!##=!.#!Drcp[UR5RS5nU[R:g$)Nr)rrkr)rr)rTrs r rNoBrowserHelperFlow._for_adcs.4001?? LI 11 11rc[R"5n[RR UR S-5 [RR URRURSS9URUR5S95 [RR S5 [RR U5 g)NrT)bold)rprRnormalr@) r GetConsoleAttrr rr_COPY_AUTH_RESPONSE_INSTRUCTIONr:_COPY_AUTH_RESPONSE_WARNINGr; GetFontCoder)rTr=cons r _PrintCopyInstruction)NoBrowserHelperFlow._PrintCopyInstructions  % % 'CJJT99C?@JJ ((//d+((??$ 0 &' JJTJJ]#rcp[R"URRURS9SSS9$)z6Ask users to confirm before actually running the flow.)rRProceedF) prompt_stringrX)r PromptContinue_PROMPT_TO_CONTINUE_MSGr;rrs r _ShouldContinue#NoBrowserHelperFlow._ShouldContinues8  $ $ $$++D4H4H+I rc URS5Ul[UR5nURSUR4/[ UR 55-5 UR5nUR5(dg[R"USSS9 Sn[RRURUS95 URR!5 URR#5 UR$R&(d [)S5eUR$R&R+S S 5nUR-U5 g) NrkrrTrrr6rrr)poprkrrrritemsr0r~rrr r9r:r;rr~rrrr+rrw)rTrauth_url_managerrrrs r rNoBrowserHelperFlow._Runs "JJ'9:D!$"7"78&&9J9J(K'L'+FLLN';(<=&&(H    ! ! OOH!t4 @!GGMM.55(5CDKK KK 88 $ $ # L NN"XX66>>56r)rkr)rrrrrrsrtr}rrrrwr~rrrrs@r riris_"= I!!*/ !" 2 2 $77rric<^\rSrSrSrSU4SjjrSrSrU=r$)RemoteLoginWithAuthProxyFlowia(Flow to authorize gcloud on a machine without access to web browsers. Out-of-band flow (OobFlow) is deprecated. gcloud in environments without access to browsers (eg. access via ssh) can use this flow to authorize gcloud. This flow will print a url which the user has to copy to a browser in any machine and perform authorization. After the authorization, the user is redirected to gcloud's auth proxy which displays the auth code. User copies the auth code back to gcloud to continue the process (exchanging auth code for the refresh/access tokens). c 4>[[U] UUUUUUSS9 gr)rrrrs r r%RemoteLoginWithAuthProxyFlow.__init__s/ &6!##="7$rc URSS5 URSS5 UR"S0UD6up#Sn[XBUR5nUR XPR SS9 UR $) rrrrcrdzWGo to the following link in your browser, and complete the sign-in prompts: {url} Nrr)rrr@r?rrrrs r r!RemoteLoginWithAuthProxyFlow._Runs" h * mX.((262KH #! $0B0B D   %;%;D   rrrrrs@r rrs" !!*/ $ %%rrc@UnSnU(dGXC:aB[RRUUU[[R S9nU(dXC:aMBU(aU$[[RX#S- S95e![ R[4a US- nNWf=f)aCreates a local wsgi server. Finds an available port in the range of [search_start_port, search_end_point) for the local server. Args: wsgi_app: A wsgi app running on the local server. host: hostname of the server. search_start_port: int, the port where the search starts. search_end_port: int, the port where the search ends. Raises: LocalServerCreationError: If it cannot find an available port for the local server. Returns: WSGISever, a wsgi server. N) server_class handler_classr) start_portend_port) wsgiref simple_server make_serverrNgoogle_auth_flow_WSGIRequestHandlerrRerrorOSErrorr(_PORT_SEARCH_ERROR_MSGr;)wsgi_apprsearch_start_portsearch_end_portr6 local_servers r rr6s& $, T3**66   !(<< 7>l T3  ##&11D$F GG LL' " aids3A;;BBc$\rSrSrSrSrSrSrg)ri\znWSGI app to handle the authorization redirect. Stores the request URI and responds with a confirmation page. cSUlgrbrrs r r_RedirectWSGIApp.__init__bs  DrcjU"[R"S5[R"S5[R"S54/5 [RR U5UlUR R SS5Sn[[R"U55nSU;aSnOS n[R"[U5n[R"5(dG[[U5R!S 5R#S [$R&"55S 5nU/$) zWSGI Callable. Args: environ (Mapping[str, Any]): The WSGI environment. start_response (Callable[str, list]): The WSGI start_response callable. Returns: Iterable[bytes]: The response body. z200 OKz Content-typez text/html?rrzoauth2_landing.htmlzoauth2_landing_error.htmlzutf-8zcloud.google.com)r1 ensure_strrutil request_urirrdictrrr GetResourcerr IsDefaultUniversebytesdecoderrGetUniverseDocumentDomain)rTrstart_responser page page_strings r __call___RedirectWSGIApp.__call__es x .. (#..*E FGI$LL44W=D  ! ! ' 'Q / 3E ' (E  "d (d++Hd;K  ' ' ) )   6'? 7 !;;=  k =rrN)rrrrrrrrrrr rr\s !"rrrb)Jr __future__rrrr contextlibrrtrRrGrrgoogle_auth_oauthlibrrgooglecloudsdk.corerr c_exceptionsr r r googlecloudsdk.core.consoler r 'googlecloudsdk.core.universe_descriptorrgooglecloudsdk.core.utilroauthlib.oauth2.rfc6749rrErCr1 six.movesrsix.moves.urllibrrrrrr"r%r(r+r.r4r@contextmanagerrLrrNrwith_metaclassABCMetarrrobjectrr;r;joinr<r>rCr8rLrirrrrrr rs !&'  9&:#*(42G2<6 "% %+(L  (DuD>U>=u=NeNIUI   77:M%&&11M%` JKs{{$4$E$EFJKZi/"i/Z00fFFR+<'%%+V 9:&< 7# f$fRV7*V7rA#3AH#GL+v+r