m6SrSSKJr SSKJr SSKJr SSKrSSKJr SSKJ r SSKJ r SS KJ r SS KJ r SS KJ r SS KJr SSKJ r SS KJr SSKJr SSKJr SSKrSSKJ r "SS\ R45rSrSr"SS\5r"SS\5rSr Sr!g)z0Module for wrapping transports with credentials.)absolute_import)division)unicode_literalsN)base) context_aware) exceptions)log) properties) transport)creds)store)files)clientc\rSrSrSrSrg)Error'z0Exceptions for the credentials transport module.N)__name__ __module__ __qualname____firstlineno____doc____static_attributes__r0lib/googlecloudsdk/core/credentials/transport.pyrr's8rrUSER_PROJECT_DENIEDzgoogleapis.comcN\rSrSrSrSSjrSr\RS5r Sr g) QuotaHandlerMixin/z!Mixin for handling quota project.NcpU(dgUc[R"X#5n[R"U5$)z2Returns None or the quota project for credentials.N)r LoadIfEnabled core_credsGetQuotaProject)selfenable_resource_quotaallow_account_impersonationuse_google_auth credentialss r QuotaProjectQuotaHandlerMixin.QuotaProject2s6 ! '' %k  % %k 22rc[R"[R"SU55/nURX5 UR$)z=Returns a request method which adds the quota project header.zX-Goog-User-Project)r Handler SetHeader WrapRequestrequest)r$ http_client quota_projecthandlerss rQuotaWrappedRequest%QuotaHandlerMixin.QuotaWrappedRequestBsF     5} E H  [+   rcg)aReturns a http_client with quota project handling. Args: http_client: The http client to be wrapped. enable_resource_quota: bool, By default, we are going to tell APIs to use the quota of the project being operated on. For some APIs we want to use gcloud's quota, so you can explicitly disable that behavior by passing False here. allow_account_impersonation: bool, True to allow use of impersonated service account credentials for calls made with this client. If False, the active user credentials will always be used. use_google_auth: bool, True if the calling command indicates to use google-auth library for authentication. If False, authentication will fallback to using the oauth2client library. If None, set the value based the configuration. Nr)r$r0r%r&r's r WrapQuotaQuotaHandlerMixin.WrapQuotaLrr)N) rrrrrr)r3abcabstractmethodr6rrrrrr/s.) 3 rrcL\rSrSrSrSSjr\RS5rSr g)CredentialWrappingMixinfz+Mixin for wrapping authorized http clients.Nc[RRRR 5n[RRR R 5n[ XV5nUc[R"5nUc[R"X#5nU(aURX5n[USU5 URX[[R ["R$45 U$)aGet an http client for working with Google APIs. Args: http_client: The http client to be wrapped. allow_account_impersonation: bool, True to allow use of impersonated service account credentials for calls made with this client. If False, the active user credentials will always be used. use_google_auth: bool, True if the calling command indicates to use google-auth library for authentication. If False, authentication will fallback to using the oauth2client library. If None, set the value based the configuration. credentials: google.auth.credentials.Credentials, The credentials to use. Returns: An authorized http client with exception handling. Raises: creds_exceptions.Error: If an error loading the credentials occurs. _googlecloudsdk_credentials)r VALUESauthauthority_selectorGetauthorization_token_file_GetIAMAuthHandlersr UseGoogleAuthr r!AuthorizeClientsetattrr._HandleAuthErrorrAccessTokenRefreshErrorgoogle_auth_exceptions RefreshError)r$r0r&r'r(rBrDr2s rWrapCredentials'CredentialWrappingMixin.WrapCredentialsis8$**//BBFFH77;;=##5PH**,o'' %k((Bkk8+F/  ' ')?)L)LMO rcg)z=Returns an http_client authorized with the given credentials.Nr)r$r0r(s rrG'CredentialWrappingMixin.AuthorizeClientr8rr)TNN) rrrrrrMr9r:rGrrrrr<r<fs23 #' 2hHHrr<c SnU(a[R"U5n/nU(a:UR[R "[R "SU555 U(aHUR[R "[R "SUR5555 U$![Ran[U5eSnAff=f)aGet the request handlers for IAM authority selctors and auth tokens.. Args: authority_selector: str, The authority selector string we want to use for the request or None. authorization_token_file: str, The file that contains the authorization token we want to use for the request or None. Returns: [transport Modifiers]: A list of request modifier functions to use to wrap an http request. Nzx-goog-iam-authority-selectorzx-goog-iam-authorization-token)rReadFileContentsrappendr r,r-strip)rBrDauthorization_tokener2s rrErEs!223KL( OO    ? 2 4 56  OO    @ 3 9 9 ; = >? /! ;; !HnsB55C CCc[R"U5n[R"SUSS9 [R "U5(a[ R"U5e[ R"U5e)zHandle a generic auth error and raise a nicer message. Args: e: The exception that was caught. Raises: creds_exceptions.TokenRefreshError: If an auth error occurs. z(Exception caught during HTTP request: %sT)exc_info) six text_typer debugrIsContextAwareAccessDeniedErrorcreds_exceptionsTokenRefreshDeniedByCAAErrorTokenRefreshError)rVmsgs rrIrIsY a#)) 622155  7 7 <<**3//r)"r __future__rrrr9googlecloudsdk.calliopergooglecloudsdk.corerrr r r googlecloudsdk.core.credentialsr r"r]r googlecloudsdk.core.utilr oauth2clientrrY google.authrKrUSER_PROJECT_ERROR_REASONUSER_PROJECT_ERROR_DOMAINobjectrr<rErIrrrrks7&' (-*#*)?J1* <9J  92,44n9Hf9Hx!H0r