SrSSKrSSKrSSKrSSKJr SSKJr Sr\R"\ 5r Sr "SS\R5rg) zoUtilities for Google Compute Engine Utilities for making it easier to use OAuth 2.0 on Google Compute Engine. N)client) _metadataz$jcgregorio@google.com (Joe Gregorio)zYou have requested explicit scopes to be used with a GCE service account. Using this argument will have no effect on the actual scopes for tokens requested. These scopes are set at VM instance creation time and can't be overridden in the request. ct^\rSrSrSrS U4Sjjr\S5rSrSr Sr Sr \ S 5r S rS rS rU=r$)AppAssertionCredentials)aCredentials object for Compute Engine Assertion Grants This object will allow a Compute Engine instance to identify itself to Google and other OAuth 2.0 servers that can verify assertions. It can be used for the purpose of accessing data stored under an account assigned to the Compute Engine instance itself. This credential does not require a flow to instantiate because it represents a two legged flow, and therefore has all of the required information to generate and refresh its own access tokens. Note that :attr:`service_account_email` and :attr:`scopes` will both return None until the credentials have been refreshed. To check whether credentials have previously been refreshed use :attr:`invalid`. c>SU;a[R"[5 SUS'[[U]"S/UQ70UD6 XlSUlSUlg)a1Constructor for AppAssertionCredentials Args: email: an email that specifies the service account to use. Only necessary if using custom service accounts (see https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#createdefaultserviceaccount). scopesNT) warningswarn_SCOPES_WARNINGsuperr__init__service_account_emailr invalid)selfemailargskwargs __class__s +lib/third_party/oauth2client/contrib/gce.pyr AppAssertionCredentials.__init__;sS v  MM/ *#F8  %t5dLTLVL%*"  c[S5eNz6Cannot serialize credentials for GCE service accounts.NotImplementedError)cls json_datas r from_json!AppAssertionCredentials.from_jsonO! DF Frc[S5errrs rto_jsonAppAssertionCredentials.to_jsonTs! DF FrcPURUR5 UR$)aDRetrieves the canonical list of scopes for this access token. Overrides client.Credentials.retrieve_scopes. Fetches scopes info from the metadata server. Args: http: httplib2.Http, an http object to be used to make the refresh request. Returns: A set of strings containing the canonical list of scopes. )_retrieve_inforequestr )rhttps rretrieve_scopes'AppAssertionCredentials.retrieve_scopesXs  DLL){{rcUR(aD[R"UUR=(d SS9nSUlUSUlUSUlgg)aValidates invalid service accounts by retrieving service account info. Args: http_request: callable, a callable that matches the method signature of httplib2.Http.request, used to make the request to the metadata server defaultservice_accountFrr N)rrget_service_account_inforr )r http_requestinfos rr'&AppAssertionCredentials._retrieve_infohsR <<55 $ : : GiID!DL)-gD &x.DK rcURU5 [R"XRS9uUlUlg![ Ra$n[R"[U55eSnAff=f)aJRefreshes the access_token. Skip all the storage hoops and just refresh using the API. Args: http_request: callable, a callable that matches the method signature of httplib2.Http.request, used to make the refresh request. Raises: HttpAccessTokenRefreshError: When the refresh fails. r.N) r'r get_tokenr access_token token_expiryhttplib2 HttpLib2ErrorrHttpAccessTokenRefreshErrorstr)rr1es r_refresh AppAssertionCredentials._refreshxse =    -3<3F3F.H.H4J 0D t0%% =44SV< < =srZsO *4   8 $yAf99yAr