dSrSSKrSSKrSSKrSSKrSSKJrJrJrJ r J r SSK J r SSK J r SSK Jr SSK Jr SSK Jr SS KJr SSKrSSKrSS KJr "S S \R0R25rS \\\\\44SS4SjrS\SS4SjrS \\\4SS4SjrS\SS4Sjr S\S\ \4Sjr!g)aClasses and functions to allow google.auth credentials to be used within oauth2client. In particular, the External Account credentials don't have an equivalent in oauth2client, so we create helper methods to allow variants of this particular class to be used in oauth2client workflows. N)AnyDictListOptional TYPE_CHECKING)aws)external_account) external_account_authorized_user) identity_pool) pluggable)requests)bq_errorc^\rSrSrSr\"\"\RRR5S/-5r SU4Sjjr SSjr \ S\4Sj5r\R S \SS4S j5r\ S\R"4S j5r\R S \R"4S j5r\ S\\4S j5r\R S \\SS4Sj5rS\4U4Sjjr\S\SS4Sj5r\S\SS4Sj5r\S\SS4Sj5rSrU=r$)WrappedCredentialszTA utility class to use Google Auth credentials in place of oauth2client credentials._basereturnNc X>[U[R5(d5[U[R5(d[R "S5eXl[TU]!UR RUR RSSUR RSSS9 g)zInitializes oauth2client credentials based on underlying Google Auth credentials. Args: base_creds: subclass of google.auth.external_account.Credentials or google.auth.external_account_authorized_user.Credentials zInvalid CredentialsN) access_token client_id client_secret refresh_token token_expiry token_uri user_agent) isinstancer Credentialsr rBigqueryTypeErrorrsuper__init__token _audienceexpiry)self base_creds __class__s "platform/bq/wrapped_credentials.pyr WrappedCredentials.__init__#s $00  4@@  & &'< ==J GZZ%%**&&ZZ&&cURR[R"55 URbURR U5 ggN)rrefreshr Requeststore locked_put)r$https r'_do_refresh_request&WrappedCredentials._do_refresh_requestBs>JJx'')* zz jjD!r)c.URR$r+rr!r$s r'rWrappedCredentials.access_tokenGs ::  r)valuec$XRlgr+r4r$r7s r'rr6Ks JJr)c.URR$r+rr#r5s r'rWrappedCredentials.token_expiryOs ::  r)c$XRlgr+r;r9s r'rr<Ss JJr)c.URR$r+r_scopesr5s r'scopesWrappedCredentials.scopesWs ::  r)c4U(aXRlggr+r?r9s r'rArB[s  jj r)c<>[[U] 5n[R"U5n[ R "UR R5US'UR RUS'[UR5US'[R"U5$)zUtility function that creates JSON representation of a Credentials object. Returns: string, a JSON representation of this instance, suitable to pass to from_json(). rrr) rrto_jsonjsonloadscopyrinfor! _parse_expiryrdumps)r$serialized_datadeserialized_datar&s r'rEWrappedCredentials.to_json`s{.=?O ?3!%4::??!;g(, (8(8n%(5d6G6G(Hn% ::' ((r)filenamec([U5nU"U5$r+)+_get_external_account_credentials_from_fileclsrOcredss r'for_external_account'WrappedCredentials.for_external_accountos 7 AE u:r)c([U5nU"U5$r+);_get_external_account_authorized_user_credentials_from_filerRs r'$for_external_account_authorized_user7WrappedCredentials.for_external_account_authorized_userts H E u:r) json_datacZ[R"U5nURS5nSnURS5S:Xa [U5nO URS5S:Xa [ U5nU"U5nURS5UlURS5(aa[ US[R5(d?[RRUS[RR5US'URS5Ul U$![a SUS'N)f=f)zInstantiate a Credentials object from a JSON description of it. The JSON should have been produced by calling .to_json() on the object. Args: json_data: dict, A deserialized JSON object. Returns: An instance of a Credentials subclass. rNtyper r rr)rFrGget+_get_external_account_credentials_from_info;_get_external_account_authorized_user_credentials_from_inforrdatetimestrptimeoauth2client_4_0client EXPIRY_FORMAT ValueErrorr)rSr[databaser%rTs r' from_jsonWrappedCredentials.from_json}s ::i D 88G DJ xx-->tDj & ? ?N j  OE.1E xx  ^h//))$'0099  "2"9"9"G"G ^ .1E L $#^$s>DD*)D*)r)r%zKexternal_account.Credentials | external_account_authorized_user.CredentialsrN)r0zrequests.RequestrN)__name__ __module__ __qualname____firstlineno____doc__ frozensetlistrcrdOAuth2CredentialsNON_SERIALIZED_MEMBERSr r1propertystrrsetterrarrrArE classmethodrUrYri__static_attributes__ __classcell__)r&s@r'rrs\$  " " 4 4 K KL    9  >"  C  H--  1 1 d3i  ==!$s)!!! )s )#2F%%(<%%r)rrIrzexternal_account.CredentialscH[R"5nURS5S:Xa[RR XS9$URS05RS5b[ RR XS9$[RR XS9$)zCreate External Account Credentials using the mapping provided as json data. Finds a relevant subclass of external_account.Credentials and instantiates. Args: info: dict, A deserialized JSON object. Returns: An instance of a Credentials class subject_token_typez+urn:ietf:params:aws:token-type:aws4_requestrAcredential_source executable)bq_utilsGetClientScopesFromFlagsr^rr from_infor r rIrAs r'r_r_s  , , .& hh#$ 67 ?? $ $T $ 99 xx#R(,,\:F  * *4 * ??  $ $ . .t . CCr)rOc[R"USSS9n[R"U5n[ U5sSSS5 $!,(df  g=fNrzutf-8)encoding)ioopenrFloadr_rO json_filergs r'rQrQs8 wwxw/9 99Y D 6t <0// !A Az,external_account_authorized_user.Credentialsc[R"5nURUS9 [RR U5$)zCreate External Account Authorized User Credentials using the mapping provided as json data. Args: info: dict, A deserialized JSON object. Returns: An instance of a Credentials class r|)rGetClientScopesFor3piupdater rrrs r'r`r`s7  ) ) +&++V+ ) 5 5 ? ? EEr)c[R"USSS9n[R"U5n[ U5sSSS5 $!,(df  g=fr)rrrFrr`rs r'rXrXs8 wwxw/9 99Y D Ft L0//rr#cU(aH[U[R5(a)UR[RR 5$gr+)rrastrftimercrdre)r#s r'rJrJs6 68#4#455 ??+22@@ AA r))"rorHrarrFtypingrrrrr google.authrr r r r google.auth.transportr oauth2client_4_0.clientrcrutilsrrdrrrruobjectr_rQr`rXrJr)r'rs  ;;(8%!*H)00BBHVD sDf%% &D#D:==#= F sF{  F3 F MM3M#(3-r)