.hSrSSKJr SSKJr SSKJr SSKJr SSKrSSKrSSKrSSK J r SSK J r SS KJr SS KJr SS KJr SS KJr SS KJr SSKJr SSKJr SSKJr SSKJr SSKJr SSKJr SSKJ r SSKJ!r! \ RDr#\RH"5(aSr%OSr%"SS\&5r'g)z>JSON gsutil Cloud API implementation for Google Cloud Storage.)absolute_import)print_function)division)unicode_literalsN) exceptions)config)AccessDeniedException)BadRequestException)NotFoundException)PreconditionException)ServiceException)NoOpCredentials)iamcredentials_v1_client)iamcredentials_v1_messages) system_util) GetCertsFile)GetMaxRetryDelay) GetNewHttp) GetNumRetrieszVInsufficient OAuth2 scope to perform this operation. Please re-run `gcloud auth login`zRInsufficient OAuth2 scope to perform this operation. Please re-run `gsutil config`c\^\rSrSrSrS U4SjjrSrSrS SjrS Sjr Sr S r S r U=r $) IamcredentailsApi6zCWraps calls to the Cloud IAM Credentials v1 interface via apitools.c L>[[U] 5 XlX l[ 5Ul[5UlSUl Sn[R"SS[R"SUS55Ul [R"SSS5nU(aSU-OS Ul URUR-UR-UlUS :nUS :n[R "URURUUURS 9Ul[%5UlUR&UR"l[)5UlUR*UR"l[-UR[.5(aUR"R1S S 5 gg)aPerforms necessary setup for interacting with Google Cloud IAM Credentials. Args: logger: logging.logger for outputting log messages. credentials: Credentials to be used for interacting with Cloud IAM debug: Debug level for the API implementation (0..3). zhttps://gs_iamcredentails_host Credentialsgs_iamcredentials_hostziamcredentials.googleapis.comgs_iamcredentails_portN:)urlhttp log_request log_response credentialskey'AIzaSyDnacJHrKma0048b13sh8cgxNUwulubmJM)superr__init__loggerr%r certs_filerr" http_baserget host_base host_porturl_baseapitools_clientIamcredentialsV1 api_clientr num_retriesrmax_retry_wait isinstancerAddGlobalParam) selfr*r%debug legacy_typogs_iamcred_portr#r$ __class__s +platform/gsutil/gslib/iamcredentials_api.pyr)IamcredentailsApi.__init__9sV T+-K""nDO DIDN+KZZ/ =+/NOQDNjj0H$OO0?cO+RDN^^dnn4t~~EDMA:KQJL%66 MM YY!$$ &DO%D"&"2"2DOO*,D%)%8%8DOO"$""O44 oo$$ ;=5cSU-n[R"US9n[R"X4S9nURRR U5$![ anURXa5 SnAgSnAff=f)z0Sign the blob using iamcredentials.SignBlob API.projects/-/serviceAccounts/%s)payload)namesignBlobRequestN)apitools_messagesSignBlobRequest4IamcredentialsProjectsServiceAccountsSignBlobRequestr3projects_serviceAccountsSignBlob TRANSLATABLE_APITOOLS_EXCEPTIONS_TranslateExceptionAndRaise)r8service_account_idmessagerCsign_blob_requestrequestes r=rIIamcredentailsApi.SignBlobjsu *-? ?D)99'JNN : > __ 5 5 > >w GG +> &&q==>s$A A9A44A9cSU-n[R"US9n[R"UUS9nURRR U5$![ anURXa5 SnAgSnAff=f)z8Generates an access token for the given service account.rA)scope)rCgenerateAccessTokenRequestN)rEGenerateAccessTokenRequest?IamcredentialsProjectsServiceAccountsGenerateAccessTokenRequestr3rHGenerateAccessTokenrJrK)r8rLscopesrCgenerate_access_token_requestrOrPs r=rW%IamcredentailsApi.GenerateAccessTokenvs *-? ?D$5$P$P%! NNO.KMG > __ 5 5 I I  +> &&q==>s$A A:A55A:cURR[R5(a/URR S[ R "55 URXS9nU(aUee)aTranslates an HTTP exception and raises the translated or original value. Args: e: Any Exception. service_account_id: Optional service account in request that caused the exception. Raises: Translated CloudApi exception, or the original exception if it was not translatable. zTranslateExceptionAndRaise: %s)rL)r* isEnabledForloggingDEBUGr9 traceback format_exc_TranslateApitoolsException)r8rPrLtranslated_exceptions r=rK-IamcredentailsApi._TranslateExceptionAndRaisesc {{ .. kk8!,,.0;; <2   r?ct[U[R5(GaURU5nURS:Xa[ U=(d SURS9$URS:XaeS[ U5;a[U=(d SURS9$S[ U5;a([[URURU5S9$GOURS :XGa9S [ U5;a [S 5$S [ U5;a [U5$S [ U5;a[U=(d SURS9$S[ U5;a[U=(d SURS9$S[ U5;a[SURS9$S[ U5;a[SURS9$S[ U5;a([[URURU5S9$[U=(d UR=(d UURS9$URS:Xa'[U=(d URURS9$URS:XaU(a[SU-URS9$URS:Xa[X1RS9$[X1RS9$g)a%Translates apitools exceptions into their gsutil equivalents. Args: e: Any exception in TRANSLATABLE_APITOOLS_EXCEPTIONS. service_account_id: Optional service account ID that caused the exception. Returns: CloudStorageApiServiceException for translatable exceptions, None otherwise. iz Bad Request)statusizLogin RequiredzAccess denied: login required.insufficient_scope)rebodyiz#The caller does not have permissiona Service account impersonation failed. Please go to the Google Cloud Platform Console (https://cloud.google.com/console), select IAM & admin, then Service Accounts, and grant your originating account the Service Account Token Creator role on the target service account.z5IAM Service Account Credentials API has not been usedz7The account for the specified project has been disabledzAccount disabled.z,Daily Limit for Unauthenticated Use Exceededz8Access denied: quota exceeded. Is your project ID valid?zUser Rate Limit Exceededz5Rate limit exceeded. Please retry this request later.zAccess Not ConfiguredzAccess Not Configured. Please go to the Google Cloud Platform Console (https://cloud.google.com/console#/project) for your project, select APIs & services, and enable the Google Cloud IAM Credentials API.iizThe key %s already exists.iN)r6apitools_exceptions HttpError_GetMessageFromHttpError status_coder strr "_INSUFFICIENT_OAUTH2_SCOPE_MESSAGE!_GetAcceptableScopesFromHttpErrorrMr r r )r8rPrLrMs r=ra-IamcredentailsApi._TranslateApitoolsExceptions!(2233--a0g # #7#;m*+--9 9 ==C  s1v %&w(H'G./mm= ="SV +'0]]99!<> >, ==C  1CF :&,- - Cc!f L&w/ / DA N&w'E2E./mm= = ;s1v E&w(C(C./mm= =(3q6 1&]]$ $%A .&%]] $ $ "SV +'0]]99!<> > 'w(:!))(:'9./mm= = ==C  !5AIIammLL ==C $6 < 2!3'(}}6 6 ==C $W]]CC gmm <>  *V=p   r?r)(r __future__rrrrrtr]r_apitools.base.pyrrhbotorgslib.cloud_apir r r r r gslib.no_op_credentialsr)gslib.third_party.iamcredentials_apitoolsrr1rrE gslib.utilsrgslib.utils.boto_utilrrrrrirJInvokedViaCloudSdkrmobjectrr?r=rsE&%' >1/-1,3ae#.2,/$7$A$A !!##*% &% Z Z r?