o .&a@sddlZddlZddlZddlmZmZddlmZddlmZddl m Z ddl m Z dZ dZd Zd Zd Zd Zd ZdZGddde ZGdddeZGdddeZdS)N)datetime timedelta) RequestSigner) ServiceId) BasicCommand) uni_printstsGetCallerIdentityz 2011-06-15v4<z k8s-aws-v1.z x-k8s-aws-idc@s<eZdZdZdZddddddd dgZd d Zd d ZdS)GetTokenCommandz get-tokenz{Get a token for authentication with an Amazon EKS cluster. This can be used as an alternative to the aws-iam-authenticator.z cluster-namezASpecify the name of the Amazon EKS cluster to create a token for.T)name help_textrequiredzrole-arnz8Assume this role for credentials when signing the token.FcCstttd}|dS)N)minutesz%Y-%m-%dT%H:%M:%SZ)rutcnowrTOKEN_EXPIRATION_MINSstrftime)selftoken_expirationrE/usr/lib/python3/dist-packages/awscli/customizations/eks/get_token.pyget_expiration_time;s z#GetTokenCommand.get_expiration_timecCsbt|j}|j|j|jd}t||j}|}ddi||dd}t t |t ddS)N) region_namerole_arnExecCredentialz%client.authentication.k8s.io/v1alpha1)expirationTimestamptoken)kind apiVersionspecstatus r) STSClientFactory_sessionget_sts_clientregionrTokenGenerator get_token cluster_namerrjsondumps)r parsed_argsparsed_globalsclient_factory sts_clientrr full_objectrrr _run_main?s"  zGetTokenCommand._run_mainN)__name__ __module__ __qualname__NAME DESCRIPTION ARG_TABLErr2rrrrr 's r c@s$eZdZddZddZddZdS)r(cC ||_dSN) _sts_clientrr0rrr__init__[ zTokenGenerator.__init__cCs.||}tt|ddd}|S)z4 Generate a presigned url token to pass to kubectl. zutf-8=)_get_presigned_url TOKEN_PREFIXbase64urlsafe_b64encodeencodedecoderstrip)rr*urlrrrrr)^s  zTokenGenerator.get_tokencCs|jjdd|itddS)Nget_caller_identity ClusterNameGET)Params ExpiresIn HttpMethod)r;generate_presigned_url URL_TIMEOUT)rr*rrrr@es z!TokenGenerator._get_presigned_urlN)r3r4r5r=r)r@rrrrr(Zs r(c@s>eZdZddZdddZddZdd Zd d Zd d ZdS)r$cCr9r:)r%)rsessionrrrr=or>zSTSClientFactory.__init__NcCs`d|i}|dur |||}|d|d<|d|d<|d|d<|jjd i|}|||S) Nr AccessKeyIdaws_access_key_idSecretAccessKeyaws_secret_access_key SessionTokenaws_session_tokenr)r)_get_role_credentialsr% create_client_register_cluster_name_handlers)rrr client_kwargscredsrrrrr&rs     zSTSClientFactory.get_sts_clientcCs |jd|}|j|dddS)NrEKSGetTokenAuth)RoleArnRoleSessionName Credentials)r%rX assume_role)rrrrrrrrWsz&STSClientFactory._get_role_credentialscCs(|jjd|j|jjd|jdS)Nz+provide-client-params.sts.GetCallerIdentityz!before-sign.sts.GetCallerIdentity)metaeventsregister_retrieve_cluster_name_inject_cluster_name_headerr<rrrrYsz0STSClientFactory._register_cluster_name_handlerscKsd|vr |d|d<dSdS)NrI eks_cluster)pop)rparamscontextkwargsrrrrdsz'STSClientFactory._retrieve_cluster_namecKs"d|jvr|jd|jt<dSdS)Nrf)riheadersCLUSTER_NAME_HEADER)rrequestrjrrrres z,STSClientFactory._inject_cluster_name_header)NN) r3r4r5r=r&rWrYrdrerrrrr$ns   r$)rBbotocorer+rrbotocore.signersrbotocore.modelrawscli.customizations.commandsrawscli.customizations.utilsr AUTH_SERVICE AUTH_COMMANDAUTH_API_VERSIONAUTH_SIGNING_VERSIONrOrrArlr objectr(r$rrrrs&     3