o YZay@sddlZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddl ZddlmZddlZddlZddlZddlmZmZmZmZmZmZmZmZmZmZmZm Z ddl!m"Z"m#Z#ddl$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7m8Z8m9Z9m:Z:ddl;mZ?dZ@dZAd ZBd ZCd ZDeEd ZFe+e*e,e-fZGd gZHidddddddddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.id/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdHdNdOidPdQdRdSdTdUdVdWdXdWdYd.dZd0d[d8d\d]d^d_d`dadbdcdddedfdgdhdidjdSdkdlidmdndodndpdqdrdcdsdtdudvdwdxdyd]dzd{d|d}d~dddeddddddddddddddBd{dZIdZJdZKdjLeKeJdZMeKeMdZNgdZOdZPddQddeODdZRdePdZSdeRdeSdZTeEdeTdZUeVdZWddZXddZYddZZddZ[ddZ\ddZ]ddZ^ddZ_ddZ`d ddZaddZbGdddecZdGdddecZeGdddefZgGdddegZhd!dd„ZiddĄZjekfddƄZlddȄZmeDfddʄZneDfdd̄Zodd΄ZpddЄZqdd҄Zrd"ddԄZsd!ddքZtdd؄ZuddڄZvGdd܄defZwGddބdefZxddZyddZzddZ{ddZ|ddZ} d"ddZ~ d"ddZddZddZddZddZd ddZd ddZddZddZGdddefZGdddeZGdddefZGdddefZGdddefZGdddefZGd d d efZGd d d efZd dZddZd#ddZddZddZddZddZGdddefZGdddefZdS($N)tzutc) jsonquote zip_longesturlsplit urlunsplit OrderedDictsixurlparseget_tzinfo_optionsget_md5 MD5_AVAILABLEHAS_CRT) getproxies proxy_bypass)InvalidExpressionErrorConfigNotFoundInvalidDNSNameError ClientErrorMetadataRetrievalErrorEndpointConnectionErrorReadTimeoutErrorConnectionClosedErrorConnectTimeoutErrorUnsupportedS3ArnError*UnsupportedS3AccesspointConfigurationErrorSSOTokenLoadErrorInvalidRegionErrorInvalidIMDSEndpointErrorInvalidIMDSEndpointModeErrorUnsupportedOutpostResourceError&UnsupportedS3ControlConfigurationErrorUnsupportedS3ControlArnErrorInvalidHostLabelErrorHTTPClientErrorUnsupportedS3ConfigurationErrorMissingDependencyException)LocationParseErrorzhttp://169.254.169.254/zhttp://[fd00:ec2::254]/)ipv4ipv6z-._~z-z0-9][a-z0-9\-]*[a-z0-9] dualstacka4bzalexa-for-businessalexaforbusinesszapi.mediatailor mediatailorz api.pricingpricingz api.sagemaker sagemaker apigatewayz api-gatewayzapplication-autoscalingzapplication-auto-scaling appstream2 appstream autoscalingz auto-scalingzautoscaling-planszauto-scaling-planscez cost-explorer cloudhsmv2z cloudhsm-v2cloudsearchdomainzcloudsearch-domainz cognito-idpzcognito-identity-providerconfigzconfig-servicecurzcost-and-usage-report-servicezdata.iotziot-data-planez data.jobs.iotziot-jobs-data-planezdata.mediastorezmediastore-data datapipelinez data-pipeline devicefarmz device-farmzdevices.iot1clickziot-1click-devices-service directconnectzdirect-connect discoveryzapplication-discovery-servicedmszdatabase-migration-servicedszdirectory-servicedynamodbstreamszdynamodb-streamselasticbeanstalkzelastic-beanstalkelasticfilesystemefselasticloadbalancingzelastic-load-balancingelasticmapreduceemrelastictranscoderzelastic-transcoderelbelbv2zelastic-load-balancing-v2emailseszentitlement.marketplacezmarketplace-entitlement-serviceeszelasticsearch-serviceevents eventbridgezcloudwatch-eventsziot-dataz iot-jobs-dataziot1click-devicesziot1click-projectsziot-1click-projectskinesisanalyticszkinesis-analytics kinesisvideoz kinesis-videoz lex-modelszlex-model-building-servicez lex-runtimezlex-runtime-servicelogszcloudwatch-logsmachinelearningzmachine-learningzmarketplace-entitlementmarketplacecommerceanalyticszmarketplace-commerce-analyticszmetering.marketplacezmarketplace-meteringmeteringmarketplacemghz migration-hubz models.lex monitoring cloudwatchzmturk-requestermturkz opsworks-cm opsworkscmzprojects.iot1clickresourcegroupstaggingapizresource-groups-tagging-apiroute53zroute-53route53domainszroute-53-domainsz runtime.lexzruntime.sagemakerzsagemaker-runtimesdbsimpledbsecretsmanagerzsecrets-managerserverlessreposerverlessapplicationrepositoryservicecatalogzservice-catalogsfnzstorage-gateway)states stepfunctionsstoragegatewayzstreams.dynamodbtaggingz(?:[0-9]{1,3}\.){3}[0-9]{1,3}z[0-9A-Fa-f]{1,4}z(?:{hex}:{hex}|{ipv4}))hexr))rhls32) z(?:%(hex)s:){6}%(ls32)sz::(?:%(hex)s:){5}%(ls32)sz%(?:%(hex)s)?::(?:%(hex)s:){4}%(ls32)sz2(?:(?:%(hex)s:)?%(hex)s)?::(?:%(hex)s:){3}%(ls32)sz6(?:(?:%(hex)s:){0,2}%(hex)s)?::(?:%(hex)s:){2}%(ls32)sz/(?:(?:%(hex)s:){0,3}%(hex)s)?::%(hex)s:%(ls32)sz'(?:(?:%(hex)s:){0,4}%(hex)s)?::%(ls32)sz&(?:(?:%(hex)s:){0,5}%(hex)s)?::%(hex)sz(?:(?:%(hex)s:){0,6}%(hex)s)?::zDABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._!\-~z(?:|cCsg|]}|tqS)_subs).0xrkrk0/usr/lib/python3/dist-packages/botocore/utils.py srp)z (?:%25|%)(?:[z]|%[a-fA-F0-9]{2})+z\[z)?\]^$z cCs(t|tr|St|tr|dkSdS)z~Ensures a boolean value if a string or boolean is provided For strings, the value for True/False is case insensitive trueF) isinstanceboolstrlowervalrkrkroensure_booleans   r{cCsP|d}|dur|}|tvr|td}tdi||S|dr&dSdS)zResolving IMDS endpoint mode to either IPv6 or IPv4. ec2_metadata_service_endpoint_mode takes precedence over imds_use_ipv6. "ec2_metadata_service_endpoint_modeN)mode valid_modes imds_use_ipv6r*r)rk)get_config_variablerxMETADATA_ENDPOINT_MODESr)session endpoint_modelendpoint_modeerror_msg_kwargsrkrkroresolve_imds_endpoint_modes rcCs2t|do|jddo|jddko|jdkS)zDetermines if the provided shape is the special header type jsonvalue. :type shape: botocore.shape :param shape: Shape to be inspected for the jsonvalue trait. :return: True if this type is a jsonvalue, False otherwise :rtype: Bool serialization jsonvalueFlocationheaderstring)hasattrrget type_name)shaperkrkrois_json_value_headers rcCs<|durdSt|tjjr||vS|dd|DvS)z&Case-insensitive check for header key.NFcSsg|]}|qSrkrx)rmkeyrkrkrorpszhas_header..)rubotocore awsrequest HeadersDictrxkeys) header_nameheadersrkrkro has_headers rcCsD|jd|jd|j}|dd}|dd}tdd|}|S)zvReturns the module name for a service This is the value used in both the documentation and client class name serviceAbbreviationserviceFullNameAmazonAWSz\W+)metadatar service_namereplaceresub) service_modelnamerkrkroget_service_module_names  rcCs|sdSt|S)N/)remove_dot_segmentspathrkrkronormalize_url_pathsrcCs|dur|St|S)zLReturns None if val is None, otherwise ensure value converted to booleanN)r{ryrkrkronormalize_boolean srcCs|sdS|d}g}|D]}|r%|dkr%|dkr |r|q ||q |ddkr/d}nd}|ddkr<|rr:r;rFrArBr<rkrkrkror/s "  r/FcCs|D]M}t||tr$||vr||vrt||||q||||<qt||trI|rI||vrBt||trB||||q||||<q||||<qdS)zGiven two dict, merge the second dict into the first. The dicts can have arbitrary nesting. :param append_lists: If true, instead of clobbering a list with the new value, append all of the new values onto the original list. N)rudict merge_dictslistextend)dict1dict2 append_listsrrkrkrorJfsrJcCs"i}|D] }||||<q|S)zECopies the given dictionary ensuring all keys are lowercase strings. r)originalrrrkrkrolowercase_dictsrQcCsZz ||}|}t|WdWS1swYWdSty,t|dw)Nr)readparse_key_val_file_contentsOSErrorr)filename_openfcontentsrkrkroparse_key_val_files (  rYcCsHi}|D]}d|vr q|dd\}}|}|}|||<q|S)N=r() splitlinesrstrip)rXfinallinerrzrkrkrorSs  rScCs~g}t|dr |}n|}|D])\}}t|tr,|D]}|dt|t|fqq|dt|t|fqd|S)afUrlencode a dict or list into a string. This is similar to urllib.urlencode except that: * It uses quote, and not quote_plus * It has a default list of safe chars that don't need to be encoded, which matches what AWS services expect. If any value in the input ``mapping`` is a list type, then each list element wil be serialized. This is the equivalent to ``urlencode``'s ``doseq=True`` argument. This function should be preferred over the stdlib ``urlencode()`` function. :param mapping: Either a dict to urlencode or a list of ``(key, value)`` pairs. itemsz%s=%s&)rr_rurKrpercent_encoder)mappingsafe encoded_pairspairsrrelementrkrkropercent_encode_sequences        rgcCs>t|tjtjfst|}t|tjs|d}t||dS)aUrlencodes a string. Whereas percent_encode_sequence handles taking a dict/sequence and producing a percent encoded string, this function deals only with taking a string (not a dict/sequence) and percent encoding it. If given the binary type, will simply URL encode it. If given the text type, will produce the binary type by UTF-8 encoding the text. If given something else, will convert it to the text type first. utf-8)rc)rur binary_type text_typeencoder) input_strrcrkrkroras     rac Cst|ttfrtj||Sz tjt||WSttfy%Ynwz tjj |dt idWSttfyH}ztd||fd}~ww)z.Parse timestamp with pluggable tzinfo options.GMT)tzinfoszInvalid timestamp "%s": %sN) ruintfloatdatetime fromtimestamp TypeErrorrEdateutilparserparserrtzinforrkrkro_parse_timestamp_with_tzinfosryc Cs^tD]%}zt||WSty(}ztjd|j|dWYd}~qd}~wwtd|)zParse a timestamp into a datetime object. Supported formats: * iso8601 * rfc822 * epoch (value is an integer) This will return a ``datetime.datetime`` object. z2Unable to parse timestamp with "%s" timezone info.rNz4Unable to calculate correct timezone offset for "%s")r ryrTrrr RuntimeErrorrwrkrkroparse_timestamps r{cCsFt|tjr |}nt|}|jdur|jtd}|S|t}|S)aConverted the passed in value to a datetime object with tzinfo. This function can be used to normalize all timestamp inputs. This function accepts a number of different types of inputs, but will always return a datetime.datetime object with time zone information. The input param ``value`` can be one of several types: * A datetime object (both naive and aware) * An integer representing the epoch time (can also be a string of the integer, i.e '0', instead of 0). The epoch time is considered to be UTC. * An iso8601 formatted timestamp. This does not need to be a complete timestamp, it can contain just the date portion without the time component. The returned value will be a datetime object that will have tzinfo. If no timezone info was provided in the input value, then UTC is assumed, not local time. Nrx)rurqr{rxrr astimezone)r datetime_objrkrkroparse_to_aware_datetimes   rcCs~tddd}|jdur|durt}|j|d}|jdd||}t|dr.|S|j|j|j ddddS) awCalculate the timestamp based on the given datetime instance. :type dt: datetime :param dt: A datetime object to be converted into timestamp :type default_timezone: tzinfo :param default_timezone: If it is provided as None, we treat it as tzutc(). But it is only used when dt is a naive datetime. :returns: The timestamp r(Nr| total_secondsii@B) rqrxrr utcoffsetrr microsecondssecondsdays)dtdefault_timezoneepochdrkrkrodatetime2timestamp2s   "rcs>t}tfdddD]}||q |r|S|S)aCalculate a sha256 checksum. This method will calculate the sha256 checksum of a file like object. Note that this method will iterate through the entire file contents. The caller is responsible for ensuring the proper starting position of the file and ``seek()``'ing the file back to its starting location if other consumers need to read from the file like object. :param body: Any file like object. The file must be opened in binary mode such that a ``.read()`` call returns bytes. :param as_hex: If True, then the hex digest is returned. If False, then the digest (as binary bytes) is returned. :returns: The sha256 checksum c dSNrRrkbodyrkroZ z"calculate_sha256..)hashlibsha256iterupdate hexdigestdigest)ras_hexchecksumchunkrkrrocalculate_sha256Gs  rcsg}dtj}tfdddD] }|||q|s%|dSt|dkrSg}t|D]\}}|durE||||q1||q1|}t|dks+t |d dS) a\Calculate a tree hash checksum. For more information see: http://docs.aws.amazon.com/amazonglacier/latest/dev/checksum-calculations.html :param body: Any file like object. This has the same constraints as the ``body`` param in calculate_sha256 :rtype: str :returns: The hex version of the calculated tree hash rcs Srrrkrrequired_chunk_sizerkrorsrz%calculate_tree_hash..rr(Nrascii) rrrrrrr _in_pairsbinasciihexlifydecode)rchunksrr new_chunksrsecondrkrrocalculate_tree_hashbs      rcCst|}t||Sr)rr)iterable shared_iterrkrkrors rc@s eZdZdZddZddZdS)CachedPropertyzA read only property that caches the initially computed value. This descriptor will only call the provided ``fget`` function once. Subsequent access to this property will return the cached value. cCrr)_fget)rfgetrkrkrorrzCachedProperty.__init__cCs(|dur|S||}||j|jj<|Sr)r__dict__r)robjclscomputed_valuerkrkro__get__s  zCachedProperty.__get__N)rrrrrrrkrkrkrors rc@sDeZdZdZdddZddZddd Zd d Zd d ZddZ dS)ArgumentGeneratoraGenerate sample input based on a shape model. This class contains a ``generate_skeleton`` method that will take an input/output shape (created from ``botocore.model``) and generate a sample dictionary corresponding to the input/output shape. The specific values used are place holder values. For strings either an empty string or the member name can be used, for numbers 0 or 0.0 is used. The intended usage of this class is to generate the *shape* of the input structure. This can be useful for operations that have complex input shapes. This allows a user to just fill in the necessary data instead of worrying about the specific structure of the input arguments. Example usage:: s = botocore.session.get_session() ddb = s.get_service_model('dynamodb') arg_gen = ArgumentGenerator() sample_input = arg_gen.generate_skeleton( ddb.operation_model('CreateTable').input_shape) print("Sample input for dynamodb.CreateTable: %s" % sample_input) FcCrr)_use_member_names)ruse_member_namesrkrkrorrzArgumentGenerator.__init__cCsg}|||S)zGenerate a sample input. :type shape: ``botocore.model.Shape`` :param shape: The input shape. :return: The generated skeleton input corresponding to the provided input shape. )_generate_skeleton)rrstackrkrkrogenerate_skeletons z#ArgumentGenerator.generate_skeletonrcCs>||jz|jdkr|||W|S|jdkr'|||W|S|jdkr7|||W|S|jdkr[|jrF|W|S|jrTt |jW|SW|dS|jdvrgW|dS|jdvrsW|d S|jd krW|d S|jd krt d dddddW|SW|dS|w)N structurerKmaprr)integerlongr)rpdoublegbooleanT timestamprr() rrr_generate_type_structurer_generate_type_list_generate_type_maprenumrandomchoicerqrrrrrkrkrorsD                    z$ArgumentGenerator._generate_skeletoncCsF||jdkr iSt}|jD]\}}|j|||d||<q|S)Nr()r)countrrmembersr_r)rrrskeleton member_name member_shaperkrkrors z*ArgumentGenerator._generate_type_structurecCs$d}|jr |jj}||j||gS)Nr)rmemberrrrrkrkrors z%ArgumentGenerator._generate_type_listcCs0|j}|j}|jdks Jtd|||fgS)NrKeyName)rrrrr)rrr key_shape value_shaperkrkrors z$ArgumentGenerator._generate_type_mapNr-)r) rrrrrrrrrrrkrkrkrors   rcCs,t|rdSdt|j}t|duS)NFz[{}])UNSAFE_URL_CHARS intersectionformatr hostname IPV6_ADDRZ_REmatch) endpoint_urlrrkrkrois_valid_ipv6_endpoint_urls rcCsht|rdSt|}|j}|durdSt|dkrdS|ddkr(|dd}tdtj}||S)zVerify the endpoint_url is valid. :type endpoint_url: string :param endpoint_url: An endpoint_url. Must have at least a scheme and a hostname. :return: True if the endpoint url is valid. False otherwise. FNrrz;^((?!-)[A-Z\d-]{1,63}(?._cache_guard)r functoolswraps)rrrkrroinstance_caches r cKsht|jjd}dd|D}d}t|dkr!|d|d7}|d7}|dvr+dSt||d d dS) z?Switches the current s3 endpoint with an S3 Accelerate endpointrcSsg|]}|tvr|qSrkS3_ACCELERATE_WHITELISTrmprkrkrorpsz-switch_host_s3_accelerate..zhttps://s3-accelerate.r amazonaws.com) ListBuckets CreateBucket DeleteBucketNF)use_new_scheme)rrrrrr _switch_hosts)roperation_namerrrrkrkroswitch_host_s3_accelerates rcCs6t|jd}||r||}t||dSdS)zBSwitches the host using a parameter value from a JSON request bodyrhN)rrCdatarrr)r param_name request_json new_endpointrkrkroswitch_host_with_params  rcCst|j||}||_dSr)_get_new_endpointr)rrrfinal_endpointrkrkrors rcCsRt|}t|}|j}|r|j}||j|j|jdf}t|}td||f|SNrzUpdating URI from %s to %s)rrrrrrrr)original_endpointrrnew_endpoint_componentsoriginal_endpoint_componentsrfinal_endpoint_componentsrrkrkrors rcCsR|D]$}||vr t||tr t||tr t||||q||||<qdS)zDeeply two dictionaries, overriding existing keys in the base. :param base: The base dictionary which will be merged into. :param extra: The dictionary to merge into the base. Keys from this dictionary will take precedence. N)rurI deep_merge)baseextrarrkrkror$s r$cCs|ddS)zcTranslate the form used for event emitters. :param service_id: The service_id to convert.  -)rrx) service_idrkrkrohyphenize_service_idsr*c@sHeZdZdddZdddZddZdd Zd d Zd d ZddZ dS)S3RegionRedirectorNcCs,||_||_|jduri|_t||_dSr)_endpoint_resolver_cacheweakrefproxy_client)rendpoint_bridgeclientcacherkrkrors  zS3RegionRedirector.__init__cCs<|p|jjj}|d|j|d|j|d|jdS)Nzneeds-retry.s3zbefore-call.s3before-parameter-build.s3)r0metarMregisterredirect_from_errorset_request_urlredirect_from_cache)r event_emitteremitterrkrkror6"s zS3RegionRedirector.registercKs|durdS||dirtddS|didr&tddS|ddi}|d}|dd i}|d voC|jd k}|d voT|jd koTd |div} |dko\d|v} |dduoi|djdv} |dk} t|| | | | gsydS|ddd} |dd}|| |}|durtd|| fdStd|| |f|j d|}|d}|| |d}||dd<||j | <| ||dd|dd<dS)a An S3 request sent to the wrong region will return an error that contains the endpoint the request should be sent to. This handler will add the redirect information to the signing context and then redirect the request. Nrz=S3 request was previously to an accesspoint, not redirecting. s3_redirectedz6S3 request was previously redirected, not redirecting.r(Errorr8ResponseMetadata)301400 HeadObject HeadBucketx-amz-bucket-region HTTPHeadersAuthorizationHeaderMalformedRegionr)i-i.i3PermanentRedirectsigningbucket client_regionzS3 client configured for region %s but the bucket %s is not in that region and the proper region could not be automatically determined.zS3 client configured for region %s but the bucket %s is in region %s; Please configure the proper region to avoid multiple unnecessary redirects and signing attempts.s3r)rrIrT) _is_s3_accesspointrrrrranyget_bucket_regionr,resolver-r8)r request_dictr operationrr error_coderesponse_metadatais_special_head_objectis_special_head_bucketis_wrong_signing_regionis_redirect_statusis_permanent_redirectrIrJ new_regionrsigning_contextrkrkror7)s|       z&S3RegionRedirector.redirect_from_errorc Cs|d}|dd}d|vr|dS|didd}|dur"|Sz|jj|d}|dd}WntyJ}z |jdd}WYd}~nd}~ww|dd}|S) a. There are multiple potential sources for the new region to redirect to, but they aren't all universally available for use. This will try to find region from response elements, but will fall back to calling HEAD on the bucket if all else fails. :param bucket: The bucket to find the region for. This is necessary if the region is not available in the error response. :param response: A response representing a service request that failed due to incorrect region configuration. r(r>rDrCr=rFN)Bucket)rr0 head_bucketrr)rrIrservice_responseresponse_headersrrrrkrkrorNs   z$S3RegionRedirector.get_bucket_regioncKs8|didd}|durt|d|d|d<dSdS)NrHrrF)rr)rparamsrrrrkrkror8sz"S3RegionRedirector.set_request_urlcKsH||rdS|d}|j|}|dur||d<dSd|i|d<dS)z This handler retrieves a given bucket's signing context from the cache and adds it into the request context. Nr[rHrI)rLrr-)rr_rrrIrZrkrkror9s    z&S3RegionRedirector.redirect_from_cachecCsd|vSNrrk)rrrkrkrorLsz%S3RegionRedirector._is_s3_accesspointr) rrrrr6r7rNr8r9rLrkrkrkror+s  V! r+c@s eZdZdS)InvalidArnExceptionN)rrrrkrkrkrorasrac@r) ArnParsercCsH|dd}t|dkrtd||d|d|d|d|dd S) N:zUProvided ARN: %s must be of the format: arn:partition:service:region:account:resourcer(rr) partitionserviceraccountresource)rrra)rarn arn_partsrkrkro parse_arns  zArnParser.parse_arnN)rrrrmrkrkrkrorbrrbc@s`eZdZedZedZdgZdddZddZ d d Z d d Z d dZ ddZ ddZdS)S3ArnParamHandlerzA^(?Paccesspoint|outpost)[/:](?P.+)$zc^(?P[a-zA-Z0-9\-]{1,63})[/:]accesspoint[/:](?P[a-zA-Z0-9\-]{1,63}$)rNcC||_|dur t|_dSdSr _arn_parserrbr arn_parserrkrkror zS3ArnParamHandler.__init__cC|d|jdS)Nr4r6 handle_arnrr:rkrkror6zS3ArnParamHandler.registercKsf|j|jvrdS||}|durdS|ddkr"||||dS|ddkr1||||dSdS)N resource_type accesspointoutpost)r_BLACKLISTED_OPERATIONS"_get_arn_details_from_bucket_param_store_accesspoint_store_outpost)rr_modelrr arn_detailsrkrkrorws    zS3ArnParamHandler.handle_arncCsHd|vr"z|d}|j|}||||WSty!YdSwdS)Nr[)rqrm_add_resource_type_and_namera)rr_rkrrkrkror~s   z4S3ArnParamHandler._get_arn_details_from_bucket_paramcCs>|j|d}|r|d|d<|d|d<dSt|d)Nrjrz resource_name)rk)_RESOURCE_REGEXrgroupr)rrkrrrkrkrors  z-S3ArnParamHandler._add_resource_type_and_namecCs8|d|d<|d|d|d|d|dd|d<dS) Nrr[rirgrrh)rrirgrrhrrk)rr_rrrkrkrors z$S3ArnParamHandler._store_accesspointcCsd|d}|j|}|st|d|d}||d<|d||d|d|d|d d |d <dS) Nr)raccesspoint_namer[ outpost_namerirgrrh)rrrirgrrhr)_OUTPOST_RESOURCE_REGEXrr r)rr_rrrrrrkrkrors   z S3ArnParamHandler._store_outpostr)rrrrrrrr}rr6rwr~rrrrkrkrkrorns     rnc@seZdZdZdZ   d7ddZddZd d Zd d Zd dZ ddZ ddZ ddZ ddZ ddZddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/d0Zed1d2Zed3d4Zed5d6ZdS)8S3EndpointSetterawsrNFcCJ||_||_||_||_|duri|_||_||_|dur#|j|_dSdSrr,_region _s3_config_use_fips_endpoint _endpoint_url _partition_DEFAULT_PARTITIONrendpoint_resolverr s3_configrrguse_fips_endpointrkrkror's zS3EndpointSetter.__init__cCs.|d|j|d|j|d|jdS)Nzbefore-sign.s3zchoose-signer.s3z%before-call.s3.WriteGetObjectResponse)r6 set_endpoint set_signer#update_endpoint_to_s3_object_lambdarxrkrkror66s zS3EndpointSetter.registercKsh|jrtdd||d|jrdS|j}|d|j}dj|d|dd}t|d|d |d<dS) NzOS3 client does not support accelerate endpoints for S3 Object Lambda operationsmsgs3-object-lambdazhttps://{host_prefix}{hostname} host_prefixr)rrrF) _use_accelerate_endpointr%_override_signing_namerr,construct_endpointrrr)rr_rrresolverresolvedrrkrkror>s z4S3EndpointSetter.update_endpoint_to_s3_object_lambdacKs||r&||||||||}|||||dS|jr=|jr4t d|j dt dd|i||j rL|j dd|i|dSdS)Nz{Client is configured to use the FIPS psuedo region for "%s", but S3 Accelerate does not have any FIPS compatible endpoints.rrrk) _use_accesspoint_endpoint_validate_accesspoint_supported_validate_fips_supported_validate_global_regions(_resolve_region_for_accesspoint_endpoint._resolve_signing_name_for_accesspoint_endpoint_switch_to_accesspoint_endpointrrr%rr_s3_addressing_handler)rrrrrkrkrorWs.     zS3EndpointSetter.set_endpointcC d|jvSr`rrrkrkrororz*S3EndpointSetter._use_accesspoint_endpointcCs|jsdSd|jddvrtdhdd|jdvr#td|jd|jdd}||jkr@|jdd sBtd |j|fddSdS) Nfipsrr,Invalid ARN, FIPS region not allowed in ARN.rrzhClient is configured to use the FIPS psuedo-region "%s", but outpost ARNs do not support FIPS endpoints.use_arn_regionTzClient is configured to use the FIPS psuedo-region for "%s", but the access-point ARN provided is for the "%s" region. For clients using a FIPS psuedo-region calls to access-point ARNs in another region are not allowed.)rrrrrrrraccesspoint_regionrkrkrorrs2 z)S3EndpointSetter._validate_fips_supportedcCs0|jddr dS|jdvrtd|jddS)NrT)z aws-globalz s3-external-1zClient is configured to use the global psuedo-region "%s". When providing access-point ARNs a regional endpoint must be specified.r)rrrrrrkrkrors z)S3EndpointSetter._validate_global_regionscCs|jrtdd|jdd}||jkrtd|j|fd|jdd}|dkr5|jdr5td d|jdd }|rJ|jdrJtd d||dS) NzZClient does not support s3 accelerate configuration when an access-point ARN is specified.rrrgzClient is configured for "%s" partition, but access-point ARN provided is for "%s" partition. The client and access-point partition must be the same.rhruse_dualstack_endpointzjClient does not support s3 dualstack configuration when an S3 Object Lambda access point ARN is specified.rzTClient does not support s3 dualstack configuration when an outpost ARN is specified.)rrrrrr_validate_mrap_s3_config)rrrequest_partition s3_servicerrkrkrors. z0S3EndpointSetter._validate_accesspoint_supportedcCs>t|jsdS|jdrtdd|jdrtdddS)N$s3_disable_multiregion_access_pointszCInvalid configuration, Multi-Region Access Point ARNs are disabled.rrzeClient does not support s3 dualstack configuration when a Multi-Region Access Point ARN is specified.)rrrrrrrkrkrors   z)S3EndpointSetter._validate_mrap_s3_configcCsNt|jr||d|jS|jddr$|jdd}||||S|jS)NrrTrr)rr_override_signing_regionrrrrrkrkrors   z9S3EndpointSetter._resolve_region_for_accesspoint_endpointcKst|r trdStdddS)Ns3v4azzUsing S3 with an MRAP arn requires an additional dependency. You will need to pip install botocore[crt] before proceeding.r)rrr&)rrrrkrkrorszS3EndpointSetter.set_signercCs |jdd}||j|dS)Nrrhrr)rraccesspoint_servicerkrkrorsz?S3EndpointSetter._resolve_signing_name_for_accesspoint_endpointcCsTt|j}t|j||j|||j|j|jdf}t d|j|f||_dSr) rrrr _get_netlocr_get_accesspoint_pathrrrr)rrroriginal_componentsaccesspoint_endpointrkrkrors    z0S3EndpointSetter._switch_to_accesspoint_endpointcCst|r ||S|||Sr)r_get_mrap_netloc_get_accesspoint_netloc)rrequest_contextrrkrkrors  zS3EndpointSetter._get_netloccCs\|d}d}|dg}|jrt|jj}||n|d}|d|||gd|S)Nrz s3-globalrrgr{r)rrrrrL_get_partition_dns_suffixr)rrrrmrap_netloc_componentsendpoint_url_netlocrgrkrkrors   z!S3EndpointSetter._get_mrap_netlocc Cs|d}d|d|dfg}|d}|jr*|r||t|jj}||n>|r6|dg}||n|ddkrH|d|}||n |d |}|||jd r^|d ||||gd |S) Nrz%s-%srrir s3-outpostsrhrzs3-accesspointrr+r) rrrrrrL_inject_fips_if_neededr_get_dns_suffixr) rrrraccesspoint_netloc_componentsrr outpost_host componentrkrkrors:           z(S3EndpointSetter._get_accesspoint_netloccCs|jrd|S|S)Nz%s-fipsr)rrrrkrkror;sz'S3EndpointSetter._inject_fips_if_neededcCs"|dd}|d|ddpdS)Nrrrrr()r)r original_pathrrrkrkror@s z&S3EndpointSetter._get_accesspoint_pathcCs|j|}|dur |j}|Sr)r,get_partition_dns_suffix_DEFAULT_DNS_SUFFIX)rpartition_name dns_suffixrkrkrorIs z*S3EndpointSetter._get_partition_dns_suffixcC,|jd|}|j}|rd|vr|d}|SNrK dnsSuffixr,rrrrrrrkrkrorQ z S3EndpointSetter._get_dns_suffixcC$|jdi}||d<||jd<dSNrHrrrrrrrZrkrkrorYz)S3EndpointSetter._override_signing_regioncCs |di}||d<||d<dSNrH signing_namer)rrrrZrkrkrorbs  z'S3EndpointSetter._override_signing_namecCs|jdrdS|jdurdSt|jj}|dsdS|d}|ddkr)dS|dd }t|tt|kr;dSt d d |DS) Nuse_accelerate_endpointTFrrrz s3-accelerater(css|]}|tvVqdSrr rrkrkro sz.) rrrrrrrrsetall)rrr feature_partsrkrkrorks       z)S3EndpointSetter._use_accelerate_endpointcCs"|jrdS|jd}|r|SdS)Nvirtualaddressing_style)rrr)rconfigured_addressing_stylerkrkro_addressing_styles  z"S3EndpointSetter._addressing_stylecCsH|jdkr tdtS|jdks|jdurtddStdtS)Nrz'Using S3 virtual host style addressing.rzUsing S3 path style addressing.zSDefaulting to S3 virtual host style addressing with path style addressing fallback.)rrrrrrrrkrkrors    z'S3EndpointSetter._s3_addressing_handlerNNNNF)rrrrrrr6rrrrrrrrrrrrrrrrrrrrrrrrrkrkrkror#sD " $  !   "  rc@seZdZdZdZedZ   d6ddZdd Z d d Z d d Z ddZ ddZ ddZddZddZddZddZddZddZd d!Zd"d#Zd$d%Zd&d'Zd(d)Zd*d+Zd,d-Zd.d/Zd0d1Zd2d3Zd4d5ZdS)7S3ControlEndpointSetterrrz^[a-zA-Z0-9\-]{1,63}$NFcCrrrrrkrkrors z S3ControlEndpointSetter.__init__cCru)Nzbefore-sign.s3-control)r6rrxrkrkror6ryz S3ControlEndpointSetter.registercKs||r!||||}|||||||dS||r?||||d| |j }| ||dSdSNr) _use_endpoint_from_arn_details-_validate_endpoint_from_arn_details_supported _resolve_region_from_arn_details&_resolve_signing_name_from_arn_details"_resolve_endpoint_from_arn_details_add_headers_from_arn_details_use_endpoint_from_outpost_id#_validate_outpost_redirection_validr_construct_outpost_endpointr_update_request_netloc)rrrr new_netlocrkrkrors         z$S3ControlEndpointSetter.set_endpointcCr)Nrrrrkrkrorrz6S3ControlEndpointSetter._use_endpoint_from_arn_detailscCr)N outpost_idrrrkrkrorrz5S3ControlEndpointSetter._use_endpoint_from_outpost_idcCsd|jddvrt|jdddhd|jdds4|jdd}||jkr4d ||jf}t|d |jdd }||jkrJtd |j|fd |jd rUtdd d|jdvrc||dSdS)NrrrrPrrkrrFzpThe use_arn_region configuration is disabled but received arn for "%s" when the client is configured to use "%s"rrgzClient is configured for "%s" partition, but arn provided is for "%s" partition. The client and arn partition must be the same.rz7S3 control client does not support accelerate endpointsr)rr"rrrr!rr)rr arn_region error_msgrequest_partionrkrkrors8     zES3ControlEndpointSetter._validate_endpoint_from_arn_details_supportedcCs|jdr tdddS)NrzPClient does not support s3 dualstack configuration when an outpost is specified.r)rrr!rrkrkrors z;S3ControlEndpointSetter._validate_outpost_redirection_validcCs2|jddr|jdd}||||S|jS)NrFrr)rrrrr)rrrrkrkrors  z8S3ControlEndpointSetter._resolve_region_from_arn_detailscCs|jdd}||||S)Nrrhr)rr arn_servicerkrkrors z>S3ControlEndpointSetter._resolve_signing_name_from_arn_detailscCs|||}|||dSr) _resolve_netloc_from_arn_detailsr)rrrrrkrkrors z:S3ControlEndpointSetter._resolve_endpoint_from_arn_detailscCs@t|j}t|j||j|jdf}td|j|f||_dSr)rrrrrrrr)rrrrarn_details_endpointrkrkrors   z.S3ControlEndpointSetter._update_request_netloccCs0|jd}d|vr||S|d}|||S)Nrrri)rr_construct_s3_control_endpoint)rrrrrirkrkror%s   z8S3ControlEndpointSetter._resolve_netloc_from_arn_detailscCs |j|Sr)_HOST_LABEL_REGEXr)rlabelrkrkro_is_valid_host_label,rz,S3ControlEndpointSetter._is_valid_host_labelcGs"|D] }||st|dqdS)N)r)rr#)rlabelsrrkrkro_validate_host_labels/s   z-S3ControlEndpointSetter._validate_host_labelscCs\||||jrt|jj}||g}n|dg}||||}|||g||S)Nz s3-control)rrrr_add_dualstackrrL_construct_netloc)rrrirrrrkrkror4s      z6S3ControlEndpointSetter._construct_s3_control_endpointcCs@|||jrt|jjSd|||g}||||Sr)rrrrr _add_fipsr)rrrrkrkrorCs    z3S3ControlEndpointSetter._construct_outpost_endpointcCs d|S)Nr)rrrrkrkrorPrz)S3ControlEndpointSetter._construct_netloccCs|jr |dd|d<dSdS)Nrz-fipsrrrkrkrorSsz!S3ControlEndpointSetter._add_fipscCs|jdr |ddSdS)Nrr+)rrrrrkrkrorWs z&S3ControlEndpointSetter._add_dualstackcCrrrrrkrkror[rz'S3ControlEndpointSetter._get_dns_suffixcCrrrrrkrkrorcrz0S3ControlEndpointSetter._override_signing_regioncCrrr)rrrrZrkrkrorlrz.S3ControlEndpointSetter._override_signing_namecCs,|jd}|d}|r|||dSdS)Nrr)rr_add_outpost_id_header)rrrrrkrkrorus  z5S3ControlEndpointSetter._add_headers_from_arn_detailscCs||jd<dS)Nzx-amz-outpost-id)r)rrrrkrkror {z.S3ControlEndpointSetter._add_outpost_id_headerr) rrrrrrrrrr6rrrrrrrrrrrrrrrrrrrrrr rkrkrkrors>   "     rc@seZdZedZdddZddZddZd d Z d d Z d dZ ddZ ddZ ddZddZddZddZddZdS)S3ControlArnParamHandlerz[/:]NcCrorrprrrkrkrorrtz!S3ControlArnParamHandler.__init__cCru)Nz!before-parameter-build.s3-controlrvrxrkrkror6sz!S3ControlArnParamHandler.registercKs<|jdvr||||dS||||||||dS)N)rListRegionalBuckets)r_handle_outpost_id_param_handle_name_param_handle_bucket_param)rr_rrrrkrkrorws z#S3ControlArnParamHandler.handle_arncCsR||vrdSz||}|j|}||d<|||d<|WSty(YdSw)NrP resources)rqrm_split_resourcera)rr_rrkrrkrkro_get_arn_details_from_params  z4S3ControlArnParamHandler._get_arn_details_from_paramcCs|j|dS)Nrj)_RESOURCE_SPLIT_REGEXr)rrrkrkrorrz(S3ControlArnParamHandler._split_resourcecCsD|d}d|vr|d|krd|d}t|d|d||d<dS)Nri AccountIdzGAccount ID in arn does not match the AccountId parameter provided: "%s"rPr)r")rr_r account_idrrkrkro_override_account_id_params z3S3ControlArnParamHandler._override_account_id_paramcCsd|vrdS|d|d<dS)N OutpostIdrrk)rr_rrrkrkror sz1S3ControlArnParamHandler._handle_outpost_id_paramcCsV|jdkrdS||d}|durdS||r!||||dSd}t|d|d)NCreateAccessPointNamez4The Name parameter does not support the provided ARNrPr)rr_is_outpost_accesspoint_store_outpost_accesspointr"rr_rrrrrkrkrors   z+S3ControlArnParamHandler._handle_name_paramcC@|ddkrdS|d}t|dkrdS|ddko|dd kS) NrhrFrrfrr|rr{rrrrrkrkror  z0S3ControlArnParamHandler._is_outpost_accesspointcCD||||dd}||d<||d<|dd|d<||d<dS)Nrrrrr(rrr)rr_rrrrkrkror   z3S3ControlArnParamHandler._store_outpost_accesspointcCsH||d}|dur dS||r||||dSd}t|d|d)Nr[z6The Bucket parameter does not support the provided ARNrPr)r_is_outpost_bucket_store_outpost_bucketr"rrkrkrors  z-S3ControlArnParamHandler._handle_bucket_paramcCr) NrhrFrrfrr|rrIrrrkrkror$r z+S3ControlArnParamHandler._is_outpost_bucketcCr!)Nrrr[rr(rrr")rr_rrrrkrkror%r#z.S3ControlArnParamHandler._store_outpost_bucketr)rrrrrrrr6rwrrrr rrrrr$r%rkrkrkror s       r c@sreZdZdZdZdZdZeddgZdej fdd Z dd d Z d d Z ddZ ddZdddZddZddZdS)ContainerMetadataFetcherrrr(z 169.254.170.2 localhostz 127.0.0.1NcCs(|dur tjj|jd}||_||_dS)N)r)rrrTIMEOUT_SECONDSr_sleep)rrsleeprkrkror s  z!ContainerMetadataFetcher.__init__cCs|||||S)zRetrieve JSON metadata from container metadata. :type full_url: str :param full_url: The full URL of the metadata service. This should include the scheme as well, e.g "http://localhost:123/foo" )_validate_allowed_url_retrieve_credentials)rfull_urlrrkrkroretrieve_full_uri s z*ContainerMetadataFetcher.retrieve_full_uricCs:tj|}||j}|std|jd|jfdS)NzGUnsupported host '%s'. Can only retrieve metadata from these hosts: %sz, )rcompatr _check_if_whitelisted_hostrrEr_ALLOWED_HOSTS)rr-parsedis_whitelisted_hostrkrkror+ s z.ContainerMetadataFetcher._validate_allowed_urlcCs||jvrdSdS)NTF)r1)rrrkrkror0 s z3ContainerMetadataFetcher._check_if_whitelisted_hostcCs||}||S)zRetrieve JSON metadata from ECS metadata. :type relative_uri: str :param relative_uri: A relative URI, e.g "/foo/bar?id=123" :return: The parsed JSON response. )r-r,)r relative_urir-rkrkro retrieve_uri% s z%ContainerMetadataFetcher.retrieve_uric Csddi}|dur ||d} z ||||jWStyC}ztjd|dd||j|d7}||jkr9WYd}~nd}~wwq)NAcceptzapplication/jsonrTzAReceived error when attempting to retrieve container metadata: %srr() r _get_responser(rrrr) SLEEP_TIMERETRY_ATTEMPTS)rr- extra_headersrattemptsrrkrkror,1 s*    z.ContainerMetadataFetcher._retrieve_credentialsc CszEtjj}|d||d}|j|}|jd}|jdkr)t d|j|fdzt |WWSt yEd}t d||t |dwtyZ} z d | }t |dd} ~ ww) Nrrrhrz4Received non 200 response (%s) from ECS metadata: %srz8Unable to parse JSON returned from ECS metadata servicesz%s:%sz;Received error when attempting to retrieve ECS metadata: %s)rrr rrrr)rrrrrCrErrr) rr-rrr rr response_textrrrkrkror7B s4     z&ContainerMetadataFetcher._get_responsecCsd|j|fS)Nz http://%s%s) IP_ADDRESS)rr4rkrkror-Z r z!ContainerMetadataFetcher.full_urlr)rrrr(r9r8r>r1timer*rr.r+r0r5r,r7r-rkrkrkror&s      r&cCst|riStSr)should_bypass_proxiesrrrkrkror^ src Cs6z tt|jr WdSWdSttjfyYdSw)z: Returns whether we should bypass proxies or not. TF)rr rrssocketgaierrorrArkrkror@e s r@ ISO-8859-1cCsF|d}|s dSt|\}}d|vr|ddSd|vr!|SdS)zReturns encodings from given HTTP Header Dict. :param headers: dictionary to extract encoding from. :param default: default encoding if the content-type is text z content-typeNcharsetz'"r)rcgi parse_headerr\)rdefault content_typer_rkrkroget_encoding_from_headersz s rJcKs0t|ttfr t|}nt|}t|dS)Nr)rubytes bytearray_calculate_md5_from_bytes_calculate_md5_from_filebase64 b64encoder)rr binary_md5rkrkro calculate_md5 s rRcCst|}|Sr)r r) body_bytesmd5rkrkrorM srMcsB}t}tfdddD]}||q||S)Ncrrrrkfileobjrkror rz*_calculate_md5_from_file..r)tellr rrseekr)rVstart_positionrTrrkrUrorN s   rNcKsP|d}|d}tr"|dur$d|vr&t|fi|}||dd<dSdSdSdS)z1Only add a Content-MD5 if the system supports it.rrNz Content-MD5)r rR)r_rrr md5_digestrkrkroconditionally_calculate_md5 s  r[c@s eZdZefddZddZdS)FileWebIdentityTokenLoadercCs||_||_dSr)_web_identity_token_pathrV)rweb_identity_token_pathrVrkrkror s z#FileWebIdentityTokenLoader.__init__cCs8||j }|WdS1swYdSr)rVr]rR)r token_filerkrkro__call__ s$z#FileWebIdentityTokenLoader.__call__N)rrropenrr`rkrkrkror\ s  r\c@s&eZdZdddZddZddZdS) SSOTokenLoaderNcCs|duri}||_dSr)r-)rr3rkrkror s zSSOTokenLoader.__init__cCst|dS)Nrh)rsha1rkr)r start_urlrkrkro_generate_cache_key sz"SSOTokenLoader._generate_cache_keycCsJ||}z |j|}|dWSty$tjdddd}t|dw)N accessTokenzFailed to load SSO token:Trz@The SSO access token has either expired or is otherwise invalid.r<)rer-KeyErrorrrr)rrdrrrrkrkror` s     zSSOTokenLoader.__call__r)rrrrrer`rkrkrkrorb s  rb)Tr-r)rD)rOrr?loggingrqrrr r.rrrBrFdateutil.parserrt dateutil.tzrrbotocore.awsrequestbotocore.httpsessionbotocore.compatrrrrrrr r r r r rsix.moves.urllib.requestrrbotocore.exceptionsrrrrrrrrrrrrrrrr r!r"r#r$r%r&urllib3.exceptionsr' getLoggerrrr.rrr SAFE_CHARSrrrr  EVENT_ALIASESIPV4_PATHEX_PATrLS32_PATrl _variationsUNRESERVED_PATrIPV6_PAT ZONE_ID_PATIPV6_ADDRZ_PATr frozensetrr{rrrrrrrrrr Exceptionrrobjectrr/rJrQrarYrSrgraryr{rrrrrrrrrrrrrrrr rrrrr$r*r+rErarbrnrrr r&rr@rJrRrMrNr[r\rbrkrkrkros  8`        !"#$%&'()*+,-./0123456789:;<=>?@ABCDEN      !& V   $ - !`   ?   !WO{ d