pge+ddlZddlZddlZddlZddlZddlZddlmZddlm Z ddl Z ddl m Z ddl m Z ddlmZddlmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5ddl6m7Z7dd l8m9Z9dd l:m;Z;dd lm?Z?m@Z@ejAeBZCd=d ZDGdde'ZEdZFdZGdZHeHZIGddeZJGdde)ZKGddeKZLGddeZMGddeeMZNGddeeNZOGdd eNZPGd!d"e&ZQGd#d$e!ZRGd%d&e ZSGd'd(e$ZTGd)d*e+ZUGd+d,eZVGd-d.eZWGd/d0eZXGd1d2eZYGd3d4eZZGd5d6eZ[Gd7d8eZ\Gd9d:eMZ]Gd;dN)deepcopy)sha1)UNSIGNED)compat_shell_split)Config)%!_DEFAULT_ADVISORY_REFRESH_TIMEOUTAssumeRoleCredentialFetcherAssumeRoleProvider!AssumeRoleWithWebIdentityProviderBaseAssumeRoleCredentialFetcher BotoProviderCachedCredentialFetcherCanonicalNameCredentialSourcerConfigNotFoundConfigProviderContainerMetadataFetcherContainerProviderCredentialResolverCredentialRetrievalError Credentials EnvProviderInstanceMetadataProviderInvalidConfigErrorMetadataRetrievalErrorOriginalEC2ProviderPartialCredentialsErrorProcessProviderProfileProviderBuilderReadOnlyCredentialsRefreshableCredentialsRefreshWithMFAUnsupportedErrorSharedCredentialProvider SSOProviderSSOTokenLoaderUnauthorizedSSOTokenErrorUnknownCredentialError_get_client_creator _local_now_parse_if_needed_serialize_if_neededparseresolve_imds_endpoint_mode)tzutc)resolve_awaitable) AioConfig)AioSSOTokenProvider)AioContainerMetadataFetcherAioInstanceMetadataFetcherc ldpd}d}d}ddu}dttd}|i}t }t } tt|| | } t|| } tfd t|||t|| | g| } || g} | || }tt!| | g}| |z|z}|r/||t$dt)|}|S)zCreate a default credential resolver. This creates a pre-configured credential resolver that includes the default lookup chain for credentials. profiledefaultmetadata_service_timeoutmetadata_service_num_attemptsNec2_metadata_service_endpoint)r8"ec2_metadata_service_endpoint_modeec2_credential_refresh_window)timeout num_attempts user_agentconfig)iam_role_fetcher)cache region_namecjSN) full_config)sessions7lib/python3.11/site-packages/aiobotocore/credentials.pyz,create_credential_resolver..is G/) load_configclient_creatorr@ profile_namecredential_sourcerprofile_provider_builderrKdisable_env_varszWSkipping environment variable credential check because profile name was explicitly set.) providers)get_config_variableinstance_variablesgetr,rAioEnvProviderAioContainerProviderAioInstanceMetadataProviderr2r=AioProfileProviderBuilderAioAssumeRoleProviderr'!AioCanonicalNameCredentialSourcerrPAioOriginalEC2ProviderAioBotoProviderremoveloggerdebugAioCredentialResolver)rEr@rArKmetadata_timeoutr<rO imds_config env_providercontainer_providerinstance_metadata_providerrMassume_role_provider pre_profileprofile_providers post_profilerPresolvers` rFcreate_credential_resolverrjBs1 ..y99FYL223MNN../NOOL113377 BB$N*1)D)D +* * /I / / *KK }!##L-//!<3$%))++    """ 9u+   1////*7K@@!< -/I J  ":    K1::!);   " L //,>I &&&  8   %y999H OrHc,eZdZdZdZdZdZdZdS)rWc,t|fdS)NcjjSrC_sessionrDselfsrFrGzDAioProfileProviderBuilder._create_process_provider..  9rH)rKrI)AioProcessProviderrqrKs` rF_create_process_providerz2AioProfileProviderBuilder._create_process_providers)!%9999    rHcX|jd}t||S)Ncredentials_file)rKcreds_filename)rorQAioSharedCredentialProvider)rqrKcredential_files rF"_create_shared_credential_providerz.rrrH)rIrJr@rKrO)$AioAssumeRoleWithWebIdentityProviderr'ro _region_name_cache)rqrKrOs` rF_create_web_identity_providerz7AioProfileProviderBuilder._create_web_identity_providersJ39999. t0+%-    rHc tfdjj|jjt jj|S)NcjjSrCrnrpsrFrGz@AioProfileProviderBuilder._create_sso_provider..rrrH)r@rK)rIrJrKr@ token_cachetoken_provider)AioSSOProviderro create_clientr_sso_token_cacher0rts` rF_create_sso_providerz.AioProfileProviderBuilder._create_sso_providers\9999=6%+-. +)    rHN)__name__ __module__ __qualname__rur{rrrrHrFrWrWs_                   rHrWcXKt|}|d{VSrC)rjload_credentials)rEris rFget_credentialsrs7)'22H**,, , , , , , ,,rHcfd}|S)NcK4d{V}|jdid{V}dddd{Vn#1d{VswxYwY|d}|d|d|dt|ddS)Nr AccessKeyIdSecretAccessKey SessionToken Expiration access_key secret_keytoken expiry_timer) assume_roler*)stsresponse credentialsclientparamss rFrefreshz-create_assume_role_refresher..refreshs& 7 7 7 7 7 7 7S,S_66v66666666H 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7}- &m4%&78 0/ L0IJJ    s 2 <<r)rrrs`` rFcreate_assume_role_refresherrs)        NrHc<Gdd}||jS)NceZdZdZdZdS)/create_mfa_serial_refresher.._Refresherc"||_d|_dS)NF)_refresh_has_been_called)rqrs rF__init__z8create_mfa_serial_refresher.._Refresher.__init__s#DM$)D ! ! !rHcrK|jrtd|_|d{VSNT)rr!rrps rFcallz4create_mfa_serial_refresher.._Refresher.callsG$ 75666$(D !(((((( (rHN)rrrrrrrHrF _Refresherrs2 * * * ) ) ) ) )rHr)r)actual_refreshrs rFcreate_mfa_serial_refresherrs? ) ) ) ) ) ) ) ) :n % % **rHceZdZdZdS)AioCredentialscFKt|j|j|jSrC)rrrrrps rFget_frozen_credentialsz%AioCredentials.get_frozen_credentialss%" OT_dj   rHN)rrrrrrHrFrrs#     rHrceZdZfdZedZejdZedZejdZedZejdZdZ d Z d Z xZ S) AioRefreshableCredentialscjtj|i|tj|_dSrC)superrasyncioLock _refresh_lockrqargskwargs __class__s rFrz"AioRefreshableCredentials.__init__s3$)&)))$\^^rHc tdNzAmissing call to self._refresh. Use get_frozen_credentials instead)NotImplementedError _access_keyrps rFrz$AioRefreshableCredentials.access_key" 1   rHc||_dSrC)rrqvalues rFrz$AioRefreshableCredentials.access_key rHc tdr)r _secret_keyrps rFrz$AioRefreshableCredentials.secret_keyrrHc||_dSrC)rrs rFrz$AioRefreshableCredentials.secret_keyrrHc tdr)r_tokenrps rFrzAioRefreshableCredentials.token rrHc||_dSrC)rrs rFrzAioRefreshableCredentials.token)s  rHcK||jsdS|js|j4d{V||js dddd{VdS||j}||d{V dddd{VdS#1d{VswxYwYdS||jr~|j4d{V||js dddd{VdS|dd{Vdddd{VdS#1d{VswxYwYdSdS)N) is_mandatoryT)refresh_needed_advisory_refresh_timeoutrlocked_mandatory_refresh_timeout_protected_refresh)rqis_mandatory_refreshs rFrz"AioRefreshableCredentials._refresh-s|""4#ABB  F!((** A)        **4+IJJ              (,':':3(($--!5.                               !@ A A A) A A A A A A A A**4+JKK A A A A A A A A A A A A A A--4-@@@@@@@@@  A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A As0B>47B>> C C8E'E E #E cK t|d{V}n7#t$r*|rdnd}td|d|rYdSwxYw||t |j|j|j |_ | r+d}t|t|dS)N mandatoryadvisoryzARefreshing temporary credentials failed during %s refresh period.Texc_infozLCredentials were refreshed, but the refreshed credentials are still expired.) r._refresh_using Exceptionr]warning_set_from_datarrrr_frozen_credentials _is_expired RuntimeError)rqrmetadata period_namemsgs rFrz,AioRefreshableCredentials._protected_refreshFs" .t/B/B/D/DEEEEEEEEHH   )5E++:K NN,       FF! " H%%%#6  d. $ $        $;  NN3   s## #  $ $s',0A A cHK|d{V|jSrC)rrrps rFrz0AioRefreshableCredentials.get_frozen_credentialsgs/mmoo''rH) rrrrpropertyrsetterrrrrr __classcell__rs@rFrrs,,,,,   X !!!  X !!!X \\AAA2$$$B(((((((rHrc*eZdZefdZdfd ZxZS)!AioDeferredRefreshableCredentialsc||_d|_d|_d|_d|_||_t j|_||_ d|_ dSrC) rrrr _expiry_time _time_fetcherrrrmethodr)rq refresh_usingr time_fetchers rFrz*AioDeferredRefreshableCredentials.__init__msT+  )$\^^ #'   rHNcX|jdSt|Sr)rrr)rq refresh_inrs rFrz0AioDeferredRefreshableCredentials.refresh_neededxs)  # +4ww%%j111rHrC)rrrr(rrrrs@rFrrlsT;E ( ( ( (2222222222rHrc eZdZdZdZdZdS)AioCachedCredentialFetcherc$Ktd)Nz_get_credentials())rrps rF_get_credentialsz+AioCachedCredentialFetcher._get_credentialss!"6777rHc:K|d{VSrC)_get_cached_credentialsrps rFfetch_credentialsz,AioCachedCredentialFetcher.fetch_credentialss*11333333333rHc6K|}|0|d{V}||ntd|d}t |dd}|d|d|d |d S) zGet up-to-date credentials. This will check the cache for up-to-date credentials, calling assume role if none are available. Nz*Credentials for role retrieved from cache.rrT)isorrrr)_load_from_cacher_write_to_cacher]r^r*)rqrcreds expirations rFrz2AioCachedCredentialFetcher._get_cached_credentialss ((**  !2244444444H   * * * * LLE F F F')% *=4HHH  . 12>*%    rHN)rrrrrrrrHrFrr~sA888444     rHrceZdZdS)"AioBaseAssumeRoleCredentialFetcherN)rrrrrHrFrrs DrHrceZdZdZdZdS)AioAssumeRoleCredentialFetchercK|}|d{V}|4d{V}|jdi|d{Vcdddd{VS#1d{VswxYwYdS)'Get credentials by calling assume role.Nr)_assume_role_kwargs_create_clientr)rqrrrs rFrz/AioAssumeRoleCredentialFetcher._get_credentialss"))++**,,,,,,,, 3 3 3 3 3 3 3S(22622222222 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3sA A),A)cK|jd{V}|d|j|j|jS)z2Create an STS client using the source credentials.Nr)aws_access_key_idaws_secret_access_keyaws_session_token)_source_credentialsr_client_creatorrrr)rqfrozen_credentialss rFrz-AioAssumeRoleCredentialFetcher._create_clientse*AACC C C C C C C ## 0;"4"?06 $   rHN)rrrrrrrHrFr r s2333      rHr c2eZdZ dfd ZdZdZxZS)-AioAssumeRoleWithWebIdentityCredentialFetcherNcb||_t|||||dS)N) extra_argsr@expiry_window_seconds)_web_identity_token_loaderrr)rqrJweb_identity_token_loaderrole_arnrr@rrs rFrz6AioAssumeRoleWithWebIdentityCredentialFetcher.__init__sH+D'   !"7      rHcK|}tt}|d|4d{V}|jdi|d{Vcdddd{VS#1d{VswxYwYdS)r )signature_versionrr>Nr)r r/rrassume_role_with_web_identity)rqrr>rs rFrz>AioAssumeRoleWithWebIdentityCredentialFetcher._get_credentialssJ))++X666''f'== H H H H H H H==GGGGGGGGGG H H H H H H H H H H H H H H H H H H H H H H H H H H H H H Hs A// A9<A9c`t|j}|}||d<|S)zAGet the arguments for assume role based on current configuration.WebIdentityToken)r_assume_kwargsr)rqassume_role_kwargsidentity_tokens rFr zAAioAssumeRoleWithWebIdentityCredentialFetcher._assume_role_kwargss6%d&9::88::1?-.!!rH)NNN)rrrrrr rrs@rFrrsi"      (HHH"""""""rHrc:eZdZejdfd ZdZdZxZS)rs)popencBtj|i|d|idS)Nr()rr)rqr(rrrs rFrzAioProcessProvider.__init__s0$6&66666666rHc8KjdSd{V}|d%t|fdjSt |d|d|djS)Nrc.SrC)_retrieve_credentials_using)credential_processrqsrFrGz)AioProcessProvider.load..s889KLLrHrrr)rrrr)_credential_processr,rSrcreate_from_metadataMETHODr)rq creds_dictr-s` @rFloadzAioProcessProvider.loads!5  % F;;>- ( ( 4,AALLLLL   !,/!,/..));     rHcKt|}|j|tjtjdd{V}|d{V\}}|jdkr)t |j|dtj j |d}| dd}|dkrt |jd|d  |d |d | d | d dS#t$r}t |jd|d}~wwxYw)N)stdoutstderrrutf-8provider error_msgVersionzzUnsupported version 'z8' for credential process provider, supported versions: 1rrrrrz"Missing required key in response: )r_popen subprocessPIPE communicate returncoderr0decodebotocorecompatjsonloadsrSKeyError) rqr- process_listpr4r5parsedversiones rFr,z.AioProcessProvider._retrieve_credentials_usings**<== $+ */*/          !}}...... <1  * g0F0F %++FMM',B,BCC**Y(DEE a<<*7G777  $]3$%67N33%zz,77      *BqBB  s98D22 E<EE) rrrrcreate_subprocess_execrr2r,rrs@rFrsrssf$+$B7777777   (!!!!!!!rHrsceZdZdZdS)rVcK|j}|d{V}|sdStd|dt||j|j}|S)Nz#Found credentials from IAM Role: %s role_namerr) _role_fetcherretrieve_iam_role_credentialsr]inforr/r0)rqfetcherrrs rFr2z AioInstanceMetadataProvider.load s$ >>@@@@@@@@ 4 18K3H   *>> ;!??    rHNrrrr2rrHrFrVrVs#rHrVceZdZdZdS)rTcK|j|jdd}|rtd|}|d}|d}|;t |}t|d|d|d|||j St|d|d|d|j SdS) Nrz+Found credentials in environment variables.F)require_expiryrrr)rrr) environrS_mappingr]rS_create_credentials_fetcherr+rr0r)rqrrTrrs rFr2zAioEnvProvider.load2s\%%dmL&A2FF   KKE F F F6688G!'777K%m4K&#K00 0 - -("); "L)L)G${  4rHNrUrrHrFrTrT1s#rHrTceZdZdZdS)rZcFKd|jvrtj|jd}||}|j|vrKt d||j}||j}t|||j SdSdS)NAWS_CREDENTIAL_FILEz)Found credentials in AWS_CREDENTIAL_FILE.rZ) _environospath expanduser_parser ACCESS_KEYr]rS SECRET_KEYrr0)rq full_pathrrrs rFr2zAioOriginalEC2Provider.loadQs DM 1 1** 34ILL++E%'' GHHH"4?3 "4?3 % 4; ('4rHNrUrrHrFrZrZPs#rHrZceZdZdZdS)rycK ||j}n#t$rYdSwxYw|j|vr||j}|j|vrst d|j|||j|j\}}| |}t||||j SdSdS)Nz0Found credentials in shared credentials file: %srZ) _ini_parser_creds_filenamer _profile_namerfr]rS_extract_creds_from_mappingrg_get_session_tokenrr0)rqavailable_credsr>rrrs rFr2z AioSharedCredentialProvider.loadds "..t/CDDOO   44    0 0$T%78F&(( F(*.)I)IDOT_**& J//77% E$+ 1 0((  --NrUrrHrFryrycs#rHryceZdZdZdS)rcK ||j}n#t$rYdSwxYw|j|dvr|d|j}|j|vrqt d|j|||j|j\}}| |}t||||j SdSdS)Nprofilesz$Credentials found in config file: %srZ) _config_parser_config_filenamerrmrfr]rSrnrgrorr0)rqrDprofile_configrrrs rFr2zAioConfigProvider.loadzs --d.CDDKK   44   Z!8 8 8(4T5GHN.00 :)*.)I)I"DOT_**& J//??% E$+104rqNrUrrHrFrrys#rHrceZdZdZdS)r[cK|j|jvr|j|jg}n|j}|D]} ||}n#t$rY%wxYwd|vri|d}|j|vrXt d||||j|j \}}t|||j cSdS)Nrz)Found credentials in boto config file: %srZ) BOTO_CONFIG_ENVraDEFAULT_CONFIG_FILENAMESrkrrfr]rSrnrgrr0)rqpotential_locationsfilenamer>rrrs rFr2zAioBotoProvider.loads  4= 0 0#'=1E#F"G  "&"? +  H ))(33!    &&$]3 ?k11KKCX.2-M-M#T_do..*J *"Jt{  sA AANrUrrHrFr[r[s#rHr[c2eZdZdZdZdZdZdZdZdS)rXcK||_|jdi}||ji}||r ||jd{VSdS)Nrt) _load_config_loaded_configrSrm_has_assume_role_config_vars_load_creds_via_assume_role)rqrtr4s rFr2zAioAssumeRoleProvider.loads"//11&**:r::,,t1266  , ,W 5 5 N99$:LMMMMMMMM M N NrHcK||}|||d{V}i}|d}|||d<|d}|||d<|d}|||d<|d}|||d<t|j||d ||j|j } | j} |t| } t|j | t S) Nrole_session_nameRoleSessionName external_id ExternalId mfa_serial SerialNumberduration_secondsDurationSecondsr)rJsource_credentialsrr mfa_prompterr@)rrr) _get_role_config_resolve_source_credentialsrSr r _prompterr@rrrr0r() rqrK role_configrrrrrrrT refreshers rFrz1AioAssumeRoleProvider._load_creds_via_assume_rolesV++L99 #'#C#C $ $        'OO,?@@  (,=J( )!oom44  "'2J| $ __\22  !)3J~ &&??+=>>  ',>I 1;##    rHcK|d}||||d{VS|d}|j|||d{VS)Ncredential_sourcesource_profile)rS _resolve_credentials_from_source_visited_profilesappend!_resolve_credentials_from_profile)rqrrKrrs rFrz1AioAssumeRoleProvider._resolve_source_credentialss'OO,?@@  (>>!< %%56 %%n555;;NKKKKKKKKKrHcK|jdi}||}||r|js||S||s||s^|j|d}t|}|d{V}|d}t||z|S| |d{VS)NrtTrNz.The source profile "%s" must have credentials.r9) rrS_has_static_credentials_profile_provider_builder(_resolve_static_credentials_from_profilerrPr_rrr)rqrKrtr4rg profile_chainr error_messages rFrz7AioAssumeRoleProvider._resolve_credentials_from_profilesI&**:r::<(  ( ( 1 1 2 @@II I  ) )    227;; !% > H H)!%!I!! 22CDDM - > > @ @@@@@@@K"D)+l: 55lCCCCCCCCCrHc t|d|d|dS#t$r(}t|jt |d}~wwxYw)Nrrr)rrr)r8cred_var)rrSrFrr0str)rqr4rKs rFrz>AioAssumeRoleProvider._resolve_static_credentials_from_profiles !"#67"#:;kk"566     )s1vv  s03 A%#A  A%cvK|j|d{V}|t|d|z|S)NzBNo credentials found in credential_source referenced in profile %sr7)_credential_sourcerrr)rqrrKrs rFrz6AioAssumeRoleProvider._resolve_credentials_from_sourcesx!4GG           **$&23 rHN) rrrr2rrrrrrrHrFrXrXsxNNN* * * X L L LDDD:   rHrXceZdZdZdZdS)rc:K|d{VSrC)_assume_role_with_web_identityrps rFr2z)AioAssumeRoleWithWebIdentityProvider.load%s*88:::::::::rHcbK|d}|sdS||}|d}|sd}t|i}|d}|||d<t|j||||j}t |j|jS) Nweb_identity_token_filerzThe provided profile or the current environment is configured to assume role with web identity but has no role ARN configured. Ensure that the profile has the role_arnconfiguration set or the AWS_ROLE_ARN env var is set.rrr)rJrrrr@rP) _get_config_token_loader_clsrrrr@rr0r)rq token_path token_loaderrr9rrrTs rFrzCAioAssumeRoleWithWebIdentityProvider._assume_role_with_web_identity(s%%&?@@  4--j99 ##J// :H  %y999 9  ,,-@AA  (,=J( )?/&2!*    1;!3    rHN)rrrr2rrrHrFrr$s2;;;" " " " " rHrceZdZdZdZdS)rYcK||}t|tr|d{VS|d{VS)aLoads source credentials based on the provided configuration. :type source_name: str :param source_name: The value of credential_source in the config file. This is the canonical name of the credential provider. :rtype: Credentials N) _get_provider isinstancer_rr2)rq source_namesources rFrz4AioCanonicalNameCredentialSourcer.source_credentialsNsr##K00 f3 4 4 30022222222 2[[]]"""""""rHc||}|dvr,|d}|||St||gS|t ||S)a#Return a credential provider by its canonical name. :type canonical_name: str :param canonical_name: The canonical name of the provider. :raises UnknownCredentialError: Raised if no credential provider by the provided name is found. ) sharedconfigsharedcredentialsz assume-roleN)name)_get_provider_by_canonical_namelower_get_provider_by_methodr_r&)rqcanonical_namer8res rFrz/AioCanonicalNameCredentialSourcer._get_provider\s77GG    ! !%J J J#'#?#? #N#N #/ #// -.BH-MNNN  (n=== =rHN)rrrrrrrHrFrYrYMs2 # # #$$$$$rHrYc0eZdZfdZdZdZdZxZS)rUctj|i|t|jtrt |_dSdSrC)rrr_fetcherrr1rs rFrzAioContainerProvider.__init__sQ$)&))) dm%= > > :799DMMM : :rHcvK|j|jvs|j|jvr|d{VSdSrC)ENV_VARra ENV_VAR_FULL_retrieve_or_failrps rFr2zAioContainerProvider.loadsQ <4= ( (D,=,N,N//11111111 1-O,NrHc K|r+|j|j|j}n|j|j}|}|||}|d{V}t|d|d|d|j t|d|S)Nrrrr)rrrrrr) _provided_relative_urirfull_urlrarr_build_headers_create_fetcherrr0r))rqfull_uriheadersrTrs rFrz&AioContainerProvider._retrieve_or_fails  & & ( ( 8}--dmDL.IJJHH}T%67H%%''&&x99gii(\*\*.;(})=>>!     rHcfd}|S)Nc2K jd{V}nR#t$rE}td|dt jt|d}~wwxYw|d|d|d|d d S) N)rz'Error retrieving container metadata: %sTrr7rrTokenrr)rretrieve_full_urirr]r^rr0r)rrKrrrqs rF fetch_credsz9AioContainerProvider._create_fetcher..fetch_credss !%!@!@g"A""*    =q4/![CFF  '}5&'89!'*' 5  s"( A7AA22A7r)rqrrrs``` rFrz$AioContainerProvider._create_fetchers0       &rH)rrrrr2rrrrs@rFrUrUse:::::222   "rHrUceZdZdZdS)r_cK|jD]B}td|j|d{V}||cSCdS)zw Goes through the credentials chain, returning the first ``Credentials`` that could be loaded. zLooking for credentials via: %sN)rPr]r^r0r2)rqr8rs rFrz&AioCredentialResolver.load_credentialssj   H LL:HO L L L"--//))))))E  !trHN)rrrrrrHrFr_r_s#rHr_c@eZdZdZ dfd ZdZdZdZxZS)AioSSOCredentialFetcherz%Y-%m-%dT%H:%M:%SZNc ||_||_||_||_||_||_| |_| |_t ||dSrC) r _sso_region _role_name _account_id _start_url _token_loader_token_provider_sso_session_namerr) rq start_url sso_regionrO account_idrJrr@rrsso_session_namers rFrz AioSSOCredentialFetcher.__init__sd .%#%#)-!1  566666rHc|j|jd}|jr |j|d<n |j|d<t j|dd}t |d}| |S)N)roleName accountId sessionNamestartUrlT),:) sort_keys separatorsr6) rrrrrDdumpsrencode hexdigest_make_file_safe)rqr argument_hashs rF_create_cache_keyz)AioSSOCredentialFetcher._create_cache_keys)    ! /"&"8D  #D z$$:FFFT[[1122<<>> ##M222rHc|dz }tj|t}||jS)Ng@@)datetime fromtimestampr-strftime_UTC_DATE_FORMAT)rq timestamp_mstimestamp_seconds timestamps rF_parse_timestampz(AioSSOCredentialFetcher._parse_timestampsA(61%334EuwwOO !!$"7888rHc Ktt|j}|d|4d{V}|jr9|j}|d{Vj}n ||j d}|j |j |d} |j di|d{V}n!#|j j$rtwxYw|d}d|d|d |d ||d d d }|cdddd{VS#1d{VswxYwYdS)z4Get credentials by calling SSO get role credentials.)rrAssor N accessToken)rrrroleCredentials accessKeyIdsecretAccessKey sessionTokenr)rrrr) ProviderTyperr)rrrrr load_tokenget_frozen_tokenrrrrrget_role_credentials exceptionsUnauthorizedExceptionr%r)rqr>rinitial_token_datarrrrs rFrz(AioSSOCredentialFetcher._get_credentialss5&(   ''f'==       # K%)%9%D%D%F%F"1BBDDDDDDDDK**4?;;MJ!O!-$F  2!<!rs  ......""""""&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&N222222((((((222222  8 $ $XXXXv, , , , , 6, , , ^--- "+++&#>     [   j(j(j(j(j( 6j(j(j(Z22222(A222$     !8   <     #%?        !C   0&"&"&"&"&"&&"&"&"R99999999x":$[>0&":,0l4vvvvv.vvvr& & & & & +L& & & R33333(F333l11111,111h.,QQQQQ8QQQh     [     rH