U /j] @s"ddlZddlmZddlZddlZddlmZmZmZm Z ddl m Z m Z ddl mZddlmZddlmZddlmZddlZerddlZdd lmZn6zddlZdd lmZWneefk rdZYnXzdd lmZd ZWnek rd ZYnXed dZGdddZ dS)N)asynccontextmanager)MappingOptional TYPE_CHECKINGUnion)_exponential_backoff exceptions) transport) Credentials)mtls) TimeoutError) ClientTimeout)RequestTFcs@t|fddfdd}z |VW5XdS)a timeout_guard is an asynchronous context manager to apply a timeout to an asynchronous block of code. Args: timeout (float): The time in seconds before the context manager times out. Raises: google.auth.exceptions.TimeoutError: If the code within the context exceeds the provided timeout. Usage: async with timeout_guard(10) as with_timeout: await with_timeout(async_function()) cs0t}|}|dkr,tdd|S)Nrz3Context manager exceeded the configured timeout of s.)time monotonicr )elapsed remaining)start total_timeoutF/tmp/pip-unpacked-wheel-l8yytoim/google/auth/aio/transport/sessions.py_remaining_timeBs  z&timeout_guard.._remaining_timec sdz}t||IdH}|WStjtfk r^}ztd|dd|W5d}~XYnXdS)NzThe operation z$ exceeded the configured timeout of r)asynciowait_forr )cororresponsee)rrrr with_timeoutKsz#timeout_guard..with_timeoutN)rr)timeoutrr)rrrr timeout_guard0s   r c @s<eZdZdZdeeejdddZdddZ ddej ej ej fe e ee eee e feeeefeeejdd d Zeeddej ej ej fe ee eee e feeeefeeejd d d Zeeddej ej ej fe ee eee e feeeefeeejd ddZeeddej ej ej fe ee eee e feeeefeeejd ddZeeddej ej ej fe ee eee e feeeefeeejd ddZeeddej ej ej fe ee eee e feeeefeeejd ddZeddZddddZdS)AsyncAuthorizedSessionaThis is an asynchronous implementation of :class:`google.auth.requests.AuthorizedSession` class. We utilize an instance of a class that implements :class:`google.auth.aio.transport.Request` configured by the caller or otherwise default to `google.auth.aio.transport.aiohttp.Request` if the external aiohttp package is installed. A Requests Session class with credentials. This class is used to perform asynchronous requests to API endpoints that require authorization:: import aiohttp from google.auth.aio.transport import sessions async with sessions.AsyncAuthorizedSession(credentials) as authed_session: response = await authed_session.request( 'GET', 'https://www.googleapis.com/storage/v1/b') The underlying :meth:`request` implementation handles adding the credentials' headers to the request and refreshing credentials as needed. Args: credentials (google.auth.aio.credentials.Credentials): The credentials to add to the request. auth_request (Optional[google.auth.aio.transport.Request]): An instance of a class that implements :class:`~google.auth.aio.transport.Request` used to make requests and refresh credentials. If not passed, an instance of :class:`~google.auth.aio.transport.aiohttp.Request` is created. Raises: - google.auth.exceptions.TransportError: If `auth_request` is `None` and the external package `aiohttp` is not installed. - google.auth.exceptions.InvalidType: If the provided credentials are not of type `google.auth.aio.credentials.Credentials`. N) credentials auth_requestcCsft|ts tdt|d||_|}|s8tr8t}d|_d|_ d|_ |dkr\t d||_ dS)Nz#The configured credentials of type zJ are invalid and must be of type `google.auth.aio.credentials.Credentials`Fzv`auth_request` must either be configured or the external package `aiohttp` must be installed to use the default value.) isinstancer rZ InvalidTypetype _credentialsAIOHTTP_INSTALLEDAiohttpRequest_is_mtls_mtls_init_task _cached_certZTransportError _auth_request)selfr"r#r,rrr__init__s  zAsyncAuthorizedSession.__init__cs2jdkr&fdd}t|_jIdHS)aConfigure the client certificate and key for SSL connection. The function does nothing unless `GOOGLE_API_USE_CLIENT_CERTIFICATE` is explicitly set to `true`. In this case if client certificate and key are successfully obtained (from the given client_cert_callback or from application default SSL credentials), the underlying transport will be reconfigured to use mTLS. Note: This function does nothing if the `aiohttp` library is not installed. Important: Calling this method will close any ongoing API requests associated with the current session. To ensure a smooth transition, it is recommended to call this during session initialization. Args: client_cert_callback (Optional[Callable[[], (bytes, bytes)]]): The optional callback returns the client certificate and private key bytes both in PEM format. If the callback is None, application default SSL credentials will be used. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS channel creation failed for any reason. Nc sttjjjjIdH}|s&d_dSztIdH\_}}jr|_ ttj ||IdH}t rt j trtj|d}tj|d}j }t|d_ |IdHWn:tjttfk r}zt|}||W5d}~XYnXdS)NF)ssl) connector)session)r Z_run_in_executorgoogleauthr Z _mtls_helperZcheck_use_client_certr)Zget_client_cert_and_keyr+Zmake_client_cert_ssl_contextr'r$r,r(aiohttpZ TCPConnectorZ ClientSessioncloserZClientCertError ImportErrorOSErrorZMutualTLSChannelError) Zuse_client_certcertkey ssl_contextr0Z new_sessionZold_auth_requestZ caught_excnew_excclient_cert_callbackr-rr _do_configuresF      zDAsyncAuthorizedSession.configure_mtls_channel.._do_configure)r*rZ create_task)r-r=r>rr<rconfigure_mtls_channels *z-AsyncAuthorizedSession.configure_mtls_channel)methodurldataheadersmax_allowed_timertotal_attemptsreturnc s|jr,z|jIdHWntk r*YnXtj|d} |dkrDi}t|4IdH} | |j|j|||IdHd} tdk rt |tr|j dk r|j nd} nt |t t frt |} | 2z<3dHW} | |j||||| f|IdH} | j tjkrqq6W5QIdHRX| S)aY Args: method (str): The http method used to make the request. url (str): The URI to be requested. data (Optional[bytes]): The payload or body in HTTP request. headers (Optional[Mapping[str, str]]): Request headers. timeout (float, aiohttp.ClientTimeout): The amount of time in seconds to wait for the server response with each individual request. max_allowed_time (float): If the method runs longer than this, a ``Timeout`` exception is automatically raised. Unlike the ``timeout`` parameter, this value applies to the total method execution time, even if multiple requests are made under the hood. total_attempts (int): The total number of retry attempts. Mind that it is not guaranteed that the timeout error is raised at ``max_allowed_time``. It might take longer, for example, if an underlying request takes a lot of time, but the request itself does not timeout, e.g. if a large file is being transmitted. The timeout error will be raised after such request completes. Returns: google.auth.aio.transport.Response: The HTTP response. Raises: google.auth.exceptions.TimeoutError: If the method does not complete within the configured `max_allowed_time` or the request exceeds the configured `timeout`. N)rEg)r* ExceptionrZAsyncExponentialBackoffr r&Zbefore_requestr,r r$totalintfloat status_coder ZDEFAULT_RETRYABLE_STATUS_CODES)r-r@rArBrCrDrrEkwargsretriesrZactual_timeout_rrrrrequestsN+   zAsyncAuthorizedSession.request)rArBrCrDrrErFcs |jd||||||f|IdHS) Args: url (str): The URI to be requested. data (Optional[bytes]): The payload or body in HTTP request. headers (Optional[Mapping[str, str]]): Request headers. max_allowed_time (float): If the method runs longer than this, a ``Timeout`` exception is automatically raised. Unlike the ``timeout`` parameter, this value applies to the total method execution time, even if multiple requests are made under the hood. timeout (float, aiohttp.ClientTimeout): The amount of time in seconds to wait for the server response with each individual request. total_attempts (int): The total number of retry attempts. Mind that it is not guaranteed that the timeout error is raised at ``max_allowed_time``. It might take longer, for example, if an underlying request takes a lot of time, but the request itself does not timeout, e.g. if a large file is being transmitted. The timeout error will be raised after such request completes. Returns: google.auth.aio.transport.Response: The HTTP response. Raises: google.auth.exceptions.TimeoutError: If the method does not complete within the configured `max_allowed_time` or the request exceeds the configured `timeout`. GETNrOr-rArBrCrDrrErLrrrget.s*zAsyncAuthorizedSession.getcs |jd||||||f|IdHS)rPPOSTNrRrSrrrpostcs*zAsyncAuthorizedSession.postcs |jd||||||f|IdHS)rPPUTNrRrSrrrputs*zAsyncAuthorizedSession.putcs |jd||||||f|IdHS)rPPATCHNrRrSrrrpatchs*zAsyncAuthorizedSession.patchcs |jd||||||f|IdHS)rPDELETENrRrSrrrdeletes*zAsyncAuthorizedSession.deletecCs|jS)z#Indicates if mutual TLS is enabled.)r)r-rrris_mtls7szAsyncAuthorizedSession.is_mtls)rFcs|jIdHdS)z< Close the underlying auth request session. N)r,r5r]rrrr5<szAsyncAuthorizedSession.close)N)N)__name__ __module__ __qualname____doc__r rr rr.r?Z_DEFAULT_TIMEOUT_SECONDSZDEFAULT_MAX_RETRY_ATTEMPTSstrbytesrrJrr rIResponserO functoolswrapsrTrVrXrZr\propertyr^r5rrrrr!\s&  M  O 4 4 4 4 4 r!)!r contextlibrrfrtypingrrrrZ google.authrrZgoogle.auth.aior Zgoogle.auth.aio.credentialsr Zgoogle.auth.aio.transportr Zgoogle.auth.exceptionsr Z"google.auth.transport._mtls_helperr2r4r r6AttributeErrorZ!google.auth.aio.transport.aiohttprr(r'r r!rrrrs4         +