)@,SrSSKrSSKrSSKrSSKJr SSKJr SSKJr SSKJ r SSKJ r SSKJ r SS K J r SS KJr SS KJr SSKrS rS rSrSrSrSrSr\\\\/rSr"SS\R85r"SS\5r"SS\5rSrSr "SS\RB"\RD\#55r$"SS\$5r%"S S!\$5r&"S"S#\$5r'"S$S%\$5r("S&S'\$5r)"S(S)\$5r*S0S*jr+S+r,S,r-S1S-jr.S.r/S/r0g)2z#A library to support auth commands.N) check_browser)config) exceptions)log) properties)yaml) console_io)creds)fileszH764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.comzd-FL95Q19q7MQmFpd7hHD0Tyz.https://www.googleapis.com/auth/cloud-platformz0https://www.googleapis.com/auth/sqlservice.loginz%https://www.googleapis.com/auth/drivez.https://www.googleapis.com/auth/userinfo.emailopenid installedc\rSrSrSrSrg)Error8z A base exception for this class.N__name__ __module__ __qualname____firstlineno____doc____static_attributes__r'lib/googlecloudsdk/api_lib/auth/util.pyrr8s(rrc\rSrSrSrSrg)InvalidClientSecretsError=z:An error for when we fail to load the client secrets file.rNrrrrrr=sBrrc\rSrSrSrSrg)BadCredentialFileExceptionBz,Raised when credentials file cannot be read.rNrrrrrrBs4rrcL[R"U5n[ U[5(d[SR U55eU$![an[SR X55eSnAf[R an[SR X55eSnAff=f)aReturns the JSON content of a credentials config file. This function is useful when the content of a file need to be inspected first before determining how to handle it (how to initialize the underlying credentials). Only UTF-8 JSON files are supported. Args: filename (str): The filepath to the ADC file representing credentials. Returns: Optional(Mapping): The JSON content. Raises: BadCredentialFileException: If JSON parsing of the file fails. z"File {0} is not utf-8 encoded: {1}Nz!Could not read json file {0}: {1}zCould not read json file {0})r load_pathUnicodeDecodeErrorrformatYAMLParseError isinstancedict)filenamecontentes rGetCredentialsConfigFromFiler+Gs"nnX&G GT " " $&--h7 99 . B $,33H@ BB   $%H%O%O& s#A B#A--B#BB#cSSKJn URU5(a/[R"UR R 55 g[R"U5 g)z2Prints help messages when auth flow throws errors.r) context_awareN)googlecloudsdk.corer-IsContextAwareAccessDeniedErrorrerrorContextAwareAccessErrorGet)excdefault_help_msgr-s r_HandleFlowErrorr5js@022377IIm33779:IIrcP\rSrSrSrSrS Sjr\RS5r Sr Sr g) FlowRunneruzBase auth flow runner class. Attributes: _scopes: [str], The list of scopes to authorize. _client_config: The client configuration in the Google client secrets format. z,There was a problem with web authentication.NcRXlX lX0lUR5UlgN)_scopes_client_config _redirect_uri _CreateFlow_flow)selfscopes client_config redirect_uris r__init__FlowRunner.__init__s#L'%!!#DJrcgr:r)r@s rr>FlowRunner._CreateFlowsrc SSKJn URR"S0UD6$!URan[ X0R 5 eSnAff=f)Nrflowr)googlecloudsdk.core.credentialsrJr?Runrr5_FLOW_ERROR_HELP_MSG)r@kwargsc_flowr*s rrLFlowRunner.RunsE> ZZ^^ %f %% << q334  s$AA  A)r<r?r=r;r:) rrrrrrMrDabcabstractmethodr>rLrrrrr7r7us4H$    rr7c\rSrSrSrSrSrg) OobFlowRunnerzA flow runner to run OobFlow.cSSKJn URRURUR [ RRRR5(+S9$NrrIautogenerate_code_verifier) rKrJOobFlowfrom_client_configr<r;rVALUESauthdisable_code_verifierGetBoolr@rOs rr>OobFlowRunner._CreateFlowsQ> >> , ,  '1'8'8'='=  wwy$) - **rrNrrrrrr>rrrrrTrTs %*rrTc\rSrSrSrSrSrg)NoBrowserFlowRunnerz#A flow runner to run NoBrowserFlow.cSSKJn URRURUR [ RRRR5(+S9$rW) rKrJ NoBrowserFlowr[r<r;rr\r]r^r_r`s rr>NoBrowserFlowRunner._CreateFlowsS>    2 2  '1'8'8'='=  wwy$) 3 **rrNrbrrrrdrds +*rrdc\rSrSrSrSrSrg)"RemoteLoginWithAuthProxyFlowRunnerz2A flow runner to run RemoteLoginWithAuthProxyFlow.cSSKJn URRURUR [ RRRR5(+URS9$)NrrI)rYrC) rKrJRemoteLoginWithAuthProxyFlowr[r<r;rr\r]r^r_r=r`s rr>.RemoteLoginWithAuthProxyFlowRunner._CreateFlows]>  . . A A  '1'8'8'='=  wwy$)'' B ))rrNrbrrrrjrjs : )rrjc\rSrSrSrSrSrg)NoBrowserHelperRunnerz)A flow runner to run NoBrowserHelperFlow.c.SSKJn URRURUR [ RRRR5(+S9$!URa [R"S5 ef=f)NrrIrXzCannot start a local server to handle authorization redirection. Please run this command on a machine where gcloud can start a local server.)rKrJNoBrowserHelperFlowr[r<r;rr\r]r^r_LocalServerCreationErrorrr0r`s rr>!NoBrowserHelperRunner._CreateFlows>   ' ' : :    ,,)3):):)?)? &+;,,  * *  ii34  s A#A,,(BrNrbrrrrprps 1 rrpc"\rSrSrSrSrSrSrg) BrowserFlowWithOobFallbackRunnerz?A flow runner to try normal web flow and fall back to oob flow.zXThere was a problem with web authentication. Try running again with --no-launch-browser.c2SSKJn URRURUR [ RRRR5(+S9$!URan[R"U5 [R"S5 URRURUR [ RRRR5(+S9sSnA$SnAff=f)NrrIrXz"Defaulting to URL copy/paste mode.)rKrJ FullWebFlowr[r<r;rr\r]r^r_rtrwarningrZr@rOr*s rr>,BrowserFlowWithOobFallbackRunner._CreateFlows> ,    2 2    ,,)3):):)?)? &+3,,  * *, kk!n kk67 ^^ . .    ,,)3):):)?)? &+/,,,A#A,,DrrrrrwrwsGH,rrwc"\rSrSrSrSrSrSrg)&BrowserFlowWithNoBrowserFallbackRunnerzEA flow runner to try normal web flow and fall back to NoBrowser flow.zQThere was a problem with web authentication. Try running again with --no-browser.c2SSKJn URRURUR [ RRRR5(+S9$!URan[R"U5 [R"S5 URRURUR [ RRRR5(+S9sSnA$SnAff=f)NrrIrXz Defaulting to --no-browser mode.)rKrJrzr[r<r;rr\r]r^r_rtrr{rgr|s rr>2BrowserFlowWithNoBrowserFallbackRunner._CreateFlows> ,    2 2    ,,)3):):)?)? &+3,,  * *, kk!n kk45  ! ! 4 4    ,,)3):):)?)? &+5,,,r~rNrrrrrrsMA,rrcU(a6[R"U5n[R"U5sSSS5 $[ 5$!,(df  [ 5$=f)zECreates a client config from a client id file or gcloud's properties.N)r FileReaderjsonload+_CreateGoogleAuthClientConfigFromProperties)client_id_filefs r_CreateGoogleAuthClientConfigrsC   . )Q YYq\ * ) 4 66 * ) 4 66s A Acd[RRRR SS9n[ R "5n[RRRR SS9n[RRRR SS9nSUUUUS.0$)z1Creates a client config from gcloud's properties.T)requiredr ) client_id client_secretauth_uri token_uri) rr\r] auth_hostr2r GetDefaultTokenUrirr)rrrrs rrrs    # # - - 1 14 1 @(&&()$$..22D2A)##((66::D:I- (  rc@USS[R[4;$)Nr r)rCLOUDSDK_CLIENT_ID%DEFAULT_CREDENTIALS_DEFAULT_CLIENT_ID)rBs r_IsGoogleOwnedClientIDr!s*  $[ 1'')N O PQrcTSSKJn SSKJn SSKJn U(a [ U5 U(d [U5nU(d0n[R"SS9n U(a[X5R"S 0UD6n OU(a6U (dU RS5e[X5R"S SU0UD6n OU(a[XU5R"S 0UD6n OrU (dPU(a,[U5(d[X5R"S 0UD6n O8[XU5R"S 0UD6n O[!X5R"S 0UD6n U (aX[#XR$5(a!SS KJn U R$R)U 5$[#XR$5(aU $g g ) aLaunches a 3LO oauth2 flow to get google-auth credentials. Args: scopes: [str], The list of scopes to authorize. client_id_file: str, The path to a file containing the client id and secret to use for the flow. If None, the default client id for the Cloud SDK is used. client_config: Optional[Mapping], the client secrets and urls that should be used for the OAuth flow. no_launch_browser: bool, True if users specify --no-launch-browser flag to use the remote login with auth proxy flow. no_browser: bool, True if users specify --no-browser flag to ask another gcloud instance to help with authorization. remote_bootstrap: str, The auth parameters specified by --remote-bootstrap flag. Once used, it means the command is to help authorize another gcloud (i.e. gcloud without access to browser). query_params: Optional[Mapping], extra params to pass to the flow during `Run`. These params end up getting used as query params for authorization_url. auth_proxy_redirect_uri: str, The uri where OAuth service will redirect the user to once the authentication is complete for a remote login with auth proxy flow. Returns: core.credentials.google_auth_credentials.Credentials, The credentials obtained from the flow. r) external_account_authorized_user) credentialsrIT)attempt_launch_browserzbCannot launch browser. Please run this command on a machine where gcloud can launch a web browser.partial_auth_url)google_auth_credentialsNr) google.authr google.oauth2rrKrJ!AssertClientSecretIsInstalledTyperrShouldLaunchBrowserrdrLWebBrowserInaccessiblerprjrrr& CredentialsrFromGoogleAuthUserCredentials)rArrBno_launch_browser no_browserremote_bootstrap query_paramsauth_proxy_redirect_uriroauth2_credentialsrOcan_launch_browser user_creds c_google_auths r#DoInstalledAppBrowserFlowGoogleAuthr&sF;=<%n5 1.AM L$88!#$V;??O,OJ   ) ) 3 44'v=AA;);-9;J36 c  J 4]CC&v=AA j6 !8  j8"s#3%13J*<<==[  & & D DZ PP*JJKK LrcSn[R"[R"U55n[U5S:wa[ SU35e[U5SnU[:wa[ S [S US U35eg ![Ra [ SUS35e[R a [ SUSU35ef=f) zDAssert that the file is a valid json file for installed application.zTo obtain a valid client ID file, create a Desktop App following the steps outlined in https://support.google.com/cloud/answer/6158849?hl=en#zippy=%2Cnative-applications%2Cdesktop-apps.zCannot read file: "z".zClient ID file z is not a valid JSON file. zNExpected a JSON object with a single property for an "installed" application. rzOnly client IDs of type 'z%' are allowed, but encountered type 'z'. N) rloadsr ReadFileContentsrrJSONDecodeErrorlentupleCLIENT_SECRET_INSTALLED_TYPE)ractionable_messageobj client_types rrr~sl  **U++N; rsO * 9&*#*$21* )s%,F)GD<C    +J     F  ##CKK8 @ *J * ** * ) ) J (,z,4,Z,47"Q 8<6::?389=59@DUp:Ar