o 9_Wc|@sdZddlZddlZddlZddlmZddlmZmZddl m Z m Z ddl m Z ddlmZddlmZmZmZmZmZmZmZmZmZmZmZmZmZdd lmZm Z e!e"Z#d Z$d iiZ%Gd d d Z&Gddde&Z'Gddde(eZ)GdddZ*dS)zResolves regions and endpoints. This module implements endpoint resolution, including resolving endpoints for a given service and region and resolving the available endpoints for a service in a specific AWS partition. N)Enum)UNSIGNED xform_name)AUTH_TYPE_MAPSHAS_CRTCRT_SUPPORTED_AUTH_TYPES)EndpointProvider) EndpointProviderErrorEndpointVariantErrorInvalidHostLabelErrorMissingDependencyException NoRegionErrorParamValidationError$UnknownEndpointResolutionBuiltInNameUnknownRegionErrorUnknownSignatureVersionError*UnsupportedS3AccesspointConfigurationErrorUnsupportedS3ConfigurationErrorUnsupportedS3ControlArnError&UnsupportedS3ControlConfigurationError)ensure_booleaninstance_cachez{service}.{region}.{dnsSuffix} endpointsc@s.eZdZdZd ddZddZ d d d ZdS) BaseEndpointResolverz3Resolves regions and endpoints. Must be subclassed.NcCt)a7Resolves an endpoint for a service and region combination. :type service_name: string :param service_name: Name of the service to resolve an endpoint for (e.g., s3) :type region_name: string :param region_name: Region/endpoint name to resolve (e.g., us-east-1) if no region is provided, the first found partition-wide endpoint will be used if available. :rtype: dict :return: Returns a dict containing the following keys: - partition: (string, required) Resolved partition name - endpointName: (string, required) Resolved endpoint name - hostname: (string, required) Hostname to use for this endpoint - sslCommonName: (string) sslCommonName to use for this endpoint. - credentialScope: (dict) Signature version 4 credential scope - region: (string) region name override when signing. - service: (string) service name override when signing. - signatureVersions: (list) A list of possible signature versions, including s3, v4, v2, and s3v4 - protocols: (list) A list of supported protocols (e.g., http, https) - ...: Other keys may be included as well based on the metadata NotImplementedError)self service_name region_namer!2D:\Flask\env\Lib\site-packages\botocore/regions.pyconstruct_endpoint5sz'BaseEndpointResolver.construct_endpointcCr)zLists the partitions available to the endpoint resolver. :return: Returns a list of partition names (e.g., ["aws", "aws-cn"]). rrr!r!r"get_available_partitionsRsz-BaseEndpointResolver.get_available_partitionsawsFcCr)aLists the endpoint names of a particular partition. :type service_name: string :param service_name: Name of a service to list endpoint for (e.g., s3) :type partition_name: string :param partition_name: Name of the partition to limit endpoints to. (e.g., aws for the public AWS endpoints, aws-cn for AWS China endpoints, aws-us-gov for AWS GovCloud (US) Endpoints, etc. :type allow_non_regional: bool :param allow_non_regional: Set to True to include endpoints that are not regional endpoints (e.g., s3-external-1, fips-us-gov-west-1, etc). :return: Returns a list of endpoint names (e.g., ["us-east-1"]). r)rrpartition_nameallow_non_regionalr!r!r"get_available_endpointsYsz,BaseEndpointResolver.get_available_endpointsN)r&F)__name__ __module__ __qualname____doc__r#r%r)r!r!r!r"r2s  rc@seZdZdZddgZd%ddZd&dd Zd d Z   d'd dZ d(ddZ  d)ddZ ddZ d%ddZ ddZ ddZddZddZdd Zd!d"Zd#d$Zd S)*EndpointResolverz7Resolves endpoints based on partition endpoint metadatazaws-isoz aws-iso-bFcCs d|vrtd||_||_dS)a :type endpoint_data: dict :param endpoint_data: A dict of partition data. :type uses_builtin_data: boolean :param uses_builtin_data: Whether the endpoint data originates in the package's data directory. partitionsz%Missing "partitions" in endpoint dataN) ValueError_endpoint_datauses_builtin_data)r endpoint_datar3r!r!r"__init__ts  zEndpointResolver.__init__r&cCsB|jdD]}|d|krq|d}||vrq||dSdS)Nr0 partitionservicesr)r2)rrr'r6r7r!r!r"get_service_endpoints_datas z+EndpointResolver.get_service_endpoints_datacCs&g}|jdD] }||dq|S)Nr0r6)r2append)rresultr6r!r!r"r%sz)EndpointResolver.get_available_partitionsNc Csg}|jdD]@}|d|krq|d}||vrq||d}|D]%} | |dv} |r=| r=||| |} | r<|| q!|sA| rF|| q!q|S)Nr0r6r7rregions)r2_retrieve_variant_datar9) rrr'r(endpoint_variant_tagsr:r6r7Zservice_endpoints endpoint_nameZis_regional_endpointZ variant_datar!r!r"r)s,      z(EndpointResolver.get_available_endpointscCs\|jdD]&}|d|kr+|r%||d|}|r$d|vr$|dSq|dSqdS)Nr0r6defaults dnsSuffix)r2r<get)rr'r=r6variantr!r!r"get_partition_dns_suffixs      z)EndpointResolver.get_partition_dns_suffixc Cs|dkr |r |dur d}|dur4d}|jdD] }|d|kr!|}q|dur2||||||d}|SdS|jdD]}|rE|d|jvrEq9||||||}|rT|Sq9dS)Ns3z us-east-1r0r6T)r2_endpoint_for_partition!_UNSUPPORTED_DUALSTACK_PARTITIONS) rrr r'use_dualstack_endpointuse_fips_endpointZvalid_partitionr6r:r!r!r"r#sT  z#EndpointResolver.construct_endpointcCs4|jdD]}|||r|dSqt|dd)Nr0r6z,No partition found for provided region_name.)r error_msg)r2 _region_matchr)rr r6r!r!r"get_partition_for_regions  z)EndpointResolver.get_partition_for_regionc Cs|d}|r||jvrd|}tdg|d|d|t} |dur.d| vr+| d}nt||| |||d} || dvrE|jdi| S|||sM|r| d} | d d } | rp| sptd ||| | | d <|jdi| Std |||jdi| SdS)Nr6z@Dualstack endpoints are currently not supported for %s partition dualstacktagsrIr7ZpartitionEndpoint)r6r service_datar>rGrHrZisRegionalizedTz'Using partition endpoint for %s, %s: %sr>z*Creating a regex based endpoint for %s, %sr!) rFr rADEFAULT_SERVICE_DATAr_resolverJLOGdebug) rr6rr rGrHZforce_partitionr'rIrOZresolve_kwargsZpartition_endpointZis_regionalizedr!r!r"rEsZ     z(EndpointResolver._endpoint_for_partitioncCs0||dvrdSd|vrt|d|SdS)Nr;TZ regionRegexF)recompilematch)rr6r r!r!r"rJ8s zEndpointResolver._region_matchcCs>|dg}|D]}t|dt|kr|}|SqdS)NvariantsrN)rAsetcopy)rr4rNrWrBr:r!r!r"r<?s z'EndpointResolver._retrieve_variant_datacCs$g}|r |d|r|d|S)NrLZfips)r9)rrGrHrNr!r!r"_create_tag_listFs   z!EndpointResolver._create_tag_listcCs4i}|||fD]}|||}|r|||q|Sr*)r< _merge_keys)rrNr4service_defaultspartition_defaultsr:rWrBr!r!r"_resolve_variantNs  z!EndpointResolver._resolve_variantc Cs"|di|i}|drtd||di}|di} |||} | rK|| ||| } | ikrDd|d|} t| | d||| n|} d| vrW|d| d<|d | d <|| d <||| || | ||| d ||| d| d <d | vr||| d ||| d| d <| S) Nr deprecatedz5Client is configured with the deprecated endpoint: %sr?zEndpoint does not exist for z in region rMr@r6Z endpointNamehostnameZ sslCommonName)rArRwarningrZr^r r[_expand_template) rr6rrOr>rGrHr4r\r]rNr:rIr!r!r"rQXs\          zEndpointResolver._resolvecCs"|D] }||vr||||<qdSr*r!)r from_datar:keyr!r!r"r[s  zEndpointResolver._merge_keyscCs|j|||dS)N)Zserviceregionr@)format)rr6templaterr>r@r!r!r"rbsz!EndpointResolver._expand_template)F)r&)r&FNr*)NNFF)r+r,r-r.rFr5r8r%r)rCr#rKrErJr<rZr^rQr[rbr!r!r!r"r/os6       2 A B r/c@s8eZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d S) EndpointResolverBuiltinsz AWS::Regionz AWS::UseFIPSzAWS::UseDualStackzAWS::STS::UseGlobalEndpointzAWS::S3::UseGlobalEndpointzAWS::S3::AcceleratezAWS::S3::ForcePathStylezAWS::S3::UseArnRegionzAWS::S3Control::UseArnRegionz'AWS::S3::DisableMultiRegionAccessPointsz SDK::EndpointN)r+r,r-Z AWS_REGIONZ AWS_USE_FIPSZAWS_USE_DUALSTACKZAWS_STS_USE_GLOBAL_ENDPOINTZAWS_S3_USE_GLOBAL_ENDPOINTZAWS_S3_ACCELERATEZAWS_S3_FORCE_PATH_STYLEZAWS_S3_USE_ARN_REGIONZAWS_S3CONTROL_USE_ARN_REGIONZAWS_S3_DISABLE_MRAPZ SDK_ENDPOINTr!r!r!r"rhsrhc@seZdZdZ  d$ddZddZdd Zd d Zd d ZddZ ddZ ddZ e ddZ e ddZe ddZddZddZddZd d!Zd"d#ZdS)%EndpointRulesetResolverz5Resolves endpoints using a service's endpoint rulesetTNc CsHt||d|_|jjj|_||_||_||_||_||_ ||_ i|_ dS)N)Z ruleset_datapartition_data) r _providerZruleset parameters_param_definitions_service_model _builtins_client_context_event_emitter_use_ssl_requested_auth_schemeZ_instance_cache) rZendpoint_ruleset_datarjZ service_modelbuiltinsZclient_contextZ event_emitterZuse_sslZrequested_auth_schemer!r!r"r5s   z EndpointRulesetResolver.__init__c Cs|duri}|dur i}||||}td|z |jjd i|}Wnty?}z|||}|dur8||d}~wwtd|j|js_|j dr_|j d|jddd}|j dd |j Dd }|S) zAInvokes the provider with params defined in the service's rulesetNz-Calling endpoint provider with parameters: %szEndpoint provider result: %szhttps://zhttp://)urlcSsi|] \}}||dqS)rr!).0rdvalr!r!r" sz>EndpointRulesetResolver.construct_endpoint..)headersr!) _get_provider_paramsrRrSrkZresolve_endpointr #ruleset_error_to_botocore_exceptionrvrr startswith_replacerzitems)roperation_model call_argsrequest_contextprovider_paramsZprovider_resultexZbotocore_exceptionr!r!r"r#sD  z*EndpointRulesetResolver.construct_endpointc Csli}||||}|jD]%\}}|j|||d}|dur+|jdur+|j|j|d}|dur3|||<q|S)aResolve a value for each parameter defined in the service's ruleset The resolution order for parameter values is: 1. Operation-specific static context values from the service definition 2. Operation-specific dynamic context values from API parameters 3. Client-specific context parameters 4. Built-in values such as region, FIPS usage, ... ) param_namerrN) builtin_namert)_get_customized_builtinsrmr_resolve_param_from_contextbuiltin_resolve_param_as_builtin) rrrrrcustomized_builtinsrZ param_defZ param_valr!r!r"r{s& z,EndpointRulesetResolver._get_provider_paramscCs<|||}|dur |S||||}|dur|S||Sr*)&_resolve_param_as_static_context_param'_resolve_param_as_dynamic_context_param&_resolve_param_as_client_context_param)rrrrZstaticZdynamicr!r!r"r4s z3EndpointRulesetResolver._resolve_param_from_contextcCs||}||Sr*)_get_static_context_paramsrA)rrrZstatic_ctx_paramsr!r!r"rCs  z>EndpointRulesetResolver._resolve_param_as_static_context_paramcCs(||}||vr||}||SdSr*)_get_dynamic_context_paramsrA)rrrrZdynamic_ctx_params member_namer!r!r"rIs  z?EndpointRulesetResolver._resolve_param_as_dynamic_context_paramcCs(|}||vr||}|j|SdSr*)_get_client_context_paramsrprA)rrZclient_ctx_paramsZclient_ctx_varnamer!r!r"rQs  z>EndpointRulesetResolver._resolve_param_as_client_context_paramcCs"|tjvr t|d||S)Nname)rh __members__valuesrrA)rrrtr!r!r"rWs  z1EndpointRulesetResolver._resolve_param_as_builtincCdd|jDS)z=Mapping of param names to static param value for an operationcSi|]}|j|jqSr!)rvaluerwparamr!r!r"ry_zFEndpointRulesetResolver._get_static_context_params..)Zstatic_context_parametersrrr!r!r"r\z2EndpointRulesetResolver._get_static_context_paramscCr)z7Mapping of param names to member names for an operationcSrr!)rrrr!r!r"rygrzGEndpointRulesetResolver._get_dynamic_context_params..)Zcontext_parametersrr!r!r"rdrz3EndpointRulesetResolver._get_dynamic_context_paramscCsdd|jjDS)z7Mapping of param names to client configuration variablecSsi|] }|jt|jqSr!)rrrr!r!r"ryos zFEndpointRulesetResolver._get_client_context_params..)rnZclient_context_parametersr$r!r!r"rlsz2EndpointRulesetResolver._get_client_context_paramscCs6|jj}t|j}|jjd|||||d|S)Nzbefore-endpoint-resolution.%s)rtmodelparamscontext)rn service_idZ hyphenizerYrorqemit)rrrrrrr!r!r"rts  z0EndpointRulesetResolver._get_customized_builtinscst|tr t|dkrtdtdddd|Djjtkr(difSfdd|D}jd urSzt fd d |D\}}WnEt yRd ifYSwz t d d |D\}}Wn*t yd }dd|D}t s{t dd |D}|rt ddtd|dwi}d|vr|d|d<nd|vrt|ddkr|dd|d<d|vr|j|ddd|vrt|d|d<td|d||||fS)aConvert an Endpoint's authSchemes property to a signing_context dict :type auth_schemes: list :param auth_schemes: A list of dictionaries taken from the ``authSchemes`` property of an Endpoint object returned by ``EndpointProvider``. :rtype: str, dict :return: Tuple of auth type string (to be used in ``request_context['auth_type']``) and signing context dict (for use in ``request_context['signing']``). rz&auth_schemes must be a non-empty list.z_Selecting from endpoint provider's list of auth schemes: %s. User selected auth scheme is: "%s"z, cSsg|] }d|ddqS)"r)rArwsr!r!r" szGEndpointRulesetResolver.auth_schemes_to_signing_ctx..nonecs&g|]}i|d|diqSr)_strip_sig_prefixrwschemer$r!r"rsNc3s,|]}j|drj|fVqdSrN)._does_botocore_authname_match_ruleset_authnamersrr$r!r" s  zFEndpointRulesetResolver.auth_schemes_to_signing_ctx..css(|]}|dtvr|d|fVqdSr)rrr!r!r"rs   FcSsg|]}|dqSrr!rr!r!r"rscss|]}|tvVqdSr*rrr!r!r"rs  zbThis operation requires an additional dependency. Use pip install botocore[crt] before proceeding.msg)Zsignature_versionZ signingRegionreZsigningRegionSetZ signingName)Z signing_nameZdisableDoubleEncodingz?Selected auth type "%s" as "%s" with signing context params: %sr) isinstancelistlen TypeErrorrRrSjoinrsrnext StopIterationranyr rupdater)rZ auth_schemesrrZfixable_with_crtZauth_type_optionsZsigning_contextr!r$r"auth_schemes_to_signing_ctxst        z3EndpointRulesetResolver.auth_schemes_to_signing_ctxcCs|dr |ddS|S)z6Normalize auth type names by removing any "sig" prefixsigN)r})rZ auth_namer!r!r"rsz)EndpointRulesetResolver._strip_sig_prefixcCs>||}|dd}|dkr|dr|dd}||kS)a\ Whether a valid string provided as signature_version parameter for client construction refers to the same auth methods as a string returned by the endpoint ruleset provider. This accounts for: * The ruleset prefixes auth names with "sig" * The s3 and s3control rulesets don't distinguish between v4[a] and s3v4[a] signers * The v2, v3, and HMAC v1 based signers (s3, s3-*) are botocore legacy features and do not exist in the rulesets * Only characters up to the first dash are considered Example matches: * v4, sigv4 * v4, v4 * s3v4, sigv4 * s3v7, sigv7 (hypothetical example) * s3v4a, sigv4a * s3v4-query, sigv4 Example mismatches: * v4a, sigv4 * s3, sigv4 * s3-presign-post, sigv4 -rrDN)rsplitr})rZbotonameZrsnamer!r!r"rs  zFEndpointRulesetResolver._does_botocore_authname_match_ruleset_authnamecCs:|jd}|dur dS|dr+z |dd}Wn ty%|}Ynwt|dS|jj}|dkro|dks;|d kr@t|d S|d s^|d s^|d s^|ds^|ds^|drct |d S| drot |dS|dkr|dr|d}t ||dS|ds|drt |d S|dkrt |dSdS)zAttempts to translate ruleset errors to pre-existing botocore exception types by string matching exception strings. rNzInvalid region in ARN: `)labelrDz/S3 Object Lambda does not support S3 Acceleratez#Accelerate cannot be used with FIPSrzS3 Outposts does not supportzS3 MRAP does not supportz!S3 Object Lambda does not supportzAccess Points do not supportzInvalid configuration:z#Client was configured for partitionz invalid arn:)reportZ s3controlz Invalid ARN:ZBucket)arnrz!AccountId is required but not set)kwargsrAr}r IndexErrorr rnrrrlowerrrr)rZruleset_exceptionrrrrrr!r!r"r|sV            z;EndpointRulesetResolver.ruleset_error_to_botocore_exception)TN)r+r,r-r.r5r#r{rrrrrrrrrrrrrr|r!r!r!r"ris.  2!   a ri)+r.rYloggingrTenumrZbotocorerrZ botocore.authrrZ botocore.crtrZbotocore.endpoint_providerr Zbotocore.exceptionsr r r r rrrrrrrrrZbotocore.utilsrr getLoggerr+rRZDEFAULT_URI_TEMPLATErPrr/strrhrir!r!r!r"s(    < =: