Xi)SrSSKJr SSKrSSKrSSKrSSKJ r SSKJ r SSKJ r "SS\ R5r g!\a SSKJr NBf=f) a Identity Pool Credentials. This module provides credentials to access Google Cloud resources from on-prem or non-Google Cloud platforms which support external credentials (e.g. OIDC ID tokens) retrieved from local file locations or local servers. This includes Microsoft Azure and OIDC identity providers (e.g. K8s workloads registered with Hub with Hub workload identity enabled). These credentials are recommended over the use of service account credentials in on-prem/non-Google Cloud platforms as they do not involve the management of long-live service account private keys. Identity Pool Credentials are initialized using external_account arguments which are typically loaded from an external credentials file or an external credentials URL. Unlike other Credentials that can be initialized with a list of explicit arguments, secrets or credentials, external account clients use the environment and hints/guidelines provided by the external_account JSON file to retrieve credentials and exchange them for Google access tokens. )MappingN)_helpers) exceptions)external_accountc^\rSrSrSrU4Sjr\R"\R5S5r Sr Sr Sr S SjrU4S jr\U4S j5r\U4S j5rS rU=r$) Credentials2z9External account credentials sourced from files and URLs.c>[[U] "UUUUUS.UD6 [U[5(dSUlSUlGOURS5UlURS5UlURS5UlURS05nURS5=(d SUl S U;a[R"S 5eURS ;a/[R"S RUR55eURS :Xa:URS5Ul URc[R"S5eOSUl UR (a'UR (a[R"S5eUR (d(UR (d[R"S5egg)aInstantiates an external account credentials object from a file/URL. Args: audience (str): The STS audience field. subject_token_type (str): The subject token type. token_url (str): The STS endpoint URL. credential_source (Mapping): The credential source dictionary used to provide instructions on how to retrieve external credential to be exchanged for Google access tokens. Example credential_source for url-sourced credential:: { "url": "http://www.example.com", "format": { "type": "json", "subject_token_field_name": "access_token", }, "headers": {"foo": "bar"}, } Example credential_source for file-sourced credential:: { "file": "/path/to/token/file.txt" } args (List): Optional positional arguments passed into the underlying :meth:`~external_account.Credentials.__init__` method. kwargs (Mapping): Optional keyword arguments passed into the underlying :meth:`~external_account.Credentials.__init__` method. Raises: google.auth.exceptions.RefreshError: If an error is encountered during access token retrieval logic. ValueError: For invalid parameters. .. note:: Typically one of the helper constructors :meth:`from_file` or :meth:`from_info` are used instead of calling the constructor directly. )audiencesubject_token_type token_urlcredential_sourceNfileurlheadersformattypetextenvironment_idz>Invalid Identity Pool credential_source field 'environment_id')rjsonz%Invalid credential_source format '{}'rsubject_token_field_namezBMissing subject_token_field_name for JSON credential_source formatzEAmbiguous credential_source. 'file' is mutually exclusive with 'url'.z>Missing credential_source. A 'file' or 'url' must be provided.)superr__init__ isinstancer_credential_source_file_credential_source_urlget_credential_source_headers_credential_source_format_typerMalformedErrorr_credential_source_field_name) selfr r r rargskwargscredential_source_format __class__s D/app/.venv/lib/python3.13/site-packages/google/auth/identity_pool.pyrCredentials.__init__5s` k4)  1/    +W55+/D (*.D '+<+@+@+HD (*;*?*?*FD '.?.C.CI.ND +'8'<'  /  #44 //T22:JJ //;BB;; 22f<5M5Q5Q.6255=$33\> 6:2  ' 'D,G,G++W ++D4O4O++P 5P+cnURURU5URUR5$N)_parse_token_data_get_token_datarr!r"requests r'retrieve_subject_token"Credentials.retrieve_subject_tokens5%%   )  / /  . .  r)cUR(aURUR5$URXRUR5$r+)r_get_file_data _get_url_datarrr.s r'r-Credentials._get_token_datasF  ' '&&t'C'CD D%%44d6U6U r)c[RRU5(d%[R"SR U55e[ R"USSS9nUR5U4sSSS5 $!,(df  g=f)NzFile '{}' was not found.rutf-8)encoding) ospathexistsr RefreshErrorrioopenread)r"filenamefile_objs r'r3Credentials._get_file_datas^ww~~h''))*D*K*KH*UV V WWXsW 5==?H,6 5 5s A<< B cU"USUS9n[URS5(aURRS5O URnURS:wa[R "SU5eXR4$)NGET)rmethodrdecoder8z.Unable to retrieve Identity Pool subject token)hasattrdatarGstatusrr=)r"r/rrresponse response_bodys r'r4Credentials._get_url_datasts5'B x}}h// MM  )  ??c !))@- !!r)cUupEUS:XaUnO[R"U5nXsnU(d[R "S5eU$![[4a& [R "SR XS55ef=f)Nrz@Unable to parse subject_token from JSON file '{}' using key '{}'z3Missing subject_token in the credential_source file)rloadsKeyError ValueErrorrr=r)r" token_content format_typercontentrAtoken response_datas r'r,Credentials._parse_token_datas* & E  $ 7 3 %?))E  j)  --V]]  s A6A>c>[[U] 5n[UR[ 5(a,URR S5(aSUS'U$SUS'U$)Nrsourcer)rr_create_default_metrics_optionsr_credential_sourcerr)r"metrics_optionsr&s r'r[+Credentials._create_default_metrics_optionssb TRT d--w 7 7&&**622,2)-2)r)c .>[[U] "U40UD6$)aCreates an Identity Pool Credentials instance from parsed external account info. Args: info (Mapping[str, str]): The Identity Pool external account info in Google format. kwargs: Additional arguments to pass to the constructor. Returns: google.auth.identity_pool.Credentials: The constructed credentials. Raises: ValueError: For invalid parameters. )rr from_info)clsinfor$r&s r'r`Credentials.from_infos [#0@@@r)c .>[[U] "U40UD6$)a<Creates an IdentityPool Credentials instance from an external account json file. Args: filename (str): The path to the IdentityPool external account json file. kwargs: Additional arguments to pass to the constructor. Returns: google.auth.identity_pool.Credentials: The constructed credentials. )rr from_file)rarAr$r&s r'reCredentials.from_files[#0DVDDr))r!rrrr)rN)__name__ __module__ __qualname____firstlineno____doc__rrcopy_docstringrrr0r-r3r4r,r[ classmethodr`re__static_attributes__ __classcell__)r&s@r'rr2sCdL-99: ; -"$KO0 AA" E Er)r) rkcollections.abcr ImportError collectionsr>rr: google.authrrrrr)r'rusQ*$' "(SE"..SE$#$s> A  A