U cc|@sdZddlZddlZddlZddlmZddlmZmZddl m Z m Z ddl m Z ddlmZddlmZmZmZmZmZmZmZmZmZmZmZmZmZdd lmZm Z e!e"Z#d Z$d iiZ%Gd d d Z&Gddde&Z'Gddde(eZ)GdddZ*dS)zResolves regions and endpoints. This module implements endpoint resolution, including resolving endpoints for a given service and region and resolving the available endpoints for a service in a specific AWS partition. N)Enum)UNSIGNED xform_name)AUTH_TYPE_MAPSHAS_CRTCRT_SUPPORTED_AUTH_TYPES)EndpointProvider) EndpointProviderErrorEndpointVariantErrorInvalidHostLabelErrorMissingDependencyException NoRegionErrorParamValidationError$UnknownEndpointResolutionBuiltInNameUnknownRegionErrorUnknownSignatureVersionError*UnsupportedS3AccesspointConfigurationErrorUnsupportedS3ConfigurationErrorUnsupportedS3ControlArnError&UnsupportedS3ControlConfigurationError)ensure_booleaninstance_cachez{service}.{region}.{dnsSuffix} endpointsc@s,eZdZdZd ddZddZd d d ZdS) BaseEndpointResolverz3Resolves regions and endpoints. Must be subclassed.NcCstdS)a7Resolves an endpoint for a service and region combination. :type service_name: string :param service_name: Name of the service to resolve an endpoint for (e.g., s3) :type region_name: string :param region_name: Region/endpoint name to resolve (e.g., us-east-1) if no region is provided, the first found partition-wide endpoint will be used if available. :rtype: dict :return: Returns a dict containing the following keys: - partition: (string, required) Resolved partition name - endpointName: (string, required) Resolved endpoint name - hostname: (string, required) Hostname to use for this endpoint - sslCommonName: (string) sslCommonName to use for this endpoint. - credentialScope: (dict) Signature version 4 credential scope - region: (string) region name override when signing. - service: (string) service name override when signing. - signatureVersions: (list) A list of possible signature versions, including s3, v4, v2, and s3v4 - protocols: (list) A list of supported protocols (e.g., http, https) - ...: Other keys may be included as well based on the metadata NNotImplementedError)self service_name region_namer 4/tmp/pip-unpacked-wheel-wt8t2h3j/botocore/regions.pyconstruct_endpoint5sz'BaseEndpointResolver.construct_endpointcCstdS)zLists the partitions available to the endpoint resolver. :return: Returns a list of partition names (e.g., ["aws", "aws-cn"]). Nrrr r r!get_available_partitionsRsz-BaseEndpointResolver.get_available_partitionsawsFcCstdS)aLists the endpoint names of a particular partition. :type service_name: string :param service_name: Name of a service to list endpoint for (e.g., s3) :type partition_name: string :param partition_name: Name of the partition to limit endpoints to. (e.g., aws for the public AWS endpoints, aws-cn for AWS China endpoints, aws-us-gov for AWS GovCloud (US) Endpoints, etc. :type allow_non_regional: bool :param allow_non_regional: Set to True to include endpoints that are not regional endpoints (e.g., s3-external-1, fips-us-gov-west-1, etc). :return: Returns a list of endpoint names (e.g., ["us-east-1"]). Nr)rrpartition_nameallow_non_regionalr r r!get_available_endpointsYsz,BaseEndpointResolver.get_available_endpoints)N)r%F)__name__ __module__ __qualname____doc__r"r$r(r r r r!r2s  rc@seZdZdZddgZd%ddZd&dd Zd d Zd'd dZd(ddZ d)ddZ ddZ d*ddZ ddZ ddZddZddZdd Zd!d"Zd#d$Zd S)+EndpointResolverz7Resolves endpoints based on partition endpoint metadatazaws-isoz aws-iso-bFcCs d|krtd||_||_dS)a :type endpoint_data: dict :param endpoint_data: A dict of partition data. :type uses_builtin_data: boolean :param uses_builtin_data: Whether the endpoint data originates in the package's data directory. partitionsz%Missing "partitions" in endpoint dataN) ValueError_endpoint_datauses_builtin_data)r endpoint_datar1r r r!__init__ts zEndpointResolver.__init__r%cCsB|jdD]2}|d|krq |d}||kr.q ||dSdS)Nr. partitionservicesr)r0)rrr&r4r5r r r!get_service_endpoints_datas z+EndpointResolver.get_service_endpoints_datacCs&g}|jdD]}||dq|S)Nr.r4)r0append)rresultr4r r r!r$sz)EndpointResolver.get_available_partitionsNc Csg}|jdD]}|d|kr q|d}||kr2q||d}|D]J} | |dk} |rz| rz||| |} | r|| qB|s| rB|| qBq|S)Nr.r4r5rregions)r0_retrieve_variant_datar7) rrr&r'endpoint_variant_tagsr8r4r5Zservice_endpoints endpoint_nameZis_regional_endpointZ variant_datar r r!r(s(    z(EndpointResolver.get_available_endpointscCs\|jdD]L}|d|kr |rJ||d|}|rVd|krV|dSq |dSq dS)Nr.r4defaults dnsSuffix)r0r:get)rr&r;r4variantr r r!get_partition_dns_suffixs  z)EndpointResolver.get_partition_dns_suffixc Cs|dkr|r|dkrd}|dk rhd}|jdD]}|d|kr.|}q.|dk rd||||||d}|SdS|jdD]6}|r|d|jkrqr||||||}|rr|SqrdS)Ns3z us-east-1r.r4T)r0_endpoint_for_partition!_UNSUPPORTED_DUALSTACK_PARTITIONS) rrrr&use_dualstack_endpointuse_fips_endpointZvalid_partitionr4r8r r r!r"sN  z#EndpointResolver.construct_endpointcCs8|jdD]}|||r |dSq t|dddS)Nr.r4z,No partition found for provided region_name.)r error_msg)r0 _region_matchr)rrr4r r r!get_partition_for_regions z)EndpointResolver.get_partition_for_regionc Cs|d}|r,||jkr,d|}tdg|d|d|t} |dkr\d| krV| d}nt||| |||d} || dkr|jf| S|||s|r| d} | d d } | r| std ||| | | d <|jf| Std |||jf| SdS)Nr4z@Dualstack endpoints are currently not supported for %s partition dualstacktagsrGr5ZpartitionEndpoint)r4r service_datar<rErFrZisRegionalizedTz'Using partition endpoint for %s, %s: %sr<z*Creating a regex based endpoint for %s, %s) rDr r?DEFAULT_SERVICE_DATAr_resolverHLOGdebug) rr4rrrErFZforce_partitionr&rGrMZresolve_kwargsZpartition_endpointZis_regionalizedr r r!rCsZ       z(EndpointResolver._endpoint_for_partitioncCs0||dkrdSd|kr,t|d|SdS)Nr9TZ regionRegexF)recompilematch)rr4rr r r!rH8s  zEndpointResolver._region_matchcCs>|dg}|D](}t|dt|kr|}|SqdS)NvariantsrL)r?setcopy)rr2rLrUr@r8r r r!r:?s  z'EndpointResolver._retrieve_variant_datacCs$g}|r|d|r |d|S)NrJZfips)r7)rrErFrLr r r!_create_tag_listFs   z!EndpointResolver._create_tag_listcCs4i}|||fD] }|||}|r|||q|SN)r: _merge_keys)rrLr2service_defaultspartition_defaultsr8rUr@r r r!_resolve_variantNs  z!EndpointResolver._resolve_variantc Cs$|di|i}|dr,td||di}|di} |||} | r|| ||| } | ikrd|d|} t| | d||| n|} d| kr|d| d<|d | d <|| d <||| || | ||| d ||| d| d <d | kr ||| d ||| d| d <| S) Nr deprecatedz5Client is configured with the deprecated endpoint: %sr=zEndpoint does not exist for z in region rKr>r4Z endpointNamehostnameZ sslCommonName)r?rPwarningrXr]r rZ_expand_template) rr4rrMr<rErFr2r[r\rLr8rGr r r!rOXs`           zEndpointResolver._resolvecCs"|D]}||kr||||<qdSrYr )rZ from_datar8keyr r r!rZszEndpointResolver._merge_keyscCs|j|||dS)N)Zserviceregionr>)format)rr4templaterr<r>r r r!ras z!EndpointResolver._expand_template)F)r%)r%FN)N)NNFF)F)r)r*r+r,rDr3r6r$r(rAr"rIrCrHr:rXr]rOrZrar r r r!r-os4      2 A Br-c@s8eZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d S) EndpointResolverBuiltinsz AWS::Regionz AWS::UseFIPSzAWS::UseDualStackzAWS::STS::UseGlobalEndpointzAWS::S3::UseGlobalEndpointzAWS::S3::AcceleratezAWS::S3::ForcePathStylezAWS::S3::UseArnRegionzAWS::S3Control::UseArnRegionz'AWS::S3::DisableMultiRegionAccessPointsz SDK::EndpointN)r)r*r+Z AWS_REGIONZ AWS_USE_FIPSZAWS_USE_DUALSTACKZAWS_STS_USE_GLOBAL_ENDPOINTZAWS_S3_USE_GLOBAL_ENDPOINTZAWS_S3_ACCELERATEZAWS_S3_FORCE_PATH_STYLEZAWS_S3_USE_ARN_REGIONZAWS_S3CONTROL_USE_ARN_REGIONZAWS_S3_DISABLE_MRAPZ SDK_ENDPOINTr r r r!rfsrfc@seZdZdZd$ddZddZdd Zd d Zd d ZddZ ddZ ddZ e ddZ e ddZe ddZddZddZddZd d!Zd"d#ZdS)%EndpointRulesetResolverz5Resolves endpoints using a service's endpoint rulesetTNc CsHt||d|_|jjj|_||_||_||_||_||_ ||_ i|_ dS)N)Z ruleset_datapartition_data) r _providerZruleset parameters_param_definitions_service_model _builtins_client_context_event_emitter_use_ssl_requested_auth_schemeZ_instance_cache) rZendpoint_ruleset_datarhZ service_modelbuiltinsZclient_contextZ event_emitterZuse_sslZrequested_auth_schemer r r!r3s  z EndpointRulesetResolver.__init__c Cs|dkr i}|dkri}||||}td|z|jjf|}Wn@tk r}z"|||}|dkrpn||W5d}~XYnXtd|j|js|j dr|j d|jddd}|j dd |j Dd }|S) zAInvokes the provider with params defined in the service's rulesetNz-Calling endpoint provider with parameters: %szEndpoint provider result: %szhttps://zhttp://)urlcSsi|]\}}||dqS)rr ).0rbvalr r r! sz>EndpointRulesetResolver.construct_endpoint..)headers) _get_provider_paramsrPrQriZresolve_endpointr #ruleset_error_to_botocore_exceptionrtrp startswith_replacerxitems)roperation_model call_argsrequest_contextprovider_paramsZprovider_resultexZbotocore_exceptionr r r!r"sFz*EndpointRulesetResolver.construct_endpointc Csli}||||}|jD]J\}}|j|||d}|dkrV|jdk rV|j|j|d}|dk r|||<q|S)aResolve a value for each parameter defined in the service's ruleset The resolution order for parameter values is: 1. Operation-specific static context values from the service definition 2. Operation-specific dynamic context values from API parameters 3. Client-specific context parameters 4. Built-in values such as region, FIPS usage, ... ) param_namer~rN) builtin_namerr)_get_customized_builtinsrkr}_resolve_param_from_contextbuiltin_resolve_param_as_builtin) rr~rrrcustomized_builtinsrZ param_defZ param_valr r r!rys(  z,EndpointRulesetResolver._get_provider_paramscCs<|||}|dk r|S||||}|dk r2|S||SrY)&_resolve_param_as_static_context_param'_resolve_param_as_dynamic_context_param&_resolve_param_as_client_context_param)rrr~rZstaticZdynamicr r r!r4sz3EndpointRulesetResolver._resolve_param_from_contextcCs||}||SrY)_get_static_context_paramsr?)rrr~Zstatic_ctx_paramsr r r!rCs z>EndpointRulesetResolver._resolve_param_as_static_context_paramcCs(||}||kr$||}||SdSrY)_get_dynamic_context_paramsr?)rrr~rZdynamic_ctx_params member_namer r r!rIs z?EndpointRulesetResolver._resolve_param_as_dynamic_context_paramcCs(|}||kr$||}|j|SdSrY)_get_client_context_paramsrnr?)rrZclient_ctx_paramsZclient_ctx_varnamer r r!rQsz>EndpointRulesetResolver._resolve_param_as_client_context_paramcCs"|tjkrt|d||S)Nname)rf __members__valuesrr?)rrrrr r r!rWs z1EndpointRulesetResolver._resolve_param_as_builtincCsdd|jDS)z=Mapping of param names to static param value for an operationcSsi|]}|j|jqSr )rvalueruparamr r r!rw_szFEndpointRulesetResolver._get_static_context_params..)Zstatic_context_parametersrr~r r r!r\sz2EndpointRulesetResolver._get_static_context_paramscCsdd|jDS)z7Mapping of param names to member names for an operationcSsi|]}|j|jqSr )rrrr r r!rwgszGEndpointRulesetResolver._get_dynamic_context_params..)Zcontext_parametersrr r r!rdsz3EndpointRulesetResolver._get_dynamic_context_paramscCsdd|jjDS)z7Mapping of param names to client configuration variablecSsi|]}|jt|jqSr )rrrr r r!rwoszFEndpointRulesetResolver._get_client_context_params..)rlZclient_context_parametersr#r r r!rlsz2EndpointRulesetResolver._get_client_context_paramscCs6|jj}t|j}|jjd|||||d|S)Nzbefore-endpoint-resolution.%s)rrmodelparamscontext)rl service_idZ hyphenizerWrmroemit)rr~rrrrr r r!rts  z0EndpointRulesetResolver._get_customized_builtinscst|trt|dkrtdtdddd|DjjtkrPdifSfdd|D}jd k rzt fd d |D\}}Wnt k rd ifYSXn~zt d d |D\}}Wnbt k r&d }dd|D}t st dd |D}|rt ddntd|dYnXi}d|krD|d|d<n,d|krpt|ddkrp|dd|d<d|kr|j|ddd|krt|d|d<td|d||||fS)aConvert an Endpoint's authSchemes property to a signing_context dict :type auth_schemes: list :param auth_schemes: A list of dictionaries taken from the ``authSchemes`` property of an Endpoint object returned by ``EndpointProvider``. :rtype: str, dict :return: Tuple of auth type string (to be used in ``request_context['auth_type']``) and signing context dict (for use in ``request_context['signing']``). rz&auth_schemes must be a non-empty list.z_Selecting from endpoint provider's list of auth schemes: %s. User selected auth scheme is: "%s"z, cSsg|]}d|ddqS)"r)r?rusr r r! szGEndpointRulesetResolver.auth_schemes_to_signing_ctx..nonecs"g|]}|d|diqSr)_strip_sig_prefixruschemer#r r!rsNc3s*|]"}j|drj|fVqdSrN)._does_botocore_authname_match_ruleset_authnamerqrr#r r! s zFEndpointRulesetResolver.auth_schemes_to_signing_ctx..css&|]}|dtkr|d|fVqdSr)rrr r r!rs FcSsg|] }|dqSrr rr r r!rscss|]}|tkVqdSrYrrr r r!rszbThis operation requires an additional dependency. Use pip install botocore[crt] before proceeding.msg)Zsignature_versionZ signingRegionrcZsigningRegionSetZ signingName)Z signing_nameZdisableDoubleEncodingz?Selected auth type "%s" as "%s" with signing context params: %sr) isinstancelistlen TypeErrorrPrQjoinrqrnext StopIterationranyr rupdater)rZ auth_schemesrrZfixable_with_crtZauth_type_optionsZsigning_contextr r#r!auth_schemes_to_signing_ctxsp          z3EndpointRulesetResolver.auth_schemes_to_signing_ctxcCs|dr|ddS|S)z6Normalize auth type names by removing any "sig" prefixsigN)r{)rZ auth_namer r r!rsz)EndpointRulesetResolver._strip_sig_prefixcCs>||}|dd}|dkr6|dr6|dd}||kS)a\ Whether a valid string provided as signature_version parameter for client construction refers to the same auth methods as a string returned by the endpoint ruleset provider. This accounts for: * The ruleset prefixes auth names with "sig" * The s3 and s3control rulesets don't distinguish between v4[a] and s3v4[a] signers * The v2, v3, and HMAC v1 based signers (s3, s3-*) are botocore legacy features and do not exist in the rulesets * Only characters up to the first dash are considered Example matches: * v4, sigv4 * v4, v4 * s3v4, sigv4 * s3v7, sigv7 (hypothetical example) * s3v4a, sigv4a * s3v4-query, sigv4 Example mismatches: * v4a, sigv4 * s3, sigv4 * s3-presign-post, sigv4 -rrBN)rsplitr{)rZbotonameZrsnamer r r!rs   zFEndpointRulesetResolver._does_botocore_authname_match_ruleset_authnamecCsF|jd}|dkrdS|drXz|dd}Wntk rL|}YnXt|dS|jj}|dkr|dksx|d krt|d S|d s|d s|d s|ds|ds|drt |d S| drt |dS|dkrB|dr |d}t ||dS|ds$|dr.t |d S|dkrBt |dSdS)zAttempts to translate ruleset errors to pre-existing botocore exception types by string matching exception strings. rNzInvalid region in ARN: `)labelrBz/S3 Object Lambda does not support S3 Acceleratez#Accelerate cannot be used with FIPSrzS3 Outposts does not supportzS3 MRAP does not supportz!S3 Object Lambda does not supportzAccess Points do not supportzInvalid configuration:z#Client was configured for partitionz invalid arn:)reportZ s3controlz Invalid ARN:ZBucket)arnrz!AccountId is required but not set)kwargsr?r{r IndexErrorr rlrrrlowerrrr)rZruleset_exceptionrrrrrr r r!rzsT              z;EndpointRulesetResolver.ruleset_error_to_botocore_exception)TN)r)r*r+r,r3r"ryrrrrrrrrrrrrrrzr r r r!rgs,  2!   a rg)+r,rWloggingrRenumrZbotocorerrZ botocore.authrrZ botocore.crtrZbotocore.endpoint_providerr Zbotocore.exceptionsr r r r rrrrrrrrrZbotocore.utilsrr getLoggerr)rPZDEFAULT_URI_TEMPLATErNrr-strrfrgr r r r! s&   < =: