📂 Advanced File Manager
Multi-Root Navigation System
⚡ Quick Jump
Server (/)
Home (/home)
Var_www (/var/www)
Current (/home4/shelley/public_html/shelleycutler.com/wp-content/mu-plugins)
📍 Go
⬆ Ke Atas
🏠 Root Server
🏠 Root App
🔄 Refresh
📀 /
›
usr
›
lib
›
python3.9
›
site-packages
›
oci
›
auth
›
signers
›
📁 __pycache__
📍
Lokasi:
/usr/lib/python3.9/site-packages/oci/auth/signers/__pycache__
💾
Free:
45.7 GB
⚠️ Direktori ini
tidak writable
.
✏️ Mengedit: instance_principals_security_token_signer.cpython-39.pyc
a ���f% � @ s� d dl mZ ddlmZmZ ddlmZ ddlmZ ddl m Z ddlmZ dd l mZ dd l mZ ddlZddlZG dd � d e�ZdS )� )�,X509FederationClientBasedSecurityTokenSigner� )�UrlBasedCertificateRetriever�:INSTANCE_METADATA_URL_CERTIFICATE_RETRIEVER_RETRY_STRATEGY)�SessionKeySupplier)�X509FederationClient)� auth_utils� )�requests)� HTTPError)�ConnectTimeoutNc s\ e Zd ZdZdZd�e�Zd�e�Zd�e�Zd�e�Z ddiZ � fd d �Zdd� Z� Z S ) �%InstancePrincipalsSecurityTokenSignera� A SecurityTokenSigner which uses a security token for an instance principal. This signer can also refresh its token as needed. This signer is self-sufficient in that its internals know how to source the required information to request and use the token: * Using the metadata endpoint for the instance (http://169.254.169.254/opc/v2) we can discover the region the instance is in, its leaf certificate and any intermediate certificates (for requesting the token) and the tenancy (as) that is in the leaf certificate. * The signer leverages X509FederationClient so it can refresh the security token and also get the private key needed to sign requests (via the client's session_key_supplier) This signer can be used as follows: .. code-block:: python import oci signer = oci.auth.signers.InstancePrincipalsSecurityTokenSigner() identity_client = oci.identity.IdentityClient(config={}, signer=signer) regions = identity_client.list_regions() :param str federation_endpoint: (optional) Users of this class can specify an explicit federation_endpoint, representing the Auth Service endpoint from which to retrieve a security token. If it is not provided then we will construct an endpoint based on the region we read from the metadata endpoint for the instance :param federation_client_cert_bundle_verify: (optional) If we need a specific cert bundle in order to perform verification against the federation endpoint, this parameter is the path to that bundle. Alternatively, False can be passed to disable verification. :type federation_client_cert_bundle_verify: str or Boolean :param obj federation_client_retry_strategy: (optional): A retry strategy to apply to calls made by the X509FederationClient used by this class. This should be one of the strategies available in the :py:mod:`~oci.retry` module. A convenience :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` is also available and will be used by the X509FederationClient if no explicit retry strategy is specified. The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__. To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`. :param bool log_requests: (optional) log_request if set to True, will log the request url and response data when retrieving the certificate & corresponding private key (if there is one defined for this retriever) from UrlBasedCertificateRetriever, region, federation endpoint, and the response for receiving the token from the federation endpoint zhttp://169.254.169.254/opc/v2�{}/instance/region�{}/identity/cert.pem�{}/identity/key.pem�{}/identity/intermediate.pemZ Authorizationz Bearer Oraclec sN t �d�tt| ���| _| j�t �� � |�d�rJd| j_ | j� t j� nd| j_ |�d�rh|d | _nt | _z&t| j| j| j| j|�d�d�| _W n� tttjjf�yR } z�|j�r |jjdk�r dt_d �tj�t_d �tj�t_d�tj�t_d�tj�t_t| j| j| j| jd �| _n|j�s.d|_|jd |_|�W Y d }~n d }~0 0 t| j| j| jd�| _t � | _!t"�#| j�$� �| _%| �&� d|v �r�|d �r�|d }nd�tj'�(d| j)��}| j�*d| � t+|| j%| j!| j| jg|�dd �|�dd �|�dd �|�d�d� }d|v �r:|d }t,t| �j-||d� nt,t| ��-|� d S )Nz{}.{}�log_requestsFT�retry_strategy)�certificate_url�private_key_urlr �headersr i� zhttp://169.254.169.254/opc/v1r r r r )r r r r )� )z�Instance principals authentication can only be used on OCI compute instances. Please confirm this code is running on an OCI compute instance. See https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm for more info.)r r r �federation_endpointz {}/v1/x509Zauthz#federation endpoint is set to : %s Z$federation_client_cert_bundle_verifyZ federation_client_retry_strategy�purpose) r � tenancy_id�session_key_supplier�leaf_certificate_retrieverZ#intermediate_certificate_retrieversZcert_bundle_verifyr r r �generic_headers)�federation_clientr ).�loggingZ getLogger�format�__name__�id�loggerZ addHandlerZNullHandler�getZdisabledZsetLevel�DEBUGr r r �LEAF_CERTIFICATE_URL� LEAF_CERTIFICATE_PRIVATE_KEY_URL�METADATA_AUTH_HEADERSr r r �oci� exceptionsZServiceError�responseZstatus_coder �METADATA_URL_BASE�GET_REGION_URL�INTERMEDIATE_CERTIFICATE_URL�argsZ"intermediate_certificate_retrieverr r r Zget_tenancy_id_from_certificateZget_certificate_as_certificater �initialize_and_return_region�regionsZendpoint_for�region�debugr �super�__init__)�self�kwargs�er r r �� __class__� �^/usr/lib/python3.9/site-packages/oci/auth/signers/instance_principals_security_token_signer.pyr5 F sz �� � � z.InstancePrincipalsSecurityTokenSigner.__init__c C s~ t | d�r| jS | j�d| j � tj| jd| jd�}|j� � � � }|tjj v r`tjj | | _n|| _| j�d| j � | jS )Nr2 z(Requesting region information from : %s )� �<