o Jh"@sdZddlZddlZddlZddlmZddlZddlmZm Z ddl m Z m Z ddl mZddlmZddlmZmZmZmZmZmZmZmZmZmZmZmZmZmZdd l m!Z!dd l"m#Z#m$Z$e%e&Z'd Z(d iiZ)Gd ddZ*Gddde*Z+Gddde,eZ-GdddZ.dS)zResolves regions and endpoints. This module implements endpoint resolution, including resolving endpoints for a given service and region and resolving the available endpoints for a service in a specific AWS partition. N)Enum)UNSIGNED xform_name)AUTH_TYPE_MAPSHAS_CRTCRT_SUPPORTED_AUTH_TYPES)EndpointProvider)EndpointProviderErrorEndpointVariantError!InvalidEndpointConfigurationErrorInvalidHostLabelErrorMissingDependencyException NoRegionErrorParamValidationError$UnknownEndpointResolutionBuiltInNameUnknownRegionErrorUnknownSignatureVersionError*UnsupportedS3AccesspointConfigurationErrorUnsupportedS3ConfigurationErrorUnsupportedS3ControlArnError&UnsupportedS3ControlConfigurationError)register_feature_id)ensure_booleaninstance_cachez{service}.{region}.{dnsSuffix} endpointsc@s.eZdZdZd ddZddZ d d d ZdS) BaseEndpointResolverz3Resolves regions and endpoints. Must be subclassed.NcCt)a7Resolves an endpoint for a service and region combination. :type service_name: string :param service_name: Name of the service to resolve an endpoint for (e.g., s3) :type region_name: string :param region_name: Region/endpoint name to resolve (e.g., us-east-1) if no region is provided, the first found partition-wide endpoint will be used if available. :rtype: dict :return: Returns a dict containing the following keys: - partition: (string, required) Resolved partition name - endpointName: (string, required) Resolved endpoint name - hostname: (string, required) Hostname to use for this endpoint - sslCommonName: (string) sslCommonName to use for this endpoint. - credentialScope: (dict) Signature version 4 credential scope - region: (string) region name override when signing. - service: (string) service name override when signing. - signatureVersions: (list) A list of possible signature versions, including s3, v4, v2, and s3v4 - protocols: (list) A list of supported protocols (e.g., http, https) - ...: Other keys may be included as well based on the metadata NotImplementedError)self service_name region_namer#p/var/www/vedio/testing/chatpythonscript.ninositsolution.com/env/lib/python3.10/site-packages/botocore/regions.pyconstruct_endpoint:sz'BaseEndpointResolver.construct_endpointcCr)zLists the partitions available to the endpoint resolver. :return: Returns a list of partition names (e.g., ["aws", "aws-cn"]). rr r#r#r$get_available_partitionsWsz-BaseEndpointResolver.get_available_partitionsawsFcCr)aLists the endpoint names of a particular partition. :type service_name: string :param service_name: Name of a service to list endpoint for (e.g., s3) :type partition_name: string :param partition_name: Name of the partition to limit endpoints to. (e.g., aws for the public AWS endpoints, aws-cn for AWS China endpoints, aws-us-gov for AWS GovCloud (US) Endpoints, etc. :type allow_non_regional: bool :param allow_non_regional: Set to True to include endpoints that are not regional endpoints (e.g., s3-external-1, fips-us-gov-west-1, etc). :return: Returns a list of endpoint names (e.g., ["us-east-1"]). r)r r!partition_nameallow_non_regionalr#r#r$get_available_endpoints^sz,BaseEndpointResolver.get_available_endpointsN)r(F)__name__ __module__ __qualname____doc__r%r'r+r#r#r#r$r7s  rc@seZdZdZddgZd%ddZd&dd Zd d Z   d'd dZ d(ddZ  d)ddZ ddZ d%ddZ ddZ ddZddZddZdd Zd!d"Zd#d$Zd S)*EndpointResolverz7Resolves endpoints based on partition endpoint metadatazaws-isoz aws-iso-bFcCs d|vrtd||_||_dS)a :type endpoint_data: dict :param endpoint_data: A dict of partition data. :type uses_builtin_data: boolean :param uses_builtin_data: Whether the endpoint data originates in the package's data directory. partitionsz%Missing "partitions" in endpoint dataN) ValueError_endpoint_datauses_builtin_data)r endpoint_datar5r#r#r$__init__ys  zEndpointResolver.__init__r(cCsB|jdD]}|d|krq|d}||vrq||dSdS)Nr2 partitionservicesr)r4)r r!r)r8r9r#r#r$get_service_endpoints_datas z+EndpointResolver.get_service_endpoints_datacCs&g}|jdD] }||dq|S)Nr2r8)r4append)r resultr8r#r#r$r'sz)EndpointResolver.get_available_partitionsNc Csg}|jdD]@}|d|krq|d}||vrq||d}|D]%} | |dv} |r=| r=||| |} | r<|| q!|sA| rF|| q!q|S)Nr2r8r9rregions)r4_retrieve_variant_datar;) r r!r)r*endpoint_variant_tagsr<r8r9service_endpoints endpoint_nameis_regional_endpoint variant_datar#r#r$r+s,      z(EndpointResolver.get_available_endpointscCs\|jdD]&}|d|kr+|r%||d|}|r$d|vr$|dSq|dSqdS)Nr2r8defaults dnsSuffix)r4r>get)r r)r?r8variantr#r#r$get_partition_dns_suffixs      z)EndpointResolver.get_partition_dns_suffixc Cs|dkr |r |dur d}|dur4d}|jdD] }|d|kr!|}q|dur2||||||d}|SdS|jdD]}|rE|d|jvrEq9||||||}|rT|Sq9dS)Ns3z us-east-1r2r8T)r4_endpoint_for_partition!_UNSUPPORTED_DUALSTACK_PARTITIONS) r r!r"r)use_dualstack_endpointuse_fips_endpointvalid_partitionr8r<r#r#r$r%sN  z#EndpointResolver.construct_endpointcCs4|jdD]}|||r|dSqt|dd)Nr2r8z,No partition found for provided region_name.)r" error_msg)r4 _region_matchr)r r"r8r#r#r$get_partition_for_regions  z)EndpointResolver.get_partition_for_regionc Cs|d}|r||jvrd|d}tdg|d|d|t} |dur0d| vr-| d}nt||| |||d} || d vrG|jdi| S|||sO|r| d} | d d } | rr| srtd ||| | | d <|jdi| Std|||jdi| SdS)Nr8z4Dualstack endpoints are currently not supported for z partition dualstacktagsrOr9partitionEndpoint)r8r! service_datarArLrMrisRegionalizedTz'Using partition endpoint for %s, %s: %srAz*Creating a regex based endpoint for %s, %sr#) rKr rFDEFAULT_SERVICE_DATAr_resolverPLOGdebug) r r8r!r"rLrMforce_partitionr)rOrVresolve_kwargspartition_endpointis_regionalizedr#r#r$rJsX      z(EndpointResolver._endpoint_for_partitioncCs0||dvrdSd|vrt|d|SdS)Nr=T regionRegexF)recompilematch)r r8r"r#r#r$rP=s zEndpointResolver._region_matchcCs>|dg}|D]}t|dt|kr|}|SqdS)NvariantsrT)rFsetcopy)r r6rTrdrGr<r#r#r$r>Ds z'EndpointResolver._retrieve_variant_datacCs$g}|r |d|r|d|S)NrRfips)r;)r rLrMrTr#r#r$_create_tag_listKs   z!EndpointResolver._create_tag_listcCs4i}|||fD]}|||}|r|||q|Sr,)r> _merge_keys)r rTr6service_defaultspartition_defaultsr<rdrGr#r#r$_resolve_variantSs  z!EndpointResolver._resolve_variantc Cs$|di|i}|drtd||di}|di} |||} | rL|| ||| } | ikrEd|d|} t| | d||| n|} d| vrX|d| d<|d | d <|| d <||| || | ||| d ||| d| d <d | vr||| d ||| d| d <| S) Nr deprecatedz3Client is configured with the deprecated endpoint: rDzEndpoint does not exist for z in region rSrEr8 endpointNamehostname sslCommonName)rFrZwarningrhrlr ri_expand_template) r r8r!rVrArLrMr6rjrkrTr<rOr#r#r$rY]sX          zEndpointResolver._resolvecCs"|D] }||vr||||<qdSr,r#)r from_datar<keyr#r#r$ris  zEndpointResolver._merge_keyscCs|j|||dS)N)serviceregionrE)format)r r8templater!rArEr#r#r$rrsz!EndpointResolver._expand_template)F)r()r(FNr,)NNFF)r-r.r/r0rKr7r:r'r+rHr%rQrJrPr>rhrlrYrirrr#r#r#r$r1ts6       2 A A r1c@s@eZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdS)EndpointResolverBuiltinsz AWS::Regionz AWS::UseFIPSzAWS::UseDualStackzAWS::STS::UseGlobalEndpointzAWS::S3::UseGlobalEndpointzAWS::S3::AcceleratezAWS::S3::ForcePathStylezAWS::S3::UseArnRegionzAWS::S3Control::UseArnRegionz'AWS::S3::DisableMultiRegionAccessPointsz SDK::EndpointzAWS::Auth::AccountIdz AWS::Auth::AccountIdEndpointModeN)r-r.r/ AWS_REGION AWS_USE_FIPSAWS_USE_DUALSTACKAWS_STS_USE_GLOBAL_ENDPOINTAWS_S3_USE_GLOBAL_ENDPOINTAWS_S3_ACCELERATEAWS_S3_FORCE_PATH_STYLEAWS_S3_USE_ARN_REGIONAWS_S3CONTROL_USE_ARN_REGIONAWS_S3_DISABLE_MRAP SDK_ENDPOINT ACCOUNT_IDACCOUNT_ID_ENDPOINT_MODEr#r#r#r$rysryc@seZdZdZ  d(ddZddZdd Zd d Zd d ZddZ ddZ ddZ ddZ e ddZe ddZe ddZddZddZd d!Zd"d#Zd$d%Zd&d'ZdS))EndpointRulesetResolverz5Resolves endpoints using a service's endpoint rulesetTNc CsHt||d|_|jjj|_||_||_||_||_||_ ||_ i|_ dS)N) ruleset_datapartition_data) r _providerruleset parameters_param_definitions_service_model _builtins_client_context_event_emitter_use_ssl_requested_auth_scheme_instance_cache) r endpoint_ruleset_datar service_modelbuiltinsclient_context event_emitteruse_sslrequested_auth_schemer#r#r$r7s   z EndpointRulesetResolver.__init__c Cs|duri}|dur i}||||}td|z |jjd i|}Wnty@}z|||}|dur9||d}~wwtd|j|jsa|j dra|j d|jddd}|j dd |j Dd }|S) zAInvokes the provider with params defined in the service's rulesetNz+Calling endpoint provider with parameters: zEndpoint provider result: zhttps://zhttp://)urlcSsi|] \}}||dqS)rr#).0rtvalr#r#r$ sz>EndpointRulesetResolver.construct_endpoint..)headersr#) _get_provider_paramsrZr[rresolve_endpointr #ruleset_error_to_botocore_exceptionrr startswith_replaceritems)r operation_model call_argsrequest_contextprovider_paramsprovider_resultexbotocore_exceptionr#r#r$r%sD  z*EndpointRulesetResolver.construct_endpointc Csxi}||||}|jD]+\}}|j|||d}|dur+|jdur+|j|j|d}|dur9|||<|||q|S)aResolve a value for each parameter defined in the service's ruleset The resolution order for parameter values is: 1. Operation-specific static context values from the service definition 2. Operation-specific dynamic context values from API parameters 3. Client-specific context parameters 4. Built-in values such as region, FIPS usage, ... ) param_namerrN) builtin_namer)_get_customized_builtinsrr_resolve_param_from_contextbuiltin_resolve_param_as_builtin_register_endpoint_feature_ids) r rrrrcustomized_builtinsr param_def param_valr#r#r$rs(  z,EndpointRulesetResolver._get_provider_paramscCsV|||}|dur |S||||}|dur|S||||}|dur&|S||Sr,)&_resolve_param_as_static_context_param'_resolve_param_as_dynamic_context_param)_resolve_param_as_operation_context_param&_resolve_param_as_client_context_param)r rrrstaticdynamicoperation_context_paramsr#r#r$r=s" z3EndpointRulesetResolver._resolve_param_from_contextcCs||}||Sr,)_get_static_context_paramsrF)r rrstatic_ctx_paramsr#r#r$rSs  z>EndpointRulesetResolver._resolve_param_as_static_context_paramcCs(||}||vr||}||SdSr,)_get_dynamic_context_paramsrF)r rrrdynamic_ctx_params member_namer#r#r$rYs  z?EndpointRulesetResolver._resolve_param_as_dynamic_context_paramcCs(|}||vr||}|j|SdSr,)_get_client_context_paramsrrF)r rclient_ctx_paramsclient_ctx_varnamer#r#r$ras  z>EndpointRulesetResolver._resolve_param_as_client_context_paramcCs*|j}||vr||d}t||SdS)Npath)operation_context_parametersjmespathsearch)r rrroperation_ctx_paramsrr#r#r$rgs   zAEndpointRulesetResolver._resolve_param_as_operation_context_paramcCs4|tjvr t|d||}t|r|S|S)Nname)ry __members__valuesrrFcallable)r rrrr#r#r$ros   z1EndpointRulesetResolver._resolve_param_as_builtincCdd|jDS)z=Mapping of param names to static param value for an operationcSi|]}|j|jqSr#)rvaluerparamr#r#r$rzzFEndpointRulesetResolver._get_static_context_params..)static_context_parametersr rr#r#r$rwz2EndpointRulesetResolver._get_static_context_paramscCr)z7Mapping of param names to member names for an operationcSrr#)rrrr#r#r$rrzGEndpointRulesetResolver._get_dynamic_context_params..)context_parametersrr#r#r$rrz3EndpointRulesetResolver._get_dynamic_context_paramscCsdd|jjDS)z7Mapping of param names to client configuration variablecSsi|] }|jt|jqSr#)rrrr#r#r$rs zFEndpointRulesetResolver._get_client_context_params..)rclient_context_parametersr&r#r#r$rsz2EndpointRulesetResolver._get_client_context_paramscCs8|jj}t|j}|jjd|||||d|S)Nzbefore-endpoint-resolution.)rmodelparamscontext)r service_id hyphenizerfrremit)r rrrrrr#r#r$rs  z0EndpointRulesetResolver._get_customized_builtinscst|tr t|dkrtdtdddd|Djjtkr(difSfdd|D}jd urSzt fd d |D\}}WnEt yRd ifYSwz t d d |D\}}Wn*t yd }dd|D}t s{t dd |D}|rt ddtd|dwi}d|vr|d|d<nd|vrt|ddkrd|d|d<d|vr|j|ddd|vrt|d|d<td|d||||fS)aConvert an Endpoint's authSchemes property to a signing_context dict :type auth_schemes: list :param auth_schemes: A list of dictionaries taken from the ``authSchemes`` property of an Endpoint object returned by ``EndpointProvider``. :rtype: str, dict :return: Tuple of auth type string (to be used in ``request_context['auth_type']``) and signing context dict (for use in ``request_context['signing']``). rz&auth_schemes must be a non-empty list.z_Selecting from endpoint provider's list of auth schemes: %s. User selected auth scheme is: "%s"z, cSsg|] }d|ddqS)"r)rFrsr#r#r$ szGEndpointRulesetResolver.auth_schemes_to_signing_ctx..nonecs&g|]}i|d|diqSr)_strip_sig_prefixrschemer&r#r$rsNc3s,|]}j|drj|fVqdSrN)._does_botocore_authname_match_ruleset_authnamerrr&r#r$ s  zFEndpointRulesetResolver.auth_schemes_to_signing_ctx..css(|]}|dtvr|d|fVqdSr)rrr#r#r$rs  FcSsg|]}|dqSrr#rr#r#r$rscss|]}|tvVqdSr,rrr#r#r$rs  zbThis operation requires an additional dependency. Use pip install botocore[crt] before proceeding.msg)signature_version signingRegionrvsigningRegionSet, signingName) signing_namedisableDoubleEncodingz?Selected auth type "%s" as "%s" with signing context params: %sr) isinstancelistlen TypeErrorrZr[joinrrnext StopIterationranyrrupdater)r auth_schemesrrfixable_with_crtauth_type_optionssigning_contextr#r&r$auth_schemes_to_signing_ctxsx        z3EndpointRulesetResolver.auth_schemes_to_signing_ctxcCs|dr |ddS|S)z6Normalize auth type names by removing any "sig" prefixsigN)r)r auth_namer#r#r$rsz)EndpointRulesetResolver._strip_sig_prefixcCs>||}|dd}|dkr|dr|dd}||kS)a\ Whether a valid string provided as signature_version parameter for client construction refers to the same auth methods as a string returned by the endpoint ruleset provider. This accounts for: * The ruleset prefixes auth names with "sig" * The s3 and s3control rulesets don't distinguish between v4[a] and s3v4[a] signers * The v2, v3, and HMAC v1 based signers (s3, s3-*) are botocore legacy features and do not exist in the rulesets * Only characters up to the first dash are considered Example matches: * v4, sigv4 * v4, v4 * s3v4, sigv4 * s3v7, sigv7 (hypothetical example) * s3v4a, sigv4a * s3v4-query, sigv4 Example mismatches: * v4a, sigv4 * s3, sigv4 * s3-presign-post, sigv4 -rrIN)rsplitr)r botonamersnamer#r#r$rs  zFEndpointRulesetResolver._does_botocore_authname_match_ruleset_authnamecCsh|jd}|dur dS|dr+z |dd}Wn ty%|}Ynwt|dS|jj}|dkro|dks;|d kr@t|d S|d s^|d s^|d s^|ds^|ds^|drct |d S| drot |dS|dkr|dr|d}t ||dS|ds|drt |d S|dkrt |dS|dkr|drt|d S|dkrt|d SdS)zAttempts to translate ruleset errors to pre-existing botocore exception types by string matching exception strings. rNzInvalid region in ARN: `)labelrIz/S3 Object Lambda does not support S3 Acceleratez#Accelerate cannot be used with FIPSrzS3 Outposts does not supportzS3 MRAP does not supportz!S3 Object Lambda does not supportzAccess Points do not supportzInvalid configuration:z#Client was configured for partitionz invalid arn:)report s3controlz Invalid ARN:Bucket)arnrz!AccountId is required but not seteventszUInvalid Configuration: FIPS is not supported with EventBridge multi-region endpoints.z&EndpointId must be a valid host label.)kwargsrFrr  IndexErrorr rr!rrlowerrrrr )r ruleset_exceptionrrrr!rr#r#r$r%s`              z;EndpointRulesetResolver.ruleset_error_to_botocore_exceptioncCs6|dkrtd|dS|dkrtddSdS)NAccountIdEndpointModeACCOUNT_ID_MODE_ AccountIdRESOLVED_ACCOUNT_ID)rupper)r rrr#r#r$r\s  z6EndpointRulesetResolver._register_endpoint_feature_ids)TN)r-r.r/r0r7r%rrrrrrrrrrrrrrrrrr#r#r#r$rs2  2"   c 7r)/r0rfloggingraenumrrbotocorerr botocore.authrr botocore.crtrbotocore.endpoint_providerr botocore.exceptionsr r r r rrrrrrrrrrbotocore.useragentrbotocore.utilsrr getLoggerr-rZDEFAULT_URI_TEMPLATErXrr1strryrr#r#r#r$s,    @  =9#