def __init__(self, service, config, signer, type_mapping, **kwargs):
validate_config(config, signer=signer)
self.signer = signer
# Default to true (is a regional client) if there is nothing explicitly set. Regional
# clients allow us to call set_region and that'll also set the endpoint. For non-regional
# clients we require an endpoint
self.regional_client = kwargs.get('regional_client', True)
self._endpoint = None
self._base_path = kwargs.get('base_path')
self.service_endpoint_template = kwargs.get(
'service_endpoint_template')
if self.regional_client:
if kwargs.get('service_endpoint'):
self.endpoint = kwargs.get('service_endpoint')
else:
region_to_use = None
if 'region' in config and config['region']:
region_to_use = config.get('region')
elif hasattr(signer, 'region'):
region_to_use = signer.region
self.endpoint = regions.endpoint_for(
service,
service_endpoint_template=self.service_endpoint_template,
region=region_to_use,
endpoint=config.get('endpoint'))
else:
if not kwargs.get('service_endpoint'):
raise exceptions.MissingEndpointForNonRegionalServiceClientError(
'An endpoint must be provided for a non-regional service client'
)
self.endpoint = kwargs.get('service_endpoint')
self.service = service
self.complex_type_mappings = type_mapping
self.type_mappings = merge_type_mappings(self.primitive_type_map,
type_mapping)
self.session = requests.Session()
timeout_value_in_kwargs = kwargs.get('timeout')
self.timeout = timeout_value_in_kwargs if timeout_value_in_kwargs else (
DEFAULT_CONNECTION_TIMEOUT, DEFAULT_READ_TIMEOUT)
self.user_agent = build_user_agent(
get_config_value_or_default(config, "additional_user_agent"))
self.logger = logging.getLogger("{}.{}".format(__name__, id(self)))
self.logger.addHandler(logging.NullHandler())
if get_config_value_or_default(config, "log_requests"):
self.logger.disabled = False
self.logger.setLevel(logging.DEBUG)
is_http_log_enabled(True)
else:
self.logger.disabled = True
is_http_log_enabled(False)
self.skip_deserialization = kwargs.get('skip_deserialization')
def __init__(self, **kwargs):
super(UrlBasedCertificateRetriever, self).__init__()
if 'certificate_url' not in kwargs:
raise TypeError(
'certificate_url must be supplied as a keyword argument')
self.cert_url = kwargs['certificate_url']
self.private_key_url = kwargs.get('private_key_url')
self.passphrase = kwargs.get('passphrase')
self.retry_strategy = kwargs.get('retry_strategy')
self.logger = logging.getLogger("{}.{}".format(__name__, id(self)))
self.logger.addHandler(logging.NullHandler())
if kwargs.get('log_requests'):
self.logger.disabled = False
self.logger.setLevel(logging.DEBUG)
else:
self.logger.disabled = True
if self.passphrase and isinstance(self.passphrase, six.text_type):
self.passphrase = self.passphrase.encode('ascii')
self._refresh_lock = threading.Lock()
self.requests_session = requests.Session()
if kwargs.get('headers', None):
self.requests_session.headers.update(kwargs.get('headers'))
self.refresh()
def _set_region_from_instance_metadata_service(region):
# Check if region information from IMDS has already been read
if _get_source_has_been_read(ExternalSources.IMDS):
# Return False to allow fallback
return False
# Set source as read
_set_source_has_been_read(ExternalSources.IMDS)
try:
retry_strategy = Retry(total=3,
status_forcelist=[429, 500, 502, 503, 504],
read=0,
connect=3,
status=3)
s = requests.Session()
s.mount(GET_REGION_URL, HTTPAdapter(max_retries=retry_strategy))
response = s.get(GET_REGION_URL,
timeout=(10, 60),
headers=METADATA_AUTH_HEADERS)
region_metadata_raw = response.text
logger.debug("Region metadata blob from IMDS is: {}".format(
region_metadata_raw))
except (HTTPError, ConnectionError, RetryError) as e:
logger.debug(
"Failed to call IMDS service because of error: {}".format(e))
return False
if response.status_code != 200:
logger.debug(
"HTTP Get Failed: URL: {}, Status: {}, Message: {}".format(
GET_REGION_URL, response.status_code, response.text))
return False
try:
from json.decoder import JSONDecodeError
except ImportError:
JSONDecodeError = ValueError
try:
region_metadata = json.loads(region_metadata_raw)
except JSONDecodeError as e:
# Unable to parse the raw response
logger.debug(
"Decoding JSON from IMDS service because of error: {}".format(e))
return False
if _check_valid_schema(region_metadata):
return _add_region_information_to_lookup(region_metadata, region)
return False
def __init__(self, service, config, signer, type_mapping, **kwargs):
validate_config(config, signer=signer)
self.signer = signer
# Default to true (is a regional client) if there is nothing explicitly set. Regional
# clients allow us to call set_region and that'll also set the endpoint. For non-regional
# clients we require an endpoint
self.regional_client = kwargs.get('regional_client', True)
self._endpoint = None
self._base_path = kwargs.get('base_path')
if self.regional_client:
if kwargs.get('service_endpoint'):
self.endpoint = kwargs.get('service_endpoint')
else:
region_to_use = None
if 'region' in config and config['region']:
region_to_use = config.get('region')
elif hasattr(signer, 'region'):
region_to_use = signer.region
self.endpoint = regions.endpoint_for(
service,
region=region_to_use,
endpoint=config.get('endpoint'))
else:
if not kwargs.get('service_endpoint'):
raise ValueError(
'An endpoint must be provided for a non-regional service client'
)
self.endpoint = kwargs.get('service_endpoint')
self.service = service
self.complex_type_mappings = type_mapping
self.type_mappings = merge_type_mappings(self.primitive_type_map,
type_mapping)
self.session = requests.Session()
self.timeout = kwargs.get('timeout')
self.user_agent = build_user_agent(
get_config_value_or_default(config, "additional_user_agent"))
self.logger = logging.getLogger("{}.{}".format(__name__, id(self)))
self.logger.addHandler(logging.NullHandler())
if get_config_value_or_default(config, "log_requests"):
self.logger.setLevel(logging.DEBUG)
six.moves.http_client.HTTPConnection.debuglevel = 1
else:
six.moves.http_client.HTTPConnection.debuglevel = 0
def __init__(self, **kwargs):
super(UrlBasedCertificateRetriever, self).__init__()
if 'certificate_url' not in kwargs:
raise TypeError(
'certificate_url must be supplied as a keyword argument')
self.cert_url = kwargs['certificate_url']
self.private_key_url = kwargs.get('private_key_url')
self.passphrase = kwargs.get('passphrase')
self.retry_strategy = kwargs.get('retry_strategy')
if self.passphrase and isinstance(self.passphrase, six.text_type):
self.passphrase = self.passphrase.encode('ascii')
self._refresh_lock = threading.Lock()
self.requests_session = requests.Session()
self.refresh()
def __init__(self, **kwargs):
"""
A client which can be used to retrieve a token from Auth Service. It needs the following supplied to it:
- The endpoint for Auth Service
- Our tenancy OCID
- A session key supplier so that we can send its public key as part of the token request. The private key
in the session key supplier should be used to sign all requests made with the token
- The certificate (via leaf_certificate_retriever) which will be used to sign the requests to Auth Service.
Optionally, intermediate certificates (if present) can be supplied as part of the request to Auth Service.
The client has knowledge of its last requested token and can re-request the token if it is expired (otherwise
it will vend the last requested token if it is not expired).
:param str federation_endpoint:
The Auth Service endpoint from which to retrieve the token.
:param str tenancy_id:
The OCID of the tenancy whose resources will be interacted with by users of the token.
:param SessionKeySupplier session_key_supplier:
A SessionKeySupplier that can vend a public and private key. The public key will be sent as part of the token
request and the private key should be used to sign all requests made with the token vended by this client.
:param CertificateRetriever leaf_certificate_retriever:
The certificate which will be used to sign requests to Auth Service.
:param list[CertificateRetriever] intermediate_certificate_retrievers: (optional)
A list of retrievers which can be used to fetch intermediate certificates which can be sent as part of the Auth Service request. This is an optional parameter
:param cert_bundle_verify: (optional)
If we need a specific cert bundle in order to perform verification against the federation endpoint, this parameter is the path to that bundle. Alternatively,
False can be passed to disable verification.
:type cert_bundle_verify: str or Boolean
:param obj retry_strategy: (optional)
A retry strategy to apply to calls made by this client. This should be one of the strategies available in
the :py:mod:`~oci.retry` module. A convenience :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` is also available and
will be used if no explicit retry strategy is specified.
The specifics of the default retry strategy are described `here <https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
"""
kwarg_keys = kwargs.keys()
missing_keys = []
for required in self.REQUIRED_INIT_KWARGS:
if required not in kwarg_keys:
missing_keys.append(required)
elif not kwargs[required]:
missing_keys.append(required)
if missing_keys:
raise TypeError(
'The following required arguments were not provided: {}'.
format(', '.join(missing_keys)))
self.federation_endpoint = kwargs['federation_endpoint']
self.tenancy_id = kwargs['tenancy_id']
self.session_key_supplier = kwargs['session_key_supplier']
self.leaf_certificate_retriever = kwargs['leaf_certificate_retriever']
# The default (instance principal) purpose is None
self.purpose = None
if 'purpose' in kwargs and kwargs['purpose'] is not None:
self.purpose = kwargs['purpose']
if 'intermediate_certificate_retrievers' in kwargs and kwargs[
'intermediate_certificate_retrievers']:
self.intermediate_certificate_retrievers = kwargs[
'intermediate_certificate_retrievers']
else:
self.intermediate_certificate_retrievers = []
self.cert_bundle_verify = kwargs.get('cert_bundle_verify', None)
self._refresh_lock = threading.Lock()
retry_strategy = kwargs.get('retry_strategy', None)
if retry_strategy:
self.retry_strategy = retry_strategy
else:
self.retry_strategy = oci.retry.DEFAULT_RETRY_STRATEGY
self.requests_session = requests.Session()
