o :F¶d¸6ã@s|ddlmZddlmZddlmZddlmZmZmZddlm Z ddl Z ddl Z ddl Z ddl mmZddlZddlmZddlZddlZddlZddlZddlmZddlmZmZmZdd lmZmZd Zd Z d Z!ej"j#d dj$edde j%ddde j%dddej&e j'ej(dd„ƒƒƒƒƒƒZ)d%dd„Z*d&dd„Z+Gdd„deƒZ,Gdd „d eƒZ-Gd!d"„d"e.ƒZ/d#d$„Z0dS)'é)Úprint_function)Ú cli_setup)Úcli_util)ÚDEFAULT_KEY_NAMEÚPUBLIC_KEY_FILENAME_SUFFIXÚPRIVATE_KEY_FILENAME_SUFFIX)Úprompt_for_passphraseN)Úidentity)ÚurlparseÚparse_qsÚ urlencode)ÚBaseHTTPRequestHandlerÚ HTTPServeriõzBootstrap process canceled.z2https://login.{region}.{realm}/v1/oauth2/authorizeÚ bootstrapa/ Provides an interactive process to create a CLI config file using username / password based login through a browser. Also handles generating API keys and uploading them to your Oracle Cloud Infrastructure account. Note that port {port} must be available in order for this command to complete properly.©Úport)Úhelpz--profile-namez$Name of the profile you are creatingz--config-locationz&Path to the config for the new profilec Cs|jdr |jdnd}t|d}|j}|j}|j}|j}|j} |j} |j} t j j   ||¡} t jd|i| d} |  | ¡}|jD] }|jrI|j}nq?t jd|i| d} t j ¡}tj|d d¡|_z|  | |¡}Wnrt jjyÜ}zd|jdkrÐ|jdkrÐ|  | ¡}t  d ¡t  d ¡d }|jD]}t  d j!||j|j"d t#j$¡|d 7}q’tj%ddd}|s»t  t&¡t# 'd¡|  (| |¡t  d !|¡¡|  | |¡n|‚WYd}~nd}~wwt  d !| ¡¡|rít)j* +|¡nd}t,|||ddd\}}t  d !|¡¡t  dj!||d¡dS)NÚregionÚ)r)Úsigner)Ú public_keyúUTF-8i™ZApiKeyLimitExceededz4ApiKey limit has been reached for this user account.z>The following API keys are currently enabled for this account:ézH Key [{index}]: Fingerprint: {fingerprint}, Time Created: {time_created})ÚindexÚ fingerprintÚ time_createdz|Enter the fingerprint of the API key to delete to make space for the new key (leave empty to skip deletion and exit command)T)ÚtextZconfirmation_promptrz$Deleted Api key with fingerprint: {}z)Uploaded new API key with fingerprint: {}F)Ú profile_nameÚconfigÚ persist_tokenrzConfig written to: {}zœ Try out your newly registered credentials with the following example command: oci iam region list --config-file {config_file} --profile {profile} )Ú config_fileZprofile)-ÚobjÚcreate_user_sessionrÚ private_keyrÚtokenÚ tenancy_ocidÚ user_ocidrÚociZauthZsignersZSecurityTokenSignerr ZIdentityClientZlist_region_subscriptionsÚdataZis_home_regionZ region_nameZmodelsZCreateApiKeyDetailsrZ serialize_keyÚdecodeÚkeyZupload_api_keyÚ exceptionsZ ServiceErrorÚstatusÚcodeZ list_api_keysÚclickÚechoÚformatrÚsysÚstderrÚpromptÚ"BOOTSTRAP_PROCESS_CANCELED_MESSAGEÚexitZdelete_api_keyÚosÚpathÚ expanduserÚpersist_user_session)ÚctxrÚconfig_locationZ region_paramÚ user_sessionrr#rr$r%r&rrZclientÚresultÚrZ home_regionZcreate_api_key_detailsÚeÚcountZdelete_thumbprintZ config_loc©rAú?usr/lib/python3.10/site-packages/oci_cli/cli_setup_bootstrap.pyÚbootstrap_oci_cli sn   þ     ýü     þ€ê ürCrc Cs |dkrt ¡}z dtf}t|tƒ}Wn"ty5}z|jtjkr/t  dj td¡t   d¡|‚d}~wwt  ¡}| ¡}t |¡}t  |¡}|} |  d¡} t | ¡ d¡} | } dddt ¡d | d   t¡d œ} |rn|| d <|tjvrxtj|}t |¡r‹tj |tjtj|d }nt  d  |tj¡¡t   d¡t| ƒ}dj ||d}z%t  !|¡r½t  d¡t  d¡t  d|¡n t  d¡t  d|¡Wn#t j"yí}zt  dj t#|ƒd¡t   d¡WYd}~nd}~ww| $¡}t  d¡t%j|dd}|d}|d }t&|||||||ƒS)NrzKCould not complete bootstrap process because port {port} is already in use.rrrZloginZ iaas_consoleztoken id_tokenZopenidzhttp://localhost:{})ÚactionZ client_idZ response_typeZnonceÚscoperZ redirect_uriZtenant)rÚrealmz6Error: {} is not a valid region. Valid regions are {}z!{console_auth_url}?{query_string})Zconsole_auth_urlÚ query_stringz; Please switch to newly opened browser window to log in!zL You can also open the following URL in a web browser window to continue:z%sz? Open the following URL in a web browser window to continue:zeCould not launch web browser to complete login process, exiting bootstrap command. Error: {exc_info}.)Úexc_infoz- Completed browser authentication process!F)ZverifyÚsub)'rZprompt_for_regionÚBOOTSTRAP_SERVICE_PORTÚStoppableHttpServerÚStoppableHttpRequestHandlerÚOSErrorÚerrnoZ EADDRINUSEr.r/r0r1r5rZ generate_keyrZpublic_key_to_fingerprintZto_jwkÚencodeÚbase64Úurlsafe_b64encoder)ÚuuidZuuid4ÚregionsZREGIONS_SHORT_NAMESZ is_regionÚCONSOLE_AUTH_URL_FORMATZREALMSZ REGION_REALMSZREGIONSr Ú webbrowserZopen_newÚErrorÚstrÚ serve_foreverÚjwtÚ UserSession)rZ tenancy_nameZserver_addressZhttpdr?r#rrr*Z jwk_contentZbytes_jwk_contentZb64_jwk_contentZpublic_key_jwkÚqueryZ console_urlrGÚurlr$Z token_datar&r%rArArBr"qs„ ÿ €ø    ù    ÿ þ    €ÿ€ü r"Fc Cs¾|st ¡\}}|r |}ntj}|st t¡t d¡tj   tj   tj |¡¡} tj   | ¡s3t | ¡tj   | tt¡} |sGtj   | tt¡} t | |jdd¡sZt t¡t d¡d} |sb|re|retƒ} |s{t | |j| dd¡s{t t¡t d¡|r¤tj   | d¡} t| dƒ}| |j¡Wdƒn1sšwYt | ¡t ||¡d}|r±|j}|r¾| r¾tjddds¾d} tj|||j |sÌtj   | ¡nd|j!|j"| ||r×| ndd ||fS) NrTr$Úwz‹Do you want to write your passphrase to the config file? (If not, you will need to enter it when prompted each time you run an oci command)F)ÚdefaultZUpdate_private_key_path) ÚfilenameZuser_idrZkey_fileZtenancyrZ pass_phraserÚsecurity_token_file)#rZprompt_session_for_profileZDEFAULT_CONFIG_LOCATIONr.r/r4r1r5r6r7ÚabspathÚjoinZDEFAULT_TOKEN_DIRECTORYÚexistsrZcreate_directoryrrrZwrite_public_key_to_filerrZwrite_private_key_to_filer#ÚopenÚwriter$Z"apply_user_only_access_permissionsZremove_profile_from_configr&ZconfirmZ write_configrr%r)r<rrZuse_passphraserrZ session_authZpersist_only_public_keyr;Zsession_auth_locationZpublic_key_file_pathZprivate_key_file_pathZkey_passphraseZtoken_locationr`ZuserIdrArArBr9És`           ÿ   ÷ r9c@s eZdZdZdd„Zdd„ZdS)rLz5http request handler with abilitiy to stop the servercGsdS©NrA)Úselfr0ÚargsrArArBÚ log_messagesz'StoppableHttpRequestHandler.log_messagecCs–| d¡| ¡|jdkr-d}z |j |¡WdSty,|j t|dƒ¡YdSwtt|jƒj ƒ}d|vrI|dd}||j _ d|j _ dSdS) z1send 200 OK response, and set server.stop to TrueéÈú/a  rÚsecurity_tokenrTN) Z send_responseZ end_headersr7ZwfilereÚ TypeErrorÚbytesr r r[ÚserverÚ ret_valueÚstop)rgZ javascriptZquery_componentsrlrArArBÚdo_GETs   ÿ  ýz"StoppableHttpRequestHandler.do_GETN)Ú__name__Ú __module__Ú __qualname__Ú__doc__rirrrArArArBrL s rLc@seZdZdZdd„ZdS)rKz)http server that reacts to self.stop flagcCs.d|_d|_|js| ¡|jr | ¡|jS)z+Handle one request at a time until stopped.FN)rqrpZhandle_requestZ server_close)rgrArArBrX=sÿz!StoppableHttpServer.serve_foreverN)rsrtrurvrXrArArArBrK:s rKc@seZdZdd„ZdS)rZcCs.||_||_||_||_||_||_||_dSrf)r&r%rr$rr#r)rgr&r%rr$rr#rrArArBÚ__init__Ls zUserSession.__init__N)rsrtrurwrArArArBrZKs rZcCs<tj |¡}tj |¡rt d¡‚tj |¡rt d¡‚|S)Nz6Token file location must be a filename not a directoryz(Token file location cannot already exist)r6r7r8Úisdirr.Z BadParameterrc)r_Zfilename_expandedrArArBÚprocess_security_tokennameVs     ry)rN)NNFFFFF)1Ú __future__rÚoci_clirrZoci_cli.cli_setuprrrrrPr.rNZoci._vendor.jwtÚ_vendorrYr'Z oci.regionsrSr6r1rRrUr Ú urllib.parser r r Z http.serverr rrJr4rTZ setup_groupÚcommandr0ÚoptionÚ help_optionZ pass_contextZwrap_exceptionsrCr"r9rLrKÚobjectrZryrArArArBÚsH       ü   G XB/