ó FRTc@sœddlmZddlmZddlmZmZmZddlmZddl Z ddl Z ddl Z ddl Z iZ defd„ƒYZdS(i’’’’(tAWSQueryConnection(t RegionInfo(t CredentialstFederationTokent AssumedRole(tDecodeAuthorizationMessageNt STSConnectioncBsģeZdZdZdZdZddeddddddddddeeddd„Z d„Z ddd „Z dddd „Z deddd „Z ddd „Zdddddd „Zddd„Zdddd„Zd„ZRS(są AWS Security Token Service The AWS Security Token Service is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). This guide provides descriptions of the AWS Security Token Service API. For more detailed information about using this service, go to `Using Temporary Security Credentials`_. For information about setting up signatures and authorization through the API, go to `Signing AWS API Requests`_ in the AWS General Reference . For general information about the Query API, go to `Making Query Requests`_ in Using IAM . For information about using security tokens with other AWS products, go to `Using Temporary Security Credentials to Access AWS`_ in Using Temporary Security Credentials . If you're new to AWS and need additional technical information about a specific AWS product, you can find the product's technical documentation at `http://aws.amazon.com/documentation/`_. We will refer to Amazon Identity and Access Management using the abbreviated form IAM. All copyrights and legal protections still apply. s us-east-1ssts.amazonaws.coms 2011-06-15it/cCs›| s't||j|jdtƒ} n| |_||_tjƒ|_t t|ƒj |||||||||jj | | | d|d|d|ƒ dS(Ntconnection_clstvalidate_certstsecurity_tokent profile_name( RtDefaultRegionNametDefaultRegionEndpointRtregiontanont threadingt Semaphoret_mutextsupert__init__tendpoint(tselftaws_access_key_idtaws_secret_access_keyt is_securetporttproxyt proxy_portt proxy_usert proxy_passtdebugthttps_connection_factoryRtpatht converterR RR R ((s@/opt/freeware/lib/python2.7/site-packages/boto/sts/connection.pyRDs         cCs|jrdgSdgSdS(Ns pure-queryshmac-v4(R(R((s@/opt/freeware/lib/python2.7/site-packages/boto/sts/connection.pyt_required_auth_capability[s i<c Csˆtj|dƒ}|r„tjjƒ}tjj|jƒ}||}|tj d|ƒkr„d|}tj j |ƒd}q„n|S(Ntsecondss"Cached session token %s is expired( t_session_token_cachetgettNonetdatetimetutcnowtbototutilstparse_tst expirationt timedeltatlogR( Rt token_keytdurationtwindow_secondsttokentnowtexpirestdeltatmsg((s@/opt/freeware/lib/python2.7/site-packages/boto/sts/connection.pyt_check_token_cacheas   cCsXi}|r||d(R?R(RRDR1tpolicyRB((s@/opt/freeware/lib/python2.7/site-packages/boto/sts/connection.pytget_federation_token©s?    c CsŖi|d6|d6}|d k r-||dN(R'R?R( Rtrole_arntrole_session_nameRNtduration_secondst external_idR@RARB((s@/opt/freeware/lib/python2.7/site-packages/boto/sts/connection.pyt assume_rolešsp           cCsfi|d6|d6|d6}|d k r4||dN(R'R?R(RRTt principal_arntsaml_assertionRNRVRB((s@/opt/freeware/lib/python2.7/site-packages/boto/sts/connection.pytassume_role_with_samlpsa     cCsi|d6|d6|d6}|d k r4||dN(R'R?R(RRTRUtweb_identity_tokent provider_idRNRVRB((s@/opt/freeware/lib/python2.7/site-packages/boto/sts/connection.pytassume_role_with_web_identityŻsX       cCs&i|d6}|jd|tddƒS(s Decodes additional information about the authorization status of a request from an encoded message returned in response to an AWS request. For example, if a user is not authorized to perform an action that he or she has requested, the request returns a `Client.UnauthorizedOperation` response (an HTTP 403 response). Some AWS actions additionally return an encoded message that can provide details about this authorization failure. Only certain AWS actions return an encoded authorization message. The documentation for an individual action indicates whether that action returns an encoded message in addition to returning an HTTP code. The message is encoded because the details of the authorization status can constitute privileged information that the user who requested the action should not see. To decode an authorization status message, a user must be granted permissions via an IAM policy to request the `DecodeAuthorizationMessage` ( `sts:DecodeAuthorizationMessage`) action. The decoded message includes the following type of information: + Whether the request was denied due to an explicit deny or due to the absence of an explicit allow. For more information, see `Determining Whether a Request is Allowed or Denied`_ in Using IAM . + The principal who made the request. + The requested action. + The requested resource. + The values of condition keys in the context of the user's request. :type encoded_message: string :param encoded_message: The encoded message that was returned with the response. tEncodedMessageRR=R>(R?R(Rtencoded_messageRB((s@/opt/freeware/lib/python2.7/site-packages/boto/sts/connection.pytdecode_authorization_messageGs+ N(t__name__t __module__t__doc__R R t APIVersionR'tTruetFalseRR#R8RCRJRORXR^RdRg(((s@/opt/freeware/lib/python2.7/site-packages/boto/sts/connection.pyR$s2       /G ~mh(tboto.connectionRtboto.regioninfoRtboto.sts.credentialsRRRRR*t boto.utilsR(RR%R(((s@/opt/freeware/lib/python2.7/site-packages/boto/sts/connection.pyts