o ˷e -@sdZzddlmZWneyddlmZYnwddlZddlZddlZddlZddl m Z ddl m Z ddl m Z dZ Gdd d e jZdS) aPluggable Credentials. Pluggable Credentials are initialized using external_account arguments which are typically loaded from third-party executables. Unlike other credentials that can be initialized with a list of explicit arguments, secrets or credentials, external account clients use the environment and hints/guidelines provided by the external_account JSON file to retrieve credentials and exchange them for Google access tokens. Example credential_source for pluggable credential: { "executable": { "command": "/path/to/get/credentials.sh --arg1=value1 --arg2=value2", "timeout_millis": 5000, "output_file": "/path/to/generated/cached/credentials" } } )MappingN)_helpers) exceptions)external_accountcs\eZdZdZfddZeejddZ e fddZ e fdd Z d d Z ZS) Credentialsz6External account credentials sourced from executables.cstt|j|||||d|t|tsd|_td|d|_|js)td|jd|_|jd|_ |jd|_ |jsEtd |j sMd |_ dS|j d ksW|j d kr[td dS)aInstantiates an external account credentials object from a executables. Args: audience (str): The STS audience field. subject_token_type (str): The subject token type. token_url (str): The STS endpoint URL. credential_source (Mapping): The credential source dictionary used to provide instructions on how to retrieve external credential to be exchanged for Google access tokens. Example credential_source for pluggable credential: { "executable": { "command": "/path/to/get/credentials.sh --arg1=value1 --arg2=value2", "timeout_millis": 5000, "output_file": "/path/to/generated/cached/credentials" } } args (List): Optional positional arguments passed into the underlying :meth:`~external_account.Credentials.__init__` method. kwargs (Mapping): Optional keyword arguments passed into the underlying :meth:`~external_account.Credentials.__init__` method. Raises: google.auth.exceptions.RefreshError: If an error is encountered during access token retrieval logic. ValueError: For invalid parameters. .. note:: Typically one of the helper constructors :meth:`from_file` or :meth:`from_info` are used instead of calling the constructor directly. )audiencesubject_token_type token_urlcredential_sourceNz?Missing credential_source. The credential_source is not a dict. executablezs