From e7281767a8c2b85c8fedde8d751f14ba0fa0039c Mon Sep 17 00:00:00 2001 From: Carl Lundin <108372512+clundin25@users.noreply.github.com> Date: Fri, 2 Dec 2022 23:34:00 +0000 Subject: [PATCH 01/12] chore: Add requests as an extra dependency. (#1137) This allows users of pip to specify a dependency on requests during the pip install process, e.g. `pip install google-auth[requests]`. This resolves https://github.com/googleapis/google-auth-library-python/issues/1069. --- setup.py | 1 + system_tests/secrets.tar.enc | Bin 10324 -> 10323 bytes 2 files changed, 1 insertion(+) diff --git a/setup.py b/setup.py index 79d31b87c..c89b05d1d 100644 --- a/setup.py +++ b/setup.py @@ -37,6 +37,7 @@ "requests >= 2.20.0, < 3.0.0dev", ], "pyopenssl": ["pyopenssl>=20.0.0", "cryptography>=38.0.3"], + "requests": "requests >= 2.20.0, < 3.0.0dev", "reauth": "pyu2f>=0.1.5", # Enterprise cert only works for OpenSSL 1.1.1. Newer versions of these # dependencies are built with OpenSSL 3.0 so we need to fix the version. diff --git a/system_tests/secrets.tar.enc b/system_tests/secrets.tar.enc index 6ad7ea0142eec8f6617e688fd13a1dd0ccf961c0..00a0898dac293b0195d0d66d7cc326193f2b7b24 100644 GIT binary patch literal 10323 zcmV-ZD6H2CB>?tKRTHkeB?)PGrI?efu&Is#(#E8h7ZEY2P38nnDHM}L=Fk$UPyni{ zhrE#_>bam+dxp=;$G$Mo>MNpwB75UE?pL5@j@Gd*eTro$teh5@+NjlEDp%0 zL(JeSdoPW3C##iqZ96GgSyWBRk^G@7_icvxTGDg57aI>22V;FiVygdV*)oNyar4gj zH_VuvK?x5P*3f-|vo`1h?TniL5Bnbv=pO=h@jzcaJ_CwH^RAK7U$sZdJ&_-lD(WE% z<+^8-5r(rO8ka>a!4v;&Ija3`%Bhv6fH#-trNhVFYoHW0`={%QOUlJd{7sxb!m_j0 zq2Aesc!B9~J9FkpIwt|#aDw-Bw3xAw-@Js;_D+UwMX%!rRS4BTt!UwBJBNROIAhPT zGv4q*TJG;LerH2RCoCO=0l-vBlYNGpw8WpsERESz>d>C3eUEgC z@0m!ultItQ!Z;Xyg|S3(L*mWvW=0|qPcMz#LVvWzlGc zc5cXju2-n&9Uc_GM8&?&r%{7|`n;bdzu0aqt&BFhLa{5UzEm25PeJZA!t7eMX8D0p zZnKYLxY$~0Rw|=VU!B~%|6j+EB){1cL!M}j*ca(9?Wa?Mw>10ij>cC$n0U0ry~nYt zlGtVspW>JiJN%qeR3<@Lyf+v6*C4y7PmZ1)*ta;DSk{BJ6Z4C=Jur@(8IKpKHyUDP|jL{Ep`zg;e2@c6=LqL z;jrvAMAnAp7+Xz+FHL7mkLp)VXP)|?yUY`81H|~sM=J$Y(4H#E6u^qY|G^#uL0(^7 zmFuq<7sXaX1CRsK@&_5msY!?fi#Kv*Uq+afe8tel{^e?|XxWekAV)oqZbb~VMr^LH zSnfa@ObCIa_x2ZT?tcvCZke$=J02t;iP zvgkCzX=nws*iy9G!VkcQah`!T%a`eUqtYRUhZj(f>613q3eO)AYi(0uIPJVJ@*c>G zk4>Ha(c)&Mi2w)c@jk)hV#! zU`lk<)wL-F&$~pguQ0m;u!M&!h!$w{v&rBMfNt<$%|zM0-T{gMxe#o67x1@8 zm|Pf%a8n^6VYXpLO$_HUp{*+qyltbqdT(;_T0^stM<3CEu7PyMP#>+*yu9cb6{x&M z2i=-kJv*YAj*-?lAQF)b!Km%au^*h>Fo5%iky9Z^AiVB*;GMi7VhMGTE)i`$xd-+a z4BbUH6CBcB1?#k$NX}l$S?3v=}y)SLcr_$VyiIq#zjC?To-s1MGYt6>VFhVao_y4QQv%Grm%*a zroIF2+>xN_Y_1I`n~EK2(@kX*A)u?Cu6{X({sMfG@^wh)lfdBL|AqfA4e61%^A@)C zb8Aquo?{xDFONBA0dTkVUCOl)(}dxU^W;nCD}|);TuOxaMs4rPA*3B@f^B}J{*{b^JN@XuS3wUljs5mM2lzKo3-4JB!tc$Zk1AvhaVY=iS z7=J{=bAI^MBUd2>v9{N4!1D7cG>q-`sVVoreyQ4il7&I^f>A`WBjOcD34>_0g2T2- zvXv$CbR%#KiRtHC%E$$_=Q<5lHcAqUeNZoQ3!^B8K;E9F<(ocYzA&mLuPGAnb`JN<6s%5>}!Ix_9I&R@K#up;U zN0r{XnD>q{?E|yXkQ}X}^WcGY)Xe@WQYOvRGJJxrI5g69UBTBFgcN8T@F@ znCa*`ZdHqm!UI3bn=E(MY8)H%c(ZaX@k!!0fhrUtg~l1;0SrB^&~Rw+b~3(K-L5mD zlrt1v@Cj|cn}Vnzc!LKmb*!ua61=GJ!8R&cP}91OeVJ>=tFKt~LZP#&HFrT6jpL#$Qx_y0uQ7ADNX-#i32^^2tv6NVPGw4m1LKn1-AY7 zw>A-9=Ms)w>+h%wVNcl`5UYrT0`^@yuL!>D-h6h7L2~7*z~n~wXzJPf8`aOEt zh&Cwq;f@~Hg9ot@<6-8caI!B?^x75;K>9=@PN_*XX){N&1^=)66rJ?m#z@9Uo_f{6 z@qxY5jFeN18BMhFQv1JM8;H3NzJv>Ht zs3LiAgq1VS$1kI=G~&6`j;>38i*+;QtAk=_^Z#I{#_R_zU}LPUy8v-=FA-eFuP)|R zc-A?K5`mau5AX@j#lEvBDZ55Dpv!|Bq4pNYwEV18R3kdtQu>~aRT0VC5L2-5!+pF<6w;~@mch_ER$82p=Gra_A!y^0erX6 z{bt?Mke(-Px6Z6ym9FI|x75j_c)y_Vxu2p;z^ci9qeliJ@6FGPD8q8@d|N4kBdtB{ z-6*AdAm%kw@YKuz8bHYBQgFeJ2NnLS*{h?gLy`B`;8UB4jA^9%z)-Ya3($iZW%Hg9 zL?316&<2LvqY1bQ-{gqa*_zw_iRMh6Q<=*Y?;1?k2Q0(uj#Ur3if zOzz@TJP*ruNFH(op#wSuZ#z?P(A;IgR-T`y!j>mvI)N0265nnMdTJkX@@CHKKP)!~ zGeqP{$2qYk{fWC6>!Pf8n!!)vL;l{|#TX-}71#g_bI(zZZ@44tfVg~-wOY(!XZK!f z94on>QQz4dj|w9*4ka-DeIdF~S5KzOji8{j?34)K9Z`}(3R*t!Iqi3m4G*Cxsqy$} zW?+50-x)q2zsNP7^iH5}?yz&3D<5vLe;cNi{K`v4FUG%jX`^X8B$h6u?{J&CXXx>G z|I@2odTh&{)9AD9<5^kLNPt5w`Pp#&Z!vA+oO0L(Fxf=x0~ie?98_M+Ooys9Cg911 z4VD0Z!0g{Y_U@gJb};%bnlsGV%(5-5K`AOt%ayhGxvw_9KgVRY{WDlEvwdxtx)WUWE7ZR*%fP46GKPJM};R&Hx#Rr)yrO(%tJbjCVe>PBC@;`tuCWjjvH=}#r0*YjI(j+ zUjx#MK!KqR4HNkrm4@&V74Rg4m_h{%ou*OEuV(T*h_LHk<8J+QSO6fc4jakU>*p`J zB#}zOC-*#2cxn|HIJgle7uI1wix|U1s^2Mn zR7Y%1`tTT(H-AeMb4MVrLcE==VIVS`XZo-}4xZt(k2n<^!@^hn83k^0Z zFNdwI*1DGlLHZolED#%-UDJ0?m6blE-L7cruo=>F0AAfJb{;`X=x9wr;VL>;uR^-7 z(MXoJ-v_v^Ol4S((qK=#B;XLkMC?GAKuC)@0aX~!!`LV6T?%u-$`L1bL8hRrHuH8U zyY)Gjrn@0cb-Tm|JkbJy`#*3yQZ0;P%`bqi*_x9h4F;?O5UiyOW$Rrh9j`lEXb6f% zPwmPx{C>{` zy2DL*M6%ejWX7nW$Xv6nTR61gZDgACT#c84eZ5f|wL0x8tFwmI#0s$HuNw!*O-YVW535SXhr}py~-3k@Pz8XXWjH@6t4SsHKdO0x=OP z@L@!qh`>-fv^%iYi$>jKw2Elph&1SHEREo|?zui1w}lgUb_o=|&>T)<9F$z2RIZ|T z@o{G&!QO(Pn60CS_sWl??Ub9sHao0xP)+_n_|q1xY%2)Pxw)&9!+)&3SdY8MV_letiKE=uxmo3CZgdzT00dg z3#fiV*c^%kBifWWX*Nn>Sz7yMw0Y~cdRZ-YfZ_@IEg!2=g;(Ekj-MD6La~qG%sS#d zf;Wk}#o5$rGc&$qhutc)ewvbtFC3&&l&sB$klJN zV00g#Ce{zeVYGCOdLnyK|8OlBc?PYB1}*X7@kW|hx5)Srwv^?#{M9gnTT16xpes;X z2xtKMQWnnXLMK5v5Y`aN z@oU*c_r)dhWVhZ`%4Do;OqCrIt^pd1-<6%c-LPkEt7$HM6tlf zd_$!#TvUD^h^;XBF{?))aA?M+5@**S{M2$T3PRZTO=$IUXmRI*28bCL?j)@w`6igt zEPd`img1($-a=Ne^#~|pf0F&*_fGDp>QEjaW-_VLyw}uc_r$K^dSRxCnSivr?6`0I zawC%*{;r7UQ)lh3d>#Au<~^hipb%H0l$ZmlW6 z)f~+dhjT+*XZd@WvGnU3OkwkfS^Y@px9fjC$EI^FN;1GUoF(z9tAX498~!hJOfvRW z&&_?%L%$hqX%QN@fq;?F1qKDGk|1ogrJ)e8E3`Cf$h>yurbyDoiwbx3X1^77@(eLKGM&{`UiH@FlyUB;)k{rrCSqh91C4O2M=n<>rCjExvw~ zN*~>jvp&wSC|d6M3TQItiCepK7{w||?g>~qWWLB;Z#nbJ$ZH^|Muqd!mV?u*M84m7 zj;Lut$n&;LwAGxF%M2nYK2-uwt_-Cvfg9bjw^w19t9B3`3lMm>ljj%w4AU2FqIRXG zeCzj+^V%=G1!aV0TVXP6<$4YE$askipxsh69tZ!j2xiYikqtA>iOR1xn$8?80;9N_ zKCvAs1zBjy%?cCoG*DLqWv6+(dYk(h9a$-lG0)k+>(?0T3^=Z2a;kxH=LDWR@? zmHG0*d13DU$52z%xCB%3P1V6P4?+MM|GU8$0DR=qQ77EgPHB=uRj%eQ24EGxt>n=+ zDGo!IAX9s}1d+cPiKnt)CPouvh?S(FR6XJ5&i+9hz~v-&7Ay;Xb*wByA>hw50QtW= zF#<_njC>zJPo{CVf?e=rENqR5>Ipy$#`IV;0 zbkz$%?RZp})eR$I7)zzuetNjQKM~VBSE2`8J0Nx?-F_<^!M=uzu^!9!BlqTqB>i6h z4B4D~sD3-D{!^{>QI$V(qo83B zw>T-)s=OIvto$!=X8b@#$MMeFq6D@KlS9(NSS_da4xuxZ^ipFsP4d$7w7;L@wxDK~ z`bW{*TBVV%dla|$I8izWgbnnq0Z>E?msp7+9Jo`j>x#IRsWx~0ZT|cW6jKl;&N!+G zG)o>j4Lbg*uzp?zR6})3MRhn=%X35?yJ-xEg;tl*aTPLJAKsr^>u7$1VQU}p%fPj= zVH_@B@*23$30u}Ha`r0wIL{Y~nRFY9HDdUk1wyy0hIuE+?g@pah}QzaI6bTDjB1RIq^>RWxeLFPCc($oQhG15q~q$2!M-o( zY>p9hsF#aYH_?!+dTS}U=oj20{Pq*o#WK<>C776^IQ#i6V0vZ#0F{xg#`T|JUGwgy zO{b5xbuWV7)X+MgU^uXA5d39#j%q8lXbs_d=i}E4>^yGh;d~($!3k`5Bb4Tw$h9Ue zgHVsh5n|1pHIf&McH@MPQdLp}O&v;&s{-gV=Kc|nQ891N@Q?J|SE zO%uN*Uh!_`Y#^W^eBg{7r+#(26E9(IRUk447FW};Pcw(_xtpZyx_Lk|@tX``GF)Xo zc+Z>W&0;K(MUMp+95;uHzyYtsrggH9H>-2RFc7w$_wkJi)^@m4%x%_bpL2f1vkCV?|UX zMlbas8UFL2*6p}5bNf*r!28U&@{2HGYL~$L~9t= z)F0X)85M14BLN9*-UGY|8r___xuYdUTF&ab-lSC*S+er5*bGyXgz=Z$k8wVPj!vk?~S;tkqc=I+3FJ z;`P-R8*t5-yv4$hb8@mkX5x&|>ahEn~tGTb+t?K~1)`AeI!(avrgy&c zlLb`p3Icij!GQ_n+DZ5}?HEN=F&w?*<^?gdA{-R8DWoZ@Y;^pQSU_%f#r67yq^S`} z?44=kk3I{oMiXx(%)7Sv{pR{@L?sZ==C=q6vJ_ok=BlJY-eF8B7VkR$B9u?ogA2bvvN3{T^iS!q&cv$iCUCef9eOJ z9=?V%r;Cpy*}Rq3^tNJVFi>DPVujg^)Z;do96RfmClz?dhfV&sGF*S|6-(&3CgL_3 z-Z--`QDRvWqV=^Aq#NtfRd5L&+!+#M6tG# zX*L`{H`Pl%8}T%Q6nqQ)dmkM}!{*H#gpWCz%w0i^`dhKcC715ITPzrGiGN~c&+YcJ zzE#HuXe(+gj=(`ET(~?;HZF={tR^1If8>48IJW~;)4U*@*s!JZ{Q~er^YU7zHvuDQ zG5_AtZQlg;l3`5uwX@6r+S>9zQLgBWx%g4Bn>(cLTch+O6A0$AY4ZE=vMJ+_=4xs@Ph320O27l4`cK7_ zF7c$ai`|ldSK^>5Welzp@xMvVk?PvcGJt%9I#)1re;75)U^4ojA#vq_GJPM{oabxX z*=_Ba`2n!}KwrPbwr{r#GallR8o45B*8ox77OoO2G;~HLa^n-~RGfk3vuO4ycU55x zBA0hYbF6jh^*$)(&~%1n&T|-qu7r*1n2Jm1k$2G@~NoB5y+& zs7RzeF65G37%CYp&ABY2(9+E!QMP8)v026dTi3u{v*M0nB_?A56F9{^wfQgrd0!8< zNIPxXTXG*n*%qWQ`hzSw;C?^|n|7wbo&NMCB5zgwqOeaP4F~>;Mqwt<-xW5h6Vu7h zMRiZ-Br($Vg9X1ADHfyE+S+FNy`%^0B^DP-1>9C>zjeGW5mo=HbL`D@Ai8)lPjL{o zyNktbB)anY^uDC1q$V5;q}xzh&^Lg;2MC2nVw(#i-MGIZL0mIoaM7U zjgrt}+9-rHs51D-&og>{1MsjS_m1u$Y)lqmI1CH=X$rM9q8_4zHwZa{`qG;5C4j7lA^K zSxXj)tSprq+{|8z@vzC99pKi*~xxp7~_}~$rDHE)4kIJ z+mSD7*ax{IcCfRy-DhnB%godetQD(NBVObj>fZ(~^H)*>?Y1&TR!xs*RhY2gA#0{X z<{^9Y+2r8GuU<#ZNAd&i3DAF*Io;WlMZmG6PNcQgMX-N;0NvcWCu`&HagF5egh@Xo`-1T7OuUtywS)B)nIEqv2@> zL1LS+BY*`n75ESDxuk8BFlH$(L!2rL6_v-Y(I_)D;u(E`;{x@56LsV98uA7NDn%~* zFvWbS(Yza|C`hbn^5|fl2Yd3P0W-8*6C6y_2$miLmPEuU`A=Qwu=4)@o~E(pIaSg_ zg5NET@qK|8QKcA|8TWo=4kw%MY>w&qAd7< z4)^V5h&K}j^>UHX=Y;TYvS|o+0DEGO(?|&rB=&YA%dRQQDg@w@6z3K*H{pm48 zFj?WXO$?im;?8kmnI>G8(YQ1x_P;Oq?2B)ws*^Sc?EFB0S+bH!jx6Y426M*hKMN4X zsu4-n|J&sP4pqSqPhxe`u3YhAsgQiA%GFPK^ZB{P^MaRxv``z?{3n~{6O^|TV;sd+ zdl=Ban*|MZq}dP0x?d3 zG-N*f`3$oWTiaMQn5DewgYTq4Wh567{>_*d5UQa9n|TIwW8$9>+0!cLXOjz|@}Aax zcfqfaa%a~ybfghHz96a(W&f3zcZnwma6++(B0tOegB`Q613@sts2_Qa7!1;qZtl&b!b)o4>Rm8+Jp}K7$oN+r=)etV$YJNSCvxPkd z7C@-}OKc`~>R9s8``P$Mlk+Q^xXOvA45?`%5v@Roi2qqb#@!G%Ecb-`ND@JA)FJw~ zt`PC2#abbSE1dY8!%W+2H|QI%T8{dg@wPk;|E+YM*QZFQpy?_;R&2Gk5^PzgjV)^l zq_~<-wmudInWR$7N04S(Hv4~+wo-0-bT?a9ALRdVc8-5!<((01oHU}ylPI4N$|PN; z9RE^X{(8@tasj!YDc79QnT3+{R}e}-$LQFOO#fNCFXp{P`5 z5&TK4mUnP!jIa?LqHaObf1VOs#he{b1HK_W#&6|zJuSa-O*@I7PkEVCUd-zsu&j3@ z{m9%ZuJKGdU5TV=ynIOU3@vZUBu&P_&xTLN+Q99$lLsr?Q(y4jGvt|oElF_Ku6%Dw zU}gq~VMZ-1w7+VkNy$~#Vqt1TZFi}_BVJYKL@+~BwvnId>JaW_5wV6UEteGopwF>q;hy^Ej54@M&?_hjojs#fC<-xJ*Z3V$W-k` z9uQdFtRPhVb`+=_mips52{5tgHXLS5G*3jG;ErIl=vOlP{Mb~C7TN=S(2^_c`i;8yU6U`8t|&F+dCSFu&n*B(`?d?GMw6om-i2xoDA%4i_O78t$)6VdF)ns!R~^=nk#bUx{3_$bUcf>v!TIZGhu4^HshL#orkR+D8ntA~ z1W}Jp;IgBbai+g-4?~iyL3%rCG;<9Z!@>@=)a~MLw91lGsPSK8b8(!VONO z@+Ty3XI6&e&+Ye5|Da7@@UEesSG)~>jYAnft)+0xug`Xamg+jALota)5w=LThgM;( zGV^^N?(Hu0WGHbW`>R*1JY_~EIIW&tV=B1RGH_bA(fhcr1C5Kyr8y~bZM~-9tCH8h z02Q~$r#cHd^0*d)cwaWRAC8ID)7a6N@#<80a8AZrYf1MwAtm_zW)7@9xJ#}r0ov*Wq}d(xRPVUi)$Mq_&=Y`)Xk=(GnC!Qf^@D zjI*fsOvQ9Y?!n-09C~-wbD`{nHHjqmKT&pHZw~!S{Jd;#y*S;_^t?JaiX}smC}?B- z_uj0}-H%838y1|=`&8_UpWr{6LQEE-Bf*tbBya5r4ZM$U@4MK&o7gmu&Mk7tN)>7D l9&*#Z>j!?j&#OpgkpSFb4<&aJOvi`rcW?EcGry6pg#44u6374m literal 10324 zcmV-aD67{BB>?tKRTJDG@be}ZpimrWfY6j$+SA96_}q~BN(qjb86rib5>OJVPyni{ zhrBjh|9snjQG|QEYy&h${Df|L2@6abS$Y_L^9ONUO*IqdhfN5Wp?s3+(71a|Ww#plyzH&`vpu|=m$bLMU z&^G)REEzMu8PQBBSVo&ve!g>Xy9#43id;%DDkcZC?csMy*FbatdN*EnpWK!=3kWHN zp%73BrIEQ;1vfxZOmk`g3EwY#%B*hL_W*sK@OiHPj|?5c!ecXi!rBWLYm-^_&*&$x zvbCC8bajI}A0gcGOiF2d+PzxjC^b}rbai^{J^l6)-esWs9iC0)il7cA7r^ zOZfU(Q|c$D5-kr%%HY;*dx&59>)DAVT0dd&l7D$`1~{$f=ibePX;zk2d7~fSe7;dC z)(h=%=vf11?dV21YoJ;EkUc3=Lzc?h>!wiVK}V$y{|9@>wb&w|S4>j_ZHBb}s)YY^ zd4F{UxW7+<;e4bp!JGJmQ@e{7vj~B-T)>oTZj^Cppch?4ky<_%ef3>^Mzx&A?$K04 zilsT)Q|@Gqfm-^-BAslHP=1b9MI7Imm)el98dc2Oz1e2!xVzJYJ-`uz(y#_r0t@d8Ve?&j z^EymNr9bWEPQ7~DvGyTGn{9|a!)J5RKXD0=xYsBqaob5DYlldNiXpw^msQGB4+fWz z!e+u?jeqWMPWrnCdutHA;ijDJbLO5e6x-L=-f*CDuZKC}&if3f;~BsFpyV0add8N2 zswINip#9+2kmS4LDgS*~+p>4&ExlQ2k6cy?y`Ek``&*-?i)f2u8Pr_4+jEyNa&u=9nyjNW7a7d5R*Qeep>ZVepDUzvaH3rsR{mFuUbFOLO*gdh+)F!pKH2f-Q}oL49;Fx>XB96sWBwveYHen)&7O1ko~>OQ~-*ZbV!i3suHI zBA>b0El}H&O%yhgIl3T{p}xHqHZlmqiqCdo-(E6pJpKZM)^YsTR2MJ&2~7esEnaB; zLJXNf6{_?p7ZYRPYD0NoXtP3*L?NkY@W-D17fnMJV+T1U=|VuM3-wTV5JM&eRswNy zWbZHI{Jb20QlwiCgVLAXK2s2~uO!IoG429*HyeK$ea{<+w&r*)po%G<5EGZP7_(ZQ z98Dd9t&BB0scz0#lAg*>>)>?EyE378z&a=)S|n>fv09CL<7&w zK!bA^_tyiv?=mx%5QyI+Jh-bH#T z_|+|7k$xDH@KxxK&GFy5$`Fx(98R^QFV8#t50Q&0jtggPZnp+%N&Y^=Y zE-TtKQ?ap!bQbtO@(JAz?A*#M zZ326_tv4TyJ*p^)b*hPO*e@oayUI%Hf4QdJcgkNCnNa_%0P_0BT!H0YS7qW|&1r|m z%k{(PRn-4>@UaA<0jQISA$+$et%CxUFBQc5k=xXC>l!~%Nm2o zICk1Ei5B6**FToT#bR)UOrvLlFHPvm+cGK6l_f9(pan^r470?WDnRc&gYxSeN_+sJ zd*ldf^ljLth%$S|Ks}n%AGXPecQiC9K8 zJ?k|KkwdC2rG=?#$wQJ+_itf4xIBb8WKnh5;qLs)un5R)~O4gehEh`G`6NSCQ4r>4V49ncuZ2KVxC2h8EyPaHmZf<7?%zf4> z>cJTd0{?2B+$n`o62Pd=?}b{tRj8mBQRMOj(!{}R4dj3<&J$H>iFYh3Lb%fZr+3uk zyB2WADl2YlrCWn;&@QV&@X>!=ZA2%l6=jQ%jo+gddHqM6T93$|kVT4OUuinoaR7UY zoeR5F;o=p5dT|DV_c`lC85ehFmjXDHl-i;E*ao57@^E4|;PZ*j+_+d?ZFo(4#o$*J zVSK;Bu#nu5L^l5uq6ds1!ToEJIG3q@A@c^-OCGo zyu-tW;!MlQ--~AUSG?jBtj!j{&!b;f2nX_(1%V=J>fV|}U+ekaeA90FwO@WKhX|ak z@#W~IBj=D}TEo9#=-&eAgZy2&cBs@QC1F`V&6dB#i{hEBC98$Q&&6zZ;>AHgV>YJI zEQR`iA)W*u8OwpYX`Lc|C^(cEo@6=C+=-GCAo^AR5R~y;9`%wO z>LFFJ>Jch>)!9J9Pib^Fv^KbO>~DDLw|F<8ydmK+utUqZAjphi$}U^nx+4zHM>K$G$#CvcRvj^3)^+lljWTQRsAN3nJm_U#vEBIBs~g*I6B zbm)G3&CRxCv*^|dy6KYc?tQmdMkG)FV*4q(K8XEo=N^KTC~8*WGy{}syuNzbTh-E( zD2l1oPtV~)Q?HrPW*B~5la6Hr*)*XlVh=bPYAaj(d%tP&Hb1*oj25*;%AblE z8Zst2fhw~01omFzvG3Ah*}h@XgL(^BWbs?*`Rl5HqS!&=BM)bg^C%;nv_Cr&8JDco z=;|u@6H6oc+p_t`>~T!Exs%LXF{q?WpgDd&GcFOAe6%b4s0sqpi>Q4P055sOsW1*n ztB`Wa(b1Vqr_yYNk7@D9E2wolzp0Z~wa-L5)2Vif+ir23^$$YrB?mpHEZK42VWa^KoK| z!6+Zr@6{lRn8G}~W>H;!70lwPLHIkkx`=z!iY81$TpbEsXk(*H*CZEiEJta zaF7_T^HYN?BSDc1-@u|)3teJgN~DihARdN{P(5YbxUgVppK*aPLMYnCfy(_Dw>-8j z_p?C8ZQn~K?UDD<#}+n;(1N(#n~nh98FWT42!V)1srY^sE}UK_0(2z!6vi$oDfd}1 z#wm5kIL_-$e9FsB-L}OSn3id;pV@GHr8%);kW07aW^biTYSr{*P0T{M ziP17vRk5m-AWe+fDQJqlU9DKcf3olV~ihw=XhIO7EqnB`L1XmP*hlHlfZ-KEsP{snP>CqnUTQyqz9UOCWB6KX(U zttHuQ%zb2hP&7}9yp6V4SUz`B2%6oL*Up{7n8ojDLf$T@CdC4)`5v-oQT2`ZIq~W#7*sgy6J+8)m#7xC?Ra|}iHWx=xun7PTo0c

_U*%UX>a}5!|9#ujoBu zTI`Aga@>p~Vky%n+D|WMGnX#Ik!kfiwJdaoPUk)Tg%2iIlnX9xCiX~}QnM4T`Ab+n z%V;-8TiSp^6~3x4x?y7Jl2gzH`V&s->gS>~G)H_Ct7l9nsNh4WpsINmEgNwwbxyci zgPj*Ln=LdYP|h%#||Pk#hi5pVSuu8Ymbk6I7y$G%}F|8TOFzD8S?5ItiK%faO=RQSm zUeTPQ6jIlDU%sgk~n{xw)y zS>c5drnj|&6C6qnub3$CyVZV{kEEfJJjdUw6-p!jElS|AqU=$BY(4ZUjgMMX9=2!IXI&OSAUL73}=O1u1z ziGJ$wq3`@C?0FtaC&KBz+r0$*;{1=$5(!0e51)7EwI{46JB!Wn_al0r+Aa$!%Txo= zAIZ*BbmPuI{4OWjyj0HintkpUReTdrd($V|ouVDI|Fmkr> z8^A(G-1{^qw9_&u3kl_S=3d6zATnF-4ocEf4wf_`VeC}vKI!PZQvSnHz6_tD zjAbz8t<(09;=l*6+Ku=(+}AD(Yw3mEvpO&3@(;q%oI*EFv0kkNK*n5Z7T04FEN zs|si8m#=MmX3;su(wvxNyX=`xu5b}SG7n3uE$GeGa0Vh)zY=od!YWkD_-4dO8;gN} zrru)IH)q{9yYl)GrEu-OD0hVWuu=O~>C~2RR2F`QpG^uT*l@5-gB#3>D`Ag6obkPz32W18`YWE>j}v+t7PSVX+-hw32PkcswQe(s^?j_45zF;U+`8iGrDU zmEY3`27G|!#Z2@1w@K+68=Zq2xfHn~J@RhlrU`*xWG0TxfzII15I1*<+7G7@$Z8<+ zmh)m>B`ba2R)Md>p!gUyAZYEYPkfGbl#9vh7rV$zIy8uS3>;u1Kao@Z#Oc9K@-$sP!hv?bIJJl zC9Ld1!WuE^-bD9EojBzx;eSmA(<2i4n{u#5q`S~=)oHRDGB*L;^y9th9Hh(CwTI7j z6+?IlBnlsNDS_NhW3+((11aCWb=LjeRMOm49=t-MHaqUy}d zlJnQsPWX9XYqLp9nSlfsr%^&!Q>l>CX)p=?Mn@M$r5hrl%&q!k#VbUcaieRQ$; zZV2PRn9Vz?y_!dZxvaK3v-AsfM3yd%>iWuKvpweSMlqZ-Om_y==x+s8GDgLmbju$U zjnvWXG;zqnmY3GNJ!9s=sNgzOl4QmUb=l~DMyXD4X_bCF6!)#Q3$U&^==zKnsuD$d z@T^RptWI2rUMzA3%NksVxF8}(u)lq2jKYJ`<+ZZ66&-z3m!PT?fg9hY$KRD5;E#Rs zphK{QpN{^$O_!8s%ZILdRL+EV4>}3EbpZP1J*Kg8%Ch_3WsYZ-3$b9?KVw-YO346< zdrBd5Xuf4OgXDjSnEZ=o8qW~i#H-vtI3-N2w5#ppL;UZxqx_b|wih50j-V|8@u(Ml zQiP*5N@k`=Cx?=RI1Fgt7kAbEV^A}N#@md22BuBh`X-pwJfiBGLhBFDg{`7d6XiBh zNJd(EDizueDFp>w)xgA;Qn{i6M)U$|#h&PFQjNp9kUNOUs|ppAg*dyBkl=&T)k*E( zNIY{pe^sWC@!rjA4LN{Rjd&&v!|`p;>+ zp=NNKkLG4xvkyPhdfxUgGag)+LNg+%>iYlO%*>7qEM<9<%{>(F1$D^5<4CIn8rdKm zVFJxbR=FW5Qb8`%QZs;2D3OUgKfnz}L#Cd)d>fd1T)kqpXvc6US(ZO?nBI;?R?a@K zX)<3oxL$T(^?q=-ZkTy^#gVHk5N?y*4#&9`_4T}c2QEp!Q%Sp(55a?<$aRbg5n!uO z;u**zNHBIdG3$ebh;_+)!U|nGc=_L4YB?Jgj#9RV-F@VnkK6%y)+Mi>7_tWZ44mnC z3ax!wPLTS~?aG($yT!0OOhd+`Hi3FTQwXRL14DgEY3;V-#0s_c5$m#YfufQ&V3rX5 zWCTTArE}2wb!~EEOd&rkxQu8oFZ?je&J6M9d8yBdYZUD64@JY`coubZsxkIx&2-IL-gE9b%K4z&)5rj16Yt3vnc z`{4L`fI(@`0b3?Pbuv;B?aGzyq-_t1N#^pKY@lp$6YgbP71VUO7xGK`09kcWs|=$G z-9Do4&{?Jhj$W`=k`64KV$JmTE|+mGkX?4z!bh4J-PamZFn|8{#s*~)!tDNv8l_SF z=<&6=cYAi>aVY!lUFgm@QAwc4jBq~k2#GmtySx_ivuLfb7X_)A=f(-h)flb(Jpcm< zAh&QX?O&d*AtDBczLhh@bo-AEUb-@DjJWjXylb$m(uG!}H1g_)#xI&Btoc=V*^BvvMqzpKW;`PLjym7P(M?&yz zs>40A0LX7vHKUYKvnwef?az#|&4a>tqGnU*39rJl61+2hIc4 zP-VSV9IPr{;g~fLe^{*L1wyxVn#Z$5;^(yHgdeDQ04fjR;<1fcWKs`*dR&lOb}^)8 zM2dm(4F1mU+B$;~aaTV&`Sk z^5ivG(Y8UUmDt+Qmnf_Vt2sw}-}BbkvcONbe85g4Y*~Ve4ih~?->s^7x=I(lBmt5{)JIWG2zKX9cFO zNQ+o2mIOU^YLO+=^g%VNp9uyMsLZUj(fkO~h+J56iGQ_S-e-{_x^j=fPN#pbS{2DkAzffUkg4aV`o3`h zOZV;6^2(iSbNbW)1if%{amNx)JnB9lBkz`z@Q!7=0t(1uFLGU*4Fdo_4F%@XR^Y1j zvjjbmuW!*7tFO@`P=6`|C#N;x1RtM(lNmeqoj~B#X0(00_7o|AszSPgw$tolQ=A^S zY13!b$*`G_=}9v0Uv_{}>lkQDt%CydFqsN)N4PMIF6_BpsnJb=)n$}YqEJ_fYBDdo z$POZ?<^)n@P7B)VCTa=b3P^1fWeEG}X+Nr7<=++oV-8?{9L`N!KA&40Ksi}F~Cal%7i z{(Wn4uq7@T7&&MaRr#9GM2=~_AVezv8l@l6Oq>w?39{vB-l+%g)jXHI4n=~OAKDwB z+2}m)9R4&om@WdPE`pVIwpECY2pT5Hbt*2sN;!RkZmyu>IL#XSCZ8_-1;6^-gf)Nl zlyq^H9nQyF3zoRP$feG=+7m4B+n!Sotvrm|5jUwGB@9jfaZw-QPsVGGVq@2%NI*7N z%GsaV_W4bz(n{m^DwHiBFr#^K>HVqWR@XZOq9;t#*AT8}dH!}(cDqiidvFl4=E~T< z3tuLs0DrbTU{Kp0S@=9imn`u{S#E=N?+X~N@c92gzyxNL35%V)t!yd%0ALl)d1^WY zP;ft(jVo7Y%A+P!_6OwR&8f3j#lmX|(g7foD;WYBoXrZM!hjLKe=BZJlQ$3x+AD=9@l$Z+(g6nPW^DzE3|8|nzW6(imlev(R z>FRFXiy#xV`V6@Dz>%4+9n(nsaa=np7U2f^gB@*FThho$?A4DIqWu`@W?>Z5B7ivm zL$KLdoolu7hAeGepoHuDObw(mlr^1Ce%Cb*lrIza@_LZqutzKwiq+lk)VbetQwiRl zQNa^9r`tZrI!jQ@XSPrItn?RY4MU?QnvcyLa8{ZkKTv-aeN$wN^$|?%`v=G zdSx3a05Kk3DypTe8CIPE=3kh$2}#FaT`c3p6k1$OemB<1eIG>d5GCx8O78KEc6{fcnZ+HalK!B z=pA%q+P%{$yJU|U+NW1C+cD07-C9%0#pzyXZ`Uke;P4L@%AmWl2#227Q!LsQ@Ft9~ zC5Eu6_OE*N2~nl>%k!q7GNnjD5W}ZY;lqzw4{=B{E0ssMwD_p>lyJ+JKZKoy+t;{% zDEuerC#$62lmK;&$^;W;UMVo#WL3s65+0!(X4B5-^kYI+%AQ(5SCf9uAaW??>_rAA zZ*|p{lL4HdAgfbo#R;Dpebw0sh6L??xGS)XZ+v(f?KXx~K?e1co+zo! zUs1H?G7PgtF6uOq%XM42Sd8hU!?Q;QP}(g54&Xi)BJj=ykOV<|tB`$QG1CCgig+RM z$f8LfooCp%rbAO>i(pZeBL5>GnD+#?7m30cUf4p#78zbvO!r*@IrpiYNr=Ac&Y8fU zmF?J86vs?X5rIRt+42Q{)Y*gg5OER~;-2TD=hy~ZFXJD$ zd&81us2SyVBRShQP3mWid989XiZ6C$gvR)k=ViLv#?mkVpD3#v4v9F+OJ1bgiH}PNvLFQAqLl5gIEtV(5t1@Kkq_!{=#&RY0C-A~fBO0y_n=Kf!G)ZwQ2=kVI_6rv$W?PceCF2Z(z(z&8ljr15N zb=%xgy}g#HY6y-StOKvG*KTvMt`D#BeQT+}G&}XZm`a_?jiluO@B+|9)}kxm@X)ha zJgF;YjPVj1JgZKP7EQ9GVM#dWQfLcGS9wq?v3igRtu+mgDGSus8Dv|qNJio!n(4rJ zg+EyCIv^gtNUOZDlCoQ7IRfZ&Xx&dv+UAOPf3v4Jf z1)tmXN=y185VxZ}h0&23LNOC)%xzpyCDXIU$}-ODK4mD9yICONnB)lbdc>=+fX&oqfE?NqGCHY1Oby?@;8Pog>Je_WIzey5^`K1rw$ zO9W)*PJu}Uk|8@506<&8sM#F=Q4VOhe281gDn7GM{QRP)MAgX2DFm0!hF4r8z9N`J zi#RHVS7BxT;`k{yE>8(16}aBGU-0vKV7 z@LnOKhTUC^({lX5^`RFstO7)4XPkun#=GwR|rL1(#FU_AP z#J{w84TE}Jp9^Ey*bk;gW}r&x*e?9XsdN>vHB4W1?r4G@p)2J(Y+p_9&a9KS&@||! z3m+i%0cu-9y8xsOn*i8z@olWOxGTXF80jkg^y^Ln%8)4fo!dC{-vpMvw_DGv&aUR? mt=0(S8dVJQx+(^fUDK~N0)hlf_M82tKxK6-ReaTx9KJ0*Yz8p^ From ebd49e78dacbe3484744326df73201c4bdf2b6cc Mon Sep 17 00:00:00 2001 From: Jin Date: Mon, 5 Dec 2022 16:54:56 -0800 Subject: [PATCH 02/12] chore: update token (#1197) --- system_tests/secrets.tar.enc | Bin 10323 -> 10324 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/system_tests/secrets.tar.enc b/system_tests/secrets.tar.enc index 00a0898dac293b0195d0d66d7cc326193f2b7b24..b6409753b4a1f81a87317494d650feb5b7630589 100644 GIT binary patch literal 10324 zcmV-aD67{BB>?tKRTHz`r8={=Smy6VPyni{ zhrFeyt26mqJGkmXNA!;f=bcY06Kz+!)29Of9lm%3y0NEm6LFC!DkC|FG>z8Y{4vL8 z1b;rT?Hu!wTrMx8X{@Jde`q2kw8GxI^2?1r7C_T2qRM(4Rcy~VFc%uN=Ye$R*4uem z8gOv1H84Bc`V&+8&=L+lycBxepo$4aVkLg{`LWQCbzy+)Z3GI}Ys@9{pX!!49h_gH zAMj6;1oic^fbx{e+6=arVvX{t{(zf4RI!03Z924dJ+g_c*{f)|DIS#0Nvu;d(`Kw+ zU!EGcZetLJERcqt%{~2|CLuBhS&HDQKT|@qUM2aLmNx#mAbA%jAP$mF5h~Dcwa2l5 zp27C$^q2Mmg(Ate@@Fc@2h?8ic2V9~@y^;?<`lK#Q|QWWR2~k6GZhwBO%#(hG)GJ{ zf=mNLQP^L6t__7scGJOv;FAjVEX^HwRFmcc$3f{vQ{C|^kUK4+@^#0f#iN1Mi2i7)YIOQnas z%;-sEf?iAW1QF3l(3Zj4QY{Y^8%q!O<}~WgvrBuH@^_agjmPjodY9W)t3#y2vZZyw24;8p#UjcR(T&#{=n|8^$=b(d%D!zvQS?VesM1L90AcR=B z0@)eg-Pcy0Slv_hCkwp+ps!v}|B6XAPT7+G(aR(Ym^^ZdvvVMhUfZ^)ZM; zY-+o|LFsEMh2&LIWM^Jkx_sI$@vKIoTqXs_g55cQ`LT(B)c)^{o!QoTpz&jHV0HHd zz<>ikRNAj}g*Am@q8ObsNm6LD?9TD6A&~kJG%%uj_J{XnHOtgX)3UUSw{kOHm8zt$ z!PBr8=;Y!Um-Jj_48sYXv5E0lV63Dg{X!S^3fHMCN}oEKOCUjzs4WHNhfs|quwgl+ zWf^0bMx}OUA1rkDIT~b5G*rA+>Y>j1H7+knmz%=AvIZlX00pBaZv82BP25_8r0iyQ zi@SOerg((T=nXJPjLB~1LR80u6uBx%@m1`yCH`=hOaV?_M@#Nc9&PuH10m=)3=AsK zO}C*M1j9Bp#5xfg6pghjEbR66N$1WsAFWP#_4q4csiYgRu}ca_9${M<+2zwsgG@tz z<~zN+2Qrk^M3ZbJy=ANsf&`!)XT>L*h{RL(jGe)^x*DDr;{+xGMU+kMB+S__AszM7 z@eTLnbuzEaJ#XFtc>r2@sRPMNG&0z0XhZM?qHHjnHjt@ZPeb27G5zzd=Euyn zD`$`{)k(uW$5SWfhGo2qU~J_~H(~H-as!%smJpo+-s7@_K`<474^KQ<1}=AVlqZlB ztfVBk47@rNV?t>#%y#&YE?!Z$&IZC_aQciNvgrzQ6&ljJ5-v>s=fr#*MZ-1yT(nm$@U&smet zO;+}Aq5DUnrt)k-*N`1+@3KvplO-&?%(WszLqk_vWmcZK1+BautC1n5X~uVUxcZN=#>i78N2AK}usF;#euLK4+-3pvGp(O0Ltf ze{~nWmh*o^pv~eWMK>>PXa)XGQ2O`%m7hVcgyJ4zFr-G&^D?)nH8;6dE7F6^KhQS! zOiSdTC_NLmn42wRndpznt!@?VCmD}?uGxiiXK6PXSCWlK4>eaZ;0=3Q4&{`47_5Ae z%6a3peqXO=M%i;0);I3)(TKh~j*s1J@7aXu4NOs(bZ_3WPnN|b{{>pMJ=DMIw5PPk zP~KOY0hOf=T2pPR87sFI8P7l6MC>!9=9f4cyNqlJ8oyLG)6zMZ(G`qurnQ|!0y>Oq z{XvoOlBzfFU**@0yQAf67A!TH4YCJz)nxy=z8D*7bD$6V+y2{pRsV*6)%Mr`|D$PI zqF?+SJGIYdY*oTP(jGZ|KCIt>I`ivEkJFbT;1h4ok36!0s0@v%w#90xm&cS#6^y|z z+b5Mm_)Hb0Q`RiQmz&d_Sh56wGYihg6VRoOWKh}H{FTf4#PT@Iq}6R&;H}B*&FUz7 z^Tl)E)(b9=0-r}Wh=@&%0eHYf7Ai|o7}k!25$s!kIF(nmx`l_(esu&7(X;64`N>&$ zkXxK#xd)U4xZt3>y}Hdh+0{6>ts?A%^oEx_>X>6OonrIjeQe}GkL7-(8texEttTP2 zn{*l-Pfsd-FFQLL3z%CXP*VQnZ^-+qO4uw|QF8LZr91>PFx7UuuEO>dv7fqH(sYGx z9}aga-wdz}HgMDa**e>no2Q`Y-d^;~E+mptnAGsS5)4j}4MUHqDrr$BTo~1GnZZWF zM<8JXkE$7wHBeQIar6T8JGX9o5y+y;PM+D}&ec7Mh|+BLICM#_Ep4NNbNts_m)t!M zC0{HxH2U;%obIXUkD^!pd=1E0;p<$G-c*wo%4~pU)QSY^aA*)2cNNfHF3K}SaT9A(f(3Cf+ zr97lJ^%FA}bN+X!5fWsu_UbPG{t4h#{|2k-NO(zfMi$%2k$oJAL&uCpiB(8gwK`22 zg%?+o;tfl>1ze-)@_m}_mt^=|N2Go`EYxo8kR+sE9Z-9(w>?@MxGO#AWLQZ+q)6S2 zt`T~*-jwd10S?LaIS+&1)>Tm>bQLy#^w1PL8&!ie938W3#aT+_=}AZ)k%aiw^38&c zw$NCXoE!JUc}j8{?bI)55k&`E`evwEVbB!__cCcJHjem>DCbMsU3qo}`*gq50CbRZ zT$vo|=AKBGCEW9lnZ17*kLYE`tZ6HNX6Fy!l?ZY$jzbg(8y&j zNmyxmLa88CM*@F*F}N$4HZu3E`+}EK741+O>?mI8;i95ue)1aD){$I? zU~jZEi5zP#-bKloZZ+OfsyR>@$4@S`D2ur~Jt+S^dKqc(KBFW7D0bD^Vm2j3ztPWV zB|Q)J$G9_<*VeO0XZ!_?75^pG#49;R`@tJZDLR7) zUdw{)dG3RXg1)d>g@y=YfBnOvSXi*Amu3{F*-#1BSC2lB2ztcedX5((=Vs0_EHnB4 z$VNw{?Z}%)NYzAh*9(2S7-fEWR^VvJa1VaeI&dHy2CF4IwhdLXSE|c?TpezVO-pYP z?ZiaCW_$$r#I4t~+Q}u3Hcnq{yJg8b*go(7tak8KHgxp)P~xYPfAlkhkOdsOhY&ym zY|OqT&y2zNTX0i#OQN#KtW9%#fwN?X1_)d=Ohy?mMBrWQ(e zk19#dQM0v?v{t|ov+5*x0^c5oL+b8EqEU^q&wZM5T3spG3Wu1|LdQ zh0(+le;Q#5YjR&7lDvDAm&0Naz9suYjRh<$xniCaq`Cx|UEGes*BU{=Hrw#9b~H^T zAc)GuOog;WP{-w2(H8Y}p~}?j9^x5Ee7-I5wu}NapeP60Z+>^Bl{}F;dF9p><~dLG zT;a8{__C@I&KFLit2&GY-1@l`?CJTNNqA5HHP1NpQns0rQ#xjpdVFMWCUXIwp%Scn zDm%I4RLe5px~<+Jb*P6rdQt{i^G*iHUwAk-tHhtcR@& z?FD-n6v{~LbfbZGLZGfQHh3`v`GP%WQc1Xxv~|hU=usNWg;QwbLi6Y-`+>D>6hY&4 zSLm&X=?ISjG&9Bi#5oTTZiDurF_Kj$H&^O^;k*jx6+LydQk@9QF3GD6|96=I1YMjy zSuDxrUlthXXsRgU@+2kbtpSN8+F&`(*}u?_B>_uw*J6KEb<&ckGD08U%wvL`UglB( z-$;^G{W-uyawC8xDTtEIJI%pk7*aL0T(vew7#M_4Fw{@ z%4SPn!L!`MxB7WyX)r->Bw{GNx%>U749E09dV-*GZ|dG4P&55H_yen|(W19$2HCe? zfZ-0D)EU?SoJu$zcM(OJkr~5_oSv+LwguSw<_}~EZufSpPca{Obws22P#J%2vnRNx zupS$v6tjo%7wJ7$8`itZI380(z(9vEvuEi4Uhaeb0t%V`FR_n{{Dv5T2Uq3jE?^io zRFM7KB$m&OOvMnmOn`B9D; zv-+o8#6FEz7*d){zpY;dyn>LNfHUl6B(k&QhNo-^mivHk@8`# zGfhD@k(PR>i4Xl!$(wHX^^As610+H$=ZXgO-3kH#>s z=fr-C+EbG?)X*)1LlO(n0fjgdwPe_Py}?^Ycx(|pE$^eQ#icSsTe{N7c~D*?3DZ^} zs{N?+IvG3Qg|@t-bh-4y_8(U21hi2BV<5_@HSdmk^;Vv8SpBEir0uIpWqMB>{ z)|+MM$bFs#Y?CTXpv!5s1em zRF4rf)IseN9}W>!xK^uud&LX5*EG9TKU6bHq#y$Q^R>}27Z?73A`^L^LiFjY;BuV? z4iQquUuAuRh)e}4#LAlWzx}v^A5NY3Fx{!^bKAlz-ffKba+6v*&g4~|03^*-ZbO-w z+`*e8&ug905)jygI?BfB#u{Bs<5zI>Hx}Y^Ow^LL+U0b_nIg!+Y^Qc zdvs4xU#g`TXPzY!s&kqzRZn7y& zPLe#IvUIv_V`#($QyGL!$pL|8d%$QK%bp6gfKR-Xe%8Pw*AL}T?1EM>rt-a(h_bbc8X_B&8*kSL0be|ITrH>^I^z5 zepjTV4Aa)>w`a*zQaUzB#!kJueg?!lMp#S&X8*!_pVM}AK7BTC=94^gZB zow!LBvH9<2jO&5bJkHP8GnpXaLzoT=%8jI`IbQ4o_KebADhWUXU9}PZ-yyLz65Tq& z0%D4$DXO$xgm3|ULKu3{E2S{&#swWKwkDK`9Kwbwk@qrg^0XZeQA}csr>fYoKzfaE zU>7uu(m#uR&h{cj)-s>9Bd;TcatQi3tc;SME-VGfCk*Fw8K2-F8E0gOY3A2#v7Y!Y zECSez$>chIIu=(6lm{tNY0xLWx*DRwe-&x~-_<8+QCfnpUxYRb$H*dMUuux=F|@Kd zB9Ab2jigqL+P}U9e{c%P$<|cBYNEa=3l7V4ZwI(@x-58mbB!EIiG^vf4<7}ltp1W+ z21b2ly0VA7VdB=hs7dw+B8njsSM6^NU5qp7iK{~WA>T4ymOy6x_hMhQCdP2yxE4WlM9Z{PPA^uIsAs~-*{x}_B8%p?v1KZHD+xq% z5IOaPs-ICS;UMyl)4Ue=9;8J*Cj867f{*(I4N{Kt<=6B4IXm4J$Z7 zHaApy?qBpPqpdT8)JBLUJniNtU;LXze+tFE_6e2w6G-F<6b}sZoAfpy80nQW4$5YY zz$czTz3l#G0B}Fkx%u?a{kR&%V5W%8d!$PG3D{8sMF1CpVRBP892SJibaF|2zh(}J6mIp7 zM-+1bRN;49EvM>fSzE9ue=odT(CI8+Mh3hAr(;uUj!DLvGIvO=9SV~0|L-FdGhOsT zcRg|?Bj^ao_u^&68K1xHz|@}Go$wN%Enlf&nf!xY$9fTraj*gAh26B*Y zSa}&T{o3`JEPIS`YQD~G$9pUJ6?=i|B&d!8Dbpqbqci*Uq|V!@hm;>U2x!+8UfN=~ z-*Rg7eY<60j4>p%Le8E8>h^1mHd}wnX&*WSb+6y!vpp|^*$H3_L~f~uIr+|z)BIbP z8+sCF^kC!zfsF|;*^<_t!wD*=umSU(q5Z^UN;uq3n2RioKo${3kLsZwbLV>=60DC4 zFk@O)(y>1OqF%~iJ)HNe>q(C5P9;osnAKYP=nwQO?KT_3)^9&PLNAX@i$e!;3YZEA z;{KgQG+61$PHrvU%!NmF^}3KtkG!vfoqq1TKE%9Tl-3kJ3MY6f@#1<{I?E(j-QmQSh znj+6*fc?aUJMj@FfBTsZX@7V$B1U#KkUS*;1?il6KB=pfx!5k5Dvhyv*}ZedR+z@V zsdnWR?;xE~ei0QKrXrSAgXU=lX%75FF*!w$JPoh;7h;jnOgWqlm>>kN@c4);@W+)z zYwGJ^b1s|3)?(f>df}bOiodx<7R@`MbcBs~(CVbr=Q=B#EEE-^KzkkCe9wnn8RP#V zSi55$k(L^4P@8AUy0<2GC!ISjM^!y@7X|8Ur|Ey!#$X&>mhNZxBwVExgpUQxvPf-O zm<&Xteo7=bljClWpcnIG$27ls6ZGb}u;CtTw4y>V&%aQMN-zEXC)9nr`vuxcrS}tR zDdKx0JPrFHs2TOQE=xF&+aym2OVC`Oyi`FUe(49e4V8@z(Bl{ueXrY(1puHWpFk8z zPA%gWr!VlnWa_ptDUJz&1Y((jtdy|zL_4zgqFfKLbo3%#i`L6THMJ}4KRtKRRRp>d z|F$Bl2C~Zi6z=hp;C2l6`wbi0QWO~nEv}$?N`G+lhWv}>XS&HQoz!p;ZyYr>_nK}w3@&ig4oF2^FX-7WBiuPp6DwRNlg zBC{54$2H#VYi9;|vyFMCfxJDn~kC)oQ| zGj4?LqwRJBmuunMt@IR9Ve_e`K(n1s`P#HzNuR`QzyTv9wyVHG)6>}4$2lp0Oarg! zc3%rn0B_jWzz@z1WgLtA_bo~3-cnaP{$QWcf-l$E^Yokjz`bX#ydhE%Y>lm)2`q3@MmZ8dzx%^t{Ky4 zoy3y>&IO8_gmmPA)utV5>L>^iG!x^Pnnfv_bPn9cF%J`nh=~A2fy3A$YP6sfTqX5( z@{JEoaj6V8DbURlo8vAD$G4>D$G>xQ-0ccJsZ&{mpw+}1Z8S)++)gjmj zC?j+g(%ziRLbA7*p%b~A5U#uiH=(ckup1VN7G)KT|=OwK1i{*axJ-TGyGtmGvi zVb~eZ3e1nat0|A3z+Lw>Ee_2~Z#zrV069>JL3g&B}tkx?|D1L8IV_>j{Ei(ZuUD0PiB8 z<`lEZ(46H#4c%3L&co(;gqeO&(2>P};TPl6Wit+b=mplySHZ`G}ah!for z*ir!BA`ACu5ViYDF&3n!C#+9yLOq-Fg=U-imc#TP@J}BF6n%Ywo}O4sICaPp#7?Of zwP4s1ukb04*M8ljQ6aC0j+%CqxJ%Gye`G6R3Mb5HtP;Du>gV6^lOM2N*uc^^o^IWa zFhl@ZLY!E<1)xa01udJ#CPS#OaJk6s9I=(iRH*44|9n$wvg0pe@W7;1uabWPJoF|> zAnKXTF2u|s*k3~iJ`(A;9WSDDF^SJH0KwzRKN1Uk(oSi0C{}Xhj9t}h1S`V4_E|AZ z^~ask!ULh!406g+>XV1|lh+QCTQRYlo9Z`+VwCFF%4OZd!%_R__@UBp&X68-lRVO{ z#z^O8&_>v>^s#~CY1?ZwpAaIOf|4B-wO`3bGn_(!C?=)URjx-O1i1xl1@zX`)?33 z(rJp}511{Ve>^a;?8t~GSHCqR{(w56wS6}cmXQ@Q8-%*VHXMv3F}-i5ucrrusv=Qb zp-o~3#qT*zty-F1%&r{wk|2E-SSA3A(I%s960AV66uI-%Y(c!8l~pDD|qWs^Vh-mLLh`48*mvL6D}GDEoS{Vx(tnb_1hi z7dBhPS->qFQ-pdcW45PNVR4}8FqS2p67ufhSTPb3=cUM=`+t&`qNH#E(4#~xveR|f z>oGkq#Vt}*p1zMsD4fWmK_)DlIPzG@A%(BKaRnbzg}B3Fx7CJsXOg8=g6<0bLSXlF zvBmsm(i1cCM|ueBuHfItUPEIQcMR+fGvU|>Ab#X@I(l(qgKjJ}*ol;O_qx9eG2g?= z-llP9wD8#%weBmB3))1O0pk<>R9zE!0QKF&pquNIVJ^#yy1Pac1<@_sRX^rvYdbHc zCwM(_>A`6OhLQLloeU4=&ufMU(igN^@L!yf~t^#Rt z#p`Ho&k%7hM|sf;u?y%*iUFYmV7U}4#vP2O({;SpwD_M+=maJlLF;}ch6w?jmnW{f z5G}$E`4q!*g~zA&%7M{y+!wIMwVsXFc;IY(qgddJS+{etHp4tumWLy!muL)UY#qz> zMC_-TYhrNS{3uePm#pz$cNv3}#f_E*e)?MpgB%9^Wd$JX+wH&;F_Jd$N}NFi3`xMQ zFcAB*_#9b58=8L}@F)e31Nq!&WqSw9;@)&fYpC-b*p*ipY~MT9iS9-0xfE!OB$~_6 zQTNPTuSj@-nw}Z<-+SMT1XHLp zAbvUIseIO37|yq*hdbrPF$K(Umj{`-oW}(Zih^4X1Vw-Xy}>2jUM4j^0q1Q7@zUY6Dy>q|0bCH3!{vLq++YPSl5<@sS zYF!I|hYm=2M#F6fnR^VGf^RL5j_|2Z!ryv>dg@`FBct^`F!7U4EVSi!x-rVYu#(pE zlF`;Z)^dpmB0L9w9oQsBJ_b|DpT(Jn_Byh`=xUd*2y1lEzA6K#oeco*+4MSyZ~qS5 z$CPra7mSehhP460Xe0%4Uq=S+z9C?xoqeT*$h5iB@N6!vuE%ja=!ntX7b1~*9nM{5 zH~j2rsX7#&RjaV!cthuA9hhe`7(H^V2U7pY`YA&){Ffof=OD>$y68>XY2@hCCCntt zp^Q*;^BnGH4N35Unu`~z%h+PGXhRs7gViyH(4$>!`DK^V=-lx z2vPYM-XZ4W`oiQeq?c+`RUgEU8~m!NHt$`$TQ6i5&aX#66DakZ2A6cBnSF$x7m|pk z)61hRA%sy1cHv+Eu=a+F1(a(Dq2Mk8w?x^@eY)zq2TBa zSQ{hoS8bRZUd0Ey*M8fiC~qy4R9I?wyYs9b-vzb?WkZ?OAS;}P#O9R)D-3x^_Y#jS z>QO{IQ}>G;2*fcgdcvA5>IoOB|0H6qeglHhxfvF0O9yB3hADG6CK9S>GbKNKnfbda&#UmsAkB61hxO)eR1y+8y;Dxn}I^hHw<3?t2;KdcIb^>cRP$qGOw( zsKSe5;nZ#Y@R1rsZkU+I6T!kH-FoHoUp}G;v!00(HtWN%a23X77|;o`HTJR&m!h++ zE%YTOtKI02??eJSPYbtUFr%GFQkDkD2}uv$o5PmEK840@XD#6vWAe`P@HNU$E)Ggm zIW-u0rlvo7lbFDFkRB_CN3H868N@~}z8Z|P5;H_>{Xrmg(pT6Dc#+8tG{!HY?_oY3 z9Nw)}W4zv+9fQ3iN>eG2O!5fq)GXWe?B@?{aA8@3ZkmniSP_{<_m(Dghm;fmRJ%fn z(ixvS$WG~J`Gk$a7L_>dekCMOC mx7@$qHT@t4^8o6*!Gn?tKRTHkeB?)PGrI?efu&Is#(#E8h7ZEY2P38nnDHM}L=Fk$UPyni{ zhrE#_>bam+dxp=;$G$Mo>MNpwB75UE?pL5@j@Gd*eTro$teh5@+NjlEDp%0 zL(JeSdoPW3C##iqZ96GgSyWBRk^G@7_icvxTGDg57aI>22V;FiVygdV*)oNyar4gj zH_VuvK?x5P*3f-|vo`1h?TniL5Bnbv=pO=h@jzcaJ_CwH^RAK7U$sZdJ&_-lD(WE% z<+^8-5r(rO8ka>a!4v;&Ija3`%Bhv6fH#-trNhVFYoHW0`={%QOUlJd{7sxb!m_j0 zq2Aesc!B9~J9FkpIwt|#aDw-Bw3xAw-@Js;_D+UwMX%!rRS4BTt!UwBJBNROIAhPT zGv4q*TJG;LerH2RCoCO=0l-vBlYNGpw8WpsERESz>d>C3eUEgC z@0m!ultItQ!Z;Xyg|S3(L*mWvW=0|qPcMz#LVvWzlGc zc5cXju2-n&9Uc_GM8&?&r%{7|`n;bdzu0aqt&BFhLa{5UzEm25PeJZA!t7eMX8D0p zZnKYLxY$~0Rw|=VU!B~%|6j+EB){1cL!M}j*ca(9?Wa?Mw>10ij>cC$n0U0ry~nYt zlGtVspW>JiJN%qeR3<@Lyf+v6*C4y7PmZ1)*ta;DSk{BJ6Z4C=Jur@(8IKpKHyUDP|jL{Ep`zg;e2@c6=LqL z;jrvAMAnAp7+Xz+FHL7mkLp)VXP)|?yUY`81H|~sM=J$Y(4H#E6u^qY|G^#uL0(^7 zmFuq<7sXaX1CRsK@&_5msY!?fi#Kv*Uq+afe8tel{^e?|XxWekAV)oqZbb~VMr^LH zSnfa@ObCIa_x2ZT?tcvCZke$=J02t;iP zvgkCzX=nws*iy9G!VkcQah`!T%a`eUqtYRUhZj(f>613q3eO)AYi(0uIPJVJ@*c>G zk4>Ha(c)&Mi2w)c@jk)hV#! zU`lk<)wL-F&$~pguQ0m;u!M&!h!$w{v&rBMfNt<$%|zM0-T{gMxe#o67x1@8 zm|Pf%a8n^6VYXpLO$_HUp{*+qyltbqdT(;_T0^stM<3CEu7PyMP#>+*yu9cb6{x&M z2i=-kJv*YAj*-?lAQF)b!Km%au^*h>Fo5%iky9Z^AiVB*;GMi7VhMGTE)i`$xd-+a z4BbUH6CBcB1?#k$NX}l$S?3v=}y)SLcr_$VyiIq#zjC?To-s1MGYt6>VFhVao_y4QQv%Grm%*a zroIF2+>xN_Y_1I`n~EK2(@kX*A)u?Cu6{X({sMfG@^wh)lfdBL|AqfA4e61%^A@)C zb8Aquo?{xDFONBA0dTkVUCOl)(}dxU^W;nCD}|);TuOxaMs4rPA*3B@f^B}J{*{b^JN@XuS3wUljs5mM2lzKo3-4JB!tc$Zk1AvhaVY=iS z7=J{=bAI^MBUd2>v9{N4!1D7cG>q-`sVVoreyQ4il7&I^f>A`WBjOcD34>_0g2T2- zvXv$CbR%#KiRtHC%E$$_=Q<5lHcAqUeNZoQ3!^B8K;E9F<(ocYzA&mLuPGAnb`JN<6s%5>}!Ix_9I&R@K#up;U zN0r{XnD>q{?E|yXkQ}X}^WcGY)Xe@WQYOvRGJJxrI5g69UBTBFgcN8T@F@ znCa*`ZdHqm!UI3bn=E(MY8)H%c(ZaX@k!!0fhrUtg~l1;0SrB^&~Rw+b~3(K-L5mD zlrt1v@Cj|cn}Vnzc!LKmb*!ua61=GJ!8R&cP}91OeVJ>=tFKt~LZP#&HFrT6jpL#$Qx_y0uQ7ADNX-#i32^^2tv6NVPGw4m1LKn1-AY7 zw>A-9=Ms)w>+h%wVNcl`5UYrT0`^@yuL!>D-h6h7L2~7*z~n~wXzJPf8`aOEt zh&Cwq;f@~Hg9ot@<6-8caI!B?^x75;K>9=@PN_*XX){N&1^=)66rJ?m#z@9Uo_f{6 z@qxY5jFeN18BMhFQv1JM8;H3NzJv>Ht zs3LiAgq1VS$1kI=G~&6`j;>38i*+;QtAk=_^Z#I{#_R_zU}LPUy8v-=FA-eFuP)|R zc-A?K5`mau5AX@j#lEvBDZ55Dpv!|Bq4pNYwEV18R3kdtQu>~aRT0VC5L2-5!+pF<6w;~@mch_ER$82p=Gra_A!y^0erX6 z{bt?Mke(-Px6Z6ym9FI|x75j_c)y_Vxu2p;z^ci9qeliJ@6FGPD8q8@d|N4kBdtB{ z-6*AdAm%kw@YKuz8bHYBQgFeJ2NnLS*{h?gLy`B`;8UB4jA^9%z)-Ya3($iZW%Hg9 zL?316&<2LvqY1bQ-{gqa*_zw_iRMh6Q<=*Y?;1?k2Q0(uj#Ur3if zOzz@TJP*ruNFH(op#wSuZ#z?P(A;IgR-T`y!j>mvI)N0265nnMdTJkX@@CHKKP)!~ zGeqP{$2qYk{fWC6>!Pf8n!!)vL;l{|#TX-}71#g_bI(zZZ@44tfVg~-wOY(!XZK!f z94on>QQz4dj|w9*4ka-DeIdF~S5KzOji8{j?34)K9Z`}(3R*t!Iqi3m4G*Cxsqy$} zW?+50-x)q2zsNP7^iH5}?yz&3D<5vLe;cNi{K`v4FUG%jX`^X8B$h6u?{J&CXXx>G z|I@2odTh&{)9AD9<5^kLNPt5w`Pp#&Z!vA+oO0L(Fxf=x0~ie?98_M+Ooys9Cg911 z4VD0Z!0g{Y_U@gJb};%bnlsGV%(5-5K`AOt%ayhGxvw_9KgVRY{WDlEvwdxtx)WUWE7ZR*%fP46GKPJM};R&Hx#Rr)yrO(%tJbjCVe>PBC@;`tuCWjjvH=}#r0*YjI(j+ zUjx#MK!KqR4HNkrm4@&V74Rg4m_h{%ou*OEuV(T*h_LHk<8J+QSO6fc4jakU>*p`J zB#}zOC-*#2cxn|HIJgle7uI1wix|U1s^2Mn zR7Y%1`tTT(H-AeMb4MVrLcE==VIVS`XZo-}4xZt(k2n<^!@^hn83k^0Z zFNdwI*1DGlLHZolED#%-UDJ0?m6blE-L7cruo=>F0AAfJb{;`X=x9wr;VL>;uR^-7 z(MXoJ-v_v^Ol4S((qK=#B;XLkMC?GAKuC)@0aX~!!`LV6T?%u-$`L1bL8hRrHuH8U zyY)Gjrn@0cb-Tm|JkbJy`#*3yQZ0;P%`bqi*_x9h4F;?O5UiyOW$Rrh9j`lEXb6f% zPwmPx{C>{` zy2DL*M6%ejWX7nW$Xv6nTR61gZDgACT#c84eZ5f|wL0x8tFwmI#0s$HuNw!*O-YVW535SXhr}py~-3k@Pz8XXWjH@6t4SsHKdO0x=OP z@L@!qh`>-fv^%iYi$>jKw2Elph&1SHEREo|?zui1w}lgUb_o=|&>T)<9F$z2RIZ|T z@o{G&!QO(Pn60CS_sWl??Ub9sHao0xP)+_n_|q1xY%2)Pxw)&9!+)&3SdY8MV_letiKE=uxmo3CZgdzT00dg z3#fiV*c^%kBifWWX*Nn>Sz7yMw0Y~cdRZ-YfZ_@IEg!2=g;(Ekj-MD6La~qG%sS#d zf;Wk}#o5$rGc&$qhutc)ewvbtFC3&&l&sB$klJN zV00g#Ce{zeVYGCOdLnyK|8OlBc?PYB1}*X7@kW|hx5)Srwv^?#{M9gnTT16xpes;X z2xtKMQWnnXLMK5v5Y`aN z@oU*c_r)dhWVhZ`%4Do;OqCrIt^pd1-<6%c-LPkEt7$HM6tlf zd_$!#TvUD^h^;XBF{?))aA?M+5@**S{M2$T3PRZTO=$IUXmRI*28bCL?j)@w`6igt zEPd`img1($-a=Ne^#~|pf0F&*_fGDp>QEjaW-_VLyw}uc_r$K^dSRxCnSivr?6`0I zawC%*{;r7UQ)lh3d>#Au<~^hipb%H0l$ZmlW6 z)f~+dhjT+*XZd@WvGnU3OkwkfS^Y@px9fjC$EI^FN;1GUoF(z9tAX498~!hJOfvRW z&&_?%L%$hqX%QN@fq;?F1qKDGk|1ogrJ)e8E3`Cf$h>yurbyDoiwbx3X1^77@(eLKGM&{`UiH@FlyUB;)k{rrCSqh91C4O2M=n<>rCjExvw~ zN*~>jvp&wSC|d6M3TQItiCepK7{w||?g>~qWWLB;Z#nbJ$ZH^|Muqd!mV?u*M84m7 zj;Lut$n&;LwAGxF%M2nYK2-uwt_-Cvfg9bjw^w19t9B3`3lMm>ljj%w4AU2FqIRXG zeCzj+^V%=G1!aV0TVXP6<$4YE$askipxsh69tZ!j2xiYikqtA>iOR1xn$8?80;9N_ zKCvAs1zBjy%?cCoG*DLqWv6+(dYk(h9a$-lG0)k+>(?0T3^=Z2a;kxH=LDWR@? zmHG0*d13DU$52z%xCB%3P1V6P4?+MM|GU8$0DR=qQ77EgPHB=uRj%eQ24EGxt>n=+ zDGo!IAX9s}1d+cPiKnt)CPouvh?S(FR6XJ5&i+9hz~v-&7Ay;Xb*wByA>hw50QtW= zF#<_njC>zJPo{CVf?e=rENqR5>Ipy$#`IV;0 zbkz$%?RZp})eR$I7)zzuetNjQKM~VBSE2`8J0Nx?-F_<^!M=uzu^!9!BlqTqB>i6h z4B4D~sD3-D{!^{>QI$V(qo83B zw>T-)s=OIvto$!=X8b@#$MMeFq6D@KlS9(NSS_da4xuxZ^ipFsP4d$7w7;L@wxDK~ z`bW{*TBVV%dla|$I8izWgbnnq0Z>E?msp7+9Jo`j>x#IRsWx~0ZT|cW6jKl;&N!+G zG)o>j4Lbg*uzp?zR6})3MRhn=%X35?yJ-xEg;tl*aTPLJAKsr^>u7$1VQU}p%fPj= zVH_@B@*23$30u}Ha`r0wIL{Y~nRFY9HDdUk1wyy0hIuE+?g@pah}QzaI6bTDjB1RIq^>RWxeLFPCc($oQhG15q~q$2!M-o( zY>p9hsF#aYH_?!+dTS}U=oj20{Pq*o#WK<>C776^IQ#i6V0vZ#0F{xg#`T|JUGwgy zO{b5xbuWV7)X+MgU^uXA5d39#j%q8lXbs_d=i}E4>^yGh;d~($!3k`5Bb4Tw$h9Ue zgHVsh5n|1pHIf&McH@MPQdLp}O&v;&s{-gV=Kc|nQ891N@Q?J|SE zO%uN*Uh!_`Y#^W^eBg{7r+#(26E9(IRUk447FW};Pcw(_xtpZyx_Lk|@tX``GF)Xo zc+Z>W&0;K(MUMp+95;uHzyYtsrggH9H>-2RFc7w$_wkJi)^@m4%x%_bpL2f1vkCV?|UX zMlbas8UFL2*6p}5bNf*r!28U&@{2HGYL~$L~9t= z)F0X)85M14BLN9*-UGY|8r___xuYdUTF&ab-lSC*S+er5*bGyXgz=Z$k8wVPj!vk?~S;tkqc=I+3FJ z;`P-R8*t5-yv4$hb8@mkX5x&|>ahEn~tGTb+t?K~1)`AeI!(avrgy&c zlLb`p3Icij!GQ_n+DZ5}?HEN=F&w?*<^?gdA{-R8DWoZ@Y;^pQSU_%f#r67yq^S`} z?44=kk3I{oMiXx(%)7Sv{pR{@L?sZ==C=q6vJ_ok=BlJY-eF8B7VkR$B9u?ogA2bvvN3{T^iS!q&cv$iCUCef9eOJ z9=?V%r;Cpy*}Rq3^tNJVFi>DPVujg^)Z;do96RfmClz?dhfV&sGF*S|6-(&3CgL_3 z-Z--`QDRvWqV=^Aq#NtfRd5L&+!+#M6tG# zX*L`{H`Pl%8}T%Q6nqQ)dmkM}!{*H#gpWCz%w0i^`dhKcC715ITPzrGiGN~c&+YcJ zzE#HuXe(+gj=(`ET(~?;HZF={tR^1If8>48IJW~;)4U*@*s!JZ{Q~er^YU7zHvuDQ zG5_AtZQlg;l3`5uwX@6r+S>9zQLgBWx%g4Bn>(cLTch+O6A0$AY4ZE=vMJ+_=4xs@Ph320O27l4`cK7_ zF7c$ai`|ldSK^>5Welzp@xMvVk?PvcGJt%9I#)1re;75)U^4ojA#vq_GJPM{oabxX z*=_Ba`2n!}KwrPbwr{r#GallR8o45B*8ox77OoO2G;~HLa^n-~RGfk3vuO4ycU55x zBA0hYbF6jh^*$)(&~%1n&T|-qu7r*1n2Jm1k$2G@~NoB5y+& zs7RzeF65G37%CYp&ABY2(9+E!QMP8)v026dTi3u{v*M0nB_?A56F9{^wfQgrd0!8< zNIPxXTXG*n*%qWQ`hzSw;C?^|n|7wbo&NMCB5zgwqOeaP4F~>;Mqwt<-xW5h6Vu7h zMRiZ-Br($Vg9X1ADHfyE+S+FNy`%^0B^DP-1>9C>zjeGW5mo=HbL`D@Ai8)lPjL{o zyNktbB)anY^uDC1q$V5;q}xzh&^Lg;2MC2nVw(#i-MGIZL0mIoaM7U zjgrt}+9-rHs51D-&og>{1MsjS_m1u$Y)lqmI1CH=X$rM9q8_4zHwZa{`qG;5C4j7lA^K zSxXj)tSprq+{|8z@vzC99pKi*~xxp7~_}~$rDHE)4kIJ z+mSD7*ax{IcCfRy-DhnB%godetQD(NBVObj>fZ(~^H)*>?Y1&TR!xs*RhY2gA#0{X z<{^9Y+2r8GuU<#ZNAd&i3DAF*Io;WlMZmG6PNcQgMX-N;0NvcWCu`&HagF5egh@Xo`-1T7OuUtywS)B)nIEqv2@> zL1LS+BY*`n75ESDxuk8BFlH$(L!2rL6_v-Y(I_)D;u(E`;{x@56LsV98uA7NDn%~* zFvWbS(Yza|C`hbn^5|fl2Yd3P0W-8*6C6y_2$miLmPEuU`A=Qwu=4)@o~E(pIaSg_ zg5NET@qK|8QKcA|8TWo=4kw%MY>w&qAd7< z4)^V5h&K}j^>UHX=Y;TYvS|o+0DEGO(?|&rB=&YA%dRQQDg@w@6z3K*H{pm48 zFj?WXO$?im;?8kmnI>G8(YQ1x_P;Oq?2B)ws*^Sc?EFB0S+bH!jx6Y426M*hKMN4X zsu4-n|J&sP4pqSqPhxe`u3YhAsgQiA%GFPK^ZB{P^MaRxv``z?{3n~{6O^|TV;sd+ zdl=Ban*|MZq}dP0x?d3 zG-N*f`3$oWTiaMQn5DewgYTq4Wh567{>_*d5UQa9n|TIwW8$9>+0!cLXOjz|@}Aax zcfqfaa%a~ybfghHz96a(W&f3zcZnwma6++(B0tOegB`Q613@sts2_Qa7!1;qZtl&b!b)o4>Rm8+Jp}K7$oN+r=)etV$YJNSCvxPkd z7C@-}OKc`~>R9s8``P$Mlk+Q^xXOvA45?`%5v@Roi2qqb#@!G%Ecb-`ND@JA)FJw~ zt`PC2#abbSE1dY8!%W+2H|QI%T8{dg@wPk;|E+YM*QZFQpy?_;R&2Gk5^PzgjV)^l zq_~<-wmudInWR$7N04S(Hv4~+wo-0-bT?a9ALRdVc8-5!<((01oHU}ylPI4N$|PN; z9RE^X{(8@tasj!YDc79QnT3+{R}e}-$LQFOO#fNCFXp{P`5 z5&TK4mUnP!jIa?LqHaObf1VOs#he{b1HK_W#&6|zJuSa-O*@I7PkEVCUd-zsu&j3@ z{m9%ZuJKGdU5TV=ynIOU3@vZUBu&P_&xTLN+Q99$lLsr?Q(y4jGvt|oElF_Ku6%Dw zU}gq~VMZ-1w7+VkNy$~#Vqt1TZFi}_BVJYKL@+~BwvnId>JaW_5wV6UEteGopwF>q;hy^Ej54@M&?_hjojs#fC<-xJ*Z3V$W-k` z9uQdFtRPhVb`+=_mips52{5tgHXLS5G*3jG;ErIl=vOlP{Mb~C7TN=S(2^_c`i;8yU6U`8t|&F+dCSFu&n*B(`?d?GMw6om-i2xoDA%4i_O78t$)6VdF)ns!R~^=nk#bUx{3_$bUcf>v!TIZGhu4^HshL#orkR+D8ntA~ z1W}Jp;IgBbai+g-4?~iyL3%rCG;<9Z!@>@=)a~MLw91lGsPSK8b8(!VONO z@+Ty3XI6&e&+Ye5|Da7@@UEesSG)~>jYAnft)+0xug`Xamg+jALota)5w=LThgM;( zGV^^N?(Hu0WGHbW`>R*1JY_~EIIW&tV=B1RGH_bA(fhcr1C5Kyr8y~bZM~-9tCH8h z02Q~$r#cHd^0*d)cwaWRAC8ID)7a6N@#<80a8AZrYf1MwAtm_zW)7@9xJ#}r0ov*Wq}d(xRPVUi)$Mq_&=Y`)Xk=(GnC!Qf^@D zjI*fsOvQ9Y?!n-09C~-wbD`{nHHjqmKT&pHZw~!S{Jd;#y*S;_^t?JaiX}smC}?B- z_uj0}-H%838y1|=`&8_UpWr{6LQEE-Bf*tbBya5r4ZM$U@4MK&o7gmu&Mk7tN)>7D l9&*#Z>j!?j&#OpgkpSFb4<&aJOvi`rcW?EcGry6pg#44u6374m From a83af399fe98764ee851997bf3078ec45a9b51c9 Mon Sep 17 00:00:00 2001 From: Jin Date: Mon, 5 Dec 2022 20:19:48 -0800 Subject: [PATCH 03/12] feat: wrap all python built-in exceptions into library excpetions (#1191) * feat: wrap all python built-in exceptions into library excpetions * remove wrapped StopIteration since it will never thrown --- google/auth/_default.py | 4 +- google/auth/_helpers.py | 17 ++++-- google/auth/_service_account_info.py | 5 +- google/auth/api_key.py | 3 +- google/auth/app_engine.py | 13 ++-- google/auth/aws.py | 10 +-- google/auth/compute_engine/credentials.py | 6 +- google/auth/credentials.py | 9 +-- google/auth/crypt/_python_rsa.py | 7 ++- google/auth/crypt/base.py | 3 +- google/auth/downscoped.py | 61 ++++++++++--------- google/auth/exceptions.py | 24 ++++++++ google/auth/external_account.py | 10 +-- .../auth/external_account_authorized_user.py | 2 +- google/auth/identity_pool.py | 10 +-- google/auth/jwt.py | 52 ++++++++++------ google/auth/pluggable.py | 46 ++++++++------ google/auth/transport/_aiohttp_requests.py | 2 +- google/auth/transport/grpc.py | 2 +- 19 files changed, 177 insertions(+), 109 deletions(-) diff --git a/google/auth/_default.py b/google/auth/_default.py index 0860c67fe..195388c9d 100644 --- a/google/auth/_default.py +++ b/google/auth/_default.py @@ -434,7 +434,7 @@ def _get_impersonated_service_account_credentials(filename, info, scopes): filename, source_credentials_info ) else: - raise ValueError( + raise exceptions.InvalidType( "source credential of type {} is not supported.".format( source_credentials_type ) @@ -443,7 +443,7 @@ def _get_impersonated_service_account_credentials(filename, info, scopes): start_index = impersonation_url.rfind("/") end_index = impersonation_url.find(":generateAccessToken") if start_index == -1 or end_index == -1 or start_index > end_index: - raise ValueError( + raise exceptions.InvalidValue( "Cannot extract target principal from {}".format(impersonation_url) ) target_principal = impersonation_url[start_index + 1 : end_index] diff --git a/google/auth/_helpers.py b/google/auth/_helpers.py index 1b08ab87f..30fbafb64 100644 --- a/google/auth/_helpers.py +++ b/google/auth/_helpers.py @@ -22,6 +22,7 @@ import six from six.moves import urllib +from google.auth import exceptions # Token server doesn't provide a new a token when doing refresh unless the # token is expiring within 30 seconds, so refresh threshold should not be @@ -51,10 +52,10 @@ def decorator(method): Callable: the same method passed in with an updated docstring. Raises: - ValueError: if the method already has a docstring. + google.auth.exceptions.InvalidOperation: if the method already has a docstring. """ if method.__doc__: - raise ValueError("Method already has a docstring.") + raise exceptions.InvalidOperation("Method already has a docstring.") source_method = getattr(source_class, method.__name__) method.__doc__ = source_method.__doc__ @@ -101,13 +102,15 @@ def to_bytes(value, encoding="utf-8"): passed in if it started out as bytes. Raises: - ValueError: If the value could not be converted to bytes. + google.auth.exceptions.InvalidValue: If the value could not be converted to bytes. """ result = value.encode(encoding) if isinstance(value, six.text_type) else value if isinstance(result, six.binary_type): return result else: - raise ValueError("{0!r} could not be converted to bytes".format(value)) + raise exceptions.InvalidValue( + "{0!r} could not be converted to bytes".format(value) + ) def from_bytes(value): @@ -121,13 +124,15 @@ def from_bytes(value): if it started out as unicode. Raises: - ValueError: If the value could not be converted to unicode. + google.auth.exceptions.InvalidValue: If the value could not be converted to unicode. """ result = value.decode("utf-8") if isinstance(value, six.binary_type) else value if isinstance(result, six.text_type): return result else: - raise ValueError("{0!r} could not be converted to unicode".format(value)) + raise exceptions.InvalidValue( + "{0!r} could not be converted to unicode".format(value) + ) def update_query(url, params, remove=None): diff --git a/google/auth/_service_account_info.py b/google/auth/_service_account_info.py index 157099273..b17f34f5c 100644 --- a/google/auth/_service_account_info.py +++ b/google/auth/_service_account_info.py @@ -20,6 +20,7 @@ import six from google.auth import crypt +from google.auth import exceptions def from_dict(data, require=None, use_rsa_signer=True): @@ -40,7 +41,7 @@ def from_dict(data, require=None, use_rsa_signer=True): service account file. Raises: - ValueError: if the data was in the wrong format, or if one of the + MalformedError: if the data was in the wrong format, or if one of the required keys is missing. """ keys_needed = set(require if require is not None else []) @@ -48,7 +49,7 @@ def from_dict(data, require=None, use_rsa_signer=True): missing = keys_needed.difference(six.iterkeys(data)) if missing: - raise ValueError( + raise exceptions.MalformedError( "Service account info was not in the expected format, missing " "fields {}.".format(", ".join(missing)) ) diff --git a/google/auth/api_key.py b/google/auth/api_key.py index 49c6ffd2d..4fdf7f276 100644 --- a/google/auth/api_key.py +++ b/google/auth/api_key.py @@ -20,6 +20,7 @@ from google.auth import _helpers from google.auth import credentials +from google.auth import exceptions class Credentials(credentials.Credentials): @@ -36,7 +37,7 @@ def __init__(self, token): """ super(Credentials, self).__init__() if not token: - raise ValueError("Token must be a non-empty API key string") + raise exceptions.InvalidValue("Token must be a non-empty API key string") self.token = token @property diff --git a/google/auth/app_engine.py b/google/auth/app_engine.py index 1460a7d1a..7083ee614 100644 --- a/google/auth/app_engine.py +++ b/google/auth/app_engine.py @@ -27,6 +27,7 @@ from google.auth import _helpers from google.auth import credentials from google.auth import crypt +from google.auth import exceptions # pytype: disable=import-error try: @@ -67,13 +68,13 @@ def get_project_id(): str: The project ID Raises: - EnvironmentError: If the App Engine APIs are unavailable. + google.auth.exceptions.OSError: If the App Engine APIs are unavailable. """ # pylint: disable=missing-raises-doc - # Pylint rightfully thinks EnvironmentError is OSError, but doesn't + # Pylint rightfully thinks google.auth.exceptions.OSError is OSError, but doesn't # realize it's a valid alias. if app_identity is None: - raise EnvironmentError("The App Engine APIs are not available.") + raise exceptions.OSError("The App Engine APIs are not available.") return app_identity.get_application_id() @@ -107,13 +108,13 @@ def __init__( and billing. Raises: - EnvironmentError: If the App Engine APIs are unavailable. + google.auth.exceptions.OSError: If the App Engine APIs are unavailable. """ # pylint: disable=missing-raises-doc - # Pylint rightfully thinks EnvironmentError is OSError, but doesn't + # Pylint rightfully thinks google.auth.exceptions.OSError is OSError, but doesn't # realize it's a valid alias. if app_identity is None: - raise EnvironmentError("The App Engine APIs are not available.") + raise exceptions.OSError("The App Engine APIs are not available.") super(Credentials, self).__init__() self._scopes = scopes diff --git a/google/auth/aws.py b/google/auth/aws.py index 04c5e7c5d..d3038b281 100644 --- a/google/auth/aws.py +++ b/google/auth/aws.py @@ -123,7 +123,7 @@ def get_request_options( ) # Validate provided URL. if not uri.hostname or uri.scheme != "https": - raise ValueError("Invalid AWS service URL") + raise exceptions.InvalidResource("Invalid AWS service URL") header_map = _generate_authentication_header_map( host=uri.hostname, @@ -408,9 +408,11 @@ def __init__( env_id, env_version = (None, None) if env_id != "aws" or self._cred_verification_url is None: - raise ValueError("No valid AWS 'credential_source' provided") + raise exceptions.InvalidResource( + "No valid AWS 'credential_source' provided" + ) elif int(env_version or "") != 1: - raise ValueError( + raise exceptions.InvalidValue( "aws version '{}' is not supported in the current build.".format( env_version ) @@ -428,7 +430,7 @@ def validate_metadata_server_url_if_any(url_string, name_of_data): if url_string: url = urlparse(url_string) if url.hostname != "169.254.169.254" and url.hostname != "fd00:ec2::254": - raise ValueError( + raise exceptions.InvalidResource( "Invalid hostname '{}' for '{}'".format(url.hostname, name_of_data) ) diff --git a/google/auth/compute_engine/credentials.py b/google/auth/compute_engine/credentials.py index e97fabea9..618fa5a2d 100644 --- a/google/auth/compute_engine/credentials.py +++ b/google/auth/compute_engine/credentials.py @@ -221,7 +221,7 @@ def __init__( if use_metadata_identity_endpoint: if token_uri or additional_claims or service_account_email or signer: - raise ValueError( + raise exceptions.MalformedError( "If use_metadata_identity_endpoint is set, token_uri, " "additional_claims, service_account_email, signer arguments" " must not be set" @@ -312,7 +312,7 @@ def with_token_uri(self, token_uri): # since the signer is already instantiated, # the request is not needed if self._use_metadata_identity_endpoint: - raise ValueError( + raise exceptions.MalformedError( "If use_metadata_identity_endpoint is set, token_uri" " must not be set" ) else: @@ -423,7 +423,7 @@ def sign_bytes(self, message): Signer is not available if metadata identity endpoint is used. """ if self._use_metadata_identity_endpoint: - raise ValueError( + raise exceptions.InvalidOperation( "Signer is not available if metadata identity endpoint is used" ) return self._signer.sign(message) diff --git a/google/auth/credentials.py b/google/auth/credentials.py index ca1032a14..4c0af7a6b 100644 --- a/google/auth/credentials.py +++ b/google/auth/credentials.py @@ -21,6 +21,7 @@ import six from google.auth import _helpers, environment_vars +from google.auth import exceptions @six.add_metaclass(abc.ABCMeta) @@ -190,9 +191,9 @@ def valid(self): return True def refresh(self, request): - """Raises :class:`ValueError``, anonymous credentials cannot be + """Raises :class:``InvalidOperation``, anonymous credentials cannot be refreshed.""" - raise ValueError("Anonymous credentials cannot be refreshed.") + raise exceptions.InvalidOperation("Anonymous credentials cannot be refreshed.") def apply(self, headers, token=None): """Anonymous credentials do nothing to the request. @@ -200,10 +201,10 @@ def apply(self, headers, token=None): The optional ``token`` argument is not supported. Raises: - ValueError: If a token was specified. + google.auth.exceptions.InvalidValue: If a token was specified. """ if token is not None: - raise ValueError("Anonymous credentials don't support tokens.") + raise exceptions.InvalidValue("Anonymous credentials don't support tokens.") def before_request(self, request, method, url, headers): """Anonymous credentials do nothing to the request.""" diff --git a/google/auth/crypt/_python_rsa.py b/google/auth/crypt/_python_rsa.py index 797a2592b..e8595440c 100644 --- a/google/auth/crypt/_python_rsa.py +++ b/google/auth/crypt/_python_rsa.py @@ -29,6 +29,7 @@ import six from google.auth import _helpers +from google.auth import exceptions from google.auth.crypt import base _POW2 = (128, 64, 32, 16, 8, 4, 2, 1) @@ -101,7 +102,7 @@ def from_string(cls, public_key): der = rsa.pem.load_pem(public_key, "CERTIFICATE") asn1_cert, remaining = decoder.decode(der, asn1Spec=Certificate()) if remaining != b"": - raise ValueError("Unused bytes", remaining) + raise exceptions.InvalidValue("Unused bytes", remaining) cert_info = asn1_cert["tbsCertificate"]["subjectPublicKeyInfo"] key_bytes = _bit_list_to_bytes(cert_info["subjectPublicKey"]) @@ -162,12 +163,12 @@ def from_string(cls, key, key_id=None): elif marker_id == 1: key_info, remaining = decoder.decode(key_bytes, asn1Spec=_PKCS8_SPEC) if remaining != b"": - raise ValueError("Unused bytes", remaining) + raise exceptions.InvalidValue("Unused bytes", remaining) private_key_info = key_info.getComponentByName("privateKey") private_key = rsa.key.PrivateKey.load_pkcs1( private_key_info.asOctets(), format="DER" ) else: - raise ValueError("No key could be detected.") + raise exceptions.MalformedError("No key could be detected.") return cls(private_key, key_id=key_id) diff --git a/google/auth/crypt/base.py b/google/auth/crypt/base.py index c98d5bf64..573211d7c 100644 --- a/google/auth/crypt/base.py +++ b/google/auth/crypt/base.py @@ -20,6 +20,7 @@ import six +from google.auth import exceptions _JSON_FILE_PRIVATE_KEY = "private_key" _JSON_FILE_PRIVATE_KEY_ID = "private_key_id" @@ -106,7 +107,7 @@ def from_service_account_info(cls, info): ValueError: If the info is not in the expected format. """ if _JSON_FILE_PRIVATE_KEY not in info: - raise ValueError( + raise exceptions.MalformedError( "The private_key field was not found in the service account " "info." ) diff --git a/google/auth/downscoped.py b/google/auth/downscoped.py index a1d7b6e46..a84ac4af6 100644 --- a/google/auth/downscoped.py +++ b/google/auth/downscoped.py @@ -54,6 +54,7 @@ from google.auth import _helpers from google.auth import credentials +from google.auth import exceptions from google.oauth2 import sts # The maximum number of access boundary rules a Credential Access Boundary can @@ -86,8 +87,8 @@ def __init__(self, rules=[]): access boundary rules limiting the access that a downscoped credential will have. Raises: - TypeError: If any of the rules are not a valid type. - ValueError: If the provided rules exceed the maximum allowed. + InvalidType: If any of the rules are not a valid type. + InvalidValue: If the provided rules exceed the maximum allowed. """ self.rules = rules @@ -113,18 +114,18 @@ def rules(self, value): access boundary rules limiting the access that a downscoped credential will have. Raises: - TypeError: If any of the rules are not a valid type. - ValueError: If the provided rules exceed the maximum allowed. + InvalidType: If any of the rules are not a valid type. + InvalidValue: If the provided rules exceed the maximum allowed. """ if len(value) > _MAX_ACCESS_BOUNDARY_RULES_COUNT: - raise ValueError( + raise exceptions.InvalidValue( "Credential access boundary rules can have a maximum of {} rules.".format( _MAX_ACCESS_BOUNDARY_RULES_COUNT ) ) for access_boundary_rule in value: if not isinstance(access_boundary_rule, AccessBoundaryRule): - raise TypeError( + raise exceptions.InvalidType( "List of rules provided do not contain a valid 'google.auth.downscoped.AccessBoundaryRule'." ) # Make a copy of the original list. @@ -138,17 +139,17 @@ def add_rule(self, rule): limiting the access that a downscoped credential will have, to be added to the existing rules. Raises: - TypeError: If any of the rules are not a valid type. - ValueError: If the provided rules exceed the maximum allowed. + InvalidType: If any of the rules are not a valid type. + InvalidValue: If the provided rules exceed the maximum allowed. """ if len(self.rules) == _MAX_ACCESS_BOUNDARY_RULES_COUNT: - raise ValueError( + raise exceptions.InvalidValue( "Credential access boundary rules can have a maximum of {} rules.".format( _MAX_ACCESS_BOUNDARY_RULES_COUNT ) ) if not isinstance(rule, AccessBoundaryRule): - raise TypeError( + raise exceptions.InvalidType( "The provided rule does not contain a valid 'google.auth.downscoped.AccessBoundaryRule'." ) self._rules.append(rule) @@ -197,8 +198,8 @@ def __init__( specific Cloud Storage objects. Raises: - TypeError: If any of the parameters are not of the expected types. - ValueError: If any of the parameters are not of the expected values. + InvalidType: If any of the parameters are not of the expected types. + InvalidValue: If any of the parameters are not of the expected values. """ self.available_resource = available_resource self.available_permissions = available_permissions @@ -221,10 +222,12 @@ def available_resource(self, value): value (str): The updated value of the available resource. Raises: - TypeError: If the value is not a string. + google.auth.exceptions.InvalidType: If the value is not a string. """ if not isinstance(value, six.string_types): - raise TypeError("The provided available_resource is not a string.") + raise exceptions.InvalidType( + "The provided available_resource is not a string." + ) self._available_resource = value @property @@ -245,16 +248,16 @@ def available_permissions(self, value): value (Sequence[str]): The updated value of the available permissions. Raises: - TypeError: If the value is not a list of strings. - ValueError: If the value is not valid. + InvalidType: If the value is not a list of strings. + InvalidValue: If the value is not valid. """ for available_permission in value: if not isinstance(available_permission, six.string_types): - raise TypeError( + raise exceptions.InvalidType( "Provided available_permissions are not a list of strings." ) if available_permission.find("inRole:") != 0: - raise ValueError( + raise exceptions.InvalidValue( "available_permissions must be prefixed with 'inRole:'." ) # Make a copy of the original list. @@ -279,11 +282,11 @@ def availability_condition(self, value): value of the availability condition. Raises: - TypeError: If the value is not of type google.auth.downscoped.AvailabilityCondition + google.auth.exceptions.InvalidType: If the value is not of type google.auth.downscoped.AvailabilityCondition or None. """ if not isinstance(value, AvailabilityCondition) and value is not None: - raise TypeError( + raise exceptions.InvalidType( "The provided availability_condition is not a 'google.auth.downscoped.AvailabilityCondition' or None." ) self._availability_condition = value @@ -326,8 +329,8 @@ def __init__(self, expression, title=None, description=None): description (Optional[str]): Optional details about the purpose of the condition. Raises: - TypeError: If any of the parameters are not of the expected types. - ValueError: If any of the parameters are not of the expected values. + InvalidType: If any of the parameters are not of the expected types. + InvalidValue: If any of the parameters are not of the expected values. """ self.expression = expression self.title = title @@ -350,10 +353,10 @@ def expression(self, value): value (str): The updated value of the condition expression. Raises: - TypeError: If the value is not of type string. + google.auth.exceptions.InvalidType: If the value is not of type string. """ if not isinstance(value, six.string_types): - raise TypeError("The provided expression is not a string.") + raise exceptions.InvalidType("The provided expression is not a string.") self._expression = value @property @@ -373,10 +376,10 @@ def title(self, value): value (Optional[str]): The updated value of the title. Raises: - TypeError: If the value is not of type string or None. + google.auth.exceptions.InvalidType: If the value is not of type string or None. """ if not isinstance(value, six.string_types) and value is not None: - raise TypeError("The provided title is not a string or None.") + raise exceptions.InvalidType("The provided title is not a string or None.") self._title = value @property @@ -396,10 +399,12 @@ def description(self, value): value (Optional[str]): The updated value of the description. Raises: - TypeError: If the value is not of type string or None. + google.auth.exceptions.InvalidType: If the value is not of type string or None. """ if not isinstance(value, six.string_types) and value is not None: - raise TypeError("The provided description is not a string or None.") + raise exceptions.InvalidType( + "The provided description is not a string or None." + ) self._description = value def to_json(self): diff --git a/google/auth/exceptions.py b/google/auth/exceptions.py index 7760c87b8..fcbe61b74 100644 --- a/google/auth/exceptions.py +++ b/google/auth/exceptions.py @@ -74,3 +74,27 @@ def __init__(self, message=None, **kwargs): class ReauthSamlChallengeFailError(ReauthFailError): """An exception for SAML reauth challenge failures.""" + + +class MalformedError(DefaultCredentialsError, ValueError): + """An exception for malformed data.""" + + +class InvalidResource(DefaultCredentialsError, ValueError): + """An exception for URL error.""" + + +class InvalidOperation(DefaultCredentialsError, ValueError): + """An exception for invalid operation.""" + + +class InvalidValue(DefaultCredentialsError, ValueError): + """Used to wrap general ValueError of python.""" + + +class InvalidType(DefaultCredentialsError, TypeError): + """Used to wrap general TypeError of python.""" + + +class OSError(DefaultCredentialsError, EnvironmentError): + """Used to wrap EnvironmentError(OSError after python3.3).""" diff --git a/google/auth/external_account.py b/google/auth/external_account.py index 4249529e8..d24b22837 100644 --- a/google/auth/external_account.py +++ b/google/auth/external_account.py @@ -151,7 +151,7 @@ def __init__( if not self.is_workforce_pool and self._workforce_pool_user_project: # Workload identity pools do not support workforce pool user projects. - raise ValueError( + raise exceptions.InvalidValue( "workforce_pool_user_project should not be set for non-workforce pool " "credentials" ) @@ -445,7 +445,9 @@ def validate_token_url(token_url, url_type="token"): ] if not Credentials.is_valid_url(_TOKEN_URL_PATTERNS, token_url): - raise ValueError("The provided {} URL is invalid.".format(url_type)) + raise exceptions.InvalidResource( + "The provided {} URL is invalid.".format(url_type) + ) @staticmethod def validate_service_account_impersonation_url(url): @@ -460,7 +462,7 @@ def validate_service_account_impersonation_url(url): if not Credentials.is_valid_url( _SERVICE_ACCOUNT_IMPERSONATION_URL_PATTERNS, url ): - raise ValueError( + raise exceptions.InvalidResource( "The provided service account impersonation URL is invalid." ) @@ -498,7 +500,7 @@ def from_info(cls, info, **kwargs): credentials. Raises: - ValueError: For invalid parameters. + InvalidValue: For invalid parameters. """ return cls( audience=info.get("audience"), diff --git a/google/auth/external_account_authorized_user.py b/google/auth/external_account_authorized_user.py index 51e7f2058..04a7f5b91 100644 --- a/google/auth/external_account_authorized_user.py +++ b/google/auth/external_account_authorized_user.py @@ -118,7 +118,7 @@ def __init__( self._scopes = scopes if not self.valid and not self.can_refresh: - raise ValueError( + raise exceptions.InvalidOperation( "Token should be created with fields to make it valid (`token` and " "`expiry`), or fields to allow it to refresh (`refresh_token`, " "`token_url`, `client_id`, `client_secret`)." diff --git a/google/auth/identity_pool.py b/google/auth/identity_pool.py index 5fa9faef9..ebe50883c 100644 --- a/google/auth/identity_pool.py +++ b/google/auth/identity_pool.py @@ -122,11 +122,11 @@ def __init__( # environment_id is only supported in AWS or dedicated future external # account credentials. if "environment_id" in credential_source: - raise ValueError( + raise exceptions.MalformedError( "Invalid Identity Pool credential_source field 'environment_id'" ) if self._credential_source_format_type not in ["text", "json"]: - raise ValueError( + raise exceptions.MalformedError( "Invalid credential_source format '{}'".format( self._credential_source_format_type ) @@ -137,18 +137,18 @@ def __init__( "subject_token_field_name" ) if self._credential_source_field_name is None: - raise ValueError( + raise exceptions.MalformedError( "Missing subject_token_field_name for JSON credential_source format" ) else: self._credential_source_field_name = None if self._credential_source_file and self._credential_source_url: - raise ValueError( + raise exceptions.MalformedError( "Ambiguous credential_source. 'file' is mutually exclusive with 'url'." ) if not self._credential_source_file and not self._credential_source_url: - raise ValueError( + raise exceptions.MalformedError( "Missing credential_source. A 'file' or 'url' must be provided." ) diff --git a/google/auth/jwt.py b/google/auth/jwt.py index 21de8fe95..390368958 100644 --- a/google/auth/jwt.py +++ b/google/auth/jwt.py @@ -122,7 +122,9 @@ def _decode_jwt_segment(encoded_section): try: return json.loads(section_bytes.decode("utf-8")) except ValueError as caught_exc: - new_exc = ValueError("Can't parse segment: {0}".format(section_bytes)) + new_exc = exceptions.MalformedError( + "Can't parse segment: {0}".format(section_bytes) + ) six.raise_from(new_exc, caught_exc) @@ -137,13 +139,14 @@ def _unverified_decode(token): signature. Raises: - ValueError: if there are an incorrect amount of segments in the token or - segments of the wrong type. + google.auth.exceptions.MalformedError: if there are an incorrect amount of segments in the token or segments of the wrong type. """ token = _helpers.to_bytes(token) if token.count(b".") != 2: - raise ValueError("Wrong number of segments in token: {0}".format(token)) + raise exceptions.MalformedError( + "Wrong number of segments in token: {0}".format(token) + ) encoded_header, encoded_payload, signature = token.split(b".") signed_section = encoded_header + b"." + encoded_payload @@ -154,12 +157,12 @@ def _unverified_decode(token): payload = _decode_jwt_segment(encoded_payload) if not isinstance(header, Mapping): - raise ValueError( + raise exceptions.MalformedError( "Header segment should be a JSON object: {0}".format(encoded_header) ) if not isinstance(payload, Mapping): - raise ValueError( + raise exceptions.MalformedError( "Payload segment should be a JSON object: {0}".format(encoded_payload) ) @@ -193,14 +196,17 @@ def _verify_iat_and_exp(payload, clock_skew_in_seconds=0): validation. Raises: - ValueError: if any checks failed. + google.auth.exceptions.InvalidValue: if value validation failed. + google.auth.exceptions.MalformedError: if schema validation failed. """ now = _helpers.datetime_to_secs(_helpers.utcnow()) # Make sure the iat and exp claims are present. for key in ("iat", "exp"): if key not in payload: - raise ValueError("Token does not contain required claim {}".format(key)) + raise exceptions.MalformedError( + "Token does not contain required claim {}".format(key) + ) # Make sure the token wasn't issued in the future. iat = payload["iat"] @@ -208,7 +214,7 @@ def _verify_iat_and_exp(payload, clock_skew_in_seconds=0): # for clock skew. earliest = iat - clock_skew_in_seconds if now < earliest: - raise ValueError( + raise exceptions.InvalidValue( "Token used too early, {} < {}. Check that your computer's clock is set correctly.".format( now, iat ) @@ -220,7 +226,7 @@ def _verify_iat_and_exp(payload, clock_skew_in_seconds=0): # to account for clow skew. latest = exp + clock_skew_in_seconds if latest < now: - raise ValueError("Token expired, {} < {}".format(latest, now)) + raise exceptions.InvalidValue("Token expired, {} < {}".format(latest, now)) def decode(token, certs=None, verify=True, audience=None, clock_skew_in_seconds=0): @@ -246,7 +252,8 @@ def decode(token, certs=None, verify=True, audience=None, clock_skew_in_seconds= Mapping[str, str]: The deserialized JSON payload in the JWT. Raises: - ValueError: if any verification checks failed. + google.auth.exceptions.InvalidValue: if value validation failed. + google.auth.exceptions.MalformedError: if schema validation failed. """ header, payload, signed_section, signature = _unverified_decode(token) @@ -263,7 +270,7 @@ def decode(token, certs=None, verify=True, audience=None, clock_skew_in_seconds= except KeyError as exc: if key_alg in _CRYPTOGRAPHY_BASED_ALGORITHMS: six.raise_from( - ValueError( + exceptions.InvalidValue( "The key algorithm {} requires the cryptography package " "to be installed.".format(key_alg) ), @@ -271,7 +278,10 @@ def decode(token, certs=None, verify=True, audience=None, clock_skew_in_seconds= ) else: six.raise_from( - ValueError("Unsupported signature algorithm {}".format(key_alg)), exc + exceptions.InvalidValue( + "Unsupported signature algorithm {}".format(key_alg) + ), + exc, ) # If certs is specified as a dictionary of key IDs to certificates, then @@ -279,7 +289,9 @@ def decode(token, certs=None, verify=True, audience=None, clock_skew_in_seconds= if isinstance(certs, Mapping): if key_id: if key_id not in certs: - raise ValueError("Certificate for key id {} not found.".format(key_id)) + raise exceptions.MalformedError( + "Certificate for key id {} not found.".format(key_id) + ) certs_to_check = [certs[key_id]] # If there's no key id in the header, check against all of the certs. else: @@ -291,7 +303,7 @@ def decode(token, certs=None, verify=True, audience=None, clock_skew_in_seconds= if not crypt.verify_signature( signed_section, signature, certs_to_check, verifier_cls ): - raise ValueError("Could not verify token signature.") + raise exceptions.MalformedError("Could not verify token signature.") # Verify the issued at and created times in the payload. _verify_iat_and_exp(payload, clock_skew_in_seconds) @@ -302,7 +314,7 @@ def decode(token, certs=None, verify=True, audience=None, clock_skew_in_seconds= if isinstance(audience, str): audience = [audience] if claim_audience not in audience: - raise ValueError( + raise exceptions.InvalidValue( "Token has wrong audience {}, expected one of {}".format( claim_audience, audience ) @@ -414,7 +426,7 @@ def _from_signer_and_info(cls, signer, info, **kwargs): google.auth.jwt.Credentials: The constructed credentials. Raises: - ValueError: If the info is not in the expected format. + google.auth.exceptions.MalformedError: If the info is not in the expected format. """ kwargs.setdefault("subject", info["client_email"]) kwargs.setdefault("issuer", info["client_email"]) @@ -433,7 +445,7 @@ def from_service_account_info(cls, info, **kwargs): google.auth.jwt.Credentials: The constructed credentials. Raises: - ValueError: If the info is not in the expected format. + google.auth.exceptions.MalformedError: If the info is not in the expected format. """ signer = _service_account_info.from_dict(info, require=["client_email"]) return cls._from_signer_and_info(signer, info, **kwargs) @@ -651,7 +663,7 @@ def _from_signer_and_info(cls, signer, info, **kwargs): google.auth.jwt.OnDemandCredentials: The constructed credentials. Raises: - ValueError: If the info is not in the expected format. + google.auth.exceptions.MalformedError: If the info is not in the expected format. """ kwargs.setdefault("subject", info["client_email"]) kwargs.setdefault("issuer", info["client_email"]) @@ -670,7 +682,7 @@ def from_service_account_info(cls, info, **kwargs): google.auth.jwt.OnDemandCredentials: The constructed credentials. Raises: - ValueError: If the info is not in the expected format. + google.auth.exceptions.MalformedError: If the info is not in the expected format. """ signer = _service_account_info.from_dict(info, require=["client_email"]) return cls._from_signer_and_info(signer, info, **kwargs) diff --git a/google/auth/pluggable.py b/google/auth/pluggable.py index b4fa448b8..7fef36112 100644 --- a/google/auth/pluggable.py +++ b/google/auth/pluggable.py @@ -93,7 +93,8 @@ def __init__( Raises: google.auth.exceptions.RefreshError: If an error is encountered during access token retrieval logic. - ValueError: For invalid parameters. + google.auth.exceptions.InvalidValue: For invalid parameters. + google.auth.exceptions.MalformedError: For invalid parameters. .. note:: Typically one of the helper constructors :meth:`from_file` or @@ -111,12 +112,12 @@ def __init__( ) if not isinstance(credential_source, Mapping): self._credential_source_executable = None - raise ValueError( + raise exceptions.MalformedError( "Missing credential_source. The credential_source is not a dict." ) self._credential_source_executable = credential_source.get("executable") if not self._credential_source_executable: - raise ValueError( + raise exceptions.MalformedError( "Missing credential_source. An 'executable' must be provided." ) self._credential_source_executable_command = self._credential_source_executable.get( @@ -136,7 +137,7 @@ def __init__( self._tokeninfo_username = "" if not self._credential_source_executable_command: - raise ValueError( + raise exceptions.MalformedError( "Missing command field. Executable command must be provided." ) if not self._credential_source_executable_timeout_millis: @@ -149,7 +150,7 @@ def __init__( or self._credential_source_executable_timeout_millis > EXECUTABLE_TIMEOUT_MILLIS_UPPER_BOUND ): - raise ValueError("Timeout must be between 5 and 120 seconds.") + raise exceptions.InvalidValue("Timeout must be between 5 and 120 seconds.") if self._credential_source_executable_interactive_timeout_millis: if ( @@ -158,7 +159,7 @@ def __init__( or self._credential_source_executable_interactive_timeout_millis > EXECUTABLE_INTERACTIVE_TIMEOUT_MILLIS_UPPER_BOUND ): - raise ValueError( + raise exceptions.InvalidValue( "Interactive timeout must be between 30 seconds and 30 minutes." ) @@ -183,7 +184,7 @@ def retrieve_subject_token(self, request): "expiration_time" not in response ): # Always treat missing expiration_time as expired and proceed to executable run. raise exceptions.RefreshError - except ValueError: + except (exceptions.MalformedError, exceptions.InvalidValue): raise except exceptions.RefreshError: pass @@ -247,7 +248,9 @@ def revoke(self, request): """ if not self.interactive: - raise ValueError("Revoke is only enabled under interactive mode.") + raise exceptions.InvalidValue( + "Revoke is only enabled under interactive mode." + ) self._validate_running_mode() if not _helpers.is_python_3(): @@ -307,7 +310,8 @@ def from_info(cls, info, **kwargs): credentials. Raises: - ValueError: For invalid parameters. + google.auth.exceptions.InvalidValue: For invalid parameters. + google.auth.exceptions.MalformedError: For invalid parameters. """ return super(Credentials, cls).from_info(info, **kwargs) @@ -344,7 +348,7 @@ def _parse_subject_token(self, response): self._validate_response_schema(response) if not response["success"]: if "code" not in response or "message" not in response: - raise ValueError( + raise exceptions.MalformedError( "Error code and message fields are required in the response." ) raise exceptions.RefreshError( @@ -357,7 +361,9 @@ def _parse_subject_token(self, response): "The token returned by the executable is expired." ) if "token_type" not in response: - raise ValueError("The executable response is missing the token_type field.") + raise exceptions.MalformedError( + "The executable response is missing the token_type field." + ) if ( response["token_type"] == "urn:ietf:params:oauth:token-type:jwt" or response["token_type"] == "urn:ietf:params:oauth:token-type:id_token" @@ -375,7 +381,9 @@ def _validate_revoke_response(self, response): def _validate_response_schema(self, response): if "version" not in response: - raise ValueError("The executable response is missing the version field.") + raise exceptions.MalformedError( + "The executable response is missing the version field." + ) if response["version"] > EXECUTABLE_SUPPORTED_MAX_VERSION: raise exceptions.RefreshError( "Executable returned unsupported version {}.".format( @@ -384,19 +392,21 @@ def _validate_response_schema(self, response): ) if "success" not in response: - raise ValueError("The executable response is missing the success field.") + raise exceptions.MalformedError( + "The executable response is missing the success field." + ) def _validate_running_mode(self): env_allow_executables = os.environ.get( "GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES" ) if env_allow_executables != "1": - raise ValueError( + raise exceptions.MalformedError( "Executables need to be explicitly allowed (set GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES to '1') to run." ) if self.interactive and not self._credential_source_executable_output_file: - raise ValueError( + raise exceptions.MalformedError( "An output_file must be specified in the credential configuration for interactive mode." ) @@ -404,9 +414,11 @@ def _validate_running_mode(self): self.interactive and not self._credential_source_executable_interactive_timeout_millis ): - raise ValueError( + raise exceptions.InvalidOperation( "Interactive mode cannot run without an interactive timeout." ) if self.interactive and not self.is_workforce_pool: - raise ValueError("Interactive mode is only enabled for workforce pool.") + raise exceptions.InvalidValue( + "Interactive mode is only enabled for workforce pool." + ) diff --git a/google/auth/transport/_aiohttp_requests.py b/google/auth/transport/_aiohttp_requests.py index 179cadbdf..364570e31 100644 --- a/google/auth/transport/_aiohttp_requests.py +++ b/google/auth/transport/_aiohttp_requests.py @@ -140,7 +140,7 @@ class Request(transport.Request): def __init__(self, session=None): # TODO: Use auto_decompress property for aiohttp 3.7+ if session is not None and session._auto_decompress: - raise ValueError( + raise exceptions.InvalidOperation( "Client sessions with auto_decompress=True are not supported." ) self.session = session diff --git a/google/auth/transport/grpc.py b/google/auth/transport/grpc.py index 87fa5042f..55764b6f6 100644 --- a/google/auth/transport/grpc.py +++ b/google/auth/transport/grpc.py @@ -255,7 +255,7 @@ def my_client_cert_callback(): google_auth_credentials = grpc.metadata_call_credentials(metadata_plugin) if ssl_credentials and client_cert_callback: - raise ValueError( + raise exceptions.MalformedError( "Received both ssl_credentials and client_cert_callback; " "these are mutually exclusive." ) From 84895cf09d40c7be7652bbbd0dc920140d0f6f0b Mon Sep 17 00:00:00 2001 From: Jin Date: Wed, 7 Dec 2022 13:57:20 -0800 Subject: [PATCH 04/12] chore: update token (#1199) --- system_tests/secrets.tar.enc | Bin 10324 -> 10324 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/system_tests/secrets.tar.enc b/system_tests/secrets.tar.enc index b6409753b4a1f81a87317494d650feb5b7630589..a78477bccb99625e34bab3b31711a27964dad1ab 100644 GIT binary patch literal 10324 zcmV-aD67{BB>?tKRTBuc9@fQ|!h2N^0hlWAJ6RK6>!4`~m_NswyC=)jsHzgGPyni{ zhrHJ+k0E&SA`6aKcUl8D2Nma4rR~-gS6`hpP$)Awh(&%jybb9b6Q&Oe_#AqD7)orGk6{ja5a75gNwibh#C z@FT?Ts!@96GG9TUP?OjPRcA{D|ENLyOm(6TL)7PKt2HQAUpPxwUsZdLvsPIcP8AgY z%L$Mxy3Rb8t6?6QQXAw0Rcm)RVX9+C)$U+Bq7VwzQZ zF|J?U5Ke3bCLh=x{RCyy%nAW;O(%)wAm@Lw&BT{plnI{0?%AttCCi*qw7)Gf{hRSv zo!(YKRr*p7`~rf^0y{}OX9Vo{Ef}`R>jUGd6cF}Q&hRg?X4>3~4(pR(k0mtEf65 z2G=Cvmc@P%OQv}NTbCoPy{%QARTG9aI3&QGu><%sCeks@SS1%jj!DrRQB$eaHkM9b z<|8NNeW4uvw@GWyEnEEV@>;x&$2PC{U{8I(XV)ABs`}Ye-|(e$UX(w?|@y!QXS(q*+=2`1a3+j9cY=PWVOHGbfZGG)XMOf#0w z@%n|pe0e@f3JhP&(QB~NSn~HBW)48z|358jpVLg`<7I0dz?BY;7Y* z5$t&*eNy8+lOW+H&ackO>a&7DGk?wk7rc`D%i-2_sy*F(FA-tej58&yLLS zML`Kl=$!7{VDLiY*;VTLv-ZF*?HidB#9BrGd(D7&BE+ezEZ&Nf7W)qhMh}8PYKFtr z`PB!auN9o9Qo8TZWTw|+;2*bJ);Yy+RF<~>IqqH0BXR@iGu99H-aiiY{=g6JD6i}K z@;?Jp23sy0X7@y(g$>c`yvlMNh;~gGL^5N1MMiH?bdH-KuR#PzMm4iw3>@s{0hdj) zLUjB5BD!iF>`)!P5|G|9OZq8Sb6KRY~O)V3shJZmqe@D5U#V@5bWwZO2 zO;#jyKg?g~#E)Q%<|od6s8QjdqWB{pyJN;}aZvIpYe~(O1NU*2w@vd@O}oV8;@MgeGRC>}V{=96(_7q&gkQW@&W)zqnnX83u>jtHjthtS zQvtwSm>HHwmjZW6$lZ$xz;Lf@K}o`@1vPKXJeGi8huz{2L7vZ~dg0Yu*TN334Vz`y zj8K^cfxkM(+VgB~m^yOjdf7xu5L=!&FBD^RO)!kmpG=oCy>%9zv*;aan3A< zkjx>=AU-%na;G19_7ZQ%3M;|T5@@aR1qjJ-!oTUslF`@4)IVld?psru`>jQhx1&A; z2bR5jTUed{33V7y#g%>@_%Z@3Z@I?N4I*K$e~?_13OGMY-F^nZg^%g|6+ar;r*V0U z77re@@P=9oj;!x?Qas>>HdrBq8c-2-thPO=pk+pNc4N!$D}lgH+W=dD7bHxcE6dV1 zOrg@{6@TWgkZy84@AeLIl4(?S{(N&TP1H;Kp^e|F$7e-fuu*Cz^U(12N^6mP?pN^U zNsfq2Fk&fXr%+l|g5wv(;pQNuenW%feFqL=8%W);&lOrW<`SORh4!OiwmcHlIyDLM zgOzvQDAC#8 zR8$k*fp?rV6-u+Aet4?!eY8vMyP=*B|2@+k^;iQ$ZOIsY+kaZ5ZaKSGQ{*K+&>$F`C?m;)v z``a>}bi$42^Nc1l_d~bN^%V*j8+d%qozZ7h@~2^((rc)DH@dHZB|Nb4GJui7I*nz2 zTV61P_^>fbT!rF{{~e2hZ>=wO(>PTyW0m?yg$VP-7;Hfg%I-T|8kH) zu1)M~nJSLb4~;=}huWa`eH(np;2K@T6ZKQJN~N$03+BY8uofqYby?=DD6xmmVG3{m zL3nV^Cv^m!x4}CfCkr*NGPV3}7+0uas)8cd4bH+mRzQ&;I^)#E)(s&?=z6au|A?2< ziNuRbdmwC4!%B=<45yRHqu@&Wu8FdHSsJbQCF+j)MhWOdaBF{%CT);Is3H7&ys-}gaj4MgOy7bk7 zU~R*XWiOWX2G^Ks$^H}U3&Bdq0~{Fn#|q!6-=u@E94SxakB##1g|JU1j^3t`h6Vl` zj}`^F&E(D#baH3EmU1^)@~gY9SqOG9?@yb1fL$z_4weoYBJDf?8{=hQn2dh-rt_bf ziv0GXzFyIFRu`Ewz3v-e^@2}^4##!_po&49G_JUm^!>*oc za`I4u0<GD6AGAJWrT*JRl9bD#EwKnsg3Q@!C7rw#$k4i7g1m7+) z^=i&yF_tK2<8~o@2qp7HoY2q?7u~#=O&UeV9|{7c8MZ3;yiC(=XZAR}A@)W@Ci8YT#A8jA z-&<(8#jel*pIqC_oeHDIh(z-}pc(UXkGeCKJ-pY`|b` zO2Vd^fA@V6G55u%M!Z4HM`o16&MKSV+e9+J*DsJ?MWeqCAW;=Pcoi9ON-1XxlQwL9 zlYNm!_mxE#n$XuZWG2tajS(u%I@>F%Fqrn&)Y3P3$;Uvhm%gL>K0p&Ff5S_}F%hcy z@>R?R)_pM{oH|vgQ~%8MS8J{b>NJIVY;jb>?oWtl1eC}ya8_!Xn;5XtSLZ5EiOV2X zSztR4bu=pITTh&7a#`w5G08$)x!`HTlv-l5gFY9%Rv|=gLD)F-1!Cg3u%>?JZ#1b- zhYRDMI$qw78U5=tj78zz_Nv~Low2@p6uUbdk^1R+VqA)qJTw$^GC2(%E|FKBu0v;Yj`25% zy8EdpVXX=f{>hqFXpgAoTxgJHw>?3}=XB2+Dd^9Dyhsm2S`}leNuE+7lu0sIVT=0x ztfsVXw>`lN%aJtLIL933bmy8t`#<>U8`zG5TFAO-Q&DzLb{)9lH0Ge=D%luWH zG`Uj%mt=&=dVgm|39Fnp+r5%J9(P~FPG-bqZ3pu7J3ZcW! zs|(ilKY$$kdReLtemWLiUD9A`8!R6|isjSzvJbs`k(|V^3925LyH52-V5M1yS(UAl zDgUV0AJtckO&SXBW7+4)3Gn$WJRaYzS;9^?d?EIlxa<)6NKa#?+33-(5~H#R%`9)vc z8dTOwX!`xP@!X;z;F~z&&tsAhrmL(OBYLARnK>t_PF8jITpQX-xT?(4Lieu_+$}Z@ zq}V(;`2Q~h-ur#e)0(@e#82E$_Bi|V!;`7SCaPy!l*f2{yF6*cyFH7yLZiB)hBg%f zk7o$oBbJ&fKdRSF^AYNK4mFUi)$-tAfxk1J-m|l0JV4S;u`XSx$xpsFB|EB`G%k3V zs$09KOD7N%6q20-);HSREvRR3%d4uPUY`e0&jVvWNdC!NV;x_xh+h%IJKMC|#8@R* zrPE&)fyuMnte`XkhGj7cVxWw${hZ#>lyjwxH}aWm%O~}a&ShZV)$4_NRVTlb0kkKM z4E9Qo!b04V7a_+-Cx*?Fc+kPFX=v?Rx_FtEFdGogwMGk%g6zV29;(J1*6|AOlH$oY z%YP3zb+b8(hCEp}vg{sm#NweIk}70On>vmRIr9cgVud zkE$Gzs>a=o9z72?G}zt2hGejPdkQ~upqYM^Wiv5{4| zzG%{7gxlwtFa^?ByO9YKeH(HRaR`|GAj{Nvs+MWdrEV_M2H7fOZ=O9Tia zk5|Q~vDeR{HC4=#>!C|0+-;{4m}$Az#DsypA)tqo+Mqj4Y-h_wX?zFF!5sjt4&$lt zxrLt#XHf~?U3LKHrpI(-Am&S;?4Q^@unoW8l~F=pZh#pzuPLhjCc$`K9j3bQj7`YC z$==`Bx$lszx~3<=r{K3sutItD*ZO2JQ_JKaWOZdMX1QbDU|jCgR+~`DxGxZh?sv6? z#_KtnEmE<0v0s-Dm|;fv9G-IphMK51%&TSSjN`e5HTr0L*L44u#vc8-D|xRDM25C%I*G-M)Fyu5uccNSWK7_ zF~#Q4k9_>QFKZ*`ABd;L2Nh%V4m>=S}wr!+b7 z*r`#m)k`-R_`6=?lKqYNA|h+Xd%FfgG4GD z{3ddcPtp;<^CxhwLg|#2Zegp_;m*{ij+=pUQK-clZ1--Lbby7Ods)s6-cEcNuo+Dl z`1mM?ma|Wg?E08gxb+q|%XTng|AdlUBHqo)Z<UqbaB<<1XR#9u(rbfED;ogf9mw|rB#2A8VhPr+xH-j3jg*ic_R0Vp(Q z8<*Wz7^3w(y{)6g_BPvO-fW-<%8aW%XZqnBCNMhV=o{#pZ;?2B@3H*g+g9w)15 zSAUNBR?>}P(4F{Z*37$D# zjPeBP;sjR?*GCT8THK=YHbp{=&=Oa0(cN#W-u;6=T!)zi{TU=`nAk9l+%nL51`m9= zh-y4lzOL$(mXnj7`IvPlr%3MYV9sdx!AE%L>mibQHDx4|Wh>cc)T_Y8-a=weixU?o zQ#!mGax+q6HQOAaJwXYn=UKMfNKwhwq)`pE=d=0vU;!Y!%v~E z=Ai&ly(kl3h|;5emm4f|A`lcc`FwHIJQDlz^G+f=qR;fWuy2QrG$GNHI_o)`Rp(zG z^UZrL1OHSFi`Otd=svPN-WWH{ktmiX%c;czHbLp$zUnW;vp^ZK&(-O9Vov z+ti^P;8q(Jt@iNPPecK`(vjT35paD@v*+6cbDOp~WcCX*QY`P^1!;2J)5+=!AYs;o z_e}hrU<(ydM52V_i9Gzp;adx9*>!k=7T4V73Js{F zi?xOP(5`L%(&u<&Tboplq5V2L?zc0ZEKa2J+$VxF-a*ycQ zG1=IiJ58Gt0)#WK)SKE{bEgrnY@q^4|6i|Hc7?8Q?CPC9{6@ehhfB8=yZwe1n8Q<` zVwr;wHVbO!O)3h|eSu^OoHkRr5Sx1(4~;wCpq}L@KB6l1W%VQrVal&m&$AJ4Nhia4 z)-t%8c|5ZLf*da(kBRZf6j55;u-MuUl_7&!++68l)-?sPC8D0prG9!HGYDHDyC4p7#%sf!9T?96Sg@o@R;l2%{m@|ZB6f^LzVH6${nFKSvZcuL!k4H-=gGhjWdl9 zQm<}aCclu!qq&=C4FY?U{lX@?a{f zZ?+#@$ZfhWSM@wd)?sPYDqaSxi8pI!cRZAi#?=3?dPv*IIVEJXv_)PE=%F2CaJS)}YmB1vbqmhk1_VMmZHrbf0rwDKuUiZe(s@1jyhUjlIB* z8z~`mDu)FHSW!h44Grc;JQxvPqhg6_y-c@3riXYr&z)~;P4Ysu*GbCY{b%lx zBgHi$4PbzI;?C&TFz*~9)Hq5Y!>Q$W9=ZCf`n5l3aL5Wk2up_r+C%t@Kn7o6>0y9_ z>zG0(A}D%?4|eXMVaSvW0ZVknJ~_42UjWMa_rEOFD|$x~gMcHpW45qSzHd9{A#re} zJHF{zLdnXUK38%oF2^_|N{<1V-Q1WA_~X_V7zuHFzKRlMCx_w}W${1pPC4JU^+ zgnRwrVXl~Og!bs~ps&l5Gla3Ic7QQ9;mDZ)fO!p7nDO0mgmf8G2LAmb7VH82t@1Mw zu3Y~)8(Il9-})4X^Kyu5=a7?bK=7)J!8a@3Kv0FA70#`_cMIYnQhASb6WSXEK{aDz zsp$#AyfbFKe}5Kw>*`**jm-i>sLO!PfQr#qp-{xXHFjn4MHS2NtEsK8r%?J3E3 z(!|!%rk&j*U`f(HV$?bRb3DK`n!z3Z!b>&Mjt4OJGuFrKXxaBbU~SGI5aJ@HY+^}n zqAej%2bg9zSQh~Xf-n6Gy#GoQ-hgjlHjAuwQGpHU?4lj1P1CGLRS^*DIfBhBU40{x zKHUZ-l7Dpr>L#CQc_3wW$@*x=sgTf81)nLLFPG@N7|^6XJ17poY32X~?e9vZ4HEn} zC|7foI)KwM7|D>)rs^d-f7Y1N@y0g1zLIVys{xFF!(d{NaE;7P;g1yb+}G8Ib4s?#q79oQm%gU{8VJ zggLBU5Gpi0C^uF>L>yxB=hRapLbS+Q*Nj^13_xa;*;R(Z?eu(5j(O&v>ogFWx`sT#-sB5XyikA^qyU6*yj(@I@ z0)o^8ige*TFtgXZvhkToZW1p4TceBcEGWj&Z+~@JvOLMSFI_O@{uI%({&t0JCEn$s zHa*V&%sk!Y8mD5jlo8s$9y{Tki_y-dQlBoBX_u7VZJW~0D?rV;2GkeFt6m)o8|ZRU zivkHcHu)z}~5kkh5P9+s%&Oy9`5!GmC-4zEEieZ1eH6XQe~iBNaJs(-YVs zMiHd>>Vr%GePJ)zhdtU6)D=zC(CW%eJ8?lcerc5^_i{QAPzeW%4qVG=Vk=aauiAaQ zvHd9)z5qMVgBK>1R0gK!El~-}%~UXu1*?3~6p5dj>FE=Sg;;_)Dd8m5CVoop=xxc!iQ z&{ILw<9*hZW_kn@Lg=r}2ttc{mV`lPAuK~)<;YeCcj|DuOr?IP0?I8vbwos50KY-8 z1X4I&%SQW+PlJ@`zMXA5IzZ?vkB)Cj2D|{nwDN|nGaw0op1xCDZJw!R1X(hv2l27z z3C{w8s84J49*VsYXfrsUt2`p_F`$;3KZdXselp zQwncR`ok*T!0MiN@E$3YPzozRr}173E1n)+`r%&?`#iUvuDJ+c7SX1}y+Qr=IH;@Q z=oYR>e%-aFv7||OsAb6K5 zIoh;Gxy)0gE?T7&}cwySqxPv$)ytsnI3w%c%eX$0_F`o1TO>4i~2bHYiOZ39c< zh-8BhWpUr@98!fV2|rF*GEdS*bJ%Fc)zrvWK!OWnuK+>AKVO4gTaP>0@eg>D@vS2z zWD6)!jYuGzI!KhFUP$Az2RE|CXD^pOlFlW1<~;XjtJ^TmVa|NqMWbV%UB{)QNi91T z;v&`ZJd`iPjV&_2af6B&q>z3{PU1x&8TC_7Bcwfd$m8z}sGUZ(wyHB@Y&hH-Wmy)) z#F>$5zG&6NE4X}WkspuMOYj+lO)R(prh}A}q?@6zwN9i&DGND*cJ_L`i}>J;y@I&) z!(uqGEZtv(J{RhL^`j%OjEK8d?LhYiKT#*PZg9g>l4LpAm8#W5T%5Ruu&7kqt*5(s zhR{z|;ab|21P>DR;z2g0L~mO!86rcZi(y;K)*FIowd{JdAc>M|N&|v5S`h5rq8`;H zpH0@bpM@~8&Fhfd@`T#cQxjQknh&~kd8~F{^$x>+7o9=38U7mXd}0ppHoad@LsHM`q8h%7 zP}`jxu-D1KG?0UC)3TN0vv7eu9Gp?PmA*kAwG4jMU%elo0R+?dXrK@T^tbRr*%R002wy_r~D{I&phT$X0EbO95h*#~Cng#~sxaVO3TFp02wCHYL+$nQS(uCe1J@?T2bL_iLW|>kp zin!wnC6CC}d3vJ&#FkC)#Mwc+`Qf9k_#7E?f>Yf+Amz&(+6_?dXC>^xaXOJYs61;V m(HthaG*+3rvm&v@$42d@21M0f#%f&$cM8ZCVv(xwfCqn^U^G_% literal 10324 zcmV-aD67{BB>?tKRTHz`r8={=Smy6VPyni{ zhrFeyt26mqJGkmXNA!;f=bcY06Kz+!)29Of9lm%3y0NEm6LFC!DkC|FG>z8Y{4vL8 z1b;rT?Hu!wTrMx8X{@Jde`q2kw8GxI^2?1r7C_T2qRM(4Rcy~VFc%uN=Ye$R*4uem z8gOv1H84Bc`V&+8&=L+lycBxepo$4aVkLg{`LWQCbzy+)Z3GI}Ys@9{pX!!49h_gH zAMj6;1oic^fbx{e+6=arVvX{t{(zf4RI!03Z924dJ+g_c*{f)|DIS#0Nvu;d(`Kw+ zU!EGcZetLJERcqt%{~2|CLuBhS&HDQKT|@qUM2aLmNx#mAbA%jAP$mF5h~Dcwa2l5 zp27C$^q2Mmg(Ate@@Fc@2h?8ic2V9~@y^;?<`lK#Q|QWWR2~k6GZhwBO%#(hG)GJ{ zf=mNLQP^L6t__7scGJOv;FAjVEX^HwRFmcc$3f{vQ{C|^kUK4+@^#0f#iN1Mi2i7)YIOQnas z%;-sEf?iAW1QF3l(3Zj4QY{Y^8%q!O<}~WgvrBuH@^_agjmPjodY9W)t3#y2vZZyw24;8p#UjcR(T&#{=n|8^$=b(d%D!zvQS?VesM1L90AcR=B z0@)eg-Pcy0Slv_hCkwp+ps!v}|B6XAPT7+G(aR(Ym^^ZdvvVMhUfZ^)ZM; zY-+o|LFsEMh2&LIWM^Jkx_sI$@vKIoTqXs_g55cQ`LT(B)c)^{o!QoTpz&jHV0HHd zz<>ikRNAj}g*Am@q8ObsNm6LD?9TD6A&~kJG%%uj_J{XnHOtgX)3UUSw{kOHm8zt$ z!PBr8=;Y!Um-Jj_48sYXv5E0lV63Dg{X!S^3fHMCN}oEKOCUjzs4WHNhfs|quwgl+ zWf^0bMx}OUA1rkDIT~b5G*rA+>Y>j1H7+knmz%=AvIZlX00pBaZv82BP25_8r0iyQ zi@SOerg((T=nXJPjLB~1LR80u6uBx%@m1`yCH`=hOaV?_M@#Nc9&PuH10m=)3=AsK zO}C*M1j9Bp#5xfg6pghjEbR66N$1WsAFWP#_4q4csiYgRu}ca_9${M<+2zwsgG@tz z<~zN+2Qrk^M3ZbJy=ANsf&`!)XT>L*h{RL(jGe)^x*DDr;{+xGMU+kMB+S__AszM7 z@eTLnbuzEaJ#XFtc>r2@sRPMNG&0z0XhZM?qHHjnHjt@ZPeb27G5zzd=Euyn zD`$`{)k(uW$5SWfhGo2qU~J_~H(~H-as!%smJpo+-s7@_K`<474^KQ<1}=AVlqZlB ztfVBk47@rNV?t>#%y#&YE?!Z$&IZC_aQciNvgrzQ6&ljJ5-v>s=fr#*MZ-1yT(nm$@U&smet zO;+}Aq5DUnrt)k-*N`1+@3KvplO-&?%(WszLqk_vWmcZK1+BautC1n5X~uVUxcZN=#>i78N2AK}usF;#euLK4+-3pvGp(O0Ltf ze{~nWmh*o^pv~eWMK>>PXa)XGQ2O`%m7hVcgyJ4zFr-G&^D?)nH8;6dE7F6^KhQS! zOiSdTC_NLmn42wRndpznt!@?VCmD}?uGxiiXK6PXSCWlK4>eaZ;0=3Q4&{`47_5Ae z%6a3peqXO=M%i;0);I3)(TKh~j*s1J@7aXu4NOs(bZ_3WPnN|b{{>pMJ=DMIw5PPk zP~KOY0hOf=T2pPR87sFI8P7l6MC>!9=9f4cyNqlJ8oyLG)6zMZ(G`qurnQ|!0y>Oq z{XvoOlBzfFU**@0yQAf67A!TH4YCJz)nxy=z8D*7bD$6V+y2{pRsV*6)%Mr`|D$PI zqF?+SJGIYdY*oTP(jGZ|KCIt>I`ivEkJFbT;1h4ok36!0s0@v%w#90xm&cS#6^y|z z+b5Mm_)Hb0Q`RiQmz&d_Sh56wGYihg6VRoOWKh}H{FTf4#PT@Iq}6R&;H}B*&FUz7 z^Tl)E)(b9=0-r}Wh=@&%0eHYf7Ai|o7}k!25$s!kIF(nmx`l_(esu&7(X;64`N>&$ zkXxK#xd)U4xZt3>y}Hdh+0{6>ts?A%^oEx_>X>6OonrIjeQe}GkL7-(8texEttTP2 zn{*l-Pfsd-FFQLL3z%CXP*VQnZ^-+qO4uw|QF8LZr91>PFx7UuuEO>dv7fqH(sYGx z9}aga-wdz}HgMDa**e>no2Q`Y-d^;~E+mptnAGsS5)4j}4MUHqDrr$BTo~1GnZZWF zM<8JXkE$7wHBeQIar6T8JGX9o5y+y;PM+D}&ec7Mh|+BLICM#_Ep4NNbNts_m)t!M zC0{HxH2U;%obIXUkD^!pd=1E0;p<$G-c*wo%4~pU)QSY^aA*)2cNNfHF3K}SaT9A(f(3Cf+ zr97lJ^%FA}bN+X!5fWsu_UbPG{t4h#{|2k-NO(zfMi$%2k$oJAL&uCpiB(8gwK`22 zg%?+o;tfl>1ze-)@_m}_mt^=|N2Go`EYxo8kR+sE9Z-9(w>?@MxGO#AWLQZ+q)6S2 zt`T~*-jwd10S?LaIS+&1)>Tm>bQLy#^w1PL8&!ie938W3#aT+_=}AZ)k%aiw^38&c zw$NCXoE!JUc}j8{?bI)55k&`E`evwEVbB!__cCcJHjem>DCbMsU3qo}`*gq50CbRZ zT$vo|=AKBGCEW9lnZ17*kLYE`tZ6HNX6Fy!l?ZY$jzbg(8y&j zNmyxmLa88CM*@F*F}N$4HZu3E`+}EK741+O>?mI8;i95ue)1aD){$I? zU~jZEi5zP#-bKloZZ+OfsyR>@$4@S`D2ur~Jt+S^dKqc(KBFW7D0bD^Vm2j3ztPWV zB|Q)J$G9_<*VeO0XZ!_?75^pG#49;R`@tJZDLR7) zUdw{)dG3RXg1)d>g@y=YfBnOvSXi*Amu3{F*-#1BSC2lB2ztcedX5((=Vs0_EHnB4 z$VNw{?Z}%)NYzAh*9(2S7-fEWR^VvJa1VaeI&dHy2CF4IwhdLXSE|c?TpezVO-pYP z?ZiaCW_$$r#I4t~+Q}u3Hcnq{yJg8b*go(7tak8KHgxp)P~xYPfAlkhkOdsOhY&ym zY|OqT&y2zNTX0i#OQN#KtW9%#fwN?X1_)d=Ohy?mMBrWQ(e zk19#dQM0v?v{t|ov+5*x0^c5oL+b8EqEU^q&wZM5T3spG3Wu1|LdQ zh0(+le;Q#5YjR&7lDvDAm&0Naz9suYjRh<$xniCaq`Cx|UEGes*BU{=Hrw#9b~H^T zAc)GuOog;WP{-w2(H8Y}p~}?j9^x5Ee7-I5wu}NapeP60Z+>^Bl{}F;dF9p><~dLG zT;a8{__C@I&KFLit2&GY-1@l`?CJTNNqA5HHP1NpQns0rQ#xjpdVFMWCUXIwp%Scn zDm%I4RLe5px~<+Jb*P6rdQt{i^G*iHUwAk-tHhtcR@& z?FD-n6v{~LbfbZGLZGfQHh3`v`GP%WQc1Xxv~|hU=usNWg;QwbLi6Y-`+>D>6hY&4 zSLm&X=?ISjG&9Bi#5oTTZiDurF_Kj$H&^O^;k*jx6+LydQk@9QF3GD6|96=I1YMjy zSuDxrUlthXXsRgU@+2kbtpSN8+F&`(*}u?_B>_uw*J6KEb<&ckGD08U%wvL`UglB( z-$;^G{W-uyawC8xDTtEIJI%pk7*aL0T(vew7#M_4Fw{@ z%4SPn!L!`MxB7WyX)r->Bw{GNx%>U749E09dV-*GZ|dG4P&55H_yen|(W19$2HCe? zfZ-0D)EU?SoJu$zcM(OJkr~5_oSv+LwguSw<_}~EZufSpPca{Obws22P#J%2vnRNx zupS$v6tjo%7wJ7$8`itZI380(z(9vEvuEi4Uhaeb0t%V`FR_n{{Dv5T2Uq3jE?^io zRFM7KB$m&OOvMnmOn`B9D; zv-+o8#6FEz7*d){zpY;dyn>LNfHUl6B(k&QhNo-^mivHk@8`# zGfhD@k(PR>i4Xl!$(wHX^^As610+H$=ZXgO-3kH#>s z=fr-C+EbG?)X*)1LlO(n0fjgdwPe_Py}?^Ycx(|pE$^eQ#icSsTe{N7c~D*?3DZ^} zs{N?+IvG3Qg|@t-bh-4y_8(U21hi2BV<5_@HSdmk^;Vv8SpBEir0uIpWqMB>{ z)|+MM$bFs#Y?CTXpv!5s1em zRF4rf)IseN9}W>!xK^uud&LX5*EG9TKU6bHq#y$Q^R>}27Z?73A`^L^LiFjY;BuV? z4iQquUuAuRh)e}4#LAlWzx}v^A5NY3Fx{!^bKAlz-ffKba+6v*&g4~|03^*-ZbO-w z+`*e8&ug905)jygI?BfB#u{Bs<5zI>Hx}Y^Ow^LL+U0b_nIg!+Y^Qc zdvs4xU#g`TXPzY!s&kqzRZn7y& zPLe#IvUIv_V`#($QyGL!$pL|8d%$QK%bp6gfKR-Xe%8Pw*AL}T?1EM>rt-a(h_bbc8X_B&8*kSL0be|ITrH>^I^z5 zepjTV4Aa)>w`a*zQaUzB#!kJueg?!lMp#S&X8*!_pVM}AK7BTC=94^gZB zow!LBvH9<2jO&5bJkHP8GnpXaLzoT=%8jI`IbQ4o_KebADhWUXU9}PZ-yyLz65Tq& z0%D4$DXO$xgm3|ULKu3{E2S{&#swWKwkDK`9Kwbwk@qrg^0XZeQA}csr>fYoKzfaE zU>7uu(m#uR&h{cj)-s>9Bd;TcatQi3tc;SME-VGfCk*Fw8K2-F8E0gOY3A2#v7Y!Y zECSez$>chIIu=(6lm{tNY0xLWx*DRwe-&x~-_<8+QCfnpUxYRb$H*dMUuux=F|@Kd zB9Ab2jigqL+P}U9e{c%P$<|cBYNEa=3l7V4ZwI(@x-58mbB!EIiG^vf4<7}ltp1W+ z21b2ly0VA7VdB=hs7dw+B8njsSM6^NU5qp7iK{~WA>T4ymOy6x_hMhQCdP2yxE4WlM9Z{PPA^uIsAs~-*{x}_B8%p?v1KZHD+xq% z5IOaPs-ICS;UMyl)4Ue=9;8J*Cj867f{*(I4N{Kt<=6B4IXm4J$Z7 zHaApy?qBpPqpdT8)JBLUJniNtU;LXze+tFE_6e2w6G-F<6b}sZoAfpy80nQW4$5YY zz$czTz3l#G0B}Fkx%u?a{kR&%V5W%8d!$PG3D{8sMF1CpVRBP892SJibaF|2zh(}J6mIp7 zM-+1bRN;49EvM>fSzE9ue=odT(CI8+Mh3hAr(;uUj!DLvGIvO=9SV~0|L-FdGhOsT zcRg|?Bj^ao_u^&68K1xHz|@}Go$wN%Enlf&nf!xY$9fTraj*gAh26B*Y zSa}&T{o3`JEPIS`YQD~G$9pUJ6?=i|B&d!8Dbpqbqci*Uq|V!@hm;>U2x!+8UfN=~ z-*Rg7eY<60j4>p%Le8E8>h^1mHd}wnX&*WSb+6y!vpp|^*$H3_L~f~uIr+|z)BIbP z8+sCF^kC!zfsF|;*^<_t!wD*=umSU(q5Z^UN;uq3n2RioKo${3kLsZwbLV>=60DC4 zFk@O)(y>1OqF%~iJ)HNe>q(C5P9;osnAKYP=nwQO?KT_3)^9&PLNAX@i$e!;3YZEA z;{KgQG+61$PHrvU%!NmF^}3KtkG!vfoqq1TKE%9Tl-3kJ3MY6f@#1<{I?E(j-QmQSh znj+6*fc?aUJMj@FfBTsZX@7V$B1U#KkUS*;1?il6KB=pfx!5k5Dvhyv*}ZedR+z@V zsdnWR?;xE~ei0QKrXrSAgXU=lX%75FF*!w$JPoh;7h;jnOgWqlm>>kN@c4);@W+)z zYwGJ^b1s|3)?(f>df}bOiodx<7R@`MbcBs~(CVbr=Q=B#EEE-^KzkkCe9wnn8RP#V zSi55$k(L^4P@8AUy0<2GC!ISjM^!y@7X|8Ur|Ey!#$X&>mhNZxBwVExgpUQxvPf-O zm<&Xteo7=bljClWpcnIG$27ls6ZGb}u;CtTw4y>V&%aQMN-zEXC)9nr`vuxcrS}tR zDdKx0JPrFHs2TOQE=xF&+aym2OVC`Oyi`FUe(49e4V8@z(Bl{ueXrY(1puHWpFk8z zPA%gWr!VlnWa_ptDUJz&1Y((jtdy|zL_4zgqFfKLbo3%#i`L6THMJ}4KRtKRRRp>d z|F$Bl2C~Zi6z=hp;C2l6`wbi0QWO~nEv}$?N`G+lhWv}>XS&HQoz!p;ZyYr>_nK}w3@&ig4oF2^FX-7WBiuPp6DwRNlg zBC{54$2H#VYi9;|vyFMCfxJDn~kC)oQ| zGj4?LqwRJBmuunMt@IR9Ve_e`K(n1s`P#HzNuR`QzyTv9wyVHG)6>}4$2lp0Oarg! zc3%rn0B_jWzz@z1WgLtA_bo~3-cnaP{$QWcf-l$E^Yokjz`bX#ydhE%Y>lm)2`q3@MmZ8dzx%^t{Ky4 zoy3y>&IO8_gmmPA)utV5>L>^iG!x^Pnnfv_bPn9cF%J`nh=~A2fy3A$YP6sfTqX5( z@{JEoaj6V8DbURlo8vAD$G4>D$G>xQ-0ccJsZ&{mpw+}1Z8S)++)gjmj zC?j+g(%ziRLbA7*p%b~A5U#uiH=(ckup1VN7G)KT|=OwK1i{*axJ-TGyGtmGvi zVb~eZ3e1nat0|A3z+Lw>Ee_2~Z#zrV069>JL3g&B}tkx?|D1L8IV_>j{Ei(ZuUD0PiB8 z<`lEZ(46H#4c%3L&co(;gqeO&(2>P};TPl6Wit+b=mplySHZ`G}ah!for z*ir!BA`ACu5ViYDF&3n!C#+9yLOq-Fg=U-imc#TP@J}BF6n%Ywo}O4sICaPp#7?Of zwP4s1ukb04*M8ljQ6aC0j+%CqxJ%Gye`G6R3Mb5HtP;Du>gV6^lOM2N*uc^^o^IWa zFhl@ZLY!E<1)xa01udJ#CPS#OaJk6s9I=(iRH*44|9n$wvg0pe@W7;1uabWPJoF|> zAnKXTF2u|s*k3~iJ`(A;9WSDDF^SJH0KwzRKN1Uk(oSi0C{}Xhj9t}h1S`V4_E|AZ z^~ask!ULh!406g+>XV1|lh+QCTQRYlo9Z`+VwCFF%4OZd!%_R__@UBp&X68-lRVO{ z#z^O8&_>v>^s#~CY1?ZwpAaIOf|4B-wO`3bGn_(!C?=)URjx-O1i1xl1@zX`)?33 z(rJp}511{Ve>^a;?8t~GSHCqR{(w56wS6}cmXQ@Q8-%*VHXMv3F}-i5ucrrusv=Qb zp-o~3#qT*zty-F1%&r{wk|2E-SSA3A(I%s960AV66uI-%Y(c!8l~pDD|qWs^Vh-mLLh`48*mvL6D}GDEoS{Vx(tnb_1hi z7dBhPS->qFQ-pdcW45PNVR4}8FqS2p67ufhSTPb3=cUM=`+t&`qNH#E(4#~xveR|f z>oGkq#Vt}*p1zMsD4fWmK_)DlIPzG@A%(BKaRnbzg}B3Fx7CJsXOg8=g6<0bLSXlF zvBmsm(i1cCM|ueBuHfItUPEIQcMR+fGvU|>Ab#X@I(l(qgKjJ}*ol;O_qx9eG2g?= z-llP9wD8#%weBmB3))1O0pk<>R9zE!0QKF&pquNIVJ^#yy1Pac1<@_sRX^rvYdbHc zCwM(_>A`6OhLQLloeU4=&ufMU(igN^@L!yf~t^#Rt z#p`Ho&k%7hM|sf;u?y%*iUFYmV7U}4#vP2O({;SpwD_M+=maJlLF;}ch6w?jmnW{f z5G}$E`4q!*g~zA&%7M{y+!wIMwVsXFc;IY(qgddJS+{etHp4tumWLy!muL)UY#qz> zMC_-TYhrNS{3uePm#pz$cNv3}#f_E*e)?MpgB%9^Wd$JX+wH&;F_Jd$N}NFi3`xMQ zFcAB*_#9b58=8L}@F)e31Nq!&WqSw9;@)&fYpC-b*p*ipY~MT9iS9-0xfE!OB$~_6 zQTNPTuSj@-nw}Z<-+SMT1XHLp zAbvUIseIO37|yq*hdbrPF$K(Umj{`-oW}(Zih^4X1Vw-Xy}>2jUM4j^0q1Q7@zUY6Dy>q|0bCH3!{vLq++YPSl5<@sS zYF!I|hYm=2M#F6fnR^VGf^RL5j_|2Z!ryv>dg@`FBct^`F!7U4EVSi!x-rVYu#(pE zlF`;Z)^dpmB0L9w9oQsBJ_b|DpT(Jn_Byh`=xUd*2y1lEzA6K#oeco*+4MSyZ~qS5 z$CPra7mSehhP460Xe0%4Uq=S+z9C?xoqeT*$h5iB@N6!vuE%ja=!ntX7b1~*9nM{5 zH~j2rsX7#&RjaV!cthuA9hhe`7(H^V2U7pY`YA&){Ffof=OD>$y68>XY2@hCCCntt zp^Q*;^BnGH4N35Unu`~z%h+PGXhRs7gViyH(4$>!`DK^V=-lx z2vPYM-XZ4W`oiQeq?c+`RUgEU8~m!NHt$`$TQ6i5&aX#66DakZ2A6cBnSF$x7m|pk z)61hRA%sy1cHv+Eu=a+F1(a(Dq2Mk8w?x^@eY)zq2TBa zSQ{hoS8bRZUd0Ey*M8fiC~qy4R9I?wyYs9b-vzb?WkZ?OAS;}P#O9R)D-3x^_Y#jS z>QO{IQ}>G;2*fcgdcvA5>IoOB|0H6qeglHhxfvF0O9yB3hADG6CK9S>GbKNKnfbda&#UmsAkB61hxO)eR1y+8y;Dxn}I^hHw<3?t2;KdcIb^>cRP$qGOw( zsKSe5;nZ#Y@R1rsZkU+I6T!kH-FoHoUp}G;v!00(HtWN%a23X77|;o`HTJR&m!h++ zE%YTOtKI02??eJSPYbtUFr%GFQkDkD2}uv$o5PmEK840@XD#6vWAe`P@HNU$E)Ggm zIW-u0rlvo7lbFDFkRB_CN3H868N@~}z8Z|P5;H_>{Xrmg(pT6Dc#+8tG{!HY?_oY3 z9Nw)}W4zv+9fQ3iN>eG2O!5fq)GXWe?B@?{aA8@3ZkmniSP_{<_m(Dghm;fmRJ%fn z(ixvS$WG~J`Gk$a7L_>dekCMOC mx7@$qHT@t4^8o6*!Gn Date: Wed, 7 Dec 2022 15:47:03 -0800 Subject: [PATCH 05/12] feat: AwsCredentials should not call metadata server if security creds and region are retrievable through the environment variables (#1195) * feat: AwsCredentials should not call metadata server if security creds and region are retrievable through the environment variables * add verification of metadata token request not called * Adding new coverage of test and address comments * add previous missing period Co-authored-by: Leo <39062083+lsirac@users.noreply.github.com> --- google/auth/aws.py | 27 +++++- tests/test_aws.py | 208 ++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 232 insertions(+), 3 deletions(-) diff --git a/google/auth/aws.py b/google/auth/aws.py index d3038b281..f651433f0 100644 --- a/google/auth/aws.py +++ b/google/auth/aws.py @@ -466,8 +466,12 @@ def retrieve_subject_token(self, request): Returns: str: The retrieved subject token. """ - # Fetch the session token required to make meta data endpoint calls to aws - if request is not None and self._imdsv2_session_token_url is not None: + # Fetch the session token required to make meta data endpoint calls to aws. + if ( + request is not None + and self._imdsv2_session_token_url is not None + and self._should_use_metadata_server() + ): headers = {"X-aws-ec2-metadata-token-ttl-seconds": "300"} imdsv2_session_token_response = request( @@ -738,6 +742,25 @@ def _get_metadata_role_name(self, request, imdsv2_session_token): return response_body + def _should_use_metadata_server(self): + # The AWS region can be provided through AWS_REGION or AWS_DEFAULT_REGION. + # The metadata server should be used if it cannot be retrieved from one of + # these environment variables. + if not os.environ.get(environment_vars.AWS_REGION) and not os.environ.get( + environment_vars.AWS_DEFAULT_REGION + ): + return True + + # AWS security credentials can be retrieved from the AWS_ACCESS_KEY_ID + # and AWS_SECRET_ACCESS_KEY environment variables. The metadata server + # should be used if either of these are not available. + if not os.environ.get(environment_vars.AWS_ACCESS_KEY_ID) or not os.environ.get( + environment_vars.AWS_SECRET_ACCESS_KEY + ): + return True + + return False + @classmethod def from_info(cls, info, **kwargs): """Creates an AWS Credentials instance from parsed external account info. diff --git a/tests/test_aws.py b/tests/test_aws.py index d059487f4..400412660 100644 --- a/tests/test_aws.py +++ b/tests/test_aws.py @@ -14,6 +14,7 @@ import datetime import json +import os import mock import pytest # type: ignore @@ -1224,6 +1225,7 @@ def test_retrieve_subject_token_success_temp_creds_no_environment_vars( ) @mock.patch("google.auth._helpers.utcnow") + @mock.patch.dict(os.environ, {}) def test_retrieve_subject_token_success_temp_creds_no_environment_vars_idmsv2( self, utcnow ): @@ -1300,7 +1302,7 @@ def test_retrieve_subject_token_success_temp_creds_no_environment_vars_idmsv2( # Only 3 requests should be sent as the region is cached. assert len(new_request.call_args_list) == 3 - # Assert session token request + # Assert session token request. self.assert_aws_metadata_request_kwargs( request.call_args_list[0][1], IMDSV2_SESSION_TOKEN_URL, @@ -1323,6 +1325,210 @@ def test_retrieve_subject_token_success_temp_creds_no_environment_vars_idmsv2( }, ) + @mock.patch("google.auth._helpers.utcnow") + @mock.patch.dict( + os.environ, + { + environment_vars.AWS_REGION: AWS_REGION, + environment_vars.AWS_ACCESS_KEY_ID: ACCESS_KEY_ID, + }, + ) + def test_retrieve_subject_token_success_temp_creds_environment_vars_missing_secret_access_key_idmsv2( + self, utcnow + ): + utcnow.return_value = datetime.datetime.strptime( + self.AWS_SIGNATURE_TIME, "%Y-%m-%dT%H:%M:%SZ" + ) + request = self.make_mock_request( + role_status=http_client.OK, + role_name=self.AWS_ROLE, + security_credentials_status=http_client.OK, + security_credentials_data=self.AWS_SECURITY_CREDENTIALS_RESPONSE, + imdsv2_session_token_status=http_client.OK, + imdsv2_session_token_data=self.AWS_IMDSV2_SESSION_TOKEN, + ) + credential_source_token_url = self.CREDENTIAL_SOURCE.copy() + credential_source_token_url[ + "imdsv2_session_token_url" + ] = IMDSV2_SESSION_TOKEN_URL + credentials = self.make_credentials( + credential_source=credential_source_token_url + ) + + subject_token = credentials.retrieve_subject_token(request) + assert subject_token == self.make_serialized_aws_signed_request( + { + "access_key_id": ACCESS_KEY_ID, + "secret_access_key": SECRET_ACCESS_KEY, + "security_token": TOKEN, + } + ) + # Assert session token request. + self.assert_aws_metadata_request_kwargs( + request.call_args_list[0][1], + IMDSV2_SESSION_TOKEN_URL, + {"X-aws-ec2-metadata-token-ttl-seconds": "300"}, + "PUT", + ) + # Assert role request. + self.assert_aws_metadata_request_kwargs( + request.call_args_list[1][1], + SECURITY_CREDS_URL, + {"X-aws-ec2-metadata-token": self.AWS_IMDSV2_SESSION_TOKEN}, + ) + # Assert security credentials request. + self.assert_aws_metadata_request_kwargs( + request.call_args_list[2][1], + "{}/{}".format(SECURITY_CREDS_URL, self.AWS_ROLE), + { + "Content-Type": "application/json", + "X-aws-ec2-metadata-token": self.AWS_IMDSV2_SESSION_TOKEN, + }, + ) + + @mock.patch("google.auth._helpers.utcnow") + @mock.patch.dict( + os.environ, + { + environment_vars.AWS_REGION: AWS_REGION, + environment_vars.AWS_SECRET_ACCESS_KEY: SECRET_ACCESS_KEY, + }, + ) + def test_retrieve_subject_token_success_temp_creds_environment_vars_missing_access_key_id_idmsv2( + self, utcnow + ): + utcnow.return_value = datetime.datetime.strptime( + self.AWS_SIGNATURE_TIME, "%Y-%m-%dT%H:%M:%SZ" + ) + request = self.make_mock_request( + role_status=http_client.OK, + role_name=self.AWS_ROLE, + security_credentials_status=http_client.OK, + security_credentials_data=self.AWS_SECURITY_CREDENTIALS_RESPONSE, + imdsv2_session_token_status=http_client.OK, + imdsv2_session_token_data=self.AWS_IMDSV2_SESSION_TOKEN, + ) + credential_source_token_url = self.CREDENTIAL_SOURCE.copy() + credential_source_token_url[ + "imdsv2_session_token_url" + ] = IMDSV2_SESSION_TOKEN_URL + credentials = self.make_credentials( + credential_source=credential_source_token_url + ) + + subject_token = credentials.retrieve_subject_token(request) + assert subject_token == self.make_serialized_aws_signed_request( + { + "access_key_id": ACCESS_KEY_ID, + "secret_access_key": SECRET_ACCESS_KEY, + "security_token": TOKEN, + } + ) + # Assert session token request. + self.assert_aws_metadata_request_kwargs( + request.call_args_list[0][1], + IMDSV2_SESSION_TOKEN_URL, + {"X-aws-ec2-metadata-token-ttl-seconds": "300"}, + "PUT", + ) + # Assert role request. + self.assert_aws_metadata_request_kwargs( + request.call_args_list[1][1], + SECURITY_CREDS_URL, + {"X-aws-ec2-metadata-token": self.AWS_IMDSV2_SESSION_TOKEN}, + ) + # Assert security credentials request. + self.assert_aws_metadata_request_kwargs( + request.call_args_list[2][1], + "{}/{}".format(SECURITY_CREDS_URL, self.AWS_ROLE), + { + "Content-Type": "application/json", + "X-aws-ec2-metadata-token": self.AWS_IMDSV2_SESSION_TOKEN, + }, + ) + + @mock.patch("google.auth._helpers.utcnow") + @mock.patch.dict(os.environ, {environment_vars.AWS_REGION: AWS_REGION}) + def test_retrieve_subject_token_success_temp_creds_environment_vars_missing_creds_idmsv2( + self, utcnow + ): + utcnow.return_value = datetime.datetime.strptime( + self.AWS_SIGNATURE_TIME, "%Y-%m-%dT%H:%M:%SZ" + ) + request = self.make_mock_request( + role_status=http_client.OK, + role_name=self.AWS_ROLE, + security_credentials_status=http_client.OK, + security_credentials_data=self.AWS_SECURITY_CREDENTIALS_RESPONSE, + imdsv2_session_token_status=http_client.OK, + imdsv2_session_token_data=self.AWS_IMDSV2_SESSION_TOKEN, + ) + credential_source_token_url = self.CREDENTIAL_SOURCE.copy() + credential_source_token_url[ + "imdsv2_session_token_url" + ] = IMDSV2_SESSION_TOKEN_URL + credentials = self.make_credentials( + credential_source=credential_source_token_url + ) + + subject_token = credentials.retrieve_subject_token(request) + assert subject_token == self.make_serialized_aws_signed_request( + { + "access_key_id": ACCESS_KEY_ID, + "secret_access_key": SECRET_ACCESS_KEY, + "security_token": TOKEN, + } + ) + # Assert session token request. + self.assert_aws_metadata_request_kwargs( + request.call_args_list[0][1], + IMDSV2_SESSION_TOKEN_URL, + {"X-aws-ec2-metadata-token-ttl-seconds": "300"}, + "PUT", + ) + # Assert role request. + self.assert_aws_metadata_request_kwargs( + request.call_args_list[1][1], + SECURITY_CREDS_URL, + {"X-aws-ec2-metadata-token": self.AWS_IMDSV2_SESSION_TOKEN}, + ) + # Assert security credentials request. + self.assert_aws_metadata_request_kwargs( + request.call_args_list[2][1], + "{}/{}".format(SECURITY_CREDS_URL, self.AWS_ROLE), + { + "Content-Type": "application/json", + "X-aws-ec2-metadata-token": self.AWS_IMDSV2_SESSION_TOKEN, + }, + ) + + @mock.patch("google.auth._helpers.utcnow") + @mock.patch.dict( + os.environ, + { + environment_vars.AWS_REGION: AWS_REGION, + environment_vars.AWS_ACCESS_KEY_ID: ACCESS_KEY_ID, + environment_vars.AWS_SECRET_ACCESS_KEY: SECRET_ACCESS_KEY, + }, + ) + def test_retrieve_subject_token_success_temp_creds_idmsv2(self, utcnow): + utcnow.return_value = datetime.datetime.strptime( + self.AWS_SIGNATURE_TIME, "%Y-%m-%dT%H:%M:%SZ" + ) + request = self.make_mock_request( + role_status=http_client.OK, role_name=self.AWS_ROLE + ) + credential_source_token_url = self.CREDENTIAL_SOURCE.copy() + credential_source_token_url[ + "imdsv2_session_token_url" + ] = IMDSV2_SESSION_TOKEN_URL + credentials = self.make_credentials( + credential_source=credential_source_token_url + ) + + credentials.retrieve_subject_token(request) + assert not request.called + def test_validate_metadata_server_url_if_any(self): aws.Credentials.validate_metadata_server_url_if_any( "http://[fd00:ec2::254]/latest/meta-data/placement/availability-zone", "url" From 6c1297c4d69ba40a8b9392775c17411253fcd73b Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Wed, 14 Dec 2022 10:10:16 -0500 Subject: [PATCH 06/12] build(deps): bump certifi from 2022.9.24 to 2022.12.7 in /synthtool/gcp/templates/python_library/.kokoro (#1200) Source-Link: https://github.com/googleapis/synthtool/commit/b4fe62efb5114b6738ad4b13d6f654f2bf4b7cc0 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:3bf87e47c2173d7eed42714589dc4da2c07c3268610f1e47f8e1a30decbfc7f1 Co-authored-by: Owl Bot --- .github/.OwlBot.lock.yaml | 2 +- .kokoro/docker/docs/Dockerfile | 12 +++--- .kokoro/requirements.in | 4 +- .kokoro/requirements.txt | 67 ++++++++++++++++++---------------- 4 files changed, 45 insertions(+), 40 deletions(-) diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml index 12edee776..fccaa8e84 100644 --- a/.github/.OwlBot.lock.yaml +++ b/.github/.OwlBot.lock.yaml @@ -13,4 +13,4 @@ # limitations under the License. docker: image: gcr.io/cloud-devrel-public-resources/owlbot-python:latest - digest: sha256:452901c74a22f9b9a3bd02bce780b8e8805c97270d424684bff809ce5be8c2a2 + digest: sha256:3bf87e47c2173d7eed42714589dc4da2c07c3268610f1e47f8e1a30decbfc7f1 diff --git a/.kokoro/docker/docs/Dockerfile b/.kokoro/docker/docs/Dockerfile index 238b87b9d..f8137d0ae 100644 --- a/.kokoro/docker/docs/Dockerfile +++ b/.kokoro/docker/docs/Dockerfile @@ -60,16 +60,16 @@ RUN apt-get update \ && rm -rf /var/lib/apt/lists/* \ && rm -f /var/cache/apt/archives/*.deb -###################### Install python 3.8.11 +###################### Install python 3.9.13 -# Download python 3.8.11 -RUN wget https://www.python.org/ftp/python/3.8.11/Python-3.8.11.tgz +# Download python 3.9.13 +RUN wget https://www.python.org/ftp/python/3.9.13/Python-3.9.13.tgz # Extract files -RUN tar -xvf Python-3.8.11.tgz +RUN tar -xvf Python-3.9.13.tgz -# Install python 3.8.11 -RUN ./Python-3.8.11/configure --enable-optimizations +# Install python 3.9.13 +RUN ./Python-3.9.13/configure --enable-optimizations RUN make altinstall ###################### Install pip diff --git a/.kokoro/requirements.in b/.kokoro/requirements.in index 7718391a3..cbd7e77f4 100644 --- a/.kokoro/requirements.in +++ b/.kokoro/requirements.in @@ -5,4 +5,6 @@ typing-extensions twine wheel setuptools -nox \ No newline at end of file +nox +charset-normalizer<3 +click<8.1.0 diff --git a/.kokoro/requirements.txt b/.kokoro/requirements.txt index 31425f164..05dc4672e 100644 --- a/.kokoro/requirements.txt +++ b/.kokoro/requirements.txt @@ -20,9 +20,9 @@ cachetools==5.2.0 \ --hash=sha256:6a94c6402995a99c3970cc7e4884bb60b4a8639938157eeed436098bf9831757 \ --hash=sha256:f9f17d2aec496a9aa6b76f53e3b614c965223c061982d434d160f930c698a9db # via google-auth -certifi==2022.9.24 \ - --hash=sha256:0d9c601124e5a6ba9712dbc60d9c53c21e34f5f641fe83002317394311bdce14 \ - --hash=sha256:90c1a32f1d68f940488354e36370f6cca89f0f106db09518524c88d6ed83f382 +certifi==2022.12.7 \ + --hash=sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3 \ + --hash=sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18 # via requests cffi==1.15.1 \ --hash=sha256:00a9ed42e88df81ffae7a8ab6d9356b371399b91dbdf0c3cb1e84c03a13aceb5 \ @@ -93,11 +93,14 @@ cffi==1.15.1 \ charset-normalizer==2.1.1 \ --hash=sha256:5a3d016c7c547f69d6f81fb0db9449ce888b418b5b9952cc5e6e66843e9dd845 \ --hash=sha256:83e9a75d1911279afd89352c68b45348559d1fc0506b054b346651b5e7fee29f - # via requests + # via + # -r requirements.in + # requests click==8.0.4 \ --hash=sha256:6a7a62563bbfabfda3a38f3023a1db4a35978c0abd76f6c9605ecd6554d6d9b1 \ --hash=sha256:8458d7b1287c5fb128c90e23381cf99dcde74beaf6c7ff6384ce84d6fe090adb # via + # -r requirements.in # gcp-docuploader # gcp-releasetool colorlog==6.7.0 \ @@ -156,9 +159,9 @@ gcp-docuploader==0.6.4 \ --hash=sha256:01486419e24633af78fd0167db74a2763974765ee8078ca6eb6964d0ebd388af \ --hash=sha256:70861190c123d907b3b067da896265ead2eeb9263969d6955c9e0bb091b5ccbf # via -r requirements.in -gcp-releasetool==1.9.1 \ - --hash=sha256:952f4055d5d986b070ae2a71c4410b250000f9cc5a1e26398fcd55a5bbc5a15f \ - --hash=sha256:d0d3c814a97c1a237517e837d8cfa668ced8df4b882452578ecef4a4e79c583b +gcp-releasetool==1.10.0 \ + --hash=sha256:72a38ca91b59c24f7e699e9227c90cbe4dd71b789383cb0164b088abae294c83 \ + --hash=sha256:8c7c99320208383d4bb2b808c6880eb7a81424afe7cdba3c8d84b25f4f0e097d # via -r requirements.in google-api-core==2.10.2 \ --hash=sha256:10c06f7739fe57781f87523375e8e1a3a4674bf6392cd6131a3222182b971320 \ @@ -166,9 +169,9 @@ google-api-core==2.10.2 \ # via # google-cloud-core # google-cloud-storage -google-auth==2.14.0 \ - --hash=sha256:1ad5b0e6eba5f69645971abb3d2c197537d5914070a8c6d30299dfdb07c5c700 \ - --hash=sha256:cf24817855d874ede2efd071aa22125445f555de1685b739a9782fcf408c2a3d +google-auth==2.14.1 \ + --hash=sha256:ccaa901f31ad5cbb562615eb8b664b3dd0bf5404a67618e642307f00613eda4d \ + --hash=sha256:f5d8701633bebc12e0deea4df8abd8aff31c28b355360597f7f2ee60f2e4d016 # via # gcp-releasetool # google-api-core @@ -178,9 +181,9 @@ google-cloud-core==2.3.2 \ --hash=sha256:8417acf6466be2fa85123441696c4badda48db314c607cf1e5d543fa8bdc22fe \ --hash=sha256:b9529ee7047fd8d4bf4a2182de619154240df17fbe60ead399078c1ae152af9a # via google-cloud-storage -google-cloud-storage==2.5.0 \ - --hash=sha256:19a26c66c317ce542cea0830b7e787e8dac2588b6bfa4d3fd3b871ba16305ab0 \ - --hash=sha256:382f34b91de2212e3c2e7b40ec079d27ee2e3dbbae99b75b1bcd8c63063ce235 +google-cloud-storage==2.6.0 \ + --hash=sha256:104ca28ae61243b637f2f01455cc8a05e8f15a2a18ced96cb587241cdd3820f5 \ + --hash=sha256:4ad0415ff61abdd8bb2ae81c1f8f7ec7d91a1011613f2db87c614c550f97bfe9 # via gcp-docuploader google-crc32c==1.5.0 \ --hash=sha256:024894d9d3cfbc5943f8f230e23950cd4906b2fe004c72e29b209420a1e6b05a \ @@ -256,9 +259,9 @@ google-resumable-media==2.4.0 \ --hash=sha256:2aa004c16d295c8f6c33b2b4788ba59d366677c0a25ae7382436cb30f776deaa \ --hash=sha256:8d5518502f92b9ecc84ac46779bd4f09694ecb3ba38a3e7ca737a86d15cbca1f # via google-cloud-storage -googleapis-common-protos==1.56.4 \ - --hash=sha256:8eb2cbc91b69feaf23e32452a7ae60e791e09967d81d4fcc7fc388182d1bd394 \ - --hash=sha256:c25873c47279387cfdcbdafa36149887901d36202cb645a0e4f29686bf6e4417 +googleapis-common-protos==1.57.0 \ + --hash=sha256:27a849d6205838fb6cc3c1c21cb9800707a661bb21c6ce7fb13e99eb1f8a0c46 \ + --hash=sha256:a9f4a1d7f6d9809657b7f1316a1aa527f6664891531bcfcc13b6696e685f443c # via google-api-core idna==3.4 \ --hash=sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4 \ @@ -269,6 +272,7 @@ importlib-metadata==5.0.0 \ --hash=sha256:ddb0e35065e8938f867ed4928d0ae5bf2a53b7773871bfe6bcc7e4fcdc7dea43 # via # -r requirements.in + # keyring # twine jaraco-classes==3.2.3 \ --hash=sha256:2353de3288bc6b82120752201c6b1c1a14b058267fa424ed5ce5984e3b922158 \ @@ -284,9 +288,9 @@ jinja2==3.1.2 \ --hash=sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852 \ --hash=sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61 # via gcp-releasetool -keyring==23.9.3 \ - --hash=sha256:69732a15cb1433bdfbc3b980a8a36a04878a6cfd7cb99f497b573f31618001c0 \ - --hash=sha256:69b01dd83c42f590250fe7a1f503fc229b14de83857314b1933a3ddbf595c4a5 +keyring==23.11.0 \ + --hash=sha256:3dd30011d555f1345dec2c262f0153f2f0ca6bca041fb1dc4588349bb4c0ac1e \ + --hash=sha256:ad192263e2cdd5f12875dedc2da13534359a7e760e77f8d04b50968a821c2361 # via # gcp-releasetool # twine @@ -350,9 +354,9 @@ pkginfo==1.8.3 \ --hash=sha256:848865108ec99d4901b2f7e84058b6e7660aae8ae10164e015a6dcf5b242a594 \ --hash=sha256:a84da4318dd86f870a9447a8c98340aa06216bfc6f2b7bdc4b8766984ae1867c # via twine -platformdirs==2.5.2 \ - --hash=sha256:027d8e83a2d7de06bbac4e5ef7e023c02b863d7ea5d079477e722bb41ab25788 \ - --hash=sha256:58c8abb07dcb441e6ee4b11d8df0ac856038f944ab98b7be6b27b2a3c7feef19 +platformdirs==2.5.4 \ + --hash=sha256:1006647646d80f16130f052404c6b901e80ee4ed6bef6792e1f238a8969106f7 \ + --hash=sha256:af0276409f9a02373d540bf8480021a048711d572745aef4b7842dad245eba10 # via virtualenv protobuf==3.20.3 \ --hash=sha256:03038ac1cfbc41aa21f6afcbcd357281d7521b4157926f30ebecc8d4ea59dcb7 \ @@ -381,7 +385,6 @@ protobuf==3.20.3 \ # gcp-docuploader # gcp-releasetool # google-api-core - # googleapis-common-protos py==1.11.0 \ --hash=sha256:51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719 \ --hash=sha256:607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378 @@ -476,17 +479,17 @@ urllib3==1.26.12 \ # via # requests # twine -virtualenv==20.16.6 \ - --hash=sha256:186ca84254abcbde98180fd17092f9628c5fe742273c02724972a1d8a2035108 \ - --hash=sha256:530b850b523c6449406dfba859d6345e48ef19b8439606c5d74d7d3c9e14d76e +virtualenv==20.16.7 \ + --hash=sha256:8691e3ff9387f743e00f6bb20f70121f5e4f596cae754531f2b3b3a1b1ac696e \ + --hash=sha256:efd66b00386fdb7dbe4822d172303f40cd05e50e01740b19ea42425cbe653e29 # via nox webencodings==0.5.1 \ --hash=sha256:a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 \ --hash=sha256:b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923 # via bleach -wheel==0.37.1 \ - --hash=sha256:4bdcd7d840138086126cd09254dc6195fb4fc6f01c050a1d7236f2630db1d22a \ - --hash=sha256:e9a504e793efbca1b8e0e9cb979a249cf4a0a7b5b8c9e8b65a5e39d49529c1c4 +wheel==0.38.4 \ + --hash=sha256:965f5259b566725405b05e7cf774052044b1ed30119b5d586b2703aafe8719ac \ + --hash=sha256:b60533f3f5d530e971d6737ca6d58681ee434818fab630c83a734bb10c083ce8 # via -r requirements.in zipp==3.10.0 \ --hash=sha256:4fcb6f278987a6605757302a6e40e896257570d11c51628968ccb2a47e80c6c1 \ @@ -494,7 +497,7 @@ zipp==3.10.0 \ # via importlib-metadata # The following packages are considered to be unsafe in a requirements file: -setuptools==65.5.0 \ - --hash=sha256:512e5536220e38146176efb833d4a62aa726b7bbff82cfbc8ba9eaa3996e0b17 \ - --hash=sha256:f62ea9da9ed6289bfe868cd6845968a2c854d1427f8548d52cae02a42b4f0356 +setuptools==65.5.1 \ + --hash=sha256:d0b9a8433464d5800cbe05094acf5c6d52a91bfac9b52bcfc4d41382be5d5d31 \ + --hash=sha256:e197a19aa8ec9722928f2206f8de752def0e4c9fc6953527360d1c36d94ddb2f # via -r requirements.in From 243f0ab1451a68ef0fcfe4d6082f8ad8ae80ec31 Mon Sep 17 00:00:00 2001 From: Jin Date: Thu, 5 Jan 2023 18:11:33 -0800 Subject: [PATCH 07/12] chore: update token (#1209) * chore: update token * pin the cryptography library version * pin the cryptography library version * using less operator to try --- system_tests/secrets.tar.enc | Bin 10324 -> 10324 bytes testing/requirements.txt | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/system_tests/secrets.tar.enc b/system_tests/secrets.tar.enc index a78477bccb99625e34bab3b31711a27964dad1ab..83e30b78074dbe0c53fd03dd4fec3493316554f0 100644 GIT binary patch literal 10324 zcmV-aD67{BB>?tKRTD7aJ|)Qz1Lv!zkJ$&|D1I?Tv$P2h?vZbF`j|LL0X!0_Pyl~- z0+zYKpHft#Dc&DJud^P1G*R%U{d@DF1r_}sEjtQere*N}Q%{VU2bUm`8F(>c8P$;y zE&PCs4@I=JS>e*SeYCxfaATQ?6w9Qy)Dc}gX?+#=Dl+`v9msNH(f@%F&5x;ro@7zLgA~3JCF^;&W(TCTXgZHR zt&Bg^-e2{u{lNoq1tmcA%dgK?y2d`^i(AXUqEx0g5lU+PH#`S?WRSN02cR~fguX}h`4o&BPSF%!rp-eVpsW_-b*PD!nb(=AFDSU3*Z(d@taV6eb&c z=}wc3_a1Y%@%wB{ZtrFhWlF?PFGy2&Q5fj()pXn_$dEP)&a=(ehbn6r3gqYOK3Oy5 zCM(H;aCWp2eHPhggFwm@pccF#lgJn=R3S>eH>|4uyYDD$FH!LTwP8@x=M#>qHs^U& z>o_a!s6~eMA76s zpMR|lN0Q%4((N$O$}3hW?Sg-Y-*tTtD3w3&w0NfqA+sdZd?-uTou8kk}h7h&?5{B;11L8;HoS_N^W;(>Hu%(v z2T@MHcK*`JTF^5LPLG><-CIqdnL51RjP!7$e|dT;PT79$;Bw)tNG6D#TfE5mmmIhD zmA-ZUz_^Z7y#txE`d`c!zFzDC5X-Msq@ezs+*eW#Fu?T%qT`*=v|y$TmQKzYx{9_n z8#+JC``1&`Sf{rXa(ShQeo}H_J)+pui$~?i@Sa!|Ovx&JmDR_pxyDLUw7mvlIs7z4 zbBfc1(O}%rZbdDZ4L%PtB4phgLnyW)#O3nE(p8R_{q|B6cszEc3tz;Izbx{sc#5W~ zVLk=iMB;u3n4*!?xskAxvaOa2(numhNM-OQ|-!&k+B>87lkSGe2)?@qx%ESv*rndDG;Yy{B zfwYoGAfo9cCjvGR)_iPKCZ6wMWwOQBybG@g)b>5daIQ-zy*vx2`L8xb^Fzf}R7x4~RBBFb^yju9y;2xPE6Qg~ zx<9kA(XNZxPviiLcL^-p(hmW;5UP{btnzzS^5CgP85%RO{QPCwaO(WN-x_?;8N$Pl zULKE1GRoQMC#D{Wh(#hVdvbA5;wI2h1|eckurzBB?dw_8)f2kPbb-Fy4|El?5&vOyL$!j2RuAZ{j zcpS##t{W+vAkYu@M`cHZnrf__v2)b#F>;2#1Sc`%a>9jg<7mEni^Dz%M$Sc9AkrYs z9lw<^Gk$4BLD!kMCX_11taKJnUhk0y=&x2!amch0$ZlsCe+EBZ) z(54N^{*X!Xc@34u=Y@VbQS)7IQ08s>ENUdYYCg|rR*l^y&#}d}rVeIY5LxCg6TL%B z9I(G~V$mDc9r*PiZAs#!fyo&55ok25`H0A@)=%z9@cv<)A~fVI~XG;&H= zppAy4xeB2Gd)jbPqrgs9*edTj&_yXK{#VdG2vkeqmqQ7}s8Qxo#wlV)w%bb-hOHv~ zQ2jmf(N&s7d>$;hb`iQ=au8;*f?CEZWJlayjGlw@Ncb_d%%FkQn%j~BvrtRWj&%}~ zVsu7s^w18ROph7HQ$sAl;2#OeZ_4+yAp=%--O69PNzm;@&MwbWTm9#i_Q3gpmIr0V>**OGc41l7G`Lv6%X6m!Sno0_($)!Z-SGMjOn+@%8R zdM=dc>Mkcy%LFgCdzT4W*a$iHFJTp|wWiGU2#D+y_l8|W|KxHNx)6Hx?3<86Z;bfo z!r1cRX2&!~4TukY0xv@HU@O$~>5|jrZI0r2d%HCgjj72@j(@C0l((48G)s$!d zfbmPPMXEaAo9?AZ!1$yk2o~l_%d6vs8cy#zEFCXZ*Nt{Pjs=No5 zFv-ISk6-Ln+o@OL-1+zgZim6LpzN@S!5GS1o&o;0Ej{a}gF<>3D9g($+JA=949oNG zS5ft$2?Hb#*>6W@AU^|S_U@r-K?Y})Cm+S8 z78S4v6Y~*1`IbO`Wq4co%r&ASdyrBDuaG)IGNfdBN;cQOYYhixp?-QidmglMbs-%^ zI}8~ACED074;yLK0mOV;0Dt~3ejl+mrWg>dY0_eVWJ(x>NSG+hO4 zrO_vv`{)66|5HXQD5;x|R{=m2v+l-o(d4>a_gNpi`r_0?u&B0ea3C!t%bGi($P(kG z6WShE{TReAby~@X)0wWDeL&c|bJJjO{c3E=r{_ZZ4SXxK8n>~y-3!cQw9UKYxJ&dp z1HiO&A@erW4Xi`Es|TEDKa4M#a=xy?K(>CSq{^;fKU`!PG7o4=|H{zY+Eh!NMCB`% zD>d7=03Sm^q=M?Vl@Uj5b1oX-T|{Z)su%!Hx5SYQ?+qg*5ms*lZF);y?R4DSs9LDhrJU!F>k++n6~5rQy_WG*B*c zfvsqZ`rikSqY_D`hGPtNk+Nzgq`nU5gf%BLulEqC=WQA^tIt05`k_0Up2Fd?kg3oa z;0*pOub1qV=8ebN^K(F)J@7sec@ek_ZqVQIdYIK9z;-|_RcIq-NfkR)`mU9i8t)Wmv-y2W ztNdY2UY{pIMkp$|D3goL;@AaWPt>38puH^&n_5=*a$kYi#a#|sa_3je(GQI2=n+t4 z8dhmh29>js_f@Hum_Emh!I(ZwlU?w2uBu*HXFJaSKzaTxwi$$ul=&Gmzfuzp0m*>9 zCMnRvtNCUjv&4-*cZtV#Ng$9!=Ey&~^B=HQ>1g!1WDZS6Q7><=_5}ip{n-4Zo%kS1 zn*2E#rdRZg1l(kfb=+`scy4+pe#+YGh2fMxa$)RoOI)8|9O7F!sgfJkzS!wF z(kNlX`)u8IQixM^yD{I)V4mr}V^$eIi(ZFyyf+0i$vuAPu5`zPVd30c0q6HBo8LoN z>4uD&W$HYCBdKCx3=sAmHu0Lc&(r6kznE$9sOtlDF3TM+4PJHgDr#Alt`~7vLhAV} zAQ9V}eXy($gc@S3X@Nn5MXDlkr1N)p&{wmg<1CMA-n5V?T0E%OeOlCcyoHrpS2|d? zTme*RrGs&}#%4+6fZ?7!h7HwaXymZQD`7N}^HUEv{eYwd8yzEz^;woDb6)(d5wgI@ zRd6e2kb?#(sVJhMzz#zv6vK`SUkNKx zOXxUSy;b3@bz>?+as?QTwKyJc$1DzU(O!vNspP`Qr-inl5!DNIjvb*bIv+t^G|1Vu z2FF|$$yg2!3}SvhY1p@4l^L8HG1XGYOEj;r0Dq4;5M=nAB2>~`0En&Z+R)Fv3Sq=T z^@hYN;DKKcaR5ihfsxb75L(I>`qHN$e&StV4Mq0rLYVXy-GE-4xheP;>+EL~KRh^S zs5$kUQTzVJd~T$yDQ%#ckJY<+7z~I2_ENbQZndx#TshkEoo;!F`41Zs>bcqXXcvbp z^k*Je0QJqYVI{B8e;ewISmGC&2|rw7Pd_qhs^d-s3@cjen>whVe;h!Dp_KlJu@w~h z6>?^>da0sn^0QhovEO+Z7z@;f?hv3}nJ{p`#<7geg`S0$4 zE#iHyjryfGEH-z&khSN5wQhRMEZS&lh0GQi``{`&{sJ}13N*c?Kl>%tqE32nt&=EN z$>}c9Bf;G#@nUE~Tm(hijn5(IahjPMAAd%-pevIR3r5_&ep}?OBJl86rSCEj z75FO84OAHOP)PKL(R$D`u!jBbrm9H`{KbR$>kq%;N}?;MY`7lkn1LCCs5v?BG&2za zufZ_%Sca1m*XNPDa0>@i!#b|^60a^-nAj?TuGk^{K3{I;dSwnVi?`KVSz4%EgmnZv zxwqQa=rEKnCH&K72TadsU+69v66D6=FPB?>B(3!+TssY}>u^TAro7A4ZIEzJP8 zCQF>n-_DKqCB#_WiiK0qg0(eAFY}!QfO;k6^j%i!en-hAu|bz#{^W!HKsK63-zD7L zaH!sdI!BZv(frg~U5ek@RqK0PDD9&)Ls#7DLauE!5HvMa>t=B96%oX8Ft|3?tfAAi z8X?35SrHV9+zfboX~{M~n*TP^`L00N@frZqRSq=-aX@tE!7=@ucz7QqXJL4;Jlx;& z!1@PArs@0&WC-+C7qC_E+gY1Ki}~&{LevkmVh#Tg%Dz{b z^jLLH=Cx*=joc+<@}OJzH7TyMhSbnR+q+5USKV>5nlLL^Vtb^4WKrs~ z;^0|Jn^+StYllP$1*EfXNb^&G5elX>5&ZYswQt-hvBU8Rj#>ZLWn&MELFORON6n{j z#NVwN_}H{rn-gnPP~V|9HGRzL)^e@ZA}r6_a&ccXiU8IeJk04t(iZ|K)N()&ocbVG zzPVJTc0T#kYO67na2{$_tWIL(mQ(h|AwQ3x_1C};wE2VJ9bPLm83&A zlYk-V3G6N&io>ty?=JsdZ@$je=C^>pJhdDLas*tF(^ig;Qv4$jaK{8TdT#g`$AP+# z*ndq;D*=O+Xb~wps?6?3#J)&Ps#x6x{Q26glqiA=d!Wu~22@0vguZr)tm#|cD5-S8 z(oO}d%d5avGwp!p@v8v4WKK8VMjqRnN*W)z%ODqxi z(=A9x$0ITB=v_sTf0M1q){l2e^;t~L8CCwmS#@J8z~~$+AU)v%mlu*UZPQS}{cBX4 zH48EZq_mg}ak2*s!i1{Hvupa5TW<_-dGpm85C6wmFbfAeH~BkpS%rj}b6yko0P4Y# zT8gZY@}zb~b8zs7@>+vKT9*|vFHAD0)LCnbhX3L;D$aZll_M;-#J*AJ^ugZn>*_M; z5&!|wIfRUnIa_e!tXeI(5yC?`q!pxo$!8ZByCA7|;wPjrkQB`QYkNC)%S4d^9Sv`= za|alG?mB^n@N@^pQb6iRQMcuf)vxquP;xxFQx`@VIv0D$H&=eV==2Gq8OYhve6DyJ z3~b#Fkms5Pa4Z%VKWZs$6mtWj1Q@@3%LaFp@F*9c|d$eDoyy0RmCr)RijHjIYf5LSix% zUv<;XI{;P+34j%O3h0!wmf6f!BU6i)_nX7 zLGI~0$J-00)@gw3$QNDwhzPrXFjvqTlXY(#G-2k8g#Jf;Ikvyd})us7sx=T;Dsc9@3qL0zcp=4Yx1lD?W&hyr zTmNMKaw272o-OqofLHJc>jj)wIx#;sA__^Bq&riXgWAOqTE+9IU%4ydx%Y%B1%ySR zno*|FBS#?Of?$L74%@3wtP2Gndhqfljw6|Or&p}bC5Um-XzsK=J%gL^{TCHcgOZ7% ztK(*$pBy7S4h=S554(l`0h(KUFK|45H&3mi1&4h~$iwQsLikg=yw<`B{ceyTe_Y*U z{Kom(Qn`6KoRnXlqkQS0_e=i>)6Qbplm2~aLr0aA7fw{eue5iR`)uoi)PWX|#1Q~k z%WzC7Qv;bQ1E#*GT_H%;p&WP`7gbYNMz%Iol_h|Nra`%uT$2O^2-5BwtXavD+XcK# zI8Zl4Ln#oDrV>)!|2OiPWIuZfG?Ez3ss0!#C(0p3Vyk|4sgRzrVRCY!RAHJT4Mx@k z-;Ro%yEl5ypi>BHr4+L29U%FdTX_*oY0ClM_4|8-hCK=5McGD5s26V~so%ihM3IHg zIaB6kL(h^K$RSqSmDMyod7)|q7OWv2W#;^5e(D9q36XfwJRk}mPaWiNButr7bP5ML zegaQ9K8IL+lfOernU=-dnAQ-Z_tgMGQ5a$rM*>o?*yL}zQNdP7C0!PQ-5&dCHkX=4 z%@6D==AAvu=W8?WAYXpBTec8(4G_i5Fy4a-5=QaP9KO_HWTp~lXrJb*u`=`k?F?Zl z>7yzoMdYh9pUtg@-X&$2*-F-UZgx(8e&gnAx6967Yw$S)U>gy(VQLUBj)BLzbu0MF z4_^`d{tip9Nb2w*LnsIHBslfTW9S zYcR)B>$!O2Etc*oQv3v{5^po!s>e?OGb>zQnI|Ab!hu~n3;V{a5=~Z}FvwHLf3;O; z7ztg#wtC?d1I1Z@V#wPI$~Rn&ic&WVABA*(`=<_Iy)*gg(I9$sD(+GoBGR#tlnlZH zwjSY|NOASzZKAyni>XiGIugc2j5!2;z|U{-0$pEwL$L5ChNhaEw^YDy4OcCs)%eFq z7h$5V_YaMAFpq>^+1o*`^x;3 zj@zqr>c|$$!M`wpwTT>|>IZNPxh;_sgF5Q^5@DN+2M(IgPt}6JS}dCrOWz053iAh> ztDuAxx8##6)iw<9CFrm46W_8r&Yg1ncXMfxh9D8h&Uf}e`0vn(l**ISmp=SEV>p3I z^eabEn&BTnd>P6+TCk*gqiVs-hg^s=C9|?wMk8nBQ#_By?a=TR(HX(VqkK9r=;u`@$0aS$C*u*-Uy+rVnJ6wZH)xIc>u*vrJe$sbY27}6*2*gBF4?W#AR zgFMSW$pdGo)H(yR5uHbN^idM4UVhhs4FjjNOsQmP7jOrv>^aY{J2w$Z7i zIid&m5_t3Os3Jn-Vlskb83i6(HcMHv4wp z8Y{MQ4qN%kt!p?%1nis{@LAQB^>zHs8xtYFIdDfAJx08kE4Yl}v&wjPlVn^Zy<4a= zvFj!1z&o^@#i=y2i}5hvF6#c<9jb{TbbS{1YB!YPT941?K5`fySLj8vaHxC7ECpv& zpdsq90GZ4tddVR%8tWwn{vyl-r3I~mU@c=w!2Wi(rh@*ZL$xg%N<9Qta?}G!Weld! zIc1FW#VPofDXOsp!`NZH0rN*ixt7r_-~U>h0vTSF5c zKGb%E4{#0S^o!4vKMpoIVICc**zY103sr-GEKOKCpbMJO&aB#CEmY7I=UJ7*aaW4| zxcJG?^%dzzOdyBG1{rai5!QQwYhGJ;B@_vVVD^NIbb3tthbbO2CuPB7a0Z8;R&|~f z^wm#2m(##qph2CDpri9ktFwU#XQfw;7Co^YdfVWvjJI#IqpCse1&-6aWTBUsdYUCm zb!5QLaxPXj;w0En^S}TwUCSx2dy93Ye}Fb61kkOyl&od3<#?gR4uG`^Z3kh*JNmK* zv*(h3xEy8VvY4YWK)f3sRdDTaXEt7`Vh6%z}OzHSK_hv6WnpXJ6a$7tRR7?x?^C|cdR4&Mm*C5D4hO>JGO zVu}CG&5X4hK?eqnsgPUzGjlG33FhLmHfc!C#TX%xnck8a?L;TqhiYIB!U^ygpsc84 z3o6kahZYO?UZ6u+Q_hdLUzE-_wQIoNC$2@Bqr%!EBlglJP44 ztr}{=2o)aJf$zUK>iR!+jG~96nTufKvhXHhG^~T9ON{RfP2|%B6J4(hD0{TNOw7Nu zF~rS#q7T2b{}@&|qJ-G{rL|`!`4j8w*Xqb2oix7kXHZ%lE9@zu!yKev#-yH_|D{?C zSqG1BUlc+t(UZuU&8U3`7HT=00|AUW8Y{QdiG`t>H&`aVtgq;yTQeY~3)zkGIo@u* zwrpEK)rP_a&4#4j{)zDYo6=s&D{vnc!HJ<(h!LRcv$NQV?AbPQMulH3qX(x}fcJ+T zs8~;o6I)k9X|~M1ymkEku*o3pxcQ&Ai0c)b!LDe*VOb(Cb6glzk7cnNDZ105P{O|1 z$GD;h3R1DhXIR!rKL>N$=S+6-r$$#$ytG0gSP?0;X@fbLaf;Zj zZ$PkLS+&0xAgJtwjy#R4^wV|k|A8G5abTY_@Ipc(QCTDNTSy68=&b_FyGo3?73Sg& zkG6NGNs1r8v6i&3ZC_yGEv{coB#!U5O_rOK&c@Ql@?% zrFn()-%e&>gCuq|N<9hheV~nplDMsM>x=8smzJ0Hs%Y8b^LCcO;>p_=ii&HkJ_tLE z9Fyq!3?zpbtpL5kyM2F5ir+LR1gGY7zDNTOr#Ebn%rwx_rJd-f40nnZ&kpp(N=pu1 z($4oUcqa1cae1=8ZXt+Qe|I&1=w13LE4t@@*@)prVqs*YRfH%Hqx6(DMj!8@Qs{}7 zppTN(#2crkxnlbbxz7e)NbFuYo?Zz3Zw<~28i)p`R)ocAzuJkonvZ$PJoY&@)J3~O zskbgI*6DJ^nMd(^HI}kiUj+-G;Bz}Z8Ql@S>Fw+{t~0fCi|)G<-j#gC{gMg4waTHN z_l!Q#VGXNPHgei^)MkL)?Kga>hY!~v+U!8d!$QO~nxhiqgR@wRgX?zlAaySdCawAs z?k#e!rlB|au=$7BfNZ4>4+|}ihDjouowKoldsUigmyDJ&0T)Stg2%jW2~K0fN%dGD zr-qCw#=!rQsyaKDiby0^D$~!hX|`HCi=XEAC;7qI#(rpDneY#KEKKExW|hq9v(rZ< zedWz6*M|4R>fku2T7WdG2z4QkZUWpciS`@JvM$ut_PKUEJI|{0XG~VE5<--KjzQiU z*oGn&xm2g|4;l@a*_{CHcC+bat@KsukDioiiOW}7G%3kcnoSz9s?B5h7CsauyY1%5$GJyiQLkx3vZX5whaj-Tbf?BK0q z2PwiDH6D*Q!^uqG1U<8y-wrH1%{9c{0ZBVU74ma=mGzvL`KLc--Jzr1JmGHm&dU9Lc}W8p~G?(_hZfMo;L_`o+FK3=MCV2&({kOL?fD2OkteUZ;G503` literal 10324 zcmV-aD67{BB>?tKRTBuc9@fQ|!h2N^0hlWAJ6RK6>!4`~m_NswyC=)jsHzgGPyni{ zhrHJ+k0E&SA`6aKcUl8D2Nma4rR~-gS6`hpP$)Awh(&%jybb9b6Q&Oe_#AqD7)orGk6{ja5a75gNwibh#C z@FT?Ts!@96GG9TUP?OjPRcA{D|ENLyOm(6TL)7PKt2HQAUpPxwUsZdLvsPIcP8AgY z%L$Mxy3Rb8t6?6QQXAw0Rcm)RVX9+C)$U+Bq7VwzQZ zF|J?U5Ke3bCLh=x{RCyy%nAW;O(%)wAm@Lw&BT{plnI{0?%AttCCi*qw7)Gf{hRSv zo!(YKRr*p7`~rf^0y{}OX9Vo{Ef}`R>jUGd6cF}Q&hRg?X4>3~4(pR(k0mtEf65 z2G=Cvmc@P%OQv}NTbCoPy{%QARTG9aI3&QGu><%sCeks@SS1%jj!DrRQB$eaHkM9b z<|8NNeW4uvw@GWyEnEEV@>;x&$2PC{U{8I(XV)ABs`}Ye-|(e$UX(w?|@y!QXS(q*+=2`1a3+j9cY=PWVOHGbfZGG)XMOf#0w z@%n|pe0e@f3JhP&(QB~NSn~HBW)48z|358jpVLg`<7I0dz?BY;7Y* z5$t&*eNy8+lOW+H&ackO>a&7DGk?wk7rc`D%i-2_sy*F(FA-tej58&yLLS zML`Kl=$!7{VDLiY*;VTLv-ZF*?HidB#9BrGd(D7&BE+ezEZ&Nf7W)qhMh}8PYKFtr z`PB!auN9o9Qo8TZWTw|+;2*bJ);Yy+RF<~>IqqH0BXR@iGu99H-aiiY{=g6JD6i}K z@;?Jp23sy0X7@y(g$>c`yvlMNh;~gGL^5N1MMiH?bdH-KuR#PzMm4iw3>@s{0hdj) zLUjB5BD!iF>`)!P5|G|9OZq8Sb6KRY~O)V3shJZmqe@D5U#V@5bWwZO2 zO;#jyKg?g~#E)Q%<|od6s8QjdqWB{pyJN;}aZvIpYe~(O1NU*2w@vd@O}oV8;@MgeGRC>}V{=96(_7q&gkQW@&W)zqnnX83u>jtHjthtS zQvtwSm>HHwmjZW6$lZ$xz;Lf@K}o`@1vPKXJeGi8huz{2L7vZ~dg0Yu*TN334Vz`y zj8K^cfxkM(+VgB~m^yOjdf7xu5L=!&FBD^RO)!kmpG=oCy>%9zv*;aan3A< zkjx>=AU-%na;G19_7ZQ%3M;|T5@@aR1qjJ-!oTUslF`@4)IVld?psru`>jQhx1&A; z2bR5jTUed{33V7y#g%>@_%Z@3Z@I?N4I*K$e~?_13OGMY-F^nZg^%g|6+ar;r*V0U z77re@@P=9oj;!x?Qas>>HdrBq8c-2-thPO=pk+pNc4N!$D}lgH+W=dD7bHxcE6dV1 zOrg@{6@TWgkZy84@AeLIl4(?S{(N&TP1H;Kp^e|F$7e-fuu*Cz^U(12N^6mP?pN^U zNsfq2Fk&fXr%+l|g5wv(;pQNuenW%feFqL=8%W);&lOrW<`SORh4!OiwmcHlIyDLM zgOzvQDAC#8 zR8$k*fp?rV6-u+Aet4?!eY8vMyP=*B|2@+k^;iQ$ZOIsY+kaZ5ZaKSGQ{*K+&>$F`C?m;)v z``a>}bi$42^Nc1l_d~bN^%V*j8+d%qozZ7h@~2^((rc)DH@dHZB|Nb4GJui7I*nz2 zTV61P_^>fbT!rF{{~e2hZ>=wO(>PTyW0m?yg$VP-7;Hfg%I-T|8kH) zu1)M~nJSLb4~;=}huWa`eH(np;2K@T6ZKQJN~N$03+BY8uofqYby?=DD6xmmVG3{m zL3nV^Cv^m!x4}CfCkr*NGPV3}7+0uas)8cd4bH+mRzQ&;I^)#E)(s&?=z6au|A?2< ziNuRbdmwC4!%B=<45yRHqu@&Wu8FdHSsJbQCF+j)MhWOdaBF{%CT);Is3H7&ys-}gaj4MgOy7bk7 zU~R*XWiOWX2G^Ks$^H}U3&Bdq0~{Fn#|q!6-=u@E94SxakB##1g|JU1j^3t`h6Vl` zj}`^F&E(D#baH3EmU1^)@~gY9SqOG9?@yb1fL$z_4weoYBJDf?8{=hQn2dh-rt_bf ziv0GXzFyIFRu`Ewz3v-e^@2}^4##!_po&49G_JUm^!>*oc za`I4u0<GD6AGAJWrT*JRl9bD#EwKnsg3Q@!C7rw#$k4i7g1m7+) z^=i&yF_tK2<8~o@2qp7HoY2q?7u~#=O&UeV9|{7c8MZ3;yiC(=XZAR}A@)W@Ci8YT#A8jA z-&<(8#jel*pIqC_oeHDIh(z-}pc(UXkGeCKJ-pY`|b` zO2Vd^fA@V6G55u%M!Z4HM`o16&MKSV+e9+J*DsJ?MWeqCAW;=Pcoi9ON-1XxlQwL9 zlYNm!_mxE#n$XuZWG2tajS(u%I@>F%Fqrn&)Y3P3$;Uvhm%gL>K0p&Ff5S_}F%hcy z@>R?R)_pM{oH|vgQ~%8MS8J{b>NJIVY;jb>?oWtl1eC}ya8_!Xn;5XtSLZ5EiOV2X zSztR4bu=pITTh&7a#`w5G08$)x!`HTlv-l5gFY9%Rv|=gLD)F-1!Cg3u%>?JZ#1b- zhYRDMI$qw78U5=tj78zz_Nv~Low2@p6uUbdk^1R+VqA)qJTw$^GC2(%E|FKBu0v;Yj`25% zy8EdpVXX=f{>hqFXpgAoTxgJHw>?3}=XB2+Dd^9Dyhsm2S`}leNuE+7lu0sIVT=0x ztfsVXw>`lN%aJtLIL933bmy8t`#<>U8`zG5TFAO-Q&DzLb{)9lH0Ge=D%luWH zG`Uj%mt=&=dVgm|39Fnp+r5%J9(P~FPG-bqZ3pu7J3ZcW! zs|(ilKY$$kdReLtemWLiUD9A`8!R6|isjSzvJbs`k(|V^3925LyH52-V5M1yS(UAl zDgUV0AJtckO&SXBW7+4)3Gn$WJRaYzS;9^?d?EIlxa<)6NKa#?+33-(5~H#R%`9)vc z8dTOwX!`xP@!X;z;F~z&&tsAhrmL(OBYLARnK>t_PF8jITpQX-xT?(4Lieu_+$}Z@ zq}V(;`2Q~h-ur#e)0(@e#82E$_Bi|V!;`7SCaPy!l*f2{yF6*cyFH7yLZiB)hBg%f zk7o$oBbJ&fKdRSF^AYNK4mFUi)$-tAfxk1J-m|l0JV4S;u`XSx$xpsFB|EB`G%k3V zs$09KOD7N%6q20-);HSREvRR3%d4uPUY`e0&jVvWNdC!NV;x_xh+h%IJKMC|#8@R* zrPE&)fyuMnte`XkhGj7cVxWw${hZ#>lyjwxH}aWm%O~}a&ShZV)$4_NRVTlb0kkKM z4E9Qo!b04V7a_+-Cx*?Fc+kPFX=v?Rx_FtEFdGogwMGk%g6zV29;(J1*6|AOlH$oY z%YP3zb+b8(hCEp}vg{sm#NweIk}70On>vmRIr9cgVud zkE$Gzs>a=o9z72?G}zt2hGejPdkQ~upqYM^Wiv5{4| zzG%{7gxlwtFa^?ByO9YKeH(HRaR`|GAj{Nvs+MWdrEV_M2H7fOZ=O9Tia zk5|Q~vDeR{HC4=#>!C|0+-;{4m}$Az#DsypA)tqo+Mqj4Y-h_wX?zFF!5sjt4&$lt zxrLt#XHf~?U3LKHrpI(-Am&S;?4Q^@unoW8l~F=pZh#pzuPLhjCc$`K9j3bQj7`YC z$==`Bx$lszx~3<=r{K3sutItD*ZO2JQ_JKaWOZdMX1QbDU|jCgR+~`DxGxZh?sv6? z#_KtnEmE<0v0s-Dm|;fv9G-IphMK51%&TSSjN`e5HTr0L*L44u#vc8-D|xRDM25C%I*G-M)Fyu5uccNSWK7_ zF~#Q4k9_>QFKZ*`ABd;L2Nh%V4m>=S}wr!+b7 z*r`#m)k`-R_`6=?lKqYNA|h+Xd%FfgG4GD z{3ddcPtp;<^CxhwLg|#2Zegp_;m*{ij+=pUQK-clZ1--Lbby7Ods)s6-cEcNuo+Dl z`1mM?ma|Wg?E08gxb+q|%XTng|AdlUBHqo)Z<UqbaB<<1XR#9u(rbfED;ogf9mw|rB#2A8VhPr+xH-j3jg*ic_R0Vp(Q z8<*Wz7^3w(y{)6g_BPvO-fW-<%8aW%XZqnBCNMhV=o{#pZ;?2B@3H*g+g9w)15 zSAUNBR?>}P(4F{Z*37$D# zjPeBP;sjR?*GCT8THK=YHbp{=&=Oa0(cN#W-u;6=T!)zi{TU=`nAk9l+%nL51`m9= zh-y4lzOL$(mXnj7`IvPlr%3MYV9sdx!AE%L>mibQHDx4|Wh>cc)T_Y8-a=weixU?o zQ#!mGax+q6HQOAaJwXYn=UKMfNKwhwq)`pE=d=0vU;!Y!%v~E z=Ai&ly(kl3h|;5emm4f|A`lcc`FwHIJQDlz^G+f=qR;fWuy2QrG$GNHI_o)`Rp(zG z^UZrL1OHSFi`Otd=svPN-WWH{ktmiX%c;czHbLp$zUnW;vp^ZK&(-O9Vov z+ti^P;8q(Jt@iNPPecK`(vjT35paD@v*+6cbDOp~WcCX*QY`P^1!;2J)5+=!AYs;o z_e}hrU<(ydM52V_i9Gzp;adx9*>!k=7T4V73Js{F zi?xOP(5`L%(&u<&Tboplq5V2L?zc0ZEKa2J+$VxF-a*ycQ zG1=IiJ58Gt0)#WK)SKE{bEgrnY@q^4|6i|Hc7?8Q?CPC9{6@ehhfB8=yZwe1n8Q<` zVwr;wHVbO!O)3h|eSu^OoHkRr5Sx1(4~;wCpq}L@KB6l1W%VQrVal&m&$AJ4Nhia4 z)-t%8c|5ZLf*da(kBRZf6j55;u-MuUl_7&!++68l)-?sPC8D0prG9!HGYDHDyC4p7#%sf!9T?96Sg@o@R;l2%{m@|ZB6f^LzVH6${nFKSvZcuL!k4H-=gGhjWdl9 zQm<}aCclu!qq&=C4FY?U{lX@?a{f zZ?+#@$ZfhWSM@wd)?sPYDqaSxi8pI!cRZAi#?=3?dPv*IIVEJXv_)PE=%F2CaJS)}YmB1vbqmhk1_VMmZHrbf0rwDKuUiZe(s@1jyhUjlIB* z8z~`mDu)FHSW!h44Grc;JQxvPqhg6_y-c@3riXYr&z)~;P4Ysu*GbCY{b%lx zBgHi$4PbzI;?C&TFz*~9)Hq5Y!>Q$W9=ZCf`n5l3aL5Wk2up_r+C%t@Kn7o6>0y9_ z>zG0(A}D%?4|eXMVaSvW0ZVknJ~_42UjWMa_rEOFD|$x~gMcHpW45qSzHd9{A#re} zJHF{zLdnXUK38%oF2^_|N{<1V-Q1WA_~X_V7zuHFzKRlMCx_w}W${1pPC4JU^+ zgnRwrVXl~Og!bs~ps&l5Gla3Ic7QQ9;mDZ)fO!p7nDO0mgmf8G2LAmb7VH82t@1Mw zu3Y~)8(Il9-})4X^Kyu5=a7?bK=7)J!8a@3Kv0FA70#`_cMIYnQhASb6WSXEK{aDz zsp$#AyfbFKe}5Kw>*`**jm-i>sLO!PfQr#qp-{xXHFjn4MHS2NtEsK8r%?J3E3 z(!|!%rk&j*U`f(HV$?bRb3DK`n!z3Z!b>&Mjt4OJGuFrKXxaBbU~SGI5aJ@HY+^}n zqAej%2bg9zSQh~Xf-n6Gy#GoQ-hgjlHjAuwQGpHU?4lj1P1CGLRS^*DIfBhBU40{x zKHUZ-l7Dpr>L#CQc_3wW$@*x=sgTf81)nLLFPG@N7|^6XJ17poY32X~?e9vZ4HEn} zC|7foI)KwM7|D>)rs^d-f7Y1N@y0g1zLIVys{xFF!(d{NaE;7P;g1yb+}G8Ib4s?#q79oQm%gU{8VJ zggLBU5Gpi0C^uF>L>yxB=hRapLbS+Q*Nj^13_xa;*;R(Z?eu(5j(O&v>ogFWx`sT#-sB5XyikA^qyU6*yj(@I@ z0)o^8ige*TFtgXZvhkToZW1p4TceBcEGWj&Z+~@JvOLMSFI_O@{uI%({&t0JCEn$s zHa*V&%sk!Y8mD5jlo8s$9y{Tki_y-dQlBoBX_u7VZJW~0D?rV;2GkeFt6m)o8|ZRU zivkHcHu)z}~5kkh5P9+s%&Oy9`5!GmC-4zEEieZ1eH6XQe~iBNaJs(-YVs zMiHd>>Vr%GePJ)zhdtU6)D=zC(CW%eJ8?lcerc5^_i{QAPzeW%4qVG=Vk=aauiAaQ zvHd9)z5qMVgBK>1R0gK!El~-}%~UXu1*?3~6p5dj>FE=Sg;;_)Dd8m5CVoop=xxc!iQ z&{ILw<9*hZW_kn@Lg=r}2ttc{mV`lPAuK~)<;YeCcj|DuOr?IP0?I8vbwos50KY-8 z1X4I&%SQW+PlJ@`zMXA5IzZ?vkB)Cj2D|{nwDN|nGaw0op1xCDZJw!R1X(hv2l27z z3C{w8s84J49*VsYXfrsUt2`p_F`$;3KZdXselp zQwncR`ok*T!0MiN@E$3YPzozRr}173E1n)+`r%&?`#iUvuDJ+c7SX1}y+Qr=IH;@Q z=oYR>e%-aFv7||OsAb6K5 zIoh;Gxy)0gE?T7&}cwySqxPv$)ytsnI3w%c%eX$0_F`o1TO>4i~2bHYiOZ39c< zh-8BhWpUr@98!fV2|rF*GEdS*bJ%Fc)zrvWK!OWnuK+>AKVO4gTaP>0@eg>D@vS2z zWD6)!jYuGzI!KhFUP$Az2RE|CXD^pOlFlW1<~;XjtJ^TmVa|NqMWbV%UB{)QNi91T z;v&`ZJd`iPjV&_2af6B&q>z3{PU1x&8TC_7Bcwfd$m8z}sGUZ(wyHB@Y&hH-Wmy)) z#F>$5zG&6NE4X}WkspuMOYj+lO)R(prh}A}q?@6zwN9i&DGND*cJ_L`i}>J;y@I&) z!(uqGEZtv(J{RhL^`j%OjEK8d?LhYiKT#*PZg9g>l4LpAm8#W5T%5Ruu&7kqt*5(s zhR{z|;ab|21P>DR;z2g0L~mO!86rcZi(y;K)*FIowd{JdAc>M|N&|v5S`h5rq8`;H zpH0@bpM@~8&Fhfd@`T#cQxjQknh&~kd8~F{^$x>+7o9=38U7mXd}0ppHoad@LsHM`q8h%7 zP}`jxu-D1KG?0UC)3TN0vv7eu9Gp?PmA*kAwG4jMU%elo0R+?dXrK@T^tbRr*%R002wy_r~D{I&phT$X0EbO95h*#~Cng#~sxaVO3TFp02wCHYL+$nQS(uCe1J@?T2bL_iLW|>kp zin!wnC6CC}d3vJ&#FkC)#Mwc+`Qf9k_#7E?f>Yf+Amz&(+6_?dXC>^xaXOJYs61;V m(HthaG*+3rvm&v@$42d@21M0f#%f&$cM8ZCVv(xwfCqn^U^G_% diff --git a/testing/requirements.txt b/testing/requirements.txt index 299c8f2ef..27a0b3cb7 100644 --- a/testing/requirements.txt +++ b/testing/requirements.txt @@ -10,7 +10,7 @@ pytest-localserver pyu2f requests urllib3 -cryptography +cryptography < 39.0.0 responses grpcio # Async Dependencies From 9fc7b1c5613366cc1ad7186f894cec26a5f2231e Mon Sep 17 00:00:00 2001 From: Carl Lundin <108372512+clundin25@users.noreply.github.com> Date: Fri, 6 Jan 2023 08:11:46 -0800 Subject: [PATCH 08/12] fix: Make OAUTH2.0 client resistant to string type 'expires_in' responses from non-compliant services (#1208) This fixes https://github.com/googleapis/google-auth-library-python/issues/1207. --- google/oauth2/_client.py | 5 +++++ tests/oauth2/test__client.py | 5 +++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/google/oauth2/_client.py b/google/oauth2/_client.py index 7f866d446..c2eb6443f 100644 --- a/google/oauth2/_client.py +++ b/google/oauth2/_client.py @@ -120,6 +120,11 @@ def _parse_expiry(response_data): expires_in = response_data.get("expires_in", None) if expires_in is not None: + # Some services do not respect the OAUTH2.0 RFC and send expires_in as a + # JSON String. + if isinstance(expires_in, str): + expires_in = int(expires_in) + return _helpers.utcnow() + datetime.timedelta(seconds=expires_in) else: return None diff --git a/tests/oauth2/test__client.py b/tests/oauth2/test__client.py index 13c42dc52..b322eefed 100644 --- a/tests/oauth2/test__client.py +++ b/tests/oauth2/test__client.py @@ -99,9 +99,10 @@ def test__can_retry_no_retry_message(response_data): assert not _client._can_retry(http_client.OK, response_data) +@pytest.mark.parametrize("mock_expires_in", [500, "500"]) @mock.patch("google.auth._helpers.utcnow", return_value=datetime.datetime.min) -def test__parse_expiry(unused_utcnow): - result = _client._parse_expiry({"expires_in": 500}) +def test__parse_expiry(unused_utcnow, mock_expires_in): + result = _client._parse_expiry({"expires_in": mock_expires_in}) assert result == datetime.datetime.min + datetime.timedelta(seconds=500) From 6e4f858518e6b137be8a17d5ab81ee9236670d90 Mon Sep 17 00:00:00 2001 From: Carl Lundin <108372512+clundin25@users.noreply.github.com> Date: Fri, 6 Jan 2023 09:48:11 -0800 Subject: [PATCH 09/12] chore: Update CODEOWNERS file to enforce AION SDK team reviews on shared files. (#1206) --- .github/CODEOWNERS | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b76778cd1..4ddae6fb2 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -4,10 +4,27 @@ # For syntax help see: # https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax -# The @googleapis/yoshi-python is the default owner for changes in this repo -* @arithmetic1728 @sai-sunder-s @googleapis/googleapis-auth @googleapis/yoshi-python +# The @googleapis/googleapis-auth and @googleapis/yoshi-python is the default owner for changes in this repo +* @googleapis/googleapis-auth @googleapis/yoshi-python +google/auth/_default.py @googleapis/googleapis-auth @googleapis/aion-sdk +google/auth/aws.py @googleapis/googleapis-auth @googleapis/aion-sdk +google/auth/credentials.py @googleapis/googleapis-auth @googleapis/aion-sdk +google/auth/downscoped.py @googleapis/googleapis-auth @googleapis/aion-sdk +google/auth/external_account.py @googleapis/googleapis-auth @googleapis/aion-sdk +google/auth/external_account_authorized_user.py @googleapis/googleapis-auth @googleapis/aion-sdk +google/auth/identity_pool.py @googleapis/googleapis-auth @googleapis/aion-sdk +google/auth/pluggable.py @googleapis/googleapis-auth @googleapis/aion-sdk +google/auth/sts.py @googleapis/googleapis-auth @googleapis/aion-sdk +google/auth/impersonated_credentials.py @googleapis/googleapis-auth @googleapis/aion-sdk +tests/test__default.py @googleapis/googleapis-auth @googleapis/aion-sdk +tests/test_aws.py @googleapis/googleapis-auth @googleapis/aion-sdk +tests/test_credentials.py @googleapis/googleapis-auth @googleapis/aion-sdk +tests/test_downscoped.py @googleapis/googleapis-auth @googleapis/aion-sdk +tests/test_external_account.py @googleapis/googleapis-auth @googleapis/aion-sdk +tests/test_external_account_authorized_user.py @googleapis/googleapis-auth @googleapis/aion-sdk +tests/test_identity_pool.py @googleapis/googleapis-auth @googleapis/aion-sdk +tests/test_pluggable.py @googleapis/googleapis-auth @googleapis/aion-sdk +tests/test_sts.py @googleapis/googleapis-auth @googleapis/aion-sdk +tests/test_impersonated_credentials.py @googleapis/googleapis-auth @googleapis/aion-sdk +/samples/ @googleapis/python-samples-owners system_tests/secrets.tar.enc # Remove noise from test creds. - - -# The python-samples-reviewers team is the default owner for samples changes -/samples/ @googleapis/python-samples-owners From 9e584e5e26616b6755155443be70cfea4e77c56a Mon Sep 17 00:00:00 2001 From: arithmetic1728 <58957152+arithmetic1728@users.noreply.github.com> Date: Mon, 9 Jan 2023 10:43:23 -0800 Subject: [PATCH 10/12] chore: update systest creds and fix unit test syntax (#1210) * chore: update systest creds * chore: fix unit test --- system_tests/secrets.tar.enc | Bin 10324 -> 10324 bytes tests/oauth2/test_service_account.py | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/system_tests/secrets.tar.enc b/system_tests/secrets.tar.enc index 83e30b78074dbe0c53fd03dd4fec3493316554f0..7323421d0ac1ca5a6d837ad5cf004bc8d31b2bcc 100644 GIT binary patch literal 10324 zcmV-aD67{BB>?tKRTCnjka%>tEgbYghE3R_2IVCfDE!LQ!rxi_oXH<$GPn||Pyl~- z0+#t4Zw>3)i>u;4chHI+2yg1yxEYQ^7z5QurE^{WwtpeMJc!L8P}Ew1_d|F`b@JS5 zlsq!bNng8F-IplwlW@#f&ni@I8fAaMbXV>RN82RY-*?*Y8C8 z&dJo{{{{m1Mzd`QA8p^ygI@!0#$}7S_+s}_k)#b%8tDDPmM*ar(5EE?$LOr>=l}+z zTGIiDUq^#F0UPDV;?*=e(aWv2f#4t~v9C7%Pr zmKgTG29zqUM(QRHjugxoK_;MRIWXz81~#cm1ao%AzVn0N-wct@dM|{m`lCaA@Z%Z# zqQ=4Fw9wpLlf|Y44WQ|+->Z+!`(}tv8jM{^;757V!|nh(*V{rFYTH52uW#i_eVJF- zbnn>`RAdmu!g(IdOW3JZ!lI+uvKBCsF;iIg?FDENtk&JOH`&njsi)#w!No#kCa5%9 zd0kuBL2hLKpUXE+Kw^8G=nHWQt0+?yAAsM$pwC!??N*c=&A|(vyUeCNkvwJ za}c!ZcT3vHX(;u-p6}z#3AFU!#$8gOfzq=*RbU%N*?UL@S?r ztqlkF>b5p81A&8A@w=>TT9cAKVuJ6&enA9uSiwqk=`_Jx5?+IrbJjp zltU}xWsz*o4OJfY!#IQjjM<fPKlQ5+26QTv?Ujh3j%Iwd)1WiVpT`!(TD)!R zU-2?37go6n=F1|z63_%&YX-;SVZj#1I!UvXgVfRd=g(kO_zVx&t)uw+KIMEXWk;R@ z21u%GaEP|vM23b?MIi^8_= z?KvLO`oQZ_4N7g;mm%Itz4NSt`KMrqeMke`Ubyv=!l12Y=U_bX3`ClDS@28=h>YJM-Kd+fSxc--cclCFHZyMztkr)ASR{QhmxI^`L$dQ z6qU0fkHR~x{(~`jCEp5R8w<}ax7bz3^!z=%YGQ~qp?4_~j(|*VXK28{Ak388w!Qg7 zf{K2O*-^v%l~*-;sfG|NX=%B1v(;&Bt+>3nzFG=nN1czb{xMS@Xeleq^)Fu@XC=AWByNsT#fq3=mfe(&8m`PY*B;{wA$}mV zG*v*&MZ)?D*Ng9zQe?0fPsdaCYPVpWz>{&uY;{|k?4kv#kc2884Mmy!JlN6j5$$AF z&V;?Hi>o3lP=xa6oJ+QC82w>6TV7-ZnFtVgoEhPW? z9;_O@Lfko=&(WWC0Bj}{Ix7$^#K_NV=Xzl3lt#P|2dY2INTRxDQz6n#_WD5sf*kNf zzT}bKTNz>)@R7sBm3p<^NWYCT{vU}20Dno{OZ@beZAa%lQ?Rr2(!{8g>) zzzU8KMVFwTv4R%M?hPl`2cbgAgyK2u0o4$@>c|3WqV<#GwZj$XwHjyh!mCb954&|) zU_1E;;NBw?%@Z+^xf|Ag1@4{14%4Ql$0n`p8ojtUDK9)9sl=sQ#_mg2IJ{mJwJN zasQW^!50=ajl}v10**=q3~x#l3mnq8`IjUf0!4Pkyt2H1^Y5^7Q!B6#u(jz0=w|)? zwSm8wnKm)zg&HY!dOqK&3XHMKrWa(~1Y+>eKZDEA4cc9=uI{eZ`XV=MSc_-{_r0!e0^2FhwR~q;h)-|>`RIf8L z>wVM?x|TUeTZ6XquKRfGV4e6l*h5R{FvYmoe}rZOlY zCMQ53W>ex)R^-ogvHSOUcuyp)Jq>DGWv%*wl}Lg^&X0+lM|04~B}hdH{@{7GhcnNx z)OfMyVL)Hd7^r1czD>k-40}JXWjrvMUj)L&%{C`vqJL?4_-;YLM~ZI9fA(&)CwY=3BmAoTSnDv zm?>{K&_0yJL8MD>%k%&6{03mAyT-Ec8< zNOL~L?55qM!J1Ukfp!VsSXTnII+*;^GCeUXdsz(7yc3@0Y!hvudLF%-E;r;sz2@e1 zgsv6;!40;~oJ_z4VvG9e`%Gjs)2cCM5{SjJ1{z3&Yp~dWO$ks0tfRqj)LqBOlT znUVe=eLR-g%Z)653x&W^mWU=Ky2`$3Q$H44*J4OD97?&dq0uNI@3SX5a=0gGQ&x!u z5K!AdmPgctXh#Q$B0GK~ewu!48`?tBcucUe@4|k;f6++=T5xU??_+e#60uZ8`X{t-%ZVD8r24G4@AwyXpp|hTozjSEa5Bau08yio zz#&9*`3}xYH5-Rf#pIXy{&yASFtH46T>X+EbJb-p>N8M?s6KwU?K56PzBe!}D5o3n z*sQGb(RnC+PnU%@l}Jr^j4OHNYRpEl4uN?Ms8mZ06 zM~rE%^*i(f)tBw_&5fZ~P9Ub>K08NpsabHV2db3vdvL5RhB3^^U-m+rkk^bn@q)p? zRiVCK9&q=L{|c>n0*E4t1UQnU<&~_hcs3-mBI$XUs4b0*H1(qohXsJEe@0E zTn#S^8U^Lvf@-gi^v_bu&t-vdoj@v3zO&Nbn2drEP!=sRIWv zFDHnbcipTYsXlG1pcoz1BXJPO0eES+HyRkZ9GTk-zM^U#jxDs-woL74AKVztjO?f?qS@OlHrVI1a>G&1$iTScOMZWpdccfk1koY z-F?eA)3_d54Iq{E3tDT_gkU$B@1D3fHm{KdpvZ0#oZSML;llxaw+|lf`LrCx50$r! zD8`0<;ZDCm;TvK&XzlzeeB=Nw3^{Iz1mTV&4!C}bpadP*0MIy{-pt{}-R}@H7@Ff$ zy+yn$5kLv!e&9xsa5nT1Kx3g)@UK7sURR{6gc9`H3OqB5le44iKW?lzUiupJXBBm0 z7JUlA7dkue)QtXO7$A2{bLCy|7GbJk8Sy6;m``B{j4rKnSe}xB9ts3Z~B&1Uq zkgsgnbG}yx6OJnagDSuv=tLsi`;tB$4?N^jXcFLEvMXG&U7e!Z)+!t7nyU);chxp} zQ!NI#$N)j{0r}F_#usLQNQZ6}pwGMK@6@TdJ+`cviqi(O%NjcK*~y50nVAaLFnbJ~X?L??RgiFFCK4mV4SbH%4Xu;7=zft{HUz}ix zzUpu>^c+Weo;!z^$lSGaCEfIVa8JcxTIvq1OB)TtQ>p2!aQ09E#x5_31}0 zP}%P7)nJvc>3lzq7%Ox;FP+>}gtoZGKXTObzH8Tf{ctv19A$fssd1=iN-ZF|!Oodq z-?_?E=|2)Lq8~s3P13~R;K7?=CrRywO=h985SZU8)dBEFw`1UFH3!`|RdK$yEDQE-K#J)RSroAti$+L; zTPb`tz#lfr&tOCL_CDJ9`+hm6H`p}KJvr+;VoitqO|UucswtGq&%o;wS;WkrIqtd^ z8ZdVJxsJ(f{Qk1);Og4zA!0J_Jn*BzF|*l$u-?H{&OaQIIDc3}5{uT;vM|{x?DI(cME<1{LbrH+!BKWE&{T3qU|K?#qGz>qsnvmOapf; zJN#LXua6r)2j=aNO>Sad4!bSZqdF5 ztH`P`b+4@AwME=(gp&S1Fl0NsVGOuIKr*JGolWW#Bb3V)#95~pSz0LdC6+YJ#aG?% zDsCXZ&|l^S?}7dlxu^Yzs1xAOtBt+L%eVOo>aoG7d7^7w;mSBdXEz7ObvJyM4fz6T zX;uSpKrw|~Xa2w*!N&`dD&q$wnbOpqXA2g1(XA?4sJJ`IS7)ATDTA=6^%o1iO$0Aa zkYYQlKazaFn>3|6;wk0UIRh*z?g+I{dnyaN1cchPeHC4~g^wg5kTF6Y-$r7HXHRo) zgg43Quag2hdmeE$(C?j%dodtX0b@=tjP0$8Yg2FANHwl%M;*6~nf+Kk74A5=?h~+h zy>JnyDC^^$JRe|S>wx)v1=HRCCun5kH=OSMD_{mBiKsbD(-;{lAv$a`;wfZX1laBY zaMHA01a2y!#E{TFew}TWDOCtN%3D?_CrByD(}aEKFu;a=K|Df|SPiU}zIiRsL{<_m zFVoo(GkW*nI3~@YrD?tvoTt)2~ZQDN9=V7BMdVYmVe4EdU(sq zomRDXKtVuJ;X|898qTVE;@yJI#+n2Qs?AFM%&BX5ijWOWa6FzD%%A#6c^h7?8fpyt6Oh~lkd!zGs9H>^sH_n_DgbWigF)A0ed0jqjIvrODq17c$nDcD1Atw~5%EyA5qF zJ&-)8hQ%D9XC?Qf1!o$|vx+cz4FQ$%dJAm7D}RLA3U>LB>~&r+t=dYi1B3@R6{_W{ z08r9^GZ+gS{KY!%;+zRYfI_o@v#W(jKbnC^3kGLB@=*VB6P!JE_d|tYrTu%^r^ccSo`j zK%M3+*F6|#bF(njN6jIyt9A`(Rj>OxiU8ihr>{}Mp*n5P1QL(kmC~X1W9A!WqNOvP z*R)vJ@{=JwS7+Rmx<;pZ?^i^98mVLqbk6s(TH2oXuhA((GEnB$53f?R{N*K)vKxhV-Si zsIiz*Dj<(%D;J(WsG35$9JQV10_VrV*Rx8Oy#kZ;KZbAk z{fi1OBVSn|WK^RS0E+{Rrc9oE&M7N~;!Ku+#dZ}22VmhX^MdTIXjFfP8!F{yM0ty< z3-KZXJ_1%Z2}aSve*}zpr`X@*pJ5Y{ZAK^+?C#bJ5ADezS}M<9Psg|rA^Z$Us-*{r zmxX3_qPH_xogF64_{hJ~(?kM52}~pmrV(_5Wg+bZ9n(c=rOq$Y$oJJ8@k0K^gv^QS ztfxM$!1K$e*vN(*Is zISQnh+tS)LpNcrDRnbECugt#|_hfib&=s3SNK%;O{rw|~pr$MibQsEJXVoMyTNphV z5meTY`;@IBTAs&|=A26`0TsCg!-9wbijc|%dNM055QE{_F-Nl9sQVfWvK!_GUW|Pu zu`Jbo0jN2KIH7K3{?LB4)f(y@8!&%gupwd#3}|Z{B}>dLN?8n=RKi9wd9>M~H1=m3 zGeumE{h(OfBytJLRCYO|z84dcW5WRa^Ro?8c;oIji1oN&p|*z4`n(5Dz`ygp;Ld&M zYG0<> zR90HibnE0PDD*pvIY;tp%I=fh#$wACE@8f@u`el(Bu0DB#lot}?}jHH$FptgV&%YO zc~Ssa2Z0<~TWn5LYz(KnSzN6g@hy9Dqs~ zuM;?!GhGTPOQrehfC8T53$a^pZVB%XK_e(6N=Se$msVMEDYY;{H3?| zS><`!0>=)c4`bGrg~~iB`-xPVBmksC#if=pE^@hoJ(j&edU%)-sb6#J)@3I4Ej_9) zMY!;o?4HeqqIz>71D>m-SD!+3?Txh=1QNBb4Ix06NJWQs{=;@1A;SixBk6}|C zyZT@^7$02sq;y2_>&wu|k%EXoX`iGm(x*SCEpKU=N06s5ktYg%F6!#ogA!QLQlG4; z%5tYVXVQN_qbfXZkj;4=KG|IuYsf3#gBQP`M?>#gL7V;Y0XV_;NC`7%j&z>of)6A7 zwPN2ILQM%-8n}evN3H_STQZ#^B9C1pK+C~DEqV=*3F-40&;hv39qKC3qC~bz2Pusd zW3#ny6>)*kR&vfeuuFGkFyhwtk!}30r%^J3<(&xSfQc}`qHk;Zltu?V#OSqVr=>rC z0JA_^5u+;hLBPc)4ZW;|M1$e?-vQt*76faV(EQj)m0h8^Z0k#pR92D&LrIp}VSgb9 zc8t|lQr#k$vk2&)&(2J2`x_$X<<#}XINr4HYF?=DaIN1qIzIVPTo0J;M^KWV6f{qs zES5U?(IisEO$)!i6Ess**Jgei1^)PE#sUpDPJV7c@o>kZAZK3EHwkH3pQ5ye=^bup zW#;JWkmqHKdnSydVRP3SxTB*V`yR%@DPjD1j$hs~fqp*XduTD=?&L{Zvg+P;2JN8v znZh71OpHcKly%gle9h(ll+Z#MKlaVN0pYX`9Ug5{0j<@{<;P*eCJwA!UDSrM?S-|e zxXMWR3^VF~L)vzDtQP-E4aZK_IZboYFO(N%W?n1YqZ+++AT2s-?a{} zboe?2Tbw8zP~!F9`tQ)C`t#9l}Zgir22uIhg!w>^Pv#((KW_}p8t%*yePL3vsC~?0W<#@y38MVM#XHU&hlJVQXwzI)V>c|*s>u`5~GXd z&4hypMNeaWRp8}T-h{YBT9^4DoRls7SY1!xQHG;w{a7rw-L1jNL(G6-s~(H$1f1Jc zX!4BjiYkc&a??tn3HQy*kk8uEeM&DB(gE8~8$OVvx$b(7d(Rtm=h2#$=;o}!Bi;+Z zoP&?*moH8}1>z%Oeo(>2au!hU;|sV^qN%uE}1B92T))ob| z9plfjN{sRrDfNP{MN7ebDSaSMj&wZLk=O!ChjZ3%rWXn+)$!LAwxf$nFxC<-_@B!{ zQz=is?i$fC#agGvYL9R3kHe_*oxvFA=^j*1?>A0VpuR5NdtBPuKSTO$)ID}0h_v~9 zKk`5AR1(&%IGs06URSU|YkzTV5$}H_DOZ?UjX#gQ*Z*zJnW4mQ^1l=>Nsc>#%0U-m zciJ{!lDIxqImHKKkqXkQ>COD)s1x=e&I2|#d;`UILK#2@Z&qwctt(}>z;d5sB@Q zm~v+7Cpz_gYwf*wQroy03bVvomJSc3+f{x3Sza{LS`n zbD-|SqJ4v*gGa$P93g+dIl!jlWsjc%c1$e6vhHSR8sMDwTp#|+{XQ)5Xg%-$d~_wS zwb|kF=s+4;KeLprznOtPmd87_U(jjd1~AdwkGNSv)ATH-z7|#vQie6(=4Q=%mM$wm zrFhl#QqF9Sf;J$^pYEwXSC$_u#bIongSI{JRk!%_k@)rYew$aZzE+_C=$fy;sXkoz z-aTME%pI#LDal<1;^%KaQ+TkD;fa8oAY=X^1Zntr zCvoCS5l|lwpJ#(PCYhz7ih)1Wyt3vdER44p=NG@L$v+Nz5#na!Bhs{fR}h&**0wmLhRnXzwHKY% zp8sS`KzLFiKGKy|)h};%K~5PQL|uAxajcy*WN3kY>+g)Vp=5qJ`0?TJ)%7xtN*_B= zegK9LXeL*!5AI&`{A{AB*1joc4HFK9Oyrqe(j(|m;X4JF|n+9m_DB(Ul6RP6K z^q~|fU)QTOCxx*qGNk{~`g2uon@t6)W_TS+RAVj)#DAvJ0oIRA#yni4fxP0LeHk5I zTpuF4*}DQhI8>MK=E9$Ra^r3%S>RR>WhQOa1PTo+{P66b?rT8X4+#W|F^+Ea{P80= zft@j8g#7L_q#LR)H%C0=cTFYhWnGjfkGx;0@Q^CWRq^Y@hKUy_t4}$^OoUX!oUsAZ zFH$$pQ_gVISu5&&-DepR)~|Oo1Uh^0>A=idz+l#i2dEi&I+RO@G6eGAJGxJNqGv+p z*3>M$F>)wY*k50nuOv<;ZfOeu?RkO0`AR5zdwrqDg|m-pBZ-w{Iv5N!jfiwrofI2OBhHJ4lsMZE+US=r2c9@L!eZ+446H@IS}pU{%%W(WPcZ9q8w zL~awc2fT%jAnji^F*V%L0G-1G=lU#KORST@7pNsOd`buz+v2g9vz4v#6KJ~WVGlc6 z(x7t!b9?SsdKD2_p4tVdabIkKw@&%~$IR<*4GMASKhX_nn92sZf^yv&7+?zBeO29G zNkB=0aXpA88u0AcjWNiCi#Ji3jBD~nmXkaI0>OWVYhedw@kiuwOqP(MlskECoXh&MOh zro%>}R-cwzK18)0+jcja_Rjcpw_cMumtJ;yu91Pcb+khHQjhVU8U98eEBw5~UHt1s zxm=xJ`ebu2sEsIU<}0_Gmi9(Rec(!nyl&+R46oOqv^YfcMe(X^1JrjLGj@kzU>#2% zd$pi^#Q9QYdjjX>CC_><*a&53(WK*9QZDw^Tcs@B+Gy@-@LxHm82fv!Y^%G zV3*#+vq?F1>~G!P&r2V;RoCAHs9Towry7mim<=JPIBg+Srk4q@3=n-wvu>N_Z4lyo zSlcPRA_5n~mqD60nnhkRGnFz*oTz{*XFcpKJ}Z(g6CZ>^MVBL;?5D}30oej_tRZUS zuD*BOH~cjhle_$Dz(O-F1*oao;k8h_!+$pvT>C<;nrEkDrhimzPpj=GG_oD*=RRloTy426fge( literal 10324 zcmV-aD67{BB>?tKRTD7aJ|)Qz1Lv!zkJ$&|D1I?Tv$P2h?vZbF`j|LL0X!0_Pyl~- z0+zYKpHft#Dc&DJud^P1G*R%U{d@DF1r_}sEjtQere*N}Q%{VU2bUm`8F(>c8P$;y zE&PCs4@I=JS>e*SeYCxfaATQ?6w9Qy)Dc}gX?+#=Dl+`v9msNH(f@%F&5x;ro@7zLgA~3JCF^;&W(TCTXgZHR zt&Bg^-e2{u{lNoq1tmcA%dgK?y2d`^i(AXUqEx0g5lU+PH#`S?WRSN02cR~fguX}h`4o&BPSF%!rp-eVpsW_-b*PD!nb(=AFDSU3*Z(d@taV6eb&c z=}wc3_a1Y%@%wB{ZtrFhWlF?PFGy2&Q5fj()pXn_$dEP)&a=(ehbn6r3gqYOK3Oy5 zCM(H;aCWp2eHPhggFwm@pccF#lgJn=R3S>eH>|4uyYDD$FH!LTwP8@x=M#>qHs^U& z>o_a!s6~eMA76s zpMR|lN0Q%4((N$O$}3hW?Sg-Y-*tTtD3w3&w0NfqA+sdZd?-uTou8kk}h7h&?5{B;11L8;HoS_N^W;(>Hu%(v z2T@MHcK*`JTF^5LPLG><-CIqdnL51RjP!7$e|dT;PT79$;Bw)tNG6D#TfE5mmmIhD zmA-ZUz_^Z7y#txE`d`c!zFzDC5X-Msq@ezs+*eW#Fu?T%qT`*=v|y$TmQKzYx{9_n z8#+JC``1&`Sf{rXa(ShQeo}H_J)+pui$~?i@Sa!|Ovx&JmDR_pxyDLUw7mvlIs7z4 zbBfc1(O}%rZbdDZ4L%PtB4phgLnyW)#O3nE(p8R_{q|B6cszEc3tz;Izbx{sc#5W~ zVLk=iMB;u3n4*!?xskAxvaOa2(numhNM-OQ|-!&k+B>87lkSGe2)?@qx%ESv*rndDG;Yy{B zfwYoGAfo9cCjvGR)_iPKCZ6wMWwOQBybG@g)b>5daIQ-zy*vx2`L8xb^Fzf}R7x4~RBBFb^yju9y;2xPE6Qg~ zx<9kA(XNZxPviiLcL^-p(hmW;5UP{btnzzS^5CgP85%RO{QPCwaO(WN-x_?;8N$Pl zULKE1GRoQMC#D{Wh(#hVdvbA5;wI2h1|eckurzBB?dw_8)f2kPbb-Fy4|El?5&vOyL$!j2RuAZ{j zcpS##t{W+vAkYu@M`cHZnrf__v2)b#F>;2#1Sc`%a>9jg<7mEni^Dz%M$Sc9AkrYs z9lw<^Gk$4BLD!kMCX_11taKJnUhk0y=&x2!amch0$ZlsCe+EBZ) z(54N^{*X!Xc@34u=Y@VbQS)7IQ08s>ENUdYYCg|rR*l^y&#}d}rVeIY5LxCg6TL%B z9I(G~V$mDc9r*PiZAs#!fyo&55ok25`H0A@)=%z9@cv<)A~fVI~XG;&H= zppAy4xeB2Gd)jbPqrgs9*edTj&_yXK{#VdG2vkeqmqQ7}s8Qxo#wlV)w%bb-hOHv~ zQ2jmf(N&s7d>$;hb`iQ=au8;*f?CEZWJlayjGlw@Ncb_d%%FkQn%j~BvrtRWj&%}~ zVsu7s^w18ROph7HQ$sAl;2#OeZ_4+yAp=%--O69PNzm;@&MwbWTm9#i_Q3gpmIr0V>**OGc41l7G`Lv6%X6m!Sno0_($)!Z-SGMjOn+@%8R zdM=dc>Mkcy%LFgCdzT4W*a$iHFJTp|wWiGU2#D+y_l8|W|KxHNx)6Hx?3<86Z;bfo z!r1cRX2&!~4TukY0xv@HU@O$~>5|jrZI0r2d%HCgjj72@j(@C0l((48G)s$!d zfbmPPMXEaAo9?AZ!1$yk2o~l_%d6vs8cy#zEFCXZ*Nt{Pjs=No5 zFv-ISk6-Ln+o@OL-1+zgZim6LpzN@S!5GS1o&o;0Ej{a}gF<>3D9g($+JA=949oNG zS5ft$2?Hb#*>6W@AU^|S_U@r-K?Y})Cm+S8 z78S4v6Y~*1`IbO`Wq4co%r&ASdyrBDuaG)IGNfdBN;cQOYYhixp?-QidmglMbs-%^ zI}8~ACED074;yLK0mOV;0Dt~3ejl+mrWg>dY0_eVWJ(x>NSG+hO4 zrO_vv`{)66|5HXQD5;x|R{=m2v+l-o(d4>a_gNpi`r_0?u&B0ea3C!t%bGi($P(kG z6WShE{TReAby~@X)0wWDeL&c|bJJjO{c3E=r{_ZZ4SXxK8n>~y-3!cQw9UKYxJ&dp z1HiO&A@erW4Xi`Es|TEDKa4M#a=xy?K(>CSq{^;fKU`!PG7o4=|H{zY+Eh!NMCB`% zD>d7=03Sm^q=M?Vl@Uj5b1oX-T|{Z)su%!Hx5SYQ?+qg*5ms*lZF);y?R4DSs9LDhrJU!F>k++n6~5rQy_WG*B*c zfvsqZ`rikSqY_D`hGPtNk+Nzgq`nU5gf%BLulEqC=WQA^tIt05`k_0Up2Fd?kg3oa z;0*pOub1qV=8ebN^K(F)J@7sec@ek_ZqVQIdYIK9z;-|_RcIq-NfkR)`mU9i8t)Wmv-y2W ztNdY2UY{pIMkp$|D3goL;@AaWPt>38puH^&n_5=*a$kYi#a#|sa_3je(GQI2=n+t4 z8dhmh29>js_f@Hum_Emh!I(ZwlU?w2uBu*HXFJaSKzaTxwi$$ul=&Gmzfuzp0m*>9 zCMnRvtNCUjv&4-*cZtV#Ng$9!=Ey&~^B=HQ>1g!1WDZS6Q7><=_5}ip{n-4Zo%kS1 zn*2E#rdRZg1l(kfb=+`scy4+pe#+YGh2fMxa$)RoOI)8|9O7F!sgfJkzS!wF z(kNlX`)u8IQixM^yD{I)V4mr}V^$eIi(ZFyyf+0i$vuAPu5`zPVd30c0q6HBo8LoN z>4uD&W$HYCBdKCx3=sAmHu0Lc&(r6kznE$9sOtlDF3TM+4PJHgDr#Alt`~7vLhAV} zAQ9V}eXy($gc@S3X@Nn5MXDlkr1N)p&{wmg<1CMA-n5V?T0E%OeOlCcyoHrpS2|d? zTme*RrGs&}#%4+6fZ?7!h7HwaXymZQD`7N}^HUEv{eYwd8yzEz^;woDb6)(d5wgI@ zRd6e2kb?#(sVJhMzz#zv6vK`SUkNKx zOXxUSy;b3@bz>?+as?QTwKyJc$1DzU(O!vNspP`Qr-inl5!DNIjvb*bIv+t^G|1Vu z2FF|$$yg2!3}SvhY1p@4l^L8HG1XGYOEj;r0Dq4;5M=nAB2>~`0En&Z+R)Fv3Sq=T z^@hYN;DKKcaR5ihfsxb75L(I>`qHN$e&StV4Mq0rLYVXy-GE-4xheP;>+EL~KRh^S zs5$kUQTzVJd~T$yDQ%#ckJY<+7z~I2_ENbQZndx#TshkEoo;!F`41Zs>bcqXXcvbp z^k*Je0QJqYVI{B8e;ewISmGC&2|rw7Pd_qhs^d-s3@cjen>whVe;h!Dp_KlJu@w~h z6>?^>da0sn^0QhovEO+Z7z@;f?hv3}nJ{p`#<7geg`S0$4 zE#iHyjryfGEH-z&khSN5wQhRMEZS&lh0GQi``{`&{sJ}13N*c?Kl>%tqE32nt&=EN z$>}c9Bf;G#@nUE~Tm(hijn5(IahjPMAAd%-pevIR3r5_&ep}?OBJl86rSCEj z75FO84OAHOP)PKL(R$D`u!jBbrm9H`{KbR$>kq%;N}?;MY`7lkn1LCCs5v?BG&2za zufZ_%Sca1m*XNPDa0>@i!#b|^60a^-nAj?TuGk^{K3{I;dSwnVi?`KVSz4%EgmnZv zxwqQa=rEKnCH&K72TadsU+69v66D6=FPB?>B(3!+TssY}>u^TAro7A4ZIEzJP8 zCQF>n-_DKqCB#_WiiK0qg0(eAFY}!QfO;k6^j%i!en-hAu|bz#{^W!HKsK63-zD7L zaH!sdI!BZv(frg~U5ek@RqK0PDD9&)Ls#7DLauE!5HvMa>t=B96%oX8Ft|3?tfAAi z8X?35SrHV9+zfboX~{M~n*TP^`L00N@frZqRSq=-aX@tE!7=@ucz7QqXJL4;Jlx;& z!1@PArs@0&WC-+C7qC_E+gY1Ki}~&{LevkmVh#Tg%Dz{b z^jLLH=Cx*=joc+<@}OJzH7TyMhSbnR+q+5USKV>5nlLL^Vtb^4WKrs~ z;^0|Jn^+StYllP$1*EfXNb^&G5elX>5&ZYswQt-hvBU8Rj#>ZLWn&MELFORON6n{j z#NVwN_}H{rn-gnPP~V|9HGRzL)^e@ZA}r6_a&ccXiU8IeJk04t(iZ|K)N()&ocbVG zzPVJTc0T#kYO67na2{$_tWIL(mQ(h|AwQ3x_1C};wE2VJ9bPLm83&A zlYk-V3G6N&io>ty?=JsdZ@$je=C^>pJhdDLas*tF(^ig;Qv4$jaK{8TdT#g`$AP+# z*ndq;D*=O+Xb~wps?6?3#J)&Ps#x6x{Q26glqiA=d!Wu~22@0vguZr)tm#|cD5-S8 z(oO}d%d5avGwp!p@v8v4WKK8VMjqRnN*W)z%ODqxi z(=A9x$0ITB=v_sTf0M1q){l2e^;t~L8CCwmS#@J8z~~$+AU)v%mlu*UZPQS}{cBX4 zH48EZq_mg}ak2*s!i1{Hvupa5TW<_-dGpm85C6wmFbfAeH~BkpS%rj}b6yko0P4Y# zT8gZY@}zb~b8zs7@>+vKT9*|vFHAD0)LCnbhX3L;D$aZll_M;-#J*AJ^ugZn>*_M; z5&!|wIfRUnIa_e!tXeI(5yC?`q!pxo$!8ZByCA7|;wPjrkQB`QYkNC)%S4d^9Sv`= za|alG?mB^n@N@^pQb6iRQMcuf)vxquP;xxFQx`@VIv0D$H&=eV==2Gq8OYhve6DyJ z3~b#Fkms5Pa4Z%VKWZs$6mtWj1Q@@3%LaFp@F*9c|d$eDoyy0RmCr)RijHjIYf5LSix% zUv<;XI{;P+34j%O3h0!wmf6f!BU6i)_nX7 zLGI~0$J-00)@gw3$QNDwhzPrXFjvqTlXY(#G-2k8g#Jf;Ikvyd})us7sx=T;Dsc9@3qL0zcp=4Yx1lD?W&hyr zTmNMKaw272o-OqofLHJc>jj)wIx#;sA__^Bq&riXgWAOqTE+9IU%4ydx%Y%B1%ySR zno*|FBS#?Of?$L74%@3wtP2Gndhqfljw6|Or&p}bC5Um-XzsK=J%gL^{TCHcgOZ7% ztK(*$pBy7S4h=S554(l`0h(KUFK|45H&3mi1&4h~$iwQsLikg=yw<`B{ceyTe_Y*U z{Kom(Qn`6KoRnXlqkQS0_e=i>)6Qbplm2~aLr0aA7fw{eue5iR`)uoi)PWX|#1Q~k z%WzC7Qv;bQ1E#*GT_H%;p&WP`7gbYNMz%Iol_h|Nra`%uT$2O^2-5BwtXavD+XcK# zI8Zl4Ln#oDrV>)!|2OiPWIuZfG?Ez3ss0!#C(0p3Vyk|4sgRzrVRCY!RAHJT4Mx@k z-;Ro%yEl5ypi>BHr4+L29U%FdTX_*oY0ClM_4|8-hCK=5McGD5s26V~so%ihM3IHg zIaB6kL(h^K$RSqSmDMyod7)|q7OWv2W#;^5e(D9q36XfwJRk}mPaWiNButr7bP5ML zegaQ9K8IL+lfOernU=-dnAQ-Z_tgMGQ5a$rM*>o?*yL}zQNdP7C0!PQ-5&dCHkX=4 z%@6D==AAvu=W8?WAYXpBTec8(4G_i5Fy4a-5=QaP9KO_HWTp~lXrJb*u`=`k?F?Zl z>7yzoMdYh9pUtg@-X&$2*-F-UZgx(8e&gnAx6967Yw$S)U>gy(VQLUBj)BLzbu0MF z4_^`d{tip9Nb2w*LnsIHBslfTW9S zYcR)B>$!O2Etc*oQv3v{5^po!s>e?OGb>zQnI|Ab!hu~n3;V{a5=~Z}FvwHLf3;O; z7ztg#wtC?d1I1Z@V#wPI$~Rn&ic&WVABA*(`=<_Iy)*gg(I9$sD(+GoBGR#tlnlZH zwjSY|NOASzZKAyni>XiGIugc2j5!2;z|U{-0$pEwL$L5ChNhaEw^YDy4OcCs)%eFq z7h$5V_YaMAFpq>^+1o*`^x;3 zj@zqr>c|$$!M`wpwTT>|>IZNPxh;_sgF5Q^5@DN+2M(IgPt}6JS}dCrOWz053iAh> ztDuAxx8##6)iw<9CFrm46W_8r&Yg1ncXMfxh9D8h&Uf}e`0vn(l**ISmp=SEV>p3I z^eabEn&BTnd>P6+TCk*gqiVs-hg^s=C9|?wMk8nBQ#_By?a=TR(HX(VqkK9r=;u`@$0aS$C*u*-Uy+rVnJ6wZH)xIc>u*vrJe$sbY27}6*2*gBF4?W#AR zgFMSW$pdGo)H(yR5uHbN^idM4UVhhs4FjjNOsQmP7jOrv>^aY{J2w$Z7i zIid&m5_t3Os3Jn-Vlskb83i6(HcMHv4wp z8Y{MQ4qN%kt!p?%1nis{@LAQB^>zHs8xtYFIdDfAJx08kE4Yl}v&wjPlVn^Zy<4a= zvFj!1z&o^@#i=y2i}5hvF6#c<9jb{TbbS{1YB!YPT941?K5`fySLj8vaHxC7ECpv& zpdsq90GZ4tddVR%8tWwn{vyl-r3I~mU@c=w!2Wi(rh@*ZL$xg%N<9Qta?}G!Weld! zIc1FW#VPofDXOsp!`NZH0rN*ixt7r_-~U>h0vTSF5c zKGb%E4{#0S^o!4vKMpoIVICc**zY103sr-GEKOKCpbMJO&aB#CEmY7I=UJ7*aaW4| zxcJG?^%dzzOdyBG1{rai5!QQwYhGJ;B@_vVVD^NIbb3tthbbO2CuPB7a0Z8;R&|~f z^wm#2m(##qph2CDpri9ktFwU#XQfw;7Co^YdfVWvjJI#IqpCse1&-6aWTBUsdYUCm zb!5QLaxPXj;w0En^S}TwUCSx2dy93Ye}Fb61kkOyl&od3<#?gR4uG`^Z3kh*JNmK* zv*(h3xEy8VvY4YWK)f3sRdDTaXEt7`Vh6%z}OzHSK_hv6WnpXJ6a$7tRR7?x?^C|cdR4&Mm*C5D4hO>JGO zVu}CG&5X4hK?eqnsgPUzGjlG33FhLmHfc!C#TX%xnck8a?L;TqhiYIB!U^ygpsc84 z3o6kahZYO?UZ6u+Q_hdLUzE-_wQIoNC$2@Bqr%!EBlglJP44 ztr}{=2o)aJf$zUK>iR!+jG~96nTufKvhXHhG^~T9ON{RfP2|%B6J4(hD0{TNOw7Nu zF~rS#q7T2b{}@&|qJ-G{rL|`!`4j8w*Xqb2oix7kXHZ%lE9@zu!yKev#-yH_|D{?C zSqG1BUlc+t(UZuU&8U3`7HT=00|AUW8Y{QdiG`t>H&`aVtgq;yTQeY~3)zkGIo@u* zwrpEK)rP_a&4#4j{)zDYo6=s&D{vnc!HJ<(h!LRcv$NQV?AbPQMulH3qX(x}fcJ+T zs8~;o6I)k9X|~M1ymkEku*o3pxcQ&Ai0c)b!LDe*VOb(Cb6glzk7cnNDZ105P{O|1 z$GD;h3R1DhXIR!rKL>N$=S+6-r$$#$ytG0gSP?0;X@fbLaf;Zj zZ$PkLS+&0xAgJtwjy#R4^wV|k|A8G5abTY_@Ipc(QCTDNTSy68=&b_FyGo3?73Sg& zkG6NGNs1r8v6i&3ZC_yGEv{coB#!U5O_rOK&c@Ql@?% zrFn()-%e&>gCuq|N<9hheV~nplDMsM>x=8smzJ0Hs%Y8b^LCcO;>p_=ii&HkJ_tLE z9Fyq!3?zpbtpL5kyM2F5ir+LR1gGY7zDNTOr#Ebn%rwx_rJd-f40nnZ&kpp(N=pu1 z($4oUcqa1cae1=8ZXt+Qe|I&1=w13LE4t@@*@)prVqs*YRfH%Hqx6(DMj!8@Qs{}7 zppTN(#2crkxnlbbxz7e)NbFuYo?Zz3Zw<~28i)p`R)ocAzuJkonvZ$PJoY&@)J3~O zskbgI*6DJ^nMd(^HI}kiUj+-G;Bz}Z8Ql@S>Fw+{t~0fCi|)G<-j#gC{gMg4waTHN z_l!Q#VGXNPHgei^)MkL)?Kga>hY!~v+U!8d!$QO~nxhiqgR@wRgX?zlAaySdCawAs z?k#e!rlB|au=$7BfNZ4>4+|}ihDjouowKoldsUigmyDJ&0T)Stg2%jW2~K0fN%dGD zr-qCw#=!rQsyaKDiby0^D$~!hX|`HCi=XEAC;7qI#(rpDneY#KEKKExW|hq9v(rZ< zedWz6*M|4R>fku2T7WdG2z4QkZUWpciS`@JvM$ut_PKUEJI|{0XG~VE5<--KjzQiU z*oGn&xm2g|4;l@a*_{CHcC+bat@KsukDioiiOW}7G%3kcnoSz9s?B5h7CsauyY1%5$GJyiQLkx3vZX5whaj-Tbf?BK0q z2PwiDH6D*Q!^uqG1U<8y-wrH1%{9c{0ZBVU74ma=mGzvL`KLc--Jzr1JmGHm&dU9Lc}W8p~G?(_hZfMo;L_`o+FK3=MCV2&({kOL?fD2OkteUZ;G503` diff --git a/tests/oauth2/test_service_account.py b/tests/oauth2/test_service_account.py index 4bd194b35..ed281fcfa 100644 --- a/tests/oauth2/test_service_account.py +++ b/tests/oauth2/test_service_account.py @@ -373,7 +373,7 @@ def test_refresh_with_jwt_credentials(self, make_jwt): assert credentials.valid # Assert make_jwt was called - assert make_jwt.called_once() + assert make_jwt.call_count == 1 assert credentials.token == token assert credentials.expiry == expiry From 9a4d23a28eb4b9aa9e457ad053c087a0450eb298 Mon Sep 17 00:00:00 2001 From: Ryan Kohler Date: Mon, 9 Jan 2023 12:18:50 -0800 Subject: [PATCH 11/12] fix: allow get_project_id to take a request (#1203) * fix: allow get_project_id to take a request * Adding Args/Return * Updating documentation Co-authored-by: Jin Co-authored-by: arithmetic1728 <58957152+arithmetic1728@users.noreply.github.com> --- google/auth/external_account_authorized_user.py | 9 ++++++++- tests/test_external_account_authorized_user.py | 5 ++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/google/auth/external_account_authorized_user.py b/google/auth/external_account_authorized_user.py index 04a7f5b91..a2d4edf6f 100644 --- a/google/auth/external_account_authorized_user.py +++ b/google/auth/external_account_authorized_user.py @@ -222,12 +222,19 @@ def can_refresh(self): (self._refresh_token, self._token_url, self._client_id, self._client_secret) ) - def get_project_id(self): + def get_project_id(self, request=None): """Retrieves the project ID corresponding to the workload identity or workforce pool. For workforce pool credentials, it returns the project ID corresponding to the workforce_pool_user_project. When not determinable, None is returned. + + Args: + request (google.auth.transport.requests.Request): Request object. + Unused here, but passed from _default.default(). + + Return: + str: project ID is not determinable for this credential type so it returns None """ return None diff --git a/tests/test_external_account_authorized_user.py b/tests/test_external_account_authorized_user.py index c97d087b3..db18450a8 100644 --- a/tests/test_external_account_authorized_user.py +++ b/tests/test_external_account_authorized_user.py @@ -424,7 +424,10 @@ def test_to_json_full_with_strip(self): def test_get_project_id(self): creds = self.make_credentials() - assert creds.get_project_id() is None + request = mock.create_autospec(transport.Request) + + assert creds.get_project_id(request) is None + request.assert_not_called() def test_with_quota_project(self): creds = self.make_credentials( From 7ca711f6ffbb9cccfd13378e4ff0f72da54e216b Mon Sep 17 00:00:00 2001 From: "release-please[bot]" <55107282+release-please[bot]@users.noreply.github.com> Date: Mon, 9 Jan 2023 12:45:17 -0800 Subject: [PATCH 12/12] chore(main): release 2.16.0 (#1198) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> --- CHANGELOG.md | 14 ++++++++++++++ google/auth/version.py | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5a3cc94cf..b3c2aee94 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,20 @@ [1]: https://pypi.org/project/google-auth/#history +## [2.16.0](https://github.com/googleapis/google-auth-library-python/compare/v2.15.0...v2.16.0) (2023-01-09) + + +### Features + +* AwsCredentials should not call metadata server if security creds and region are retrievable through the environment variables ([#1195](https://github.com/googleapis/google-auth-library-python/issues/1195)) ([5e27c8f](https://github.com/googleapis/google-auth-library-python/commit/5e27c8f213b2e19ec504a04e1f95fc1333ea9e1e)) +* Wrap all python built-in exceptions into library excpetions ([#1191](https://github.com/googleapis/google-auth-library-python/issues/1191)) ([a83af39](https://github.com/googleapis/google-auth-library-python/commit/a83af399fe98764ee851997bf3078ec45a9b51c9)) + + +### Bug Fixes + +* Allow get_project_id to take a request ([#1203](https://github.com/googleapis/google-auth-library-python/issues/1203)) ([9a4d23a](https://github.com/googleapis/google-auth-library-python/commit/9a4d23a28eb4b9aa9e457ad053c087a0450eb298)) +* Make OAUTH2.0 client resistant to string type 'expires_in' responses from non-compliant services ([#1208](https://github.com/googleapis/google-auth-library-python/issues/1208)) ([9fc7b1c](https://github.com/googleapis/google-auth-library-python/commit/9fc7b1c5613366cc1ad7186f894cec26a5f2231e)) + ## [2.15.0](https://github.com/googleapis/google-auth-library-python/compare/v2.14.1...v2.15.0) (2022-12-01) diff --git a/google/auth/version.py b/google/auth/version.py index f0ecd5d63..6ab5ecc4c 100644 --- a/google/auth/version.py +++ b/google/auth/version.py @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -__version__ = "2.15.0" +__version__ = "2.16.0"