Index: client/third_party/google/auth/transport/urllib3.py |
diff --git a/client/third_party/google/auth/transport/urllib3.py b/client/third_party/google/auth/transport/urllib3.py |
new file mode 100644 |
index 0000000000000000000000000000000000000000..a08f4275c5711db78e76c239e26165a05e4eae20 |
--- /dev/null |
+++ b/client/third_party/google/auth/transport/urllib3.py |
@@ -0,0 +1,253 @@ |
+# Copyright 2016 Google Inc. |
+# |
+# Licensed under the Apache License, Version 2.0 (the "License"); |
+# you may not use this file except in compliance with the License. |
+# You may obtain a copy of the License at |
+# |
+# http://www.apache.org/licenses/LICENSE-2.0 |
+# |
+# Unless required by applicable law or agreed to in writing, software |
+# distributed under the License is distributed on an "AS IS" BASIS, |
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
+# See the License for the specific language governing permissions and |
+# limitations under the License. |
+ |
+"""Transport adapter for urllib3.""" |
+ |
+from __future__ import absolute_import |
+ |
+import logging |
+ |
+ |
+# Certifi is Mozilla's certificate bundle. Urllib3 needs a certificate bundle |
+# to verify HTTPS requests, and certifi is the recommended and most reliable |
+# way to get a root certificate bundle. See |
+# http://urllib3.readthedocs.io/en/latest/user-guide.html\ |
+# #certificate-verification |
+# For more details. |
+try: |
+ import certifi |
+except ImportError: # pragma: NO COVER |
+ certifi = None |
+ |
+try: |
+ import urllib3 |
+except ImportError: # pragma: NO COVER |
+ raise ImportError( |
+ 'The urllib3 library is not installed, please install the urllib3 ' |
+ 'package to use the urllib3 transport.') |
+import urllib3.exceptions |
+ |
+from google.auth import exceptions |
+from google.auth import transport |
+ |
+_LOGGER = logging.getLogger(__name__) |
+ |
+ |
+class _Response(transport.Response): |
+ """urllib3 transport response adapter. |
+ |
+ Args: |
+ response (urllib3.response.HTTPResponse): The raw urllib3 response. |
+ """ |
+ def __init__(self, response): |
+ self._response = response |
+ |
+ @property |
+ def status(self): |
+ return self._response.status |
+ |
+ @property |
+ def headers(self): |
+ return self._response.headers |
+ |
+ @property |
+ def data(self): |
+ return self._response.data |
+ |
+ |
+class Request(transport.Request): |
+ """urllib3 request adapter. |
+ |
+ This class is used internally for making requests using various transports |
+ in a consistent way. If you use :class:`AuthorizedHttp` you do not need |
+ to construct or use this class directly. |
+ |
+ This class can be useful if you want to manually refresh a |
+ :class:`~google.auth.credentials.Credentials` instance:: |
+ |
+ import google.auth.transport.urllib3 |
+ import urllib3 |
+ |
+ http = urllib3.PoolManager() |
+ request = google.auth.transport.urllib3.Request(http) |
+ |
+ credentials.refresh(request) |
+ |
+ Args: |
+ http (urllib3.request.RequestMethods): An instance of any urllib3 |
+ class that implements :class:`~urllib3.request.RequestMethods`, |
+ usually :class:`urllib3.PoolManager`. |
+ |
+ .. automethod:: __call__ |
+ """ |
+ def __init__(self, http): |
+ self.http = http |
+ |
+ def __call__(self, url, method='GET', body=None, headers=None, |
+ timeout=None, **kwargs): |
+ """Make an HTTP request using urllib3. |
+ |
+ Args: |
+ url (str): The URI to be requested. |
+ method (str): The HTTP method to use for the request. Defaults |
+ to 'GET'. |
+ body (bytes): The payload / body in HTTP request. |
+ headers (Mapping[str, str]): Request headers. |
+ timeout (Optional[int]): The number of seconds to wait for a |
+ response from the server. If not specified or if None, the |
+ urllib3 default timeout will be used. |
+ kwargs: Additional arguments passed throught to the underlying |
+ urllib3 :meth:`urlopen` method. |
+ |
+ Returns: |
+ google.auth.transport.Response: The HTTP response. |
+ |
+ Raises: |
+ google.auth.exceptions.TransportError: If any exception occurred. |
+ """ |
+ # urllib3 uses a sentinel default value for timeout, so only set it if |
+ # specified. |
+ if timeout is not None: |
+ kwargs['timeout'] = timeout |
+ |
+ try: |
+ _LOGGER.debug('Making request: %s %s', method, url) |
+ response = self.http.request( |
+ method, url, body=body, headers=headers, **kwargs) |
+ return _Response(response) |
+ except urllib3.exceptions.HTTPError as exc: |
+ raise exceptions.TransportError(exc) |
+ |
+ |
+def _make_default_http(): |
+ if certifi is not None: |
+ return urllib3.PoolManager( |
+ cert_reqs='CERT_REQUIRED', |
+ ca_certs=certifi.where()) |
+ else: |
+ return urllib3.PoolManager() |
+ |
+ |
+class AuthorizedHttp(urllib3.request.RequestMethods): |
+ """A urllib3 HTTP class with credentials. |
+ |
+ This class is used to perform requests to API endpoints that require |
+ authorization:: |
+ |
+ from google.auth.transport.urllib3 import AuthorizedHttp |
+ |
+ authed_http = AuthorizedHttp(credentials) |
+ |
+ response = authed_http.request( |
+ 'GET', 'https://www.googleapis.com/storage/v1/b') |
+ |
+ This class implements :class:`urllib3.request.RequestMethods` and can be |
+ used just like any other :class:`urllib3.PoolManager`. |
+ |
+ The underlying :meth:`urlopen` implementation handles adding the |
+ credentials' headers to the request and refreshing credentials as needed. |
+ |
+ Args: |
+ credentials (google.auth.credentials.Credentials): The credentials to |
+ add to the request. |
+ http (urllib3.PoolManager): The underlying HTTP object to |
+ use to make requests. If not specified, a |
+ :class:`urllib3.PoolManager` instance will be constructed with |
+ sane defaults. |
+ refresh_status_codes (Sequence[int]): Which HTTP status codes indicate |
+ that credentials should be refreshed and the request should be |
+ retried. |
+ max_refresh_attempts (int): The maximum number of times to attempt to |
+ refresh the credentials and retry the request. |
+ """ |
+ def __init__(self, credentials, http=None, |
+ refresh_status_codes=transport.DEFAULT_REFRESH_STATUS_CODES, |
+ max_refresh_attempts=transport.DEFAULT_MAX_REFRESH_ATTEMPTS): |
+ |
+ if http is None: |
+ http = _make_default_http() |
+ |
+ self.http = http |
+ self.credentials = credentials |
+ self._refresh_status_codes = refresh_status_codes |
+ self._max_refresh_attempts = max_refresh_attempts |
+ # Request instance used by internal methods (for example, |
+ # credentials.refresh). |
+ self._request = Request(self.http) |
+ |
+ def urlopen(self, method, url, body=None, headers=None, **kwargs): |
+ """Implementation of urllib3's urlopen.""" |
+ |
+ # Use a kwarg for this instead of an attribute to maintain |
+ # thread-safety. |
+ _credential_refresh_attempt = kwargs.pop( |
+ '_credential_refresh_attempt', 0) |
+ |
+ if headers is None: |
+ headers = self.headers |
+ |
+ # Make a copy of the headers. They will be modified by the credentials |
+ # and we want to pass the original headers if we recurse. |
+ request_headers = headers.copy() |
+ |
+ self.credentials.before_request( |
+ self._request, method, url, request_headers) |
+ |
+ response = self.http.urlopen( |
+ method, url, body=body, headers=request_headers, **kwargs) |
+ |
+ # If the response indicated that the credentials needed to be |
+ # refreshed, then refresh the credentials and re-attempt the |
+ # request. |
+ # A stored token may expire between the time it is retrieved and |
+ # the time the request is made, so we may need to try twice. |
+ # The reason urllib3's retries aren't used is because they |
+ # don't allow you to modify the request headers. :/ |
+ if (response.status in self._refresh_status_codes |
+ and _credential_refresh_attempt < self._max_refresh_attempts): |
+ |
+ _LOGGER.info( |
+ 'Refreshing credentials due to a %s response. Attempt %s/%s.', |
+ response.status, _credential_refresh_attempt + 1, |
+ self._max_refresh_attempts) |
+ |
+ self.credentials.refresh(self._request) |
+ |
+ # Recurse. Pass in the original headers, not our modified set. |
+ return self.urlopen( |
+ method, url, body=body, headers=headers, |
+ _credential_refresh_attempt=_credential_refresh_attempt + 1, |
+ **kwargs) |
+ |
+ return response |
+ |
+ # Proxy methods for compliance with the urllib3.PoolManager interface |
+ |
+ def __enter__(self): |
+ """Proxy to ``self.http``.""" |
+ return self.http.__enter__() |
+ |
+ def __exit__(self, exc_type, exc_val, exc_tb): |
+ """Proxy to ``self.http``.""" |
+ return self.http.__exit__(exc_type, exc_val, exc_tb) |
+ |
+ @property |
+ def headers(self): |
+ """Proxy to ``self.http``.""" |
+ return self.http.headers |
+ |
+ @headers.setter |
+ def headers(self, value): |
+ """Proxy to ``self.http``.""" |
+ self.http.headers = value |