o diݧ@sddlZddlZddlZddlZddlmZddlZddlZ ddlm Z ddlm Z m Z ddl mZddlmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5ddl6m7Z7m8Z8ddl9m:Z:dd l;mZ>dd l?m@Z@mAZAmBZBeCeDZEdBd d ZFGddde'ZGddZHddZIddZJeJZKGdddeZLGddde)ZMGdddeeMZNGdddeZOGdddeeOZPGd d!d!eePZQGd"d#d#ePZRGd$d%d%e&ZSGd&d'd'e!ZTGd(d)d)e ZUGd*d+d+e$ZVGd,d-d-e+ZWGd.d/d/eZXGd0d1d1eZYGd2d3d3eZZGd4d5d5eZ[Gd6d7d7eZ\Gd8d9d9eZ]Gd:d;d;eZ^Gdd?d?e-Z`d@dAZadS)CN)deepcopy)UNSIGNED)compat_shell_split total_seconds)Config)&!_DEFAULT_ADVISORY_REFRESH_TIMEOUTAssumeRoleCredentialFetcherAssumeRoleProvider!AssumeRoleWithWebIdentityProviderBaseAssumeRoleCredentialFetcher BotoProviderCachedCredentialFetcherCanonicalNameCredentialSourcerConfigNotFoundConfigProviderContainerMetadataFetcherContainerProviderCredentialResolverCredentialRetrievalError CredentialsDeferredRefreshableCredentials EnvProviderInstanceMetadataProviderInvalidConfigErrorMetadataRetrievalErrorOriginalEC2ProviderPartialCredentialsErrorProcessProviderProfileProviderBuilderReadOnlyCredentialsRefreshableCredentialsRefreshWithMFAUnsupportedErrorSharedCredentialProviderSSOCredentialFetcher SSOProviderSSOTokenLoaderUnauthorizedSSOTokenErrorUnknownCredentialError _local_now_parse_if_needed_serialize_if_neededparseresolve_imds_endpoint_mode)register_feature_idregister_feature_ids)resolve_awaitable) AioConfig)AioSSOTokenProvider)AioContainerMetadataFetcherAioInstanceMetadataFetchercreate_nested_clientc sdpd}d}d}ddu}dttdd}|dur/i}t}t} tt|| |d d } t ||d } t fd d t |||t || | g| d} || g} | j||d}tt| | g}| ||}|r||tdt|d}|S)zCreate a default credential resolver. This creates a pre-configured credential resolver that includes the default lookup chain for credentials. profiledefaultmetadata_service_timeoutmetadata_service_num_attemptsNec2_metadata_service_endpointec2_metadata_v1_disabled)r9"ec2_metadata_service_endpoint_modeec2_credential_refresh_windowr:)timeout num_attempts user_agentconfig)iam_role_fetcher)cache region_namecsjSN) full_configsessionrFK/home/ubuntu/.local/lib/python3.10/site-packages/aiobotocore/credentials.pylsz,create_credential_resolver..) load_configclient_creatorrB profile_namecredential_sourcerprofile_provider_builderrMdisable_env_varszWSkipping environment variable credential check because profile name was explicitly set.) providers)get_config_variableinstance_variablesgetr,rAioEnvProviderAioContainerProviderAioInstanceMetadataProviderr3r?AioProfileProviderBuilderAioAssumeRoleProvider_get_client_creator!AioCanonicalNameCredentialSourcerrRAioOriginalEC2ProviderAioBotoProviderremoveloggerdebugAioCredentialResolver)rHrBrCrMmetadata_timeoutr>rQ imds_config env_providercontainer_providerinstance_metadata_providerrOassume_role_provider pre_profileprofile_providers post_profilerRresolverrFrGrIcreate_credential_resolverBsx         rmc@4eZdZddZddZddZddZd d Zd S) rYcst|fdddS)NcjjSrD_sessionrErFselfrFrIrJzDAioProfileProviderBuilder._create_process_provider..)rMrK)AioProcessProviderrsrMrFrrrI_create_process_providers z2AioProfileProviderBuilder._create_process_providercC|jd}t||dS)Ncredentials_file)rMcreds_filename)rqrSAioSharedCredentialProvider)rsrMcredential_filerFrFrI"_create_shared_credential_provider z.)rKrLrBrMrQ)$AioAssumeRoleWithWebIdentityProviderr[rq _region_name_cache)rsrMrQrFrrrI_create_web_identity_providers z7AioProfileProviderBuilder._create_web_identity_providerc s2tfddjj|jjtjj|ddS)NcrorDrprFrrrFrIrJrtz@AioProfileProviderBuilder._create_sso_provider..)rBrM)rKrLrMrB token_cachetoken_provider)AioSSOProviderrq create_clientr_sso_token_cacher1rvrFrrrI_create_sso_providers z.AioProfileProviderBuilder._create_sso_providerN)__name__ __module__ __qualname__rwr}rrrrFrFrFrIrYs  rYcst|}|IdHSrD)rmload_credentials)rHrlrFrFrIget_credentialssrcfdd}|S)Nc sz4IdH}|jdiIdH}WdIdHn 1IdHs#wY|d}|d|d|dt|ddS)Nr AccessKeyIdSecretAccessKey SessionToken Expiration) access_key secret_keytoken expiry_timerF) assume_roler*)stsresponse credentialsclientparamsrFrIrefreshs( z-create_assume_role_refresher..refreshrF)rrrrFrrIcreate_assume_role_refreshers rcCsGddd}||jS)Nc@eZdZddZddZdS)z/create_mfa_serial_refresher.._RefreshercSs||_d|_dS)NF)_refresh_has_been_called)rsrrFrFrI__init__s z8create_mfa_serial_refresher.._Refresher.__init__cs"|jrtd|_|IdHS)NT)rr!rrrrFrFrIcalls z4create_mfa_serial_refresher.._Refresher.callN)rrrrrrFrFrFrI _Refreshers r)r)actual_refreshrrFrFrIcreate_mfa_serial_refreshers rc@rn) AioCredentialscC|jSrD) account_idrrrFrFrIget_account_idzAioCredentials.get_account_idcCrrD)rrrrFrFrIget_access_keyrzAioCredentials.get_access_keycCrrD)rrrrFrFrIget_secret_keyrzAioCredentials.get_secret_keycCrrD)rrrrFrFrI get_tokenrzAioCredentials.get_tokencst|j|j|j|jSrD)rrrrrrrrFrFrIget_frozen_credentials sz%AioCredentials.get_frozen_credentialsN)rrrrrrrrrFrFrFrIrs  rcseZdZfddZddZddZddZd d Zed d Z e j d d Z eddZ e j ddZ eddZ e j ddZ eddZ e j ddZ ddZddZddZZS)AioRefreshableCredentialscs tj|i|t|_dSrD)superrasyncioLock _refresh_lockrsargskwargs __class__rFrIrsz"AioRefreshableCredentials.__init__c|IdH|jSrD)r _account_idrrrFrFrIrz(AioRefreshableCredentials.get_account_idcrrD)r _access_keyrrrFrFrIrrz(AioRefreshableCredentials.get_access_keycrrD)r _secret_keyrrrFrFrIrrz(AioRefreshableCredentials.get_secret_keycrrD)r_tokenrrrFrFrIr rz#AioRefreshableCredentials.get_tokencCtd)NzKmissing call to self._refresh. Use get_frozen_credentials or get_access_key)NotImplementedErrorrrrrFrFrIr&z$AioRefreshableCredentials.access_keycC ||_dSrD)rrsvaluerFrFrIr/ cCr)NzSmissing call to self._refresh. Use get_frozen_credentials or get_secret_key instead)rrrrrFrFrIr3rz$AioRefreshableCredentials.secret_keycCrrD)rrrFrFrIr<rcCr)NzNmissing call to self._refresh. Use get_frozen_credentials or get_token instead)rrrrrFrFrIr@rzAioRefreshableCredentials.tokencCrrD)rrrFrFrIrIrcCr)NzSmissing call to self._refresh. Use get_frozen_credentials or get_account_id instead)rrrrrFrFrIrMrz$AioRefreshableCredentials.account_idcCrrD)rrrFrFrIrVrc s&||js dS|jsP|j4IdH.||js( WdIdHdS||j}|j|dIdH WdIdHdS1IdHsIwYdS||jr|j4IdH'||jsp WdIdHdS|jddIdHWdIdHdS1IdHswYdSdS)N) is_mandatoryT)refresh_needed_advisory_refresh_timeoutrlocked_mandatory_refresh_timeout_protected_refresh)rsis_mandatory_refreshrFrFrIrZs0    0  .z"AioRefreshableCredentials._refreshcsz t|IdH}Wnty'|rdnd}tjd|dd|r$YdSw||t|j|j|j |j |_ | rHd}t|t |dS)N mandatoryadvisoryzARefreshing temporary credentials failed during %s refresh period.Texc_infozLCredentials were refreshed, but the refreshed credentials are still expired.)r/_refresh_using Exceptionr`warning_set_from_datarrrrr_frozen_credentials _is_expired RuntimeError)rsrmetadata period_namemsgrFrFrIrss0    z,AioRefreshableCredentials._protected_refreshcrrD)rrrrrFrFrIrrz0AioRefreshableCredentials.get_frozen_credentials)rrrrrrrrpropertyrsetterrrrrrr __classcell__rFrFrrIrs2         !rc@seZdZefddZdS)!AioDeferredRefreshableCredentialscCsD||_d|_d|_d|_d|_d|_||_t|_ ||_ d|_ dSrD) rrrrr _expiry_time _time_fetcherrrrmethodr)rs refresh_usingr time_fetcherrFrFrIrs  z*AioDeferredRefreshableCredentials.__init__N)rrrr(rrFrFrFrIrsrc@s$eZdZddZddZddZdS)AioCachedCredentialFetchercs td)Nz_get_credentials())rrrrFrFrI_get_credentialssz+AioCachedCredentialFetcher._get_credentialsc|IdHSrD)_get_cached_credentialsrrrFrFrIfetch_credentialsz,AioCachedCredentialFetcher.fetch_credentialscst|}|dur|IdH}||ntd|d}t|ddd}|d|d|d ||d d }|S) zGet up-to-date credentials. This will check the cache for up-to-date credentials, calling assume role if none are available. Nz*Credentials for role retrieved from cache.rrT)isorrr AccountIdrrrrr)_load_from_cacher_write_to_cacher`rar*rU)rsrcreds expirationrrFrFrIrs  z2AioCachedCredentialFetcher._get_cached_credentialsN)rrrrrrrFrFrFrIrs rc@s eZdZdS)"AioBaseAssumeRoleCredentialFetcherN)rrrrFrFrFrIrsrc@r)AioAssumeRoleCredentialFetcherc st|j|}|IdH}|4IdH}|jdi|IdH}|||WdIdHS1IdHs:wYdS)'Get credentials by calling assume role.NrF)r. feature_ids_assume_role_kwargs_create_clientr_add_account_id_to_response)rsrrrrrFrFrIrs  0z/AioAssumeRoleCredentialFetcher._get_credentialscs*|jIdH}|jd|j|j|jdS)z2Create an STS client using the source credentials.Nr)aws_access_key_idaws_secret_access_keyaws_session_token)_source_credentialsr_client_creatorrrr)rsfrozen_credentialsrFrFrIrsz-AioAssumeRoleCredentialFetcher._create_clientN)rrrrrrFrFrFrIrs rcs4eZdZ   dfdd ZddZddZZS) -AioAssumeRoleWithWebIdentityCredentialFetcherNcs ||_tj|||||ddS)N) extra_argsrBexpiry_window_seconds)_web_identity_token_loaderrr)rsrLweb_identity_token_loaderrole_arnrrBrrrFrIrs  z6AioAssumeRoleWithWebIdentityCredentialFetcher.__init__c st|j|}ttd}|jd|d4IdH}|jdi|IdH}|||WdIdHS1IdHs=wYdS)r)signature_versionrr@NrF)r.rrr0rrassume_role_with_web_identityr)rsrr@rrrFrFrIrs   0z>AioAssumeRoleWithWebIdentityCredentialFetcher._get_credentialscCst|j}|}||d<|S)zAGet the arguments for assume role based on current configuration.WebIdentityToken)r_assume_kwargsr)rsassume_role_kwargsidentity_tokenrFrFrIr s zAAioAssumeRoleWithWebIdentityCredentialFetcher._assume_role_kwargs)NNN)rrrrrrrrFrFrrIrs rcs4eZdZejdfdd ZddZddZZS)ru)popencstj|i|d|idS)Nr)rr)rsrrrrrFrIrszAioProcessProvider.__init__csjdur dStdIdH}td|ddur.t|fddjSt|d|d|dj|d d S) NCREDENTIALS_PROFILE_PROCESSCREDENTIALS_PROCESSrcs SrD)_retrieve_credentials_usingrFcredential_processrsrFrIrJ$s z)AioProcessProvider.load..rrrr)rrrrr)_credential_processr-rrUrcreate_from_metadataMETHODr)rs creds_dictrFrrIloads( zAioProcessProvider.loadc st|}|j|tjtjdIdH}|IdH\}}|jdkr+t|j|ddt j j |d}| dd}|dkrJt|jd|d dz|d |d | d | d ||dWStyv}z t|jd|dd}~ww)N)stdoutstderrrzutf-8provider error_msgVersionzzUnsupported version 'z8' for credential process provider, supported versions: 1rrrrrz"Missing required key in response: )r_popen subprocessPIPE communicate returncoderrdecodebotocorecompatjsonloadsrU_get_account_idKeyError) rsr process_listprrparsedversionerFrFrIr0s>     z.AioProcessProvider._retrieve_credentials_using) rrrrcreate_subprocess_execrrrrrFrFrrIrusruc@eZdZddZdS)rXcsN|j}|IdH}|sdStdtd|dtj||j|jd}|S)NCREDENTIALS_IMDSz#Found credentials from IAM Role: %s role_namerr) _role_fetcherretrieve_iam_role_credentialsr-r`inforrr)rsfetcherrrrFrFrIrVsz AioInstanceMetadataProvider.loadNrrrrrFrFrFrIrXU rXc@r5)rVc s|j|jdd}|rQtd|}|dd}td|d}|dur?t|}t|d|d|d |||j |d d St |d|d|d |j |d d SdS) Nrz+Found credentials in environment variables.F)require_expiryCREDENTIALS_ENV_VARSrrrr)rrrrr) environrU_mappingr`r;_create_credentials_fetcherr-r+rrr)rsrr<rrrFrFrIris6   zAioEnvProvider.loadNr=rFrFrFrIrVhr>rVc@r5)r]cshd|jvr2tj|jd}||}|j|vr0td||j}||j}t |||j dSdSdS)NAWS_CREDENTIAL_FILEz)Found credentials in AWS_CREDENTIAL_FILE.r) _environospath expanduser_parser ACCESS_KEYr`r; SECRET_KEYrr)rs full_pathrrrrFrFrIrs       zAioOriginalEC2Provider.loadNr=rFrFrFrIr]r>r]c@r5)r{csz||j}Wn tyYdSw|j|vrM||j}|j|vrOtd|j|||j|j\}}| |}| |}t dt ||||j |dSdSdS)Nz0Found credentials in shared credentials file: %sCREDENTIALS_PROFILErB) _ini_parser_creds_filenamer _profile_namerMr`r;_extract_creds_from_mappingrN_get_session_tokenr-r-rr)rsavailable_credsr@rrrrrFrFrIrs8       z AioSharedCredentialProvider.loadNr=rFrFrFrIr{r>r{c@r5)rcsz||j}Wn tyYdSw|j|dvrS|d|j}|j|vrQtd|j|||j|j\}}| |}| |}t dt ||||j |dSdSdS)Nprofilesz$Credentials found in config file: %srPrB)_config_parser_config_filenamerrSrMr`r;rTrNrUr-r-rr)rsrEprofile_configrrrrrFrFrIrs8     zAioConfigProvider.loadNr=rFrFrFrIrr>rc@r5)r^c s|j|jvr|j|jg}n|j}|D]?}z||}Wn ty&Yqwd|vrS|d}|j|vrStd||||j|j \}}t dt |||j dSqdS)Nrz)Found credentials in boto config file: %sCREDENTIALS_BOTO2_CONFIG_FILErG) BOTO_CONFIG_ENVrHDEFAULT_CONFIG_FILENAMESrQrrMr`r;rTrNr-rr)rspotential_locationsfilenamer@rrrrFrFrIrs2     zAioBotoProvider.loadNr=rFrFrFrIr^r>r^c@s<eZdZddZddZddZddZd d Zd d Zd S)rZcsH||_|jdi}||ji}||r"||jIdHSdS)NrW) _load_config_loaded_configrUrS_has_assume_role_config_vars_load_creds_via_assume_role)rsrWr5rFrFrIrs  zAioAssumeRoleProvider.loadc s||}|||IdH}i}|d}|dur||d<|d}|dur+||d<|d}|dur8||d<|d}|durE||d<t|j||d ||j|jd } |j| _ | j } |duret | } |j d t |jt|j| td S) Nrole_session_nameRoleSessionName external_id ExternalId mfa_serial SerialNumberduration_secondsDurationSecondsr )rLsource_credentialsr r mfa_prompterrBCREDENTIALS_STS_ASSUME_ROLE)rrr)_get_role_config_resolve_source_credentialsrUrr _prompterrB _feature_idscopyrrraddr.rrr() rsrM role_configrlrrdrfrhrjr< refresherrFrFrIrcsJ         z1AioAssumeRoleProvider._load_creds_via_assume_rolecsb|d}|dur|jd|||IdHS|d}|j||jd||IdHS)Ncredential_source"CREDENTIALS_PROFILE_NAMED_PROVIDERsource_profile"CREDENTIALS_PROFILE_SOURCE_PROFILE)rUrrrt _resolve_credentials_from_source_visited_profilesappend!_resolve_credentials_from_profile)rsrurMrwryrFrFrIrp)s     z1AioAssumeRoleProvider._resolve_source_credentialscs|jdi}||}|jd||r|js||S||s)||sK|jj|dd}t |}| IdH}|durId}t ||d|S| |IdHS)NrWrPTrPz.The source profile "%s" must have credentials.r ) rarUrrrt_has_static_credentials_profile_provider_builder(_resolve_static_credentials_from_profilerbrRrbrrrc)rsrMrWr5rj profile_chainr error_messagerFrFrIr~6s8  z7AioAssumeRoleProvider._resolve_credentials_from_profilec CsJzt|d|d|ddWSty$}z t|jt|dd}~ww)Nrrr)rrr)rcred_var)rrUr.rrstr)rsr5r3rFrFrIrVs z>AioAssumeRoleProvider._resolve_static_credentials_from_profilecsN|j|IdH}|durt|d|d|j|}|r%|j||S)Nz@No credentials found in credential_source referenced in profile r)_credential_sourcerrlrNAMED_PROVIDER_FEATURE_MAPrUrrrt)rsrwrMrnamed_provider_feature_idrFrFrIr{bs"  z6AioAssumeRoleProvider._resolve_credentials_from_sourceN) rrrrrcrpr~rr{rFrFrFrIrZs/  rZc@r)rcrrD)_assume_role_with_web_identityrrrFrFrIryrz)AioAssumeRoleWithWebIdentityProvider.loadcs|d}|s dS||}|d}|sd}t|di}|d}|dur,||d<t|j||||jd}|j|_|j dt |jt |j |j d S) Nweb_identity_token_filer zThe provided profile or the current environment is configured to assume role with web identity but has no role ARN configured. Ensure that the profile has the role_arnconfiguration set or the AWS_ROLE_ARN env var is set.rrdre)rLrr rrB"CREDENTIALS_STS_ASSUME_ROLE_WEB_IDr8) _get_config_token_loader_clsrrrrBrrrsrrtr.rrr)rs token_path token_loaderr r rrdr<rFrFrIr|s8        zCAioAssumeRoleWithWebIdentityProvider._assume_role_with_web_identityN)rrrrrrFrFrFrIrxs rc@r)r\cs2||}t|tr|IdHS|IdHS)aLoads source credentials based on the provided configuration. :type source_name: str :param source_name: The value of credential_source in the config file. This is the canonical name of the credential provider. :rtype: Credentials N) _get_provider isinstancerbrr)rs source_namesourcerFrFrIrls  z4AioCanonicalNameCredentialSourcer.source_credentialscCsV||}|dvr |d}|dur |dur|St||gS|dur)t|d|S)a#Return a credential provider by its canonical name. :type canonical_name: str :param canonical_name: The canonical name of the provider. :raises UnknownCredentialError: Raised if no credential provider by the provided name is found. ) sharedconfigsharedcredentialsz assume-roleN)name)_get_provider_by_canonical_namelower_get_provider_by_methodrbr')rscanonical_namerrhrFrFrIrs    z/AioCanonicalNameCredentialSourcer._get_providerN)rrrrlrrFrFrFrIr\s r\cs4eZdZfddZddZddZddZZS) rWcs.tj|i|t|jtrt|_dSdSrD)rrr_fetcherrr2rrrFrIrs  zAioContainerProvider.__init__cs,|j|jvs |j|jvr|IdHSdSrD)ENV_VARrH ENV_VAR_FULL_retrieve_or_failrrrFrFrIrszAioContainerProvider.loadc st|r|j|j|j}n|j|j}||}|IdH}t|d|d|d|jt |d|| ddS)Nrrrrr)rrrrrrr) _provided_relative_urirfull_urlrHrr_create_fetcherrrr)rU)rsfull_urir<rrFrFrIrs    z&AioContainerProvider._retrieve_or_failcsfdd}|S)Nc sz}jj|dIdH}tdWnty3}ztjd|ddtjt |dd}~ww|d|d|d |d | d d S) N)headersCREDENTIALS_HTTPz'Error retrieving container metadata: %sTrrrrTokenrrr) _build_headersrretrieve_full_urir-rr`rarrrrU)rrr3rrsrFrI fetch_credss,  z9AioContainerProvider._create_fetcher..fetch_credsrF)rsrrrrrFrrIrsz$AioContainerProvider._create_fetcher)rrrrrrrrrFrFrrIrWs  rWc@r5)rbcs>|jD]}td|j|IdH}|dur|SqdS)zw Goes through the credentials chain, returning the first ``Credentials`` that could be loaded. zLooking for credentials via: %sN)rRr`rarr)rsrrrFrFrIrs  z&AioCredentialResolver.load_credentialsN)rrrrrFrFrFrIrbr>rbc@r5)AioSSOCredentialFetcherc sBtt|jd}|jd|d4IdH}|jr%|j}|IdHj}n!||j }|d}t j |d}t ||}|dkrFt|j|j|d}zt|j|jdi|IdH} Wn |jjyltw| d } d| d | d | d || d |jdd} | WdIdHS1IdHswYdS)z4Get credentials by calling SSO get role credentials.)r rCssor N accessToken expiresAtr)roleName accountIdrroleCredentials accessKeyIdsecretAccessKey sessionTokenr)rrrrr) ProviderTyperrF)rr _sso_regionr_token_provider load_tokenget_frozen_tokenr _token_loader _start_urldateutilparserr+rrr& _role_namerr.rget_role_credentials exceptionsUnauthorizedException_parse_timestamp) rsr@rinitial_token_datar token_dictr remainingrrrrFrFrIr+sL    0z(AioSSOCredentialFetcher._get_credentialsN)rrrrrFrFrFrIr(s rc@r5)rcs|}|s dS|d|d|d|d|jt|jd|jd}d|v}|r9|d|d<|j|d <|jd n|jd tdi|}|j |_ |rU|jd n|jd t |jt |j |jdS)N sso_start_url sso_region sso_role_namesso_account_id)rB) start_urlrr7rrLrrB sso_sessionsso_session_namerCREDENTIALS_PROFILE_SSOCREDENTIALS_PROFILE_SSO_LEGACYCREDENTIALS_SSOCREDENTIALS_SSO_LEGACYr8rF)_load_sso_configrr% _token_cacherBrrrrtrrsrr.rrr)rs sso_configfetcher_kwargssso_session_in_config sso_fetcherrFrFrIr]s8        zAioSSOProvider.loadNr=rFrFrFrIr\r>rcr)zCreate a client creator function for use in credential providers. This is the async version of botocore.credentials._get_client_creator that uses aiobotocore's create_nested_client. cs*di}|jdi|t|fi|S)NrCrF)updater4) service_namercreate_client_kwargsrCrHrFrIrLsz+_get_client_creator..client_creatorrF)rHrCrLrFrrIr[sr[)NN)brloggingrIr$rsrbotocore.compatr)dateutil.parserrrrrbotocore.configrbotocore.credentialsrrr r r r r rrrrrrrrrrrrrrrrrrr r!r"r#r$r%r&r'r(r)r*r+r,botocore.useragentr-r.aiobotocore._helpersr/aiobotocore.configr0aiobotocore.tokensr1aiobotocore.utilsr2r3r4 getLoggerrr`rmrYrrrcreate_aio_mfa_serial_refresherrrrrrrrrurXrVr]r{rr^rZrr\rWrbrrr[rFrFrFrIsr   (     ^/  !  +@"-67 4 &