Mercurial > repos > shellac > guppy_basecaller
diff env/lib/python3.7/site-packages/boto/cognito/identity/layer1.py @ 5:9b1c78e6ba9c draft default tip
"planemo upload commit 6c0a8142489327ece472c84e558c47da711a9142"
| author | shellac |
|---|---|
| date | Mon, 01 Jun 2020 08:59:25 -0400 |
| parents | 79f47841a781 |
| children |
line wrap: on
line diff
--- a/env/lib/python3.7/site-packages/boto/cognito/identity/layer1.py Thu May 14 16:47:39 2020 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,549 +0,0 @@ -# Copyright (c) 2014 Amazon.com, Inc. or its affiliates. All Rights Reserved -# -# Permission is hereby granted, free of charge, to any person obtaining a -# copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, dis- -# tribute, sublicense, and/or sell copies of the Software, and to permit -# persons to whom the Software is furnished to do so, subject to the fol- -# lowing conditions: -# -# The above copyright notice and this permission notice shall be included -# in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL- -# ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT -# SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, -# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -# IN THE SOFTWARE. -# - -import boto -from boto.compat import json -from boto.connection import AWSQueryConnection -from boto.regioninfo import RegionInfo -from boto.exception import JSONResponseError -from boto.cognito.identity import exceptions - - -class CognitoIdentityConnection(AWSQueryConnection): - """ - Amazon Cognito - Amazon Cognito is a web service that delivers scoped temporary - credentials to mobile devices and other untrusted environments. - Amazon Cognito uniquely identifies a device and supplies the user - with a consistent identity over the lifetime of an application. - - Using Amazon Cognito, you can enable authentication with one or - more third-party identity providers (Facebook, Google, or Login - with Amazon), and you can also choose to support unauthenticated - access from your app. Cognito delivers a unique identifier for - each user and acts as an OpenID token provider trusted by AWS - Security Token Service (STS) to access temporary, limited- - privilege AWS credentials. - - To provide end-user credentials, first make an unsigned call to - GetId. If the end user is authenticated with one of the supported - identity providers, set the `Logins` map with the identity - provider token. `GetId` returns a unique identifier for the user. - - Next, make an unsigned call to GetOpenIdToken, which returns the - OpenID token necessary to call STS and retrieve AWS credentials. - This call expects the same `Logins` map as the `GetId` call, as - well as the `IdentityID` originally returned by `GetId`. The token - returned by `GetOpenIdToken` can be passed to the STS operation - `AssumeRoleWithWebIdentity`_ to retrieve AWS credentials. - """ - APIVersion = "2014-06-30" - DefaultRegionName = "us-east-1" - DefaultRegionEndpoint = "cognito-identity.us-east-1.amazonaws.com" - ServiceName = "CognitoIdentity" - TargetPrefix = "AWSCognitoIdentityService" - ResponseError = JSONResponseError - - _faults = { - "LimitExceededException": exceptions.LimitExceededException, - "ResourceConflictException": exceptions.ResourceConflictException, - "DeveloperUserAlreadyRegisteredException": exceptions.DeveloperUserAlreadyRegisteredException, - "TooManyRequestsException": exceptions.TooManyRequestsException, - "InvalidParameterException": exceptions.InvalidParameterException, - "ResourceNotFoundException": exceptions.ResourceNotFoundException, - "InternalErrorException": exceptions.InternalErrorException, - "NotAuthorizedException": exceptions.NotAuthorizedException, - } - - - def __init__(self, **kwargs): - region = kwargs.pop('region', None) - if not region: - region = RegionInfo(self, self.DefaultRegionName, - self.DefaultRegionEndpoint) - - if 'host' not in kwargs or kwargs['host'] is None: - kwargs['host'] = region.endpoint - - super(CognitoIdentityConnection, self).__init__(**kwargs) - self.region = region - - def _required_auth_capability(self): - return ['hmac-v4'] - - def create_identity_pool(self, identity_pool_name, - allow_unauthenticated_identities, - supported_login_providers=None, - developer_provider_name=None, - open_id_connect_provider_ar_ns=None): - """ - Creates a new identity pool. The identity pool is a store of - user identity information that is specific to your AWS - account. The limit on identity pools is 60 per account. - - :type identity_pool_name: string - :param identity_pool_name: A string that you provide. - - :type allow_unauthenticated_identities: boolean - :param allow_unauthenticated_identities: TRUE if the identity pool - supports unauthenticated logins. - - :type supported_login_providers: map - :param supported_login_providers: Optional key:value pairs mapping - provider names to provider app IDs. - - :type developer_provider_name: string - :param developer_provider_name: The "domain" by which Cognito will - refer to your users. This name acts as a placeholder that allows - your backend and the Cognito service to communicate about the - developer provider. For the `DeveloperProviderName`, you can use - letters as well as period ( `.`), underscore ( `_`), and dash ( - `-`). - Once you have set a developer provider name, you cannot change it. - Please take care in setting this parameter. - - :type open_id_connect_provider_ar_ns: list - :param open_id_connect_provider_ar_ns: - - """ - params = { - 'IdentityPoolName': identity_pool_name, - 'AllowUnauthenticatedIdentities': allow_unauthenticated_identities, - } - if supported_login_providers is not None: - params['SupportedLoginProviders'] = supported_login_providers - if developer_provider_name is not None: - params['DeveloperProviderName'] = developer_provider_name - if open_id_connect_provider_ar_ns is not None: - params['OpenIdConnectProviderARNs'] = open_id_connect_provider_ar_ns - return self.make_request(action='CreateIdentityPool', - body=json.dumps(params)) - - def delete_identity_pool(self, identity_pool_id): - """ - Deletes a user pool. Once a pool is deleted, users will not be - able to authenticate with the pool. - - :type identity_pool_id: string - :param identity_pool_id: An identity pool ID in the format REGION:GUID. - - """ - params = {'IdentityPoolId': identity_pool_id, } - return self.make_request(action='DeleteIdentityPool', - body=json.dumps(params)) - - def describe_identity_pool(self, identity_pool_id): - """ - Gets details about a particular identity pool, including the - pool name, ID description, creation date, and current number - of users. - - :type identity_pool_id: string - :param identity_pool_id: An identity pool ID in the format REGION:GUID. - - """ - params = {'IdentityPoolId': identity_pool_id, } - return self.make_request(action='DescribeIdentityPool', - body=json.dumps(params)) - - def get_id(self, account_id, identity_pool_id, logins=None): - """ - Generates (or retrieves) a Cognito ID. Supplying multiple - logins will create an implicit linked account. - - :type account_id: string - :param account_id: A standard AWS account ID (9+ digits). - - :type identity_pool_id: string - :param identity_pool_id: An identity pool ID in the format REGION:GUID. - - :type logins: map - :param logins: A set of optional name-value pairs that map provider - names to provider tokens. - The available provider names for `Logins` are as follows: - - + Facebook: `graph.facebook.com` - + Google: `accounts.google.com` - + Amazon: `www.amazon.com` - - """ - params = { - 'AccountId': account_id, - 'IdentityPoolId': identity_pool_id, - } - if logins is not None: - params['Logins'] = logins - return self.make_request(action='GetId', - body=json.dumps(params)) - - def get_open_id_token(self, identity_id, logins=None): - """ - Gets an OpenID token, using a known Cognito ID. This known - Cognito ID is returned by GetId. You can optionally add - additional logins for the identity. Supplying multiple logins - creates an implicit link. - - The OpenId token is valid for 15 minutes. - - :type identity_id: string - :param identity_id: A unique identifier in the format REGION:GUID. - - :type logins: map - :param logins: A set of optional name-value pairs that map provider - names to provider tokens. - - """ - params = {'IdentityId': identity_id, } - if logins is not None: - params['Logins'] = logins - return self.make_request(action='GetOpenIdToken', - body=json.dumps(params)) - - def get_open_id_token_for_developer_identity(self, identity_pool_id, - logins, identity_id=None, - token_duration=None): - """ - Registers (or retrieves) a Cognito `IdentityId` and an OpenID - Connect token for a user authenticated by your backend - authentication process. Supplying multiple logins will create - an implicit linked account. You can only specify one developer - provider as part of the `Logins` map, which is linked to the - identity pool. The developer provider is the "domain" by which - Cognito will refer to your users. - - You can use `GetOpenIdTokenForDeveloperIdentity` to create a - new identity and to link new logins (that is, user credentials - issued by a public provider or developer provider) to an - existing identity. When you want to create a new identity, the - `IdentityId` should be null. When you want to associate a new - login with an existing authenticated/unauthenticated identity, - you can do so by providing the existing `IdentityId`. This API - will create the identity in the specified `IdentityPoolId`. - - :type identity_pool_id: string - :param identity_pool_id: An identity pool ID in the format REGION:GUID. - - :type identity_id: string - :param identity_id: A unique identifier in the format REGION:GUID. - - :type logins: map - :param logins: A set of optional name-value pairs that map provider - names to provider tokens. Each name-value pair represents a user - from a public provider or developer provider. If the user is from a - developer provider, the name-value pair will follow the syntax - `"developer_provider_name": "developer_user_identifier"`. The - developer provider is the "domain" by which Cognito will refer to - your users; you provided this domain while creating/updating the - identity pool. The developer user identifier is an identifier from - your backend that uniquely identifies a user. When you create an - identity pool, you can specify the supported logins. - - :type token_duration: long - :param token_duration: The expiration time of the token, in seconds. - You can specify a custom expiration time for the token so that you - can cache it. If you don't provide an expiration time, the token is - valid for 15 minutes. You can exchange the token with Amazon STS - for temporary AWS credentials, which are valid for a maximum of one - hour. The maximum token duration you can set is 24 hours. You - should take care in setting the expiration time for a token, as - there are significant security implications: an attacker could use - a leaked token to access your AWS resources for the token's - duration. - - """ - params = { - 'IdentityPoolId': identity_pool_id, - 'Logins': logins, - } - if identity_id is not None: - params['IdentityId'] = identity_id - if token_duration is not None: - params['TokenDuration'] = token_duration - return self.make_request(action='GetOpenIdTokenForDeveloperIdentity', - body=json.dumps(params)) - - def list_identities(self, identity_pool_id, max_results, next_token=None): - """ - Lists the identities in a pool. - - :type identity_pool_id: string - :param identity_pool_id: An identity pool ID in the format REGION:GUID. - - :type max_results: integer - :param max_results: The maximum number of identities to return. - - :type next_token: string - :param next_token: A pagination token. - - """ - params = { - 'IdentityPoolId': identity_pool_id, - 'MaxResults': max_results, - } - if next_token is not None: - params['NextToken'] = next_token - return self.make_request(action='ListIdentities', - body=json.dumps(params)) - - def list_identity_pools(self, max_results, next_token=None): - """ - Lists all of the Cognito identity pools registered for your - account. - - :type max_results: integer - :param max_results: The maximum number of identities to return. - - :type next_token: string - :param next_token: A pagination token. - - """ - params = {'MaxResults': max_results, } - if next_token is not None: - params['NextToken'] = next_token - return self.make_request(action='ListIdentityPools', - body=json.dumps(params)) - - def lookup_developer_identity(self, identity_pool_id, identity_id=None, - developer_user_identifier=None, - max_results=None, next_token=None): - """ - Retrieves the `IdentityID` associated with a - `DeveloperUserIdentifier` or the list of - `DeveloperUserIdentifier`s associated with an `IdentityId` for - an existing identity. Either `IdentityID` or - `DeveloperUserIdentifier` must not be null. If you supply only - one of these values, the other value will be searched in the - database and returned as a part of the response. If you supply - both, `DeveloperUserIdentifier` will be matched against - `IdentityID`. If the values are verified against the database, - the response returns both values and is the same as the - request. Otherwise a `ResourceConflictException` is thrown. - - :type identity_pool_id: string - :param identity_pool_id: An identity pool ID in the format REGION:GUID. - - :type identity_id: string - :param identity_id: A unique identifier in the format REGION:GUID. - - :type developer_user_identifier: string - :param developer_user_identifier: A unique ID used by your backend - authentication process to identify a user. Typically, a developer - identity provider would issue many developer user identifiers, in - keeping with the number of users. - - :type max_results: integer - :param max_results: The maximum number of identities to return. - - :type next_token: string - :param next_token: A pagination token. The first call you make will - have `NextToken` set to null. After that the service will return - `NextToken` values as needed. For example, let's say you make a - request with `MaxResults` set to 10, and there are 20 matches in - the database. The service will return a pagination token as a part - of the response. This token can be used to call the API again and - get results starting from the 11th match. - - """ - params = {'IdentityPoolId': identity_pool_id, } - if identity_id is not None: - params['IdentityId'] = identity_id - if developer_user_identifier is not None: - params['DeveloperUserIdentifier'] = developer_user_identifier - if max_results is not None: - params['MaxResults'] = max_results - if next_token is not None: - params['NextToken'] = next_token - return self.make_request(action='LookupDeveloperIdentity', - body=json.dumps(params)) - - def merge_developer_identities(self, source_user_identifier, - destination_user_identifier, - developer_provider_name, identity_pool_id): - """ - Merges two users having different `IdentityId`s, existing in - the same identity pool, and identified by the same developer - provider. You can use this action to request that discrete - users be merged and identified as a single user in the Cognito - environment. Cognito associates the given source user ( - `SourceUserIdentifier`) with the `IdentityId` of the - `DestinationUserIdentifier`. Only developer-authenticated - users can be merged. If the users to be merged are associated - with the same public provider, but as two different users, an - exception will be thrown. - - :type source_user_identifier: string - :param source_user_identifier: User identifier for the source user. The - value should be a `DeveloperUserIdentifier`. - - :type destination_user_identifier: string - :param destination_user_identifier: User identifier for the destination - user. The value should be a `DeveloperUserIdentifier`. - - :type developer_provider_name: string - :param developer_provider_name: The "domain" by which Cognito will - refer to your users. This is a (pseudo) domain name that you - provide while creating an identity pool. This name acts as a - placeholder that allows your backend and the Cognito service to - communicate about the developer provider. For the - `DeveloperProviderName`, you can use letters as well as period (.), - underscore (_), and dash (-). - - :type identity_pool_id: string - :param identity_pool_id: An identity pool ID in the format REGION:GUID. - - """ - params = { - 'SourceUserIdentifier': source_user_identifier, - 'DestinationUserIdentifier': destination_user_identifier, - 'DeveloperProviderName': developer_provider_name, - 'IdentityPoolId': identity_pool_id, - } - return self.make_request(action='MergeDeveloperIdentities', - body=json.dumps(params)) - - def unlink_developer_identity(self, identity_id, identity_pool_id, - developer_provider_name, - developer_user_identifier): - """ - Unlinks a `DeveloperUserIdentifier` from an existing identity. - Unlinked developer users will be considered new identities - next time they are seen. If, for a given Cognito identity, you - remove all federated identities as well as the developer user - identifier, the Cognito identity becomes inaccessible. - - :type identity_id: string - :param identity_id: A unique identifier in the format REGION:GUID. - - :type identity_pool_id: string - :param identity_pool_id: An identity pool ID in the format REGION:GUID. - - :type developer_provider_name: string - :param developer_provider_name: The "domain" by which Cognito will - refer to your users. - - :type developer_user_identifier: string - :param developer_user_identifier: A unique ID used by your backend - authentication process to identify a user. - - """ - params = { - 'IdentityId': identity_id, - 'IdentityPoolId': identity_pool_id, - 'DeveloperProviderName': developer_provider_name, - 'DeveloperUserIdentifier': developer_user_identifier, - } - return self.make_request(action='UnlinkDeveloperIdentity', - body=json.dumps(params)) - - def unlink_identity(self, identity_id, logins, logins_to_remove): - """ - Unlinks a federated identity from an existing account. - Unlinked logins will be considered new identities next time - they are seen. Removing the last linked login will make this - identity inaccessible. - - :type identity_id: string - :param identity_id: A unique identifier in the format REGION:GUID. - - :type logins: map - :param logins: A set of optional name-value pairs that map provider - names to provider tokens. - - :type logins_to_remove: list - :param logins_to_remove: Provider names to unlink from this identity. - - """ - params = { - 'IdentityId': identity_id, - 'Logins': logins, - 'LoginsToRemove': logins_to_remove, - } - return self.make_request(action='UnlinkIdentity', - body=json.dumps(params)) - - def update_identity_pool(self, identity_pool_id, identity_pool_name, - allow_unauthenticated_identities, - supported_login_providers=None, - developer_provider_name=None, - open_id_connect_provider_ar_ns=None): - """ - Updates a user pool. - - :type identity_pool_id: string - :param identity_pool_id: An identity pool ID in the format REGION:GUID. - - :type identity_pool_name: string - :param identity_pool_name: A string that you provide. - - :type allow_unauthenticated_identities: boolean - :param allow_unauthenticated_identities: TRUE if the identity pool - supports unauthenticated logins. - - :type supported_login_providers: map - :param supported_login_providers: Optional key:value pairs mapping - provider names to provider app IDs. - - :type developer_provider_name: string - :param developer_provider_name: The "domain" by which Cognito will - refer to your users. - - :type open_id_connect_provider_ar_ns: list - :param open_id_connect_provider_ar_ns: - - """ - params = { - 'IdentityPoolId': identity_pool_id, - 'IdentityPoolName': identity_pool_name, - 'AllowUnauthenticatedIdentities': allow_unauthenticated_identities, - } - if supported_login_providers is not None: - params['SupportedLoginProviders'] = supported_login_providers - if developer_provider_name is not None: - params['DeveloperProviderName'] = developer_provider_name - if open_id_connect_provider_ar_ns is not None: - params['OpenIdConnectProviderARNs'] = open_id_connect_provider_ar_ns - return self.make_request(action='UpdateIdentityPool', - body=json.dumps(params)) - - def make_request(self, action, body): - headers = { - 'X-Amz-Target': '%s.%s' % (self.TargetPrefix, action), - 'Host': self.region.endpoint, - 'Content-Type': 'application/x-amz-json-1.1', - 'Content-Length': str(len(body)), - } - http_request = self.build_base_http_request( - method='POST', path='/', auth_path='/', params={}, - headers=headers, data=body) - response = self._mexe(http_request, sender=None, - override_num_retries=10) - response_body = response.read().decode('utf-8') - boto.log.debug(response_body) - if response.status == 200: - if response_body: - return json.loads(response_body) - else: - json_body = json.loads(response_body) - fault_name = json_body.get('__type', None) - exception_class = self._faults.get(fault_name, self.ResponseError) - raise exception_class(response.status, response.reason, - body=json_body)