LKiJSSKJr SSKJr SSKJr SSKJrJrJ r J r J r J r SSK Jr SSKJr SSKJrJr \ "S5r\ "S 5r"S S \5r\ \\4r"S S \5r\"SS55r"SS\5r"SS\\5r\"SS55r"SS\5rg)) annotations)abstractmethod)Enum)AnyListOptionalDictTupleTypeVar) dataclass) SecretStr) ComponentSystemTSc\rSrSrSrg) AuthErrorN)__name__ __module__ __qualname____firstlineno____static_attributes__rX/var/www/html/dynamic-report/venv/lib/python3.13/site-packages/chromadb/auth/__init__.pyrrsrrcD^\rSrSrSrSU4Sjjr\SSj5rSrU=r $)ClientAuthProvider!z ClientAuthProvider is responsible for providing authentication headers for client requests. Client implementations (in our case, just the FastAPI client) must inject these headers into their requests. c$>[TU]U5 gNsuper__init__selfsystem __class__s rr$ClientAuthProvider.__init__(  rcgr!r)r&s r authenticateClientAuthProvider.authenticate+ rrr'rreturnNone)r0ClientAuthHeaders) rrrr__doc__r$rr,r __classcell__r(s@rrr!s! !  rrcN\rSrSr%SrS\S'SrS\S'SrS\S 'SrS \S 'S r g) UserIdentity0a} UserIdentity represents the identity of a user. In general, not all fields will be populated, and the fields that are populated will depend on the authentication provider. The idea is that the AuthenticationProvider is responsible for populating _all_ information known about the user, and the AuthorizationProvider is responsible for making decisions based on that information. struser_idN Optional[str]tenantzOptional[List[str]] databaseszOptional[Dict[str, Any]] attributesr) rrrrr3__annotations__r<r=r>rrrrr7r70s0L FM %)I"),0J(/rr7cj^\rSrSrSrS U4Sjjr\S Sj5rS SjrS Sjr S Sjr Sr U=r $)ServerAuthenticationProviderEa ServerAuthenticationProvider is responsible for authenticating requests. If a ServerAuthenticationProvider is configured, it will be called by the server to authenticate requests. If no ServerAuthenticationProvider is configured, all requests will be authenticated. The ServerAuthenticationProvider should return a UserIdentity object if the request is authenticated for use by the ServerAuthorizationProvider. c>[TU]U5 URRUlURR Ulgr!)r#r$settingschroma_server_auth_ignore_paths_ignore_auth_paths;chroma_overwrite_singleton_tenant_database_access_from_auth4overwrite_singleton_tenant_database_access_from_authr%s rr$%ServerAuthenticationProvider.__init__Ps>   OO ; ;  OO W W Arcgr!r)r&headerss rauthenticate_or_raise2ServerAuthenticationProvider.authenticate_or_raiseYr.rcX RR5;a"UR5URU;agg)NTF)rFkeysupper)r&verbpaths rignore_operation-ServerAuthenticationProvider.ignore_operation]s6 ++002 2  7 7 ==rcSnSnURRR(a"[URRS5nURRR(a"[URRS5nU(dU(d [ S5eU(aU(a [ S5eU(a*UR S5Vs/sH o3(dM UPM sn$U(a&[US5nUR5sSSS5 $[ S5es snf!,(df  N=f)N$chroma_server_authn_credentials_filechroma_server_authn_credentialszNNo credentials file or credentials found in [chroma_server_authn_credentials].zDBoth credentials file and credentials found.Please provide only one. rShould never happen) _systemrDrVr9rW ValueErrorsplitopen readlines)r& _creds_file_credscfs rread_creds_or_creds_file5ServerAuthenticationProvider.read_creds_or_creds_filees  << E E %%&LMK << @ @../PQRF65  6+  %||D171!QA17 7 k3'1{{}('.// 8''s D.-D. D33 Ec4UR(aU(dgSnSnUR(aURS:wa URnUR(a;[UR5S:Xa"URSS:waURSnX#4$)a If settings.chroma_overwrite_singleton_tenant_database_access_from_auth is False, this function always returns (None, None). If settings.chroma_overwrite_singleton_tenant_database_access_from_auth is True, follows the following logic: - If the user only has access to a single tenant, this function will return that tenant as its first return value. - If the user only has access to a single database, this function will return that database as its second return value. If the user has access to multiple tenants and/or databases, including "*", this function will return None for the corresponding value(s). - If the user has access to multiple tenants and/or databases this function will return None for the corresponding value(s). )NNN*r)rHr<r=len)r&userr<databases r'singleton_tenant_database_if_applicableDServerAuthenticationProvider.singleton_tenant_database_if_applicablesw$HHPT ;;4;;#-[[F >>c$..1Q64>>!;LPS;S~~a(Hr)rFrHr/)rKzDict[str, str]r0r7)rQr9rRr9r0boolr0z List[str])rjzOptional[UserIdentity]r0z#Tuple[Optional[str], Optional[str]]) rrrrr3r$rrLrSrdrlrr4r5s@rrArAEsE   06 * ,  rrAcl\rSrSrSrSrSrSrSrSr Sr S r S r S r S rS rSrSrSrSrSrSrSrSrSrSrSrg) AuthzActionzJ The set of actions that can be authorized by the authorization provider. z system:resetztenant:create_tenantztenant:get_tenantzdb:create_databasezdb:get_databasezdb:delete_databasezdb:list_databaseszdb:list_collectionszdb:count_collectionszdb:create_collectionzdb:get_or_create_collectionzcollection:get_collectionzcollection:delete_collectionzcollection:update_collectionzcollection:addzcollection:deletezcollection:getzcollection:queryzcollection:countzcollection:updatezcollection:upsertrN)rrrrr3RESET CREATE_TENANT GET_TENANTCREATE_DATABASE GET_DATABASEDELETE_DATABASELIST_DATABASESLIST_COLLECTIONSCOUNT_COLLECTIONSCREATE_COLLECTIONGET_OR_CREATE_COLLECTIONGET_COLLECTIONDELETE_COLLECTIONUPDATE_COLLECTIONADDDELETEGETQUERYCOUNTUPDATEUPSERTrrrrrqrqsx E*M$J*O$L*O(N,..<0N66 C F C E E F Frrqc8\rSrSr%SrS\S'S\S'S\S'Srg) AuthzResourcez: The resource being accessed in an authorization request. r;r<rk collectionrN)rrrrr3r?rrrrrrs rrc^^\rSrSrSrSU4Sjjr\SSj5rS SjrSr U=r $) ServerAuthorizationProvideraX ServerAuthorizationProvider is responsible for authorizing requests. If a ServerAuthorizationProvider is configured, it will be called by the server to authorize requests. If no ServerAuthorizationProvider is configured, all requests will be authorized. ServerAuthorizationProvider should raise an exception if the request is not authorized. c$>[TU]U5 gr!r"r%s rr$$ServerAuthorizationProvider.__init__r*rcgr!r)r&rjactionresources rauthorize_or_raise.ServerAuthorizationProvider.authorize_or_raises rcvSnSnURRR(aURRSnURRR(a"[ URRS5nU(dU(d [ S5eU(aU(a [ S5eU(a*UR S5Vs/sH o3(dM UPM sn$U(a&[US5nUR5sSSS5 $[ S5es snf!,(df  N=f)Nchroma_server_authz_config_filechroma_server_authz_configz9No authz configuration file or authz configuration found.zTBoth authz configuration file and authz configuration found.Please provide only one.rXrYrZ) r[rDrrr9r\r]r^r_)r& _config_file_configrbrcs rread_config_or_config_file6ServerAuthorizationProvider.read_config_or_config_files  << @ @<<001RSL << ; ;$,,//0LMNGGK  G+  &}}T282!aA28 8 lC(A{{})(.// 9((s D%$D%D** D8rr/)rjr7rrqrrr0r1ro) rrrrr3r$rrrrr4r5s@rrrsK!   *5 AN   00rrN) __future__rabcrenumrtypingrrrr r r dataclassesr pydanticr chromadb.configrrrr Exceptionrr9r2rr7rArqrrrrrrs""  CL CL  i(     00 0(U 9U p!#t!8  )0))0r