ZdZddlmZddlmZddlmZddlmZddlmZGdde Z y ) z%API helpers for interacting with IAM.)absolute_import)division)unicode_literals)apis)iam_utilc0eZdZdZddZdZdZdZdZy) Clientz"A client for interacting with IAM.Ncltj||_tj||_yN)rGetClientInstanceclientGetMessagesModulemessages)self api_versions 4lib/googlecloudsdk/api_lib/container/binauthz/iam.py__init__zClient.__init__s&((5DK**;7DMc|jjj|jj |j t jS)z.Gets the IamPolicy associated with a resource.)resourceoptions_requestedPolicyVersion)r projects_policy GetIamPolicyr4BinaryauthorizationProjectsPolicyGetIamPolicyRequest RelativeNamer!MAX_LIBRARY_IAM_SUPPORTED_VERSION)rany_refs rGetz Client.Get sL ;; & & 3 3 JJ))++3 . . K 0 11rctj|_|jjj |j j|j|j j|S)a=Sets a resource's IamPolicy to the one provided. If 'policy' has no etag specified, this will BLINDLY OVERWRITE the IAM policy! Args: any_ref: A resources.Resource naming the resource. policy: A protorpc.Message instance of an IamPolicy object. Returns: The IAM Policy. )policy)rsetIamPolicyRequest) rrversionr r SetIamPolicyr4BinaryauthorizationProjectsPolicySetIamPolicyRequestrSetIamPolicyRequest)rrr s rSetz Client.Set(sm??FN ;; & & 3 3 JJ))+ $ A A!B!  K   rc|j|}tj|jj||||j ||S)z@Does an atomic Read-Modify-Write, adding the member to the role.)rrAddBindingToIamPolicyrBindingr&rrmemberroler s r AddBindingzClient.AddBinding=s? XXg F ""4==#8#8&&$O 88GV $$rcv|j|}tj||||j||S)zDDoes an atomic Read-Modify-Write, removing the member from the role.)rrRemoveBindingFromIamPolicyr&r*s r RemoveBindingzClient.RemoveBindingCs3 XXg F ''= 88GV $$rr ) __name__ __module__ __qualname____doc__rrr&r-r0rrr r s*81 *% %rr N) r4 __future__rrr)googlecloudsdk.api_lib.container.binauthzrgooglecloudsdk.command_lib.iamrobjectr r5rrr:s%,&':3.%V.%r