}VdZddlmZddlmZddlmZddlmZddlZddlmZm Z ddl m Z ddl m Z ddlm Zdd lmZej$d Zej$d Zej$d Ze j,Zd ededdfdZdededdfdZdeddfdZded e eddfdZy)z4Utility for the CMEK and user-provided AR use cases.)absolute_import)division)print_function)unicode_literalsN)AnyOptional) exceptions) http_clientz`^projects/[^/]+/locations/(?P[^/]+)/keyRings/[a-zA-Z0-9_-]+/cryptoKeys/[a-zA-Z0-9_-]+$zc^projects/(?P[^/]+)/locations/(?P[^/]+)/repositories/[a-z]([a-z0-9-]*[a-z0-9])?$zG^(?P.*)-docker.pkg.dev\/(?P[^\/]+)\/(?P[^\/]+)kms_key function_refreturnctj|}|rR|jd}|dk(rtjdd|j |k7rtjddyy)a Checks that the KMS key is compatible with the function. Args: kms_key: Fully qualified KMS key name. function_ref: Function resource reference. Raises: InvalidArgumentException: If the specified KMS key is not compatible with the function. locationglobalz --kms-keyz$Global KMS keyrings are not allowed.zBKMS keyrings should be created in the same region as the function.N) _KMS_KEY_REsearchgroupbase_exceptionsInvalidArgumentException locationsId)r r kms_key_matchkms_keyring_locations 1lib/googlecloudsdk/api_lib/functions/cmek_util.pyValidateKMSKeyForFunctionr0s}$$W--(..z:x'  4 4 = #77  4 4  N 8 docker_repositoryc|y|j}|j}tj|}|r#|j d}|j d}n>t j|}|r#|j d}|j d}nd}d}|r@||k7r;|j |j k(rtjdd|d|r ||k7rtjdd|dyy)a<Checks that the Docker repository is compatible with the function. Args: docker_repository: Fully qualified Docker repository resource name. function_ref: Function resource reference. Raises: InvalidArgumentException: If the specified Docker repository is not compatible with the function. Nprojectrz--docker-repositoryzLCross-project repositories are not supported: the repository should be in `$z`.zMCross-location repositories are not supported: the repository should be in `$) projectsIdr_DOCKER_REPOSITORY_RErr#_DOCKER_REPOSITORY_DOCKER_FORMAT_REisdigitrr)rr function_projectfunction_location repo_match repo_project repo_locationrepo_match_docker_formats r#ValidateDockerRepositoryForFunctionr)Is' !,,"..$++,=>*##I.L$$Z0MBII  -33I>l.44Z@mml l *  " " $ (<(<(> >  2 2 !"" &  (M9  2 2 %&b * :]rc||Stj|}|rF|jd}|jd}|jd}dj|||S|S)zNormalizes the docker repository name to the standard resource format. Args: docker_repository: Fully qualified Docker repository name. Returns: The name in a standard format supported by the API. rrrepoz(projects/{}/locations/{}/repositories/{})r!rrformat)rr(rrnames rNormalizeDockerRepositoryFormatr.~s{ @GG&,,Y7G'--j9H # ) )& 1D 5 < <4  rhttp_exceptionc|rC|jtjk(r%tjdj |yy)Na3An error occurred. Ensure that the KMS key {kms_key} exists and the Cloud Functions service account has encrypter/decrypter permissions (roles/cloudkms.cryptoKeyEncrypterDecrypter) on the key. If you have recently made changes to the IAM config, wait a few minutes for the config to propagate and try again.)r ) status_coder INTERNAL_SERVER_ERRORr FunctionsErrorr,)r/r s rProcessExceptionr4sN  $ $ (I(I I  # # 56rCs;&%' ::A!bjj" # 0'1bjjN'#  & & s#$222*-2 2jst4)1# r