5ldZddlmZddlmZddlmZddlmZddlm Z ddl m Z ddl m Z dd l mZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZGddej0ZddZdZdZdZej<dddZej<dddZ dZ!dZ"dZ#dZ$y) z6Command line processing utilities for access policies.)absolute_import)division)unicode_literals)policies) organizations)concepts)deps) cache_util)concept_parsers) exceptions)log) properties) resourcesc eZdZy)DefaultPolicyResolutionErrorN)__name__ __module__ __qualname__?lib/googlecloudsdk/command_lib/accesscontextmanager/policies.pyrr"srrNch~|jdrtj|j|S)zBAdd the particular service filter message based on specified args.policy) IsSpecifiedrAccessPolicyValidatorr)refargsreqs rValidateAccessPolicyArgr&s*  h$$T[[1 *rctjjj}t j ddt j|gS)NrzThe ID of the access policy.)name help_text fallthroughs)rVALUESaccess_context_managerrr ResourceParameterAttributeConfigr PropertyFallthrough) property_s rGetAttributeConfigr)/sC66==)  2 2 .,,Y78 ::rcBtjddtS)N#accesscontextmanager.accessPoliciesr) resource_nameaccessPoliciesId)r ResourceSpecr)rrrGetResourceSpecr/7s!   +)+ --rctjjdtdj |dj |y)zAdd a resource argument for an access policy. NOTE: Must be used only if it's the only resource arg in the command. Args: parser: the parser for the command. verb: str, the verb to describe the resource, such as 'to update'. rzThe access policy {}.T)requiredN)r ConceptParser ForResourcer/format AddToParser)parserverbs rAddResourceArgr8>sC++$$T* ,![(rzorganizations-by-domain cd|z} ttjj|d}|st dj |t|dkDrt dj ||tjj|d jd S#t$r }t dj ||d}~wwxYw) aGet the organization for the given domain. The current user must have permission to list the organization. Args: domain: str, the domain (e.g. 'example.com') to look up the organization of, or None to just list the organizations for the current account. Returns: resources.Resource, a reference to a cloudresourcemanager.organizations resource Raises: DefaultPolicyResolutionError: if the number of organizations matching the given domain is not exactly 1, or searching organizations fails. zdomain:)filter_limitz2Unable to resolve organization for domain [{}]: {}Nz0No matching organizations found for domain [{}].z4Found more than one organization for domain [{}]. {}rz"cloudresourcemanager.organizations collection) listrClientList Exceptionrr4lenrREGISTRYParser!)domainr<orgserrs r_GetOrganizationrKNs$  '  $$&++G1+E FD  &:AA&I KK 4y1} &?FF D      ! ! 1gllC " EE  &<CC C  s.B(( C1C  Czpolicies-by-organizationc ttjj|d}|s(t dj |jt|dkDr)t dj |j|tjj|djd }|S#t$r.}t dj |j|d}~wwxYw) aGet the access policy for the given organization. The current user must have permission to list the policies for the organization. Args: organization_ref: resources.Resource, a reference to a cloudresourcemanager.organizations resource to look up the policy for. Returns: resources.Resource, a reference to an accesscontextmanager.accessPolicies resource Raises: DefaultPolicyResolutionError: if the number of policies matching the given organization is not exactly 1, or listing policies fails. r;)r=z2Unable to resolve policy for organization [{}]: {}Nz0No matching policies found for organization [{}]r>z;Found more than one access policy for organization [{}]: {}rr+r?) rA policies_apirBrCrDrr4NamerErrFrGr!)organization_refrrJ policy_refs r _GetPolicyrQts&+L'')../?q.IJH  &:AA  ! ! # % && 8}q &FMM  ! ! #X / 00!!''qk#H(J*  + &<CC  ! ! #S * +++s.C C8 )C33C8z.iam.gserviceaccount.comzdeveloper.gserviceaccount.comcn|jd\}}}|jts |tk(ry|S)N@) partitionendswith _IAM_SUFFIX_DEVELOPER_DOMAIN)account_hosts r _GetDomainr[s4  %*!Q ]];4+<#<  +rc0tjjjj }|st j dyt|}|st j d|ytjdd5} t||}t||j|f} ddd|jS#t$r(}t j d|Yd}~dddyd}~wwxYw#1swYjSxYw)z:Gets the ID of the default policy for the current account.zIUnable to automatically resolve policy since account property is not set.Nz)Unable to resolve domain for account [%s]z resource://T)createz*Unable to automatically resolve policy: %s)rr$corerXGetr infor[meta_cache_utilGetCacherKrQ RelativeNamerrN)rXrHcacherOrPrJs rGetDefaultPolicyres    " " * * . . 0' HH  g & HH 8'B  d;u)%8e%5%B%B%D/13j <   ( hh;SA <;  <  s0C=(C  C:C5(C=5C::C==D)N)%__doc__ __future__rrr+googlecloudsdk.api_lib.accesscontextmanagerrrM+googlecloudsdk.api_lib.cloudresourcemanagerr googlecloudsdk.calliope.conceptsrr googlecloudsdk.command_lib.metar ragooglecloudsdk.command_lib.util(googlecloudsdk.command_lib.util.conceptsr googlecloudsdk.corer r rrErrorrrr)r/r8 CacheResourcerKrQrVrWr[rerrrrqs=&'PE51I6D*#*):#3#3 :- ) 3R8"E9"EJ4b9#:#L) 3r