;B dZddlmZddlmZddlmZddlZddlZddlZddlZddl m Z ddl m Z ddl m Z dd lmZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddlZddlZddlmZddiZ ejBjDjFdejBjHjFdejBjJjFejLjOddddiZ(d(dZ)GddejTZ+dZ,GddejZZ.d)dZ/Gd d!ejZZ0d"Z1d#Z2d$Z3d*d%Z4 d+d&Z5d)d'Z6y),zHAnthos command library functions and utilities for the anthoscli binary.)absolute_import)division)unicode_literalsN)flags) file_parsers)messages)binary_operations) exceptions)log) console_io)store)files) platforms)urllibCOBRA_SILENCE_USAGEtruez2~/.config/google/anthos/kubectl-anthos-config.yamlz>~/Library/Preferences/google/anthos/kubectl-anthos-config.yamlz %APPDATA%googleanthoszkubectl-anthos-config.yamlctjtj}|j t |r|j ||r|D]}|j ||S)z6Return an env dict to be passed on command invocation.)copydeepcopyosenvironupdateDEFAULT_ENV_ARGSpop) extra_vars exclude_varsenvks :lib/googlecloudsdk/command_lib/anthos/anthoscli_backend.pyGetEnvArgsForCommandr"5sM bjj!#** JJz  ggaj *ceZdZdZy)AnthosAuthExceptionz?Base Exception for auth issues raised by gcloud anthos surface.N)__name__ __module__ __qualname____doc__r#r!r%r%AsGr#r%ctjj|}tjj|}tjj |xs|}||fS)z=Splits full path into relative(basename) path and parent dir.)rpathnormpathbasenamedirname)r,r-rel_path parent_dirs r!RelativePkgPathFromFullPathr2EsL WW  d #( WW  h '(wwx(4H* : r#cheZdZdZfdZd dZ d dZdZdZ d dZ dZ d Z d Z xZ S)AnthosCliWrapper0Binary operation wrapper for anthoscli commands.c vdtjjdi}tt|dd|d|y)N MISSING_EXEC anthosclibinaryr: custom_errorsr*)rMISSING_BINARYformatsuperr4__init__selfkwargsr< __class__s r!r@zAnthosCliWrapper.__init__PsJ//66k6JM D*C-C;ACr#c <~d||g}|r|jd|g|S)Ngetz --patternextend)rBrepo_uri local_dest file_patternrC exec_argss r! _ParseGetArgszAnthosCliWrapper._ParseGetArgsWs-*-I \23 r#c ~d|g}|r|jd|g|r|jd|r|jd|g|r|jd|S)Nrz--repo --dry-runz --strategyz --verbose)rHappend)rB local_dirrIstrategydry_runverboserCrLs r!_ParseUpdateArgsz!AnthosCliWrapper._ParseUpdateArgs`se 9%I(+,{# h/0{# r#c ~d|gS)Ndescr*)rBrQrCs r!_ParseDescribeArgsz#AnthosCliWrapper._ParseDescribeArgsxs I r#c djtj|Dcgc]\}}dj||c}}Scc}}w)N,z{}={})joinsix iteritemsr>)rBtagsxys r! _ParseTagszAnthosCliWrapper._ParseTags|s= 88cmmD6IJ6IdaW^^Aq)6IJ KKJsA c ~|}|jds|dz }d|g}|r|jd|g|r|jd|g|r"|jd|j|g|r|jd|g|S)N/initz --descriptionz--namez--tagz--url)endswithrHra) rBrQ descriptionnamer^info_urlrC package_pathrLs r!_ParseInitArgszAnthosCliWrapper._ParseInitArgss L   %cl&I56 $'( !678*+ r#c ~dd|d|g}|S)Napplyz-f --projectr*)rB apply_dirprojectrCrLs r!_ParseApplyArgsz AnthosCliWrapper._ParseApplyArgss$ ;@I r#c j~dd|d|g}|r|jd|g|r|jd|g|S)Nexportz-crmz --locationz--output-directoryrG)rBclusterrolocation output_dirrCrLs r!_ParseExportArgsz!AnthosCliWrapper._ParseExportArgssH4+w?I h/0,j9: r#c ^|dk(r|jdi|S|dk(r|jdi|S|dk(r|jdi|S|dk(r|jdi|S|dk(r|jdi|S|dk(r|j di|St jdj|) NrFrrWrdrlrrz$Invalid Operation [{}] for anthosclir*) rMrUrXrjrprvr InvalidOperationForBinaryr>rBcommandrCs r!_ParseArgsForCommandz%AnthosCliWrapper._ParseArgsForCommands% T   )& ))( "T " " ,V ,,& $T $ $ .v ..& T *6 **' !T ! ! +F ++( "T " " ,V ,,  5 5.55g> @@r#N)NNFF)NNNN)r&r'r(r)r@rMrUrXrarjrprvr{ __classcell__rDs@r!r4r4MsR8C!% $$$ 0L "&" 4 @r#r4c tj||}d|i}t j |dS#t$r!}tdj ||d}~wwxYw)z@Generate a JSON object containing the current gcloud auth token.)allow_account_impersonation auth_tokenzjsondumps)accountr impersonated access_tokenoutputes r! GetAuthTokenrsu +..\;L lF Fd ++ + FMMq N * +++s4 AAAcheZdZdZfdZedZ ddZ d dZdZ dZ xZ S) AnthosAuthWrapperr5c vdtjjdi}tt|dd|d|y)Nr7zkubectl-anthosr9r;r*)rMISSING_AUTH_BINARYr>r?rr@rAs r!r@zAnthosAuthWrapper.__init__sL  ( ( / /7G / HM T+H}H@FHr#ctjttjj j Sr|)rExpandHomeAndVarsDEFAULT_LOGIN_CONFIG_PATHrOperatingSystemCurrentid)rBs r!default_config_pathz%AnthosAuthWrapper.default_config_paths4  " "!)";";"C"C"E"H"HI KKr#c  ~ dg}|r|jd|g|r|jd|g|r|jd|g|r|jd|g|r|jd|g|r|jdg|r|r|jd|d |g| r|jd | g| r|jd | g| r|jd g| r|jd | g|S)Nlogin --cluster --kubeconfigz--login-configz--login-config-cert--userrOz--ldap-usernamez--ldap-passwordz--preferred-authz--serverz--remote-loginz--remote-bootstraprG)rBrs kube_config login_configlogin_config_certuser ldap_user ldap_passrSpreferred_auth server_url no_browserremote_bootstraprCrLs r!_ParseLoginArgsz!AnthosAuthWrapper._ParseLoginArgss  I W-. 45(,78-/@AB $'( }%Y i):I FH*N;< J/0()*,.>?@ r#c ~dg}|jd|g|r|jd|g|r|jd|g|S)Ncreate-login-configrz--outputz --merge-fromrG)rBr output_file merge_fromrCrLs r!_ParseCreateLoginConfigArgsz-AnthosAuthWrapper._ParseCreateLoginConfigArgssT &'I nk23 K01 34 r#c 0~dg}|r|jd|g|r|jd|g|r|jd|g|r|jd|g|r|jd|g|r|jd|g|r|jd|g|r|jd |g| r|jd | g| r|jd | g| r|jd | g| r|jd | g| r|jd| g|S)Ntokenz--typerz--aws-sts-regionz --id-tokenz--access-tokenz--access-token-expiryz--refresh-tokenz --client-idz--client-secretz --idp-certificate-authority-dataz--idp-issuer-urlz--kubeconfig-pathrrG)rB token_typersaws_sts_regionid_tokenraccess_token_expiry refresh_token client_id client_secretidp_certificate_authority_dataidp_issuer_urlkubeconfig_pathrrCrLs r!_ParseTokenArgsz!AnthosAuthWrapper._ParseTokenArgss?  I*-. W-.*N;< h/0(,78/1DEF)=9: y12)=9:% -/M NP*N;<+_=> $'( r#c |dk(r|jdi|S|dk(r|jdi|S|dk(rdgS|dk(r|jdi|Stjdj |)Nrrversionrz)Invalid Operation [{}] for kubectl-anthosr*)rrrr rxr>rys r!r{z&AnthosAuthWrapper._ParseArgsForCommand:s' !T ! ! +F ++ ) ) -T - - 7 77 I [ G  !T ! ! +F ++  7 7 5 < file_pathr) all_configsrsfound_clusterss r!_GetClusterConfigrHsh//$$55w@.A 5<< [** , --    r#c(d}||||fS)z)Base64 Encode Ldap username and password.cxtjtjtj|Sr|)r\ ensure_textbase64 b64encode ensure_binary)ss r!z#_Base64EncodeLdap..Ts##//&"2"233D3DQ3G"HIr#r*)usernamepasswdencs r!_Base64EncodeLdaprRsI# XF ##r#cd}d}|jsydj||}dj||}tjdd|}tj|d }t ||S) z+Prompt User for Ldap Username and Password.Nrz5Please enter the ldap user for [{}] on cluster [{}]: z9Please enter the ldap password for [{}] on cluster [{}]: ct|dkDSNrrr_s r!rz%_GetLdapUserAndPass..ds #a&1*r#z*Error: Invalid username, please try again.) validator error_message prompt_stringct|dkDSrrrs r!rz%_GetLdapUserAndPass..hs #a&1*r#)validation_callable)IsLdapr>r PromptWithValidatorPromptPasswordr)cluster_config auth_namersrr user_message pass_messages r!_GetLdapUserAndPassrXs))    ++16)W+E++16)W+E,,$@ ")''(<>) 9i 00r#c|sytjj|}|jdk(xs|jdk(}|rt j ||xsd}|j tjjk7r/tdj|j |j||j|fStj|}tj|}|||fS)aParses config input to determine whether URL or File logic should execute. Determines whether the cluster_config is a file or URL. If it's a URL, it then pulls the contents of the file using a GET request. If it's a file, then it expands the file path and returns its contents. Args: cluster_config: str, A file path or URL for the login-config. certificate_file: str, Optional file path to the CA certificate to use with the GET request to the URL. Raises: AnthosAuthException: If the data could not be pulled from the URL. Returns: parsed_config_fileOrURL, config_contents, and is_url parsed_config_fileOrURL: str, returns either the URL that was passed or an expanded file path if a file was passed. config_contents: str, returns the contents of the file or URL. is_url: bool, True if the provided cluster_config input was a URL. NNNhttphttpsT)verifyzIRequest to login-config URL failed withresponse code [{}] and text [{}]: )rparseurlparseschemerequestsrF status_codecodesokr%r>textrExpandLocalDirAndVersionrReadFileContents)rcertificate_file config_urlis_urlresponseexpanded_config_pathcontentss r! GetFileOrURLrls.  ||$$^4*    & F**;*;w*F& ||N3C3KtLHx~~000 !EEKV$,$8$8(--FI JJ 8==& 0077G  # #$8 9( x //r#cl|r|syd}|rB|stdj|tj|tj}n&tj||tj}t ||} |j }|r|r|j}|stdj|t|dk(r|j}nJdj|} d } |r|r|s| | j|z} tj|| d } || }tjj!d j||j#||r|s|j%t'|||\} } || | fS#t$rd}Ytj$rYywxYw) z.Get preferredAuthentication value for cluster.rNz-Config contents were not passed with URL [{}]) file_contents item_type)rrrz)No Authentication Providers found in [{}]rzCPlease select your preferred authentication option for cluster [{}]zN. Note: This will overwrite current preferred auth method [{}] in config file.T)message cancel_optionz/Setting Preferred Authentication option to [{}])r%r>rYamlConfigFilerrGetPreferredAuthKeyErrorYamlConfigObjectFieldErrorGetAuthProvidersrrr PromptChoicer statusPrintSetPreferredAuth WriteToDiskr)rsrconfig_contents force_updaterconfigsr auth_method providersprompt_messageoverride_warningindexrrs r!GetPreferredAuthForClusterrs l  '   9 @ @ N PP))%1O1OQG))%002G %Wg6. 113K  //1I   5 < <\ J LL 9~MMOk++16'?8 f'*:*A*A+*NN%% ^4Aee$kJJ9@@MO##K0F ,^[-46)Y i **E K  0 0 s?F F3F32F3c|jr)tjj|j|jr)tjj|j|j r=tj tjj|jy|s-tjjtj|jS)zHandle Login Responses.N) stdoutr r r stderrfailedrrLOGIN_CONFIG_FAILED_MESSAGEr>LOGIN_CONFIG_SUCCESS_MESSAGE)rlist_clusters_onlys r!LoginResponseHandlerrs __JJX__% __JJX__% __IIh2299(//JK  JJX::; r#r)F)T)NFF)7r) __future__rrrrrrr!googlecloudsdk.command_lib.anthosr(googlecloudsdk.command_lib.anthos.commonrr&googlecloudsdk.command_lib.util.anthosr googlecloudsdk.corer c_exceptr googlecloudsdk.core.consoler googlecloudsdk.core.credentialsr rgooglecloudsdk.core.utilrrrr\ six.movesrrrLINUXrMACOSXWINDOWSr,r[rr"Errorr%r2StreamingBinaryBackedOperationr4rrrrrrrrr*r#r!r.s6O&' 3A=D6#2<*. )62##&&< $$''H %%((  [(H1 3   H(..Hm@(GGm@` ,yG)HHyGx$ 1((0Z04,1&+ >+B r#