dZddlmZddlmZddlmZddlZddlZddlZddlZddl m Z ddl m Z ddl mZdd l mZdd lmZdd lmZdd lmZddlm Zdd lmZddlmZddlm Z ddlm!Z"ddl#m$Z$ddl#m%Z%ddl&m'Z'ddl&m!Z(ddl&mZddl)mZ*ddl+m,Z,ddl+m-Z-ddl+m.Z.ddl/m0Z0ddl!Z!ddl1Z1ddl2m3Z3dZ4dZ5dZ6dZ7dZ8dZ9dZ:d Z;d!Zd$Z?d%Z@d&ZAd'ZBd(ZCd)ZDd*ZEd+ZFd,ZGd-ZHd.ZId/ZJd0ZKd1ZLd2ZMd3ZNd4ZOd5ZPd6ZQd7ZRd8ZSd9ZTd:ZUd;ZVd<ZWd=ZXd>ZYdNd?ZZd@Z[dAZ\dBZ]dCZ^dDZ_dEZ`dFZadGZbGdHdIecZdGdJdKecZeGdLdMecZfy)Oz Utility for handling SBOM files.)absolute_import)division)unicode_literalsN)encoding) exceptions) docker_creds) docker_name) docker_http) docker_image)docker_image_list)base)util) filter_util)requests) storage_api) storage_util) docker_util)log) resources) transports)files)urllibspdx cyclonedxzRThe file is not in a supported SBOM format. Only spdx and cyclonedx are supported.zapplication/vnd.in-toto+jsonz!https://in-toto.io/Statement/v0.1z+https://bcid.corp.google.com/reference/v0.1zapplication/spdx+jsonzapplication/jsonzapplication/vnd.cyclonedx+jsonz>https://containeranalysis.googleapis.com/ArtifactAnalysis@v0.1z spdx.jsonjsonzbom.json$abcdefghijklmnopqrstuvwxyz0123456789zregistry.hub.docker.comlibraryhttphttpsartifactregistrygcrotherc|d}d}t|tjr)tjd|}||j d}|s$t jdj|tt|S)Retrieves version from the given SBOM dict. Args: data: Parsed json content of an SBOM file. Raises: ar_exceptions.InvalidInputValueError: If the sbom format is not supported. Returns: A SbomFile object with metadata of the given sbom. spdxVersionNz^SPDX-([0-9]+[.][0-9]+)$zUnable to read spdxVersion {0}. sbom_formatversion) isinstancesix string_typesrematchgroup ar_exceptionsInvalidInputValueErrorformatSbomFile_SBOM_FORMAT_SPDX)data spdx_versionr*rs 5lib/googlecloudsdk/command_lib/artifacts/sbom_util.py _ParseSpdxr:Yszm$, ' c../ ,l;A} g   . .)00>  / AAcXd|vrtjdd}t|dtjr+t j d|d}||j}|s5tjdj|djtt|S)r% specVersionz1Unable to find specVersion in the CycloneDX file.Nz^[0-9]+[.][0-9]+$zUnable to read specVersion {0}.r() r1r2r+r,r-r.r/r0r3__str__r4_SBOM_FORMAT_CYCLONEDX)r6r*r8s r9_ParseCycloneDxr@ss$  . .;  ']#S%5%56 %tM':;A} g   . .)00m1D1L1L1NO  4g FFr;c tj|}tj|}d|vr t|}n9|jddk(r t|}nt j ttjtj|j!}||j"d<|S#t$r}t j d|d}~wtj$r}t j d|d}~wwxYw)a#Retrieves information about a docker image based on the fully-qualified name. Args: file_path: str, The sbom file location. Raises: ar_exceptions.InvalidInputValueError: If the sbom format is not supported. Returns: An SbomFile object with metadata of the given sbom. z!The file is not a valid JSON fileNzFailed to read the sbom filer& bomFormat CycloneDXsha256)rReadFileContentsrloads ValueErrorr1r2Errorr:getr@_UNSUPPORTED_SBOM_FORMAT_ERRORhashlibrDr, ensure_binary hexdigestdigests) file_pathcontentr6eres sha256_digests r9 ParseJsonSbomrTs $$Y/G ::g Dd T C xx  + $ C  . ./M NN..!2!27!;<FFH-'#++h *#   . .+Q    . .& s#*B<< D CD 1DD ctj|\}}|j}d|jj ddi}t |j |j|j|ttS)zRetrieves metadata from the given AR docker image. Args: uri: Uri of the AR docker image. Raises: ar_exceptions.InvalidInputValueError: If the uri is invalid. Returns: An Artifact object with metadata of the given artifact. rDsha256: resource_uriprojectlocationrN artifact_typescheme) rDockerUrlToVersion docker_repodigestreplaceArtifactGetDockerStringrZr[ARTIFACT_TYPE_AR_IMAGE_REGISTRY_SCHEME_HTTPS)uriimagedocker_versionreporNs r9_GetARDockerImagerjsq&88=%   $ ~,,44YC D' !113ll}}* #  r;c ddddd} tj|}d}d}t jtj|}|r%||jd}|jd}t jtj|}|r6||jd}|jdjd d d }|r|stjd t|j||d |jjddit t"S#tj$r)}tjdj |d}~wwxYw)zRetrieves information about the given GCR image. Args: uri: str, The artifact uri. Raises: ar_exceptions.InvalidInputValueError: If the uri is invalid. Returns: An Artifact object with metadata of the given artifact. useuropeasia)z us.gcr.iozgcr.ioz eu.gcr.ioz asia.gcr.ioz-Failed to resolve digest of the GCR image: {}NrirZ/:r'z8Failed to parse project and location from the GCR image.rDrVrWrX)gcr_utilGetDigestFromNameInvalidImageNameErrorr1r2r3r.r/rGCR_DOCKER_REPO_REGEXr0#GCR_DOCKER_DOMAIN_SCOPED_REPO_REGEXrarbr>r`ARTIFACT_TYPE_GCR_IMAGEre)rf location_map docker_digestrQrZr[matchess r9 _GetGCRImagerzsQ ,..s3M ' ( HH[66 <' GMM&12HmmI&G HH[DDc J' GMM&12HmmI&..sC;G   . .B   ((*--55iDE+ #  %  ' '  . .7>>qA sD%%E!8$EE!ctjtj|t j 5}|j r|jcdddS dddtjtj|t j tj5}|j r|jcdddS dddy#1swYxYw#1swYyxYw)a Returns Digest of the given Docker image. Lookup registry to get the manifest's digest. If it returns a list of manifests, will return the first one. Args: image: docker_name.Tag or docker_name.Digest, Docker image. Returns: An str for the digest. ) basic_credsname transportN)r|r}r~accepted_mimes) v2_2_image_list FromRegistryr AnonymousrGetApitoolsTransportexistsr` v2_2_imagev2_2_docker_httpSUPPORTED_MANIFEST_MIMES)rg manifest_listv2_2_imgs r9_ResolveDockerImageDigestrs##((* //1  ! ! #   ((* //1%>>   __  s C/; C;%C;/C8;Dc  tj|}t|tjr1t |d|j j dditdddS |}d|vr|dz}tj| }tj|j } t#|}|s$tjd j|d j|j |j.| }t |d|j dditdd|S#tjf$r3}tjdj|t|d}~wwxYw#tj$t&j(j*tj,f$r3}tjdj|t|d}~wwxYw) a:Retrieves information about the given docker image. Args: uri: str, The artifact uri. Raises: ar_exceptions.InvalidInputValueError: If the artifact is with tag, and it can not be resolved by querying the docker http APIs. Returns: An Artifact object with metadata of the given artifact. rDrVrWNrYrNr\rZr[r]zFailed to resolve {0}: {1}rpz:latestr}zFailed to resolve {0}.z{registry}/{repo}@{digest})registryrir`)r from_stringr+Digestrbr`raARTIFACT_TYPE_OTHERBadNameExceptionr1r2r3strTagrSchemerrV2DiagnosticExceptionrr InvalidURLBadStateException repository)rf image_digestrQ image_uri image_tagr]r`rYs r9_GetDockerImagers**3/L, 2 23 \0088BGH+ 4)^iIoo9-)  " "9#5#5 6&  &y 1F   . . '', .44!! (<(? +  s A B# 8BB#B#cD|j|r|t|dS|SN) startswithlenvalueprefixs r9 _RemovePrefixr}s& f V  ,r;c2|j|s||z}|Sr)rrs r9 _EnsurePrefixrs   & ! UNE ,r;c||j}|j}|j}|r|s|s|r|rtjdt j jdg}tj|}|rt j jdgjdj|}ttj||jd}|sgSt!d|D}|j#||rt%|d} dj| | g} t'| } | | j(k7r*| dj| j(| j(gz} | j*r*tj,| j*|j.}|j#| |r.t%|d} |j;dj| | g|r%tj<||j?} n/tj||j|j@} |r tC| S| Dcgc]}tE|ic}S#tjt0j2f$r#t4j6j9d YwxYwcc}w) z~Lists SBOM references in a given project. Args: args: User input arguments. Returns: List of SBOM references. zYCannot specify more than one of the flags --dependency, --resource and --resource-prefix.SBOM_REFERENCEPACKAGEzz%ListSbomReferences..sP|Dcgc] }t|c}Scc}wr)_VerifyGCSObject)rrs r9rrs +/ 04C 3 4 00 0sctj}tjj |j j jj}i} |j|d|d<t%||S#tj$rd|d<Y&tj$r4}tj|j}|dd|d<Yd}~gd}~wt $r}t#||d<Yd}~d}~wwxYw)zVerify the existence and the content of a GCS SBOM file object. Args: occ: SBOM reference occurrence. Returns: An SbomReference object with the input occurrence and SBOM file information. TrFerrormessageerr_msgN)r StorageClientrObjectReferenceFromUrl sbomReferencepayload predicater[ GetObjectapitools_exceptionsHttpNotFoundError HttpErrorrrFrP Exceptionrr)r gcs_clientobj_ref file_inforQmsgs r9rrs((**  ( ( 0 0 ))22 ') !Ih sI &&  . . Ih  & &3 **QYY Cw< 2Ii "q6Ii"s*BDD-*C D(C;;Dc&dj||S)Nzartifactanalysis-{0}-{1})r3) project_numr[s r9_DefaultGCSBucketNamers # * *8[ AAr;c  tjjd|idd}|jj dd}dj d i|j ddj d|||jd S) Nrf.-z;gs://{storage_path}/{uri_encoded}/sbom/user-{version}.{ext}zgs://rWro) storage_path uri_encodedr*ext)rparse urlencoder*rar3rstrip GetExtension)rrYsbomrr*s r9_GetSbomGCSPathrs &&|'<=abA+ LL c *' O G O O &..w;BB3G$""$   r;c <tj}|j|}|D](}tjdj |j |j j|sN|jjdk(r/tjdj |j |jj|jk7rXtjdj |j |jj|j|j cS|dz}ttD]}|tjtz} |j!|||dd |j#| }|j$rt'j(|j$ni}d |d <t'j*||j,j.j0|_|j,j3|| } |j4j6j9| |S#t:$r0} tj<d j || Yd} ~ |Sd} ~ wwxYw)aFind an appropriate default bucket to store the SBOM file. Find a bucket with the same prefix same as the default bucket in the project. If no bucket could be found, will start to create a new bucket by concatenating the default bucket name and a random suffix. Args: default_bucket: str, targeting default bucket name for the resource. project_id: str, project we will use to store the SBOM. location: str, location we will use to store the SBOM. Returns: bucket_name: str, name of the prepared bucket. rZzVerifying bucket {}z dual-regionzSkipping dual region bucket {}z4The bucket {0} has location {1} is not matching {2}.rT)bucketrZr[check_ownershipenable_uniform_level_accessrartifact-analysisgoog-managed-byrbucketResource%Failed to add labels to bucket {}: {}N)rr ListBucketsrrr3r}r locationTypelowerr[range_BUCKET_SUFFIX_LENGTHrandomchoice_BUCKET_NAME_CHARSCreateBucketIfNotExists GetBucketlabelsr MessageToDict DictToMessagemessagesBucket LabelsValueStorageBucketsPatchRequestclientbucketsPatchrwarning) default_bucket project_idr[rrr bucket_name_ labels_dictrequestrQs r9_FindAvailableGCSBucketr$#s3((**  " ": " 6'fII#**6;;78 ;; ! !. 1   "m3 ii077 DE (.."22 ii @ G Gkk6??002HNN4D   ;;"$+ & 'a .@ AAK ( $$ "& %P  ! ! ! 5F;A==(((7bK%8K!"**Z((//;;FM!!<<=G##G,  PKK7>>{ANOO Ps!B?I"" J+%JJctj}|rt||j|}nnt j |j }|j }|j}|dk(rd}t||} | } d} |j| ||d |j| } | jrtj| jni} d| d<tj| |jj j"| _ |jj%| | }|j&j(j+|| r t=| ||} t/j6dj3| t| |j|}t>j@jC|}|jE|||S#t,$r/}t/j0d j3| |Yd }~d }~wwxYw#tj4$rt/j6d d} Yt8j:$rt/j6d d} YwxYw)aUpload an SBOM file onto the GCS bucket in the given project and location. Args: source: str, the SBOM file location. artifact: Artifact, the artifact metadata SBOM file generated from. sbom: SbomFile, metadata of the SBOM file. gcs_path: str, the GCS location for the SBOm file. If not provided, will use the default bucket path of the artifact. Returns: dest: str, the GCS storage path the file is copied to. rmeuFT)rrZr[rrrrrrNz)The default bucket is in a wrong project.z&The default bucket cannot be accessed.zUsing bucket: {})#rrrrY project_utilGetProjectNumberrZr[rrrrrrrrrrrrrrrrrr3BucketInWrongProjectErrorrrHttpForbiddenErrorr$rrr CopyFileToGCS)sourcerrgcs_pathrdestrbucket_projectbucket_locationrr use_backup_bucketrr"r#rQ target_refs r9UploadSbomToGCSr3as:((** 8X%:%:D AD//0@0@AK%%N''O("o*;HN K%(( " )  %%[%95;]]H " "6== 1 *= %& .. ,,33??  %%@@!A  !!''0"+ ./kII '' 45 ;(=(=t DD++33D9* 6:. +5  3 : :; J     0 0 ii;<  1 1 ii89 s=?H B?G H %H?H H  H *I%8)I%$I%cBtj}tj}t|j|j }t jjd||j} |j|}|jj|}tj d j#||S#tj$rtj dj#||j%|j|j }|j'|j&j(j*|} |j-dj#||| } |jj| }YwxYw) zCreate the SBOM reference note if not exists. Args: project_id: str, the project we will use to create the note. sbom: SbomFile, metadata of the SBOM file. Returns: A Note object for the targeting SBOM reference note. z containeranalysis.projects.notes) collection projectsIdnotesIdrz"Note not found. Creating note {0}.)r3r*)kindrprojects/{project}r)parentnoteIdnotezget note results: {0})r GetClient GetMessages_GetReferenceNoteIDr)r*rREGISTRYCreate RelativeName(ContaineranalysisProjectsNotesGetRequestprojects_notesGetrrrrr3SBOMReferenceNoteNoteKindValueValuesEnumr+ContaineranalysisProjectsNotesCreateRequest) rrrrnote_idr} get_requestr<sbom_referencenew_notecreate_requests r9_CreateSbomRefNoteIfNotExistsrOsx  "&  $ $ &(  0 0$,, ?'    " "3 # LN  8CCCNK  $ $[ 1D")) # * *4 01 +#  . .8II299$?@//0N}} ]] . . = =$HII#**:*> JN  ' ' 7D8s:-C CFFctj}|jj}|jj D]E\}}|j j|jjj||G|j|||jt}|jtt|} |jj} |jj D]E\}}| j j|jjj||G|j| |j} | j j| |j#| t$} |j'| |j(|j+} | S)ahCreate the SBOM reference note if not exists. Args: artifact: Artifact, the artifact metadata SBOM file generated from. sbom: SbomFile, metadata of the SBOM file. note: Note, the Note object we will use to attach occurrence. storage: str, the path that SBOM is stored remotely. Returns: An Occurrence object for the SBOM reference. )keyr)r`r[mimeType referrerId) predicateType_typer)r`r})r payloadType)rnoteNamer)rr>SbomReferenceIntotoPredicate DigestValuerNitemsadditionalPropertiesappendAdditionalProperty GetMimeType_SBOM_REFERENCE_REFERRERIDSbomReferenceIntotoPayload_SBOM_REFERENCE_PREDICATE_TYPE_SBOM_REFERENCE_TARGET_TYPESubjectrYsubjectSBOMReferenceOccurrence_SBOM_REFERENCE_PAYLOAD_TYPE Occurrencer}GetOccurrenceResourceUri)rrr<storager sbom_digsetskvrrartifact_digests sbom_subjectref_occrs r9_GenerateSbomRefOccurrencerps $ $ &(66BBD,ll  "da%%,,--99LL M #33 !+ 4)  / /2 ' 0 ' %%113$$&da))00$$77 8 '!! H$9$9", //&  , ,. - ' yy335  # *r;cJ|jdd}dj||S)Nrrz sbom-{0}-{1})rar3)r) sbom_versionsbom_version_encodeds r9r?r?s)%--c37   {,@ AAr;ctj}|j|jg|j dgt |j |j}t|jddkDr|jdd}|jdj|||jS)Nrror'rz$noteId="{0}" AND noteProjectId="{1}") rrrrhrr?r)r*rsplitrr3r)rrrfrJs r9$_GenerateSbomRefOccurrenceListFilterrws))+!//844678++ !  0 0$,, ?'  # !#!!#&q)J,33GZH r;cVdt||jdt||fzS)aCreates DSSEv1 Pre-Authentication encoding for given type and payload. Args: payload_type: str, the SBOM reference payload type. payload: bytes, the serialized SBOM reference payload. Returns: A bytes of DSSEv1 Pre-Authentication encoding. sDSSEv1 %d %b %d %bzutf-8)rencode) payload_typers r9_PAEr{,s6  ,'" 'l " r;ctjtj|jj }t |jj|}tj}tj}|j||j|}|jj|}tj }|j#||j$} |j'||jj| g|_|jj*j-| |S)a Add signatures in reference occurrence by using the given kms key. Args: occ: Occurrence, the SBOM reference occurrence object we want to sign. kms_key_version: str, a kms key used to sign the reference occurrence. Returns: An Occurrence object with signatures added. )r6)r}asymmetricSignRequest)keyidsig)rrV signatures)r,rLr MessageToJsonrrr{rV cloudkms_baseGetClientInstanceGetMessagesModuleQCloudkmsProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricSignRequestAsymmetricSignRequest8projects_locations_keyRings_cryptoKeys_cryptoKeyVersionsAsymmetricSignrr>EnvelopeSignature signatureEnvelopeenveloperr\) rkms_key_version payload_bytesr6 kms_client kms_messagesreqresprevelope_signatures r9_SignSbomRefOccurrencePayloadr?s+##S..667- c++] ;$..0*002,ff (>>D>I g #  L L [ [  $ $ $ &(00 1""##//#$##, %%&78 *r;cBt||}t||||}|r t||}t|||}t j dj |tj}tj} tj||d} t j dj | d} | D]} | } n| rht j dj | j| j| j|d} |jj| }n>| j|dj | } |jj!| }t j d j ||jS) aWrite the reference occurrence to link the artifact and the SBOM. Args: artifact: Artifact, the artifact metadata SBOM file generated from. project_id: str, the project_id where we will use to store the Occurrence. storage: str, the path that SBOM is stored remotely. sbom: SbomFile, metadata of the SBOM file. kms_key_version: str, the kms key to sign the reference occurrence payload. Returns: A str for occurrence ID. z#listing occurrence with filter {0}.Nzlist successfully: {}zupdating occurrence {0}.zsbom_reference,envelope)r} occurrence updateMaskr9r)rr:zUsed occurrence: {0}.)rOrprrwrrr3rr=r>rr}0ContaineranalysisProjectsOccurrencesPatchRequestprojects_occurrencesr1ContaineranalysisProjectsOccurrencesCreateRequestrA)rrrirrr<rrvrrrold_occrr#s r9WriteReferenceOccurrencergsw 'z4 8$ #8T4A# '_ =C+8T:F!)) 1 8 8 ;<  "&  $ $ &(  $ $ZD 9$)) # * *4 01 ' aG    II(// =>GG \\,HG  % % + +G 4CHH#**:*>IG  % % , ,W 5C)) # * *3 /0 /r;c|jstjdt|jd}t j |r t |}nt j|rt|}tj}tj|j}|j|jjj k7r9tjdtjdj#|t%j&|}|jr |j}t%j(||j*}t-j.|dj#|j0}t2j4j7dj#|j0|j8y)zSExport SBOM files for a given AR image. Args: args: User input arguments. z--uri is required.rzyThis command only supports Artifact Registry. You can enable redirection to use gcr.io repositories in Artifact Registry.z%{} is not an Artifact Registry image.rzDExporting the SBOM file for resource {}. Discovery occurrence ID: {}N)rfr1r2rrrrjrrz ar_requestsr>GetProjectSettingsrZlegacyRedirectionStateProjectSettings%LegacyRedirectionStateValueValuesEnumREDIRECTION_FROM_GCR_IO_ENABLEDr3rrrr[rExportSbomV1beta1rYrrrdiscoveryOccurrenceId)rrfrrsettingsrZr:rs r9 ExportSbomrsz   . .  dhh +#  % %Hc"C H&&(H--h.>.>?H''  # # I I i i j  0 0 J   . ./66s;  OOD !' G >>'4== 1&  & & l!!("7"78 $**L v     $ $r;c6eZdZdZdZedZedZy)rzHolder for SBOM reference. Properties: occ: SBOM reference occurrence. file_info: Information of GCS object SBOM file. c ||_||_yr)_occ _file_info)selfrrs r9__init__zSbomReference.__init__sDIDOr;c|jSr)rrs r9rzSbomReference.occs 99r;c|jSr)rrs r9rzSbomReference.file_infos ??r;N)__name__ __module__ __qualname____doc__rpropertyrrrr;r9rrs4     r;rcReZdZdZdZdZdZedZedZ edZ y) r4zHolder for SBOM file's metadata. Properties: sbom_format: Data format of the SBOM file. version: Version of the SBOM format. digests: A dictionary of digests, where key is the algorithm. c>||_||_t|_yr) _sbom_format_versiondict_digests)rr)r*s r9rzSbomFile.__init__s#DDMFDMr;cr|jtk(rtS|jtk(rtSt Sr)rr5_SBOM_REFERENCE_SPDX_MIME_TYPEr?#_SBOM_REFERENCE_CYCLONEDX_MIME_TYPE!_SBOM_REFERENCE_DEFAULT_MIME_TYPErs r9r^zSbomFile.GetMimeType2 -- ++ 22 00 ,,r;cr|jtk(rtS|jtk(rtSt Sr)rr5_SBOM_REFERENCE_SPDX_EXTENSIONr?#_SBOM_REFERENCE_CYCLONEDX_EXTENSION!_SBOM_REFERENCE_DEFAULT_EXTENSIONrs r9rzSbomFile.GetExtensionrr;c|jSrrrs r9rNzSbomFile.digests ==r;c|jSr)rrs r9r)zSbomFile.sbom_formats   r;c|jSr)rrs r9r*zSbomFile.versionrr;N) rrrrrr^rrrNr)r*rr;r9r4r4sR --      r;r4cleZdZdZdZedZedZedZedZ edZ dZ y ) rba{Holder for Artifact's metadata. Properties: resource_uri: str, Uri will be used when storing as a reference occurrence. project: str, Project of the artifact. location: str, Location of the artifact. digests: A dictionary of digests, where key is the algorithm. artifact_type: str, Type of the provided artifact. scheme: str, Scheme of the registry. cX||_||_||_||_||_||_yr) _resource_uri_project _locationr_artifact_type_scheme)rrYrZr[rNr\r]s r9rzArtifact.__init__s0&DDMDNDM'DDLr;c|jSr)rrs r9rYzArtifact.resource_uri s   r;c|jSr)rrs r9rZzArtifact.project$rr;c|jSr)rrs r9r[zArtifact.location(s >>r;c|jSrrrs r9rNzArtifact.digests,rr;c|jSr)rrs r9r\zArtifact.artifact_type0s   r;c|j |jSdj|j|jS)Nz{scheme}://{uri})r]rf)rrYr3rs r9rhz!Artifact.GetOccurrenceResourceUri4s8 ||     $ $DLLd>O>O $ PPr;N) rrrrrrrYrZr[rNr\rhrr;r9rbrb sv           Qr;rbr)gr __future__rrrrKrrr.apitools.base.pyrrrcontainerregistry.clientrr containerregistry.client.v2_2r rr rr r googlecloudsdk.api_lib.artifactsr1googlecloudsdk.api_lib.cloudkmsr r'googlecloudsdk.api_lib.container.imagesrrq(googlecloudsdk.api_lib.containeranalysisrrrgooglecloudsdk.api_lib.storagerr$googlecloudsdk.command_lib.artifactsrr#googlecloudsdk.command_lib.projectsr'googlecloudsdk.corerrrgooglecloudsdk.core.utilrr, six.movesrr5r?rJrfrbrarrrr_rrrrr _DEFAULT_DOCKER_REGISTRY_DEFAULT_DOCKER_REPOSITORY_REGISTRY_SCHEME_HTTPrerdrvrr:r@rTrjrzrrrrrrrrrrr$r3rOrpr?rwr{rrrobjectrr4rbrr;r9rs'&' %>10IDNHAD@L67<H5D#)** $/ >A6"9$6!&F#D"-$*!&0#;4& +B4G:zB  `2F1'DB ;|M`(V: zB &% P5p*ZF*&v&R-Qv-Qr;