ndZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z d Z d Zd Zy ) zBUtility function for OS Config Troubleshooter to service accounts.)absolute_import)division)unicode_literals) exceptions) projects_api)utils)utilcZdjtj|}d|zdzS)N2service-{}@gcp-sa-osconfig.iam.gserviceaccount.coma%No No OS Config service account is present and enabled for this instance. To create an OS Config service account for this instance, visit https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#createanewserviceaccount to create a service account of the name zf, grant it the "Cloud OS Config Service Agent" IAM role, then disable and re-enable the OS Config API.)formatr GetProjectNumber) project_idservice_accounts Plib/googlecloudsdk/command_lib/compute/os_config/troubleshoot/service_account.py_FailEnablementMessagersAHOO J')/25D DG% %cd}|js|dz }tjd|S|dz }tjd|S)z8Checks whether a service account exists on the instance.z0> Is a service account present on the instance? zNo No service account is present on the instance. Visit https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances on how to create a service account for an instance.FYesT)serviceAccountsrResponse)instanceresponse_messages rCheckExistencer)sRG  ! ! ?  >>%!1 22e . //rcd}d}d}tj|j} tj|}|jD]}|jdk(s|jsnttj|j}|jD]'}||vs|dz }d}tj||ccSdj|} |d| zz }tj||cS|t!|jz }tj||S#t j $r8}|tj|z }tj||cYd}~Sd}~wwxYw) z=Checks whether there is an enabled OS Config service account.z>> Is the OS Config Service account present for this instance? FNzroles/osconfig.serviceAgentrTr z|Yes However, the service account name does not contain a matching project number. The service account should be of the name )r ParseProjectnamer GetIamPolicyr HttpErrorrUnknownMessagerbindingsrolemembersstrr r r) projectr continue_flag iam_policy project_refebindingproject_numbermemberrs rCheckEnablementr,8sj#-*!!',,/+;**;7J $$g||44 __ T227<<@AooF v %  %  M>>-1AB B & OUU >APP Q~~m-=>>#%&,W\\::  '7 881   ;,,Q// >>-)9 ::;sD''E2:-E-'E2-E2N)__doc__ __future__rrrapitools.base.pyr+googlecloudsdk.api_lib.cloudresourcemanagerr9googlecloudsdk.command_lib.compute.os_config.troubleshootr#googlecloudsdk.command_lib.projectsr rrr,rrr4s/I&''DK4  0#9r