G<dZddlmZddlmZddlmZddlZddlmZmZddl m Z ddl m Z dd l m Z dd lmZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlmZddlmZej<ddddZdZ dZ!GddZ"GddZ#y)z)Functions to add flags in fleet commands.)absolute_import)division)unicode_literalsN)IteratorList)messages)types)util) arg_parsers)base) exceptions)parser_arguments)parser_extensions)concepts)errors) arg_utils)concept_parsers) resourcesz--all-memberships store_constTzAll memberships in the fleet.)actionconsthelpz8projects/([^/]+)/platforms/gke/policies/([a-zA-Z0-9_-]+)z1Cannot specify --{opt} without --{prerequisite}. ceZdZdZdej fdZedZede e fdZ ede fdZ ede jfdZd Zd Zd Zd ej fd Zdej fdZdej fdZd ej fdZdej fdZdej fdZd ej fdZdZdZdZdZy) FleetFlagsz'Add flags to the fleet command surface.parserc||_yN_parser)selfrs 7lib/googlecloudsdk/command_lib/container/fleet/flags.py__init__zFleetFlags.__init__>s DLc|jSrrr s r!rzFleetFlags.parserDs <<r#returnc.|jjS)a3Returns the command name. This provides information on the command track, command group, and the action. Returns: A list of command, for `gcloud alpha container fleet operations describe`, it returns `['gcloud', 'alpha', 'container', 'fleet', 'operations', 'describe']`. )r command_namer%s r!r(zFleetFlags.command_nameHs ;; # ##r#c |jdS)N)r(r%s r!rzFleetFlags.actionVs   R  r#c|jddk(rtjjS|jddk(rtjjStjj S)z6Returns the release track from the given command name.alphabeta)r(r ReleaseTrackALPHABETAGAr%s r! release_trackzFleetFlags.release_trackZs` w&    $ $$  1  '    # ##    ! !!r#cVtjj|jyr)r ASYNC_FLAG AddToParserrr%s r!AddAsynczFleetFlags.AddAsyncdsOO ,r#cH|jjdtdy)Nz--display-namezcDisplay name of the fleet to be created (optional). 4-30 characters, alphanumeric and [ '"!-] only.)typerr add_argumentstrr%s r!AddDisplayNamezFleetFlags.AddDisplayNamegs$KK  : r#c|jjd}|j||j||j |y)Nz9Default cluster configurations to apply across the fleet.r)r add_group_AddSecurityPostureConfig_AddBinaryAuthorizationConfig_AddCompliancePostureConfig)r default_cluster_config_groups r!AddDefaultClusterConfigz"FleetFlags.AddDefaultClusterConfigqsN#';;#8#8 H$9$  ""#?@&&'CD$$%ABr#rDcl|jd}|j||j|y)NzSecurity posture config.r?)r@_AddSecurityPostureMode%_AddWorkloadVulnerabilityScanningMode)r rDsecurity_posture_config_groups r!rAz$FleetFlags._AddSecurityPostureConfigys?%A$J$J '%K%!   !>?../LMr#rIcX|jdgddtjdy)N--security-posturedisabledstandard enterprisez To apply standard security posture to clusters in the fleet, $ {command} --security-posture=standard choicesdefaultrr;textwrapdedentr rIs r!rGz"FleetFlags._AddSecurityPostureModes1"..6 __ / r#cX|jdgddtjdy)N!--workload-vulnerability-scanningrLz To apply standard vulnerability scanning to clusters in the fleet, $ {command} --workload-vulnerability-scanning=standard rPrSrVs r!rHz0FleetFlags._AddWorkloadVulnerabilityScanningModes1"..+6 __ / r#cl|jd}|j||j|y)NzBinary Authorization config.r?)r@_AddBinauthzEvaluationMode_AddBinauthzPolicyBindings)r rD!binary_authorization_config_groups r!rBz(FleetFlags._AddBinaryAuthorizationConfigs?)E(N(N +)O)% ##$EF##$EFr#r\c \|jdddgddtjdy)N--binauthz-evaluation-moderMpolicy-bindingscB|jddjS)N_-)replacelower)xs r!z7FleetFlags._AddBinauthzEvaluationMode..sqyyc*002r#z Configure binary authorization mode for clusters to onboard the fleet, $ {command} --binauthz-evaluation-mode=policy-bindings )rQr9rRrrS)r r\s r!rZz%FleetFlags._AddBinauthzEvaluationModes<&22$./3 __3 r#c tjtd}|jddddt j dtj d|idgd y) NzsGKE policy resource names have the following format: `projects/{project_number}/platforms/gke/policies/{policy_id}`--binauthz-policy-bindingsappendzname=BINAUTHZ_POLICYz The relative resource name of the Binary Authorization policy to audit and/or enforce. GKE policies have the following format: `projects/{project_number}/platforms/gke/policies/{policy_id}`.namer,)spec required_keys max_length)rRrmetavarrr9)r RegexpValidator_BINAUTHZ_GKE_POLICY_REGEXr;rTrUArgDict)r r\platform_policy_types r!r[z%FleetFlags._AddBinauthzPolicyBindingssw'66" I &22$& __MN ,"(  3r#c |jdd}|jdddgddtjd  |jd t j dd tjd y)z'Add compliance (posture) configuration.zCompliance configuration.T)rhiddenz --complianceenabledrMNzcompliance=MODEz To enable compliance for clusters in the fleet, $ {command} --compliance=enabled To disable compliance for clusters in the fleet, $ {command} --compliance=disabled )rQrRrnrz--compliance-standardszcompliance-standards=STANDARDSz To configure compliance standards for clusters in the fleet supply a comma-delimited list: $ {command} --compliance-standards=standard-1,standard-2 If this flag is supplied, it cannot be empty. )r9rRrnr)r@r;rTrUr ArgList)r rDcompliance_posture_config_groups r!rCz&FleetFlags._AddCompliancePostureConfigs'C&L&L ('M'#$00J'! __   1 $00  "0 __ 1 r#ctjddtj|j|j tj S)Nz$gkehub.projects.locations.operations operation) resource_name api_version locationsId projectsId)r ResourceSpecr VERSION_MAPr3_LocationAttributeConfig DEFAULT_PROJECT_ATTRIBUTE_CONFIGr%s r!_OperationResourceSpecz!FleetFlags._OperationResourceSpecsD  .!$$T%7%78113<<  r#ctjjd|jdj |j dj |j|jjdy)Nryzoperation to {}.T) group_helprequiredglobal)location) r ConceptParser ForResourcerformatrr6r set_defaultsr%s r!AddOperationResourceArgz"FleetFlags.AddOperationResourceArgsd!!-- ##%%,,T[[9 . k$++KKh/r#c0tjddS)z.Gets Google Cloud location resource attribute.rz)Google Cloud location for the {resource}.)rj help_text)r ResourceParameterAttributeConfigr%s r!rz#FleetFlags._LocationAttributeConfigs  4 4 = r#cJ|jjdtddy)Nz --locationzThe location name.rb)r9rrRr:r%s r! AddLocationzFleetFlags.AddLocations%KK  ! r#N)__name__ __module__ __qualname____doc__rArgumentInterceptorr"propertyrrr<r(rr r/r3r7r=rErArGrHrBrZr[rCrrrrr#r!rr;s5/22     $DI $  $ !c! ! "T.." "-CN*:*N*NN +;+O+O  +;+O+O G*:*N*NG)9)M)M&)9)M)M6%*:*N*N%N0r#rc@eZdZdZdej dejfdZde jde fdZ de jfdZ ddejfd Zdefd Zdefd Zde fd Zdej(fdZdej,fdZdej0fdZ ddej4fdZdej8fdZdeej>fdZ ddejBdejBfdZ" ddejFfdZ$de%jLfdZ'defdZ(de)fdZ*de)fdZ+y )FleetFlagParserz)Parse flags during fleet command runtime.argsr3cT||_||_tj||_yr)rr3r GetMessagesModuler)r rr3s r!r"zFleetFlagParser.__init__#s%DI&D**=9DMr#messager&c(|t|k(S)zDetermines if a message is empty. Args: message: A message to check the emptiness. Returns: A bool indictating if the message is equivalent to a newly initialized empty message instance. )r9r rs r!IsEmptyzFleetFlagParser.IsEmpty*s md7mo %%r#c*|j|s|Sy)z/Trim empty messages to avoid cluttered request.N)rrs r! TrimEmptyzFleetFlagParser.TrimEmpty6s << n r#Nc|jj}tj|j |_|j |_|j||_ |S)zFleet resource.) rFleetr FleetResourceNameProjectrj _DisplayName displayName_DefaultClusterConfigdefaultClusterConfig)r existing_fleetfleets r!rzFleetFlagParser.Fleet=sW MM   !E'' 7EJ))+E!%!;!;N!KE Lr#c.|jjSr)r display_namer%s r!rzFleetFlagParser._DisplayNameFs 99 ! !!r#cFtj|jddS)Nz --projectT) use_defaults)rGetFromNamespacerr%s r!rzFleetFlagParser.ProjectIs  % %dii4 PPr#c.|jjS)zParses --async flag. The internal representation of --async is set to args.async_, defined in calliope/base.py file. Returns: bool, True if specified, False if unspecified. )rasync_r%s r!AsynczFleetFlagParser.AsyncLs 99  r#c|jj}|j|_|j |_|j |Sr)rSecurityPostureConfig_SecurityPostureModemode!_VulnerabilityModeValueValuesEnumvulnerabilityModer)r rets r!_SecurityPostureConfigz&FleetFlagParser._SecurityPostureConfigWsD -- - - /C((*CH BBDC >># r#cd|jjvry|jjj}|j |j |jd}||jjS)zParses --security-posture.rKNrL) rGetSpecifiedArgsrrModeValueValuesEnumDISABLEDBASIC ENTERPRISEsecurity_posturer enum_typemappings r!rz$FleetFlagParser._SecurityPostureMode]sh499#=#=#??  33GGI&&OO**G 499-- ..r#cd|jjvry|jjj}|j |j |jd}||jjS)z)Parses --workload-vulnerability-scanning.rXNrL) rrrr VulnerabilityModeValueValuesEnumVULNERABILITY_DISABLEDVULNERABILITY_BASICVULNERABILITY_ENTERPRISEworkload_vulnerability_scanningrs r!rz1FleetFlagParser._VulnerabilityModeValueValuesEnumlsq+$))2L2L2NN  ++LL441188G 499<< ==r#cB|jj}|j|_t |j |_||}n<|}|j|j|_|j |j |_|j r7|js+tjdtjdd|j|jjjjk(rg|_|j|S)z$Construct binauthz config from args.rhzbinauthz-evaluation-modezbinauthz-policy-bindings) prerequisiteopt)rBinaryAuthorizationConfig_EvaluationModeevaluationModelist_PolicyBindingspolicyBindingsr InvalidArgumentException_PREREQUISITE_OPTION_ERROR_MSGrEvaluationModeValueValuesEnumrr)r existing_binauthz new_binauthzrs r!_BinaryAuthorizationConfigz*FleetFlagParser._BinaryAuthorizationConfig}s==::L c c  $ $ 0)88  $ $ 0)88 #"4"4  / / & ( / /5, 0    //MMVVc >># r#cd|jjvry|jjj}|j |j d}||jjS)z"Parses --binauthz-evaluation-mode.r^N)rMr_)rrrrrrPOLICY_BINDINGSbinauthz_evaluation_moders r!rzFleetFlagParser._EvaluationModesh$499+E+E+GG  //MM&&$44G 49955 66r#cNjj}| fd|DSgS)z"Parses --binauthz-policy-bindings.c3\K|]#}jj|d%yw)rj)rjN)r PolicyBinding).0bindingr s r! z2FleetFlagParser._PolicyBindings..s/(g -- % %76? % ;(s),)rbinauthz_policy_bindings)r policy_bindingss` r!rzFleetFlagParser._PolicyBindingss1ii88O"( Ir# existing_cfgcb||n|jj}|jj'|jj|j |S|jj|jjdvr)t j|jj|jjdk(r+|jjt jd|jjdk(r0|jjjj|_ nH|jjdk(r/|jjjj|_ |jt jd|jj[|jjDcgc]}|jj| }}|st jd||_|j |Scc}w)z0Construct compliance (posture) config from args.>rurMrMz@Cannot configure compliance standards when disabling Compliance.ruzECannot configure compliance standards without a mode first being set.)rNz@--compliance-standards must be a non-empty comma-delimited list.)rCompliancePostureConfigr compliancecompliance_standardsrrInvalidComplianceModeConfiguringDisabledCompliancerENABLEDrrConfiguringMissingComplianceComplianceStandardcomplianceStandards)r rcfgsdesired_standardss r!_CompliancePostureConfigz(FleetFlagParser._CompliancePostureConfigs  #  ]] 2 2 4 yy# (F(F(N ^^C   yy'   %< <**499+?+?@@ ))  * ,ii,,822 N      * MM 1 1 E E M M  99  : - MM 1 1 E E N N   xx  / /    yy%%199111a -- * *A * 6111 N  !2c >># s#H,c| |jnd}|jj}|j|_|!|j |j |_n|j |_|!|j|j|_n|j|_|j|S)zConstruct default cluster config from args. Args: existing_fleet_cfg: proto message of any currently existing configuration. Returns: Proto message for the default cluster configuration. N) rrDefaultClusterConfigrsecurityPostureConfigrbinaryAuthorizationConfigrcompliancePostureConfigr)r existing_fleet_cfgexisting_default_cluster_configrs r!rz%FleetFlagParser._DefaultClusterConfigs  ) // $ -- , , .C $ ; ; =C&2&*&E&E ) C C'c#'+&E&E&Gc#&2$($A$A ) A A%c!%)$A$A$Cc! >># r#c^|jjjjS)z#Parses resource argument operation.)rCONCEPTSryParser%s r! OperationRefzFleetFlagParser.OperationRefs! 99   ' ' - - //r#c.|jjSr)rrr%s r!LocationzFleetFlagParser.Locations 99  r#c.|jjS)z$Returns page size in a list request.)r page_sizer%s r!PageSizezFleetFlagParser.PageSizes 99  r#c.|jjS)z Returns limit in a list request.)rlimitr%s r!LimitzFleetFlagParser.Limit!s 99??r#r),rrrrr Namespacer r/r"rMessageboolrrr rr<rrrrr(SecurityPostureConfigModeValueValuesEnumr5SecurityPostureConfigVulnerabilityModeValueValuesEnumrrr6BinaryAuthorizationConfigEvaluationModeValueValuesEnumrrrrrrrrrResourcerrintrr rr#r!rr sz1:#--:>B>O>O: &X-- &$ &x//%++"C"QsQ T e&A&A / 55 /> BB>$#! &&!F7 CC7 x(;(;<;?7777 $$7v! !!!F0I..0Sr#r)$r __future__rrrrTtypingrrapitools.base.protorpcliter&googlecloudsdk.api_lib.container.fleetr r googlecloudsdk.callioper r r rr googlecloudsdk.calliope.conceptsr*googlecloudsdk.command_lib.container.fleetr$googlecloudsdk.command_lib.util.apisr(googlecloudsdk.command_lib.util.conceptsrgooglecloudsdk.corerArgumentALL_MEMBERSHIPS_FLAGrprrrrr#r!rs0&'!/87/(.455=:D) %t}}   ( ?" bbJCCr#