mDdZddlmZddlmZddlmZddlmZddlZddlZddlZddl Z ddl m Z ddl m Zdd l mZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlm Z ddlm!Z!ddl"m#Z$ddl"m%Z&ddl'm(Z(dZ)dZ*dZ+dZ,GddejZZ.GddejZZ/dZ0dZ1d Z2Gd!d"e3Z4Gd#d$e3Z5Gd%d&ejlZ7Gd'd(e3Z8Gd)d*e3Z9Gd+d,e3Z:d-Z;d.Zi     C J J   %,       9 @ @ K s AB 8Cc*eZdZdZdZdZdZdZdZy)MembershipCRDCreationOperationz;An operation that waits for a membership CRD to be created. unchanged configuredcJ||_d|_d|_d|_||_yNF)r&doner=r>membership_crd_manifest)selfr&rGs r __init__z'MembershipCRDCreationOperation.__init__s'"DDIDNDJ#:D rcy)NzrrHs r __str__z&MembershipCRDCreationOperation.__str__s &rc|jj|j\}}|rd|_||_y|j |vs|j |vrd|_d|_yy)zBUpdates this operation with the latest membership creation status.TN)r&CreateMembershipCRDrGrFr>CREATED_KEYWORDCONFIGURED_KEYWORDr=rHouterrs r Updatez%MembershipCRDCreationOperation.Updatesi33 $$HC didj    $(?(?3(Fdidn)GrN) rrrrrOrPrIrLrTrrr rArAsC/#;' rrAc$eZdZdZdZdZddZy)KubeconfigProcessorz?A helper class that processes kubeconfig and context arguments.c ||_||_||_||_||_||_||_||_tjstjdd|_ d|_ y)a8Constructor for KubeconfigProcessor. Args: api_adapter: the GKE api adapter used for running kubernetes commands gke_uri: the URI of the GKE cluster; for example, 'https://container.googleapis.com/v1/projects/my-project/locations/us-central1-a/clusters/my-cluster' gke_cluster: the "location/name" of the GKE cluster. The location can be a zone or a region for e.g `us-central1-a/my-cluster` kubeconfig: the kubeconfig path internal_ip: whether to persist the internal IP of the endpoint. cross_connect_subnetwork: full path of the cross connect subnet whose endpoint to persist (optional) private_endpoint_fqdn: whether to persist the private fqdn. context: the context to use Raises: exceptions.Error: if kubectl is not installed zkubectl not installed.N)rgke_uri gke_clusterr internal_ipcross_connect_subnetworkprivate_endpoint_fqdncontextc_utilCheckKubectlInstalledr r;gke_cluster_self_linkgke_cluster_uri) rHrrXrYrrZr[r\r]s r rIzKubeconfigProcessor.__init__so<#DDL"D DO"D$vr%tAjBd jE||||fS) aGets the kubeconfig, cluster context and resource link from arguments and defaults. Args: temp_kubeconfig_dir: a TemporaryDirectoryObject. Returns: the kubeconfig filepath and context name Raises: calliope_exceptions.MinimumArgumentException: if a kubeconfig file cannot be deduced from the command line flags or environment exceptions.Error: if the context does not exist in the deduced kubeconfig file NKUBERNETES_SERVICE_PORTKUBERNETES_SERVICE_HOSTNN KUBECONFIGz~/.kube/config --kubeconfigzoPlease specify --kubeconfig, set the $KUBECONFIG environment variable, or ensure that $HOME/.kube/config existsz.context [{}] does not exist in kubeconfig [{}])#rXrYr ParseGKEURIrVALUEScoreproject GetOrFailParseGKECluster%ConstructGKEClusterResourceLinkAndURIr`ra_GetGKEKubeconfigrrZr[r\rrGetEncodedValueosenvironr ExpandHomeDircalliope_exceptionsMinimumArgumentExceptionkconfig Kubeconfig LoadFromFiler]contextsr r;r5) rHtemp_kubeconfig_dircluster_projectlocationnamekubeconfig_filerkc context_names r GetKubeconfigAndContextz+KubeconfigProcessor.GetKubeconfigAndContexts" ||t''o *2*>*>t||*L'4$++0088BBD!11$2B2BC$  8 8x 7d $"6 !++((    ( OO  $ $RZZ1J K  $ $RZZ1J K     # #BJJ =   $$_5J   8 8   ?     ( ( 4B<>rc&|j|Sr)rT)rH operation_refs r PollzKubernetesPoller.Poll@s rc2|j|jfSr)r=r>rs r GetResultzKubernetesPoller.GetResultDs    11rN)rrrrrrrrrr r3r3:sO2rr3ceZdZdZ d%dZdZdZdZdZdZ d Z d Z d Z d Z d ZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZd&dZ d&d Z!d&d!Z"d&d"Z#d'd#Z$d&d$Z%y)(KubernetesClientz6A client for accessing a subset of the Kubernetes API.Nc d|_d|_|s|rtj|_t |||||||||_|j j |j\|_|_| s| r|j jry| r6|j j|j|j|_ yy)a=Constructor for KubernetesClient. Args: api_adapter: the GKE api adapter used for running kubernetes commands gke_uri: the URI of the GKE cluster; for example, 'https://container.googleapis.com/v1/projects/my-project/locations/us-central1-a/clusters/my-cluster' gke_cluster: the "location/name" of the GKE cluster. The location can be a zone or a region for e.g `us-central1-a/my-cluster` kubeconfig: the kubeconfig path internal_ip: whether to persist the internal IP of the endpoint. cross_connect_subnetwork: full path of the cross connect subnet whose endpoint to persist (optional) private_endpoint_fqdn: whether to persist the private fqdn. context: the context to use public_issuer_url: the public issuer url enable_workload_identity: whether to enable workload identity Raises: exceptions.Error: if the client cannot be configured calliope_exceptions.MinimumArgumentException: if a kubeconfig file cannot be deduced from the command line flags or environment 20sN)rrXrYrrZr[r\r]) kubectl_timeoutrzrTemporaryDirectoryrV processorrrr]rarr&) rHrrXrYrrZr[r\r]public_issuer_urlenable_workload_identitys r rIzKubernetesClient.__init__KsF!D#D+!&!9!9!;d(!93 DN%)NN$J$J   %!DOT\ T^^%C%C 55 //4<<d rc|SrrrKs r __enter__zKubernetesClient.__enter__s KrcR|j|jjyyr)rzClose)rH_s r __exit__zKubernetesClient.__exit__s% + $$&,rc|jgdd\}}|rtdj|d|vr tdy)zCheck to see if the user can perform all the actions in any namespace. Raises: KubectlError: if failing to get check for cluster-admin permissions. RBACError: if cluster-admin permissions are not found. )authzcan-i*rz--all-namespacesNz2Failed to check if the user is a cluster-admin: {}yesaeMissing cluster-admin RBAC role: The cluster-admin role-based accesscontrol (RBAC) ClusterRole grants you the cluster permissions necessary to connect your clusters back to Google. To create a ClusterRoleBinding resource in the cluster, run the following command: kubectl create clusterrolebinding [BINDING_NAME] --clusterrole cluster-admin --user [USER]) _RunKubectlr"r5rrQs r CheckClusterAdminPermissionsz-KubernetesClient.CheckClusterAdminPermissionss^7HC  > E Ec J  C  ( rc|jdd|ddgd\}}|r$tjdj||j ddS)Ngetr<-ozjsonpath='{.metadata.uid}'z(Failed to get the UID of the cluster: {}')rr r;r5replacerHr<rRrSs r r$z KubernetesClient.GetNamespaceUIDsa  Y.JK HC    4 ; ;C @  ;;sB rc|jgdd\}}|r$tjdj|t j |}|dddz|ddz}|S)zGet server version of the cluster. Raises: exceptions.Error: if failing to get namespaces. Returns: Server version of the cluster in major.minor format (e.g. 1.21) )versionrjsonNz3Failed to get the server version of the cluster: {} serverVersionmajor.minor)rr r;r5rloads)rHrRrS version_strs r r)z!KubernetesClient.GetServerVersions| 94@HC    ? F Fs K  **S/C OW%+c/.B7.KK rcj|jddd|zdgd\}}|rtj|S)z!Get k8s events for the namespace.reventsz --namespace=z--sort-by='{.lastTimestamp}'N)rr r;rs r GetEventszKubernetesClient.GetEventssJ   Y & *  HC     JrcZ|jddd|ddgd\}}|r$tjdj||dk(rgS|jddd|dd gd\}}|r$tjdj||r|j j d SgS) zGet the Connect Agent namespace by label. Args: label: the label used for namespace selection Raises: exceptions.Error: if failing to get namespaces. Returns: The first namespace with the label selector. r namespacesz --selectorrzjsonpath={.items}Nz,Failed to list namespaces in the cluster: {}z[]z"jsonpath={.items[0].metadata.name} )rr r;r5stripsplit)rHlabelrRrSs r NamespacesWithLabelSelectorz,KubernetesClient.NamespacesWithLabelSelectors  lE49LM HC    8 ? ? D  d{ i      0    HC    8 ? ? D &)399;  S !0b0rc2|jgd\}}|S)N)delete membershiprrrHrrSs r DeleteMembershipz!KubernetesClient.DeleteMemberships   D EFAs Jrctjd}tjd}|j|jrA|j dd|ddg\}}|r$t j dj||S|j|jrA|j dd|ddg\}}|r$t j dj||Sy ) )Get the RBAC cluster role binding policy. ^clusterrole/^role/rclusterrolebindingryaml Error retrieving RBAC policy: {} rolebindingN)recompilematchlowerrr r;r5)rHrbac_policy_namerolecluster_patternnamespace_patternrRr>s r GetRbacPermissionPolicyz(KubernetesClient.GetRbacPermissionPolicysjj1O 8,TZZ\*## &(8$ Gjc5  . 5 56F G  jtzz|,## -!14 @jc5  . 5 56F G  j-rcf|D]}|d}|d}|jd||gd\}}|rXd|vr0tjjdj ||[t j dj |tjjdj |y ) z.Clean up the RBAC cluster role binding policy.rrNNotFoundz!{} for RBAC policy: {} not exist.zError deleting RBAC policy: {}z{}T)rrstatusPrintr5r r;)rH rbac_to_checkrbac_policy_pair rbac_type rbac_namerRrSs r CleanUpRbacPolicyz"KubernetesClient.CleanUpRbacPolicy-s)"1%i"1%i!!8Y "BDIhc3   **  188IN    !A!H!H!MN N S)** rc:|jdd|gd\}}||fS)Ndiff-f)_RunKubectlDiff)rHrbac_policy_filerRrSs r GetRbacPolicyDiffz"KubernetesClient.GetRbacPolicyDiff?s)##VT3C$DdKHC 8Orcd}|D]Q}|d}|d}|jd||g\}}|r+d|vrd}-tjdj|y|ryy) rFrrrrTrNrr r;r5)rHr not_foundrrrrrSs r GetRbacPolicyzKubernetesClient.GetRbacPolicyEs~I)"1%i"1%i 9 =>fa  )  !C!J!J3!OP P* rc ptjd}tjd}g} |rE| jdtjd||||fdtjd||||fg|r,| j dtjd||||f| S|j |jr,| j dtjd||||f| S|j |jr*| j dtjd||||f| S) z$Get the formatted RBAC policy names.rr clusterrole impersonateranthos permissionr)rrextendr RbacPolicyNameappendrr) rHrr project_ididentityis_useranthos_supportrrrs r GetRBACForOperationsz%KubernetesClient.GetRBACForOperationsVsVjj1O 8,M((Z7 #((Z7       $ $ J'  .    tzz| ,   $ $J Hg      .   $ $J Hg  rc|jgdd\}}|r)d|vrytjdj|y)z:Returns a boolean indicating if the Membership CRD exists.)r.customresourcedefinitions.apiextensions.k8s.iomemberships.hub.gke.ioNrFz#Error retrieving Membership CRD: {}Trrs r MembershipCRDExistsz$KubernetesClient.MembershipCRDExistssP    FAs s    BII#N OO rc|jgdd\}}|r)d|vrytjdj||S)z1Get the YAML representation of the Membership CR.)rrrrrNrrz"Error retrieving membership CR: {}rrQs r GetMembershipCRz KubernetesClient.GetMembershipCRsM94HC s    AHHM NN Jrc|jgdd\}}|r)d|vrytjdj||S)z2Get the YAML representation of the Membership CRD.)rrrrrNrrz#Error retrieving membership CRD: {}rrQs r GetMembershipCRDz!KubernetesClient.GetMembershipCRDsR   HC s    BII#N OO Jrc|jsy|jgdd\}}|r)d|vrytjdj ||S)z7Looks up the owner id field in the Membership resource.N)rrrrzjsonpath={.spec.owner.id}rz"Error retrieving membership id: {})rrr r;r5rQs r GetMembershipOwnerIDz%KubernetesClient.GetMembershipOwnerIDs]  # # % N HC s    AHHM NN Jrc$|j|Sr)Apply)rHrGs r rNz$KubernetesClient.CreateMembershipCRDs ::- ..rcN|rftjtt||tt t t\}}|r$tjdj||r;|j|\}}|r$tjdj|yy)zApply membership resources.r,z.Membership CRD creation failed to complete: {}z,Failed to apply Membership CR to cluster: {}N) r r2r3rAr6r7r8r9r r;r5r)rHrGmembership_cr_manifestrr>rSs r ApplyMembershipz KubernetesClient.ApplyMemberships   (/F G?3A> ha  < C CE J  zz01fa  : A A# F   rcx|j|\}}|r$tjdj|y)z Applying RBAC policy to Cluster.z/Failed to apply rbac policy file to cluster: {}N) ApplyRbacr r;r5)rHrrrSs r ApplyRbacPolicyz KubernetesClient.ApplyRbacPolicys> ^^, -FAs    ; B B3 G  rc8|jdd|g\}}|duS)Nrr<rrHr<rrSs r r1z KubernetesClient.NamespaceExistss'   uk9= >FAs $;rc8|jdd|gd\}}|S)Nrr<z --timeout) timeout_flagrrs r r?z KubernetesClient.DeleteNamespaces.    ; *FAs Jrc||rd|gng}|jd|ddj|g|j|S)aReturns the value of a field on a Kubernetes resource. Args: namespace: the namespace of the resource, or None if this resource is cluster-scoped resource: the resource, in the format /; e.g., 'configmap/foo', or for a list of resources json_path: the JSONPath expression to filter with Returns: The field value (which could be empty if there is no such field), or the error printed by the command if there is an error. -nrrzjsonpath={{{}}})rr5r)rHr<resource json_pathcmds r GetResourceFieldz!KubernetesClient.GetResourceFieldsD )4 bCJJx'8'?'? 'JKL   C  rc:|jdd|gd\}}||fS)Napplyrr)rH rbac_policyrRrSs r r zKubernetesClient.ApplyRbacs($ = 400. headersizstatus: {}, reason: {}) r GetSessionrequest status_coder r;r5reasoncontent)rHmethodurlr(rrs r _WebRequestzKubernetesClient._WebRequestsa %%fc7%CA ]]F }   5<= 400. N BearerToken)r(querys auth_settingsr')r&update_params_for_authr configurationhost rest_clientr*data)rHr.api_pathr(r/r0s r _ClusterRequestz KubernetesClient._ClusterRequest.s~g ++]O, $""0055x @C $$,,VS',JA 66Mrcddi}d} |(|jddz}|jd||Sd}|jd||S#t$r*}t j dj ||d}~wwxYw) aAGet the OpenID Provider Configuration for the K8s API server. Args: issuer_url: string, the issuer URL to query for the OpenID Provider Configuration. If None, queries the custer's built-in endpoint. Returns: The JSON response as a string. Raises: Error: If the query failed. Content-Typezapplication/jsonN/z!/.well-known/openid-configurationGETr'z7Failed to get OpenID Provider Configuration from {}: {})rstripr1r< Exceptionr r;r5)rH issuer_urlr(r/es r GetOpenIDConfigurationz'KubernetesClient.GetOpenIDConfigurationNs *G C   $'JJsG<<1##E3#@@     C J J1  s)AA A;%A66A;cddi}d} ||}|jd||Sd}|jd||S#t$r*}tjdj ||d}~wwxYw)a$Get the JSON Web Key Set for the K8s API server. Args: jwks_uri: string, the JWKS URI to query for the JSON Web Key Set. If None, queries the cluster's built-in endpoint. Returns: The JSON response as a string. Raises: Error: If the query failed. r>zapplication/jwk-set+jsonNr@r'z/openid/v1/jwksz*Failed to get JSON Web Key Set from {}: {})r1r<rBr r;r5)rHjwks_urir(r/rDs r GetOpenIDKeysetz KubernetesClient.GetOpenIDKeysetms 2G C   sG<<##E3#@@     6 = =c1 E s66 A)%A$$A)ctjg}|jr|jd|jg|jr|jd|jg|j||j g|j|t j}t j}tj|d|j|j|}|dk7r0|js |jdj||dk(r|jnd|dk7r|jfSdfS)aRuns a kubectl command with the cluster referenced by this client. Args: args: command line arguments to pass to kubectl stdin: text to be passed to kubectl via stdin timeout_flag: kubectl command flag used to set timeout Returns: The contents of stdout if the return code is 0, stderr (or a fabricated error if stderr is empty) otherwise --contextrgTno_exitout_funcerr_funcin_strrz"kubectl exited with return code {}N) r^r_r]rrrioStringIOrExecwritegetvaluer5)rHargsrrrrRrS returncodes r rzKubernetesClient._RunKubectls   ' ' ) *C || jj+t||,-  jj.$//23JJ d2234JJt ++-C ++-C %% TCII %JQs||~ ii4;;JGH%/ t$/  /3 rc6tjg}|jr|jd|jg|jr|jd|jg|jd|j g|j|t j}t j}tj|d|j|j|}|dk(r|jnd|dkDr|jfSdfS)a4Runs a kubectl diff command with the specified args. Args: args: command line arguments to pass to kubectl stdin: text to be passed to kubectl via stdin Returns: The contents of stdout if the return code is 1, stderr (or a fabricated error if stderr is empty) otherwise rJrg--request-timeoutTrKrN) r^r_r]rrrrPrQrrRrSrT)rHrUrrrRrSrVs r rz KubernetesClient._RunKubectlDiffs  ' ' ) *C || jj+t||,-  jj.$//23JJ#T%9%9:;JJt ++-C ++-C %% TCII %J%/ t$q.  .2 r) NNNNFNNNNFr)NrX)&rrrrrIrrrr$r)rrrrrrrrrrrrrNr r r1r?rr rr!r%r1r<rErHrrrrr rrHs># $HT' 4  . &1P 0$ "0d $ / , !$ C(@>:!Frrc"eZdZdZdZdZdZy) DeploymentPodsAvailableOperationzGAn operation that tracks whether a Deployment's Pods are all available.cf||_||_||_||_d|_d|_d|_yrE)r<deployment_nameimager&rFr=r>)rHr<r\r]r&s r rIz)DeploymentPodsAvailableOperation.__init__s5DN*DDJ"DDIDNDJrcNdj|j|jS)Nz)r5r<r\rKs r rLz(DeploymentPodsAvailableOperation.__str__s$ ) 0 0 ,, rcdjj}fd}jjj|d\}}|r ||y|j k7ryjjj|d\}}|r ||yjjj|d\}}|r ||yjjj|d\}}|r ||yjjj|d\}}|r ||y||kry||kDry||kryd _d _y) zFUpdates this operation with the latest Deployment availability status.z deployment/{}c:d|vryd_d_|_y)z-Updates the operation for the provided error.rNTF)rFr=r>)rSrHs r _HandleErrz;DeploymentPodsAvailableOperation.Update.._HandleErrs' s didndjrz'.spec.template.spec.containers[0].imageNz.spec.replicasz.status.replicasz.status.availableReplicasz.status.updatedReplicasT)r5r\r&rr<r]r=rF) rHdeployment_resourceradeployment_imagerS spec_replicasstatus_replicasavailable_replicasupdated_replicass ` r rTz'DeploymentPodsAvailableOperation.Updatesy)001E1EF !,,== 1c  o 4::% )):: +-=M3 o ++<< +-?OS o "..?? +-H o  ,,== +-Fc o -' )) ,, DNDIrNrrrrrIrLrTrrr rZrZsO ErrZc"eZdZdZdZdZdZy)r4z6An operation that waits for a namespace to be deleted.cJ||_||_d|_d|_d|_yrE)r<r&rFr=r>)rHr<r&s r rIz!NamespaceDeleteOperation.__init__+s&DN"DDIDNDJrc8dj|jS)Nz)r5r<rKs r rLz NamespaceDeleteOperation.__str__2s $ + +DNN ;;rc|jj|j}|syd|vrd|_d|_y||_y)zAUpdates this operation with the latest namespace deletion status.NrT)r&r?r<rFr=r>)rHrSs r rTzNamespaceDeleteOperation.Update5sC    * *4>> :C  SdidndjrNrhrrr r4r4(s><rr4ctjj|jd}tjtj d} tj tj d||tjd}|j|||} |j| } | j} | xr| jxr | j} | sLtjj!s.tj"dj%| j&tjj)| | j&|||| r'tj tj d| |Stj d=|S#| r&tj tj d| wtj d=wxYw)aThe kubeconfig of GKE Cluster is fetched using the GKE APIs. The 'KUBECONFIG' value in `os.environ` will be temporarily updated with the temporary kubeconfig's path if the kubeconfig arg is not None. Consequently, subprocesses started with googlecloudsdk.core.execution_utils.Exec will see the temporary KUBECONFIG environment variable. Using GKE APIs the GKE cluster is validated, and the ClusterConfig object, is persisted in the temporarily updated 'KUBECONFIG'. Args: api_adapter: the GKE api adapter used for running kubernetes commands project: string, the project id of the cluster for which kube config is to be fetched location_id: string, the id of the location to which the cluster belongs cluster_id: string, the id of the cluster temp_kubeconfig_dir: TemporaryDirectory object internal_ip: whether to persist the internal IP of the endpoint. cross_connect_subnetwork: full path of the cross connect subnet whose endpoint to persist (optional) private_endpoint_fqdn: whether to persist the private fqdn. Raises: Error: If unable to get credentials for kubernetes cluster. Returns: the path to the kubeconfig file rrfv1zGUnable to get cluster credentials. User must have edit permission on {})rqpathjoinrrprrSetEncodedValuegke_api_adapter NewAPIAdapter ParseCluster GetCluster masterAuthclientCertificate clientKeyr^ ClusterConfigUseGCPAuthProviderr;r5 projectIdPersist)rrk location_id cluster_idrzrZr[r\rold_kubeconfig cluster_refclusterr valid_credss r roroFsvNww||/44lC*++BJJ E.# RZZzB#11$7k**:{GLK$$[1G   DD411DdnnK v33FFH LL #VK$9$9:      rzz<H  **\ "  rzz<H **\ "s DF;G ct|}|jr|rtjdd|jr|stjdd|j r|stjddyy)a}Validates if --gke-cluster | --gke-uri is supplied for GKE cluster, and --context for non GKE clusters. Args: kube_client: A Kubernetes client for the cluster to be registered. args: An argparse namespace. All arguments that were provided to this command invocation. Raises: calliope_exceptions.ConflictingArgumentsException: --context, --gke-uri, --gke-cluster are conflicting arguments. calliope_exceptions.ConflictingArgumentsException is raised if more than one of these arguments is set. calliope_exceptions.InvalidArgumentException is raised if --context is set for non GKE clusters. rJz]--context cannot be used for GKE clusters. Either --gke-uri | --gke-cluster must be specifiedz --gke-uriz#use --context for non GKE clusters.z --gke-clusterN) IsGKEClusterr]rtInvalidArgumentExceptionrXrY)r&rUis_gke_clusters r ValidateClusterIdentifierFlagsrs" ,. \\n  6 6 =   \\.  6 6:  n  6 6> -rc|jr|jjry|jddd\}}|r$tjdj ||syy)aReturns true if the cluster to be registered is a GKE cluster. There is no straightforward way to obtain this information from the cluster API server directly. This method uses metadata on the Kubernetes nodes to determine the instance ID. The instance ID field is unique to GKE clusters: Kubernetes-on-GCE clusters do not have this field. This test doesn't work in identifing a GKE cluster with zero nodes. Args: kube_client: A Kubernetes client for the cluster to be registered. Raises: exceptions.Error: if failing there's a permission error or for invalid command. Returns: bool: True if kubeclient communicates with a GKE Cluster, false otherwise. TNnodeszE.items[*].metadata.annotations.container\.googleapis\.com/instance_idz)kubectl returned non-zero status code: {}F)rr`rr r;r5)r&vm_instance_idrSs r rrsm,{44JJ #44  O.#    3::3?    r)>r __future__rrrrrPrrqr googlecloudsdk.api_lib.containerrrrrrvr r^googlecloudsdk.api_lib.utilr googlecloudsdk.callioper rt*googlecloudsdk.command_lib.container.fleetr 6googlecloudsdk.command_lib.container.fleet.membershipsr googlecloudsdk.corerrrrgooglecloudsdk.core.utilrr kubernetesrrrrsix.moves.urllib.parserr6r7r8r9r;rr"r'r*r?objectrArVOperationPollerr3rrZr4rorrrrr rs <&%' KB;.EBK*/#*(-*03*&'" -*3'.6+5   5>:##>4"("!HV@U)&U)p 2v-- 2D vD NVvVrv