AdZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l m Z dd l mZdd lmZdd lmZdd lmZddlmZddlmZdZdZddefdZdZdZGddZGddZy)z5Functions to add standardized flags in PoCo commands.)absolute_import)division)unicode_literals)path)messages)protos)base)parser_arguments)parser_extensions) resources) constants) exceptions)util) console_iozpolicy-essentials-v2022c:tjdtdS)Nz--fleet-default-member-configaThe path to a policy-controller.yaml configuration file. If specified, this configuration will become the default Policy Controller configuration for all memberships in your fleet. It can be overridden with a membership-specific configuration by using the the `Update` command. To enable the Policy Controller Feature with a fleet-level default membership configuration, run: $ {command} --fleet-default-member-config=/path/to/policy-controller.yaml typehelpr ArgumentstrHlib/googlecloudsdk/command_lib/container/fleet/policycontroller/flags.pyfleet_default_cfg_flagr%s %   r include_noc|dj|rdnd}tj|ddjd|S)z/Flag for unsetting fleet default configuration.z--{}fleet-default-member-configzno- store_truezRemoves the fleet default configuration for policy controller. Memberships configured with the fleet default will maintain their current configuration. $ {} {} z {command}actionr)formatr r)rflags rno_fleet_default_cfg_flagr$7s@ * 1 1:%2 N$   &d #  rctjdd}|jt|jt d|S)ztjddgtdS)z;Builds flag for setting configuration to the fleet default.z--originFLEETzaIf --origin=FLEET will set the configuration of the membership to the fleet default. )choicesrrrrrr origin_flagr/Ps# i   rceZdZdZdej defdZedZ edZ dZ dZ d Z d Zd Zd Zd ZdZdZdZdZy) PocoFlagszHandle common flags for Poco Commands. Use this class to keep command flags that touch similar configuration options on the Policy Controller feature in sync across commands. parsercommandc ||_||_y)zConstructor. Args: parser: The argparse parser to add flags to. command: The command using this flag utility. i.e. 'enable'. N)_parser _display_name)selfr2r3s r__init__zPocoFlags.__init__csDL Drc|jSN)r5r7s rr2zPocoFlags.parserqs <<rc|jSr:)r6r;s r display_namezPocoFlags.display_nameus   rcH|jjdtdy)z7Adds handling for audit interval configuration changes.z--audit-intervalz=How often Policy Controller will audit resources, in seconds.rNr2 add_argumentintr;s radd_audit_intervalzPocoFlags.add_audit_intervalys"KK  LrcH|jjdtdy)zCAdds handling for constraint violation limit configuration changes.z--constraint-violation-limitzSThe number of violations stored on the constraint resource. Must be greater than 0.rNr?r;s radd_constraint_violation_limitz(PocoFlags.add_constraint_violation_limits$KK&  " rc|jjdd}|jdtd|jddd y ) z4Adds handling for configuring exemptable namespaces.zExemptable Namespace flags.Tr&z--exemptable-namespacesz^Namespaces that Policy Controller should ignore, separated by commas if multiple are supplied.rz--clear-exemptable-namespacesrzRemoves any namespace exemptions, enabling Policy Controller on all namespaces. Setting this flag will overwrite currently exempted namespaces, not append.r N)r2add_argument_groupr@rr7groups radd_exemptable_namespacesz#PocoFlags.add_exemptable_namespacess` KK * *%T + E !  0  ' : rc|jjdd}|jddd|jddd y ) z(Adds handling for log denies enablement.zLog Denies flags.Tr&z--no-log-deniesrzIf set, disable all log denies.r z --log-denieszNIf set, log all denies and dry run failures. (To disable, use --no-log-denies)Nr2 add_groupr@rGs radd_log_denies_enabledz PocoFlags.add_log_denies_enabledsX KK ! !"5T ! BE  .   rc|jjdd}tj|dd|j dddd y ) z6Adds handling for single, multiple or all memberships.zMembership flags.Tr&zThe membership names to act on, separated by commas if multiple are supplied. Ignored if --all-memberships is supplied; if neither is supplied, a prompt will appear with all available memberships.)pluralmembership_helpz--all-membershipsrzFIf supplied, apply to all Policy Controllers memberships in the fleet.F)r!rdefaultN)r2rFr AddMembershipResourceArgr@rGs radd_membershipszPocoFlags.add_membershipssZ KK * *+>d * KE &&     rc |jjdd}|jdtdj dj t j|jdd d y ) z3Adds handling for monitoring configuration changes.zMonitoring flags.Tr&z --monitoringzMonitoring backend options Policy Controller should export metrics to, separated by commas if multiple are supplied. Setting this flag will overwrite currently enabled backends, not append. Options: {}z, rz--no-monitoringrzOInclude this flag to disable the monitoring configuration of Policy Controller.r N)r2rFr@rr"joinr MONITORING_BACKENDSrGs radd_monitoringzPocoFlags.add_monitoringsu KK * *+>d * KE   "6$))I,I,I"JK   " rc|jjdd}|jddd|jddd y ) z&Adds handling for mutation enablement.zMutation flags.Tr&z --no-mutationrzDisables mutation support.r z --mutationzDIf set, enable support for mutation. (To disable, use --no-mutation)NrKrGs r add_mutationzPocoFlags.add_mutationsW KK ! !"34 ! @E  3O   rc@|jjdddy)zkAdds handling for no content enablement. This prevents the template library from being installed. z --no-contentrzaIf set, Policy content, including the template library and policy bundles, will not be installed.r Nr2r@r;s radd_no_contentzPocoFlags.add_no_contents&  KK / rc@|jjdddy)Nz--no-default-bundlesrz@If set, skip installing the default bundle of policy-essentials.r r[r;s radd_no_default_bundlesz PocoFlags.add_no_default_bundless"KK Orc|jjdd}|jddd|jddd y ) z/Adds handling for referential rules enablement.zReferential Rules flags.Tr&z--no-referential-rulesrz#Disables referential rules support.r z--referential-rulesz\If set, enable support for referential constraints. (To disable, use --no-referential-rules)NrKrGs radd_referential_ruleszPocoFlags.add_referential_rulessX KK ! !"MG $$%%g.%  4 4 * 1 1' :   & &  ' ' 0rcv|jjr#|jjg}||_|jjrd|jjj dDcgc]}|j |}}|jj|}||_|Scc}w)z2Sets or removes monitoring backends based on args.)backendsrz)rk no_monitoringrr monitoringr~r)r7rnconfigrrs rupdate_monitoringz PocoFlagParser.update_monitoring}s yy}}==r=Jf!g yy--33C88g  # #G ,8}}==x=Pf!g Ns7B6cB|jjjS)zDReturns an reference to the BundlesValue class for this API channel.)rr BundlesValuer;s rbundle_messagezPocoFlagParser.bundle_messages == : : G GGrcd|jjs|jjr|S|j|}t j |j }|jj|t<t j|j||_||_ |S)aTSets default bundles based on args. This function assumes that the hub config is being initialized for the first time. Args: hub_cfg: A 'PolicyControllerHubConfig' proto message. Returns: A modified hub_config, adding the default bundle; or unmodified if the --no-default-bundles flag is specified. ) rkrno_default_bundles_get_policy_contentradditional_properties_to_dictbundlesr!PolicyControllerBundleInstallSpecDEFAULT_BUNDLE_NAMEset_additional_propertiesrr)r7rnpolicy_content_specrs rupdate_default_bundlesz%PocoFlagParser.update_default_bundless yytyy;; n227;22##G 779  #)"B"B w#0G Nrc^|jjxs|jjSr:)rkfleet_default_member_configno_fleet_default_member_configr;s ris_feature_updatez PocoFlagParser.is_feature_updates& -- 4 99 3 3rc|jjrjtj|jj}t j |d}t j|jj|Sy)NF)binary) rkrr expanduserrReadFromFileOrStdinrImportrPolicyControllerMembershipSpec)r7 config_pathdatas rload_fleet_default_cfgz%PocoFlagParser.load_fleet_default_cfgs^ yy,,OODII$I$IJk  + + ed[[EEt LL -rc.|jjSr:)rrr;s rtemplate_lib_cfgzPocoFlagParser.template_lib_cfgs == > >>rc.|jjSr:)rrr;s rtemplate_lib_enumz PocoFlagParser.template_lib_enums  < <>  ! !!rpococh|jjr|jj|_|Sr:)rkversion)r7rs rupdate_versionzPocoFlagParser.update_versions% yyYY&&dl Krcd|jjxr|jjdk(S)Nr-)rkoriginr;s ruse_default_cfgzPocoFlagParser.use_default_cfgs& 99   ; 0 0G ;;rfeature membershipc|jD|jjdd}d}tj|j ||j ||jj|_y)a.Sets membership to the default fleet configuration. Args: feature: The feature spec for the project. membership: The membership spec being updated. Returns: Updated MembershipFeatureSpec. Raises: MissingFleetDefaultMemberConfig: If none exists on the feature. N/ztNo fleet default member config specified for project {}. Use '... enable --fleet-default-member-config=config.yaml'.)fleetDefaultMemberConfignamer~rMissingFleetDefaultMemberConfigr"set_origin_fleetpolicycontroller)r7rrprojectmsgs rset_default_cfgzPocoFlagParser.set_default_cfgsu''/ ""3'*g E   6 6szz'7J KK*%((99rc|jj|jjjj|_y)N)r)rOriginTypeValueValuesEnumr-r)r7rs rrzPocoFlagParser.set_origin_fleets7 ,, ]] ! ! 5 5 ; ;-JrN)!rcrdrerfr Namespacer8rMessagertrxrrrrrrhrrrrrrboolrrrrrrrrrrrrrjrj#s ,66%%%% %%  x'7'7H Mh&6&6M ? 0 0? ? =!1!1= ="(*:*:"x?O?O" !1!1h6F6F N>NrrjN)F) rf __future__rrrosrapitools.base.protorpcliter7googlecloudsdk.api_lib.container.fleet.policycontrollerrgooglecloudsdk.callioper r r *googlecloudsdk.command_lib.container.fleetr ;googlecloudsdk.command_lib.container.fleet.policycontrollerr r!googlecloudsdk.command_lib.exportrgooglecloudsdk.core.consolerrrrr$r+r/r1rjrrrrsn<&'/J(45@QR22/$ $  DDNPPr