9.dZddlmZddlmZddlmZddlZddlZddlZddlm Z ddlm Z ddl m Z dd l mZdd lmZdd lmZdd lmZdd lmZddlmZddlmZdZdZdZdZdZdZdZ d#dZd#dZ dZ!dZ"dZ#dZ$dZ%dZ&d$dZ'd Z(d!Z)d"Z*y)%z,Utilities for generating kubeconfig entries.)absolute_import)division)unicode_literalsN) kubeconfig)util)gateway)gwkubeconfig_util)errors)config)log) properties) platforms)semvera Fetch credentials for a running {cluster_type}. This command updates a kubeconfig file with appropriate credentials and endpoint information to point kubectl at a specific {cluster_type}. By default, credentials are written to ``HOME/.kube/config''. You can provide an alternate path by setting the ``KUBECONFIG'' environment variable. If ``KUBECONFIG'' contains multiple paths, the first one is used. This command enables switching to a specific cluster, when working with multiple clusters. It can also be used to access a previously created cluster from a new workstation. By default, the command will configure kubectl to automatically refresh its credentials using the same identity as the gcloud command-line tool. If you are running kubectl as part of an application, it is recommended to use [application default credentials](https://cloud.google.com/docs/authentication/production). To configure a kubeconfig file to use application default credentials, set the ``container/use_application_default_credentials'' [Google Cloud CLI property](https://cloud.google.com/sdk/docs/properties) to ``true'' before running the command. See [](https://cloud.google.com/kubernetes-engine/docs/kubectl) for kubectl documentation. z To get credentials of a cluster named ``my-cluster'' managed in location ``us-west1'', run: $ {command} my-cluster --location=us-west1 zyCluster {} is not RUNNING. The Kubernetes API may or may not be available. Check the cluster status for more information.zIs it still PROVISIONING?c0d}|j||||S)aOGenerates a kubeconfig context for an Anthos Multi-Cloud cluster. Args: kind: str, kind of the cluster e.g. aws, azure. project_id: str, project ID accociated with the cluster. location: str, Google location of the cluster. cluster_id: str, ID of the cluster. Returns: The context for the kubeconfig entry. z/gke_{kind}_{project_id}_{location}_{cluster_id})kind project_idlocation cluster_idformat)rrrrtemplates Dlib/googlecloudsdk/command_lib/container/gkemulticloud/kubeconfig.pyGenerateContextrMs(?(  Jj  c0d}|j||||S)aeGenerates command arguments for kubeconfig's authorization provider. Args: kind: str, kind of the cluster e.g. aws, azure. cluster_id: str, ID of the cluster. location: str, Google location of the cluster. project: str, Google Cloud project of the cluster. Returns: The command arguments for kubeconfig's authorization provider. zcontainer {kind} clusters print-access-token {cluster_id} --project={project} --location={location} --format=json --exec-credential)rrrprojectr)rrrrrs rGenerateAuthProviderCmdArgsr_s-(  J7  rcXtjj}tj||||j|<t t ||||||j||jtjjdj|y)aGenerates a kubeconfig entry for an Anthos Multi-cloud attached cluster. Args: cluster: object, Anthos Multi-cloud cluster. cluster_id: str, the cluster ID. context: str, context for the kubeconfig entry. cmd_path: str, authentication provider command path. NA new kubeconfig entry "{}" has been generated and set as the current context.N) kubeconfig_util KubeconfigDefaultContextcontexts _CheckPreqs_ConnectGatewayKubeconfigSetCurrentContext SaveToFiler statusPrintr)clusterrcontextcmd_pathrs rGenerateAttachedKubeConfigr.us))113*!0!8!8 w"*g-JWhO w' **rctjj}tj||||j|<t ||}|s|t jdkrtdt||||||ntt||||||j||jtjjdj!|y)aGenerates a kubeconfig entry for an Anthos Multi-cloud cluster. Args: cluster: object, Anthos Multi-cloud cluster. cluster_id: str, the cluster ID. context: str, context for the kubeconfig entry. cmd_path: str, authentication provider command path. cmd_args: str, authentication provider command arguments. private_ep: bool, whether to use private VPC for authentication. Raises: Error: don't have the permission to open kubeconfig file. z1.21.0T)private_endpointrN)r r!r"r#r$ _GetSemverrSemVerr%_PrivateVPCKubeconfigr&r'r(r r)r*r)r+rr,r-cmd_args private_eprversions rGenerateKubeconfigr7s ))113*!0!8!8 w"*g w +'7V]]844&GZ(HMGZ( w' **rctj|sQtjjj j }tj|tyy)z9Checks the prerequisites to run get-credentials commands.N) rCheckKubectlInstalledr VALUEScorer GetOrFailrCheckGatewayApiEnablement_GetConnectGatewayEndpoint)r0rs rr%r%sM ""''//99;J %%.0 rcp|j|jjtj|dtdj t |jj}d|d}tj|fi||j|<tj|||j|<y)azGenerates the Connect Gateway kubeconfig entry. Args: kubeconfig: object, Kubeconfig object. cluster: object, Anthos Multi-cloud cluster. cluster_id: str, the cluster ID. context: str, context for the kubeconfig entry. cmd_path: str, authentication provider command path. Raises: errors.MissingClusterField: cluster is missing required fields. NzFleet membershipzhttps://{}/v1/{}gcp) auth_providerauth_provider_cmd_path) fleet membershipr MissingClusterFieldSTILL_PROVISIONING_MSGrr>r Userusersr Clusterclusters)rr+rr,r-server user_kwargss rr&r&s ]]gmm66>  $ $&(>   $ $ "GMM$<$< &#(8L+-227JkJ*7!2!:!:7F!K*grci}t|||d<||d|j|<i}|jtjdnt |j|d<|j tj|dttj|dj|j fi||j|<y)atGenerates the kubeconfig entry to connect using private VPC. Args: kubeconfig: object, Kubeconfig object. cluster: object, Anthos Multi-cloud cluster. cluster_id: str, the cluster ID. context: str, context for the kubeconfig entry. cmd_path: str, authentication provider command path. cmd_args: str, authentication provider command arguments. exec)nameuserNz.Cluster is missing certificate authority data.ca_dataendpointz https://{})_ExecAuthPluginrHclusterCaCertificater warning _GetCaDatarRr rErFr rIrrJ)rr+rr,r-r4rPcluster_kwargss rr3r3s $ 84$v,'.=*7. !!)KK@A *7+G+G HN9   $ $J 6 "1!8!8 |""7#3#34"8F"*grcvt||}|tjdkrtjdy)a Validates the cluster version. Args: cluster: object, Anthos Multi-cloud cluster. cluster_id: str, the cluster ID. Raises: UnsupportedClusterVersion: cluster version is not supported. MissingClusterField: expected cluster field is missing. z1.20.0zsThe command get-credentials is supported in cluster version 1.20 and newer. For older versions, use get-kubeconfig.N)r1rr2r UnsupportedClusterVersionr+rr6s rValidateClusterVersionr[s> w +' v}}X&&  * * = 'rchtj|jdjdS)Nzutf-8)base64 b64encodeencodedecode)pems rrVrVs)   #**W- . 5 5g >>rc:|j|jjtj|d|jj}|j dr(|j ddd}t j|St j|S)Nr6z-nextz.0) controlPlaner6r rEendswithreplacerr2)r+rr6vs rr1r1s !W%9%9%A%A%I  $ $Z ;;  ( (' gq)A ==  w rc*tjjjj }|"|j ds|j dryd|vry|j ds|j drytjd ) zGets the corresponding Connect Gateway endpoint for Multicloud environment. http://g3doc/cloud/kubernetes/multicloud/g3doc/oneplatform/team/how-to/hub Returns: The Connect Gateway endpoint. Raises: Error: Unknown API override. zgkemulticloud.googleapis.com/z-preprod-gkemulticloud.sandbox.googleapis.com/zconnectgateway.googleapis.comzstaging-gkemulticloudz-staging-connectgateway.sandbox.googleapis.comzhttp://localhostz%gkemulticloud.sandbox.googleapis.com/z.autopush-connectgateway.sandbox.googleapis.com gkemulticloud) r r:api_endpoint_overridesriGetre startswithr UnknownApiEndpointOverrideError)rRs rr>r>#s   5 5 C C G G I(   : ;   J K *( : +,0A0A-1 <..??rcdd||ddS)z-Generates a Kubernetes execCredential object.ExecCredentialclient.authentication.k8s.io/v1)expirationTimestamptoken)r apiVersionr))expiration_timestamp access_tokens rroroBs5!5 rc|_d}tjjrd}|} tj|dgddtj tj |}|dd|j%d d d }t&j(j*j,j/}|r9t&j(j*j,j1|d g|d <|S#t $r tjj}|Ftjtjtjtjtj j#||}tj|dgddtj tj |}n2#t $r&tjtjYnwxYwYwxYw)zGenerates and returns an exec auth plugin config. Args: cmd_path: str, exec command path. cmd_args: str, exec command arguments. Returns: dict, valid exec auth plugin config entry. gcloudz gcloud.cmdz --versionF)timeoutcheckstdoutstderrrpT Never)commandrsprovideClusterInfoargsinteractiveMode)rOvalueenv)rOperatingSystem IsWindows subprocessrunDEVNULL Exceptionr Paths sdk_bin_pathr criticalr SDK_BIN_PATH_NOT_FOUNDErrorospathjoinsplitr r:rjrirkEnvironmentName)r-r4bin_namerrsdk_path_bin_namecfgrRs rrSrSNsH  **,hG =nn K #### h65 nnS!  #   5 5 C C G G I(     4 4 B B R R T CJ *S ==||~22   ,,== >%%o&L&LM M ggll<A  .. +.''''  '( = _;;<=-=s6:C(( G)2CF32G)3,G"G)!G""G)(G)cb |j|stjdyy#YyxYw)zDChecks and gives a warning if the cluster does not have a node pool.zpCluster does not have a node pool. To use Connect Gateway, ensure you have at least one Linux node pool running.N) HasNodePoolsr rU)cluster_client cluster_refs rCheckClusterHasNodePoolsrs6   & &{ 3 kk B 4 s&*.cJt||}|tjdkS)Nz1.25.0)r1rr2rZs rConnectGatewayInNodePoolsrs" w +' 6==* **r)F)NN)+__doc__ __future__rrrr]rr googlecloudsdk.api_lib.containerrr r*googlecloudsdk.command_lib.container.fleetrr 2googlecloudsdk.command_lib.container.gkemulticloudr googlecloudsdk.corer r r googlecloudsdk.core.utilrrCOMMAND_DESCRIPTIONCOMMAND_EXAMPLENOT_RUNNING_MSGrFrrr.r7r%r&r3r[rVr1r>rorSrrrtrrrs3&' J1>HE&#*.+625$,6BG(VL6>&?  @> D N  +r