5dZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l mZdd lmZdd lmZd Zd ZdZdZdZdZdZdZdZdZdZdZdZdZ dZ!dZ"dZ#dZ$dZ%dZ&d Z'd!Z(y")#z!The python hooks for IAM surface.)absolute_import)division)unicode_literals)util)apis) arg_parsers) exceptions)iam_util) arg_utils)logc$~|jdr}tj\}}|j|jj d|jj d|jj d}||_|S)aPython hook to add condition from --condition-from-file to request. Args: ref: A resource ref to the parsed resource. args: Parsed args namespace. request: The apitools request message to be modified. Returns: The modified apitools request message. condition_from_file descriptiontitle expression)rrr) IsSpecifiedrGetClientAndMessagesExprrget condition)refargsrequest_messagescondition_messages +lib/googlecloudsdk/command_lib/iam/hooks.py"UpdateRequestWithConditionFromFilers  +,++-KAx ,,00?&&**73++// =& *G .cNtjddj|S)Nzcondition-from-filez{filename} must be a path to a YAML or JSON file containing the condition. `expression` and `title` are required keys. `description` is optional.filename)gcloud_exceptionsInvalidArgumentExceptionformatr!s r_ConditionFileFormatExceptionr&5s)  3 3&(&+  rcxtj|}tj|t |}|S)z&Read condition from YAML or JSON file.)r FileContentsr ParseYamlOrJsonConditionr&)rrcondition_dicts rParseConditionFromFiler+>s>)k&&()<=)44./BC. rc~|jt|jdz dgdk(r9tjj dj |j yy)N)iamservice-accountsenablezEnabled service account [{}]. command_pathlenr statusPrintr%service_accountresponsers rEnableIamAccountConfirmationr9Hs] s4,,-1349 JJ'..t/C/CD rc~|jt|jdz dgdk(r9tjj dj |j yy)Nr-)r.r/disablezDisabled service account [{}].r1r7s rDisableIamAccountConfirmationr<Ts] s4,,-1349 JJ(//0D0DE rc~tjjdj|j|j y)Nz,Enabled key [{0}] for service account [{1}].r r4r5r%iam_key iam_accountr7s rEnableIamKeyConfirmationrA`s4**4;; ,,((rc~tjjdj|j|j y)Nz-Disabled key [{0}] for service account [{1}].r>r7s rDisableIamKeyConfirmationrCis4**5<< ,,((rc0|j|_|S)z)Add service account name to request name.) RelativeNamename)r unused_argsrs rSetServiceAccountResourcerHrs!!#', .rcj~~|jjsddg}tj|d|S)z.Validate the field mask for an update request.z--display-namez --descriptionz%Specify at least one field to update.)patchServiceAccountRequest updateMaskr#OneOfArgumentsRequiredException)rrGr update_fieldss rValidateUpdateFieldMaskrNysB ;  + + 6 6%7M  ; ;>  .rcfd}|S)zDSet requestedPolicyVersion to max supported in GetIamPolicy request.cV~~tj|tj|S)N)r SetFieldInMessager !MAX_LIBRARY_IAM_SUPPORTED_VERSION)rrr api_fields rProcessz-UseMaxRequestedPolicyVersion..Processs* T HFF Nr)rSrTs` rUseMaxRequestedPolicyVersionrVs .rcfd}|S)z3Add ',version' to update_mask if it is not present.c~~tj|}d|vr |d}n|dz }tj|||S)z+The implementation of Process for the hook.versionz,version)r GetFieldValueFromMessagerQ)rrr update_maskupdate_mask_paths rrTz3AddVersionToUpdateMaskIfNotPresent..ProcesssP T44W>NOK #   z!  )9;G NrrU)r\rTs` r"AddVersionToUpdateMaskIfNotPresentr]s  .rcX|jstjddd|zS)N account_idzSAccount unique ID should be a number. Please double check your input and try again.zprojects/-/serviceAccounts/)isdigitr#r$)r_s r"CreateFullServiceAccountNameFromIdras6      4 4   ' 33rc tj|j}|jdS#tj$r*}t j ddj |d}~wwxYw)a;Generate public key data from a path. Args: path: (bytes) the public key file path given by the command. Raises: InvalidArgumentException: if the public key file path provided does not exist or is too large. Returns: A public key encoded using the UTF-8 charset. public_key_filez1{}. Please double check your input and try again.Nzutf-8)rr(stripArgumentTypeErrorr#r$r%encode)pathpublic_key_dataes rGeneratePublicKeyDataFromFilerjst0k..06<<>O    ((  & &  4 4;BB1E s(;A8%A33A8ch~tjdd}t|||t||||S)zsAdd ExtraAttributesOAuth2Client and ExtendedAttributesOAuth2Client fields to create workforcePoolProvider requests.r.v1)rGetMessagesModule$SetExtraAttributesOauth2ClientFields'SetExtendedAttributesOauth2ClientFieldsrrrrs r2AddCreateExtraAndExtendedAttributesConfigToRequestrqs6  # #E4 0(&wh?)'4B .rc~tjdd}|j%|jrtj|dd|St ||||S)PAdd ExtraAttributesOAuth2Client fields to update workforcePoolProvider requests.r.rlNz1workforcePoolProvider.extraAttributesOauth2Client)rrmclear_extra_attributes_configr rQrnrps r*AddClearableExtraAttributesConfigToRequestrus]  # #E4 0( ((4  , , ;  .)$A .rc~tjdd}|j%|jrtj|dd|St ||||S)rsr.rlNz4workforcePoolProvider.extendedAttributesOauth2Client)rrm clear_extended_attributes_configr rQrorps r-AddClearableExtendedAttributesConfigToRequestrxs]  # #E4 0( ++7  / / >  .,GT8D .rc|j|jj}d|jvr"tj|d|j n_d|jvr"tj|d|j n/d|jvr!tj|d|j|j!tj|d|j|j!tj|d|j|j!tj|d|j|j"tj|d |jyy) z6Set ExtraAttributesOauth2Client fields in the request.Nzazure-ad-groups-mailz@workforcePoolProvider.extraAttributesOauth2Client.attributesTypeazure-ad-groups-idzazure-ad-groups-display-namez:workforcePoolProvider.extraAttributesOauth2Client.clientIdzNworkforcePoolProvider.extraAttributesOauth2Client.clientSecret.value.plainTextz;workforcePoolProvider.extraAttributesOauth2Client.issuerUrizHworkforcePoolProvider.extraAttributesOauth2Client.queryParameters.filter) extra_attributes_type@GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2ClientAttributesTypeValueValuesEnumr rQAZURE_AD_GROUPS_MAILAZURE_AD_GROUPS_IDAZURE_AD_GROUPS_DISPLAY_NAMEextra_attributes_client_id$extra_attributes_client_secret_valueextra_attributes_issuer_uriextra_attributes_filterrrr response_types rrnrnsZ +QQoo!;!;;!!  L  , , !;!; ;!!  L  * * (4+E+E E!!  L  4 4  $$0 D ''  ..: X 11  %%1 E ((  !!- R $$.rc|jE|jj}d|jvr!tj|d|j |j !tj|d|j |j!tj|d|j|j!tj|d|j|j"tj|d|jyy)z9Set ExtendedAttributesOauth2Client fields in the request.NrzzCworkforcePoolProvider.extendedAttributesOauth2Client.attributesTypez=workforcePoolProvider.extendedAttributesOauth2Client.clientIdzQworkforcePoolProvider.extendedAttributesOauth2Client.clientSecret.value.plainTextz>workforcePoolProvider.extendedAttributesOauth2Client.issuerUrizKworkforcePoolProvider.extendedAttributesOauth2Client.queryParameters.filter) extended_attributes_typer|r}r rQrextended_attributes_client_id'extended_attributes_client_secret_valueextended_attributes_issuer_uriextended_attributes_filterrs rroro*s "".QQoot<<<!!  O  * *  ''3 G **  11= [ 44  ((4 H ++  $$0 U ''1rcg}|jr|jjd}|j|jr|jd|j|jd|j |jd|j |jd|j|jd|j|jd|rdj||_|S)zhAdds ExtraAttributesOauth2Client specific fieldmask entries to the update workforcePoolProvider request.,extraAttributesOauth2Clientz*extraAttributesOauth2Client.attributesTypez$extraAttributesOauth2Client.clientIdz8extraAttributesOauth2Client.clientSecret.value.plainTextz%extraAttributesOauth2Client.issuerUriz2extraAttributesOauth2Client.queryParameters.filter) rKsplitrtappendr{rrrrjoin unused_refrr mask_fieldss r!AddExtraAttributesConfigFieldMaskrPs+ $$**3/K ((4  , ,45 +CD $$0=> ..:B %%1>? !!-KL+.G .rcg}|jr|jjd}|j|jr|jd|j|jd|j |jd|j |jd|j|jd|j|jd|rdj||_|S)zkAdds ExtendedAttributesOauth2Client specific fieldmask entries to the update workforcePoolProvider request.rextendedAttributesOauth2Clientz-extendedAttributesOauth2Client.attributesTypez'extendedAttributesOauth2Client.clientIdz;extendedAttributesOauth2Client.clientSecret.value.plainTextz(extendedAttributesOauth2Client.issuerUriz5extendedAttributesOauth2Client.queryParameters.filter) rKrrwrrrrrrrrs r$AddExtendedAttributesConfigFieldMaskrks+ $$**3/K ++7  / /78 "".FG ''3@A 11=E ((4AB $$0NO+.G .rc~y)zClear the value for a flag.NrU)rs r ClearFlagrs rcN~|jstj|dd|S)z:Remove the flag from the request when it is not specified. hardDeleteN) hard_deleter rQ)rrrs rModifyHardDeleteFlagInRequestrs,     .rN))__doc__ __future__rrrgooglecloudsdk.api_lib.iamrgooglecloudsdk.api_lib.utilrgooglecloudsdk.callioperr r#googlecloudsdk.command_lib.iamr $googlecloudsdk.command_lib.util.apisr googlecloudsdk.corer rr&r+r9r<rArCrHrNrVr]rarjrqrurxrnrorrrrrUrrrs(&'+,/C3:#.    (4),&&/d#L66 r