.-rdZddlmZddlmZddlmZddlmZddlmZdZdZ d Z d Z d Z dd Z dd Zy)z*Common flags for workforce pools commands.)absolute_import)division)unicode_literals) arg_parsers)basecZ|jddj|dk(rdnd|dy)Nz--organizationz8The parent organization of the workforce pool{0} to {1}.listsThelprequired add_argumentformatparserverbs ;lib/googlecloudsdk/command_lib/iam/workforce_pools/flags.pyAddParentFlagsrs8 E L L#R  cZ|jddj|dk(rdnd|dy)Nz --locationz-The location of the workforce pool{0} to {1}.r r r Tr rrs rAddLocationFlagr"s8 : A A#R  rc\|jdsydj|jS)Nlocationzlocations/globalz locations/{}) IsSpecifiedrr)argss r ParseLocationr,s(  * %    t}} --rcztjddddd}tjddddd }tjd }|j||jt d tjd }|j||jt d ||gS) zCreates an ArgumentGroup for ExtraAttributesOAuth2Client and ExtendedAttributesOAuth2Client Attributes for the update-oidc command.z--clear-extra-attributes-configclear_extra_attributes_config store_trueFz)Clear the extra attributes configuration.)destactionrr z"--clear-extended-attributes-config clear_extended_attributes_configz,Clear the extended attributes configuration.T)mutex)r)rArgument ArgumentGroup AddArgument*ExtraAttributesOAuth2ClientAttributesGroup-ExtendedAttributesOAuth2ClientAttributesGroup)!clear_extra_attributes_config_arg$clear_extended_attributes_config_arg clearable_extra_attributes_group#clearable_extended_attributes_groups r2AddClearableExtraAndExtendedAttributesOAuth2Clientr/2s&*mm' *  6 '#*.* -  9 *&&*%7%7d%C""..'#..0%@)-(:(: )%&11*&113UC +,O PPrc*ttgS)zCreates an ArgumentGroup for ExtraAttributesOAuth2Client and ExtendedAttributesOAuth2Client Attributes for the create-oidc command.)r)r*rr)AddExtraAndExtendedAttributesOAuth2Clientr2Ws1235 rc :tjddt|dd}tjddt|dd }tjd d t|d d }tjddtjgddgdd|dd}tjddtddd}tj }|j ||j ||j ||j ||j ||S)zDCreates an ArgumentGroup for ExtraAttributesOAuth2Client Attributes.z--extra-attributes-client-idextra_attributes_client_idEXTRA_ATTRIBUTES_CLIENT_IDzThe OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the access token using client credentials grant flow.r"typermetavarr z&--extra-attributes-client-secret-value$extra_attributes_client_secret_value$EXTRA_ATTRIBUTES_CLIENT_SECRET_VALUEzThe OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the access token using client credentials grant flow.z--extra-attributes-issuer-uriextra_attributes_issuer_uriEXTRA_ATTRIBUTES_ISSUER_URIOIDC identity provider's issuer URI. Must be a valid URI using the `https` scheme. Required to get the OIDC discovery document.z--extra-attributes-typeextra_attributes_type)zazure-ad-groups-mailazure-ad-groups-idazure-ad-groups-display-namer@)choiceshidden_choices max_length min_lengthEXTRA_ATTRIBUTES_TYPEKRepresents the identity provider and type of claims that should be fetched.z--extra-attributes-filterextra_attributes_filterFEXTRA_ATTRIBUTES_FILTERaThe filter used to request specific records from the IdP. By default, all of the groups that are associated with a user are fetched. For Microsoft Entra ID, you can add `$search` query parameters using [Keyword Query Language] (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). To learn more about `$search` querying in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.microsoft.com/en-us/graph/search-query-parameter). Additionally, Workforce Identity Federation automatically adds the following [`$filter` query parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based on the value of `attributes_type`. Values passed to `filter` are converted to `$search` query parameters. Additional `$filter` query parameters cannot be added using this field. * `AZURE_AD_GROUPS_MAIL`: `mailEnabled` and `securityEnabled` filters are applied. * `AZURE_AD_GROUPS_ID`: `securityEnabled` filter is applied.rr&strrArgListr'r()rextra_attributes_client_id_arg(extra_attributes_client_secret_value_argextra_attributes_issuer_uri_argextra_attributes_type_argextra_attributes_filter_argcreate_extra_attributes_groups rr)r)_s?#'==$ ' * % $ .2]]. 1 4 , .*%)MM% ( +  %!#mm "    99 % !(!% ! $ ' !6#'"4"4"6++,JK++. ++,KL++,EF++,GH &&rc 4tjddt|dd}tjddt|dd }tjd d t|d d }tjddtjdgdd|dd}tjddtddd}tj }|j ||j ||j ||j ||j ||S)zGCreates an ArgumentGroup for ExtendedAttributesOAuth2Client Attributes.z--extended-attributes-client-idextended_attributes_client_idEXTENDED_ATTRIBUTES_CLIENT_IDzThe OAuth 2.0 client ID for retrieving extended attributes from the identity provider. Required to get extended group memberships for a subset of Google Cloud products.r6z)--extended-attributes-client-secret-value'extended_attributes_client_secret_value'EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUEzThe OAuth 2.0 client secret for retrieving extended attributes from the identity provider. Required to get extended group memberships for a subset of Google Cloud products.z --extended-attributes-issuer-uriextended_attributes_issuer_uriEXTENDED_ATTRIBUTES_ISSUER_URIr=z--extended-attributes-typeextended_attributes_typer?rA)rBrDrEEXTENDED_ATTRIBUTES_TYPErGz--extended-attributes-filterextended_attributes_filterFEXTENDED_ATTRIBUTES_FILTERaThe filter used to request specific records from the IdP. By default, all of the groups that are associated with a user are fetched. For Microsoft Entra ID, you can add `$search` query parameters using [Keyword Query Language] (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). To learn more about `$search` querying in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.microsoft.com/en-us/graph/search-query-parameter). Additionally, Workforce Identity Federation automatically adds the following [`$filter` query parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based on the value of `attributes_type`. Values passed to `filter` are converted to `$search` query parameters. Additional `$filter` query parameters cannot be added using this field. * `AZURE_AD_GROUPS_ID`: `securityEnabled` filter is applied.rJ)r!extended_attributes_client_id_arg+extended_attributes_client_secret_value_arg"extended_attributes_issuer_uri_argextended_attributes_type_argextended_attributes_filter_arg create_extended_attributes_groups rr*r*sE&*mm' * - 0 '#15 1 4 7 4 1-(,}}( + .  ($"&" %   "   ( ""$(==$ ' * H$ 0&*%7%7%9""..'#..1#..(#../KL"../MN ))rN)T)__doc__ __future__rrrgooglecloudsdk.callioperrrrrr/r2r)r*r1rrrgsA1&'/(. "QJa'H_*r