^dZddlmZddlmZddlmZddlmZddlmZddlmZddl m Z dd l m Z dd l m Zdd lmZdd lmZdd lmZdEdZdEdZdEdZdEdZdEdZdEdZdEdZdEdZdEdZdFdZdEdZdEdZdEdZ dZ!dZ"dZ#dEdZ$dEd Z% dEd!ejLd"e'd#dfd$Z(d%Z)d&Z*d'Z+d(Z,d)Z-d*Z.dEd+Z/d,Z0dGd-Z1dHd.Z2 dId/Z3d0Z4d1Z5d2Z6d3Z7d4Z8d5Z9d6Z:d7Z;d8Zd;Z?d<Z@d=ZAd>ZBd?ZCdJd@eDdAeDfdBZEdCZFdKdDZGy)Lz$Shared resource arguments and flags.)absolute_import)division)unicode_literals) arg_parsers)base)parser_arguments)concepts) multitype) completers)concept_parsers)presentation_specs) resourcesc D|jtd|fddd|y)Nz data-filePATHz]File path from which to read secret data. Set this to "-" to read the secret data from stdin.metavarhelp add_argument _ArgOrFlagparser positionalkwargss .lib/googlecloudsdk/command_lib/secrets/args.py AddDataFiler#s3&j) *  c D|jtd|fddd|y)Nzout-filez OUT-FILE-PATHz~File path to which secret data is written. If this flag is not provided secret data will be written to stdout in UTF-8 format.rrrs r AddOutFiler,s4&Z( N  rc tjjdtd|t dd|j |y)NprojectzThe project ID.name resource_spec group_help)r ConceptParser ForResourcerGetProjectResourceSpec AddToParserrs r AddProjectr+5sD++ i ,*,"   F#rc tjjdtd|t dj |d|j |y)NlocationzThe location {}.r"r&)r r'r(rGetLocationResourceSpecformatr*rpurposerrs r AddLocationr2=sO++ j* -+-#**73   F#rc D|jtd|fddd|y)Nreplication-policy-fileREPLICATION-POLICY-FILEJSON or YAML file to use to read the replication policy. The file must conform to https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets#replication.Set this to "-" to read from stdin.rrrs rAddReplicationPolicyFiler7Es4&*J7' 0  rc D|jtd|fddd|y)N kms-key-name KMS-KEY-NAMEyGlobal KMS key with which to encrypt and decrypt the secret. Only valid for secrets with an automatic replication policy.rrrs r AddKmsKeyNamer<Qs4&, F  rc D|jtd|fddd|y)N set-kms-key SET-KMS-KEYENew KMS key with which to encrypt and decrypt future secret versions.rrrs rAddSetKmsKeyNamerAZs1& + Q   rc D|jtd|fddd|y)N remove-cmek store_truetRemove customer managed encryption key so that future versions will be encrypted by a Google managed encryption key.actionrrrs r AddRemoveCmekrHds3& +  =   rc D|jtd|fddd|y)Nr-REPLICA-LOCATIONdLocation of replica to update. For secrets with automatic replication policies, this can be omitted.rrrs rAddReplicaLocationrLns3&Z(  9  rNc |dj|}tjjdt d|t |d|j |y)a7Add secret resource argument to the parser. Args: parser: The parser to add the argument to. purpose: The purpose of the secret, used to generate the help text. positional: Whether the argument is positional. help_text: The help text to use for the argument. **kwargs: Extra arguments. NzThe secret {}.secretr"r&)r/r r'r(rGetSecretResourceSpecr*)rr1r help_textrs r AddSecretrQws\ ''0I++ h +)+   Krc tjjdtd|t dj |d|j |y)NversionzNumeric secret version {}.r"r&r r'r(rGetVersionResourceSpecr/r*r0s r AddVersionrVsO++ i ,*,.66w?   F#rc tjjdtd|t dj |d|j |y)NrSz_Numeric secret version {} or a configured alias (including 'latest' to use the latest version).r"r&rTr0s rAddVersionOrAliasrXsM++ i ,*, mw     F#rc |jtd|fdtjtjdd|y)NtopicsTOPICSz2List of Pub/Sub topics to configure on the secret.rtyperGr)rrrArgList UpdateActionrs r AddTopicsr`sF&:&     % % @   rcf|jdd}|jtdddtjtj d|jtd dd tjtj d |jtd dd dy)z2Add flags for specifying topics on secret updates.TzTopics.mutexrz add-topicsFz ADD-TOPICSz,List of Pub/Sub topics to add to the secret.r\z remove-topicsz REMOVE-TOPICSz1List of Pub/Sub topics to remove from the secret.z clear-topicsrDz)Clear all Pub/Sub topics from the secret.rFN) add_grouprrrr^r_rgroups rAddUpdateTopicsGrouprgs   I  6%u%     % % : = %(     % % ? B '  7:rc|jdd}|jtdddd|jd }|jtd dd d |jtddddy)z4Add flags for specifying replication policy updates.TzReplication update.rbrCFrDrErFz CMEK Update.rr>r?r@rr-rJrKNrdrrrrfsubgroups rAddUpdateReplicationGrouprms   ,A  B%&  = ? __._ 1( & Q   U#  9;rc|jdd}|jtdddd|jd }|jtd dd d |jtdddd|jtddtjdtj dy)z?Add flags for specifying replication policy on secret creation.TzReplication policy.rbr4Fr5r6rzInline replication arguments.rizreplication-policyPOLICYzThe type of replication policy to apply to this secret. Allowed values are "automatic" and "user-managed". If user-managed then --locations must also be provided.r9r:r; locationsLOCATIONzKComma-separated list of locations in which the secret should be replicated.)rGrr]rN)rdrrrr_r^rks rAddCreateReplicationPolicyGrouprrs   ,A  B%*E2' 0 2__"A_ B( %u- 13  ' FH  e$  % %      rc j|jtd|fdtjdd|y)z?Add flags for specifying version destroy ttl on secret creates.version-destroy-ttlVERSION-DESTROY-TTLa8Secret Version Time To Live (TTL) after destruction request. For secret with TTL>0, version destruction does not happen immediately on calling destroy; instead, the version goes to a disabled state and destruction happens after the TTL expires. See `$ gcloud topic datetimes` for information on duration formats.rr]rN)rrrDurationrs rAddCreateVersionDestroyTTLrxsA&& 3 #    ! P   rc |jdd}|jtd|fdtjdd||jtdd fd d d |y )z?Add flags for specifying version destroy ttl on secret updates.TzVersion destroy ttl.rbrtrua)Secret Version TTL after destruction request. For secret with TTL>0, version destruction does not happen immediately on calling destroy; instead, the version goes to a disabled state and destruction happens after the TTL expires. See `$ gcloud topic datetimes` for information on duration formats.rvzremove-version-destroy-ttlFrDz8If set, removes the version destroy TTL from the secret.rFN)rdrrrrwrrrrfs rAddUpdateVersionDestroyTTLr{s   ,B  C%%& 3 #    ! P   %-u5  E  rrrreturnc |jdd}|jtd|fddd||jtdd fd d d |y )zAdd flags for specifying regional cmek on secret updates. Args: parser: Given argument parser. positional : Whether the argument is positional. **kwargs: Extra arguments. Tzregional kms key.rbregional-kms-key-namezREGIONAL-KMS-KEY-NAMEz*regional kms key name for regional secret.rzremove-regional-kms-key-nameFrDz%If set, removes the regional kms key.rFNrjrzs rAddUpdateRegionalKmsKeyrs|   ,?  @%%(*5% 7   %/7  2  rc|jdd}|jtdddd|jtd dd d y ) z6Add flags for specifying expiration on secret creates.T Expiration.rb expire-timeF EXPIRE-TIME6Timestamp at which to automatically delete the secret.rttlTTLhDuration of time (in seconds) from the running of the command until the secret is automatically deleted.Nrjres rAddCreateExpirationGroupr:sd   M  :%& DG 1 3rc|jdd}|jtdddd|jtd dd d |jtd dd dy)z7Add flags for specifying expiration on secret updates..TrrbrFrrrrrrzremove-expirationrDzAIf set, removes scheduled expiration from secret (if it had one).rFNrjres rAddUpdateExpirationGrouprJs   M  :%& DG 1 3 $e,  M Prc|jdd}|jtddd|jtdddy ) z4Add flags for specifying rotation on secret creates.F Rotation.rbnext-rotation-time1Timestamp at which to send rotation notification.rirotation-period=Duration of time (in seconds) between rotation notifications.Nrjres rAddCreateRotationGroupr_s_   [  9%%u- ?B"E* KNrcR|jdd}|jtddd|jtdddd |jtd dd |jtd ddd |jtdddd y)z5Add flags for specifying rotation on secret updates..Frrbrrrizremove-next-rotation-timerDz8Remove timestamp at which to send rotation notification.rFrrzremove-rotation-periodzVIf set, removes the rotation period, cancelling all rotations except for the next one.zremove-rotation-schedulez.If set, removes rotation policy from a secret.Nrjres rAddUpdateRotationGrouprks   [  9%%u- ?B,e4  FI"E* KN)51  %  +U3  <?rc`|jtddddj|y)z0Add flag for specifying the current secret etag.etagFETAGzCurrent entity tag (ETag) of the secret. If specified, the secret is {action} only if the ETag provided matches the current secret's ETag.rGrNrrr/rrGs r AddSecretEtagrs5  frc`|jtddddj|y)z8Add flag for specifying the current secret version etag.rFrzCurrent entity tag (ETag) of the secret version. If specified, the version is {action} only if the ETag provided matches the current version's ETag.rrNrrs rAddVersionEtagrs5  frc D|jtd|fddd|y)z2Add flag for specifying the regional KMS key name.r~r:z_Regional KMS key with which to encrypt and decrypt the secret. Only valid for regional secrets.rNrrs rAddRegionalKmsKeyNamers4&(*5 (  rch|r |jjddSdj|S)zReturns the argument name in resource argument format or flag format. Args: name (str): name of the argument positional (bool): whether the argument is positional Returns: arg (str): the argument or flag -_z--{})upperreplacer/)r#rs rrrs/ ::<  S )) t rc tjdttfddi|}t j t jd||ddgj|y)aAdds a secret resource. Secret resource can be global secret or regional secret. If command has "--location" then regional secret will be created or else global secret will be created. Regionl secret - projects//locations//secrets/ Global secret - projects//secrets/ Args: parser: given argument parser purpose: help text **kwargs: extra arguments zglobal or regional secretallow_inactiveTrNrequiredhiddenN) r MultitypeResourceSpecrOGetRegionalSecretResourceSpecr r'r !MultitypeResourcePresentationSpecr*)rr1rsecret_or_region_secret_specs rAddGlobalOrRegionalSecretrsv"+!@!@!#%" "  "::  &  ![rc tjdttfddi|}t j t jd||ddgj|y)zAdds a version resource. Args: parser: given argument parser purpose: help text **kwargs: extra arguments !global or regional secret versionrTrSrN r rrUGetRegionalVersionResourceSpecr r'r rr*rr1rglobal_or_region_version_specs rAddGlobalOrRegionalVersionrsv#,"A"A)$&# #  #::  '  ![rc tjdttfddi|}t j t jd||ddgj|y)zAdds a version resource or alias. Args: parser: given argument parser purpose: help text **kwargs: extra arguments rrTrSrNrrs r!AddGlobalOrRegionalVersionOrAliasrsv#,"A"A)$&# #  #::  '  ![rc"tjS)N)r DEFAULT_PROJECT_ATTRIBUTE_CONFIGr&rrGetProjectAttributeConfigrs  2 22rc8tjddddidS)Nr-zThe location of the {resource}. fieldMaskr#r#rPcompletion_request_paramscompletion_id_fieldr ResourceParameterAttributeConfigr&rrGetLocationAttributeConfigrs&  2 2 1!,f 5  ""rc8tjddddidS)z3Returns the attribute config for location resource.r-z.[EXPERIMENTAL] The location of the {resource}.rr#rrr&rr"GetLocationResourceAttributeConfigr"s&  2 2  :!,f 5  rcNtjddtjS)NrNThe secret of the {resource}.r#rP completerr rsecrets_completersSecretsCompleterr&rrGetSecretAttributeConfigr.s$  2 2 /"33 55rcNtjddtjS)z1Returns the attribute config for regional secret.rNrrrr&rr GetRegionalSecretAttributeConfigr5s$  2 2 /"33 rc8tjddddidS)NrSThe version of the {resource}.rr#rrr&rrGetVersionAttributeConfigr>s&  2 2 0!,f 5  ""rc8tjddddidS)z9Returns the attribute config for regional secret version.rSrrr#rrr&rr!GetRegionalVersionAttributeConfigrFs&  2 2 0!,f 5  rcFtjddddtS)Nzsecretmanager.projectsr!projectsF)resource_collection resource_name plural_namedisable_auto_completers projectsId)r ResourceSpecrr&rrr)r)Ss'   2#*,  ..rc XtjddddttS)Nz secretmanager.projects.locationsr-rpF)rrrr locationsIdr)r rrrr&rrr.r.\s-   <#,.*,  ..rc XtjddddttS)Nsecretmanager.projects.secretsrNsecretsF)rrrr secretsIdr)r rrrr&rrrOrOfs-   :#(**,  ..rc jtjddddttt S)N'secretmanager.projects.secrets.versionsrSF)rrr versionsIdrr)r rrrrr&rrrUrUps3   /#*,(**, ..rc jtjddddttt S)z.Returns the resource spec for regional secret.z(secretmanager.projects.locations.secretszregional secretrF)rrrrrrr)r rrrrr&rrrr{s3   D%#02*,46 rc |tjddddttt t S)z6Returns the resource spec for regional secret version.1secretmanager.projects.locations.secrets.versionszregional versionrSF)rrrrrrrr)r rrrrrr&rrrrs9   M&#2402*,46  rcDtjj|dS)Nr collectionrREGISTRYParserefs rParseSecretRefrs&    ! ! 6 " rcDtjj|dS)Nrrrrs rParseVersionRefrs&    ! ! ? " rcDtjj|dS)zParses regional section version into 'secretmanager.projects.locations.secrets.versions' format . Args: ref: resource name of regional secret version. Returns: Parsed secret version. rrrrs rParseRegionalVersionRefrs(    ! ! I " rr api_versioncfd}|S)aAReturns a function which turns a resource into a uri. Example: class List(base.ListCommand): def GetUriFunc(self): return MakeGetUriFunc(self) Args: collection: A command instance. api_version: api_version to be displayed. Returns: A function which can be returned in GetUriFunc. ctjj}|jd|j |j }|j S)N secretmanagerr)rrCloneRegisterApiByNamerr#SelfLink)resourceregistryparsedrrs r_GetUrizMakeGetUriFunc.._GetUrisJ!!'')H  < ^^HMMj^ AF ?? rr&)rrrs`` rMakeGetUriFuncrs  .rc gd}tjddtjtjdj |S)z(Makes the base.Argument for --tags flag.)z%List of tags KEY=VALUE pairs to bind.zEach item must be expressed asz4`=`. z?Example: `123/environment=production,123/costCenter=marketing` z--tagsz KEY=VALUE r\)rArgumentrArgDictr_join) help_partss r GetTagsArgrsC*      % % 99Z  rc t||}|sy|t|jDcgc]\}}|j||c}}Scc}}w)zMakes the tags message object.N)keyvalue)additionalProperties)getattrsorteditemsAdditionalProperty)args tags_message tags_arg_nametagsrr s rGetTagsFromArgsrs` } %$  tzz|,,.,*#u%%#U%;,,. //,.sA )F)FN)zcreate a secret)zcreate a version)zcreate a version alias)v1)r)H__doc__ __future__rrrgooglecloudsdk.callioperrr googlecloudsdk.calliope.conceptsr r "googlecloudsdk.command_lib.secretsr r(googlecloudsdk.command_lib.util.conceptsr r googlecloudsdk.corerrrr+r2r7r<rArHrLrQrVrXr`rgrmrrrxr{ArgumentInterceptorboolrrrrrrrrrrrrrrrrrrrr)r.rOrUrrrrrstrrrrr&rrr s`+&'/(456ODG) $$ ($$:,;.D"4  0 0 6 3 P* N?6    B8-@3" 5"....  "  s2"/r