4dZddlmZddlmZddlmZddlmZddlmZddlm Z ddl m Z dd l m Z dd l m Z dd l mZdd lmZdd lmZddlmZddlmZddlmZdZdZdZdZy)z+Utilities for storage surface IAM commands.)absolute_import)division)unicode_literals) cloud_api) gcs_iam_util)iam_util)errors)plurality_checkable_iterator) storage_url)wildcard_iterator)task) task_executor)task_graph_executor) task_status) task_utilcXtj|stj|Stj|t j j}tj|}|jrtjdt|djS)zEGets cloud resource, allowing wildcards that match only one resource.) fields_scopez2get-iam-policy must match a single cloud resource.r)r contains_wildcardr storage_url_from_stringget_wildcard_iteratorr FieldsScopeSHORTr PluralityCheckableIterator is_pluralr InvalidUrlErrorlist) url_stringresource_iterator%plurality_checkable_resource_iterators :lib/googlecloudsdk/command_lib/storage/iam_command_util.pyget_single_matching_urlr!#s  , ,Z 8  . .z ::'==y44::<#==>OP(+446  < >> 3 4Q 7 C CCc tj|}|jsQdtjt |j jtjjfStjj}tj|d|t!j"t j$j&d|}|dfS)a#Executes single or multiple set-IAM tasks with different handling. Args: iterator (iter[set_iam_policy_task._SetIamPolicyTask]): Contains set IAM task(s) to execute. continue_on_error (bool): If multiple tasks in iterator, determines whether to continue executing after an error. Returns: int: Status code. For multiple tasks, the task executor will return if any of the tasks failed. object|None: If executing a single task, the newly set IAM policy. This is useful for outputting to the terminal. rTN)increment_type manifest_path)parallelizabletask_status_queueprogress_manager_argscontinue_on_error)r rrr"get_first_matching_message_payloadnextexecutemessagesr TopicSET_IAM_POLICYrmultiprocessing_contextQueuer execute_tasksrProgressManagerArgs IncrementTypeINTEGER)iteratorr)!plurality_checkable_task_iteratorr' exit_codes r execute_set_iam_task_iteratorr94s #==hG$ + 4 4 6 i:: ./779BB !!# ##*AAGGI))')';;$22::$P) +) Dr"ctj|}tj|_tj |j j|j||j|j||||j}tj|jtj j"S)aExtracts new binding from args and applies to existing policy. Args: args (argparse Args): Contains flags user ran command with. url (CloudUrl): URL of target resource, already validated for type. messages (object): Must contain IAM data types needed to create new policy. policy (object): Existing IAM policy on target to update. task_type (set_iam_policy_task._SetIamPolicyTask): The task instance to use to execute the iam binding change. Returns: object: The updated IAM policy set in the cloud. )rValidateAndExtractConditionrIAM_POLICY_VERSIONversion"AddBindingToIamPolicyWithConditionPolicyBindingsValueListEntryExprmemberroler,rr*r-r r.r/)argsurlr-policy task_type condition task_outputs r add_iam_binding_to_resourcerJXs2248)22&. --oo,,hmmV kk499i)#v&..0+  5 5k6J6J6:jj6O6O QQr"cbtj|}tj|_tj ||j |j||j|||j}tj|jtjjS)aExtracts binding from args and removes it from existing policy. Args: args (argparse Args): Contains flags user ran command with. url (CloudUrl): URL of target resource, already validated for type. policy (object): Existing IAM policy on target to update. task_type (set_iam_policy_task._SetIamPolicyTask): The task instance to use to execute the iam binding change. Returns: object: The updated IAM policy set in the cloud. )rr;rr<r='RemoveBindingFromIamPolicyWithConditionrBrCallr,rr*r-r r.r/)rDrErFrGrHrIs r remove_iam_binding_from_resourcerNrs2248)22&. 2264;;3799i3788=#v&..0+  5 5k6J6J6:jj6O6O QQr"N)__doc__ __future__rrrgooglecloudsdk.api_lib.storagerrgooglecloudsdk.command_lib.iamr"googlecloudsdk.command_lib.storager r r r (googlecloudsdk.command_lib.storage.tasksr rrrrr!r9rJrNr"r rVsO2&'4735K:@9BH@>D"!HQ4Qr"