2dZddlmZddlmZddlmZddlmZddlmZddlmZddl m Z dd l m Z dd l m Z dd l m Z dd lmZdd lmZej"ej$ej&j(Gddej*Zy)z.Implements the command to upload an SBOM file.)absolute_import)division)unicode_literals) arg_parsers)base) exceptions) endpoint_util)flags) sbom_util)util)log) propertiesc0eZdZdZdddZedZdZy)Loadz6Upload an SBOM file and create a reference occurrence.z {description}a To upload an SBOM file at /path/to/sbom.json for a Docker image in Artifact Registry: $ {command} --source=/path/to/sbom.json --uri=us-west1-docker.pkg.dev/my-project/my-repository/busy-box@sha256:abcxyz To upload an SBOM file at /path/to/sbom.json for a Docker image with a KMS key version to sign the created SBOM reference: $ {command} --source=/path/to/sbom.json --uri=us-west1-docker.pkg.dev/my-project/my-repository/busy-box@sha256:abcxyz --kms-key-version=projects/my-project/locations/us-west1/keyRings/my-key-ring/cryptoKeys/my-key/cryptoKeyVersions/1 To upload an SBOM file at /path/to/sbom.json for a Docker image from a Docker registry: $ {command} --source=/path/to/sbom.json --uri=my-docker-registry/my-image@sha256:abcxyz --destination=gs://my-cloud-storage-bucket ) DESCRIPTIONEXAMPLESc J|jddddd|jdddd |jd d d dtjdd|jddd ddtjddtjj |y )z[Set up arguments for this command. Args: parser: An argparse.ArgumentPaser. z--sourceSOURCET.zThe SBOM file for uploading.)metavarrequireddefaulthelpz--uri ARTIFACT_URIa The URI of the artifact the SBOM is generated from. The URI can be a Docker image from any Docker registries. A URI provided with a tag (e.g. `[IMAGE]:[TAG]`) will be resolved into a URI with a digest (`[IMAGE]@sha256:[DIGEST]`). When passing an image which is not from Artifact Registry or Container Registry with a tag, only public images can be resolved. Also, when passing an image which is not from Artifact Registry or Container Registry, the `--destination` flag is required. )rrrz--kms-key-versionNa# Cloud KMS key version to sign the SBOM reference. The key version provided should be the resource ID in the format of `projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]/cryptoKeyVersions/[KEY_VERSION]`. FzX^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+/cryptoKeyVersions/[^/]+$zMust be in format of 'projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]/cryptoKeyVersions/[KEY_VERSION]')rrrtypez --destination DESTINATIONz The storage path will be used to store the SBOM file. Currently only supports Cloud Storage paths start with 'gs://'. z ^gs://.*$z(Must be in format of gs://[STORAGE_PATH])rrrrr) add_argumentrRegexpValidatorr GetOptionalAALocationFlag AddToParser)parsers "lib/surface/artifacts/sbom/load.pyArgsz Load.Args;s  +        ( ( gO $   ( ( D   ##%11&9c tj|j}tjdj |j |j|jstjddtj|j}tjdj |j|j|j|jj!ddtj"|j$k(r"|j&stjddtj(|j|||j& }tjd j ||j}|so|jxs2t*j,j.jj1}tjd j |j|t3j4||j}t7j8|j5tj:|||||j< }d d d tjdj tj>jAdj |jCy #1swYjxYw)zRun the load command.z3Successfully loaded the SBOM file. Format: {0}-{1}.rz--uri is required.zFProcessed artifact. Project: {0}, Location: {1}, URI: {2}, Digest {3}.sha256rzT--destination is required for images not in Artifact Registry or Container Registry.)sourceartifactsbomgcs_pathzUploaded the SBOM file at {0}zUFailed to get project_id from the artifact URI {0}. Using project {1} for occurrence.)r) project_idstorager*kms_key_versionNzWrote reference occurrence {0}.z1Uploaded the SBOM file under the resource URI {}.)"r ParseJsonSbomr(r infoformat sbom_formatversionurirInvalidArgumentExceptionProcessArtifactprojectlocation resource_uridigestsgetARTIFACT_TYPE_OTHER artifact_type destinationUploadSbomToGCSrVALUEScore GetOrFailr GetParentr WithRegionWriteReferenceOccurrencer.statusPrintGetOccurrenceResourceUri)selfargssa remote_pathr,parent occurrence_ids r"RunzLoad.Runvs*  ,AHH=DD MM199  88  / /    !!$((+AHH C & IIqzz1>>199==23N  %%8   / / % ++{{ !! K HH , 3 3K @A J <<M:#4#4#9#9#A#A#K#K#Mj hh- F488Z (  ^^J 6F  ! !$-- 088.. m 1HH . 5 5m DEJJ;BB & & (  1 0s %KKN)__name__ __module__ __qualname____doc__ detailed_help staticmethodr#rPr$r"rr s3?%-,8:8:tIr$rN)rT __future__rrrgooglecloudsdk.callioperrr$googlecloudsdk.command_lib.artifactsr r r r googlecloudsdk.corer rDefaultUniverseOnly ReleaseTracks ReleaseTrackGACommandrrWr$r"rasw5&'/(.>6:5#*D%%(()]4<<]*]r$