z >dZddlmZddlmZddlmZddlmZddlmZddd Z d Z d Z ejejjGd d ejZejejj"GddeZy)z+Command AnalyzeOrgPolicyGovernedAssets API.)absolute_import)division)unicode_literals) client_util)basezE Analyze organization policies governed assets under a scope. z To list 10 assets governed by a constraint in an organization, run: $ {command} --scope=organizations/YOUR_ORG_ID --constraint=YOUR_CONSTRAINT_NAME --limit=10 ) DESCRIPTIONEXAMPLESc.|jddddy)Nz--scopeSCOPETa Scope can only be an organization. The analysis is limited to the Cloud organization policies and assets within this scope. The caller must be granted the `cloudasset.assets.searchAllResources` and `cloudasset.assets.searchAllIamPolicies` permission on the desired scope. The allowed values are: * ```organizations/{ORGANIZATION_NUMBER}``` (e.g. ``organizations/123456'') metavarrequiredhelp add_argumentparsers 7lib/surface/asset/analyze_org_policy_governed_assets.pyAddScopeArgumentr(s#  c.|jddddy)Nz --constraint CONSTRAINTTa The name of the constraint to analyze organization policies for. The response only contains analyzed organization policies for the provided constraint. Examples: * organizations/{ORGANIZATION_NUMBER}/customConstraints/{CUSTOM_CONSTRAINT_NAME} for a user-defined custom constraint. * organizations/{ORGANIZATION_NUMBER}/constraints/{CANNED_CONSTRAINT_NAME} for a gcp-service-defined canned constraint. r rrs rAddConstraintArgumentr9s# rc*eZdZdZeZedZdZy)AnalyzeOrgPolicyGovernedAssetsrCs2&'4(     ",D%%**+ 7T%5%5 7, 7 D%%(() 7'E 7* 7r