dZddlmZddlmZddlmZddlZddlZddlmZddl m Z ddl m Z dd l mZdd l mZdd lmZdd lmZdd lmZdd lmZdZdZdZdZe j6Gdde j8Zy)z0Generates YAML for anthos support RBAC policies.)absolute_import)division)unicode_literalsN) projects_api)client)base) resources)util)errors)log) propertieszTservice-{project_number}@gcp-sa-{instance_name}anthossupport.iam.gserviceaccount.comANTHOS_SUPPORTzgke-fleet-support-accessz7{membership_name}/rbacrolebindings/{rbacrolebinding_id}c,eZdZdZdZedZdZy)GetYamlzGenerates YAML for anthos support RBAC policies. ## EXAMPLES To generate the YAML for support access RBAC policies with membership `my-membership`, run: $ {command} my-membership ctjtj|j}t j }|t jk(rtj|dS|t jk(rtj|dS|t jk(rtj|dStjd)zGets P4SA account name for Anthos Support when user not specified. Args: project_id: the project ID of the resource. Returns: The P4SA account name for Anthos Support. )project_number instance_namezstaging-z autopush-gkehub)rGet projects_util ParseProject projectNumberr APIEndpointPROD_APIANTHOS_SUPPORT_USERformat STAGING_API AUTOPUSH_APIr UnknownApiEndpointOverrideError)self project_idrhub_endpoint_overrides Blib/surface/container/fleet/memberships/support_access/get_yaml.pyGetAnthosSupportUserzGetYaml.GetAnthosSupportUser5s"%%"":.m!,,. - ' ''r( $"2"2 2 ' ''z( $"3"3 3 ' ''{(  2 28 <<ctj|tjdtjddd|j dt tjdy)Nzp The membership name that you want to generate support access RBAC policies for. z The location of the membership resource, e.g. `us-central1`. If not specified, defaults to `global`. T)membership_help location_helpmembership_required positionalz--rbac-output-filezv If specified, the generated RBAC policy will be written to the designated local file. )typehelp)r AddMembershipResourceArgtextwrapdedent add_argumentstr)clsparsers r$Argsz GetYaml.ArgsQsk && )  oo'  !    __  r&ctjjjj }|j |}t jtj|t}tj|j}|j|t|d}|j r9t"j$j'dj|j n>t"j$j'dt"j$j'dt)j*|j r |j nd|j,ddd y) N)membership_namerbacrolebinding_id) release_trackz.Generated RBAC policy is written to file: {} zGenerated RBAC policy is: z--------------------------------------------- -TF) overwritebinaryprivate)r VALUEScoreproject GetOrFailr%RESOURCE_NAME_FORMATrr ParseMembershipArgROLE_BINDING_IDr FleetClient ReleaseTrack%GenerateMembershipRbacRoleBindingYaml ROLE_TYPErbac_output_filesysstdoutwriter WriteToFileOrStdoutroleBindingsYaml)r!argsr"username fleet_clientresponses r$Runz GetYaml.Rungs""''//99;J  $ $Z 0D  & &!44T:* ' ,D%%D4E4E4GHLAA it%H  jjHOO   !" jj56 jjGH!%!6!6C!! r&N)__name__ __module__ __qualname____doc__r% classmethodr5rTr&r$rr(s% =8*r&r)rX __future__rrrrJr/+googlecloudsdk.api_lib.cloudresourcemanagerr&googlecloudsdk.api_lib.container.fleetrgooglecloudsdk.callioper*googlecloudsdk.command_lib.container.fleetr r 6googlecloudsdk.command_lib.container.fleet.membershipsr #googlecloudsdk.command_lib.projectsrgooglecloudsdk.corer r rrHrDrBDefaultUniverseOnlyCommandrrZr&r$resr7&' D9(@;IE#*l  ,PWdllWWr&