>dZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l m Z dd l mZdd lmZdd lmZdd lmZej.ej0j2ej0j4Gddej6Zy)z?Command to authorize a service agent to manage other resources.)absolute_import)division)unicode_literals) projects_api)lake) storage_api) storage_util)apis) exceptions)base) resource_args)utilcXeZdZdZddiZedZejddZ y) AuthorizezAuthorize a service agent to manage resources. The service agent for the primary project will be granted an IAM role on a secondary project, a Cloud Storage bucket, or a BigQuery dataset. EXAMPLESa To authorize the service agent in project `test-project` to manage resources in the project `test-project2`, run: $ {command} --project=test-project --project-resource=test-project2 To authorize the service agent in project `test-project` to manage the Cloud Storage bucket `dataplex-storage-bucket`, run: $ {command} --project=test-project --storage-bucket-resource=dataplex-storage-bucket To authorize the service agent in project `test-project` to manage the BigQuery dataset `test-dataset` in project `test-project2`, run: $ {command} --project=test-project --bigquery-dataset-resource=test-dataset --secondary-project=test-project2 ctj|d|jddd}|jdd|jdd |jd }|jd dd |jddd y)Nz(to grant a role to the service agent in.Tz;The resource on which to grant a role to the service agent.)mutexrequiredhelpz--storage-bucket-resourcezNThe identifier of the Cloud Storage bucket that the service agent will manage.)rz--project-resourcezLThe identifier of the project whose resources the service agent will manage.z(Fields to identify the BigQuery dataset.z--bigquery-dataset-resourcezJThe identifier of the BigQuery dataset that the service agent will manage.)rrz--secondary-projectzDThe identifier of the project where the BigQuery dataset is located.)r AddProjectArg add_group add_argument)parser data_group dataset_groups 'lib/surface/dataplex/lakes/authorize.pyArgszAuthorize.Args<s:!! J"J # a (( 7)M%    z-Status code: {status_code}. {status_message}.c0|jjj}dtt j |j zdz}|jdrEtjjtj|jd|zdS|jdrtjddj!|j"|j$ }tj&ddj(j+| }t-j.tjddj0j2||dtj&ddj(j5tjddj7|j"|j$| S|jd r7t9jt j:|j<d|zdSy) Nzservice-z(@gcp-sa-dataplex.iam.gserviceaccount.comstorage_bucket_resourcezserviceAccount:zroles/dataplex.serviceAgentbigquery_dataset_resourcebigqueryv2) datasetId projectId)request)r$r%datasetproject_resource)CONCEPTSprojectParsestr project_utilGetProjectNumber projectsId IsSpecifiedr StorageClientAddIamPolicyBindingr BucketReferencer r GetMessagesModuleBigqueryDatasetsGetRequestr!secondary_projectGetClientInstancedatasetsGetr AddServiceAccountToDatasetPolicyDatasetAccessValueListEntryPatchBigqueryDatasetsPatchRequestr ParseProjectr()selfargs project_refservice_accountget_dataset_requestr's rRunz Authorize.Runes--''--/K 3%%k&<&<=$23O 12  & & ( < <  & &t'C'C D o -/LNN 34 22 d6666..70&& d$HSS1DS%E ++  T 2 : : O O ?$AC # #J 5 > > D D  T 2 O O66.. P    *+  - -  # #D$9$9 : o -/LNN,rN) __name__ __module__ __qualname____doc__ detailed_help staticmethodrgcloud_exception CatchHTTPErrorRaiseHTTPExceptionrErrrr!sT-&&&P54457N7NrrN)rI __future__rrr+googlecloudsdk.api_lib.cloudresourcemanagerrgooglecloudsdk.api_lib.dataplexrgooglecloudsdk.api_lib.storagerr googlecloudsdk.api_lib.utilr r rLgooglecloudsdk.callioper #googlecloudsdk.command_lib.dataplexr #googlecloudsdk.command_lib.projectsrr- ReleaseTracks ReleaseTrackALPHAGACommandrrNrrr\s~F''D067,F(=DD%%++T->->-A-ABcN cNCcNr