2dZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l m Zdd lmZdd lmZdd lmZej,ej.j0ej.j2Gd dej4Zy)z?Command to deauthorize a service agent from managing resources.)absolute_import)division)unicode_literals) projects_api)lake) storage_util)apis) exceptions)base) resource_args)utilcXeZdZdZddiZedZejddZ y)DeauthorizeLakezDeauthorize a service agent from managing resources. The service agent for the primary project will have its IAM role revoked from a secondary project, a Cloud Storage bucket, or a BigQuery dataset. EXAMPLESa To deauthorize the service agent in project `test-project` from managing resources in the project `test-project2`, run: $ {command} --project=test-project --project-resource=test-project2 To deauthorize the service agent in project `test-project` from managing the Cloud Storage bucket `dataplex-storage-bucket`, run: $ {command} --project=test-project --storage-bucket-resource=dataplex-storage-bucket To deauthorize the service agent in project `test-project` from managing the BigQuery dataset `test-dataset` in project `test-project2`, run: $ {command} --project=test-project --bigquery-dataset-resource=test-dataset --secondary-project=test-project2 ctj|d|jddd}|jdd|jdd |jd }|jd dd |jddd y)Nz+to revoke a role from the service agent in.Tz@The resource for which the service agent's role will be revoked.)mutexrequiredhelpz--storage-bucket-resourcezXThe identifier of the Cloud Storage bucket that the service agent will no longer manage.)rz--project-resourcezVThe identifier of the project whose resources the service agent will no longer manage.z(Fields to identify the BigQuery dataset.z--bigquery-dataset-resourcezTThe identifier of the BigQuery dataset that the service agent will no longer manage.)rrz--secondary-projectzDThe identifier of the project where the BigQuery dataset is located.)r AddProjectArg add_group add_argument)parser data_group dataset_groups )lib/surface/dataplex/lakes/deauthorize.pyArgszDeauthorizeLake.Args:s5!! O"J # k &(( 7)M% g   z-Status code: {status_code}. {status_message}.c|jjj}dtt j |j zdz}|jdr7tjtj|jd|zdS|jdrtjddj|j |j" }tj$ddj&j)| }tj*||dtj$ddj&j-tjddj/|j |j"| S|jd r7t1j2t j4|j6d|zdSy) Nzservice-z(@gcp-sa-dataplex.iam.gserviceaccount.comstorage_bucket_resourcezserviceAccount:zroles/dataplex.serviceAgentbigquery_dataset_resourcebigqueryv2) datasetId projectId)request)r#r$datasetproject_resource)CONCEPTSprojectParsestr project_utilGetProjectNumber projectsId IsSpecifiedr$RemoveServiceAccountFromBucketPolicyrBucketReferencerr GetMessagesModuleBigqueryDatasetsGetRequestr secondary_projectGetClientInstancedatasetsGet%RemoveServiceAccountFromDatasetPolicyPatchBigqueryDatasetsPatchRequestrRemoveIamPolicyBinding ParseProjectr')selfargslake_refservice_accountget_dataset_requestr&s rRunzDeauthorizeLake.Runas}}$$**,H 3%%    !$""$NOO 12  6 6  & &t'C'C D o -/LNN 34 22 d6666..70&& d$HSS1DS%E 00/1NP  # #J 5 > > D D  T 2 O O66.. P    *+  0 0  # #D$9$9 : o -/LNN,rN) __name__ __module__ __qualname____doc__ detailed_help staticmethodrgcloud_exception CatchHTTPErrorRaiseHTTPExceptionrBrrrrsT -($$L54457N7NrrN)rF __future__rrr+googlecloudsdk.api_lib.cloudresourcemanagerrgooglecloudsdk.api_lib.dataplexrgooglecloudsdk.api_lib.storagergooglecloudsdk.api_lib.utilr r rIgooglecloudsdk.callioper #googlecloudsdk.command_lib.dataplexr #googlecloudsdk.command_lib.projectsr r, ReleaseTracks ReleaseTrackALPHAGACommandrrKrrrYsyF&'D07,F(=DD%%++T->->-A-AB]Ndll]NC]Nr