%dZddlmZddlmZddlmZddlZddlmZddlm Z ddlm Z dd l m Z dd l mZdd lmZdd lmZdd lmZddlmZddlmZddlmZdZej4ej6ej8ej:j<ej:j>ej:j@GddejBZ"y),Enable a personal auth session on a cluster.)absolute_import)division)unicode_literalsN)dataproc) exceptions)util)waiter)base)clusters)flags)log) console_io)progress_tracker)filesc|jj||}|jjd|zd|zd|z|}|jjj |S)a1Inject credentials into the given cluster. The credentials must have already been encrypted before calling this method. Args: dataproc: The API client for calling into the Dataproc API. project: The project containing the cluster. region: The region where the cluster is located. cluster_name: The name of the cluster. cluster_uuid: The cluster UUID assigned by the Dataproc control plane. credentials_ciphertext: The (already encrypted) credentials to inject. Returns: An operation resource for the credential injection. ) clusterUuidcredentialsCiphertextz projects/zregions/z clusters/)projectregionclusterinjectCredentialsRequest)messagesInjectCredentialsRequest7DataprocProjectsRegionsClustersInjectCredentialsRequestclientprojects_regions_clustersInjectCredentials)rrr cluster_name cluster_uuidcredentials_ciphertextinject_credentials_requestrequests =lib/surface/dataproc/clusters/enable_personal_auth_session.py_inject_encrypted_credentialsr%/s|" (00II6L J N    U UG# & L(9 V ;'  2 2 D DW MMc4eZdZdZddiZedZdZdZy)EnablePersonalAuthSessionrEXAMPLESzv To enable a personal auth session, run: $ {command} my-cluster --region=us-central1 ctj|j}tj|d|j tj |y)zMethod called by Calliope to register flags for this command. Args: parser: An argparser parser used to register flags. z!enable a personal auth session onN)dpDataproc ReleaseTrackr AddClusterResourceArg api_versionAddPersonalAuthSessionArgs)clsparserrs r$ArgszEnablePersonalAuthSession.Args\sE{{3++-.H (K ( 4 46 $$V,r&c tj|} | s$tjdj |tj j || | } t|||||| } | rtj|| yy)Nz-Failure getting credentials to inject into {}) r GetCredentialsrPersonalAuthErrorformatPersonalAuthUtilsEncryptWithPublicKeyr%r WaitFor) selfrrrrr cluster_keyaccess_boundary_jsonoperation_polleropenssl_executabledownscoped_tokenr!inject_operations r$inject_credentialsz,EnablePersonalAuthSession.inject_credentialsns**+?@   ( ( 9 @ @ N PP!335JJ%'9;4Xw5A<5KM nn%'78r&c &d}tj|ddtj|j }|j j j}|j}|j}|j}|jj|||}|jjj|} | j } |j"r9t%j&|j"5} | j)} dddnt+j,|} t/j0j3rdnd} d}| dk(rt5j6| | }|sd} d}| dk(r:t5j6| | }|j8}|s t%j:d}tCjD|jjFd } |s$tIjJd jM|tOjPd jM|d 5|jS||||| | || ddd|jTsydjM|}tOjP|d 5 |jjj|} t5j6| | }|s$tIjJd jM|d}|dkr7 tWjXd|jS||||| | || d}|dkr7tIjJd#1swYxYw#t<$rt?j@d YwxYw#1swY'xYw#t<$r$}t?jZ||dz }Yd}~d}~wwxYw#tj\t^f$r YdddywxYw#1swYyxYw#tHjJ$r}t?jZ|Yd}~yd}~wwxYw)NzA personal authentication session will propagate your personal credentials to the cluster, so make sure you trust the cluster and the user who created it.Tz Enabling session aborted by user)message cancel_on_no cancel_string) projectIdr clusterNameECIESRSAopensslzcCould not find openssl on your system. The enable-session command requires openssl to be installed.c|jS)N)name) operations r$z/EnablePersonalAuthSession.Run..s)..r&z.The cluster {} does not support personal auth.z1Injecting initial credentials into the cluster {})autotickzoPeriodically refreshing credentials for cluster {}. This will continue running until the command is interruptedrz>Credential injection failed three times in a row, giving up...)0rPromptContinuer+r,r-CONCEPTSrParserGrrHr)DataprocProjectsRegionsClustersGetRequestrrGetraccess_boundaryr FileReaderreadr ProjectGcsObjectsAccessBoundaryr r8IsTinkLibraryInstalledr ClusterKeyopenssl_commandFindExecutableOnPath ValueErrorrfatalr CloudOperationPollerNoResourcesprojects_regions_operationsrr6r7rProgressTrackerrBrefresh_credentialstimesleeperrorOperationCancelledErrorKeyboardInterrupt)r;argsrDr cluster_refrrr get_requestrr abfr=cluster_key_typer<r?r>update_message failure_counterrs r$RunzEnablePersonalAuthSession.Run~s.G8:{{4,,./H--''--/K##G   F**L##MM&lNDKoo77;;KHG&&L    D00 1S"xxz 2 1#BB7K#'"8"8##w$)K7"''1ABk  5 ''1ABk//  A$99)D  ==33(*3 ** < C C    + + = D D   '6< ,k;O 02D F   % % D|  + +NT J OO==AA+N' ++G5EF+..@GG "# #-! !jjn%%h&2K&:rs3&' ;60.(85#28*N6T..33T5F5F5I5IV  V   V r&