= zdZddlmZddlmZddlmZddlmZddlmZddl m Z Gdd ejZ y ) z6Command for setting IAM policies for service accounts.)absolute_import)division)unicode_literals)util)base)iam_utilceZdZdZej ddZedxxdejdzz cc<edZ dZ y ) SetIamPolicyaSet the IAM policy for a service account. This command replaces the existing IAM policy for a service account, given an IAM_ACCOUNT and a file encoded in JSON or YAML that contains the IAM policy. If the given policy file specifies an "etag" value, then the replacement will succeed only if the policy already in place matches that etag. (An etag obtained via $ gcloud iam service-accounts get-iam-policy will prevent the replacement if the policy for the service account has been subsequently updated.) A policy file that does not contain an etag value will replace any existing policy for the service account. If the service account does not exist, this command returns a `PERMISSION_DENIED` error. service accountz1my-iam-account@my-project.iam.gserviceaccount.com DESCRIPTIONz zset the iam policy ofcZtj|d|jdddy)Nzwhose policy to set)action policy_file POLICY_FILEzFPath to a local JSON or YAML formatted file containing a valid policy.)metavarhelp)rAddServiceAccountNameArg add_argument)parsers 2lib/surface/iam/service_accounts/set_iam_policy.pyArgszSetIamPolicy.Args1s6 %%$& %&ctj\}}tj|j|j }tj |_|jj|jtj|j|j|}tj|jd|S)N)policy)resourcesetIamPolicyRequestr )rGetClientAndMessagesrParsePolicyFilerPolicy!MAX_LIBRARY_IAM_SUPPORTED_VERSIONversionprojects_serviceAccountsr -IamProjectsServiceAccountsSetIamPolicyRequestEmailToAccountResourceNameservice_accountSetIamPolicyRequestLogSetIamPolicy)selfargsclientmessagesrresults rRunzSetIamPolicy.Run<s002FH  % %d&6&6 HF??FN  , , 9 9>>889M9MN ( < <!=! ? !F  T113DE MrN) __name__ __module__ __qualname____doc__rGetDetailedHelpForSetIamPolicy detailed_help GetHintForServiceAccountResource staticmethodrr-rrr r se :(99LN- &/h// !##$$&& rr N) r1 __future__rrrgooglecloudsdk.api_lib.iamrgooglecloudsdk.calliopergooglecloudsdk.command_lib.iamrCommandr r6rrr<s, =&'+(3,4<<,r