dZddlmZddlmZddlmZddlZddlmZddlm Z ddl m Z dd l m Z dd lmZGd d e j Zy) z/Command for signing blobs for service accounts.)absolute_import)division)unicode_literalsN)util)base)iam_util)log)filescpeZdZdZej dej ddZedZdZ y)SignBlobaSign a blob with a managed service account key. This command signs a file containing arbitrary binary data (a blob) using a system-managed service account key. If the service account does not exist, this command returns a `PERMISSION_DENIED` error. z To sign a blob file with a system-managed service account key, run: $ {command} --iam-account=my-iam-account@my-project.iam.gserviceaccount.com input.bin output.bin z For more information on how this command ties into the wider cloud infrastructure, please see [](https://cloud.google.com/appengine/docs/java/appidentity/) )EXAMPLESzSEE ALSOc||jddd|jddd|jd d d y) Nz --iam-accountTzThe service account to sign as.)requiredhelpinputz INPUT-FILEz%A path to the blob file to be signed.)metavarroutputz OUTPUT-FILEz4A path the resulting signed blob will be written to.) add_argument)parsers -lib/surface/iam/service_accounts/sign_blob.pyArgsz SignBlob.Args7s[ !%>@  ,DF  -&'c (tj\}}|jj|j t j |j|jtj|j}tj|j|jdtj j#dj%|j|j|j|j&y)N)payload)namesignBlobRequestT)contentbinaryz4signed blob [{0}] as [{1}] for [{2}] using key [{3}])r"GetIamCredentialsClientAndMessagesprojects_serviceAccountsr 4IamcredentialsProjectsServiceAccountsSignBlobRequestrEmailToAccountResourceName iam_accountSignBlobRequestr ReadBinaryFileContentsrr WriteToFileOrStdoutr signedBlobstatusPrintformatkeyId)selfargsclientmessagesresponses rRunz SignBlob.RunFs>>@FH..77EE44T5E5EF$4444TZZ@5B F CDH  X00?JJ>EE JJ T%5%5x~~ GHrN) __name__ __module__ __qualname____doc__textwrapdedent detailed_help staticmethodrr1rrr r sR"(//# "(//#   - ' ' Hrr )r5 __future__rrrr6googlecloudsdk.api_lib.iamrgooglecloudsdk.calliopergooglecloudsdk.command_lib.iamrgooglecloudsdk.corer googlecloudsdk.core.utilr Commandr r:rrrBs7 6&'+(3#*3Ht||3Hr