Ë
    €Ï<  ã                   ó   — d Z ddlmZ ddlmZ ddlmZ ddlmZ ddlmZ ddl	m
Z  ej                  ej                  j                  ej                  j                  ej                  j                   «       G d„ d	ej"                  «      «       Zy
)zRemove IAM Policy Binding.é    )Úabsolute_import)Údivision)Úunicode_literals)Úbase)Úiam_util)Úutilc                   ó.   — e Zd ZdZddiZed„ «       Zd„ Zy)ÚRemoveIamPolicyBindingzèRemove IAM policy binding from an IAP TCP Destination Group resource.

  Removes a policy binding from the IAM policy of an IAP TCP Destination Group
  resource. One binding consists of a member, a role and an optional condition.
  ÚEXAMPLESa€  
          To remove an IAM policy binding for the role of
          'roles/iap.tunnelResourceAccessor' for the user 'test-user@gmail.com'
          in the group 'my-group' located in the region 'us-west1', run:

            $ {command} --member='user:test-user@gmail.com'
              --role='roles/iap.tunnelResourceAccessor' --dest-group='my-group'
              --region='us-west1'

          To remove an IAM policy binding for the role of
          'roles/iap.tunnelResourceAccessor' from all authenticated users in the
          group 'my-group' located in the region 'us-west1', run:

            $ {command} --member='allAuthenticatedUsers'
              --role='roles/iap.tunnelResourceAccessor' --dest-group='my-group'
              --region='us-west1'

          To remove an IAM policy binding which expires at the end of the year
          2018 for the role of 'roles/iap.tunnelResourceAccessor' for the user
          'test-user@gmail.com' in the group 'my-group' located in the region
          'us-west1', run:

            $ {command} --member='user:test-user@gmail.com'
              --role='roles/iap.tunnelResourceAccessor'
              --condition='expression=request.time < timestamp("2019-01-01T00:00:00Z"),title=expires_end_of_2018, description=Expires at midnight on 2018-12-31'
              --dest-group='my-group' --region='us-west1'

          To remove all IAM policy bindings regardless of the condition for the
          role of 'roles/iap.tunnelResourceAccessor' and for the user
          'test-user@gmail.com' in the group 'my-group' located in the region
          'us-west1', run:

            $ {command} --member='user:test-user@gmail.com'
              --role='roles/iap.tunnelResourceAccessor' --dest-group='my-group'
              --region='us-west1'

          See https://cloud.google.com/iam/docs/managing-policies for details of
          policy role and member types.
  c                 ó–   — t        j                  | «       t        j                  | «       t        j                  j                  | «       y)zÊRegisters flags for this command.

    Args:
      parser: An argparse.ArgumentParser-like object. It is mocked out in order
        to capture some information, but behaves like an ArgumentParser.
    N)Úiap_utilÚAddRemoveIamPolicyBindingArgsÚAddIamDestGroupArgsr   ÚURI_FLAGÚRemoveFromParser)Úparsers    ú<lib/surface/iap/tcp/dest_groups/remove_iam_policy_binding.pyÚArgszRemoveIamPolicyBinding.ArgsN   s2   € ô ×*Ñ*¨6Ô2Ü× Ñ  Ô(Ü‡MM×"Ñ" 6Õ*ó    c                 óÚ   — t        j                  |«      }t        j                  | j	                  «       |«      }|j                  |j                  |j                  ||j                  «       y)z®Handles the execution when users run this command.

    Args:
      args: An argparse namespace. All the arguments that were provided to this
        command invocation.
    N)	r   ÚValidateAndExtractConditionr   ÚParseIapDestGroupResourceÚReleaseTrackr
   ÚmemberÚroleÚall)ÚselfÚargsÚ	conditionÚiap_iam_refs       r   ÚRunzRemoveIamPolicyBinding.RunZ   sR   € ô ×4Ñ4°TÓ:€IÜ×4Ñ4°T×5FÑ5FÓ5HÈ$ÓO€KØ×&Ñ& t§{¡{°D·I±I¸yØ'+§x¡xõ1r   N)Ú__name__Ú
__module__Ú__qualname__Ú__doc__Údetailed_helpÚstaticmethodr   r!   © r   r   r
   r
      s2   „ ñð ð'ð*€-ðX ñ	+ó ð	+ó
1r   r
   N)r%   Ú
__future__r   r   r   Úgooglecloudsdk.callioper   Úgooglecloudsdk.command_lib.iamr   Úgooglecloudsdk.command_lib.iapr   r   ÚReleaseTracksr   ÚALPHAÚBETAÚGAÚCommandr
   r(   r   r   Ú<module>r2      sv   ðñ !å &Ý Ý 'å (Ý 3Ý ;ð €×ÑD×%Ñ%×+Ñ+¨T×->Ñ->×-CÑ-CØ×%Ñ%×(Ñ(ó*ôH1˜TŸ\™\ó H1ó*ñH1r   