Ë €Ï; ãó†—dZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z Gd „d ej«Zy ) z%Add IAM Policy Binding for EkmConfig.é)Úabsolute_import)Údivision)Úunicode_literals)Úiam)Úbase)Úiam_util)Ú resource_argscó&—eZdZdZed„«Zd„Zy)ÚAddIamPolicyBindingaãAdd IAM policy binding to an EkmConfig. Adds a policy binding to the IAM policy of a kms EkmConfig. A binding consists of at least one member, a role, and an optional condition. ## EXAMPLES To add an IAM policy binding for the role of 'roles/editor' for the user `test-user@gmail.com` on the EkmConfig with location `us-central1`, run: $ {command} --location='us-central1' --member='user:test-user@gmail.com' --role='roles/editor' To add an IAM policy binding which expires at the end of the year 2022 for the role of 'roles/editor' and the user `test-user@gmail.com` and location `us-central1`, run: $ {command} --location='us-central1' --member='user:test-user@gmail.com' --role='roles/editor' --condition='expression=request.time < timestamp("2023-01-01T00:00:00Z"),title=expires_end_of_2022,description=Expires at midnight on 2022-12-31' See https://cloud.google.com/iam/docs/managing-policies for details of policy role and member types. có`—tj|dd«tj|d¬«y)NTz --location)Ú add_condition)r ÚAddKmsLocationResourceArgForKMSrÚAddArgsForAddIamPolicyBinding)Úparsers ú4lib/surface/kms/ekm_config/add_iam_policy_binding.pyÚArgszAddIamPolicyBinding.Args5s$€ä×1Ñ1°&¸$À ÔMÜ ×*Ñ*¨6ÀÖFócó—|jjj«}dj|j|j «}t j||j|j«}tj|d«|S)Nz$projects/{0}/locations/{1}/ekmConfigÚ EkmConfig) ÚCONCEPTSÚlocationÚParseÚformatÚ projectsIdÚ locationsIdrÚAddPolicyBindingToEkmConfigÚmemberÚrolerÚLogSetIamPolicy)ÚselfÚargsÚ location_refÚekm_config_nameÚresults rÚRunzAddIamPolicyBinding.Run:so€Ø—=‘=×)Ñ)×/Ñ/Ó1€LØ<×CÑCØ×Ñ ×!9Ñ!9ó;€Oä × ,Ñ ,¨_¸d¿k¹kØ-1¯Y©Yó8€Fä ×ј_¨kÔ:Ø €MrN)Ú__name__Ú __module__Ú __qualname__Ú__doc__Ú staticmethodrr%©rrr r s"„ñð2ñGóðGórr N)r)Ú __future__rrrÚgooglecloudsdk.api_lib.cloudkmsrÚgooglecloudsdk.callioperÚgooglecloudsdk.command_lib.iamrÚgooglecloudsdk.command_lib.kmsr ÚCommandr r+rrÚr2s/ðñ,å&ÝÝ'å/Ý(Ý3Ý8ô&˜$Ÿ,™,õ&r