adZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z Gd d ejZy ) z''logging cmek-settings update' command.)absolute_import)division)unicode_literals)util)base) resource_args) completersc&eZdZdZedZdZy)UpdateaUpdate the CMEK settings for the Cloud Logging Logs Router. Use this command to update the *--kms-key-name* associated with the Cloud Logging Logs Router. The Cloud KMS key must already exist and Cloud Logging must have permission to access it. Customer-managed encryption keys (CMEK) for the Logs Router can currently only be configured at the organization-level and will apply to all projects in the organization. ## EXAMPLES To enable CMEK for the Logs Router for an organization, run: $ {command} --organization=[ORGANIZATION_ID] --kms-key-name='projects/my-project/locations/my-location/keyRings/my-keyring/cryptoKeys/key' To disable CMEK for the Logs Router for an organization, run: $ {command} --organization=[ORGANIZATION_ID] --clear-kms-key c|jdddtjd|jd}t j |ddd |jd d d y)z Register flags for this command.z--organizationTORGANIZATION_IDz5Organization to update Logs Router CMEK settings for.)requiredmetavar completerhelp)rz5logs being processed by the Cloud Logging Logs RouterzqThe Cloud KMS CryptoKey Encrypter/Decryper role must be assigned to the Cloud Logging Logs Router service accountz--kms-key-name)resourcepermission_infonamez--clear-kms-key store_trueziDisable CMEK for the Logs Router by clearing out Cloud KMS cryptokey in the organization's CMEK settings.)actionrN) add_argumentr OrganizationCompleteradd_mutually_exclusive_groupkms_resource_argsAddKmsKeyResourceArg)parsergroups +lib/surface/logging/cmek_settings/update.pyArgsz Update.Args7s !22 D F  / / / >E** H#  @Bc i}|jdr5|jjjj |d<|jdrd|d<t j |}t jjjt jj|t jjdi|dS)zThis is what gets called when the user runs this command. Args: args: an argparse namespace. All the arguments that were provided to this command invocation. Returns: The updated CMEK settings. kms_key_name kmsKeyName clear_kms_key)r cmekSettings updateMask) IsSpecifiedCONCEPTSr"Parse RelativeNamerGetParentFromArgs GetClient organizationsUpdateCmekSettings GetMessages-LoggingOrganizationsUpdateCmekSettingsRequest CmekSettings)selfargs cmek_settings parent_names rRunz Update.RunQsM ' -- $ $ * * , 9 9 ;L! ($&mL!((.K >>  ) ) < < HH8))+88I=I% I ' ((r N)__name__ __module__ __qualname____doc__ staticmethodrr8r(r rr r s"0BB2(r r N)r< __future__rrrgooglecloudsdk.api_lib.loggingrgooglecloudsdk.calliopergooglecloudsdk.command_lib.kmsrr+googlecloudsdk.command_lib.resource_managerr Commandr r(r rrDs3 .''/(MBK(T\\K(r