8dZddlmZddlmZddlmZddlmZddlmZddl mZddl m Z ddl m Z dd l m Z dd l mZdd l mZdd l mZdd lmZddlmZddlmZej.ej0j2Gddej4Zy)z)Activate a pending certificate authority.)absolute_import)division)unicode_literals)base) request_utils) exceptions) create_utils)flags) operations) pem_utils) resource_args)log) console_io)filescJeZdZdZfdZedZdZdZdZ dZ xZ S)ActivateapActivate a subordinate certificate authority awaiting user activation. ## EXAMPLES To activate a subordinate CA named 'server-tls-1' in the location 'us-west1' and CA Pool 'server-tls-pool' using a PEM certificate chain in 'chain.crt': $ {command} server-tls-1 \ --location=us-west1 \ --pool=server-tls-pool \ --pem-chain=./chain.crt ctt| |i|tjd|_tj d|_y)Nv1 api_version)superr__init__privateca_baseGetClientInstanceclientGetMessagesModulemessages)selfargskwargs __class__s .lib/surface/privateca/subordinates/activate.pyrzActivate.__init__3s; (D"D3F3 22tDDK"44FDMctj|dtjdddj |t j |y)Nz to activatez --pem-chainTzA file containing a list of PEM-encoded certificates, starting with the current CA certificate and ending with the root CA certificate.)requiredhelp)r %AddCertAuthorityPositionalResourceArgrArgument AddToParserr AddAutoEnableFlag)parsers r"Argsz Activate.Args8sC77 NMM  k& F#r#c@ tj|}tj|}t|dkrt jdd|d|ddfS#tjttf$r%t j dj|wxYw)a)Parses a pem chain from a file, splitting the leaf cert and chain. Args: pem_chain_file: file containing the pem_chain. Raises: exceptions.InvalidArgumentException if not enough certificates are included. Returns: A tuple with (leaf_cert, rest_of_chain) z,Could not read provided PEM chain file '{}'.z pem-chainzpThe pem_chain must include at least two certificates - the subordinate CA certificate and an issuer certificate.rN) rReadFileContentsErrorOSErrorIOErrorrBadFileExceptionformatr ValidateAndParsePemChainlenInvalidArgumentException)rpem_chain_filepem_chain_inputcertss r"_ParsePemChainFromFilezActivate._ParsePemChainFromFileFs..~>o  . . ?E 5zA~  / /  C  8U12Y  KK' *  ' ' 8 ? ? O s AABc|jj||jjtj}|j j j|}tj|ddS)zEnables the given CA.) requestId)name!enableCertificateAuthorityRequestz Enabling CA.rr) rDPrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesEnableRequest!EnableCertificateAuthorityRequestrGenerateRequestIdr1projects_locations_caPools_certificateAuthoritiesEnabler Await)rca_nameenable_request operations r"_EnableCertificateAuthorityz$Activate._EnableCertificateAuthorityds|]]gg *.--*Y*Y#557+Z+ hN EELL     I~4 HHr#c|jry|jj}|jjj |j j|}tj|j|j rytjdj|jjdS)z3Determines whether the CA should be enabled or not.T)parentFzThe CaPool [{}] has no enabled CAs and cannot issue any certificates until at least one CA is enabled. Would you like to also enable this CA?)messagedefault) auto_enableParent RelativeNamerrDListrBPrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesListRequestr HasEnabledCacertificateAuthoritiesrPromptContinuer5Name)rrca_ref ca_pool_name list_responses r"_ShouldEnableCazActivate._ShouldEnableCass  ==?//1LKKQQVV XX Y M   ,,dmm  $ $ ##)6&--/*>*>*@#A  r#c tjd}tjd}|jjj }|j |j\}}|jj|j|j|j||j|j|}tj |ddt"j$j'dj)|j+|j-||r |j/|jyy) Nrr)pemCertificates)pemIssuerChain)pemCaCertificatesubordinateConfig)r?#activateCertificateAuthorityRequestz!Activating Certificate Authority.z%Activated Certificate Authority [{}].)rrrCONCEPTScertificate_authorityParser< pem_chainrDrFPrivatecaProjectsLocationsCaPoolsCertificateAuthoritiesActivateRequestrQ#ActivateCertificateAuthorityRequestSubordinateConfigSubordinateConfigChainr rFrstatusPrintr5rWr[rJ)rrrrrXpem_certrerIs r"Runz Activate.Runs8  - -$ ?F//DAH ]] 0 0 6 6 8F55dnnEHiHHQQWW$$&080\0\!)"*"<"<#+#B#B(1$C$#=#1]1 X  I6DJJ/66v{{}E D&) &&v':':'<=*r#) __name__ __module__ __qualname____doc__r staticmethodr,r<rJr[rm __classcell__)r!s@r"rr#s7 G  $ $< I6>r#rN)rq __future__rrr googlecloudsdk.api_lib.privatecarrrgooglecloudsdk.callioper$googlecloudsdk.command_lib.privatecar r r r r googlecloudsdk.corergooglecloudsdk.core.consolergooglecloudsdk.core.utilr ReleaseTracks ReleaseTrackGA SilentCommandrr#r"rst0&'C:(.=6;:>#2*D%%(()F>t!!F>*F>r#