odZddlmZddlmZddlmZddlmZddlm Z ddlm Z ddl m Z dd l mZdd l mZdd lmZdd lmZdd lmZddlmZddlmZe j6e j8j:e j<Gdde j>Z e j6e j8jBe j<Gdde j>Z"y)zCreate a new secret.)absolute_import)division)unicode_literals)api)base) exceptions)args)log)util)crc32c) labels_util)map_util) properties) console_iocneZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdZdZdZedZdZy)CreateaCreate a new secret. Create a secret with the given name and creates a secret version with the given data, if any. If a secret already exists with the given name, this command will return an error. ## EXAMPLES Create a secret with an automatic replication policy without creating any versions: $ {command} my-secret Create a new secret named 'my-secret' with an automatic replication policy and data from a file: $ {command} my-secret --data-file=/tmp/secret Create a new secret named 'my-secret' in 'us-central1' with data from a file: $ {command} my-secret --data-file=/tmp/secret --replication-policy=user-managed \ --locations=us-central1 Create a new secret named 'my-secret' in 'us-central1' and 'us-east1' with the value "s3cr3t": $ printf "s3cr3t" | {command} my-secret --data-file=- --replication-policy=user-managed --locations=us-central1,us-east1 Create a new secret named 'my-secret' in 'us-central1' and 'us-east1' with the value "s3cr3t" in PowerShell (Note: PowerShell will add a newline to the resulting secret): $ Write-Output "s3cr3t" | {command} my-secret --data-file=- --replication-policy=user-managed --locations=us-central1,us-east1 Create a secret with an automatic replication policy and a next rotation time: $ {command} my-secret --next-rotation-time="2030-01-01T15:30:00-05:00" Create a secret with an automatic replication policy and a rotation period: $ {command} my-secret --next-rotation-time="2030-01-01T15:30:00-05:00" --rotation-period="7200s" Create a secret with delayed secret version destroy enabled: $ {command} my-secret --version-destroy-ttl="86400s" The value provided for --data-file is the empty string. This can happen if you pass or pipe a variable that is undefined. Please verify that the --data-file flag is not the empty string. If you are not providing secret data, omit the --data-file flag.hThe value provided for --replication-policy is invalid. Valid values are "automatic" and "user-managed".Cannot use the secrets/replication-policy property because its value is invalid. Please either set it to a valid value ("automatic" or "user-managed") or override it for this command by using the --replication-policy flag.(If --replication-policy is user-managed then --locations must also be provided. Please set the desired storage regions in --locations or the secrets/locations property. For an automatic replication policy, please set --replication-policy or the secrets/replication-policy property to "automatic".If --replication-policy is "automatic" then --locations are not allowed. Please remove the --locations flag or set the --replication-policy to "user-managed".The secrets/replication-policy property is "automatic" and not overridden so --locations are not allowed. Please remove the --locations flag or set the replication-policy to "user-managed".Cannot create a secret with an "automatic" replication policy if the secrets/locations property is set. Please either use a "user-managed" replication policy or unset secrets/locations.Locations are only allowed when creating a secret with a "user-managed" replication policy. Please use the --replication-policy flag to set it or remove --locations to use an automatic replication policy.The --kms-key-name flag can only be used when creating a secret with an "automatic" replication policy. To specify encryption keys for secrets with a "user-managed" replication policy, please use --replication-policy-file.NA --replication-policy-file and --replication-policy cannot both be specified.EA --replication-policy-file and --locations cannot both be specified.HA --replication-policy-file and --kms-key-name cannot both be specified.File cannot be empty.The --kms-key-name flag can only be set for automatically replicated secrets. To create a user managed secret with customer managed encryption keys, please use --replication-policy-file.rThis secret and all of its versions will be automatically deleted at the requested expire-time of [{expire_time}].qThis secret and all of its versions will be automatically deleted after the requested ttl of [{ttl}] has elapsed.The --regional-kms-key-name flag can only be used when creating a regional secret with "--location" and should not be used with "--replication-policy-file" or "--kms-key-name"Regional secret created using "--location" should not have flags like "--replication-policy-file" or "--kms-key-name" or "--locations" or --replication-policycdtj|dddtj|ddtj|tj|t j |tj|tj|tj|tj|tj|tjj||jdd}tj |d dt"t"y ) zArgs is called by calliope to gather arguments for this command. Args: parser: An argparse parser that you can use to add arguments that will be available to the command. to createTpurpose positionalrequiredto create secretFr(hidden Annotationsmutexhelp annotationsN) secrets_args AddSecret AddLocation AddDataFileAddCreateReplicationPolicyGroupr AddCreateLabelsFlagsAddCreateExpirationGroup AddTopicsAddCreateRotationGroupAddRegionalKmsKeyNameAddCreateVersionDestroyTTL GetTagsArg AddToParser add_groupr AddMapSetFlagstrparserr2s lib/surface/secrets/create.pyArgsz Create.Argss tV-?NV$008$$V,))&16"''/&&v.++F3))&1""M"BK ; }c3Octj|j}tj|}|jj j }|jdu}tj|j}tj|jd}tj||jj}t!j"||jj$} |j&} |j(} g} |jr+|j&rt+j,|j.|jr+|j(rt+j,|j0|jr+|j2rt+j,|j4|s+|j6rt+j,|j8|j6r7|js |j2rt+j,|j8|rE| s$|j2s|js |j(rt+j,|j:|j2r| j=|j2|jr=|s t+j>d|j@tjB|\} } } n| s2tDjFjHj&jK} | du} | rd} | dvrL|j&r t+j>d|jLt+j>d|jN| dk(r"| r t+j>d |jP| sEtDjFjHj(jK} | r| jSd } | dk(r"| s t+jTd |jV| dk(r|j(rn|j&r t+j>d |jX| r t+j>d |jZt+j>d |j\| r t+j>d|j^g} |jd k(rt+j`|jb|jdr>|jfji|jd }tkjl|dd|jnr>|jpji|jn}tkjl|ddg}|jsdrQ|jtjwDcgc],\}}|jjxj{||.}}}|rd} |j|r|j|d}nd}tj~|j||| | | |jd|jn| |j||j|j|j6||j}|rtj|}tj~|j||tj||j}|r t!j|j}nt!j|j}tjj||Stj~j||Scc}}w)zRun is called by calliope to create the secret. Args: args: an argparse namespace, all the arguments that were provided to this command invocation. Returns: The response from the create secret API call. versionNF is_binaryreplication-policy automatic>rN user-managedrO kms-key-name, locations expire_timeTthrow_if_unattended cancel_on_nottlset_annotationskeyvalues api_version)labelstagsrRpolicyrUrZkeystopicsr2next_rotation_timerotation_periodregional_kms_key_nameversion_destroy_ttlsecret_locationrk)N secrets_apiGetApiFromTrack ReleaseTrack GetMessagesCONCEPTSsecretParselocation secrets_utilReadFileOrStdin data_filereplication_policy_filer ParseCreateArgsSecret LabelsValuer3GetTagsFromArgs TagsValuereplication_policyrRrConflictingArgumentsExceptionPOLICY_AND_POLICY_FILE_MESSAGE!LOCATIONS_AND_POLICY_FILE_MESSAGE kms_key_nameKMS_KEY_AND_POLICY_FILE_MESSAGEriREGIONAL_KMS_FLAG_MESSAGEREGIONAL_SECRET_MESSAGEappendInvalidArgumentException%REPLICATION_POLICY_FILE_EMPTY_MESSAGEParseReplicationFileContentsrVALUESsecretsGetINVALID_POLICY_MESSAGEINVALID_POLICY_PROP_MESSAGE KMS_KEY_AND_USER_MANAGED_MESSAGEsplitRequiredArgumentException MANAGED_BUT_NO_LOCATIONS_MESSAGEAUTOMATIC_AND_LOCATIONS_MESSAGENO_POLICY_AND_LOCATIONS_MESSAGE$AUTOMATIC_PROP_AND_LOCATIONS_MESSAGE$AUTOMATIC_AND_LOCATIONS_PROP_MESSAGEBadFileExceptionEMPTY_DATA_FILE_MESSAGErUCONFIRM_EXPIRE_TIME_MESSAGEformatrPromptContinuerZCONFIRM_TTL_MESSAGE IsSpecifiedr[itemsAnnotationsValueAdditionalPropertyrjSecretsrrfrgrhr get_crc32c AddVersion get_checksumParseRegionalVersionRefnameParseVersionRef secrets_logVersionsCreatedselfr ramessages secret_ref is_regionaldatareplication_policy_contentsrbrcr~rRkms_keysdefault_to_automaticmsgr2 annotationmetadatarjresponse data_crc32crJ version_refs rERunz Create.Runs--d.?.?.ABK&&{;H%%++-J--t+K  ' ' 7D".">"> $$#7  ( (x/J/J KF  ' 'hoo.G.G HD00IH ##(?(?  4 4  - - // ##  4 4  0 0 22 ##(9(9  4 4  . . 00 455  4 4  ( (  !! $$(9(9  4 4  ( (      ' ' >>  4 4  & &  ood''( ## (11 $"L"L    3 34O P.)X '..66IIMMO/47 ( #@ @  " "334H484O4OQ Q11 $"B"BD D ~ -(11 DAAC C%%--77;;= ooc*) ~ -i22 >>@ @ { * >> $ $55TAAC C !55TAAC C334DDF F 33"D$M$MO O  ~~  ' '(D(D EE   , , 3 3&& 4 (c 4d< xx  $ $ + + + 9c 4d<K )*)-(<(<(B(B(D)E$z8 // * * = =H > .(D  #778: ""{;BB !$$ HH {{22,,"88/ CH$ %%d+k## <GG     k *-- Hg "::7<<H "227<<@ $$[1 O##J/ O_1]N__name__ __module__ __qualname____doc__rrrrrrrrMANAGED_AND_KMS_FLAG_MESSAGErrrrrrrrr staticmethodrFrrGrErr"s1j0, ##0" ?' 7' F" #! N$Q",C'?# 6 8 9 PP.irGrcneZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdZdZdZedZdZy) CreateBetaaCreate a new secret. Create a secret with the given name and creates a secret version with the given data, if any. Note, the created secret ends with a newline. If a secret already exists with the given name, this command will return an error. ## EXAMPLES Create a secret with an automatic replication policy without creating any versions: $ {command} my-secret Create a new secret named 'my-secret' with an automatic replication policy and data from a file: $ {command} my-secret --data-file=/tmp/secret Create a new secret named 'my-secret' in 'us-central1' with data from a file: $ {command} my-secret --data-file=/tmp/secret --replication-policy=user-managed \ --locations=us-central1 Create a new secret named 'my-secret' in 'us-central1' and 'us-east1' with the value "s3cr3t": $ printf "s3cr3t" | {command} my-secret --data-file=- --replication-policy=user-managed --locations=us-central1,us-east1 Create a new secret named 'my-secret' in 'us-central1' and 'us-east1' with the value "s3cr3t" in PowerShell (Note: PowerShell will add a newline to the resulting secret): $ Write-Output "s3cr3t" | {command} my-secret --data-file=- --replication-policy=user-managed --locations=us-central1,us-east1 Create an expiring secret with an automatic replication policy using a ttl: $ {command} my-secret --ttl="600s" Create an expiring secret with an automatic replication policy using an expire-time: $ {command} my-secret --expire-time="2030-01-01T08:15:30-05:00" Create a secret with an automatic replication policy and a next rotation time: $ {command} my-secret --next-rotation-time="2030-01-01T15:30:00-05:00" Create a secret with an automatic replication policy and a rotation period: $ {command} my-secret --next-rotation-time="2030-01-01T15:30:00-05:00" --rotation-period="7200s" Create a secret with delayed secret version destroy enabled: $ {command} my-secret --version-destroy-ttl="86400s" rrrrrrrrrrrrrr r!r"r#r$cdtj|dddtj|ddtj|tj|t j |tj|tj|tj|tj|tj|tjj||jdd}tj |d dt"t"y) Nr&Tr'r+Fr,r.r/r2)r3r4r5r6r7r r8r9r;r:r<r=r>r?r@rrArBrCs rErFzCreateBeta.Argss tV-?NV$008$$V,))&1''/6"&&v.++F3))&1""M"BK ; }c3OrGctj|j}tj|}|jj j }|jdu}tj|j}tj|jd}tj||jj}t!j"||jj$} |j&} |j(} g} |jr+|j&rt+j,|j.|jr+|j(rt+j,|j0|jr+|j2rt+j,|j4|s+|j6rt+j,|j8|j6r7|js |j2rt+j,|j8|rE| s$|j2s|js |j(rt+j,|j:|j2r| j=|j2|jr=|s t+j>d|j@tjB|\} } } n| s2tDjFjHj&jK} | du} | rd} | dvrL|j&r t+j>d|jLt+j>d|jN| dk(r"| r t+j>d|jP| sEtDjFjHj(jK} | r| jSd } | dk(r"| s t+jTd |jV| dk(r|j(rn|j&r t+j>d |jX| r t+j>d |jZt+j>d |j\| r t+j>d|j^g} |jd k(rt+j`|jb|jdr>|jfji|jd }tkjl|d d |jnr>|jpji|jn}tkjl|d d g}|jsdrQ|jtjwDcgc],\}}|jjxj{||.}}}|rd} |j|r|j|d}nd}tj~|j||| | | |jd|jn| |j|j|j||j6||j}|rtj|}tj~|j||tj||j}|r t!j|j}nt!j|j}tjj||Stj~j||Scc}}w)NrIFrKrMrN>rNrOrOrPrQrRrSrTTrVrYr[r\r_r`)rbrcrRrdrUrZrergrhrfr2rirjrkrl)Nrmrnrorprqrrrsrtrurvrwrxr ryrzr{r3r|r}r~rRrrrrrrrirrrrrrrrrrrrrrrrrrrrrrrUrrrrrZrrr[rrrrjrrrgrhrfr rrrrrrrrrrs rErzCreateBeta.Run s--d.?.?.ABK&&{;H%%++-J--t+K  ' ' 7D".">"> $$#7  ( (x/J/J KF  ' 'hoo.G.G HD00IH ##(?(?  4 4  - - // ##  4 4  0 0 22 ##(9(9  4 4  . . 00 455  4 4  ( (  !! $$(9(9  4 4  ( (      ' ' >>  4 4  & &  ood''( ## (11 $"L"L    3 34O P.)X  '..66IIMMO/47 ( #@ @  " "334H484O4OQ Q11 $"B"BD D ~ -(11 DAAC C%%--77;;= ooc*) ~ -i22 >>@ @ { * >> $ $55TAAC C !55TAAC C334DDF F 33"D$M$MO O  ~~  ' '(D(D EE   , , 3 3&& 4 (c 4d< xx  $ $ + + + 9c 4d<K )*)-(<(<(B(B(D)E$z8 // * * = =H > .(D  #778: ""{;BB !$$ HH 22,,{{"88/ CH$ %%d+k## <GG     k *-- Hg "::7<<H "227<<@ $$[1 O##J/ O_rNrrrGrErrus;~0, ##0" ?' 7' F" #! N$Q",C'?# 6 8 9 PP"brGrN)#r __future__rrrgooglecloudsdk.api_lib.secretsrrmgooglecloudsdk.callioperr"googlecloudsdk.command_lib.secretsr r3r rr rugooglecloudsdk.command_lib.utilr $googlecloudsdk.command_lib.util.argsr rgooglecloudsdk.corergooglecloudsdk.core.consoler ReleaseTracksroGADefaultUniverseOnly CreateCommandrBETArrrGrErs&'=(.CAC2<9*2D%%(()NT  N*Nb D%%**+K##K,KrG