] dZddlmZddlmZddlmZddlmZddlm Z ddlm Z ddl m Zddl m Z dd l mZe j"e j$j&e j$j(Gd d e j*Zy ) zUpdate an existing secret.)absolute_import)division)unicode_literals)api)base) exceptions)args)logcVeZdZdZdZdZdZdZdZdZ dZ d Z d Z e d Zd Zd ZdZy)UpdateaUpdate a secret replica's metadata. Update a secret replica's metadata (e.g. cmek policy). This command will return an error if given a secret that does not exist or if given a location that the given secret doesn't exist in. The --remove-kms-key flag is only valid for Secrets that have an automatic replication policy or exist in a single location. To remove keys from a Secret with multiple user managed replicas, please use the set-replication command. ## EXAMPLES To remove CMEK from a secret called 'my-secret', run: $ {command} my-secret --remove-cmek To set the CMEK key on an automatic secret called my-secret to a specified KMS key, run: ${command} my-secret --set-kms-key=projects/my-project/locations/global/keyRings/my-keyring/cryptoKeys/my-key To set the CMEK key on a secret called my-secret to a specified KMS key in a specified location in its replication, run: ${command} my-secret --set-kms-key=projects/my-project/locations/us-central1/keyRings/my-keyring/cryptoKeys/my-key --location=us-central1 z9There are no changes to the secret [{secret}] for update.zxThe secret [{secret}] cannot be updated because it does not exist. Please use the create command to create a new secret.zThis secret has a user managed replication polciy. The location in which to set the customer managed encryption key must be set with --location.zxThere was a problem updating replication for this secret. Please use the replication set command to perform this update.zuThis secret has an automatic replication policy. To set its customer managed encryption key, please omit --locations.z4The secret does not have a replica in this location.zEither all replicas must use customer managed encryption or all replicas must use Google managed encryption. To add customer managed encryption to all replicas, please use the replication set command.zGCannot simultaneously set and remove a customer managed encryption key.zCannot remove customer managed encryption keys for just one location. To use Google managed encryption keys for all locations, please remove --locations.c`tj|dddtj|y)Nz to updateT)purpose positionalrequired) secrets_args AddSecretAddUpdateReplicationGroup)parsers )lib/surface/secrets/replication/update.pyArgsz Update.Args\s( tE**62c,tj|j}|jjrMtj |j |dgg}tj j||S|jjr|jjjrg}|jjjD]H}|jstj|j|j|jJtj |j |d|g}tj j||Stj|j)N api_version automatic user-managed) secrets_apiGetApiFromTrack ReleaseTrack replicationrSecretsSetReplication secrets_logUpdatedReplication userManagedreplicaslocationrMisconfiguredReplicationError!MISCONFIGURED_REPLICATION_MESSAGEappend)self secret_refsecretrupdated_secret locationsreplicas r _RemoveCmekzUpdate._RemoveCmekbsO--d.?.?.ABK ##"**!z;B7..z:  %%&*<*<*H*H*Q*Qi''33<<'88446 6))* = #**!z>9bA..z:   2 2 .. 00rcJtj|j}|jjrp|r t j d|jtj|j|dg|g}tjj||S|jjr|jjjr|s t jd|jg}g}d} |jjjD]} | j st#j$|j&|j)| j || j k(rd} |j)|l| j*sy| j*j,s|j)| j*j,| s t j.d|j0t3|t3|k7rt#j4|j6tj|j|d||}tjj||St#j$|j&)Nr'rrFTr)rrrr rcalliope_exceptionsBadArgumentExceptionLOCATION_AND_AUTOMATIC_MESSAGEr!r"r#r$r%r&RequiredArgumentExceptionLOCATION_REQUIRED_MESSAGEr'rr(r)r*customerManagedEncryption kmsKeyNameInvalidArgumentExceptionLOCATION_NOT_IN_POLICY_MESSAGElenMisconfiguredEncryptionErrorPARTIALLY_CMEK_MESSAGE) r+r,r-kms_keyr'rr.r/keysfound_locationr0s r _SetKmsKeyzUpdate._SetKmsKeyys8--d.?.?.ABK ## !66 ;;= ="**!z;WI>..z:  %%&*<*<*H*H*Q*Q !;; 668 8i dn''33<<'88446 6))* w'' '. ++g   . .73T3T3_3_ ++g77BB C=!:: ;;= = Y3t9 $55  ' ') )"**!z>9dC..z:   2 2 .. 00rc tj|j}|jjj }|j s#|jstjddg|j r+|jrtj|j|j r+|jrtj|jtj|j|}|>tj d|j"j%|j'|j r|j)||S|j+|||j|jS)Nz --remove-cmekz --set-kms-keyrr-)r-)rrrCONCEPTSr-Parse remove_cmek set_kms_keyr3MinimumArgumentExceptionConflictingArgumentsExceptionREMOVE_AND_SET_CMEK_MESSAGEr' REMOVE_CMEK_AND_LOCATION_MESSAGEr! GetOrNoner:SECRET_MISSING_MESSAGEformatNamer1rB)r+r rr,r-s rRunz Update.RunsL--d.?.?.ABK%%++-J   D$4$4  8 8 O , .. D,,  = =  * * ,, DMM  = =  / / 11 [ 9 C CJ OF ~  8 8   % % , ,JOO4E , F HH    j& 11 ??:vt/?/? OOrN)__name__ __module__ __qualname____doc__NO_CHANGES_MESSAGErMr7r)r5r;r>rJrK staticmethodrr1rBrPrrr r sDB> <$9!=!L P# 33 0.(0TPrr N)rT __future__rrrgooglecloudsdk.api_lib.secretsrrgooglecloudsdk.callioperrr3"googlecloudsdk.command_lib.secretsr rr r# ReleaseTracksrBETAGA UpdateCommandr rWrrr`st!&'=(EC9AD%%**D,=,=,@,@AaPT  aPBaPr