A dZddlmZddlmZddlmZddlZddlmZddlm Z ddl m Z dd l m Z dd lmZdd lmZe j"Gd d e j$Zy)z:Implementation of service agent command for Cloud Storage.)absolute_import)division)unicode_literalsN) api_factory)base)requests) storage_url)log) propertiesc0eZdZdZdddZedZdZy) ServiceAgentz^Manage a project's Cloud Storage service agent, which is used to perform Cloud KMS operations.z *{command}* displays the Cloud Storage service agent, which is used to perform Cloud KMS operations against your a default or supplied project. If the project does not yet have a service agent, *{command}* creates one. aj To show the service agent for your default project: $ {command} To show the service account for ``my-project'': $ {command} --project=my-project To authorize your default project to use a Cloud KMS key: $ {command} --authorize-cmek=projects/key-project/locations/us-east1/keyRings/key-ring/cryptoKeys/my-key ) DESCRIPTIONEXAMPLEScP|jdtjdy)Nz--authorize-cmeka Adds appropriate encrypt/decrypt permissions to the specified Cloud KMS key. This allows the Cloud Storage service agent to write and read Cloud KMS-encrypted objects in buckets associated with the service agent's project.)help) add_argumenttextwrapdedent)parsers $lib/surface/storage/service_agent.pyArgszServiceAgent.Args;s)  __()*ctjtjj}|j }|j rtj|j d|ztjdjtjjjj!|j ytj|y)NzserviceAccount:z9Authorized project {} to encrypt and decrypt with key: {})rget_apir ProviderPrefixGCSget_service_agentauthorize_cmekrAddCryptoKeyPermissionr Printformatr VALUEScoreprojectGet)selfargsapi service_agents rRunzServiceAgent.RunEs   k88<< =C))+M %%d&9&9&7-&GI ii F M M$$,,002D4G4G IJ ii rN)__name__ __module__ __qualname____doc__ detailed_help staticmethodrr*rrr r s/f  -0** rr )r. __future__rrrrgooglecloudsdk.api_lib.storagergooglecloudsdk.callioper$googlecloudsdk.command_lib.artifactsr"googlecloudsdk.command_lib.storager googlecloudsdk.corer r UniverseCompatibleCommandr r1rrr:sNA&'6(9:#*04<<00r