dZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l mZdd l mZdd l mZdd lmZe j&e j(Gd de j*Zy)z9Implementation of objects add-iam-policy-binding command.)absolute_import)division)unicode_literals) api_factory)apis)base)iam_util) errors_util)iam_command_util) storage_url)set_iam_policy_taskc0eZdZdZdddZedZdZy)AddIamPolicyBindingz&Grant a principal access to an object.z Add an IAM policy binding to an object. For more information, see [Cloud Identity and Access Management](https://cloud.google.com/storage/docs/access-control/iam). a\ To grant full control of OBJECT in BUCKET to the user john.doe@example.com: $ {command} gs://BUCKET/OBJECT --member=user:john.doe@example.com --role=roles/storage.legacyObjectOwner To make OBJECT publicly readable: $ {command} gs://BUCKET/OBJECT --member=AllUsers --role=roles/storage.legacyObjectReader ) DESCRIPTIONEXAMPLEScX|jddtj|dy)Nurlz+URL of bucket to add IAM policy binding to.)helpT) add_condition) add_argumentr AddArgsForAddIamPolicyBinding)parsers 5lib/surface/storage/objects/add_iam_policy_binding.pyArgszAddIamPolicyBinding.Args8s,  AC **6Fctj|j}tj|j |tj |j |tj|jj|j|j|j}tj||t!j"dd|t$j&S)Nstoragev1)r storage_url_from_stringrr raise_error_if_not_cloud_object command_pathraise_error_if_not_gcsrget_apischemeget_object_iam_policy bucket_name resource_name generationr add_iam_binding_to_resourcerGetMessagesModuler SetObjectIamPolicyTask)selfargs url_objectpolicys rRunzAddIamPolicyBinding.Run>s44TXX>J//0A0A:N&&t'8'8*E  !2!2 3 I I 8 8*:O:OQF  7 7  y$/22  rN)__name__ __module__ __qualname____doc__ detailed_help staticmethodrr0rrrrs3/ -(GG rrN)r4 __future__rrrgooglecloudsdk.api_lib.storagergooglecloudsdk.api_lib.utilrgooglecloudsdk.calliopergooglecloudsdk.command_lib.iamr "googlecloudsdk.command_lib.storager r r (googlecloudsdk.command_lib.storage.tasksr HiddenUniverseCompatibleCommandrr7rrrBs]@&'6,(3:?:H*$,,* *r