dZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l mZdd l mZdd l mZdd l mZdd l mZddlmZdZe j,e j.Gdde j0Zy)z1Implementation of objects set-iam-policy command.)absolute_import)division)unicode_literals) cloud_api)metadata_field_converters)base)iam_util) errors_util)flags)iam_command_util)name_expansion) storage_url)set_iam_policy_taskc#>K|rtjj}ntjj}tj|t j j||D].}tj|jj|0yw)z+Generates SetIamPolicyTask's for execution.) fields_scope object_staterecursion_requestedN) r RecursionSettingYESNO_WITH_WARNINGNameExpansionIteratorr FieldsScopeSHORTrSetObjectIamPolicyTaskresourcer) url_stringsrecurserpolicyrname_expansion_results -lib/surface/storage/objects/set_iam_policy.py_set_iam_policy_task_iteratorr!!s (99==(99II-CC((..-    4 4&&22F   sBBc0eZdZdZdddZedZdZy) SetIamPolicyz Set access policy for an object.z *{command}* behaves similarly to *{parent_command} set-object-acl*, but uses the IAM policy binding syntax. a/ To set the access policy for OBJECT on BUCKET to the policy defined in POLICY-FILE run: $ {command} gs://BUCKET/OBJECT POLICY-FILE To set the IAM policy in POLICY-FILE on all objects in all buckets beginning with "b": $ {command} -r gs://b* POLICY-FILE ) DESCRIPTIONEXAMPLESc|jdddtj||jddd|jd d d |jd ddddtj|y)Nurls+z;The URLs for objects whose access policy is being replaced.)nargshelpz--all-versions store_truezKUpdate the IAM policies of all versions of an object in a versioned bucket.)actionr*z-ez--etagzCustom etag to set on IAM policy. API will reject etags that do not match this value, making it useful as a precondition during concurrent operations.)r*z-Rz-rz --recursivezjRecursively set the IAM policies of the contents of any directories that match the source path expression.) add_argumentr AddArgForPolicyFiler add_continue_on_error_flag)parsers r ArgszSetIamPolicy.ArgsLs  JL   (    "#    > ? $$V,c |jD]c}tj|}|js t j |j |t j|j |etj|j|j}tjt|j|jtj |||j"\}}||_|S)N) custom_etag)r'rstorage_url_from_string recursiver raise_error_if_not_cloud_object command_pathraise_error_if_not_gcsrprocess_iam_file policy_fileetagr execute_set_iam_task_iteratorr!r get_object_state_from_flagscontinue_on_error exit_code)selfargs url_stringurlrr@outputs r RunzSetIamPolicy.Rungsii  / / ;c ^^33D4E4EsK(():):C@  ' 7 7 dii1F(FF% II NN  - -d 3   IvDN Mr2N)__name__ __module__ __qualname____doc__ detailed_help staticmethodr1rFr2r r#r#3s1) -(--4r2r#N)rJ __future__rrrgooglecloudsdk.api_lib.storager'googlecloudsdk.api_lib.storage.gcs_jsonrgooglecloudsdk.calliopergooglecloudsdk.command_lib.iamr "googlecloudsdk.command_lib.storager r r r r(googlecloudsdk.command_lib.storage.tasksrr!HiddenUniverseCompatibleCommandr#rMr2r rXsj8&'4M(3:4?=:H$F4<<F Fr2