{%dZddlmZddlmZddlmZddlZddlmZddl m Z ddl m Z dd l m Z dd l mZdd lmZdd lmZdd lmZddlmZdZGdde j.ZGdde j2Zej6ej8j:ej8j<Gddej>Z y)6Validate that a terraform plan complies with policies.)absolute_import)division)unicode_literalsN)base)binary_operations)log)metrics) properties)progress_tracker)GetFreshAccessToken)encoding)fileszCould not locate terraform-tools executable [{binary}]. Please ensure gcloud terraform-tools component is properly installed. See https://cloud.google.com/sdk/docs/components for more details.c,eZdZdZiZfdZdZxZS)"TerraformToolsTfplanToCaiOperationz>Streaming operation for Terraform Tools tfplan-to-cai command.c hdtjdi}tt|dddd|dd|y)N MISSING_EXECterraform-toolsbinaryT)r check_hiddeninstall_if_missing custom_errorsstructured_output)MISSING_BINARYformatsuperr__init__selfkwargsr __class__s lib/surface/terraform/vet.pyrz+TerraformToolsTfplanToCaiOperation.__init__,sN--5F-GM ,d< #   c t||d|d|dtjg} |r| d|gz } |r| d|gz } |r| d|gz } | S)Nz --output-path --verbosityz --user-agentz --project--region--zone)r GetUserAgent) r!commandterraform_plan_jsonprojectregionzone verbosity output_pathr"argss r$_ParseArgsForCommandz7TerraformToolsTfplanToCaiOperation._ParseArgsForCommand8si  D {G$$d  z6""d  xd Kr%__name__ __module__ __qualname____doc__rrr3 __classcell__r#s@r$rr'sF- r%rc,eZdZdZiZfdZdZxZS)TerraformToolsValidateOperationz3operation for Terraform Tools validate-cai command.c fdtjdi}tt|dddd|d|y)NrrrTF)rrrrr)rrrr<rr s r$rz(TerraformToolsValidateOperation.__init__QsK--5F-GM )49  #   r%c P||d|dtjj|g}|S)Nr'--policy-library)ospath expanduser)r!r+ input_filepolicy_libraryr0r"r2s r$r3z4TerraformToolsValidateOperation._ParseArgsForCommand]s3  >*  D Kr%r4r:s@r$r<r<Ms;-  r%r<c.eZdZdZddiZedZdZy)VetrEXAMPLESz To validate that a terraform plan complies with a policy library at `/my/policy/library`: $ {command} tfplan.json --policy-library=/my/policy/library c|jdd|jddd|jdd d |jd d d y) Nr,ztFile which contains a JSON export of a terraform plan. This file will be validated against the given policy library.)helpr?Tz)Directory which contains a policy library)requiredrIr)Fz:Default zone to use for resources that do not have one setr(z|j:d}||j@z }|jFsPt=jHd}|jFjKd D] }|| |S#1swYxYw#1swYxYw#t<jB$r't!jDdj%|YwxYw)!N)accounttrue)GOOGLE_OAUTH_ACCESS_TOKENUSE_STRUCTURED_LOGGING) HTTP_PROXY http_proxy HTTPS_PROXY https_proxyNO_PROXYno_proxy)GOOGLE_PROJECTGOOGLE_CLOUD_PROJECTGCLOUD_PROJECT) GOOGLE_ZONE GCLOUD_ZONECLOUDSDK_COMPUTE_ZONE) GOOGLE_REGION GCLOUD_REGIONCLOUDSDK_COMPUTE_REGIONzcai_assets.jsonz%Setting project to {} from propertiesz!Setting project to {} from env {}zSetting region to {} from argsz Setting region to {} from env {}zSetting zone to {} from argszSetting zone to {} from env {}z tfplan-to-cai)r+r-r.r/r,r0r1envrzValidating resourceszAborted validation.)messageaborted_messagez validate-cai)r+rDrCr0rczvalidate-tfplanCAI TerraformT)as_jsonz,Could not parse {} policy validation output. )&rr<r r VALUEScorerOGetr@environitemsrTemporaryDirectoryrAjoinr-r debugrrGetEncodedValuer.r/r,r0 exit_coder ProgressTrackerrDstdoutrReadStructuredOutput resource_bodyStructuredOutputErrorwarningstderr!DefaultStreamStructuredErrHandlersplit)r!r2tfplan_to_cai_operationvalidate_cai_operationvalidate_tfplan_operationenv_varsproxy_env_namesproject_env_nameszone_env_namesregion_env_namesenv_keyenv_valtempdir cai_assetsr-r.r/response cai_responsetfplan_response violations policy_typemsghandlerlines r$RunzVet.Runs!@B<> ? A (9(9(>(>(F(F(J(J(L M  HO N  JJ,,. O ##/  ! ! #w77<<):;j!!&&..224g  9@@IJ(G,,RZZA'  II9@@" #  )f  299&AB'G++BJJ@&  II8??! "  (d yy 077=>%G))"**g>$  II6==dGL M  & )!"66NN h ))dn ! g $ #j  + +(/ 1."..!nn  4%..//nn  1k $P"o&?&?1&Ddn   1 $(A(AQ(Fdn J#(,"7+:I:K"L X  *!66oot-# )) )* #EEdKOO))$/D $-0"L [ 1 1k $ #p!66  ++DKK  sS2B%QBQ+BQ>A-Q4Q A QQ!Q&Q QQ#&7R R N)r5r6r7r8 detailed_help staticmethodrMrrr%r$rFrFjs0> -.Kr%rF)!r8 __future__rrros.pathr@googlecloudsdk.callioper&googlecloudsdk.command_lib.util.anthosrgooglecloudsdk.corer r r googlecloudsdk.core.consoler %googlecloudsdk.core.credentials.storer googlecloudsdk.core.utilrrrStreamingBinaryBackedOperationrBinaryBackedOperationr< ReleaseTracks ReleaseTrackALPHABETACommandrFrr%r$rs=&'(D#'*8E-*"#44#L&7&M&M:D%%++T->->-C-CDp$,,pEpr%