w<SrSSKJr SSKJr SSKJr SSKrSSKJ r SSK r SSK J r SSKJr SS KJr SS KJr SS KJr SS KJr SS KJr SSKJ r SS KJr SSKJr SSjr"SS\5r g)z$API client library for Applications.) annotations)Sequence)partialN)Any) exceptions) projects_api)utils)util)base)iam_util)log) propertiescUb [U5O[[R"55nURS5tp4S[ U5- S- nUS[ SU5R S5nUSU3$)aFConstructs a unique service account name with a UUID suffix. The service account ID must be between 6 and 30 characters. Args: application_id: str, The ID of the application. uuid_value: uuid.UUID, Optional. A UUID value to use instead of generating a new one. Returns: str, The constructed service account name. N-)struuiduuid4splitlenmaxrstrip)application_id uuid_valueuuid_str uuid_suffix_max_app_id_len app_id_parts 8lib/googlecloudsdk/api_lib/design_center/applications.pyConstructServiceAccountNamer"%ss!+ 6S_C >sC+ =+ ''c \rSrSrSr\R R4SjrSS\ R4SSjjr SSjr SSjr SrSS jrS S S S S .SS jjrSSjrSSSjjrSrg )ApplicationsClient<z1Client for Applications in the Design Center API.c[R"U5Ul[R"U5UlURR UlgN)r GetClientInstanceclientGetMessagesModulemessages&projects_locations_spaces_applications_service)self release_tracks r!__init__ApplicationsClient.__init__?s7))-8DK++M:DMKKFFDMr#c PSn[U5H nU"5 g X#-n [R "SU U5 [ R"SX4-5Ue![Ra=n X#-n [R"SU US-UU SS9 XS- :aU"U5 U nSn A MSn A ff=f)z&Retries an IAM operation on HttpError.NTz%s (Attempt %d/%d): %rr)exc_infoz%s (Failed after %d attempts).)rangeapitools_exceptions HttpErrorr warningerrorrError) r/ operation_fnerror_message_fmterror_message_args max_retries delay_secondssleeperlast_exceptionieformatted_base_messages r!_RetryIamOperation%ApplicationsClient._RetryIamOperationDsN ;  "/CII(   (,B+PP  '! * * !2!G $ " E     Q  -  sAB%(2B  B%cHUHnURXU4SjSXT45 M g)aiAdds a list of roles to a service account on a specific project. Args: project_ref: The project resource reference. service_account_email: str, The email address of the service account. roles: Sequence[str], A sequence of role names to grant. project_id: str, The ID of the project. Raises: exceptions.Error: If adding any role fails after retries. c8[R"USU3U5$)NserviceAccount:)rAddIamPolicyBinding)prsaeroles r!GApplicationsClient._AddRolesToServiceAccountOnProject..s ..#C5)r#z6Failed to add role %s to service account on project %sN)rF)r/ project_refservice_account_emailroles project_id role_to_grants r!"_AddRolesToServiceAccountOnProject5ApplicationsClient._AddRolesToServiceAccountOnProjectjs2&    C  % r#cUHcnURn[R"U5nURUUURUS9 [ R RSU-5 Me g)aAdds required roles to the service account for each project parameter. Args: project_parameters: A sequence of project parameter objects. service_account: str, The email address of the service account. Raises: exceptions.Error: If adding any role fails. )rRrSrTzLSuccessfully added required project roles to service account for project %s.N) projectIdcrm_util ParseProjectrVrSr statusPrint)r/project_parametersservice_accountppcurrent_project_idcurrent_project_refs r!_AddServiceAccountRoles*ApplicationsClient._AddServiceAccountRolessn!<<$112DE --  /' .  jj / 0!r#c  ^^^[R"U5n[R"US/5n U R=(d /n SU ;a[ R "SUS35eUn UbURS5Sn O[U5n U SUS3n URRURRUS95n U Rn[RR!S5 [RR!S U-5 TR"R%TR'[(R*"U5TR-U TR/S U 3S 9S 9S 95 [RR!SU -5 UR1X5 UU4SjmU4SjnU4Sjn[3XU5nUR5USX45 [RR!SU-5 [R"[R"U55R6n[8R:"5nSUSU3n[3UU U5nUR5USU U45 [RR!S5 SUSU 3$)aCreates and configures a service account for application deployment. Args: application_id: str, The ID of the application. name: str, The full resource name of the Application. project: str, The project ID. service_account: str, The email address of the service account, or None. user_account: str, The email address of the user. iam_client: The API client for IAM service accounts. iam_messages: The API messages module for IAM service accounts. Returns: str, The fully qualified service account resource name on success, or None on failure. Raises: exceptions.Error: If service account creation fails for reasons other than 409. ziam.serviceAccounts.createzDUser does not have permission to create service accounts in project z1. Required permission: iam.serviceAccounts.create@rz.iam.gserviceaccount.comnamez@Successfully described application and retrieved required roles.z,Creating service account for application: %szService account for ) displayName) accountIdserviceAccount)rhcreateServiceAccountRequestz(Successfully created service account: %sc 4>[R"U5nTRRTR US95n[R "TR UUS5 TRRTRUTRUS9S95 g)z._GrantActAsToPrincipals"<SU3nT"X5 g)z%Grant `actAs` permission to the user.zuser:N)rz user_accountr{rs r!_GrantActAsToUserOApplicationsClient._CreateAndConfigureServiceAccount.._GrantActAsToUsers|n%fX.r#c >SU3nT"X5 g)z2Grant `actAs` permission to the ADC service agent.rJNr)rzadc_service_agentr{rs r!_GrantActAsToAdcAgentSApplicationsClient._CreateAndConfigureServiceAccount.._GrantActAsToAdcAgents !2 34fX.r#z+Failed to grant actAs permission to user %sz1Successfully granted actAs permission to user %s.zservice-z5Failed to grant actAs permission to ADC service agentz;Successfully granted actAs permission to ADC service agent.z projects/z/serviceAccounts/)rZr[rTestIamPermissions permissionsrr;rr"r.Getr,9DesigncenterProjectsLocationsSpacesApplicationsGetRequestprojectParametersr r\r]rrCreate'IamProjectsServiceAccountsCreateRequestr ProjectToProjectResourceNameCreateServiceAccountRequestServiceAccountrcrrF projectNumberr GetP4saHost)r/rrhprojectr_rr~rrQresponseallowed_permissionsrzsa_name app_detailsr^rrgrant_user_funcproject_number p4sa_hostrgrant_agent_funcrs `` @r!!_CreateAndConfigureServiceAccount4ApplicationsClient._CreateAndConfigureServiceAccounts<''0K..23H$//52#+>>    YG I  H"%%c*1-g+N;g9AgY&>?h--## OO P K %66JJJ JJ6G''..<<66w?(4(P(P!+::"6xj A ; )Q) =  JJ?(JK  !3>6/ / /<HO5   JJ;\I"%%g&m!!#I">"2!I;?x): ? $% JJEwi0 ;;r#NFcU(d [S5eURRUUS9nU(aX&lO U(aX6lURR UUS9nUR RU5$)anCalls the ImportApplicationIaC RPC. Args: name: str, The full resource name of the Application. gcs_uri: str, The GCS URI of the IaC source. iac_module: messages.IaCModule, The IaCModule object. allow_partial_import: bool, Whether to allow partial imports. validate_iac: bool, Whether to only validate the IaC. Returns: The response from the API call. )Application name cannot be empty or None.)allowPartialImport validateIac)rhimportApplicationIaCRequest) ValueErrorr,ImportApplicationIaCRequestgcsUri iacModule?DesigncenterProjectsLocationsSpacesApplicationsImportIaCRequestr. ImportIaC)r/rhgcs_uri iac_moduleallow_partial_import validate_iacimport_iac_requestrequests r! ImportIacApplicationsClient.ImportIac7s  B CCBB/ C"") %/" UU(: V < == " "7 ++r#)replace worker_poolr_ create_sac U(d [S5eURS5Sn[RRR R 5nUnU(a`[RRRR 5n [R"5upURUUUUU U U S9n U nURRURRUURRUUUS9S95$)aCalls the DeployApplication RPC. Args: name: str, The full resource name of the Application. replace: bool, Flag to update the existing deployment. worker_pool: str, The user-specified Worker Pool resource. service_account: str | None, The email address of the service account. create_sa: bool, Whether to create a new service account. Returns: The response from the API call. r/rrhrr_rr~r)r workerPoolrk)rhdeployApplicationRequest)rrrVALUEScorerraccountiam_apiGetClientAndMessagesrr.Deployr, Sequence[Any]r?intr@r)rSz Sequence[str])r^r)NNFF) rhrrboolr str | Noner_rrrreturn Any | None)rhrrr)NNF)rhrrrr_rrr)__name__ __module__ __qualname____firstlineno____doc__r ReleaseTrackALPHAr1timesleeprFrVrcrrrrr__static_attributes__rr#r!r%r%<s9#'#4#4#:#:Gjj$$( $  $  $L  @'8O,J $$(1 1 1  1 " 111f!%$( - --" -  --r#r%r()!r __future__rcollections.abcr functoolsrrtypingrrapitools.base.pyrr7+googlecloudsdk.api_lib.cloudresourcemanagerr$googlecloudsdk.api_lib.design_centerr googlecloudsdk.api_lib.iamr rgooglecloudsdk.callioper googlecloudsdk.command_lib.iamr #googlecloudsdk.command_lib.projectsrZgooglecloudsdk.corer rr"objectr%rr#r!rsM+"$  >D66(3@*#*(.FFr#