|!SrSSKrSSKJr SSKrSSKrSSKrSSKJr SSK J r SSK J r SSK J r SSKJr SS KJr S rS rSS jr"S S5rg)z+Library to SSH into a Cloud Run Deployment.N)Sequence)apis) iap_tunnel) ssh_utils)ssh)log)requestszFhttps://www.gstatic.com/cloud-run/ssh-ca-public-keys/keys-{region}.pubc[R"SS5n[R"SS5nURUS9nURR U5nUR $)zBReturns the Cloud project number associated with the `project_id`.cloudresourcemanagerv1) projectId)rGetMessagesModuleGetClientInstance&CloudresourcemanagerProjectsGetRequestprojectsGet projectNumber) project_idcrm_message_moduleresource_managerreqprojects %lib/googlecloudsdk/api_lib/run/ssh.pyProjectIdToProjectNumberr$sg--.DdK++,BDIAA B #  % % ) )# .'   c 0n X9S'XIS'XS'XiS'XyS'[R"5n URU lXlXZlX*lU(aU RRSU-5 U $)aDConstruct an SshTunnelArgs from command line args and values. Args: track: ReleaseTrack, The currently running release track. project_number: str, the project number (string with digits). project: str, the project id. deployment_name: str, the name of the deployment. workload_type: Ssh.WorkloadType, the type of the workload. region: str, the region of the deployment. instance_id: str, the instance id (optional). container_id: str, the container id (optional). iap_tunnel_url_override: str, the IAP tunnel URL override (optional). Returns: SshTunnelArgs. deployment_name workload_typeproject_number instance_id container_idz--iap-tunnel-url-override=) r SshTunnelArgsprefixtrackcloud_run_argsregionrpass_through_argsappend) r$rrrrr&r r!iap_tunnel_url_overrider%ress rCreateSshTunnelArgsr+/s8.&5"#$1!%3!""-#/   "#ll#)%*+  $'>>@ *rc\rSrSrSr"SS\R 5rS\RS\4Sjr Sr S r S r S \\S -4S jrSrg )Ssh_z SSH into a Cloud Run Deployment.c(\rSrSrSrSrSrSrSrSr g) Ssh.WorkloadTypebzThe type of the deployment. worker_pooljobserviceinstanceN) __name__ __module__ __qualname____firstlineno____doc__ WORKER_POOLJOBSERVICEINSTANCE__static_attributes__r6rr WorkloadTyper0bs%K CGHrrAargsrcbURUlX lURUl[UR5Ul[ USS5Ul[ USS5UlURUlURUl [ USS5Ul UR5Ul g)zInitialize the SSH library.r5N containerr)) rrrrrgetattrr5rDr& release_trackr)_GetServiceAccountFromWorkloadservice_account)selfrBrs r__init__ Ssh.__init__js//D&<>@Drc S/nURURR:XaUR/SQ5 OURURR:XaUR/SQ5 OURURR :XaUR/SQ5 OPURURR :XaUR/SQ5 O[SUR35eURURSURSURS S /5 [R"U[RS 9n[R"U5nUR!S 05R!S 05nUR!S05R!S05R!S5nUS:Xa [S5eUR!S 05R!S5nU(d [S5eU$![R"a-n[SUR$R'S535UeSnAff=f)z:Retrieves the service account from the Cloud Run workload.gcloud)runservicesdescribe)betarNz worker-poolsrP)rNjobsrP)alpharN instancesrPzUnsupported workload type: z--regionz --projectz--formatjson)stderrspectemplatemetadata annotationsz(run.googleapis.com/execution-environmentgen1z4SSH is not supported for Cloud Run gen1 deployments.serviceAccountNamez'Service account not found for workload.zError describing deployment: zutf-8N)rrAr>extendr<r=r? ValueErrorrr&r subprocess check_outputPIPErUloadsgetCalledProcessErrorrVdecode)rIcommandoutput service_datarXexecution_environmentrHes rrG"Ssh._GetServiceAccountFromWorkloadysjG T..666 nn45  t00<< < nn@A  t0044 4 nn01  t0099 9 nn>? 4T5G5G4HI JJ NN   &&wzGf ZZ'l!!&"-11*bAh ,,z2 & 3}b ! 39 : & (OPP VR0445IJo BCC #  ( (  )!((//'*B)C D  s3#HI(IIcg)z2Returns the host key alias for the SSH connection.zcloud-run-defaultr6)rIs r HostKeyAliasSsh.HostKeyAliass rc[RR5nUR5 [RR 5nUR SS9 Sn[R"SSUUR5R5SURURURURURURS.S9 [R "URURURURS9nUR#5n[R$"XS5nUR'5nU(aG[R(R+5nUR-U[/U5S9 UR15 [3URUR4URURURURUR6UR8UR:5 n [<R>"5n U RAUS S 9n [RB"UUU U URDS 9RGU5$) zRun the SSH command.F) overwriterootN)rrr&rHr)cloud_run_params)rr& deploymentr) host_patternca_public_keysno)host_key_aliasstrict_host_key_checking)remote cert_fileiap_tunnel_argsoptions identity_file)$r EnvironmentCurrent RequireSSHKeys FromFilenameEnsureKeysExistGetOsloginState GetPublicKeyToEntryrFrrr&rHrCertFileFromCloudRunDeploymentrmRemote_FetchSshCaPublicKeys KnownHostsFromDefaultFileAddCertAuthoritylistWriter+rr5rDr)rBaseSSHCLIHelper GetConfig SSHCommandkey_fileRun) rIenvkeysuserrz dest_addrryca_keys known_hostsr{ ssh_helper ssh_optionss rrSsh.Runs // ! ! #CNN 88 "D5) D    ##%  #33,,kk#33!//  22 {{''(( I !!#I ZZ (F((*GNN224k"" g#)         $$ O++-J&& !%'K >>'mm    c#h rreturnNcR[RURS9n[R"5nUR USS9nSSS5 WR S:wa#[R"SUUR 5 gURR5Vs/sH)oDR5(dMUR5PM+ sn$!,(df  N=fs snf![RRRa [R"SUSS 9 gf=f) zRetrieves the CA public keys for the current region from a gstatic URL. Returns: A Sequence of strings, where each string is a public key, or None if the keys could not be fetched. )r& )timeoutNzDFailed to fetch SSH CA public keys from %s. Received status code: %sz+Failed to fetch SSH CA public keys from %s.T)exc_info)SSH_CA_PUBLIC_KEY_URL_TEMPLATEformatr& core_requests GetSessionrc status_coderdebugtext splitlinesstripr exceptionsRequestException)rIendpointsessionresponseks rrSsh._FetchSshCaPublicKeyss.44DKK4HHJ  # # %;;x;4 &    $      !)!9!9!; I!;Awwyiaggi!; II% & %$J!  ! ! , , = = ii 7   s4C%CC%C 8C  CC%%>D&%D&) rDrr)r5rrr&rFrHr)r7r8r9r:r;enumEnumrAargparse NamespacerJrGrmrrstrrr@r6rrr-r-_sZ(TYY A8-- Al A+ZAFJXc]T%9Jrr-)NNN)r;rcollections.abcrrrUr_googlecloudsdk.api_lib.utilr"googlecloudsdk.command_lib.computerr#googlecloudsdk.command_lib.util.sshrgooglecloudsdk.corerr rrrr+r-r6rrrsZ2$ ,983#9M $ - `jJjJr