FSrSSKrSSKJrJr SSKJr SSKJr SSKJ r SSK J r SSK J r SS K J r SS K Jr SS K Jr SS KJr SS KJr SSKJr SSKJr SSKJr SrSr"SS5r"SS5rg)z)Functions to add flags in fleet commands.N)IteratorList)messages)types)util) arg_parsers)base) exceptions)parser_arguments)parser_extensions)concepts)errors) arg_utils)concept_parsers) resourcesz8projects/([^/]+)/platforms/gke/policies/([a-zA-Z0-9_-]+)z1Cannot specify --{opt} without --{prerequisite}. c\rSrSrSrS\R 4Sjr\S5r \S\ \ 4Sj5r \S\ 4Sj5r \S\R4S j5rS rS rS rS \R 4SjrS\R 4SjrS\R 4SjrS \R 4SjrS\R 4SjrS\R 4SjrS \R 4SjrSrSrSrSrSrg) FleetFlags1z'Add flags to the fleet command surface.parsercXlgN_parser)selfrs 7lib/googlecloudsdk/command_lib/container/fleet/flags.py__init__FleetFlags.__init__4s LcUR$rrrs rrFleetFlags.parser:s <<rreturnc.URR$)aReturns the command name. This provides information on the command track, command group, and the action. Returns: A list of command, for `gcloud alpha container fleet operations describe`, it returns `['gcloud', 'alpha', 'container', 'fleet', 'operations', 'describe']`. )r command_namer s rr$FleetFlags.command_name>s ;; # ##rc URS$)N)r$r s ractionFleetFlags.actionLs   R  rcURSS:Xa[RR$URSS:Xa[RR$[RR $)z6Returns the release track from the given command name.alphabeta)r$r ReleaseTrackALPHABETAGAr s r release_trackFleetFlags.release_trackPs` w&    $ $$  1  '    # ##    ! !!rcV[RRUR5 gr)r ASYNC_FLAG AddToParserrr s rAddAsyncFleetFlags.AddAsyncZsOO ,rcBURRS[SS9 g)Nz--display-namezcDisplay name of the fleet to be created (optional). 4-30 characters, alphanumeric and [ '"!-] only.)typehelpr add_argumentstrr s rAddDisplayNameFleetFlags.AddDisplayName]s$KK  : rcURRSS9nURU5 URU5 UR U5 g)Nz9Default cluster configurations to apply across the fleet.r;)r add_group_AddSecurityPostureConfig_AddBinaryAuthorizationConfig_AddCompliancePostureConfig)rdefault_cluster_config_groups rAddDefaultClusterConfig"FleetFlags.AddDefaultClusterConfiggsN#';;#8#8 H$9$  ""#?@&&'CD$$%ABrrGcfURSS9nURU5 URU5 g)NzSecurity posture config.rB)rC_AddSecurityPostureMode%_AddWorkloadVulnerabilityScanningMode)rrGsecurity_posture_config_groups rrD$FleetFlags._AddSecurityPostureConfigos?%A$J$J '%K%!   !>?../LMrrMcTURS/SQS[R"S5S9 g)N--security-posturedisabledstandard enterprisez To apply standard security posture to clusters in the fleet, $ {command} --security-posture=standard choicesdefaultr;r=textwrapdedentrrMs rrK"FleetFlags._AddSecurityPostureModexs1"..6 __ / rcTURS/SQS[R"S5S9 g)N!--workload-vulnerability-scanningrQz To apply standard vulnerability scanning to clusters in the fleet, $ {command} --workload-vulnerability-scanning=standard rUrXr[s rrL0FleetFlags._AddWorkloadVulnerabilityScanningModes1"..+6 __ / rcfURSS9nURU5 URU5 g)NzBinary Authorization config.rB)rC_AddBinauthzEvaluationMode_AddBinauthzPolicyBindings)rrG!binary_authorization_config_groups rrE(FleetFlags._AddBinaryAuthorizationConfigs?)E(N(N +)O)% ##$EF##$EFrrcc XURSSS/SS[R"S5S9 g)N--binauthz-evaluation-moderRpolicy-bindingscBURSS5R5$)N_-)replacelower)xs r7FleetFlags._AddBinauthzEvaluationMode..sqyyc*002rz Configure binary authorization mode for clusters to onboard the fleet, $ {command} --binauthz-evaluation-mode=policy-bindings )rVr:rWr;rX)rrcs rra%FleetFlags._AddBinauthzEvaluationModes<&22$./3 __3 rc [R"[S5nURSSSS[R "S5[R "SU0S/SS9S 9 g) NzsGKE policy resource names have the following format: `projects/{project_number}/platforms/gke/policies/{policy_id}`--binauthz-policy-bindingsappendzname=BINAUTHZ_POLICYz The relative resource name of the Binary Authorization policy to audit and/or enforce. GKE policies have the following format: `projects/{project_number}/platforms/gke/policies/{policy_id}`.namer+)spec required_keys max_length)rWr(metavarr;r:)rRegexpValidator_BINAUTHZ_GKE_POLICY_REGEXr=rYrZArgDict)rrcplatform_policy_types rrb%FleetFlags._AddBinauthzPolicyBindingssw'66" I &22$& __MN ,"(  3rc URSSS9nURSSS/SS[R"S 5S 9 URS [R "5SS [R"S 5S9 g)z'Add compliance (posture) configuration.zCompliance configuration.T)r;hiddenz --complianceenabledrRNzcompliance=MODEz To enable compliance for clusters in the fleet, $ {command} --compliance=enabled To disable compliance for clusters in the fleet, $ {command} --compliance=disabled )rVrWrxr;z--compliance-standardszcompliance-standards=STANDARDSz To configure compliance standards for clusters in the fleet supply a comma-delimited list: $ {command} --compliance-standards=standard-1,standard-2 If this flag is supplied, it cannot be empty. )r:rWrxr;)rCr=rYrZrArgList)rrGcompliance_posture_config_groups rrF&FleetFlags._AddCompliancePostureConfigs'C&L&L ('M'#$00J'! __   1 $00  "0 __ 1 rc[R"SS[RURUR 5[R S9$)Nz$gkehub.projects.locations.operations operation) resource_name api_version locationsId projectsId)r ResourceSpecr VERSION_MAPr2_LocationAttributeConfig DEFAULT_PROJECT_ATTRIBUTE_CONFIGr s r_OperationResourceSpec!FleetFlags._OperationResourceSpecsD  .!$$T%7%78113<<  rc[RRSUR5SR UR 5SS9R UR5 URRSS9 g)Nrzoperation to {}.T) group_helprequiredglobal)location) r ConceptParser ForResourcerformatr(r6r set_defaultsr s rAddOperationResourceArg"FleetFlags.AddOperationResourceArgsd!!-- ##%%,,T[[9 . k$++KKh/rc,[R"SSS9$)z.Gets Google Cloud location resource attribute.rz)Google Cloud location for the {resource}.)rt help_text)r ResourceParameterAttributeConfigr s rr#FleetFlags._LocationAttributeConfigs  4 4 = rcDURRS[SSS9 g)Nz --locationzThe location name.rj)r:r;rWr<r s r AddLocationFleetFlags.AddLocation s%KK  ! rrN) __name__ __module__ __qualname____firstlineno____doc__r ArgumentInterceptorrpropertyrrr>r$r(r r.r2r7r?rHrDrKrLrErarbrFrrrr__static_attributes__rrrr1s5/22     $DI $  $ !c! ! "T.." "-CN*:*N*NN +;+O+O  +;+O+O G*:*N*NG)9)M)M&)9)M)M6%*:*N*N%N0rrcv\rSrSrSrS\R S\R4Sjr S\ RS\ 4Sjr S\ R4S jrSS\R 4S jjrS\4S jrS\4S jrS\ 4SjrS\R*4SjrS\R.4SjrS\R24SjrSS\R64SjjrS\R:4SjrS\\R@4Sjr!SS\RDS\RD4Sjjr#SS\RH4Sjjr%S\&RN4Sjr(S\4Sjr)S\*4Sjr+S\*4Sjr,Sr-g )FleetFlagParseriz)Parse flags during fleet command runtime.argsr2cRXlX l[R"U5Ulgr)rr2rGetMessagesModuler)rrr2s rrFleetFlagParser.__init__s!I&**=9DMrmessager"c(U[U5"5:H$)zDetermines if a message is empty. Args: message: A message to check the emptiness. Returns: A bool indictating if the message is equivalent to a newly initialized empty message instance. )r:rrs rIsEmptyFleetFlagParser.IsEmpty s d7mo %%rc4URU5(dU$g)z/Trim empty messages to avoid cluttered request.N)rrs r TrimEmptyFleetFlagParser.TrimEmpty,s << n rNcURR5n[R"UR 55UlUR 5UlURU5Ul U$)zFleet resource.) rFleetrFleetResourceNameProjectrt _DisplayName displayName_DefaultClusterConfigdefaultClusterConfig)rexisting_fleetfleets rrFleetFlagParser.Fleet3sW MM   !E'' 7EJ))+E!%!;!;N!KE Lrc.URR$r)r display_namer s rrFleetFlagParser._DisplayName<s 99 ! !!rcB[R"URSSS9$)Nz --projectT) use_defaults)rGetFromNamespacerr s rrFleetFlagParser.Project?s  % %dii4 PPrc.URR$)zParses --async flag. The internal representation of --async is set to args.async_, defined in calliope/base.py file. Returns: bool, True if specified, False if unspecified. )rasync_r s rAsyncFleetFlagParser.AsyncBs 99  rcURR5nUR5UlUR 5UlUR U5$r)rSecurityPostureConfig_SecurityPostureModemode!_VulnerabilityModeValueValuesEnumvulnerabilityModer)rrets r_SecurityPostureConfig&FleetFlagParser._SecurityPostureConfigMsD -- - - /C((*CH BBDC >># rcSURR5;agURRRnUR UR URS.nX RR$)zParses --security-posture.rPNrQ) rGetSpecifiedArgsrrModeValueValuesEnumDISABLEDBASIC ENTERPRISEsecurity_posturer enum_typemappings rr$FleetFlagParser._SecurityPostureModeSsf499#=#=#??  33GGI&&OO**G 99-- ..rcSURR5;agURRRnUR UR URS.nX RR$)z)Parses --workload-vulnerability-scanning.r^NrQ) rrrr VulnerabilityModeValueValuesEnumVULNERABILITY_DISABLEDVULNERABILITY_BASICVULNERABILITY_ENTERPRISEworkload_vulnerability_scanningrs rr1FleetFlagParser._VulnerabilityModeValueValuesEnumbso+$))2L2L2NN  ++LL441188G 99<< ==rcZURR5nUR5Ul[ UR 55UlUcUnO>UnURbURUlUR bUR UlUR (a:UR(d)[R"S[RSSS95eURURRRR:Xa/UlURU5$)z$Construct binauthz config from args.rrzbinauthz-evaluation-modezbinauthz-policy-bindings) prerequisiteopt)rBinaryAuthorizationConfig_EvaluationModeevaluationModelist_PolicyBindingspolicyBindingsr InvalidArgumentException_PREREQUISITE_OPTION_ERROR_MSGrEvaluationModeValueValuesEnumrr)rexisting_binauthz new_binauthzrs r_BinaryAuthorizationConfig*FleetFlagParser._BinaryAuthorizationConfigss==::L c c  $ $ 0)88  $ $ 0)88 #"4"4  / / & ( / /5, 0    //MMVVc >># rcSURR5;agURRRnUR UR S.nX RR$)z"Parses --binauthz-evaluation-mode.rfN)rRrg)rrrrrrPOLICY_BINDINGSbinauthz_evaluation_moders rrFleetFlagParser._EvaluationModesf$499+E+E+GG  //MM&&$44G 9955 66rcR^TRRnUb U4SjU5$/$)z"Parses --binauthz-policy-bindings.c3\># UH!nTRRUSS9v M# g7f)rt)rtN)r PolicyBinding).0bindingrs r 2FleetFlagParser._PolicyBindings..s.(g -- % %76? % ;(s),)rbinauthz_policy_bindings)rpolicy_bindingss` rrFleetFlagParser._PolicyBindingss1ii88O"( Ir existing_cfgcUbUOURR5nURRc(URRcUR U5$URRGbURRS;a*[ R"URR5eURRS:Xa-URRb[ R"S5eURRS:Xa0URRRRUl OIURRS:Xa/URRRRUl URc[ R"S5eURRb`URRVs/sHnURRUS9PM nnU(d[ R"S5eXBlUR U5$s snf)z0Construct compliance (posture) config from args.>rrRrRz@Cannot configure compliance standards when disabling Compliance.rzECannot configure compliance standards without a mode first being set.)rSz@--compliance-standards must be a non-empty comma-delimited list.)rCompliancePostureConfigr compliancecompliance_standardsrrInvalidComplianceModeConfiguringDisabledCompliancerENABLEDrrConfiguringMissingComplianceComplianceStandardcomplianceStandards)rrcfgsdesired_standardss r_CompliancePostureConfig(FleetFlagParser._CompliancePostureConfigs  #  ]] 2 2 4 yy# (F(F(N ^^C   yy'   %< <**499+?+?@@ ))  * ,ii,,822 N      * MM 1 1 E E M M  99  : - MM 1 1 E E N N   xx  / /    yy%%199111a -- * *A * 6111 N  !2 >># s'#IcUb UROSnURR5nUR5UlUb!UR UR 5UlOUR 5UlUb!URUR5UlOUR5UlURU5$)zConstruct default cluster config from args. Args: existing_fleet_cfg: proto message of any currently existing configuration. Returns: Proto message for the default cluster configuration. N) rrDefaultClusterConfigrsecurityPostureConfigrbinaryAuthorizationConfigrcompliancePostureConfigr)rexisting_fleet_cfgexisting_default_cluster_configrs rr%FleetFlagParser._DefaultClusterConfigs  ) // $ -- , , .C $ ; ; =C&2&*&E&E ) C C'c#'+&E&E&Gc#&2$($A$A ) A A%c!%)$A$A$Cc! >># rc^URRRR5$)z#Parses resource argument operation.)rCONCEPTSrParser s r OperationRefFleetFlagParser.OperationRef s! 99   ' ' - - //rc.URR$r)rrr s rLocationFleetFlagParser.Locations 99  rc.URR$)z$Returns page size in a list request.)r page_sizer s rPageSizeFleetFlagParser.PageSizes 99  rc.URR$)z Returns limit in a list request.)rlimitr s rLimitFleetFlagParser.Limits 99??r)rrr2r).rrrrrr Namespacer r.rrMessageboolrrrrr>rrrrr(SecurityPostureConfigModeValueValuesEnumr5SecurityPostureConfigVulnerabilityModeValueValuesEnumrrr6BinaryAuthorizationConfigEvaluationModeValueValuesEnumrrrrr rrrrResourcer#r&intr*r.rrrrrrsz1:#--:>B>O>O: &X-- &$ &x//%++"C"QsQ T e&A&A / 55 /> BB>$#! &&!F7 CC7 x(;(;<;?7777 $$7v! !!!F0I..0Srr)rrYtypingrrapitools.base.protorpcliter&googlecloudsdk.api_lib.container.fleetrrgooglecloudsdk.callioperr r r r googlecloudsdk.calliope.conceptsr *googlecloudsdk.command_lib.container.fleetr$googlecloudsdk.command_lib.util.apisr(googlecloudsdk.command_lib.util.conceptsrgooglecloudsdk.corerrzrrrrrrrAsd0!/87/(.455=:D)?" bbJCCr