(@SrSSKJrJr SSKJr SSKJr SSK J r SSK Jr SSK Jr SSKJr SSKJr SS KJr SSKJr SS KJr SS KJr SS KJr SSKJr SSKJr SS KJ r SSKJ!r! SSK"J#r# Sr$Sr%S/r&/SQr'"SS\RP\RR5r*Sr+g)z7Utilities for interacting with the Connect Gateway API.)ListUnion) projects_api)util)client) enable_api)apis)base)api_util)gwkubeconfig_util) overrides)errors)log) properties) platformsz0connectgateway_{project}_{location}_{membership}zihttps://{service_name}/{version}/projects/{project_number}/locations/{location}/{collection}/{membership}gkehub.gateway.get)zgkehub.memberships.getrzserviceusage.services.getc \rSrSrSrSSjrSS\S\S\S\\S44S jjr SS jr S \S \ \4S jr Sr SSjr\S5rSrg)GetCredentialsCommand2zeGetCredentialsCommand is a base class with util functions for Gateway credential generating commands.Nc[R"5 [RR 5n[ R RS5 [ R RSU-5 URU[5 [RRRS5R5n[!U["R$"US55 UR'XBU5nSnUS:XaOI[)US5(a8[)UR*S5(aUR*R,(aSnUR/["R$"XR5UUUUU5 S UR1XBX5-S -n[ R RU5 g![Ra SnNf=f) Nz'Starting to build Gateway kubeconfig...zCurrent project_id: gkehub membershipszgkeconnect-proberendpoint gkeClustergkeMembershipsA new kubeconfig entry "4" has been generated and set as the current context.)container_utilCheckKubectlInstalledhub_base HubCommandProjectrstatusPrint RunIamCheckREQUIRED_CLIENT_PERMISSIONSrVALUESapi_endpoint_overridesPropertyGetNoSuchPropertyErrorCheckGatewayApiEnablementrGetConnectGatewayServiceNameReadClusterMembershiphasattrrrGenerateKubeconfig KubeContext) self membership_id arg_location arg_namespace project_idhub_endpoint_override membership collectionmsgs 9lib/googlecloudsdk/command_lib/container/fleet/gateway.pyRunGetCredentials'GetCredentialsCommand.RunGetCredentials6s((*$$,,.JJJ>?JJ+j89Z!<=#(//FFOO   ))*?F ++-J J((  J'' J'' 6 6    * *#j ))*?N  #    m   A  AJJSU  ) )#"#s 7F**GGr3r4force_use_agentr5c [RRS5 [R"5 [ R R5n[ R RSS9nURU[5 Sn[RR5(a$[R"UR55n[ R""U5 [$R&"UR55nUR)SUSUSU3UUUS9n SSS5 [*R,R/W R05n [*R,R35n U R5U SS 9 U R7[9U R:R=55S 5 U R?5 S U R@S 3n [RRU 5 g!,(df  N=f) aRunServerSide generates credentials using server-side kubeconfig generation. Args: membership_id: The short name of the membership to generate credentials for. arg_location: The location of the membership to generate credentials for. force_use_agent: Whether to force the use of Connect Agent in generated credentials. arg_namespace: The namespace to use in the kubeconfig context. zFetching Gateway kubeconfig...T)numberNz projects/z /locations/z /memberships/)namer>kubernetes_namespaceoperating_system) overwriterrr)!rr#r$rrr r!r"r%REQUIRED_SERVER_PERMISSIONSrOperatingSystem IsWindows gateway_utilWindowsOperatingSystem ReleaseTrackr RegionalGatewayEndpointgateway_client GatewayClientGenerateCredentialskconfig Kubeconfig LoadFromBytes kubeconfigDefaultMergeSetCurrentContextlistcontextskeys SaveToFilecurrent_context) r2r3r4r>r5r6project_numberrCrrespnewrRr:s r; RunServerSide#GetCredentialsCommand.RunServerSidens"JJ56((*$$,,.J((000=N  Z!<=  **,,%<<      * *< 8++D,=,=,?@f  ' '>*+l^=Q^P_`),+ (d 9    * *4?? ;C##++-JSD)  cll&7&7&9!:1!=> #:#=#=">?5 5JJS) 9 8s %AG99 HcL[RXUS9nU(aUSU-- nU$)N)projectlocationr8z_ns-)KUBECONTEXT_FORMATformat)r2r6rbr8 namespacekcs r;r1!GetCredentialsCommand.KubeContexts5  " "* # BFY b Ir6 permissionsc[R"U5n[R"X25nURn[ U5R [ U55(d[R"5eg)z^Run an IAM check, making sure the caller has the necessary permissions to use the Gateway API.N) project_util ParseProjectrTestIamPermissionsrisetissubsetmemberships_errorsInsufficientPermissionsError)r2r6ri project_refresultgranted_permissionss r;r%!GetCredentialsCommand.RunIamChecks^++J7K  , ,[ FF ,, {  $ $S)<%= > >  ; ; == ?rhc\[R"XU5n[R"U5$N) hubapi_util MembershipRef GetMembership)r2r6rbr8 resource_names r;r.+GetCredentialsCommand.ReadClusterMemberships%--jJOM  $ $] 33rhc :[R"U5nUUU[RUUR 5UUUUS9SS.nSS0n 0n UR X#XV5n UR X#U5n [ RR5n [ R"XX5U RU '[ R"U 40U D6U RU '[ R"XS40U D6U RU 'U RU 5 U R!5 U $)N) service_nameversionr[rbr9r8gcp)r8rbr6server auth_providerrr)rkGetProjectNumber SERVER_FORMATrd GetVersionr1rOrPrSContextrWUserusersClusterclustersrUrY)r2r~r6rbr9r8rer[kwargs user_kwargscluster_kwargscontextclusterrRs r;r0(GetCredentialsCommand.GenerateKubeconfigs+"22:>N  &&%OO%)!! '  F KNzZKGzZ@G##++-J#*??'$J !( W D DJW#*??!$%3$J   ) rhc UR5[RRLagUR5[RRLagUR5[RRLagg)Nv1alpha1v1beta1v1)rJr ALPHABETAGA)clss r;r GetCredentialsCommand.GetVersionse T..444    t0055 5    t0033 3  rhrw)FN)__name__ __module__ __qualname____firstlineno____doc__r<strboolrr^r1rr%r.r0 classmethodr__static_attributes__rrhr;rr2sm6x$(, 555 5 39% 5n>C>d3i>4*Xrhrc [R"X5(d/[R"UU[R "SX55 gg![R Ra gf=f)aChecks if the Connect Gateway API is enabled for a given project. Prompts the user to enable the API if the API is not enabled. Defaults to "No". Throws an error if the user declines to enable the API. Args: project_id: The ID of the project on which to check/enable the API. service_name: The name of the service to check/enable the API. Raises: memberships_errors.ServiceNotEnabledError: if the user declines to attempt to enable the API. exceptions.GetServicesPermissionDeniedException: if a 403 or 404 error is returned by the Get request. apitools_exceptions.HttpError: Another miscellaneous error with the listing service. api_exceptions.HttpException: API not enabled error if the user chooses to not enable the API. zConnect Gateway APIN)rIsServiceEnabledr PromptToEnableApirpServiceNotEnabledErrorapitools_exceptions RequestError)r6r~s r;r,r,sh(  $ $Z > >       3 3#\  ?  # # 0 0   s-A A-,A-N),rtypingrr+googlecloudsdk.api_lib.cloudresourcemanagerr googlecloudsdk.api_lib.containerrr5googlecloudsdk.api_lib.container.fleet.connectgatewayrrLrHgooglecloudsdk.api_lib.servicesrgooglecloudsdk.api_lib.utilr googlecloudsdk.callioper *googlecloudsdk.command_lib.container.fleetr rxr r rOr 6googlecloudsdk.command_lib.container.fleet.membershipsrrp#googlecloudsdk.command_lib.projectsrkgooglecloudsdk.corerrgooglecloudsdk.core.utilrrcrrEr&r!Commandrr,rrhr;rs>DCZV6,(NGS@_GD#*.G{ ~H//~B  rh