7SrSSKrSSKJr SSKJr SSKJr SSKJr SSK J r SSK J r SS KJr S rS rS rS rSrSrSrSrSrSrSrSrSrSrSrSrSr Sr!Sr"Sr#Sr$Sr%S r&g)!z!The python hooks for IAM surface.N)util)apis) arg_parsers) exceptions)iam_util) arg_utils)logc&AURS5(ay[R"5up4URURR S5URR S5URR S5S9nXRlU$)aPython hook to add condition from --condition-from-file to request. Args: ref: A resource ref to the parsed resource. args: Parsed args namespace. request: The apitools request message to be modified. Returns: The modified apitools request message. condition_from_file descriptiontitle expression)r r r) IsSpecifiedrGetClientAndMessagesExprr get condition)refargsrequest_messagescondition_messages +lib/googlecloudsdk/command_lib/iam/hooks.py"UpdateRequestWithConditionFromFilers  +,,++-KA ,,00?&&**73++// =& * .cJ[R"SSRUS95$)Nzcondition-from-filez{filename} must be a path to a YAML or JSON file containing the condition. `expression` and `title` are required keys. `description` is optional.filename)gcloud_exceptionsInvalidArgumentExceptionformatrs r_ConditionFileFormatExceptionr#4s)  3 3&(&+  rc|[R"5"U5n[R"U[ U55nU$)z&Read condition from YAML or JSON file.)r FileContentsrParseYamlOrJsonConditionr#)r rcondition_dicts rParseConditionFromFiler(=s<&&()<=)44./BC. rcAUR[UR5S- S/SQ:Xa9[RR SR UR 55 gg)N)iamservice-accountsenablezEnabled service account [{}]. command_pathlenr statusPrintr"service_accountresponsers rEnableIamAccountConfirmationr6Gs] s4,,-1349 JJ'..t/C/CD rcAUR[UR5S- S/SQ:Xa9[RR SR UR 55 gg)Nr*)r+r,disablezDisabled service account [{}].r.r4s rDisableIamAccountConfirmationr9Ss] s4,,-1349 JJ(//0D0DE rcA[RRSRURUR 55 g)Nz,Enabled key [{0}] for service account [{1}].r r1r2r"iam_key iam_accountr4s rEnableIamKeyConfirmationr>_s4**4;; ,,((rcA[RRSRURUR 55 g)Nz-Disabled key [{0}] for service account [{1}].r;r4s rDisableIamKeyConfirmationr@hs4**5<< ,,((rc0UR5UlU$)z)Add service account name to request name.) RelativeNamename)r unused_argsrs rSetServiceAccountResourcerEqs!!#', .rcvAAURR(dSS/n[R"US5eU$)z.Validate the field mask for an update request.z--display-namez --descriptionz%Specify at least one field to update.)patchServiceAccountRequest updateMaskr OneOfArgumentsRequiredException)rrDr update_fieldss rValidateUpdateFieldMaskrKxsB ;  + + 6 6%7M  ; ;>  .rc^U4SjnU$)zDSet requestedPolicyVersion to max supported in GetIamPolicy request.cX>AA[R"UT[R5 U$)N)rSetFieldInMessager!MAX_LIBRARY_IAM_SUPPORTED_VERSION)rrr api_fields rProcess-UseMaxRequestedPolicyVersion..Processs* T HFF Nr)rPrQs` rUseMaxRequestedPolicyVersionrTs .rc^U4SjnU$)z3Add ',version' to update_mask if it is not present.c>AA[R"UT5nSU;a UcSnOUS- n[R"UTU5 U$)z+The implementation of Process for the hook.versionz,version)rGetFieldValueFromMessagerN)rrr update_maskupdate_mask_paths rrQ3AddVersionToUpdateMaskIfNotPresent..ProcesssP T44W>NOK #   z!  )9;G NrrS)rZrQs` r"AddVersionToUpdateMaskIfNotPresentr\s  .rcdUR5(d[R"SS5eSU-$)N account_idzSAccount unique ID should be a number. Please double check your input and try again.zprojects/-/serviceAccounts/)isdigitr r!)r^s r"CreateFullServiceAccountNameFromIdr`s9       4 4   ' 33rc[R"5"U5R5nURS5$![Ra+n[R "SSR U55eSnAff=f)a+Generate public key data from a path. Args: path: (bytes) the public key file path given by the command. Raises: InvalidArgumentException: if the public key file path provided does not exist or is too large. Returns: A public key encoded using the UTF-8 charset. public_key_filez1{}. Please double check your input and try again.Nzutf-8)rr%stripArgumentTypeErrorr r!r"encode)pathpublic_key_dataes rGeneratePublicKeyDataFromFilerisr!..06<<>O    ((  & &  4 4;BB1E s)<A;&A66A;cfA[R"SS5n[X!U5 [X!U5 U$)zsAdd ExtraAttributesOAuth2Client and ExtendedAttributesOAuth2Client fields to create workforcePoolProvider requests.r+v1)rGetMessagesModule$SetExtraAttributesOauth2ClientFields'SetExtendedAttributesOauth2ClientFieldsrrrrs r2AddCreateExtraAndExtendedAttributesConfigToRequestrps2  # #E4 0(&wh?)'B .rcA[R"SS5nURb+UR(a[R"USS5 U$[ X!U5 U$)PAdd ExtraAttributesOAuth2Client fields to update workforcePoolProvider requests.r+rkNz1workforcePoolProvider.extraAttributesOauth2Client)rrlclear_extra_attributes_configrrNrmros r*AddClearableExtraAttributesConfigToRequestrts[  # #E4 0( ((4  , , ;  .)A .rcA[R"SS5nURb+UR(a[R"USS5 U$[ X!U5 U$)rrr+rkNz4workforcePoolProvider.extendedAttributesOauth2Client)rrl clear_extended_attributes_configrrNrnros r-AddClearableExtendedAttributesConfigToRequestrws[  # #E4 0( ++7  / / >  .,G8D .rcURbURRnSUR;a#[R"USUR 5 OeSUR;a#[R"USUR 5 O2SUR;a"[R"USUR5 URb"[R"USUR5 URb"[R"USUR5 URb"[R"USUR5 URb#[R"US UR5 gg) z6Set ExtraAttributesOauth2Client fields in the request.Nzazure-ad-groups-mailz@workforcePoolProvider.extraAttributesOauth2Client.attributesTypeazure-ad-groups-idzazure-ad-groups-display-namez:workforcePoolProvider.extraAttributesOauth2Client.clientIdzNworkforcePoolProvider.extraAttributesOauth2Client.clientSecret.value.plainTextz;workforcePoolProvider.extraAttributesOauth2Client.issuerUrizHworkforcePoolProvider.extraAttributesOauth2Client.queryParameters.filter) extra_attributes_type@GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2ClientAttributesTypeValueValuesEnumrrNAZURE_AD_GROUPS_MAILAZURE_AD_GROUPS_IDAZURE_AD_GROUPS_DISPLAY_NAMEextra_attributes_client_id$extra_attributes_client_secret_valueextra_attributes_issuer_uriextra_attributes_filterrrr response_types rrmrmsZ +QQoo!;!;;!!  L  , , !;!; ;!!  L  * * (4+E+E E!!  L  4 4  $$0 D ''  ..: X 11  %%1 E ((  !!- R $$.rc(URbHURRnSUR;a"[R"USUR 5 UR b"[R"USUR 5 URb"[R"USUR5 URb"[R"USUR5 URb#[R"USUR5 gg)z9Set ExtendedAttributesOauth2Client fields in the request.NryzCworkforcePoolProvider.extendedAttributesOauth2Client.attributesTypez=workforcePoolProvider.extendedAttributesOauth2Client.clientIdzQworkforcePoolProvider.extendedAttributesOauth2Client.clientSecret.value.plainTextz>workforcePoolProvider.extendedAttributesOauth2Client.issuerUrizKworkforcePoolProvider.extendedAttributesOauth2Client.queryParameters.filter) extended_attributes_typer{r|rrNr~extended_attributes_client_id'extended_attributes_client_secret_valueextended_attributes_issuer_uriextended_attributes_filterrs rrnrn)s "".QQoot<<<!!  O  * *  ''3 G **  11= [ 44  ((4 H ++  $$0 U ''1rc&/nUR(aURRS5nURb"UR(aURS5 URbURS5 UR bURS5 UR bURS5 URbURS5 URbURS5 U(aSRU5UlU$)zhAdds ExtraAttributesOauth2Client specific fieldmask entries to the update workforcePoolProvider request.,extraAttributesOauth2Clientz*extraAttributesOauth2Client.attributesTypez$extraAttributesOauth2Client.clientIdz8extraAttributesOauth2Client.clientSecret.value.plainTextz%extraAttributesOauth2Client.issuerUriz2extraAttributesOauth2Client.queryParameters.filter) rHsplitrsappendrzrrrrjoin unused_refrr mask_fieldss r!AddExtraAttributesConfigFieldMaskrOs+ $$**3/K ((4  , ,45 +CD $$0=> ..:B %%1>? !!-KL+.G .rc&/nUR(aURRS5nURb"UR(aURS5 URbURS5 UR bURS5 UR bURS5 URbURS5 URbURS5 U(aSRU5UlU$)zkAdds ExtendedAttributesOauth2Client specific fieldmask entries to the update workforcePoolProvider request.rextendedAttributesOauth2Clientz-extendedAttributesOauth2Client.attributesTypez'extendedAttributesOauth2Client.clientIdz;extendedAttributesOauth2Client.clientSecret.value.plainTextz(extendedAttributesOauth2Client.issuerUriz5extendedAttributesOauth2Client.queryParameters.filter) rHrrvrrrrrrrrs r$AddExtendedAttributesConfigFieldMaskrjs+ $$**3/K ++7  / /78 "".FG ''3@A 11=E ((4AB $$0NO+.G .rcAg)zClear the value for a flag.NrS)rs r ClearFlagrs rcZAUR(d[R"USS5 U$)z:Remove the flag from the request when it is not specified. hardDeleteN) hard_deleterrN)rrrs rModifyHardDeleteFlagInRequestrs,     .rcT[R"SSUR5UlU$)zHook to erase the project identifier from the request. Args: unused_ref: The resource reference of the response. unused_args: The arguments of the command. request: The request of the command. Returns: The modified apitools request message. zprojects/[^/]+/z projects/-/)resubrC)rrDrs rEraseProjectHookrs")=',,G', .r)'__doc__rgooglecloudsdk.api_lib.iamrgooglecloudsdk.api_lib.utilrgooglecloudsdk.callioperrr googlecloudsdk.command_lib.iamr$googlecloudsdk.command_lib.util.apisrgooglecloudsdk.corer rr#r(r6r9r>r@rErKrTr\r`rirprtrwrmrnrrrrrrSrrrs( +,/C3:#.    (4),&&/d#L66  r