w `SrSSKJr SSKJr SSKJr SSK J r S/r S/r S/r S rS S jrS rg )z$Helpers for testing IAM permissions.)iam) projects_api)base) exceptionsz cloudkms.cryptoKeys.setIamPolicyz'privateca.certificateAuthorities.createzprivateca.certificates.createch[U5[U5- nU(a[R"X#S9eg)zDRaises an exception if the expected permissions are not all present.)resourcemissing_permissionsN)setrInsufficientPermissionException)actual_permissionsexpected_permissionsrdiffs /lib/googlecloudsdk/command_lib/privateca/iam.py_CheckAllPermissionsr%s8 ! "S);%< <$  4 4 55 Nc[[R"U[5R[S5 U(a5[[ R "U[5R[S5 gg)a!Ensures that the current user has the required permissions to create a CA. Args: project_ref: The project where the new CA will be created. kms_key_ref: optional, The KMS key that will be used by the CA. Raises: InsufficientPermissionException: If the user is missing permissions. projectzKMS keyN)rrTestIamPermissions!_CA_CREATE_PERMISSIONS_ON_PROJECT permissionskms_iamTestCryptoKeyIamPermissions_CA_CREATE_PERMISSIONS_ON_KEY) project_ref kms_key_refs r*CheckCreateCertificateAuthorityPermissionsr.sZ%% 8::E+'4++ 6 88C %y2rc [R"SS9n[R"SS9nURR UR UR 5UR[S9S95n[UR[S5 g)zEnsures that the current user can issue a certificate from the given Pool. Args: issuing_ca_pool_ref: The CA pool that will create the certificate. Raises: InsufficientPermissionException: If the user is missing permissions. v1) api_version)r)rtestIamPermissionsRequestz issuing CAN) privateca_baseGetClientInstanceGetMessagesModuleprojects_locations_caPoolsr:PrivatecaProjectsLocationsCaPoolsTestIamPermissionsRequest RelativeNameTestIamPermissionsRequest*_CERTIFICATE_CREATE_PERMISSIONS_ON_CA_POOLrr)issuing_ca_pool_refclientmessages test_responses r!CheckCreateCertificatePermissionsr-Cs  + + =&  - -$ ?(33FFII&335$,$F$FD%G%FJGH- }00A<Qr)N)__doc__googlecloudsdk.api_lib.cloudkmsrr+googlecloudsdk.api_lib.cloudresourcemanagerr googlecloudsdk.api_lib.privatecarr!$googlecloudsdk.command_lib.privatecarrrr(rrr-rrr4sN+;DC;'! .%! /N-N*52*Qr