b&SrSSKJr SSKJr SSKJr SSKJr SSKJr SSKJ r SSK J r SS K J r SS KJr SBS jrSBS jrSBS jrSBSjrSBSjrSBSjrSBSjrSBSjrSBSjrSCSjrSBSjrSBSjrSBSjrSrSrSrSBSjr SBSjr!SBS\RDS\#S S4S!jjr$S"r%S#r&S$r'S%r(S&r)S'r*SBS(jr+S)r,SDS*jr-SES+jr.SFS,jr/S-r0S.r1S/r2S0r3S1r4S2r5S3r6S4r7S5r8S6r9S7r:S8r;S9rS<r?SGS=\@S>\@4S?jjrAS@rBSHSAjrCg)Iz$Shared resource arguments and flags.) arg_parsers)base)parser_arguments)concepts) multitype) completers)concept_parsers)presentation_specs) resourcesc DUR"[SU54SSS.UD6 g)Nz data-filePATHz]File path from which to read secret data. Set this to "-" to read the secret data from stdin.metavarhelp add_argument _ArgOrFlagparser positionalkwargss .lib/googlecloudsdk/command_lib/secrets/args.py AddDataFiler s1j) *  c DUR"[SU54SSS.UD6 g)Nzout-filez OUT-FILE-PATHz~File path to which secret data is written. If this flag is not provided secret data will be written to stdout in UTF-8 format.rrrs r AddOutFiler)s2Z( N  rc [RR"S[SU5[ 5SS.UD6R U5 g)NprojectzThe project ID.name resource_spec group_help)r ConceptParser ForResourcerGetProjectResourceSpec AddToParserrs r AddProjectr(2sD++ i ,*,"   F#rc [RR"S[SU5[ 5SR U5S.UD6R U5 g)NlocationzThe location {}.rr#)r r$r%rGetLocationResourceSpecformatr'rpurposerrs r AddLocationr/:sO++ j* -+-#**73   F#rc DUR"[SU54SSS.UD6 g)Nreplication-policy-fileREPLICATION-POLICY-FILEJSON or YAML file to use to read the replication policy. The file must conform to https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets#replication.Set this to "-" to read from stdin.rrrs rAddReplicationPolicyFiler4Bs2*J7' 0  rc DUR"[SU54SSS.UD6 g)N kms-key-name KMS-KEY-NAMEyGlobal KMS key with which to encrypt and decrypt the secret. Only valid for secrets with an automatic replication policy.rrrs r AddKmsKeyNamer9Ns2, F  rc DUR"[SU54SSS.UD6 g)N set-kms-key SET-KMS-KEYENew KMS key with which to encrypt and decrypt future secret versions.rrrs rAddSetKmsKeyNamer>Ws/ + Q   rc DUR"[SU54SSS.UD6 g)N remove-cmek store_truetRemove customer managed encryption key so that future versions will be encrypted by a Google managed encryption key.actionrrrs r AddRemoveCmekrEas1 +  =   rc DUR"[SU54SSS.UD6 g)Nr*REPLICA-LOCATIONdLocation of replica to update. For secrets with automatic replication policies, this can be omitted.rrrs rAddReplicaLocationrIks1Z(  9  rNc UcSRU5n[RR"S[ SU5[ 5US.UD6R U5 g)a)Add secret resource argument to the parser. Args: parser: The parser to add the argument to. purpose: The purpose of the secret, used to generate the help text. positional: Whether the argument is positional. help_text: The help text to use for the argument. **kwargs: Extra arguments. NzThe secret {}.secretrr#)r,r r$r%rGetSecretResourceSpecr')rr.r help_textrs r AddSecretrNts\ ''0I++ h +)+   Krc [RR"S[SU5[ 5SR U5S.UD6R U5 g)NversionzNumeric secret version {}.rr#r r$r%rGetVersionResourceSpecr,r'r-s r AddVersionrSsO++ i ,*,.66w?   F#rc [RR"S[SU5[ 5SR U5S.UD6R U5 g)NrPz_Numeric secret version {} or a configured alias (including 'latest' to use the latest version).rr#rQr-s rAddVersionOrAliasrUsM++ i ,*, mw     F#rc UR"[SU54S[R"5[RSS.UD6 g)NtopicsTOPICSz2List of Pub/Sub topics to configure on the secret.rtyperDr)rrrArgList UpdateActionrs r AddTopicsr]sD:&     % % @   rcRURSSS9nUR[SS5S[R"5[R SS9 UR[S S5S [R"5[R S S9 UR[S S5S SS9 g)z2Add flags for specifying topics on secret updates.TzTopics.mutexrz add-topicsFz ADD-TOPICSz,List of Pub/Sub topics to add to the secret.rYz remove-topicsz REMOVE-TOPICSz1List of Pub/Sub topics to remove from the secret.z clear-topicsrAz)Clear all Pub/Sub topics from the secret.rCN) add_grouprrrr[r\rgroups rAddUpdateTopicsGrouprds   I  6%u%     % % : = %(     % % ? B '  7:rc  URSSS9nUR[SS5SSS9 URS S 9nUR[S S5S S S9 UR[SS5S[R"SSS9S9 g)z4Add flags for specifying replication policy updates.TzReplication update.r_r@FrArBrCz CMEK Update.rr;r<r=rr*rGrHzThis flag is not available in this universe. Specifying a location for replica updates is only for user-managed multi-replication, which is not supported.default universe_helpN)rarrrUniverseHelpTextrrcsubgroups rAddUpdateReplicationGrouprms   ,A  B%&  = ? __._ 1( & Q   U#  ' '<< rc URSSS9nUR[SS5S[R"SSS 9S 9 URS S 9nUR[S S5S[R"SSS 9S 9 UR[SS5SSS 9 UR[SS5[R S[R "5[R"SSS 9S9 g)z?Add flags for specifying replication policy on secret creation.TzReplication policy.r_r1Fr2r3zWThis flag is not available in this universe. User-managed replication is not supported.rgrzInline replication arguments.rfzreplication-policyPOLICYzThe type of replication policy to apply to this secret. Allowed values are "automatic" and "user-managed". If user-managed then --locations must also be provided.zThe type of replication policy to apply to this secret. In this universe, only "automatic" is supported. User-managed replication is not available.r6r7r8 locationsLOCATIONzKComma-separated list of locations in which the secret should be replicated.)rDrrZrN)rarrrrjr\r[rks rAddCreateReplicationPolicyGrouprrs   ,A  B%*E2'  ' '4F    __"A_ B( %u-  ' 'J&     ' FH  e$  % %     ' '+F    rc lUR"[SU54S[R"5SS.UD6 g)z?Add flags for specifying version destroy ttl on secret creates.version-destroy-ttlVERSION-DESTROY-TTLa8Secret Version Time To Live (TTL) after destruction request. For secret with TTL>0, version destruction does not happen immediately on calling destroy; instead, the version goes to a disabled state and destruction happens after the TTL expires. See `$ gcloud topic datetimes` for information on duration formats.rrZrN)rrrDurationrs rAddCreateVersionDestroyTTLrx s?& 3 #    ! P   rc URSSS9nUR"[SU54S[R"5SS.UD6 UR"[SS 54S S S .UD6 g )z?Add flags for specifying version destroy ttl on secret updates.TzVersion destroy ttl.r_rtrua)Secret Version TTL after destruction request. For secret with TTL>0, version destruction does not happen immediately on calling destroy; instead, the version goes to a disabled state and destruction happens after the TTL expires. See `$ gcloud topic datetimes` for information on duration formats.rvzremove-version-destroy-ttlFrAz8If set, removes the version destroy TTL from the secret.rCN)rarrrrwrrrrcs rAddUpdateVersionDestroyTTLr{s   ,B  C%& 3 #    ! P   -u5  E  rrrreturnc URSSS9nUR"[SU54SSS.UD6 UR"[SS 54S S S .UD6 g )zAdd flags for specifying regional cmek on secret updates. Args: parser: Given argument parser. positional : Whether the argument is positional. **kwargs: Extra arguments. Tzregional kms key.r_regional-kms-key-namezREGIONAL-KMS-KEY-NAMEz*regional kms key name for regional secret.rzremove-regional-kms-key-nameFrAz%If set, removes the regional kms key.rCNrarrrzs rAddUpdateRegionalKmsKeyr4sx   ,?  @%(*5% 7   /7  2  rcURSSS9nUR[SS5SSS9 UR[S S5S S S9 g ) z6Add flags for specifying expiration on secret creates.T Expiration.r_ expire-timeF EXPIRE-TIME6Timestamp at which to automatically delete the secret.rttlTTLhDuration of time (in seconds) from the running of the command until the secret is automatically deleted.Nrrbs rAddCreateExpirationGrouprOsd   M  :%& DG 1 3rcURSSS9nUR[SS5SSS9 UR[S S5S S S9 UR[S S5S SS9 g)z7Add flags for specifying expiration on secret updates..Trr_rFrrrrrrzremove-expirationrAzAIf set, removes scheduled expiration from secret (if it had one).rCNrrbs rAddUpdateExpirationGroupr_s   M  :%& DG 1 3 $e,  M PrcURSSS9nUR[SS5SS9 UR[SS5SS9 g ) z4Add flags for specifying rotation on secret creates.F Rotation.r_next-rotation-time1Timestamp at which to send rotation notification.rfrotation-period=Duration of time (in seconds) between rotation notifications.Nrrbs rAddCreateRotationGrouprts_   [  9%%u- ?B"E* KNrc.URSSS9nUR[SS5SS9 UR[SS5SS S 9 UR[S S5S S9 UR[S S5SSS 9 UR[SS5SSS 9 g)z5Add flags for specifying rotation on secret updates..Frr_rrrfzremove-next-rotation-timerAz8Remove timestamp at which to send rotation notification.rCrrzremove-rotation-periodzVIf set, removes the rotation period, cancelling all rotations except for the next one.zremove-rotation-schedulez.If set, removes rotation policy from a secret.Nrrbs rAddUpdateRotationGrouprs   [  9%%u- ?B,e4  FI"E* KN)51  %  +U3  <?rcTUR[SS5SSRUS9S9 g)z0Add flag for specifying the current secret etag.etagFETAGzCurrent entity tag (ETag) of the secret. If specified, the secret is {action} only if the ETag provided matches the current secret's ETag.rDrNrrr,rrDs r AddSecretEtagrs5  frcTUR[SS5SSRUS9S9 g)z8Add flag for specifying the current secret version etag.rFrzCurrent entity tag (ETag) of the secret version. If specified, the version is {action} only if the ETag provided matches the current version's ETag.rrNrrs rAddVersionEtagrs5  frc DUR"[SU54SSS.UD6 g)z2Add flag for specifying the regional KMS key name.r~r7z_Regional KMS key with which to encrypt and decrypt the secret. Only valid for regional secrets.rNrrs rAddRegionalKmsKeyNamers2(*5 (  rcrU(a UR5RSS5$SRU5$)zReturns the argument name in resource argument format or flag format. Args: name (str): name of the argument positional (bool): whether the argument is positional Returns: arg (str): the argument or flag -_z--{})upperreplacer,)r rs rrrs/ ::<  S )) t rc [R"S[5[54SS0UD6n[R "[ R"SUUSSS9/5RU5 g)aAdds a secret resource. Secret resource can be global secret or regional secret. If command has "--location" then regional secret will be created or else global secret will be created. Regionl secret - projects//locations//secrets/ Global secret - projects//secrets/ Args: parser: given argument parser purpose: help text **kwargs: extra arguments zglobal or regional secretallow_inactiveTrKrequiredhiddenN) rMultitypeResourceSpecrLGetRegionalSecretResourceSpecr r$r !MultitypeResourcePresentationSpecr')rr.rsecret_or_region_secret_specs rAddGlobalOrRegionalSecretrsv"+!@!@!#%" "  "::  &  ![rc [R"S[5[54SS0UD6n[R "[ R"SUUSSS9/5RU5 g)zwAdds a version resource. Args: parser: given argument parser purpose: help text **kwargs: extra arguments !global or regional secret versionrTrPrN rrrRGetRegionalVersionResourceSpecr r$r rr'rr.rglobal_or_region_version_specs rAddGlobalOrRegionalVersionrsv#,"A"A)$&# #  #::  '  ![rc [R"S[5[54SS0UD6n[R "[ R"SUUSSS9/5RU5 g)zAdds a version resource or alias. Args: parser: given argument parser purpose: help text **kwargs: extra arguments rrTrPrNrrs r!AddGlobalOrRegionalVersionOrAliasr sv#,"A"A)$&# #  #::  '  ![rc"[R$)N)r DEFAULT_PROJECT_ATTRIBUTE_CONFIGr#rrGetProjectAttributeConfigr+s  2 22rc4[R"SSSS0SS9$)Nr*zThe location of the {resource}. fieldMaskr r rMcompletion_request_paramscompletion_id_fieldr ResourceParameterAttributeConfigr#rrGetLocationAttributeConfigr/s&  2 2 1!,f 5  ""rc4[R"SSSS0SS9$)z3Returns the attribute config for location resource.r*z.[EXPERIMENTAL] The location of the {resource}.rr rrr#rr"GetLocationResourceAttributeConfigr7s&  2 2  :!,f 5  rcJ[R"SS[RS9$)NrKThe secret of the {resource}.r rM completerrrsecrets_completersSecretsCompleterr#rrGetSecretAttributeConfigrCs$  2 2 /"33 55rcJ[R"SS[RS9$)z1Returns the attribute config for regional secret.rKrrrr#rr GetRegionalSecretAttributeConfigrJs$  2 2 /"33 rc4[R"SSSS0SS9$)NrPThe version of the {resource}.rr rrr#rrGetVersionAttributeConfigrSs&  2 2 0!,f 5  ""rc4[R"SSSS0SS9$)z9Returns the attribute config for regional secret version.rPrrr rrr#rr!GetRegionalVersionAttributeConfigr[s&  2 2 0!,f 5  rcB[R"SSSS[5S9$)Nzsecretmanager.projectsrprojectsF)resource_collection resource_name plural_namedisable_auto_completers projectsId)r ResourceSpecrr#rrr&r&hs'   2#*,  ..rc T[R"SSSS[5[5S9$)Nz secretmanager.projects.locationsr*rpF)rrrr locationsIdr)rrrrr#rrr+r+qs-   <#,.*,  ..rc T[R"SSSS[5[5S9$)Nsecretmanager.projects.secretsrKsecretsF)rrrr secretsIdr)rrrrr#rrrLrL{s-   :#(**,  ..rc f[R"SSSS[5[5[ 5S9$)N'secretmanager.projects.secrets.versionsrPF)rrr versionsIdrr)rrrrrr#rrrRrRs3   /#*,(**, ..rc f[R"SSSS[5[5[ 5S9$)z.Returns the resource spec for regional secret.z(secretmanager.projects.locations.secretszregional secretrF)rrrrrrr)rrrrrr#rrrrs3   D%#02*,46 rc x[R"SSSS[5[5[ 5[ 5S9$)z6Returns the resource spec for regional secret version.1secretmanager.projects.locations.secrets.versionszregional versionrPF)rrrrrrrr)rrrrrrr#rrrrs9   M&#2402*,46  rc>[RRUSS9$)Nr collectionr REGISTRYParserefs rParseSecretRefrs&    ! ! 6 " rc>[RRUSS9$)Nrrrrs rParseVersionRefrs&    ! ! ? " rc>[RRUSS9$)zParses regional section version into 'secretmanager.projects.locations.secrets.versions' format . Args: ref: resource name of regional secret version. Returns: Parsed secret version. rrrrs rParseRegionalVersionRefrs(    ! ! I " rr api_versionc^^UU4SjnU$)a-Returns a function which turns a resource into a uri. Example: class List(base.ListCommand): def GetUriFunc(self): return MakeGetUriFunc(self) Args: collection: A command instance. api_version: api_version to be displayed. Returns: A function which can be returned in GetUriFunc. c>[RR5nURST5 UR UR TS9nUR 5$)N secretmanagerr)r rCloneRegisterApiByNamerr SelfLink)resourceregistryparsedrrs r_GetUriMakeGetUriFunc.._GetUrisJ!!'')H  < ^^HMMj^ AF ?? rr#)rrrs`` rMakeGetUriFuncrs  .rc /SQn[R"SS[R"5[RSR U5S9$)z(Makes the base.Argument for --tags flag.)z%List of tags KEY=VALUE pairs to bind.zEach item must be expressed asz4`=`. z?Example: `123/environment=production,123/costCenter=marketing` z--tagsz KEY=VALUE rY)rArgumentrArgDictr\join) help_partss r GetTagsArgrsC*      % % 99Z  rc [X5nU(dgU"[UR55VVs/sHupEURXES9PM snnS9$s snnf)zMakes the tags message object.N)keyvalue)additionalProperties)getattrsorteditemsAdditionalProperty)args tags_message tags_arg_nametagsr r s rGetTagsFromArgsrsZ  %$  tzz|,,.,*#%%#%;,,. //,.sA )F)FN)zcreate a secret)zcreate a version)zcreate a version alias)v1)r)D__doc__googlecloudsdk.callioperrr googlecloudsdk.calliope.conceptsrr"googlecloudsdk.command_lib.secretsrr(googlecloudsdk.command_lib.util.conceptsr r googlecloudsdk.corer rrr(r/r4r9r>rErIrNrSrUr]rdrmrrrxr{ArgumentInterceptorboolrrrrrrrrrrrrrrrrrrrr&r+rLrRrrrrrstrrrrr#rrr!sZ+0(456ODG) $$ ($$:,B- `"4  0 0 6 3 P* N?6    B8-@3" 5"....  "  s2"/r