$SrSSKJr SSKJr SSKJr SSKJr SSKJr Sr Sr S r S r S r S rS rSrSrSrSrSrSrSrg)z7IAM-related helpers for working with the Cloud KMS API.)absolute_import)division)unicode_literals)base)iam_utilc[R"5n[R"5nUR[R US9nUR RU5$)zFetch the IAM Policy attached to the EkmConfig. Args: ekm_config_name: A string name of the EkmConfig. Returns: An apitools wrapper for the IAM Policy. options_requestedPolicyVersionresource)rGetClientInstanceGetMessagesModule5CloudkmsProjectsLocationsEkmConfigGetIamPolicyRequestr!MAX_LIBRARY_IAM_SUPPORTED_VERSIONprojects_locations_ekmConfig GetIamPolicy)ekm_config_nameclientmessagesreqs *lib/googlecloudsdk/api_lib/cloudkms/iam.pyGetEkmConfigIamPolicyrs[  ! ! #&  # # %(FF%-%O%O G #  , , 9 9# >>c[R"5n[R"5n[RUlU(dSnO SU;aUS- nUR UURXS9S9nURRU5$)asSet the IAM Policy attached to the named EkmConfig to the given policy. If 'policy' has no etag specified, this will BLINDLY OVERWRITE the IAM policy! Args: ekm_config_name: A string name of the EkmConfig. policy: An apitools wrapper for the IAM Policy. update_mask: str, FieldMask represented as comma-separated field names. Returns: The IAM Policy. version,versionpolicy updateMaskr setIamPolicyRequest) rr r rrr5CloudkmsProjectsLocationsEkmConfigSetIamPolicyRequestSetIamPolicyRequestr SetIamPolicy)rr update_maskrrrs rSetEkmConfigIamPolicyr%,s  ! ! #&  # # %(==&. K #:KFF"6671 G 2#  , , 9 9# >>rc[R"5n[U5n[R"UR XAU5 [ XSS9$z@Does an atomic Read-Modify-Write, adding the member to the role. bindings,etagr$)rr rrAddBindingToIamPolicyBindingr%)rmemberrolerrs rAddPolicyBindingToEkmConfigr.JsD  # # %(  1&   !1!164H ? <CloudkmsProjectsLocationsKeyRingsCryptoKeysGetIamPolicyRequestrrr5&projects_locations_keyRings_cryptoKeysr)crypto_key_refrrrs rGetCryptoKeyIamPolicyrDsd  ! ! #&  # # %(OO%-%O%O**, P .#  6 6 C CC HHrc6[R"5n[R"5n[RUlU(dSnO SU;aUS- nUR UR5URXS9S9nURRU5$)a|Set the IAM Policy attached to the named CryptoKey to the given policy. If 'policy' has no etag specified, this will BLINDLY OVERWRITE the IAM policy! Args: crypto_key_ref: A resources.Resource naming the CryptoKey. policy: An apitools wrapper for the IAM Policy. update_mask: str, FieldMask represented as comma-separated field names. Returns: The IAM Policy. rrrr) rr r rrr>CloudkmsProjectsLocationsKeyRingsCryptoKeysSetIamPolicyRequestr5r"rBr#)rCrr$rrrs rSetCryptoKeyIamPolicyrGs  ! ! #&  # # %(==&. K #:KOO**,"6671 P 2#  6 6 C CC HHrc[R"5n[R"5nURUR 5UR US9S9nUR RU5$)z>Return permissions that the caller has on the named CryptoKey.) permissions)r testIamPermissionsRequest)rr r DCloudkmsProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsRequestr5TestIamPermissionsRequestrBTestIamPermissions)rCrIrrrs rTestCryptoKeyIamPermissionsrNsp  ! ! #&  # # %(UU**, ( B B!!C!# V $#  6 6 I I# NNrc[XU4/5$)a8Add an IAM policy binding on the CryptoKey. Does an atomic Read-Modify-Write, adding the member to the role. Args: crypto_key_ref: A resources.Resource naming the CryptoKey. member: Principal to add to the policy binding. role: List of roles to add to the policy binding. Returns: The new IAM Policy. )AddPolicyBindingsToCryptoKey)rCr,r-s rAddPolicyBindingToCryptoKeyrQs &n~6F GGrc[R"5n[U5n[RUlSnUH0upV[R "URX5U5(dM.SnM2 U(a [XSS9$U$)aPAdd IAM policy bindings on the CryptoKey. Does an atomic Read-Modify-Write, adding the members to the roles. Only calls SetIamPolicy if the policy would be different. Args: crypto_key_ref: A resources.Resource naming the CryptoKey. member_roles: List of 2-tuples in the form [(member, role), ...]. Returns: The new IAM Policy. FTr(r)) rr rDrrrr*r+rG)rC member_rolesrrpolicy_was_updatedr,r-s rrPrPsz # # %(  0&==&."lf%%h&6&6MM# O == -rc[U5n[RUl[R"X1U5 [ XSS9$r0)rDrrrr1rG)rCr,r-rs r RemovePolicyBindingFromCryptoKeyrVs;  0&==&. %%fd; / ;;rN)__doc__ __future__rrrgooglecloudsdk.api_lib.cloudkmsrgooglecloudsdk.command_lib.iamrrr%r.r2r8r;r=r?rDrGrNrQrPrVrrr\se>&'03?&?<<<>&><PPI&I< O H <;r