SrSSKJr SSKJr SSKJr SSKrSSKrSSKrSSKJ r SSKJ r SSK J r SS K Jr SS KJr SS KJr SS KJr SS KJr SSKJr SSKJr SSKJr SSKJr SSKJr SSKJ r SSK!J"r" SSK!J#r# SSK!J r$ SSK%J&r& SSK'J(r( SSK)J*r+ SSK,J*r- SSK.J/r/ SSK.J r SSK.J0r0 SSK.J1r1 SSK.J2r2 SSK.J3r3 SSK.J4r4 SSK5J6r6 SSK7J r8 SSK9r9Sr:S r;S!rS$r?S%r@S&rAS'rBS(rCS)rDS*rES+rFS,rGS-rHS.rIS/rJS0rK\L"1S1k5rM\D\E4rN\D\F4rO\D\F4rP\G\I\H4rQ\G\I\H4rR\G\I\H4rSS2rTS3S4S5S6S7.rUS4S5S8S9.rV"S:S;\R5rX"S<S=\R5rZ"S>S?\ R5r\"S@SA\ R5r]"SBSC\ R5r^"SDSE\_5r`SSFjraSGrbSHrcSIrdSJreSKrfSLrgSMrhSSNjriSSOjrjSSPjrkSSQjrlSRrm\C4SSjrnSSTjroSUrpSVrqSWrrSXrsSYrtSZruS[rvS\rwS]rx\C4S^jry\C4S_jrzS`r{SSajr|Sbr}Scr~SSSSdS4SejrSfrSgrShrSirSjrSkrSlrSSmjrSSnjrSorSSpjrSqrSrrSSsjrStrSurSvrSSwjrSxrSyrSzrS{rS|rS}rS~rSrg)z?Utilities for running Daisy builds on Google Container Builder.)absolute_import)division)unicode_literalsN)encoding) exceptions) HttpError)HttpNotFoundError)cloudbuild_util)logs) projects_api)instance_utils)utils) enable_api) storage_api) storage_util)apis) arg_parsers)base) docker_util) execution)util)config)execution_utils)log) properties)requests) resources) console_ioz4gcr.io/{gcp_project}/{executable}:{docker_image_tag}zN{region}-docker.pkg.dev/{gcp_project}/wrappers/{executable}:{docker_image_tag}zcompute-image-importzcompute-image-toolsgce_vm_image_importgce_vm_image_exportgce_ovf_importgce_windows_upgradegce_onestep_image_importreleasezroles/compute.storageAdminzroles/storage.objectViewerzroles/storage.objectAdminzroles/compute.adminzroles/iam.serviceAccountUserz$roles/iam.serviceAccountTokenCreatorzroles/storage.adminz roles/editor>storage.buckets.getstorage.objects.getstorage.buckets.liststorage.objects.createstorage.objects.delete) asia-east1asia-northeast1zasia-southeast1zaustralia-southeast1z europe-west1z europe-west2z europe-west3 europe-west4z europe-west6znorthamerica-northeast1zsouthamerica-east1 us-central1zus-east1zus-east4zus-west1europer-r,r+)eunam4eur4asia1r*)usr.asiac\rSrSrSrSrSrg)FilteredLogTailerz3Subclass of GCSLogTailer that allows for filtering.cUR(aaUR5nUHJnURH7nURU5(dMURR U5 MH ML gURR U5 g)z0Override PrintLogLine method to use self.filter.N)filter splitlines startswithoutPrint)selftext output_lineslinematchs 1lib/googlecloudsdk/api_lib/compute/daisy_utils.py _PrintLogLineFilteredLogTailer._PrintLogLinesa {{__&l$[[E __U # # HHNN4 !  hhnnTN)__name__ __module__ __qualname____firstlineno____doc__rD__static_attributes__rGrFrCr6r6s ; rFr6c"\rSrSrSrSSjrSrg)CloudBuildClientWithFilteringz3Subclass of CloudBuildClient that allows filtering.NcHURU5n[RU5nX5lURR R nURUR/nU"S5nSn Sn URU;a]U (aUR5 [&R("U5 URU5nX- n U"U 5nURU;aM]U (aURSS9 U$U$![RaOn [R"SR[ R""U R$555 Sn Sn A NSn A ff=f![R*aNn [R"SR[ R""U R$555 Sn A U$Sn A f[RaNn [R"SR[ R""U R$555 Sn A U$Sn A ff=f)aStream the logs for a build using allowlist filter. Args: build_ref: Build reference, The build whose logs shall be streamed. backoff: A function that takes the current elapsed time and returns the next sleep length. Both are in seconds. output_filter: List of strings, The output will only be shown if the line starts with one of the strings in the list. Raises: NoLogsBucketException: If the build does not specify a logsBucket. Returns: Build message, The completed or terminated build as read for the final poll. rTzDFailed to fetch cloud build logs: {}. Waiting for build to complete.FN)is_lastz%Failed to fetch cloud build logs: {}.)GetBuildr6 FromBuildr9messagesBuildStatusValueValuesEnumQUEUEDWORKINGstatusPollapitools_exceptionsrrwarningformat encoding_utilDecodecontenttimesleepCommunicationError) r> build_refbackoff output_filterbuild log_tailerstatusesworking_statusesseconds_between_pollseconds_elapsedpoll_build_logses rCStreamWithFilter.CloudBuildClientWithFiltering.StreamWithFilters" MM) $E",,U3J%}}""88H #1:OO ,,* *  " //  jj%&mmI&e-o$_5 ,,* *(  % L5L?#,, " ++!6-"6"6qyy"AB "/  "&! 3 3  3 : :$$QYY/    L ! * *  3 : :$$QYY/   L  s? C9&E9E AEEH!3AF<<H!AHH!rGN)rHrIrJrKrLrprMrGrFrCrOrOs ;ArFrOc,^\rSrSrSrU4SjrSrU=r$)FailedBuildExceptionz*Exception for builds that did not succeed.cp>[[U] SRURUR S95 g)Nz+build {id} completed with status "{status}")idrZ)superrt__init__r^rwrZ)r>rh __class__s rCryFailedBuildException.__init__s7  FMM%,,N01rFrG)rHrIrJrKrLryrM __classcell__)rzs@rCrtrts211rFrtc\rSrSrSrSrg)SubnetExceptioniz$Exception for subnet related errors.rGNrHrIrJrKrLrMrGrFrCr~r~s,rFr~c\rSrSrSrSrg)DaisyBucketCreationExceptioniz,Exception for Daisy creation related errors.rGNrrGrFrCrrs4rFrc \rSrSrSrSrSrSrg)ImageOperationi z"Enum representing image operation.importexportrGN)rHrIrJrKrLIMPORTEXPORTrMrGrFrCrr s* & &rFrc [R"U5n/SQnUHn[R"URU5(aM+SR U5n[ R"USSS9n U (a#[R"URU5 M|[R"SR U55 M SR UR5n U(aSR U5n S R UR5n U(aSR U5n [R"U5n [X5n [!UU U ["5 [%UU U ['U55 [X5n[(U;a[%X UU5 g g ![Ra) [R"S R XX55 g f=f) aCheck for needed IAM permissions and prompt to add if missing. Args: project_id: A string with the id of the project. cloudbuild_service_account_roles: A set of roles required for cloudbuild service account. compute_service_account_roles: A set of roles required for compute service account. custom_cloudbuild_service_account: Custom cloudbuild service account custom_compute_service_account: Custom compute service account )zcloudbuild.googleapis.comzlogging.googleapis.comzcompute.googleapis.comzVThe "{0}" service is not enabled for this project. It is required for this operation. z&Would you like to enable this service?T)throw_if_unattendedzIf import fails, manually enable {0} before retrying. For instructions on enabling services, see https://cloud.google.com/service-usage/docs/enable-disable.z1serviceAccount:{0}@cloudbuild.gserviceaccount.comzserviceAccount:{0}z8serviceAccount:{0}-compute@developer.gserviceaccount.comzYour account does not have permission to check roles for the service account {0}. If import fails, ensure "{0}" has the roles "{1}" and "{2}" has the roles "{3}" before retrying.N)r Get services_apiIsServiceEnabled projectIdr^rPromptContinue EnableServicerr] projectNumber GetIamPolicyr\HttpForbiddenError_CurrentRolesForAccount#_VerifyCloudBuildStoragePermissionsCLOUD_BUILD_STORAGE_PERMISSIONS_VerifyRolesAndPromptIfMissing frozenset ROLE_EDITOR) project_id cloudbuild_service_account_rolescompute_service_account_roles!custom_cloudbuild_service_accountcustom_compute_service_accountprojectexpected_services service_nameprompt_messageenable_service build_accountcompute_accountpolicy current_cloudbuild_account_rolescurrent_compute_account_roless rC_CheckIamPermissionsrs$   Z ('1'l  ( ():):L I I 128&2F"00  2"$n ""7#4#4lC  JVL !  #(&FLL -&(//)M AGG   !$*11&(O   & &z 2F&= &"&&% !&01 #: # 55"%B%'6G  / / KK F=*K L   s)F:GGc`[X#5nU(dg[n[ U5Vs/sHnSR Xa5PM nnSR SR U55n[R"USR U5SS9n U (dg[R"SR X55 [R"XU5 g![Ra UnNf=fs snf![Ra( [R"S R X55 gf=f) a0Check for IAM permissions for an account and prompt to add if missing. Args: project_id: A string with the id of the project. account: A string with the identifier of an account. applied_roles: A set of strings containing the current roles for the account. required_storage_permissions: A set of strings containing the required storage permissions for the account. If a permissions isn't found, then the user is prompted to add these permissions in a custom role manually or accept adding the storage administrator role automatically. N{0} {1}CThe following IAM permissions are needed for this operation: [{0}]  zYou can add the cloud build service account to a custom role with these permissions or to the predefined role: {0}. Would you like to add it to {0}Tmessage prompt_stringrAdding [{0}] to [{1}]Your account does not have permission to add roles to the service account {0}. If import fails, ensure "{0}" has the roles "{1}" before retrying.)_FindMissingStoragePermissionsr\rROLE_STORAGE_ADMINsortedr^joinrrrinfor AddIamPolicyBindingr]) raccount applied_rolesrequired_storage_permissionsmissing_storage_permissionstorage_admin_role permissionep_tableradd_storage_admins rCrrts-$>!?" $ )9::*z+:  tyy*+!// !6"45  (( " ) )' FG  $$Z:LM=  / />!=>.  / / KK <>Df?'(   s( C C+1C0 C('C(09D-,D-cURU5(ag[R"SS5n0n[5n[5n[5n[ U5HjnUR US9n[[R "SS5RRU5R5n XU'URU 5nMl [ U5Hfn UR U S9n[[R "SS5RRU5R5n URU 5nMh XE- n UH.nU RX75(dMURU5 M0 U$)a%Check which required roles were not covered by given roles. Args: applied_roles: A set of strings containing the current roles for the account. required_roles: A set of strings containing the required roles for the account. Returns: A set of missing roles that is not covered. Nrrr) issubsetrrrrrrrrrr intersectionadd) rrrrequired_role_permissionsrequired_permissionsrunsatisfied_rolesrrrole_permissionsrrunsatisfied_permissionss rCrrs\]++ ''t4, e^$d--4-8G411 tU33w<(;(;=&6d#/556FG %]+l--<-@G"4#9#9 t$U33w<(;(; =-33 " ,1Fd++,E,KLLD! rFcB^[U4SjUR55$)zReturns a set containing the roles for `account`. Args: project_iam_policy: The response from GetIamPolicy. account: A string with the identifier of an account. c3`># UH#nTUR;dMURv M% g7frr)membersr).0bindingrs rC *_CurrentRolesForAccount../s* ,77??*W\\7s..)rbindings)project_iam_policyrs `rCrr(s%  ,.77 , ,,rFc[R"SR[U555 URR UR U[RRRR5S95n[R"UR5n[R"UR U5R"n[$R&R SUR(UR*S9n[R,"U5 UR.(a;[R0R3SRUR.55 XV4$[R0R3S5 XV4$)aCreate a build in cloud build. Args: build_config: A cloud build Build message. client: The cloud build api client. messages: The cloud build api messages module. Returns: Tuple containing a cloud build build object and the resource reference for that build. submitting build: {0})rhrzcloudbuild.projects.builds) collectionrrwLogs are available at [{0}].(Logs are available in the Cloud Console.)rdebugr^reprprojects_buildsCreate%CloudbuildProjectsBuildsCreateRequestrVALUEScorerrr MessageToJsonmetadata JsonToMessageBuildOperationMetadatarhrREGISTRYrrwCreatedResourcelogUrlrZr=) build_configclientrUopjsonrhres rC_CreateCloudBuildr4s.)) # * *4 += >? $$44 (9(9(>(>(F(F(J(J(L5NO"    ,$  !@!@$ G M M%  ''- () i  \\JJ3::5<<HI  JJ?@  rFc [R"SR[U555 [R R S[RRRR5US9nURR UR[RRRR5UR5US95n[ R""UR$5n[ R&"UR(U5R*n[R R-SSSUR.UUR0S.S 9n[R2"U5 UR4(a;[R6R9S RUR455 Xx4$[R6R9S 5 Xx4$) aACreate a regional build in Cloud Build. Args: build_config: A cloud build Build message. client: The cloud build api client. messages: The cloud build api messages module. build_region: region to which build in Returns: Tuple containing a cloud build build object and the resource reference for that build. rzcloudbuild.projects.locations)r projectsId locationsId)rparentrhNz$cloudbuild.projects.locations.buildsr)rrbuildsId)r api_versionparamsrr)rrr^rrrrrrrr GetOrFailprojects_locations_builds.CloudbuildProjectsLocationsBuildsCreateRequestr RelativeNamerrrrrrhParserrwrrrZr=) rrrU build_regionparent_resourcerrrhres rC_CreateRegionalCloudBuildrVs)) # * *4 += >?&&--0""''//99;. / ''..==%%**22668 --/|>EF"    ,$  !@!@$ G M M%  && 7%hh ' )i  \\JJ3::5<<HI  JJ?@  rFc6[RRRR 5nUR SS5nUR SS5nSR U5nU(aSR X@5R5n[XA5nU$)zDetermine bucket name for daisy. Args: bucket_location: str, specified bucket location. add_random_suffix: bool, specifies if a random suffix must be generated. Returns: str, bucket name for daisy. :-.z {0}-daisy-bktz{0}-{1}) rrrrrreplacer^lower_GetSafeBucketName)bucket_locationadd_random_suffixr safe_project bucket_namesafe_bucket_names rCGetDaisyBucketNamers    " " * * 4 4 6'c*,%%c3/,&&|4+"";@FFHK' G rFcx^[RmSSRU4Sj[US- 555-$)zGenerates a random bucket suffix of a predefined length. Args: suffix_len: int, the length of the generated suffix. Returns: str, generated suffix in the format '-xxxxxx...' rc3P># UHn[R"T5v M g7frr)randomchoice)riletterss rCr._GenerateRandomBucketSuffix..sM7L!v}}W--7Ls#&)stringascii_lowercaserrange) suffix_lenr#s @rC_GenerateRandomBucketSuffixr*s3  " "' rwwMuZ!^7LMM MMrFcURSS5nU(a[5nURSS5nOSnUSSRSS5USS-nS[U5- n[U5U:aUSUnX-$) zUpdates bucket name to meet https://cloud.google.com/storage/docs/naming. Args: bucket_name: str, input bucket name. add_random_suffix: bool, if specified a random suffix is added to its name. Returns: str, safe bucket name. googlezgo-oglerNgoogzgo-og?)rr*len)rrsuffixmax_lens rCrrs##Hi8+ ( *F ^^Hi 0F FBQ''8;qr?J+ V 'hw'K  rFc j[U5nURUUUUS9 U$![Ra Sn[ S5Hn[USS9nURUUUUS9 SnUn Oa![ R a2n[SRU[R"U5S95eSnAf[Ra Mf=f U(d[S RU55eU$[ R a2n[SRU[R"U5S95eSnAff=f) a|Creates Daisy bucket in current project. Args: bucket_location: str, specified bucket location. storage_client: storage client enable_uniform_level_access: bool, to enable uniform bucket level access. soft_delete_duration: int, the soft delete duration in seconds. Returns: str, Daisy bucket. Raises: DaisyBucketCreationException: if unable to create Daisy Bucket. )locationenable_uniform_level_accesssoft_delete_durationF T)rz8Unable to create a temporary bucket [{bucket_name}]: {e})rroNznUnable to create a temporary bucket `{0}` needed for the operation to proceed as it exists in another project.) rCreateBucketIfNotExistsrBucketInWrongProjectErrorr(r\rrr^http_exc HttpException) rstorage_clientr5r6r"bucket_in_project_created_or_found_randomized_bucket_nameerrs rCCreateDaisyBucketInProjectrAs(#?3++E** $?1 +V K  . . */& 2Y1/DH J.. "$(C!5 / .2*,  ! * *I* F M M'8+A+A#+F N HI I 2 2   * . ( 8 6+    .   & &E &BII#x'='=c'B J D EEEsK!.D2A("D2(C<-B))CD2C&D2-D2-D--D2c[RRRR 5(aF[ R "[RRRR 55$[RRRR 5(a2[RRRR 5$[S5e)zGets region from global properties/args that should be used for subnet arg. Returns: str, region Raises: SubnetException: if region couldn't be inferred. z#Region or zone should be specified.) rrcomputezonerrZoneNameToRegionNameregionr~rGrFrCGetSubnetRegionrG s##''))  % %j&7&7&?&?&D&D&H&H&J KK  ''++--    $ $ + + / / 11=>>rFc A[US[R5 [[U5n[ [ UU5n[XXU[[US9$)aRun a build over gce_vm_image_import on Google Cloud Builder. Args: args: An argparse namespace. All the arguments that were provided to this command invocation. import_args: A list of key-value pairs to pass to importer. tags: A list of strings for adding tags to the Argo build. output_filter: A list of strings indicating what lines from the log should be output. Only lines that start with one of the strings in output_filter will be displayed. release_track: release track of the command used. One of - "alpha", "beta" or "ga" docker_image_tag: Specified docker image tag. Returns: A build object that either streams the output or is displayed as a link to the build. Raises: FailedBuildException: If the build is completed and not 'SUCCESS'. client_versionr ) AppendArgrCLOUD_SDK_VERSION_GetBuilderRegion_GetImageImportRegion _GetBuilder _IMAGE_IMPORT_BUILDER_EXECUTABLERunImageCloudBuild+IMPORT_ROLES_FOR_CLOUDBUILD_SERVICE_ACCOUNT(IMPORT_ROLES_FOR_COMPUTE_SERVICE_ACCOUNTargs import_argstagsrg release_trackdocker_image_tagbuilder_regionbuilders rCRunImageImportr\V8 K)6+C+CD$%:DA. 8:J& (' D;mGD)7 99rFcZU(a U"U5nOU"5nU[;a [UnU$)zReturns a region to run a Cloud build in. Args: region_getter: function that returns a region to run build in args: args for region_getter Returns: Cloud Build region )GCS_TO_AR_REGIONS) region_getterrUrFs rCrMrMAs0 4 F _F   v &F -rFcNU(a[XU5nU(aU$[UUS9$)aReturns a path to a builder Docker images. If a region can be determined from region_getter and if regionalized builder repos are enabled, a regionalized builder is returned. Otherwise, the default builder is returned. Args: executable: name of builder executable to run docker_image_tag: tag for Docker builder images (e.g. 'release') builder_region: region for the builder Returns: str: a path to a builder Docker images. ) executablerY)GetRegionalizedBuilderGetDefaultBuilder)rbrYrZregionalized_builders rCrOrOSs31*2BD !! j,< >>rFcU(dg[U5n[X0X5nU(aU$U[:Xag[n[XPX5nU(aU$g)aReturn Docker image path for regionalized builder wrapper. Args: executable: name of builder executable to run region: GCS region for the builder docker_image_tag: tag for Docker builder images (e.g. 'release') Returns: str: path to Docker images for regionalized builder. r)GetGcpProjectNameGetRegionalisedBuilderIfExists!_COMPUTE_IMAGE_TOOLS_PROJECT_NAME)rbrFrY gcp_projectrefallback_project_namefallback_regionalized_builders rCrcrcksb  "*-+7v9 55 ;"@#C# (( rFcT[RUUUUS9n[U5(aU$g)aReturn Docker image path for regionalized builder wrapper if exist. Args: gcp_project: Artifact Registry's GCP project name. executable: name of builder executable to run region: GCS region for the builder docker_image_tag: tag for Docker builder images (e.g. 'release') Returns: str: Docker image path for regionalized builder wrapper if exist, otherwise return empty string. )rjrbrFrYr)$_REGIONALIZED_BUILDER_DOCKER_PATTERNr^IsArtifactRegistryImageExist)rjrbrFrYres rCrhrhs>>DD ' E) ""677  rFc[U5nSn[n[URUUUS95(a[RUUUS9$[RUUUS9$)zReturn Docker image path for GCR builder wrapper. Args: executable: name of builder executable to run docker_image_tag: tag for Docker builder images (e.g. 'release') Returns: str: path to Docker images for GCR builder. z2.4.,,/-a'- rFc[$rr)_DEFAULT_BUILDER_VERSIONrGrFrCGetDefaultBuilderVersionrs !!rFcg)Nr%rGelapseds rCrs1rFc[R"5n[R"5n U RU R U[ U5S9/USR UR5S9n U(a[RRUR5n [U S5(a,SR U RU R5U lO SR U R5U l[US5(aUR (ayU R(d["R$"SS 5eS R [&R(R*R,R/5UR 5U lU(aU[2;a [2UnU(aU[4;a[7XU U5upO[9XU 5upUR:(aU $[<R>"[<R@"XU 55n[BRD"U5 [GX5RIXUS 9n S S S 5 U RJU RRLRN:Xa[PRJRSS 5 U RJU RRLRT:wa [WU 5eU $!,(df  N=f)auRun a build with a specific builder on Google Cloud Builder. Args: args: an argparse namespace. All the arguments that were provided to this command invocation. builder: A paths to builder Docker image. build_args: args to be sent to builder build_tags: tags to be attached to the build output_filter: A list of strings indicating what lines from the log should be output. Only lines that start with one of the strings in output_filter will be displayed. log_location: GCS path to directory where logs will be stored. backoff: A function that takes the current elapsed time and returns the next sleep length. Both are in seconds. build_region: Region to run Cloud Build in. Returns: A build object that either streams the output or is displayed as a link to the build. Raises: FailedBuildException: If the build is completed and not 'SUCCESS'. )rrUz{0}s)stepsrWrobject gs://{0}/{1}zgs://{0}r--log-locationzJLog Location is required when service account is provided for cloud buildz projects/{0}/serviceAccounts/{1})rgNzXYour build timed out. Use the [--timeout=DURATION] flag to change the timeout threshold.),r rrrV BuildSteprr^rrrr rhasattrbucketr logsBucketrcalliope_exceptionsRequiredArgumentExceptionrrrrrserviceAccountAR_TO_CLOUD_BUILD_REGIONSCLOUD_BUILD_REGIONSrrasync_r MashHandlerGetCancelBuildHandlerr CtrlCSectionrOrprZrWTIMEOUTrr=SUCCESSrt)rUr[ build_args build_tagsrgrrfr rrUr gcs_log_refrhre mash_handlers rCrrsp>  , , .&  . . 0(   *%    mmDLL) ,$$**4+<+<=K{H%%!/!6!6{7I7I7B7I7I"Kl!+ 1 1+2D2D Eld011  ) )  " "  9 9    #E"K"K&&**, ''#L l&??,\:Ll&990x1=?E9)xHE [[ L&&%%f BD,##L1 )& ; L L- M 9E2 \\X^^99AAAJJ !" \\X^^99AAA u %% ,21s 2K K*c<[R"[RRR R 55n[U[[5[[5UU5 /n [U SU5 [U SS5 [U SU5 [U SU5 [U SU5 [U SU5 [U SU5 U(aP[U S S RUR5V!V"s/sHun!n"S RU!U"5PM sn"n!55 [U S U 5 [U S U 5 [U SU 5 [U SU 5 [U SU 5 [U SU5 U(a [U SU5 U(a [U SU5 [U SU5 U(a[U SS RU55 [U SU5 [U S[!U5S5 [U SU5 [#U XR$5 U(a [U SU5 [U SU5 [U S[&R(5 [U SU5 U(a [U SU5 U(a[U SU5 OU(a [U SS S!S"9 U(a[U S#S RU55 OU(a [U S#S S!S"9 S$S%/n#S&n$[+[,5n%[/[0UR2U%5n&[5UU&U U#UU$UR6U%S'9$s sn"n!f)(a& Run a OVF into VM instance import build on Google Cloud Build. Args: args: an argparse namespace. All the arguments that were provided to this command invocation. compute_client: Google Compute Engine client. instance_name: Name of the instance to be imported. source_uri: A GCS path to OVA or OVF package. no_guest_environment: If set to True, Google Guest Environment won't be installed on the boot disk of the VM. can_ip_forward: If set to True, allows the instances to send and receive packets with non-matching destination or source IP addresses. deletion_protection: Enables deletion protection for the instance. description: Specifies a textual description of the instances. labels: List of label KEY=VALUE pairs to add to the instance. machine_type: Specifies the machine type used for the instances. network: Specifies the network that the instances will be part of. network_tier: Specifies the network tier of the interface. NETWORK_TIER must be one of: PREMIUM, STANDARD. subnet: Specifies the subnet that the instances will be part of. private_network_ip: Specifies the RFC1918 IP to assign to the instance. no_restart_on_failure: The instances will NOT be restarted if they are terminated by Compute Engine. os: Specifies the OS of the boot disk being imported. tags: A list of strings for adding tags to the Argo build. zone: The GCP zone to tell Daisy to do work in. If unspecified, defaults to wherever the Argo runner happens to be. project: The Google Cloud Platform project name to use for OVF import. output_filter: A list of strings indicating what lines from the log should be output. Only lines that start with one of the strings in output_filter will be displayed. release_track: release track of the command used. One of - "alpha", "beta" or "ga" hostname: hostname of the instance to be imported no_address: Specifies that no external IP address will be assigned to the instances. byol: Specifies that you want to import an image with an existing license. compute_service_account: Compute service account to be used for worker instances. cloudbuild_service_account: CloudBuild service account to be used for running cloud builds. service_account: Service account to be assigned to the VM instance or machine image. no_service_account: No service account is assigned to the VM instance or machine image. scopes: Access scopes to be assigned to the VM instance or machine image no_scopes: No access scopes are assigned to the VM instance or machine image. uefi_compatible: Specifies that the instance should be booted from UEFI. Returns: A build object that either streams the output or is displayed as a link to the build. Raises: FailedBuildException: If the build is completed and not 'SUCCESS'. zinstance-names client-idgcloud ovf-gcs-pathno-guest-environmentcan-ip-forwardzdeletion-protection descriptionlabels,{}={} machine-typenetwork network-tiersubnetzprivate-network-ipno-restart-on-failurebyoluefi-compatibleosrWrDr -{0}={1}sr release-trackhostnameclient-versionno-external-ipcompute-service-accountservice-accountrT allow_emptyscopesrzgce-ovf-importcUS:aS$S$NrrGrs rCr+RunInstanceOVFImportBuild..2A525rFrfrr )rrrrrrrrrrRrSrK AppendBoolArgritemsr^r_AppendNodeAffinityLabelArgsrUrrLrM_GetInstanceImportRegionrOrwrYrr)'rUcompute_client instance_name source_urino_guest_environmentcan_ip_forwarddeletion_protectionrr machine_typer network_tierrprivate_network_ipno_restart_on_failurerrWrDrrgrXr no_addressrrrservice_accountno_service_accountr no_scopesuefi_compatiblerovf_importer_argskvrrfrZr[s' rCRunInstanceOVFImportBuildr%st))$$..02*;<89   /? {H5 ~z:!#9;OP!#3^D!#8:MN }k:  hhHAq!,HIK ~|< y'2 ~|< x0 35GH!#:%' #VT2#%6H tR(  $8 vt, y/$*?M y'20$8O8OP -@ z84 /1I1IJ!#3Z@ !:%' !2OD !2BDI  388F+;< 24@-.* 5'$%=>. 68M8M& ('   $$! ##UIs9Lc( [R"[RRR R 55n[U[[5[[5SU;a UROSSU;a UROS5 SnUR(d"UR(dUR(aL[ R""URURUR[%USS5[%USS5S9n/n['USUR(5 ['US UR*5 ['US S 5 ['US UR,5 [/US UR0(+5 [/USUR25 ['USUR45 UR6(aX['USSR9UR6R;5VVs/sHupxSR=Xx5PM snn55 ['USU5 ['USUR>5 ['USUR@5 ['USURB5 [/USURD(+5 ['USURF5 [%USS5=(d Sn URHRJRLRNU ;n U (a [/USS5 SU;a[/USURP5 URR(a&['USSR9URR55 ['US[RRTRVRY55 ['US [[U5S!5 ['US"UR 5 U(a ['US#U5 ['US$[\R^5 [/US%UR`5 SU;a['US&UR5 [%US'S5n [%US(S5n U (a['US)U 5 O[%US*S+5(a ['US)SSS,9 U (a['US'SR9U 55 O[%US-S+5(a ['US'SSS,9 S.S//n S0n[c[dU5n[fn[iUS15(a URjn[m[nUU5n[qUUUU UUURrUS29$s snnf)3aRun a OVF into VM instance import build on Google Cloud Builder. Args: args: an argparse namespace. All the arguments that were provided to this command invocation. output_filter: A list of strings indicating what lines from the log should be output. Only lines that start with one of the strings in output_filter will be displayed. release_track: The release track of the command used. One of - "alpha", "beta" or "ga". messages: The definitions of messages for the machine images import API. Returns: A build object that either streams the output or is displayed as a link to the build. Raises: FailedBuildException: If the build is completed and not 'SUCCESS'. rrrNcustom_extensionscustom_vm_type)r custom_cpu custom_memoryextvm_typezmachine-image-namezmachine-image-storage-locationrrrrrrrrrrrrrrrguest_os_featuresrGrTrrWrDrrrrrrrrrrrFrrrzgce-ovf-machine-image-importcUS:aS$S$rrGrs rCr/RunMachineImageOVFImportBuild..0rrFrYr):rrrrrrrrrrRrSrrrr r r InterpretMachineTypegetattrrKIMAGErrrguest_environmentrrrrrr^rrrrestart_on_failurerGuestOsFeatureTypeValueValuesEnumUEFI_COMPATIBLErrrWrCrDrrrrLrrM_GetMachineImageImportRegionrrrYrOrwrr)rUrgrXrUrrrrrr rrrrrfrZrYr[s rCRunMachineImageOVFImportBuildrsW())$$..02*;<89 % - %% &?4&Gd""R, $//T-?-?!66&&??(( D-t 4.5 7L 3TZZ@ ?  ! !# {H5 ~t?!#9***,!#3T5H5HI }d.>.>? [[ hh9J9J9LM9Lq,9LMNP ~|< y$,,7 ~t/@/@A x5!#:+++- tTWW-d$7>D"11AAFF #%6= t^#VTYY7 YY $)))<= vz'8'8'@'@'E'E'I'I'KL y/$*?M y$,,7 -@ /1I1IJ!#3T__E$& !:**, 44 (&D"3T:/ !2ODt)511 !2BDI  388F+;<t[%(( 24@;<* 5'$%A4H.- T%&&,, 68H& ('   $$! ##wNs3Tc[RRRR 5nU(a[ R "U5$g)zPReturn region to run instance import in. Returns: str: region. Can be empty. r)rrrCrDrrrErs rCrrEs;    " " ' ' + + -$  % %d ++ rFcD[R"5R[RR [ U5SS9R5nU(a+UR(aURR5$g![Ra gf=f)NT)allow_empty_objectr) r StorageClient GetBucketrObjectReferenceFromUrl MakeGcsUrirr4rBucketNotFoundError)gcs_pathrs rCrrQs  & & ( 2 2$$,, x T - ;;A6CF&// __ " " $$   ( ( sBBBBc[RRRR 5nU(a[ R "U5$UR(a[UR5$g)zqReturn region to run machine image import in. Args: args: command args Returns: str: region. Can be empty. r) rrrCrDrrrErrrs rCrr]sQ    " " ' ' + + -$  % %d ++  doo .. rFc LA[R"[RRR R 55n[U[[5[[55 [URS-5nUR[US5- n/n[USU5 [USUR5 [USUR 5 [USUS5 [USS 5 UR"(d [US S 5 [%US UR&5 [%US UR(5 [US[*R,5 S/n[/[0U5n [3[4UR6U 5n [9UU UUUUR:U S9$)a{Run a OS Upgrade on Google Cloud Builder. Args: args: an argparse namespace. All the arguments that were provided to this command invocation. output_filter: A list of strings indicating what lines from the log should be output. Only lines that start with one of the strings in output_filter will be displayed. instance_uri: instance to be upgraded. release_track: release track of the command used. One of - "alpha", "beta" or "ga" Returns: A build object that either streams the output or is displayed as a link to the build. Raises: FailedBuildException: If the build is completed and not 'SUCCESS'. g{Gz?rinstancez source-osz target-osrrrrzcreate-machine-backupfalsez auto-rollbackzuse-staging-install-mediarzgce-os-upgraderJ)rrrrrrrrr/OS_UPGRADE_ROLES_FOR_CLOUDBUILD_SERVICE_ACCOUNT,OS_UPGRADE_ROLES_FOR_COMPUTE_SERVICE_ACCOUNTrrrrK source_os target_oscreate_machine_backupr auto_rollbackuse_staging_install_mediarrLrM_GetOSUpgradeRegionrO_OS_UPGRADE_BUILDER_EXECUTABLErYrr) rUrg instance_urirXr two_percentos_upgrade_timeoutos_upgrade_argsrrZr[s rCRunOsUpgradeBuildr5nsq*))$$..02*?@<=?DLL4'(+||c+s&;;/ OZ6 O[$..9 O[$..9 OY(:KH O[(3 # # o6@$2D2DE!<..0 O-v/G/GH !*$%8$?. 68M8M& ('    ! ##rFcfUR(a [R"UR5$g)zgReturn region to run OS upgrade in. Args: args: command args Returns: str: region. Can be empty. r)rDrrE)rUs rCr/r/s# YY  % %dii 00 rFcbU(dU(a!URURX55 ggrrappendr^)rUrargformat_patternrs rCrKrKs#KKK%%d01 rFc[XUS5 g)Nz-{0})rKrUrr:s rCrrs DV$rFcTU(d!URSRX55 gg)N-{0}={1}r8r=s rCAppendBoolArgDefaultTruer@s! KK !!$,- rFc URSSS9 URS[R"SS9SSRX5S 9 [R R U5 g ) z"Common arguments for Daisy builds.rzDirectory in Cloud Storage to hold build logs. If not set, ```gs://.cloudbuild-logs.googleusercontent.com/``` is created and used.helpz --timeout24h) upper_bound2ha) Maximum time {} can last before it fails as "TIMEOUT". For example, if you specify `2h`, the process fails after 2 hours. See $ gcloud topic datetimes for information about duration formats. This timeout option has a maximum value of 24 hours.{} )typedefaultrCN) add_argumentrDurationr^r ASYNC_FLAG AddToParser)parser operationextra_timeout_helps rCAddCommonDaisyArgsrPsm      E 2  vi4 6//f%rFc0URS[SSS9 g)z(Extra common arguments for Daisy builds.z--docker-image-tagTa  Specify which docker image tag (of tools from compute-image-tools) should be used for this command. By default it's "release", while "latest" is supported as well. There may be more versions supported in the future. )rHhiddenrCN)rIrrMs rCAddExtraCommonDaisyArgsrTs% &    rFc&URSSSS9 g)zAdds OVF Source URI arg.z --source-uriTzCloud Storage path to one of: OVF descriptor OVA file Directory with OVF package. For more information about Cloud Storage URIs, see https://cloud.google.com/storage/docs/request-endpoints#json-api.requiredrCNrIrSs rCAddOVFSourceUriArgrYs" N PrFcFURSSSSRU5S9 g)z"Adds Google Guest environment arg.z--guest-environment store_trueTz2The guest environment will be installed on the {}.)actionrHrCN)rIr^)rMresources rCAddGuestEnvironmentArgr^s/  ? F F   rFcLURSSSS9 URSSSS9 URSSSS9 URS SS S9 URSS S9nURS S 9nURSSSS9 URSSSS9 URSS 9nURSSS 9 g)z$Adds args for image import from AWS.z--aws-access-key-idTz Access key ID for a temporary AWS credential. This ID must be generated using the AWS Security Token Service. rVz--aws-secret-access-keyz Secret access key for a temporary AWS credential. This key must be generated using the AWS Security Token Service. z--aws-session-tokenz Session token for a temporary AWS credential. This session token must be generated using the AWS Security Token Service. z --aws-regionz0AWS region of the image that you want to import.zI Specify whether to import from an AMI or disk image. z< If importing an AMI, specify the following two flags:rBz --aws-ami-idz"AWS AMI ID of the image to import.z--aws-ami-export-locationz An AWS S3 bucket location where the converted image file can be temporarily exported to before the import to Cloud Storage.z8 If importing a disk image, specify the following:z--aws-source-ami-file-pathzc S3 resource path of the exported image file that you want to import. N)rIadd_mutually_exclusive_group add_group) aws_group step_to_beginbegin_from_exportbegin_from_files rCAddAWSImageImportSourceArgsrf s.        = 88 9-$--4@-A   /!   ! I!"++2<+=/" rFcUR(a%[USURR55 UR(a&[USURR55 gg)zExtracts network/subnet out of CLI args and append for importer. Args: args: list of str, CLI args that might contain network/subnet args. builder_args: list of str, args for builder. rrN)rrKrr)rUrs rCAppendNetworkAndSubnetArgsrhKsI [[ lHdkk&7&7&9: \\ lIt||'9'9';<rFc&URSSSS9 g)zAdds byol arg.z--byolr[av Specifies that you want to import an image with an existing license. Importing an image with an existing license is known as bring your own license (BYOL). `--byol` can be specified in any of the following ways: + `--byol --os=rhel-8`: imports a RHEL 8 image with an existing license. + `--os=rhel-8-byol`: imports a RHEL 8 image with an existing license. + `--byol`: detects the OS contained on the disk, and imports the image with an existing license. For more information about BYOL, see: https://cloud.google.com/compute/docs/nodes/bringing-your-own-licensesr\rCNrXrSs rC AddByolArgrkYs"  OPrFczSRUS9nU(aUSRU5-nURSSUS9 g)zAdds no address arg.a2 Temporary VMs are created in your project during {operation}. Set this flag so that these temporary VMs are not assigned external IP addresses. Note: The {operation} process requires package managers to be installed on the operating system for the virtual disk. These package managers might need to make requests to package repositories that are outside Google Cloud. To allow access for these updates, you need to configure Cloud NAT and Private Google Access. )rNz For more information, see {}.z --no-addressr[rjN)r^rI)rMrNdocs_url help_texts rCAddNoAddressArgronsJ v v* <CCHMMIn\ JrFcSnUS- nUHnUSU-S-- nM URSURXR5S9S9 g)z!Adds Compute service account arg.a, A temporary virtual machine instance is created in your project during {operation}. {operation_capitalized} tooling on this temporary instance must be authenticated. A Compute Engine service account is an identity attached to an instance. Its access tokens can be accessed through the instance metadata server and can be used to authenticate {operation} tooling on the instance. To set this option, specify the email address corresponding to the required Compute Engine service account. If not provided, the {operation} on the temporary instance uses the project's default Compute Engine service account. At a minimum, you need to grant the following roles to the specified Cloud Build service account: r * z--compute-service-accountrNoperation_capitalizedrBNrIr^ capitalizerMrNrhelp_text_patternrs rCAddComputeServiceAccountArgrxsn "td,t33 !  # #5I5I5K $ MrFcSnUS- nUHnUSU-S-- nM URSURXR5S9S9 g)z%Adds Cloud Build service account arg.a Image import and export tools use Cloud Build to import and export images to and from your project. Cloud Build uses a specific service account to execute builds on your behalf. The Cloud Build service account generates an access token for other service accounts and it is also used for authentication when building the artifacts for the image import tool. Use this flag to to specify a user-managed service account for image import and export. If you don't specify this flag, Cloud Build runs using your project's default Cloud Build service account. To set this option, specify the email address of the desired user-managed service account. Note: You must specify the `--logs-location` flag when you set a user-managed service account. At minimum, the specified user-managed service account needs to have the following roles assigned: rrqz--cloudbuild-service-accountrrrBNrtrvs rCAddCloudBuildServiceAccountArgrzsm (td,t33 $  # #5I5I5K $ rFcn[R"X5nUHn[US[U55 M g)Nznode-affinity-label)sole_tenancy_util%GetSchedulingNodeAffinityListFromArgsrK&_BuildOvfImporterNodeAffinityFlagValue)rrUcompute_client_messagesnode_affinities node_affinitys rCrrs6%KK %/&m !64]CE'rFcURS-[R"UR5-nURH nUSU-- nM U$)Nr)keysix text_typeoperatorvalues)rnode_affinity_flagvalues rCr~r~sQ$((3.2##e#+%$ rFc[RRU5n[US5(a&SR UR UR 5$SR UR 5$)zCreates Google Cloud Storage URI for an object or a path. Args: uri: a string to a Google Cloud Storage object or a path. Can be a gs:// or an https:// variant. Returns: Google Cloud Storage URI for an object or a path. rrz gs://{0}/)rrr rr^rruriobj_refs rCr!r!sW    $ $S )' Wh   @@   gnn --rFc[RRU5n[US5(a&SR UR UR 5$[R"US5e)aCreates Google Cloud Storage URI for an object. Raises storage_util.InvalidObjectNameError if a path contains only bucket name. Args: uri: a string to a Google Cloud Storage object. Can be a gs:// or an https:// variant. Returns: Google Cloud Storage URI for an object. rrzMissing object name) rrr rr^rrrInvalidObjectNameErrorrs rCMakeGcsObjectUrirsV    $ $S )' Wh   @@  - -c3H IIrFcUR(dgURRSURR [ R RRR5URS94/nURU5 g![Ra" [R"SUR5ef=f)zValidate Compute Engine zone from args.zone. If not present in args, returns early. Args: args: CLI args dictionary compute_client: Compute Client Raises: InvalidArgumentException: when args.zone is an invalid GCE zone Nr)rrDz--zone)rDapitools_clientzonesrUComputeZonesGetRequestrrrrr MakeRequestsr ToolExceptionInvalidArgumentException)rUr zone_requestss rC ValidateZoners  "2288%"++BB * 1 1 6 6 > > H H J!YYC()*-L .  * *L  6 6x KKLs B6CcUR5RS5=(d UR5RS5(+$)Nzgs://zhttps://)rr;) file_names rCrrs;oo**737oo**:6 88rF)rr)NF) )F)NNrr)r?F)T)za buildr)r&)r)rL __future__rrrr r&rbapitools.base.pyrrr\apitools.base.py.exceptionsrr !googlecloudsdk.api_lib.cloudbuildr r cb_logs+googlecloudsdk.api_lib.cloudresourcemanagerr googlecloudsdk.api_lib.computer rgooglecloudsdk.api_lib.servicesrrgooglecloudsdk.api_lib.storagerrgooglecloudsdk.api_lib.utilrr:googlecloudsdk.callioperrr$googlecloudsdk.command_lib.artifactsr%googlecloudsdk.command_lib.cloudbuildr/googlecloudsdk.command_lib.compute.sole_tenancyrr|#googlecloudsdk.command_lib.projectsrgooglecloudsdk.corerrrrrrgooglecloudsdk.core.consolergooglecloudsdk.core.utilr_rrsrnryrirPrvrwr0rxrROLE_COMPUTE_STORAGE_ADMINROLE_STORAGE_OBJECT_VIEWERROLE_STORAGE_OBJECT_ADMINROLE_COMPUTE_ADMINROLE_IAM_SERVICE_ACCOUNT_USER&ROLE_IAM_SERVICE_ACCOUNT_TOKEN_CREATORrrrrrSrr)rRrr(rr_r GCSLogTailerr6CloudBuildClientrOErrorrtr~rrrrrrrrrrrrr*rrArGr\rMrOrcrhrdrgrorrrNrrrrrQrrrrrrrrr5r/rKrr@rPrTrYr^rfrhrkrorxrzrr~r!rrrrGrFrCrslF&' %>19==D90F67,>/(E<;UE&*/#*()2> "X'w$%;"$9!#8 #8 !1!6+E($997* >)O&* "+-#,( ,( 0, *!/+*!/+*!3/,       ,,  DG$<$<DN1:++1-j&&-5:#3#35V')#% b'J= @<6+ \(V ,D+\* NB!% AH ?*%= %9P$>0+ \ 4)<,(  , &0,D $9X%= %9P (%)*3Z "#!% $, $bJa#Hy#x     "=#@  2 %. &0  P?D =P*K&<DE."J(L08rF