.SrSSKJr SSKJr SSKJr SSKrSSKrSSKrSSKrSSK J r SSK J r SSK Jr SS K Jr SS K Jr SS KJr SSKrSSKrSS KJr SSKrS rSrSrSrSrSrSrSr\S-r Sr!Sr"Sr#Sr$Sr%\RL"S/SQ5r'\RL"S/SQ5r("SS\RR5r*"SS \RR5r+"S!S"\RR5r,"S#S$\RR5r-"S%S&\RR5r."S'S(\RR5r/"S)S*\RR5r0S+r1S,r2S-r3S.r4S/r5S0r6S1r7S2r8S3r9S4r:S5r;S6rS9r?S:r@S;rAS<rBg)=z:Utility functions for WebSocket tunnelling with Cloud IAP.)absolute_import)division)unicode_literalsN)ssh) context_aware) exceptions)log) properties)http_proxy_types)parsewssztunnel.cloudproxy.appzmtls.tunnel.cloudproxy.appz/v4connect reconnectzrelay.tunnel.cloudproxy.appi@ CloudRunArgs)project_number workload_typedeployment_name instance_id container_idIapTunnelTarget) projectzoneinstance interfaceport url_override proxy_infonetworkregionhost dest_groupcloud_run_argsc\rSrSrSrg)CACertsFileUnavailableVN__name__ __module__ __qualname____firstlineno____static_attributes__r*@lib/googlecloudsdk/api_lib/compute/iap_tunnel_websocket_utils.pyr(r(Vr1r(c\rSrSrSrg)IncompleteDataZr*Nr+r*r1r2r5r5Zr3r1r5c\rSrSrSrg)InvalidWebSocketSubprotocolData^r*Nr+r*r1r2r8r8^r3r1r8c\rSrSrSrg)MissingTunnelParameterbr*Nr+r*r1r2r;r;br3r1r;c\rSrSrSrg)UnexpectedTunnelParameterfr*Nr+r*r1r2r>r>fr3r1r>c\rSrSrSrg)PythonVersionMissingSNIjr*Nr+r*r1r2rArAjr3r1rAc\rSrSrSrg)UnsupportedProxyTypenr*Nr+r*r1r2rDrDnr3r1rDc2UR(d [S5eUR(d [S5eUR(d [S5eURR (d [S5eURR (aLURR [RRVs/sHoRPM sn;a [S5eURR(d [S5egs snf)z3Validate the parameters for a Cloud Run connection.z&Missing required tunnel argument: portz(Missing required tunnel argument: regionz)Missing required tunnel argument: projectz0Missing required tunnel argument: project_numberz:Missing or invalid required tunnel argument: workload_typez1Missing required tunnel argument: deployment_nameN) rr;r#rr&rrrun_sshSsh WorkloadTypevaluer) tunnel_targetes r2_ValidateCloudRunArgsrMrs    !I JJ    !K LL    !L MM  % % 4 4 :   & & 4 4  % % 3 3&{{77 87!gg7 8 9 !D   % % 5 5 ;  6 9sDc^UR(a [U5 GO,UR5R5H"upU(aMUS;dM[ SU-5e UR (d3UR (d"UR(dUR(a`UR5R5H=upU(dUS;a[ SU-5eU(dM)US;dM1[SU-5e ODUR5R5H"upU(aMUS;dM[ SU-5e UR(aRURRnU(a4U[R:wa[S[R U-5eggg) aValidate the parameters. Inspects the parameters to ensure that they are valid for either a VM instance-based connection, a host-based connection, or to a Cloud Run deployment. Args: tunnel_target: The argument container. Raises: MissingTunnelParameter: A required argument is missing. UnexpectedTunnelParameter: An unexpected argument was found. UnsupportedProxyType: A non-http proxy was specified. )rrz"Missing required tunnel argument: )r#r"r$)rrrzUnexpected tunnel argument: )rrrzUnsupported proxy type: N)r&rM_asdictitemsr;r#r"r$r%r>r! proxy_typesocksPROXY_TYPE_HTTPrDr REVERSE_PROXY_TYPE_MAP)rK field_name field_valuerQs r2ValidateParametersrWs!!-(#0#8#8#:#@#@#B [Z+>>$ 0: =  $C       # #%2%:%:%<%B%B%D !*z-JJ&2Z?   ;:)JJ),z9  &E&3%:%:%<%B%B%D !*{z-NN&2Z?  &E ))44JzU%:%:: $  1 1* = > ??; r1cx[Rn[RRR R 5nU(aUn[RRU5(dJSn[R"U5 USU-- nU(a[R"U5 U$[U5eU$)z'Get and check that CA cert file exists.z&Unable to locate CA certificates file.z [%s])httplib2CA_CERTSr VALUEScorecustom_ca_certs_fileGetospathexistsr warninginfor() ignore_certsca_certscustom_ca_certs error_msgs r2CheckCACertsFilerhs   (%%**??CCE/H  ! !8IKK  8##I hhy / #9 -- /r1clU(d[R(a[RS:d)[R(an[RS:aY[ S[RR [RR[RR4-5eggg)N)rr )rrzqPython version %d.%d.%d does not support SSL/TLS SNI needed for certificate verification on WebSocket connection.) sixPY2sys version_infoPY3rAmajorminormicro)rds r2CheckPythonVersionrts  ww3##i/ ww3##i/ ! <    !1!1!7!7     ! ! ""0w r1c,URURUS.nUR(aURRUS'URRUS'URR US'UR US'URR(aURRUS'URR(aURRUS'OUR(aNUR US'URUS'URUS 'UR(aURUS 'O-URUS 'URUS 'URUS '[[ UUR"5$)z,Create Connect URL for WebSocket connection.)rr newWebsocketrcr_workload_typecr_deployment_namer#cr_instance_idcr_container_idr"r$grouprrr)rrr&rrrr#rrr$r"r%rrr_CreateWebSocketUrlCONNECT_ENDPOINTr )rKshould_use_new_websocketurl_query_piecess r2CreateWebSocketConnectUrlrs&&  . !!$$33%& $$22'( $$44)*"/!5!5X##//  & & 2 2'(##00  & & 3 3()!.!5!5X"/"7"7Y,11V"/":":w,11V#0#9#9Z $1$;$;[! -/?*77 99r1cUUUS.nUR(dUR(aURUS'OURUS'[ [ UUR 5$)z.Create Reconnect URL for WebSocket connection.)sidackrvr#r)r&r$r#rr|RECONNECT_ENDPOINTr )rKr ack_bytesr~rs r2CreateWebSocketReconnectUrlr sf . !!]%7%7!.!5!5X,11V /1A*77 99r1c[n[[R"55n[R "5(aU(a[ O[nOS[R"53n[nU(a-[R"U5nUSSup5nU(aUS:waUn[R"U5n URS5(aU<U<3OU<SU<3n [R"X5U SU S45$)z$Create URL for WebSocket connection.ztunnel-cloudproxy.Nrk/) URL_SCHEMEboolrConfigr IsDefaultUniverse MTLS_URL_HOSTURL_HOSTGetUniverseDomain URL_PATH_ROOTr urlparse urlencodeendswith urlunparse) endpointrr schemeuse_mtlshostname path_rooturl_override_parts path_overrideqsr`s r2r|r|s & -&&( )(!!## (}hH#J$@$@$B#CDH) 5&8!&<#Fm#-i '(",5,>,>s,C,CIx (#X.   6T2r2> ??r1c[R"[S5[U5$![Ra [ SU-5ef=f)Nz>HQzInvalid Ack [%r])structpackstrSUBPROTOCOL_TAG_ACKerrorr8)rs r2CreateSubprotocolAckFramer1sFJ ;;s5z#6 BB J )*HI%ds)rrrlenSUBPROTOCOL_TAG_DATA) bytes_to_sends r2CreateSubprotocolDataFramer9s2 SC $667)3}+=} NNr1c[U5$N_ExtractUnsignedInt64 binary_datas r2ExtractSubprotocolAckr? { ++r1c2[U5up[X5$r_ExtractUnsignedInt32_ExtractBinaryArrayrdata_lens r2#ExtractSubprotocolConnectSuccessSidrC/ <( [ 33r1c2[U5up[X5$rrrs r2ExtractSubprotocolDatarHrr1c[U5$rrrs r2%ExtractSubprotocolReconnectSuccessAckrMrr1c[U5$r)_ExtractUnsignedInt16rs r2ExtractSubprotocolTagrQrr1c[U5S:a [5e[R"[ S5USS5SUSS4$)Nrz>Hrrr5runpackrrs r2rrUH   --D ;r? 3A 6 ab/ r1c[U5S:a [5e[R"[ S5USS5SUSS4$)Nrz>Irrrs r2rr]rr1c[U5S:a [5e[R"[ S5USS5SUSS4$)Nz>Qrrrs r2rrerr1c[U5U:a [5e[R"[ SU-5USU5SXS4$)Nz%dsrrrs r2rrmsN   --EH,-{9H/E Fq I i  ""r1)C__doc__ __future__rrr collectionsr_rrngooglecloudsdk.api_lib.runrrGgooglecloudsdk.corerrr r googlecloudsdk.core.utilr rYrlsix.moves.urllibr rRrrrrr}rSUBPROTOCOL_NAMESUBPROTOCOL_TAG_LENSUBPROTOCOL_HEADER_LENSUBPROTOCOL_MAX_DATA_FRAME_SIZE#SUBPROTOCOL_TAG_CONNECT_SUCCESS_SID%SUBPROTOCOL_TAG_RECONNECT_SUCCESS_ACKrr namedtuplerIapTunnelTargetInfoErrorr(r5r8r;r>rArDrMrWrhrtrrr|rrrrrrrrrrrr*r1r2rs A&' 5-*#*5 "  ",   0,q0"'&,#(.%%%  ",, &Z--Z%%j&6&6Z-- 0 0j..:++44?n""(9V9$@*JN ,4 4 ,,"r1