!xSrSSKJr SSKJr SSKJr SrSrSrSrS r S r S r S r S r SSjrSrSrg)z"Defines arguments for gcloud auth.)absolute_import)division)unicode_literalsc&URSSSS9 g)Naccount?zcAccount to print the identity token for. If not specified, the current active account will be used.)nargshelp add_argumentparsers ,lib/googlecloudsdk/command_lib/auth/flags.py AddAccountArgrs   79c0URS[SSS9 g)Nz --audiences AUDIENCESzOIntended recipient of the token. Currently, only one audience can be specified.)typemetavarr )r strr s rAddAudienceArgrs#  < =rc&URSSSS9 g)Nz--include-email store_truezSpecify whether or not service account email is included in the identity token. If specified, the token will contain 'email' and 'email_verified' claims. This flag should only be used for impersonate service account.actionr r r s rAddIncludeEmailArgr&s   +-rclURSS9nURSSS/SSS9 URSS S S 9 g ) z%Add GCE specific arguments to parser.z>Parameters for Google Compute Engine instance identity tokens.)r z--token-formatstandardfulla,Specify whether or not the project and instance details are included in the identity token payload. This flag only applies to Google Compute Engine instance identity tokens. See https://cloud.google.com/compute/docs/instances/verifying-instance-identity#token_format for more details on token format.)choicesdefaultr z--include-licenserzSpecify whether or not license codes for images associated with this instance are included in the identity token payload. Default is False. This flag does not have effect unless `--token-format=full`.rN)add_argument_groupr )r gce_arg_groups rAddGCESpecificArgsr$0sa++ K,M-6" * +   rc(URSSSSS9 g)Nz--disable-quota-projectFra By default, the project in billing/quota_project or core/project will be written to application default credentials (ADC) as the quota project. When both are set, billing/quota_project takes precedence. You can use --billing-project to overwrite the value in billing/quota_project. Similarly, you can use --project to overwrite the value in core/project. Client libraries will send it to services and use it for quota and billing. To be able to use a project as the quota project, the account in ADC must have the serviceusage.services.use permission on the project. This permission is granted to the project editor and project owner. You can create custom roles to include this permission. Note that some cloud services may ignore this quota project and still bill the project owning the resources. In the following situations, you may use this flag to skip setting the quota project: * The account in ADC cannot be granted the project editor or owner role or any role with the serviceusage.services.use permission. * You always want to bill the project owning the resources. r!rr r r s r_AddDisableQuotaProjectr'Fs#  rc[U5 gN)r'r s rAddQuotaProjectFlagsr*es &!rc FURSSSSRX5S9 g)Nz --browserTra` If you want to authorize the {0} on a machine that doesn't have a browser and you can install the gcloud CLI on another machine with a browser, use the `--no-browser` flag. 1. To initiate authorization, enter the following command: ``` {1} --no-browser ``` 2. Copy the long command that begins with `{1} --remote-bootstrap="`. 3. Paste and run this command on the command line of a different, trusted machine that has local installations of both a web browser and the gcloud CLI tool version 372.0 or later. 4. Copy the long URL output from the machine with the web browser. 5. Paste the long URL back to the first machine under the prompt, "Enter the output of the above command", and press Enter to complete the authorization. r&r formatr auth_target auth_commands rAddNoBrowserFlagr1is/  , & +5rc(URSSSSS9 g)Nz--remote-bootstrapTaUse this flag to pass login parameters to a gcloud instance which will help this gcloud to login. This flag is reserved for bootstrapping remote workstation without access to web browsers, which should be initiated by using the --no-browser. Users should not use this flag directly.)hiddenr!r r r s rAddRemoteBootstrapFlagr4s%  C  DrcRUR5n[X1U5 [U5 gr))add_mutually_exclusive_groupr1r4)rr/r0groups rAddNoBrowserArgGroupr8s"  - - /%5|4rcTU(aSnSnOSnSn[XU5 [XU5 g)Nz%gcloud auth application-default loginzclient librarieszgcloud auth loginz gcloud CLI)r8AddNoLaunchBrowserFlag)rfor_adcr0r/s rAddRemoteLoginFlagsr<s- :L$K&LKvL9l;rc HURSSSSRX5SS9 g)Nz--launch-browserTlaunch_browsera6 Launch a browser for authorization. If not enabled or if it is not possible to launch a browser, prints a URL to standard output to be copied. If you want to authorize the {0} on a machine that doesn't have a browser and you cannot install the gcloud CLI on another machine with a browser, use the `--no-launch-browser` flag. The `--no-launch-browser` flag prevents the command from automatically opening a web browser. 1. To initiate authorization, enter the following command: ``` {1} --no-launch-browser ``` 2. Copy the long URL that begins with `https://accounts.google.com/o/oauth2/auth... ` 3. Paste this URL into the browser of a different, trusted machine that has a web browser. 4. Copy the authorization code from the machine with the web browser. 5. Paste the authorization code back to the first machine at the prompt, "Enter authorization code", and press Enter to complete the authorization. r)r!destr rr,r.s rr:r:s3  : & + E#rcURSSSS9 URSSSS9 URSSSS9 URS SS S9 g) zCommon ECP configuration flags.z--ecpNzpProvide a custom path to the enterprise-certificate-proxy binary. This flag must be the full path to the binary.)r!r z --ecp-clientzProvide a custom path to the enterprise-certificate-proxy shared client library. This flag must be the full path to the shared library.z --tls-offloadzProvide a custom path to the enterprise-certificate-proxy shared tls offload library. This flag must be the full path to the shared library.z --output-filezYOverride the file path that the enterprise-certificate-proxy configuration is written to.r r s r"AddCommonEnterpriseCertConfigFlagsrAs   <         * rN)F)__doc__ __future__rrrrrrr$r'r*r1r4r8r<r:rArrrEsQ)&'9=- ,>"> D <$N$r