!VSrSSKJr SSKJr SSKJr SSKJr SSKrSSKrSSKrSSK r SSK r SSK r SSK r SSK Jr SSK Jr SS KJr SS KJr SS KJr SS KJr SS KJr SSKJr SSKJr SSK J!r! SSK J"r" SSK J#r# SSK J$r$ SSK J%r% SSK&J'r' SSK(J)r) SSK*J+r+ SSK*Jr SSK*J,r, SSK*J-r- SSK*J.r. SSK/J0r0 SSK1J2r2 SSK1J3r3 SSK4r4\Rj"SS5r6\Rj"S S5r7\Rj"S!S5r8S"r9S#r:\;"5r<"S$S%\=5r>"S&S'\#R~5r@"S(S)\#R~5rAS*rBS+rC"S,S-\#R~5rD"S.S/\#R~5rE"S0S1\#R~5rF"S2S3\#R~5rGS4rHS5rIS6rJS7rKS8rLS9rMS:rNS;rOSjS<jrPS=rQS>rRS?rSS@rTSArU\ R"SB5rW\ R"SC5rX\ R"SD5rYSErZ\ R"SF5r[SGr\SHr]SIr^SJr_SKr`SLra"SMSN\;5rb"SOSP\b5rc"SQSR\;5rdSSreSTrf"SUSV\b5rgSWrh"SXSY\b5ri"SZS[\R5rk"S\S]\b5rlS^rmS_rnS`roSarpSbrqScrrSkSdjrsSertSfruSgrvShrwSirxg)lzUR(d[[U]"U40UD6UlUR$N) _instancesuperr8__new__)clskwargs __class__s r/r>+ApplicationDefaultCredentialSetting.__new__Ss@ ==?)!()),8068cm ==r.r&) r(r)r*r+r,r<r>r- __classcell__)rAs@r/r8r8NsG)r.r8c SU-$)zGCR package path for a builder that works on the given appengine runtime. Args: runtime: Name of a runtime from app.yaml, e.g. 'python38'. Returns: gcr.io image path. z0gcr.io/gae-runtimes/buildpacks/%s/builder:latestr&)runtimes r/_GaeBuilderPackagePathrF[s ">m  t ,d 3M4L4LM)- &  ZZ??#  %%r.cUR(dUR(aURUR:H$URUR:H$r;)rTrV)selfothers r/ IsSameSecret_SecretVolume.IsSameSecretsA U00   5#6#6 66   u00 00r.r&r;) r(r)r*r+r,r6 classmethodrerjr-r&r.r/rRrR~s+  J% &* %%21r.rRc\rSrSrSrSrSrg) _SecretEnvVaraConfiguration for a single env var that's pulled from a secret. Attributes: name: (str) the name of the secret in the resource key: (str) the secret version to use mapped_secret: (str) if set, the path of the secret from the other project that this secret will pull from. For example 'projects/123/secrets/foo'. If not set, will pull from the secret called 'name' in the current project. r4rOrTr&Nr5r&r.r/rnrns  +%r.rncZ\rSrSrSrSr\S5rSSjrSr Sr Sr S r S r S rS rg )SettingsaSettings for local development environments. Attributes: service_name: Name of the kuberntes service. image: Docker image tag. credential: Credential setting for either service account or application default credential. context: Path to directory to use as the current working directory for the docker build. builder: The builder specification or None. local_port: Local port to which to forward the service connection. env_vars: Container environment variables. env_vars_secrets: Container environment variables where the values come from Secret Manager. volumes_secrets: Volumes where the values come from secret manager. renamed_secrets: internal map of secrets that don't correspond to k8s naming conventions. cloudsql_instances: Cloud SQL instances. memory: Memory limit. cpu: CPU limit. namespace: Kubernetes namespace to run in. readiness_probe: If true, create readiness probe. allow_secret_manager: If true, allow fetching secrets from secret manager ) service_nameimage credentialcontextbuilder local_portenv_varsenv_vars_secretsvolumes_secretsrccloudsql_instancesmemorycpu namespacereadiness_probeallow_secret_managerc x[RR[R"55nUR SS5R SS5R 5nSn[R"US9nU"U/[RR[R"55SU00/0[S9 $)z5The settings you get with no args or other overrides._- Dockerfile dockerfileN) rxr}rwrurtrzr{r|rcr) osrPbasenamerGetCWDreplacelowerrDockerfileBuilderabspath_FLAG_UNSPECIFIED)r?dir_namertdockerfile_arg_defaultrxs r/DefaultsSettings.Defaultssww /H##C-55c3?EEGL)((4JKG  /!.  r.c  URU5nSURR0nURRRR un0nURR[RS5n[R"US5R5VV s0sHupXR!5_M nnn URR#5(aUR$R[RS5n UR'[R"U S5R5VV s0sHupUU R!5_M sn n5 0n 0n UR(GHIn U R*(GaU R*R,(a[R"S5eU R*R.(aU R*R.RnURUS5nU(d[[0R2"U5(d@UnUR4RUS5nU(d5upXR4U'[9U R*R.R:UUS9XR'GM.GM1U R<XR'GML UR'[?UR@URBU U 55 URRRRDnU(a [GUS9US 'URHnU(aUUS 'UR'URKU55 0nURRRRLH\nURN(aURNUUR'M/[R"S RQUR55e /nURRHnURU;a/[R"S RQUR55eURU[VRYUUURUUR455 M UUS 'URZ"S0UD6$![ a [R"S5ef=fs sn nfs sn nf)aOverrides settings with service.yaml and returns a new Settings object. Args: yaml_path: Filename to read. is_alpha: boolean set to true if alpha features should be used. Returns: New Settings object. Raises: _ParseError: Input does not look like a service.yaml rtz0knative Service must have exactly one container.Tz+env_vars from config_maps are not supportedN)rOr4rTr3rvruzGCould not process volume "{}". Only volumes from secrets are supported.z5Container referenced volume "{}" which was not found.r|r&)._ParseServiceYamlmetadatar4spectemplate containers ValueErrorrError annotationsr\r SECRETS_ANNOTATIONrParseAnnotationrWFormatAnnotationItem IsFullObjecttemplate_annotationsupdateenv valueFromconfigMapKeyRef secretKeyRefrr]rcr^rnrOvalue_MergedEnvVarsrzr{serviceAccountNamer1ru_ResourceRequestsvolumessecretformat volumeMountsrZrRrer)rh yaml_pathis_alphaknative_service replacements containerrbaliaseskvtemplate_aliases new_env_varsnew_env_vars_secretsvarrVrTservice_account_name image_nameall_volsvolreferenced_volss r/WithServiceYamlSettings.WithServiceYamls!,,Y7O 0055LQ#((1166AAky N))----r3G$33GTBHHJJDA ! ! ##J,,..(==AA  / /5/>/N/N0&&+eg0.0.tq " #0. L}}  == ( (  !NO O ]] ' ' 2277+(,,[$?-w'='=k'J'J'M..22=$GK+@+O(k4?""=1+8--,,00),+ xx (("% XX'(t}}d&;&;\+ -.+//88==PP#8#$%l< J(l7..y9:H##,,1199  ZZ ==CVCHH=MO O : O%%  ! ((.sxx(8: :  & &sHSXX,>'+';'; => &'6L"# << ', ''Y Q   O PPQs,R$+SS $!Sc[R"U5n[R"U[R 5n[ R "U[5nU$![R[R4a [5ef=fr;) r load_path messages_utilDictToMessageWithErrorCheckRUN_MESSAGES_MODULEService k8s_servicer DecodeErrorr$)rhr yaml_dictmessagers r/rSettings._ParseServiceYamlRst..+i99 (002g#++G5HIo  JJ 11 2 Ms AA/B c4UR(aURR(d0$0nURRRHCnURS:XaURUS'URS:XdM4URUS'ME U$)Nrr~) resourceslimitsadditionalPropertiesrOr)rhrretprops r/rSettings._ResourceRequests\sy   i&9&9&@&@ i C##**?? U ZZE X  H @ Jr.c[RRU5n[ URR5n[R"USSS9nURUS9$![Ra [ 5ef=f)zOverrides settings with app.yaml and returns a new Settings object. Args: yaml_path: Filename to read. Returns: New Settings object. Raises: ParseError: Input does not look like an app.yaml TFrxtrustdevmode)rx) app_engine_yaml_parsingServiceYamlInfoFromFilerrr$rFparsedrErBuildpackBuilderr)rhrservice_config builder_urlrxs r/ WithAppYamlSettings.WithAppYamlgs}.>>GG n))>)>)F)FGK''48G <<< (( :: Ms A%%Bc40nSH(nURU5(dM[X5X#'M* URS5(a[5US'O,URS5(a[ UR S9US'UR nUR(a)[RRUR5nXBS'[USS5(aS US 'OURS 5(a[UR5US 'OURS 5(a"[R"URS 9US 'OM[!UR[R5(a$URUS 'US R#U5 [USS 5(a UR.nO[US05=(d 0nUR1[US05=(d 05upgUR3[5UR.UR6UU55 [9UR:U5US'UR<"S0UD6$![R$a4 [&R(R+S 5 [[,5US 'Nf=f)z?Overrides settings with args and returns a new Settings object.) ryr~rrrr}rurtrapplication_default_credentialrvservice_accountr3rwno_skaffold_fileFNrxrrzCNo Dockerfile detected. Using GCP buildpacks to build the containerrz env_vars_filerr|r&)IsKnownAndSpecifiedgetattr IsSpecifiedr8r1rrwsourcerrPr_BuilderFromArgrxrrr isinstanceValidateInvalidLocationErrorrstatusPrintrHrz _GetSecretsrrr{_MergeSecretVolumesr|r)rhargsr override_argrwnew_envsnew_env_secretsnew_sec_volumess r/WithArgsSettings.WithArgs}sCL    ! !, / /%,T%@ "  899#F#Hl<  + , ,#8##$%l< llG {{ ,g%t'// $l9 ! !) , ,"1$,,"? Y  # #L 1 1"*"<"<#( Y dllH$>$> ? ? ,&*llL #  # , ,W 5 tZ&&h39rh'+'7'7i$*(,$Ot}}d&;&;X& ()': o'/L"# << ', ''%.. , JJ  K L&5*',L # ,s4#IAJJc 0n0n0nUR5GHupVURS5n[U5S:wa%[R"SR U55eUupSn UR S5(aVUn X;aJUR5RSS5SSS-[[R"55-nXU 'ONXJnOI[R"U5(d.XR;aUn URUnO [U5upUR S 5(aa[ R"RU5upX;a[%UU U/U S 9n XU 'OX;n U RR'[)XS 95 GM}[+XU S 9X%'GM U[-UR/554$) N:z:, got {} projects/r.r/rYrNrp)rWsplitlenrrr startswithrrstruuiduuid1rr]rcr^rrPrRrZrLrnlistvalues)rh secrets_argsrzrrrOrpartsrVversionrTrUfilenamevolumes r/rSettings._GetSecretssHGG#))+ ll3e Uq @@FvP P"km    , ,#  '!))#s3BQ7#=$**,  $/- .+%%k22 .. .%-,,[9+'<['I $+   !ww}}S1  $ #%) +& !'* && KGCD%H O,R T'..*+ ++r.c[UR[R5(a%URR UR 5 0nUR c[UR5US'UR"S0UD6$)zCValidate and compute settings after all user inputs have been read.rur&) rrxrrrrwru_DefaultImageNamertr)rhrs r/BuildSettings.Buildse$,, : :;; llDLL)L zz/0A0ABl7 << ', ''r.r&N)F)r(r)r*r+r,r6rlrrrrrrrrr-r&r.r/rrrrsJ2 C% ,a(F ),;(z.,`(r.rrcfUR5nUR5n[U5RU5nU(a%[R"SR U55eUR 5HupVXQ;aX X`U'M UR 5HupvXp;aX XaU'M XS.$)zDAdd the new env vars (both values and secrets) to the existing ones.z{} cannot be secret and literal)rzr{)copyset intersectionrrrrW)rzr{rr conflictsnew_envval new_secrets r/rrs]]_(%**,,,,-AB)   <CCIN OO #((*lg"  #W+.335oj  #&Z 6 EEr.cJUVs0sHo"RU_M nnUHnURU;aXCUR'M#X4RnURU5(aURVs0sHofRU_M nnURVs0sHofRU_M nnUR U5 [ UR 55URSS&MXCUR'M [ UR 55$s snfs snfs snf)zACombine the secret volumes from existing source with new volumes.N)rUrjrWrPrr r ) cur_volsnew_volsrvol_mapnew_volcur_volrd cur_items new_itemss r/rrs,4 5HS^^S H' 5g($+g  !**+g   g & &18?YY_ ?18?YY_ ?# 0 0 23 a'.""# gnn  6@?sD4DD cU[RR:Hn[R 5n[ USS5=(d [ RRn[ USS5n[R"XE5nU(a-URXa[RR:H5nUR!U5nUR#5nU$![a\ U(a;URU5nNH![a [R"SU-5ef=f[R"SU-5ef=f)zHLayer the defaults, service.yaml/app.yaml values, and cmdline overrides.rNrz4%r is unreadable as a service.yaml or app.yaml file.z(%r is unreadable as a service.yaml file.)r ReleaseTrackALPHArrrrrrPcurdirrChooseExistingServiceYamlrr$rrrrr)r release_trackservice_config_may_be_app_yamlsettings context_dirservice_config_arg yaml_files r/AssembleSettingsr0"s)$1D4E4E4K4K#K    (h-?+t%5t<..{O) *)) d&7&7&=&==?h  t $( ^^ ( /  * ' )))4(   D   I( )* * *s ,CE,C??$D##Ec[RRRR 5nU(aSR XS9nOUnUR 5nU$)zComputes a default image name.zgcr.io/{project}/{service})projectr )rVALUEScorer2Getrr)rt project_namerus r/rr@sV""''//335, ( / / 0 4E E ++-% ,r.cD[U5n[R"UUUS9$)Nr)rJrr) builder_argis_gcp_base_builders r/rrQs))+6  " " ! ##r.a. apiVersion: apps/v1 kind: Deployment metadata: name: {service} labels: service: {service} spec: replicas: 1 selector: matchLabels: app: {service} template: metadata: labels: app: {service} spec: containers: [] terminationGracePeriodSeconds: 0 zi name: {service}-container image: {image} env: - name: PORT value: "8080" ports: - containerPort: 8080 z name: {service}-readiness-probe image: gcr.io/gcp-runtimes/ubuntu_18_0_4:latest command: ["sleep"] args: ["infinity"] readinessProbe: exec: command: - "grep" - ":1F90" - "/proc/net/tcp" - "/proc/net/tcp6" periodSeconds: 1 c[R"[RUS95n[R"[RXS95nUb[ R "US5nX(S'Ub0[ R "US5n[R"U5US'Ub0[ R "US5n [R"U5U S'[ R "US[S9n U RU5 U(a8[R"[RUS95n U RU 5 Xg4$) aqCreate a deployment specification for a service. Args: service_name: Name of the service. image_name: Image tag. memory_limit: Container memory limit. cpu_limit: Container cpu limit. cpu_request: Container cpu request. readiness_probe: If true, add a readiness probe. Returns: Dictionary object representing the deployment yaml, and the main container. r )r ru)rrr~r)rrequestsrrrr constructor) rload _POD_TEMPLATEr_CONTAINER_TEMPLATEr GetOrCreatesix text_typer rZ#_READINESS_PROBE_CONTAINER_TEMPLATE) rtr memory_limit cpu_limit cpu_requestr deploymentrrr;rreadiness_containers r/_CreateDeploymentrKs&yy--l-CD*ii   HJ)  $ $Y0G HF#8  $ $Y0G HFMM),F5M&&y2KLHmmK0HUO&&<$P* I))+22<2HJ)*  r.z apiVersion: v1 kind: Service metadata: name: {service} spec: type: LoadBalancer selector: app: {service} ports: - protocol: TCP port: 8080 targetPort: 8080 cT[RUS9n[R"U5$)zCreate a service specification. Args: service_name: Name of the service. Returns: Dictionary objects representing the service yaml. r )_SERVICE_TEMPLATErrr?)rt yaml_texts r/ CreateServicerOs& &&|&<) 9 r.c^[R"US[S9n/n[UR 55H_upE[ R "[U5(d'UR[R"U55 MLURXES.5 Ma U(a[SU-5eg)zAdd environment variable settings to a container. Args: container: (dict) Container to edit. env_vars: (dict) Key value environment variable pairs. rr=r4rzCEnvironment variable name must be a C_IDENTIFIER. Invalid names: %rN) rrBr sortedrWrematch _C_IDENTIFIERrZrC ensure_strr)rrzenv_list invalid_keysrOrs r/_AddEnvironmentVariablesrZs $ $Yd K(,8>>+,jc 88M3 ' '#..-. OOS12 -  )+78 99r.c[R"US[S9n[UR 55H2up4UR USUR URS.0S.5 M4 g)zAdd environment variables from secrets to a container. Args: container: (dict) Container to edit. env_vars_secrets: (dict) Key value environment variable pairs. Values are dict with key/name keys in them. rQr=r)r4rO)r4rN)rrBr rSrWrZr4rO)rr{rXrOrs r/_AddSecretEnvironmentVariablesr\sb $ $Yd K(+1134jc OO  yy 5r.cT[U5nSRXS9n[U5n[U5(aU(d[ SU-5eU$U(dT[ U5n[ SUU5 SnSRU5n[R"XVS9(a[USU-S 5 U$) zCreates a service account for local development. Args: service_account_email: Email of the service account. Returns: The resource name of the service account. z,projects/{project}/serviceAccounts/{account})r2accountz9%s cannot be created because it is a service account namez,Serverless Local Development Service AccountzoThe project editor role allows the service account to create, delete, and modify most resources in the project.zAdd project editor role to {}?r prompt_stringzserviceAccount:z roles/editor) _GetServiceAccountProjectr_ServiceAccountExists_IsReservedServiceAccountNamer_GetServiceAccountId_CreateAccountrPromptContinue _AddBinding)service_account_email project_idrexists account_idpermission_msgr`s r/CreateDevelopmentServiceAccountrms))>?*GNNO9 !!5 6&"#899  &(=> ??"! %&;[^@]+)@(?P[^\.]+).iam.gserviceaccount.comz=(?P[^\.]+).google.com@appspot.gserviceaccount.comz=(?P\d+)-compute@developer.gserviceaccount.comc>[RU5nU(aURS5$[RU5nU(aURS5$[RU5nU(a[ URS55$[ US-5e)zGet the project id from a service account email. Args: service_account_email: (str) Email address of service account. Returns: The project id of the project to which the service account belongs. r2riproject_number' is not a valid service account address)_PROJECT_SERVICE_ACCOUNT_RErUgroup_APPENGINE_SERVICE_ACCOUNT_COMPUTE_SERVICE_ACCOUNT_ProjectNumberToIdrrhmatchers r/rara3s ( - -.C D' == ## & , ,-B C' == && $ * *+@ A' gmm,<= >>(<= >>r.z&(?P[^@]+)@.*\.gserviceaccount\.comcx[RU5nU(d[US-5eURS5$)Nrpid)_SERVICE_ACCOUNT_RErUrrrrvs r/rdrdOs?  % %&; <'  *>? @@ t r.c[R"SS5n[RUS9nURR U5n[ R"UR5$)zCoverts project number to project id. Args: project_number: (str) The project number as a string. Returns: The project id. r!r ) projectId) r GetClientInstanceCRM_MESSAGE_MODULE&CloudresourcemanagerProjectsGetRequestprojectsr5rC ensure_textr|)roresource_managerreqr2s r/ruruWs\++,BDIAA B #  % % ) )# .' ** ++r.cd[RU5=(d [RU5$r;)rsrUrt)rhs r/rcrcgs, $ * *+@ A @ " ( ()> ?Ar.c[R"SS5n[RUS9nURR U5 g![ Ra gf=f)zTests if service account email. Args: service_account_name: (str) Service account resource name. Returns: True if the service account exists. rr r3TF)r r}IAM_MESSAGE_MODULE$IamProjectsServiceAccountsGetRequestprojects_serviceAccountsr5apitools_exceptionsHttpNotFoundError)rr requests r/rbrblsc  " "5$ /' EE !F#G $$((1   . . s.AAAc[R"SS5n[RUS9n[R XS9nUR R [RSU-US95 g![Ra gf=f)zCreate an account if it does not already exist. Args: display_name: (str) Display name. account_id: (str) User account id. project: (str) Project name. rr ) displayName) accountIdserviceAccountr)r4createServiceAccountRequestN) r r}rServiceAccountCreateServiceAccountRequestrCreate'IamProjectsServiceAccountsCreateRequestrHttpConflictError) display_namerkr2r service_account_msgrs r/reres  " "5$ /'  ,;; <" <<=BG $$++BBw&G C MN  . .  sAA00BBc[R"SS5nURR[R US95n[ R"XAU5(dg[ R"[RXAU5 [RU[RUS9S9nURRU5 gg)ziAdds a binding. Args: project: (str) Project name. account: (str) User account. role: (str) Role. r!r )resource)policy)rsetIamPolicyRequestN) r r}r GetIamPolicyr~/CloudresourcemanagerProjectsGetIamPolicyRequestrBindingInPolicyAddBindingToIamPolicyBinding/CloudresourcemanagerProjectsSetIamPolicyRequestSetIamPolicyRequest SetIamPolicy)r2r^role crm_clientrrs r/rgrgs%%&  $ $,$!r.rc\rSrSrSrSrSrg) SecretInfoiz%Information about a generated secret.c`SUlSURRSS5-S-Ulg)Nzlocal-development-credential/etc/rrz'/local_development_service_account.json)rVrrPrs r/rSecretInfo.__init__s15D4++33C==:;DIr.)rPrVN)r(r)r*r+r,rr-r&r.r/rrs -J%d&:&:&*&7&7&<&< >?r.c~US[:Xag[R"US[S9nUR SSSS.5 g) zAdd volume mount to continer. This method will not modify the CloudSql proxy container. Args: container: (dict) Container yaml as a dict. r4Nrr=r /cloudsqlTr4r_readOnly)_CLOUD_PROXY_CONTAINER_NAMErrBr rZ)rhr volume_mountss r/r&CloudSqlProxyGenerator.ModifyContainerMsI77 ++$$8M r.rN) r(r)r*r+r,rrrr-r&r.r/rr9sL$ ?r.rc\rSrSrSrSrg)SecretsNotAllowedErrori`zEError thrown when the deploy is not allowed to access secret manager.r&Nr'r&r.r/rr`sMr.rc6\rSrSrSr\4SjrSrSrSr Sr g) SecretsGeneratoriez3Generate kubernetes secrets for referenced secrets.cR[RRRR 5UlXlX0l0Ul[R"[5nUR5H8upxXhRUR4RUR 5 M: UHnUR(dCXhR"UR4R[$R&R(5 MWURH6n XhR"UR4RU R 5 M8 M UR5H4uupn [*R,"U [/U 5U S9URU 'M6 X@lXPlg)N)r4versionsrT)rr3r4r2r5r6rtsecret_volumes all_secrets collections defaultdictrrWr4rTaddrOrVrSpecialVersion MOUNT_ALLrSecretManagerSecret frozensetrr) rhrt env_secretsr rrsecrets_builderrrrdrVrTrs r/rSecretsGenerator.__init__hsV #))..66::>vzzJ)! \\++V-A-ABCGG  * * 4 4 6LLD --!//1 225#dhh-! !3B2G2G2I.$h&-&A&AX&%''d{#3J N 4r.cUR(d/$UR[La/nURR5HDup#UR(aUR UR5 M3UR U5 MF SnSR U5n[R"5(a?[R"XES9(a&[RRS5 SUlUR(aUR[La [S5e[R"UR [#URR%55UR&5$)NzThis config references secrets stored in secret manager. Continuing will fetch the secret values and download the secrets to your local machine.z)Fetch secrets from secret manager for {}?r_zRYou can skip this message in the future by passing the flag --allow-secret-managerTzConfig requires secrets but access to secret manager was not allowed. Replace secrets with environment variables or allow secret manager with --allow-secret-manager to proceed.)r rrrWrTrZrr CanPromptrfrrrrr BuildSecretsr6rr r)rh requestedrOsec secrets_msgr`s r/rSecretsGenerator.CreateConfigss1    i   $55i&&,,.(#      3,, -   3  / :k 6 <  PPr.c USSUR:wagUR(dg[R"US[5nURH.n[ X#R URUR5 M0 g)Nrr4r) rtr rrBr _AddSecretVolumeByNamerVr4rW)rhrIrrs r/r!SecretsGenerator.ModifyDeploymentsr*f%):)::    %%j&M&*,G%%W&8&8&++#\\+&r.c USSRUR5:wagUR(dg[R"US[ 5nURH#n[ X#RUR5 M% g)Nr4z {}-containerr) rrtr rrBr _AddVolumeMountr4rU)rhrrrs r/r SecretsGenerator.ModifyContainershN11$2C2CDD     $ $Y0A4 HF%%fkk6+<+<=&r.)r rrr6r rtN) r(r)r*r+r,rrrrrr-r&r.r/rres!;%6 5BPB +>r.rz1.16cb[S[-S/SSSRU5-SU-/SSS ./S .$) Nz!gcr.io/cloudsql-docker/gce-proxy:z/cloud_sql_proxyz-dir=/cloudsqlz -instances=,z-credential_file=rr)r4r_)r4rucommandrr)r_CLOUD_SQL_PROXY_VERSIONjoin) instances secret_paths r/rrsP)25MM$% MCHHY,??  + "   r.zY apiVersion: v1 kind: Secret metadata: name: local-development-credential type: Opaque c[RR[R"5R [ U5S-5n[R"[RSU5n[RRU5(a[R"U5$SRUUS9n[R"USSS9 [ R""SS 5nUR$nUR'UUR)UR(R*R,S 9S 9nUR.R1U5n[R2"X'R45 [6R8"UR45$) zCreate a service account key. Args: service_account_name: Name of service acccount. Returns: The contents of the generated private key file as a string. z.jsonLOCAL_CREDENTIAL_PATHaCreating a user-managed service account key for {service_account_name}. This service account key will be the default credential pointed to by GOOGLE_APPLICATION_CREDENTIALS in the local development environment. The user is responsible for the storage,rotation, and deletion of this key. A copy of this key will be stored at {local_key_path}. Only use service accounts from a test project. Do not use service accounts from a production project.)rlocal_key_pathz Continue?T)rr` cancel_on_norr )privateKeyType)r4createServiceAccountKeyRequest)rrPr&rPathsglobal_config_dir _Utf8ToBase64rGetEncodedValueenvironrjrReadFileContentsrrrfr r}MESSAGES_MODULE+IamProjectsServiceAccountsKeysCreateRequestCreateServiceAccountKeyRequestPrivateKeyTypeValueValuesEnumTYPE_GOOGLE_CREDENTIALS_FILEprojects_serviceAccounts_keysrWriteFileContentsprivateKeyDatarCr)rdefault_credential_pathcredential_file_path warning_msgr message_modulecreate_key_requestrOs r/rrsdGGLL lln&&()G35"11"**2I2IKWW^^())  ! !"6 77?AG*>$8AGA: 4I  " "5$ /'**.@@#)7 ) )+JJ,,-I-I * KAL --445GH#.0B0BC ++ ,,r.cZ[R"[5nS[U50US'U$)zCreate a kubernetes yaml spec for a secret. Args: key: (str) The private key as a JSON string. Returns: Dictionary representing yaml dictionary. z&local_development_service_account.jsondata)rr?_SECRET_TEMPLATEr1)rO yaml_configs r/rrs1 *++. c0B+f r.c[XUS9 g)N)rV volume_name)r)rrVs r/rr s KAr.c X^[U4SjU55(agU=(d /Vs/sH+n[RURURS9PM- nnUR [ R"[RT[RXS9S955 gs snf)aAdd a secret volume to a list of volumes. Args: volumes: (list[dict]) List of volume specifications. secret_name: (str) Name of the secret. volume_name: (str) Name of the volume to add. items: (list[_SecretPath]) Optional list of SecretPaths to map on the filesystem. c32># UH oST:Hv M g7fr4Nr&).0rrGs r/ )_AddSecretVolumeByName../s=W6; &WsNrN)r[rW)r4r) anyr KeyToPathrOrPrZr MessageToDictVolumeSecretVolumeSource)rrVrGrWsecpath items_lsts ` r/rr%s =W=== krk!'## ',,#G!  ..##  $ $(;;(<; % <=> s2B'c @[UUSURSS5-S9 g)zAdd a secret volume mount. Args: mounts: (list[dict]) List of volume mount dictionaries. secret_name: (str) Name of the secret. rrr) mount_namerUN)r r)rrVs r/rr=s' ;..sC88:r.c^[U4SjU55(ag[RTUSS9nUR[R "U55 g)Nc34># UH nTUS:Hv M g7frJr&)rKr`rVs r/rL"_AddVolumeMount..Ks9&uV} $&sTr)rNr VolumeMountrZrrP)rrVrUr`s ` r/r r JsJ9&999  ) ) d * <%----e45r.cHSSU5;aURSUS.5 gg)a*Adds a environmental variable that points to the secret file. Add a environment varible where GOOGLE_APPLICATION_CREDENTIALS is the name and the path to the secret file is the value. Args: envs: (list[dict]) List of dictionaries with a name entry and value entry. path: (str) Path to secret. GOOGLE_APPLICATION_CREDENTIALSc3*# UH oSv M g7frJr&)rKrs r/rL#_AddSecretEnvVar..\s-JTc&kTsrRN)rZ)rrPs r/rrRs*&-JT-JJKK9DIJKr.c~[R"[R"[R"U555$)z*Encode a utf-8 string as a base 64 string.)rCrbase64 b64encode ensure_binary)ss r/r1r1`s' ))#*;*;A*>? @@r.cURSS5R5n[[R"55nUSS[ U5- U-nSnX:waUnX4$)Nrr)rrrrrr)r4new_nameumappeds r/r^r^es] \\#s # ) ) +( $**,! msSV| $q (( &  F  r.)NNNFr;)yr, __future__rrrrr`r rros.pathrTrapitools.base.pyrrrgooglecloudsdk.api_lib.appr rgooglecloudsdk.api_lib.runr r rgooglecloudsdk.api_lib.utilr rrgooglecloudsdk.calliopergooglecloudsdk.command_lib.authrgooglecloudsdk.command_lib.coderrrrrgooglecloudsdk.command_lib.iamrgooglecloudsdk.command_lib.runrgooglecloudsdk.corerrrrgooglecloudsdk.core.consolergooglecloudsdk.core.utilrrrCGetMessagesModulerr~rrHrVobjectr TypeErrorr$ DataObjectr1r8rFrJrLrRrnrrrrr0rrr@rArErKrMrOrZr\rmcompilerqrsrtrarzrdrurcrbrergrrrrrrrrrrrr%rrDrrrrrr rr1r^r&r.r/r|sC&%'   ,>N9=,A(5426373:&*#*$2-* ++E48++,BDI,,UD98+ H6)6J11 **?*?  F ,*''*1J))*1Z +J)) +x(z$$x(v F6 &<"# * '#$$( $"&&+ (V  9&*%T!jj@B  ZZDF ::DF>2jj!JK , A & ,*.!&!H%!/%!P<< 2.---<0$0$NZ-- [>*[>|"  .-b  A >0 :6 KA r.