դjSrSSKJr SSKJr SSKJr SSKrSSKrSSKrSSKrSSK r SSK r SSK J r SSK J r SSK Jr SS K Jr SS KJr SS KJr SS KJr SS KJr SS KJr SSKJr SSKJr SSKJr SSKJr SSKJr SSKJr SSK J!r! SSK J"r" SSK#r#Sr$Sr%Sr&/SQr'"SS\RP5r)"SS\RP5r*"SS\RP5r+"S S!\RP5r,"S"S#\RP5r-"S$S%\RP5r."S&S'\RP5r/"S(S)\RP5r0"S*S+\RP5r1SBS,jr2SBS-jr3S.r4S/r5S0r6S1r7S2r8S3r9S4r:S5r;SCS6jr5r?S:r@S;rA"S<S=\?5rBS>rCS?rDSDS@jrESArFg)EaUtilities for subcommands that need to SSH into virtual machine guests. This module provides the following things: Errors used by various SSH-based commands. Various helper functions. BaseSSHHelper: The primary purpose of the BaseSSHHelper class is to get the instance and project information, determine whether the user's SSH public key is in the metadata, determine if the SSH public key needs to be added to the instance/project metadata, and then add the key if necessary. BaseSSHCLIHelper: An additional wrapper around BaseSSHHelper that adds common flags needed by the various SSH-based commands. )absolute_import)division)unicode_literalsN) constants)metadata_utils)path_simplifier)utils)actions) arg_parsers) exceptions)ssh)log) properties) console_io)progress_tracker)encoding)times) FileReader) FileWriteri`zIhttps://cloud.google.com/compute/docs/troubleshooting/troubleshooting-sshzenable-guest-attributes)zssh-rsaz ssh-ed25519zecdsa-sha2-nistp256c\rSrSrSrSrg)UnallocatedIPAddressErrorFzYAn exception to be raised when a network interface's IP address is yet to be allocated. N__name__ __module__ __qualname____firstlineno____doc____static_attributes__r3lib/googlecloudsdk/command_lib/compute/ssh_utils.pyrrFr!rc\rSrSrSrSrg)MissingExternalIPAddressErrorMzZAn exception to be raised when a network interface does not have an external IP address. rNrrr!r"r%r%Mr#r!r%c\rSrSrSrSrg)MissingNetworkInterfaceErrorTz Network interface was not found.rNrrr!r"r(r(Ts(r!r(c0^\rSrSrSrSU4SjjrSrU=r$) CommandErrorXzAWraps ssh.CommandError, primarly for adding troubleshooting info.c>UcSR[S9n[[U]SRX5UR S9 g)Nz$See {url} for troubleshooting hints.)urlz{0} {1}) exit_code)format_TROUBLESHOOTING_URLsuperr+__init__r/)selforiginal_errormessage __class__s r"r3CommandError.__init__[sM6==">$g ,&.2 **',r!r)Nrrrrrr3r __classcell__r7s@r"r+r+XsI,,r!r+c\rSrSrSrSrg) ArgumentErrorez1Invalid combinations of, or malformed, arguments.rNrrr!r"r=r=es9r!r=c\rSrSrSrg)SetProjectMetadataErrorjrNrrrrr rr!r"r@r@jr!r@c\rSrSrSrg)SecurityKeysNotSupportedErrornrNrBrr!r"rErEnrCr!rEc\rSrSrSrg)SecurityKeysNotPresentErrorrrNrBrr!r"rHrHrrCr!rHc,^\rSrSrSrU4SjrSrU=r$) NetworkErrorvzCIndicates that an SSH connection couldn't be established right now.c,>[[U] S5 g)NzCould not SSH into the instance. It is possible that your SSH key has not propagated to the instance yet. Try running this command again. If you still cannot connect, verify that the firewall and instance are set to accept ssh traffic.)r2rKr3)r4r7s r"r3NetworkError.__init__ys ,& 23r!rr9r;s@r"rKrKvsK33r!rKc HSnUR(aURHnURnURnU(a!USR(aUs $U(dSnU(a!USR(aUs $U(dSnU(dMt[ SR UR[R"UR555e U(ag[SR UR[R"UR555e)aUReturns the network interface of the instance with an external IP address. Args: instance_resource: An instance resource object. no_raise: A boolean flag indicating whether or not to return None instead of raising. Raises: UnallocatedIPAddressError: If the instance_resource's external IP address has yet to be allocated. MissingExternalIPAddressError: If no external IP address is found for the instance_resource and no_raise is False. Returns: A network interface resource object or None if no_raise and a network interface with an external IP address does not exist. FrTzqInstance [{0}] in zone [{1}] has not been allocated an external IP address yet. Try rerunning this command later.NzInstance [{0}] in zone [{1}] does not have an external IP address, so you cannot SSH into it. To add an external IP address to the instance, use [gcloud compute instances add-access-config].) networkInterfaces accessConfigsipv6AccessConfigsnatIP externalIpv6rr0namerNamezoner%)instance_resourceno_raiseno_ipnetwork_interfaceaccess_configsipv6_access_configss r"GetExternalInterfacer^s$ %((.@@(66n-??  !  " "" "%  q ! . ." "% ' @@F!&&$$%6%;%;<A>? ?A( %DDJF  /"6"67H7M7M"NEP QQr!c[XS9nU(ax[US5(a*UR(aURSR$[US5(a+UR(aURSR $ggg)a>Returns the external IP address of the instance. Args: instance_resource: An instance resource object. no_raise: A boolean flag indicating whether or not to return None instead of raising. Raises: UnallocatedIPAddressError: If the instance_resource's external IP address has yet to be allocated. MissingExternalIPAddressError: If no external IP address is found for the instance_resource and no_raise is False. Returns: A string IPv4 address or IPv6 address if the IPv4 address does not exit or None if no_raise is True and no external IP exists. )rYrQrrRN)r^hasattrrQrSrRrT)rXrYr[s r"GetExternalIPAddressras$++<P!?33  + +  , ,Q / 5 55 #%8 9 911  0 0 3 @ @@2 : r!cUR(aURS$[SRUR[R "UR 555e)zReturns the a network interface of the instance. Args: instance_resource: An instance resource object. Raises: MissingNetworkInterfaceError: If instance has no network interfaces. Returns: A network interface resource object. rz7Instance [{0}] in zone [{1}] has no network interfaces.)rPr(r0rUrrVrW)rXs r"GetInternalInterfacercsW((  . .q 11$?FF    055 68 99r!cV[U5nUR=(d UR$)zReturns the internal IP address of the instance. Args: instance_resource: An instance resource object. Raises: ToolException: If instance has no network interfaces. Returns: A string IPv4 address or IPv6 address if there is no IPv4 address. )rc networkIP ipv6Address)rX interfaces r"GetInternalIPAddressrhs&##45)    5 5 55r!cUR(a URnOGUR(a5[R"5[R "URS9-nOg[R "U5S-nU[U54$)z?Converts flags to an ssh key expiration in datetime and micros.)secondsNNg.A)ssh_key_expirationssh_key_expire_afterrNowdatetime timedeltaGetTimeStampFromDateTimeint)args expirationexpiration_micross r"GetSSHKeyExpirationFromArgsrvss ((J   x11)) ++J 44Z@3F S*+ ++r!c/nURS5H-nUR5nU(dMURU5 M/ U$)zFReturns a list of SSH keys (without whitespace) from a metadata entry. )splitstripappend)metadata_entrykeysline line_strips r"_GetSSHKeyListFromMetadataEntryrs? $""4(dJz kk*) +r!c/n/nU(dX4$URHmnUR[R:Xa[ UR 5nM8UR[R :XdMX[ UR 5nMo X4$)amReturns the ssh-keys and legacy sshKeys metadata values. This function will return all of the SSH keys in metadata, stored in the default metadata entry ('ssh-keys') and the legacy entry ('sshKeys'). Args: metadata: An instance or project metadata object. Returns: A pair of lists containing the SSH public keys in the default and legacy metadata entries. )itemskeyrSSH_KEYS_METADATA_KEYrvalueSSH_KEYS_LEGACY_METADATA_KEY)metadatassh_keysssh_legacy_keysitems r"_GetSSHKeysFromMetadatar ss(/   $$nnd xx92220 > 000G K33    #5%&''.wsB'7 ? 9E6h?(+,)) . 5 5l CD  O 99L&22L%  0 0%23CDE  ""r!cU(aUR(dgURVs/sH/nUR[R:XdM#URPM1 nnU(dgUSR 5S:H$s snf)zHReturn true if the metadata has 'block-project-ssh-keys' set and 'true'.Frr)rrrSSH_KEYS_BLOCK_METADATA_KEYrrrs r"_MetadataHasBlockProjectSshKeysrsl x~~ ,4NNKNDI$I$II TZZN/K     ! ! #v -- Ks "A>A>c\rSrSrSrSr\S5rSrSr Sr SSjr S r S r S rS rS rSSjrSSjrSrSSjrSrg) BaseSSHHelperiaXHelper class for subcommands that need to connect to instances using SSH. Clients can call EnsureSSHKeyIsInProject() to make sure that the user's public SSH key is placed in the project metadata before proceeding. Attributes: keys: ssh.Keys, the public/private key pair. env: ssh.Environment, the current environment, used by subclasses. NcURSSSSS9 URSSR[RR5S9 g) ahArgs is called by calliope to gather arguments for this command. Please add arguments in alphabetical order except for no- or a clear- pair for that argument which can follow the argument itself. Args: parser: An argparse parser that you can use to add arguments that go on the command line after this command. Positional arguments are allowed. z--force-key-file-overwrite store_trueNa If enabled, the gcloud command-line tool will regenerate and overwrite the files associated with a broken SSH key without asking for confirmation in both interactive and non-interactive environments. If disabled, the files associated with a broken SSH key will not be regenerated and will fail in both interactive and non-interactive environments.)actiondefaulthelpz--ssh-key-filezK The path to the SSH key file. By default, this is ``{0}''. )r) add_argumentr0r KeysDEFAULT_KEY_FILEparsers r"ArgsBaseSSHHelper.ArgssV $    F388,, - /r!c[RRUR5Ul[R R 5UlURR5 g)zSets up resources to be used by concrete subclasses. Subclasses must call this in their Run() before continuing. Args: args: argparse.Namespace, arguments that this command was invoked with. Raises: ssh.CommandNotFoundError: SSH is not supported. N) r r FromFilename ssh_key_filer} EnvironmentCurrentenv RequireSSH)r4rss r"RunBaseSSHHelper.RunsD%%d&7&78DI&&(DHHHr!cURRSURRUR 5UR UR S94nURU/5S$)z2Fetch an instance based on the given instance_ref.Get)instanceprojectrWr)apitools_client instancesmessagesComputeInstancesGetRequestrVrrW MakeRequests)r4client instance_refrequests r" GetInstanceBaseSSHHelper.GetInstance sl (( 22!&&( (("" 3 G   y )! ,,r!c URURRSURR U=(d1 [ R RRRSS9S94/5S$)zReturns the project object. Args: client: The compute client. project: str, the project we are requesting or None for value from from properties Returns: The project object rTrequired)rr) rrprojectsrComputeProjectsGetRequestrVALUEScorerr)r4rrs r" GetProjectBaseSSHHelper.GetProjects     ) )5 // 3 3@$$,,00$0? 4 B C D EFG  HHr!c U(a>U(a7[UR5nUcURn[U5nU(dgURRSUR R UR5URSURS94/nURU5Sn0n UbURR Hn U R"S:XdMU R$[&;dM+U R(R+5Sn [,R."U 5n [0R2"[,R4"U 55nX:XdMXU R$'M U $![Ra(n S[R"U 5;aSnSn A NU eSn A ff=f![6[8R:4a SnNxf=f) aiGet host keys from guest attributes. Args: client: The compute client. instance_ref: The instance object. instance: The object representing the instance we are connecting to. If either project or instance is None, metadata won't be checked to determine if Guest Attributes are enabled. project: The object representing the current project. If either project or instance is None, metadata won't be checked to determine if Guest Attributes are enabled. Returns: A dictionary of host keys, with the type as the key and the host key as the value, or None if Guest Attributes is not enabled. NGetGuestAttributesz hostkeys/)rr queryPathrWrzAThe resource 'hostkeys/' of type 'Guest Attribute' was not found.hostkeysr)rrcommonInstanceMetadatarrr)ComputeInstancesGetGuestAttributesRequestrVrrWrr ToolExceptionsix text_type queryValuer namespacerSUPPORTED_HOSTKEY_TYPESrrybase64 b64decoderDecode b64encode TypeErrorbinasciiError)r4rrrrguest_attributes_enabledproject_metadatarequestsre hostkey_dictr key_value decoded_key encoded_keys r"GetHostKeysFromGuestAttributes,BaseSSHHelper.GetHostKeysFromGuestAttributes(s$G!C   " ! )"99#E $ %''11%JJ*//1)11*&++ K-./H$$X.q1hL%%++$ NNj (33jj&&(+)  **95K"//&*:*:;*GHK %%. "," 7  # # }}Q' ( *X^^, K s1E0AF/0F,F'%F''F,/G Gc/nUR5H'upVSRXV5nURU5 M) UR5 UR X4SS9nU(aB[ R RSR[U5UR55 U(a?U(d8[ R RSRUR55 UR5 g)a Writes host keys to known hosts file. Only writes keys to known hosts file if there are no existing keys for the host. Args: known_hosts: obj, known_hosts file object. host_keys: dict, dictionary of host keys. host_key_alias: str, alias for host key entries. z{0} {1}F) overwritezWriting {0} keys to {1}zExisting host keys found in {0}N) rr0r{sort AddMultiplerstatusPrintr file_pathWrite) r4 known_hosts host_keyshost_key_aliashost_key_entrieskey_typerhost_key_entrynew_keys_addeds r"WriteHostKeysToKnownHosts'BaseSSHHelper.WriteHostKeysToKnownHostsls"*  ''6nn-+ ,,E-;N jj0s#34k6K6KLN jj8{4457r!c */nURURRSURR U[ R RRRSS9S94/US9 U(a[R"U[SS9 gg) z.Sets the project metadata to the new metadata.SetCommonInstanceMetadataTr)rrrerrors_to_collectz*Could not add SSH key to project metadata: error_messageN) rrrr/ComputeProjectsSetCommonInstanceMetadataRequestrrrrrr RaiseExceptionr@)r4r new_metadataerrorss r"_SetProjectMetadata!BaseSSHHelper._SetProjectMetadatas F   # # , , ( __ L L&#**//77;;"<$M ! "   !DFr!c[R"S5 URX5 SSS5 g!,(df  g=f)zDSets the project metadata to the new metadata with progress tracker.zUpdating project ssh metadataN)rProgressTrackerr8)r4rr6s r"SetProjectMetadata BaseSSHHelper.SetProjectMetadatas,  ) )*I J v4 K J Js 2 Ac t/nURRS5SnURURRSUR R URU[RRRRSS9US94/US9 U(a[R"USS 9 g g ) z/Sets the instance metadata to the new metadata./ SetMetadataTr)rrrrWr0zCould not add SSH key to instance metadata, refer https://cloud.google.com/compute/docs/access#granting_users_ssh_access_to_vm_instances for granting users SSH access to VM instances:r2N)rWryrrrr"ComputeInstancesSetMetadataRequestrUrrrrrr RaiseToolException)r4rrr6r7rWs r"_SetInstanceMetadata"BaseSSHHelper._SetInstanceMetadatas F ==  s #B 'D   # # - -  __ ? ?"--&#**//77;;"<$ @  ! "  @r!c[R"S5 URXU5 SSS5 g!,(df  g=f)zESets the instance metadata to the new metadata with progress tracker.zUpdating instance ssh metadataN)rr;rD)r4rrr6s r"SetInstanceMetadata!BaseSSHHelper.SetInstanceMetadatas.  ) )*J K ,? L K Ks 3 Ac URR5n[URX&URXES9nXsR:gnU(aUR XU5 U$)aAEnsures that the user's public SSH key is in the instance metadata. Args: client: The compute client. user: str, the name of the user associated with the SSH key in the metadata instance: Instance, ensure the SSH key is in the metadata of this instance expiration: datetime, If not None, the point after which the key is no longer valid. legacy: If the key is not present in metadata, add it to the legacy metadata entry instead of the default entry. Returns: bool, True if the key was newly added, False if it was in the metadata already )rtr)r} GetPublicKeyrrrrG) r4rrrrtrrr6has_new_metadatas r"EnsureSSHKeyIsInInstance&BaseSSHHelper.EnsureSSHKeyIsInInstances^$'')J.8+<+<.L$'8'88 v> r!cURR5nU(dURUS5nURn[ UR X%UUS9nXv:waUR X5 gg)aEnsures that the user's public SSH key is in the project metadata. Args: client: The compute client. user: str, the name of the user associated with the SSH key in the metadata project: Project, the project SSH key will be added to expiration: datetime, If not None, the point after which the key is no longer valid. Returns: bool, True if the key was newly added, False if it was in the metadata already N)rtTF)r}rJrrrrr<)r4rrrrtrrr6s r"EnsureSSHKeyIsInProject%BaseSSHHelper.EnsureSSHKeyIsInProjectsj '')J -g66.+<L( f3  r!c[UR5upgU(aURXX5SS9nU$[UR5(aURXX55nU$UR XXE5nU$![ aA [ R"SSS9 [ R"S5 URXX55nU$f=f)aController for EnsureSSHKey* variants. Sends the key to the project metadata or instance metadata, and signals whether the key was newly added. Args: compute_client: The compute client. user: str, The user name. instance: Instance, the instance to connect to. project: Project, the project instance is in. expiration: datetime, If not None, the point after which the key is no longer valid. Returns: bool, True if the key was newly added. T)rzCould not set project metadata:)exc_infoz$Attempting to set instance metadata.)rrrLrrOr@rinfo) r4compute_clientrrrrt_rkeys_newly_addeds r"EnsureSSHKeyExists BaseSSHHelper.EnsureSSHKeyExistss^11B1BCA 66 T7C0 - )):): ; ;66 6&  877 '7 % 8 2TB 7888 (8  8s!A55AC?Cc0n[RR5nURUS'SUS'SUS'U(d"UR U5(dU(aSnOSnU(aUR XSU5 X$S'XS'SUS'U$) aReturns a dict of default `ssh-config(5)` options on the OpenSSH format. Args: host_key_alias: str, Alias of the host key in the known_hosts file. strict_host_key_checking: str or None, whether to enforce strict host key checking. If None, it will be determined by existence of host_key_alias in the known hosts file. Accepted strings are 'yes', 'ask' and 'no'. host_keys_to_add: dict, A dictionary of host keys to add to the known hosts file. Returns: Dict with OpenSSH options. UserKnownHostsFileyesIdentitiesOnlyno CheckHostIPStrictHostKeyChecking HostKeyAliasHashKnownHosts)r KnownHostsFromDefaultFiler# ContainsAliasr,)r4r'strict_host_key_checkinghost_keys_to_addconfigr%s r" GetConfigBaseSSHHelper.GetConfigEsF..002K#.#8#8F  $F  F= #  " "> 2 26F#( #'  $$ 9'? "#+>#F  Mr!)rr}rkF)rrrrrr} staticmethodrrrrrr,r8r<rDrGrLrOrWrhr rr!r"rrs  $//> -H$=ABH4F&5 6@ ',6;?)-:M^@D!%#r!rcURS[R"[RR R 5SSS9 g)Nz--verify-internal-ipTaWhether or not `gcloud` should perform an initial SSH connection to verify an instance ID is correct when connecting via its internal IP. Without this check, `gcloud` will simply connect to the internal IP of the desired instance, which may be wrong if the desired instance is in a different subnet but happens to share the same internal IP as an instance in the current subnet. Defaults to True.)rhiddenr)rr StoreBooleanPropertyrrr verify_internal_iprs r"AddVerifyInternalIpArgrpksC  ) )      2 24  =  >r!cUR5nSnURSUSS9 URS[R"SS9SS9 g ) z-Additional flags to handle expiring SSH keys.c[RRU5nU[R"5:a%[R "SR U55eU$)z4Parses a string value into a future Datetime object.z$Date/time must be in the future: {0})r DatetimeParserrnArgumentTypeErrorr0)sdts r"ParseFutureDatetime4AddSSHKeyExpirationArgs..ParseFutureDatetime}sL    # #A &B EIIK  ) ) 0 7 7 : << Ir!z--ssh-key-expirationz The time when the ssh key will be valid until, such as "2017-08-29T18:52:51.142Z." This is only valid if the instance is not using OS Login. See $ gcloud topic datetimes for information on time formats. )typerz--ssh-key-expire-after1s) lower_boundz The maximum length of time an SSH key is valid for once created and installed, e.g. 2m for 2 minutes. See $ gcloud topic datetimes for information on duration formats. N)add_mutually_exclusive_grouprr Duration)rgrouprxs r"AddSSHKeyExpirationArgsrys`  - - /%      D 1  r!cN^\rSrSrSr\U4Sj5rU4SjrSSjrSr U=r $)BaseSSHCLIHelperiz1Helper class for subcommands that use ssh or scp.c>[[[] U5 URSSSS9 URSSSS9 URS/SQS S 9 [ U5 g ) aiArgs is called by calliope to gather arguments for this command. Please add arguments in alphabetical order except for no- or a clear- pair for that argument which can follow the argument itself. Args: parser: An argparse parser that you can use to add arguments that go on the command line after this command. Positional arguments are allowed. z --dry-runrzZPrint the equivalent scp/ssh command that would be run to stdout, instead of executing it.)rrz--plainz Suppress the automatic addition of *ssh(1)*/*scp(1)* flags. This flag is useful if you want to take care of authentication yourself or use specific ssh/scp features. z--strict-host-key-checking)r[r]aska Override the default behavior of StrictHostKeyChecking for the connection. By default, StrictHostKeyChecking is set to 'no' the first time you connect to an instance, and will be set to 'yes' for all subsequent connections. )choicesrN)r2rrrr)rr7s r"rBaseSSHCLIHelper.Argss~ ,26: 13     $$  F#r!c>[[U] U5 UR(d%URR UR SS9 gg)NT)allow_passphrase)r2rrplainr}EnsureKeysExistforce_key_file_overwrite)r4rsr7s r"rBaseSSHCLIHelper.RunsA D%d+ :: ii = =15 7 r!cURS5S:Xa[R"S5 g[RR R R5(d0[R"SRUR55 gSnSRXa5/n[ R"X#XGS9n[[R5n [[R5n [[R5n UR!UR"UU U U S 9n U S :XagU S :Xa/[$R&"S RUR55e[ R("XS 9e)aTVerify the instance's identity by connecting and running a command. Args: instance_id: str, id of the compute instance. remote: ssh.Remote, remote to connect to. identity_file: str, optional key file. options: dict, optional ssh options. putty_force_connect: bool, whether to inject 'y' into the prompts for `plink`, which is insecure and not recommended. It serves legacy compatibility purposes for existing usages only; DO NOT SET THIS IN NEW CODE. Raises: ssh.CommandError: The ssh command failed. core_exceptions.NetworkIssueError: The instance id does not match. r_r[zGSkipping internal IP verification in favor of strict host key checking.NzSkipping internal IP verification connection and connecting to [{}] in the current subnet. This may be the wrong host if the instance is in a different subnet!z>http://metadata.google.internal/computeMetadata/v1/instance/idz?[ `curl "{}" -H "Metadata-Flavor: Google" -q` = {} ] || exit 23) identity_fileoptionsremote_command)putty_force_connectexplicit_output_fileexplicit_error_fileexplicit_input_filerzQEstablished connection with host {} but was unable to confirm ID of the instance.) return_code)getrrrrr roGetBoolrr0host SSHCommandrosdevnullrrrcore_exceptionsNetworkIssueErrorr+) r4 instance_idremoterrrmetadata_id_urlrcmdnull_innull_outnull_errrs r"PreliminarilyVerifyInstance,BaseSSHCLIHelper.PreliminarilyVerifyInstancesG${{*+u4 ii !    3 3 ; ; = = kk &&,fV[[&9;  I J  -/N ..!( IC$G"**%H"**%H'' /%$# %K a    - - ((.v{{(; ==   3 88r!rrj) rrrrrrkrrrr r:r;s@r"rrs/9&$&$P7@E8989r!rc8SRUR5$)Nz compute.{0})r0id)rs r"r`r`s   hkk **r!cURS5n[U5S:Xa[R"SS9nUSnX#4$[U5S:XaU$[ SR U55e)z6Returns pair consiting of user name and instance name.@T)warn_on_account_userrrz>Expected argument of the form [USER@]INSTANCE; received [{0}].)ryrr GetDefaultSshUsernamer=r0) user_hostpartsrrs r"GetUserAndInstancer sf //# %Z1_  $ $$ ?DQxH >Z1_ LF vi r!cUUUUU[S.nU(a[R"U5US'[R"S0UD6$)z"Creates and returns an SSH poller.)rrriap_tunnel_args extra_flags max_wait_msportr)SSH_KEY_PROPAGATION_TIMEOUT_MSrrr SSHPoller)rrrrrrssh_poller_argss r"CreateSSHPollerrsH &&3 '(7$/$B D/ !mmD1OF  ) ))r!cUR(dgUR(d [S5eUR(agURc[R "S5 gUR S:Xa [S5e[S5e)aCheck the OS Login security key state and take approprate action. If OS Login security keys are not enabled, continue. When security keys are enabled: - if no security keys are configured in the user's account, show an error. - if the local SSH client doesn't support them, show an error. - if the user is using Putty, show an error. - if we cannnot determine if the local client supports security keys, show a warning and continue. Args: oslogin_state: An OsloginState object. Raises: SecurityKeysNotPresentError: If no security keys are registered in the user's account. SecurityKeysNotSupportedError: If the user's SSH client does not support security keys. Returns: None if no errors are raised. NzeInstance requires security key for connection, but no security keys are registered in Google account.zInstance requires security key for connection, but cannot determine if the SSH client supports security keys. The connection may fail.puttyzuInstance requires security key for connection, but security keys are not supported on Windows using the PuTTY client.zInstance requires security key for connection, but security keys are not supported by the installed SSH version. OpenSSH 8.4 or higher is required.)security_keys_enabled security_keysrHssh_security_key_supportrr environmentrE) oslogin_states r"ConfirmSecurityKeyStatusr*s0  , ,   $ $ % , -- ++ ++3KK'( ') ' ? @@ & r!rj)NFrk)Gr __future__rrrr rrrorrgooglecloudsdk.api_lib.computerrrr googlecloudsdk.callioper r r #googlecloudsdk.command_lib.util.sshr googlecloudsdk.corerrrgooglecloudsdk.core.consolerrgooglecloudsdk.core.utilrrgooglecloudsdk.core.util.filesrrrrr1rr rrr%r(r+r=r@rErHrKr^rarcrhrvrrrrrrrobjectrrprrr`rrrrr!r"rs ''  49:0+/.3=#*28-*55 "+P!:K 5 5O$9$9)?#8#8) ,?(( ,O)) o33O$9$9/"7"73?((3/QdA89( 6 , #8.&5<.d9>2"j.]F]@ > >j9}j9Z+ ,0*&9r!