T|SrSSKJr SSKJr SSKJr SSKrSSKJr SSK J r SSK J r SS K J r S rS rS rS rg)zUtilities necessary to augment images statuses with org policy. AugmentImagesStatus function in this module call OrgPolicy and augment images status if the policy requires it. )absolute_import)division)unicode_literalsN) exceptions) org_policies)log) resourcesc## [R"[U55n/n[X5nUbVUHOnUSS:waUv M[ UUR US5R XC5(aUv MFSUS'Uv MQ O UHnUv M U=(d /Hn[R"U5 M g7f)aSets images status to 'BLOCKED_BY_POLICY' as specified by OrgPolicy. Get OrgPolicy for the project and set images status to BLOCKED_BY_POLICY if the policy exists and blocks the image. If no policy exists, all images are allowed. NOTE: This function sends requests to OrgPolicy API. Args: resource_registry: resources.Registry, Resource registry project_id: str, Project in which image will be used images: Iterable[Dict], The images (in dict form) to set the status on Yields: Images (in dict form) with status set to BLOCKED_BY_POLICY as specified by OrgPolicy. Raises: exceptions.GetPolicyError if OrgPolicy call failed or returned malformed data. NstatusREADYselfLinkBLOCKED_BY_POLICY) copydeepcopylist_GetPolicyNoThrow _IsAllowedParseprojectrinfo)resource_registry project_idimageserrors_collectedpolicyimageerrors 7lib/googlecloudsdk/command_lib/compute/images/policy.pyAugmentImagesStatusr!s4 ==f && Z :&  xG # ''--eJ.?@HH 0 0 -h  k %2%eHHUO&sBc[R"5nURUUR[R"S5S9S9n[R "5nUR RU5nUR$)z*Get effective org policy of given project.zcompute.trustedImageProjects) constraint) projectsIdgetEffectiveOrgPolicyRequest) rOrgPoliciesMessages8CloudresourcemanagerProjectsGetEffectiveOrgPolicyRequestGetEffectiveOrgPolicyRequestFormatConstraintOrgPoliciesClientprojectsGetEffectiveOrgPolicy listPolicy)rmessagesrequestclientresponses r _GetPolicyr0_s  - - /(  M M#+#H#H!22,.$I$/ N 0'  ) ) +& __ 2 27 ;(   c~[U5$![RanURU5 SnAgSnAff=f)z7Call GetPolicy and handle possible errors from backend.N)r0apitools_exceptions HttpErrorappend)rerrors_to_propagatees rrros; j !!  & &q!  s <7<cURURRLagURURRLagSnUR(dSnURHnUR US5 M UR USS9R5UR;aSnSnURHnUR US5 M UR USS9R5UR;aSnU=(a U(+$![RanURU5 SnSnANSnAff=f![RanSnURU5 SnANpSnAff=f)z,Decides if project is allowed within policy.TFzcompute.projects) collectionN) allValuesAllValuesValueValuesEnumALLOWDENY allowedValuesParseRelativeNamer RelativeNamer InvalidResourceExceptionr5 deniedValues)rrrr6 is_allowedproject_recordr7 is_denieds rrr|sw 88>>>  6::??? *   J  ..)).:LM/ %  ''3|~9M9M Nj)  --)).:LM. %  ''3|~9L9L Mi  %I %1  + +q!J   + +"Iq!!"s0%D5%E E ,EE  E= E88E=)__doc__ __future__rrrrapitools.base.pyrr3'googlecloudsdk.api_lib.resource_managerrgooglecloudsdk.corerr rr0rrr1rrLs9 '' >@#);|  )&r1