HSrSSKJr SSKJr SSKJr SSKrSSKrSSKrSSKJ r SSKJ r SSKJ r SS K J r SS K Jr SS KJr S r/S QrSSjrSrSrS\ R,R.4SjrSrSrSSjrSrSrSrSrg)z;Flags and helpers for the compute instance groups commands.)absolute_import)division)unicode_literalsN) arg_parsers)base) exceptions) completers)flags)service_proxy_aux_dataz table( name, properties.machineType.machine_type(), properties.scheduling.preemptible.yesno(yes=true, no=''), creationTimestamp ))zattach-read-onlyblank custom-imagezdo-not-includez source-imagezsource-image-familyFcd[R"S[RUSU(aSS9$SS9$)Nzinstance templatezcompute.instanceTemplateszcompute.regionInstanceTemplates) resource_name completerpluralglobal_collectionregional_collection)r ResourceArgumentr InstanceTemplatesCompleter)rinclude_regionals Blib/googlecloudsdk/command_lib/compute/instance_templates/flags.pyMakeInstanceTemplateArgr2s>   '55 3.=  ;; 59  ;;c P[R"SS[RSSSS9$)N--source-instanceinstanceFzcompute.instanceszPThe name of the source instance that the instance template will be created from.)namerrrequiredzonal_collection short_help)r rr InstancesCompleterrrMakeSourceInstanceArgr#<s/    --**  ,,rc URS[R"[R"5[[[S.S9SSSR SR [55S9 g) N--configure-disk)z auto-delete device-nameinstantiate-fromr )speczPROPERTY=VALUEappenda/ This option has effect only when used with `--source-instance`. It allows you to override how the source-instance's disks are defined in the template. *device-name*::: Name of the device for which the configuration is being overridden. *auto-delete*::: If `true`, this persistent disk will be automatically deleted when the instance is deleted. However, if the disk is detached from the instance, this option won't apply. If not provided, the setting is copied from the source instance. Allowed values of the flag are: `false`, `no`, `true`, and `yes`. *instantiate-from*::: Specifies whether to include the disk and which image to use. Valid values are: {} *custom-image*::: The custom image to use if custom-image is specified for instantiate-from. z, )typemetavaractionhelp) add_argumentrArgDict ArgBooleanstrformatjoin_INSTANTIATE_FROM_VALUES)parsers rAddConfigureDiskArgsr6Gsc   (335 "%!     & tyy123=rc &URUS9nS[[[R[[S.n[ R "S5nU[RR:Xa1URS[S.5 U[ R "S5- nU[RR:XdU[RR:XaEURS[[[[[S.5 U[ R "S5- nURS [R"US S /S 9UUS 9 URSS[R"5USS9 URSSS SS9 URS[S SS 9 g)zBAdds service proxy configuration arguments for instance templates.hiddenN)enabled serving-ports proxy-porttracingz access-lognetworka Controls whether the Traffic Director service proxy (Envoy) and agent are installed and configured on the VM. "cloud-platform" scope is enabled automatically to allow connections to the Traffic Director API. Do not use the --no-scopes flag. *enabled*::: If specified, the service-proxy software will be installed when the instance is created. The instance is configured to work with Traffic Director. *serving-ports*::: Semi-colon-separated (;) list of the ports, specified inside quotation marks ("), on which the customer's application/workload is serving. For example: serving-ports="80;8080" The service proxy will intercept inbound traffic, then forward it to the specified serving port(s) on localhost. If not provided, no incoming traffic is intercepted. *proxy-port*::: The port on which the service proxy listens. The VM intercepts traffic and redirects it to this port to be handled by the service proxy. If omitted, the default value is '15001'. *tracing*::: Enables the service proxy to generate distributed tracing information. If set to ON, the service proxy's control plane generates a configuration that enables request ID-based tracing. For more information, refer to the `generate_request_id` documentation for the Envoy proxy. Allowed values are `ON` and `OFF`. *access-log*::: The filepath for access logs sent to the service proxy by the control plane. All incoming and outgoing requests are recorded in this file. For more information, refer to the file access log documentation for the Envoy proxy. *network*::: The name of a valid VPC network. The Google Cloud Platform VPC network used by the service proxy's control plane to generate dynamic configuration for the service proxy. )z intercept-dnssourcea< *intercept-dns*::: Enables interception of UDP traffic by the service proxy. *source*::: The Google Cloud Storage bucket location source for the Envoy. The service-proxy-agent will download the archive from Envoy and install it on the virtual machine, unpacking it into the root (/) directory of the virtual machine. Therefore, the archive must contain not only the executable and license files but they must be located in the correct directories within the archive. For example: /usr/local/bin/envoy and /usr/local/doc/envoy-LICENSE )intercept-all-outbound-trafficexclude-outbound-ip-rangesexclude-outbound-port-rangesscopemeshzproject-numbera *intercept-all-outbound-traffic*::: Enables interception of all outgoing traffic. The traffic is intercepted by the service proxy and then redirected to external host. *exclude-outbound-ip-ranges*::: Semi-colon-separated (;) list of the IPs or CIDRs, specified inside quotation marks ("), that should be excluded from redirection. Only applies when `intercept-all-outbound-traffic` flag is set. For example: exclude-outbound-ip-ranges="8.8.8.8;129.168.10.0/24" *exclude-outbound-port-ranges*::: Semi-colon-separated (;) list of the ports or port ranges, specified inside quotation marks ("), that should be excluded from redirection. Only applies when `intercept-all-outbound-traffic` flag is set. For example: exclude-outbound-port-ranges="81;8080-8090" *scope*::: Scope defines a logical configuration boundary for a Gateway resource. On VM boot up, the service proxy reaches the Traffic Director to retrieve routing information that corresponds to the routes attached to the gateway with this scope name. When scope is specified, the network value is ignored. You cannot specify `scope` and `mesh` values at the same time. *mesh*::: Mesh defines a logical configuration boundary for a Mesh resource. On VM boot up, the service proxy reaches the Traffic Director to retrieve routing information that corresponds to the routes attached to the mesh with this mesh name. When mesh is specified, the network value is ignored. You cannot specify `scope` and `mesh` values at the same time. *project-number*::: Project number defines the project where Mesh and Gateway resources are created. If not specified, the project where the instance exists is used. --service-proxyTr:r(allow_key_only required_keysr*r9r-z--service-proxy-labelszKEY=VALUE, ...ag Labels that you can apply to your service proxy. These will be reflected in your Envoy proxy's bootstrap metadata. These can be any `key=value` pairs that you want to set as proxy metadata (for example, for use with config filtering). You might use these flags for application and version labels: `app=review` and/or `version=canary`. )r+r*r9r-z--service-proxy-agent-locationLOCATIONza GCS bucket location of service-proxy-agent. Mainly used for testing and development. )r+r9r-z--service-proxy-xds-versionz> xDS version of the service proxy to be installed. ) add_groupr1intr TracingStatetextwrapdedentr ReleaseTrackALPHAupdateBETAr.rr/)r5hide_arguments release_trackservice_proxy_groupservice_proxy_specservice_proxy_helps rAddServiceProxyConfigArgsrYjs(((?'44  (((Td''---(// +   t((...t((---*.&)(+ (//%+% % N""   !"  % #""     #  ""&  # ""#   # rc[USS5(Ga*UR(a[R"SS5eSUR;aQ[ [ [URSRS555nUHnUS:dUS:dM[e S UR;a#URS nUS :dUS:a[eS UR;aeSUR;a[R"SS5eURS RS5nUHn[R"U5 M SUR;aSUR;a[R"SS5eURSRS5nUHenURS5n[U5S:Xa[US5 M4[U5S:Xa[US5 [US5 Ma[e SUR;a(SUR;a[R"SS5eggg![a [R"SS 5ef=f![a [R"S S 5ef=f![a [R"S S5ef=f![a [R"SS5ef=f)z:Validates the values of all --service-proxy related flags. service_proxyFrE --no-scopesr;;z;List of ports can only contain numbers between 1 and 65535.r<iz.Port value can only be between 1025 and 65535.rAr@zWexclude-outbound-ip-ranges parameters requires intercept-all-outbound-traffic to be setz)List of IPs may contain only IPs & CIDRs.rBzYexclude-outbound-port-ranges parameters requires intercept-all-outbound-traffic to be set-rzVList of port ranges can only contain numbers between 1 and 65535, i.e. "80;8080-8090".rCrDz--service-proxy:scopez--service-proxy:meshN)getattr no_scopesrConflictingArgumentsExceptionr[listmaprLsplit ValueErrorInvalidArgumentExceptionRequiredArgumentException ipaddress ip_networklenValidateSinglePort) args serving_portsport proxy_port ip_rangesip_range port_ranges port_rangeportss rValidateServiceProxyFlagsrxs T?E** ~~  4 45F5B DD$,,, K T''8>>sC DF !D AX "t)))L'' 5   U 2 !3$t'9'99 )1C1C C22 , 78 8 $$%ABHHMi( ;   x ( &););; )1C1C C22 , 78 8   ; < B B3 G#*  % - Z1_ uQx (5zQ uQx ( uQx ( $"$$$$43E3E)E  4 45L5K MM*F$U+K11  IK KKL11 JL LL ;33*9; ; ;2 -33,,- - -sC AH?H?.!I$+J 1J.+J.=J.?"I!$"J "J+."Kc>[U5nUS:dUS:a[eg)Nr^r_)rLrh)port_strrqs rrnrnXs# X$ AX rc URUS9nURS[R"[[S.SSS/S9USS 9 g ) zHAdds Anthos Service Mesh configuration arguments for instance templates.r8--mesh) gke-clusterworkloadFr}r~rFaz Controls whether the Anthos Service Mesh service proxy (Envoy) and agent are installed and configured on the VM. "cloud-platform" scope is enabled automatically to allow the service proxy to be started. Do not use the `--no-scopes` flag. *gke-cluster*::: The location/name of the GKE cluster. The location can be a zone or a region, e.g. ``us-central1-a/my-cluster''. *workload*::: The workload identifier of the VM. In a GKE cluster, it is the identifier namespace/name of the `WorkloadGroup` custom resource representing the VM workload, e.g. ``foo/my-workload''. rIN)rKr.rr/r1)r5rT mesh_groups r AddMeshArgsr_s]~6*      & 3  5  rc[USS5(aUR(a[R"SS5eSn[R "XR S5(d[e[R "XR S5(d[eg g ![a [R"SS5ef=f![a [R"SS 5ef=f) z(Validates the values of the --mesh flag.rDFr|r\z (.*)\/(.*)r}z7GKE cluster value should have the format location/name.r~z5Workload value should have the format namespace/name.N) rbrcrrdrematchrDrhri)rorgxs rValidateMeshFlagr{s T65!! ~~  4 4X} MM CE XXc99]3 4 45 O XXc99Z0 1 12" E  / /  C EEE O  / / M OOOs.B..C"C"C%c8SnSSS.nURSUSSUS9 g ) z5Helper to add --post-key-revocation-action-type flag.zuSpecifies the behavior of the instance when the KMS key of one of its attached disks is revoked. The default is noop.No operation is performed.zSThe instance is shut down when the KMS key of one of its attached disks is revoked.)noopshutdownz!--post-key-revocation-action-typePOLICYFchoicesr+rr-Nr.r5 help_text choices_texts r"AddPostKeyRevocationActionTypeArgsrs?H) '4,  )  rc8SnSSS.nURSUSSUS9 g ) z0Helper to add --key-revocation-action-type flag.zuSpecifies the behavior of the instance when the KMS key of one of its attached disks is revoked. The default is none.rzQThe instance is stopped when the KMS key of one of its attached disks is revoked.)nonestopz--key-revocation-action-typerFrNrrs rAddKeyRevocationActionTypeArgsrs?H)+",  $  rc$[USS5(a[USS5(a[R"SS5e[USS5(a[R"SS5e[USS5(aURHnS U;a[R"S S 5eUR S 5nUR S 5nU(aUS :wa[R "S S5eUS :XdMnUbMs[R "S S5e ggg)z!Validates --source-instance flag.source_instanceF machine_typerz--machine-typelabelsz--labelsconfigure_diskr&z3`--configure-disk` requires `device-name` to be setr'r r%z[Value for `instantiate-from` must be 'custom-image' if the key `custom-image` is specified.NzZValue for 'custom-image' must be specified if `instantiate-from` has value `custom-image`.)rbrrdrrjgetri)rodiskinstantiate_from custom_images rValidateSourceInstanceFlagsrs+ T$e,,t^U++  4 45H5E GGtXu%%  4 45H5? AAt%u--%%$  $44CE E 88$67xx/ ,>33 -. . ~ -,2F33 +, ,&.-r)FF)F) __doc__ __future__rrrrkrrNgooglecloudsdk.callioperrr"googlecloudsdk.command_lib.computer r 5googlecloudsdk.command_lib.compute.instance_templatesr DEFAULT_LIST_FORMATr4rr#r6rPGArYrxrnrrrrrr"rrrsB&' /(.94X ;, H.3,0,=,=,@,@Y xOMd 8O2$"!,r