'SrSSKJr SSKJr SSKJr SSKJr SSKJr SSK J r SSK J r SS K Jr S rS rSS jrS rSSjrSrSSjrSrSSjrSrSrSrSrSrSrSrSr g) z!Flags for binauthz command group.)absolute_import)division)unicode_literals)concepts) arg_parsers)flags)concept_parsers)presentation_specsc |[R"SS[R"SSS9[R"SSS9S9$)Nz containeranalysis.projects.notesnoteprojectz2The Container Analysis project for the {resource}.name help_textz2The Container Analysis Note ID for the {resource}.) resource_name projectsIdnotesId)r ResourceSpec ResourceParameterAttributeConfig:lib/googlecloudsdk/command_lib/container/binauthz/flags.py_GetNoteResourceSpecrsE   (::H77H  rcU(a URSS5R5$SURSS5R5-$)N-_z--)replaceupperlower) base_name positionals r_FormatArgNamer"+sB   S# & , , .. )##C-335 55rcSnU(dS[SRU5U50n[R"[X5[ 5UUUS9$)z=Construct a resource spec for a Container Analysis note flag.Nr {}-projectr concept_spec group_helprequiredflag_name_overrides)r"formatpresentation_specs_libResourcePresentationSpecrr'r r(r!use_global_project_flagflag_overridess rGetNotePresentationSpecr02sV. >,"5"5i"@*MN 8 8 ) 0')(  rc r[R"SS[R[R"SSS9S9$)Nz&binaryauthorization.projects.attestorsattestorrThe ID of the {resource}.r)rr attestorsIdrr DEFAULT_PROJECT_ATTRIBUTE_CONFIGrrrr_GetAttestorResourceSpecr7Hs8   .::;;/  rcSnU(dS[SRU5U50n[R"[X5[ 5UUUS9$)z/Construct a resource spec for an attestor flag.Nr r$r%)r"r*r+r,r7r-s rGetAttestorPresentationSpecr9TsV. >,"5"5i"@*MN 8 8 ) 0+-(  rc [R"[RS[R[R "SSS9[R "SSS9[R "SSS9[R "S S S9S 9$) NCryptoKeyVersionlocationzThe location of the {resource}.rkeyringzThe keyring of the {resource}.keyzThe key of the {resource}.versionz"The key version of the {resource}.)rr locationsId keyRingsId cryptoKeysIdcryptoKeyVersionsId)rr kms_flagsCRYPTO_KEY_VERSION_COLLECTIONr6rrrr _GetCryptoKeyVersionResourceSpecrFjs   --&::;;5::4<<0#CC8! rc SnU(dS[SRU5U50n[R"[X5[ 5UUU(+US9$)z6Construct a resource spec for a CryptoKeyVersion flag.Nr r$)rr&r'r(prefixesr))r"r*r+r,rFr-s r#GetCryptoKeyVersionPresentationSpecrIs\. >,"5"5i"@*MN 8 8 ) 035**(  rcN[R"U5RU5 g)N)r ConceptParser AddToParser)parserr s r AddConceptsrNs 23??Grc0URSU[SS9 g)Nz--artifact-urlzuContainer URL. May be in the `gcr.io/repository/image` format, or may optionally contain the `http` or `https` schemer(typehelp) add_argumentstr)rMr(s rAddArtifactUrlFlagrUs$  D rc t[R"SSS[R[R"SSS9S9$)Nz&binaryauthorization.projects.platformsplatformv1z The platform.r)r api_versionr platformsIdr5rrr_GetPlatformResourceSpecr[s:   .::;;_  rc[RRS[5SR U5SS9R U5 g)zAdd a resource argument for a platform (containing platform policies). Args: parser: the parser for the command. verb: str, the verb to describe the resource, such as 'to list'. (No other values besides 'to list' are expected.) platform_resource_namezThe platform whose policies {}.Tr(N)r rK ForResourcer[r*rLrMverbs rAddPlatformResourceArgrbsC++ '..t4 , Krc [R"SSS[R[R"SSS9[R"SSS9S9$) Nz/binaryauthorization.projects.platforms.policiespolicyrXrWzbThe platform that the {resource} belongs to. PLATFORM must be one of the following: cloudRun, gke.rr3)rrYrrZpolicyIdr5rrr_GetPlatformPolicyResourceSpecrfsT   7::;;F88#> rc[RRS[5SR U5SS9R U5 g)zAdd a resource argument for a policy. Args: parser: the parser for the command. verb: str, the verb to describe the resource, such as 'to update'. policy_resource_namez#The resource name of the policy {}.Tr^N)r rKr_rfr*rLr`s rAddPlatformPolicyResourceArgrisC++$&+2248 , KrcURSSS9nURSS[RSS9 URSSSS S 9 g ) z>Adds a resource argument from file or from one or more images.Tmutexr(z --resourceFzEThe JSON or YAML file containing the Kubernetes resource to evaluate.rPz--imageappendzThe image to evaluate. If the policy being evaluated has scoped checksets, this mode of evaluation will always use the default (unscoped) checkset.)r(actionrRN) add_grouprSrResourceFileName)rMevaluation_unit_groups rAddEvaluationUnitArgrrsb ***E$$  ' '  %$$  " % rc(URSSSSS9 g)z"Adds a --no-upload flag to parser.z --no-upload store_trueFzDo not upload the generated attestations to the image registry (using Sigstore tag conventions). Note, attestations are never uploaded to the transparency log.)rndefaultrRNrSrMs rAddNoUploadArgrxs#  /  rc$URSSS9 g)z(Adds the output file argument to parser.z --output-filezIf a resource is provided and deemed to be conformant, attestations will be added as annotations on the resource and writen back to this file path in the same format as the input file.)rRNrvrws rAddOutputFileArgrzs BrclURSSS9nURSSSSSS9 URSSSS 9 g ) z%Adds the docker creds args to parser.Frkz--use-docker-credsrtaWWhether to use the configuration file where Docker saves authentication credentials when uploading attestations to the registry. If this flag is not passed, or valid credentials are not found, an OAuth2 token for the active gcloud account is used. See https://cloud.google.com/artifact-registry/docs/docker/authentication for more information.)r(rnrurRz--docker-config-dirzOverride the directory where the Docker configuration file is searched for. Credentials are pulled from the config.json file under this directory. Defaults to $HOME/.docker.)r(rRN)rorS)rMdocker_args_groups rAddDockerCredsArgsr}s\&&UU&C    # !    > !rN)r TTF)r2TTT) keyversionTTT)T)!__doc__ __future__rrr googlecloudsdk.calliope.conceptsr-googlecloudsdk.command_lib.container.binauthzrgooglecloudsdk.command_lib.kmsrrD(googlecloudsdk.command_lib.util.conceptsr r r+rr"r0r7r9rFrIrNrUr[rbrfrirrrxrzr}rrrrs(&'5E=Da 6 ! ,   ,4  .H  (& 0  r