G6SrSSKJr SSKJr SSKJr SSKrSSKJrJr SSK J r SSK J r SS K J r SS KJr SS KJr SS KJr SS KJr SSKJr SSKJr SSKJr SSKJr SSKJr SSKJr \R<"SSSSS9rSr Sr!"SS5r""SS5r#g)z)Functions to add flags in fleet commands.)absolute_import)division)unicode_literalsN)IteratorList)messages)types)util) arg_parsers)base) exceptions)parser_arguments)parser_extensions)concepts)errors) arg_utils)concept_parsers) resourcesz--all-memberships store_constTzAll memberships in the fleet.)actionconsthelpz8projects/([^/]+)/platforms/gke/policies/([a-zA-Z0-9_-]+)z1Cannot specify --{opt} without --{prerequisite}. c\rSrSrSrS\R 4Sjr\S5r \S\ \ 4Sj5r \S\ 4Sj5r \S\R4S j5rS rS rS rS \R 4SjrS\R 4SjrS\R 4SjrS \R 4SjrS\R 4SjrS\R 4SjrS \R 4SjrSrSrSrSrSrg) FleetFlags;z'Add flags to the fleet command surface.parsercXlgN_parser)selfrs 7lib/googlecloudsdk/command_lib/container/fleet/flags.py__init__FleetFlags.__init__>s LcUR$rrr!s r"rFleetFlags.parserDs <<r%returnc.URR$)aReturns the command name. This provides information on the command track, command group, and the action. Returns: A list of command, for `gcloud alpha container fleet operations describe`, it returns `['gcloud', 'alpha', 'container', 'fleet', 'operations', 'describe']`. )r command_namer's r"r+FleetFlags.command_nameHs ;; # ##r%c URS$)N)r+r's r"rFleetFlags.actionVs   R  r%cURSS:Xa[RR$URSS:Xa[RR$[RR $)z6Returns the release track from the given command name.alphabeta)r+r ReleaseTrackALPHABETAGAr's r" release_trackFleetFlags.release_trackZs` w&    $ $$  1  '    # ##    ! !!r%cV[RRUR5 gr)r ASYNC_FLAG AddToParserrr's r"AddAsyncFleetFlags.AddAsyncdsOO ,r%cBURRS[SS9 g)Nz--display-namezcDisplay name of the fleet to be created (optional). 4-30 characters, alphanumeric and [ '"!-] only.)typerr add_argumentstrr's r"AddDisplayNameFleetFlags.AddDisplayNamegs$KK  : r%cURRSS9nURU5 URU5 UR U5 g)Nz9Default cluster configurations to apply across the fleet.r)r add_group_AddSecurityPostureConfig_AddBinaryAuthorizationConfig_AddCompliancePostureConfig)r!default_cluster_config_groups r"AddDefaultClusterConfig"FleetFlags.AddDefaultClusterConfigqsN#';;#8#8 H$9$  ""#?@&&'CD$$%ABr%rLcfURSS9nURU5 URU5 g)NzSecurity posture config.rG)rH_AddSecurityPostureMode%_AddWorkloadVulnerabilityScanningMode)r!rLsecurity_posture_config_groups r"rI$FleetFlags._AddSecurityPostureConfigys?%A$J$J '%K%!   !>?../LMr%rRcTURS/SQS[R"S5S9 g)N--security-posturedisabledstandard enterprisez To apply standard security posture to clusters in the fleet, $ {command} --security-posture=standard choicesdefaultrrBtextwrapdedentr!rRs r"rP"FleetFlags._AddSecurityPostureModes1"..6 __ / r%cTURS/SQS[R"S5S9 g)N!--workload-vulnerability-scanningrVz To apply standard vulnerability scanning to clusters in the fleet, $ {command} --workload-vulnerability-scanning=standard rZr]r`s r"rQ0FleetFlags._AddWorkloadVulnerabilityScanningModes1"..+6 __ / r%cfURSS9nURU5 URU5 g)NzBinary Authorization config.rG)rH_AddBinauthzEvaluationMode_AddBinauthzPolicyBindings)r!rL!binary_authorization_config_groups r"rJ(FleetFlags._AddBinaryAuthorizationConfigs?)E(N(N +)O)% ##$EF##$EFr%rhc XURSSS/SS[R"S5S9 g)N--binauthz-evaluation-moderWpolicy-bindingscBURSS5R5$)N_-)replacelower)xs r"7FleetFlags._AddBinauthzEvaluationMode..sqyyc*002r%z Configure binary authorization mode for clusters to onboard the fleet, $ {command} --binauthz-evaluation-mode=policy-bindings )r[r@r\rr])r!rhs r"rf%FleetFlags._AddBinauthzEvaluationModes<&22$./3 __3 r%c [R"[S5nURSSSS[R "S5[R "SU0S/SS9S 9 g) NzsGKE policy resource names have the following format: `projects/{project_number}/platforms/gke/policies/{policy_id}`--binauthz-policy-bindingsappendzname=BINAUTHZ_POLICYz The relative resource name of the Binary Authorization policy to audit and/or enforce. GKE policies have the following format: `projects/{project_number}/platforms/gke/policies/{policy_id}`.namer1)spec required_keys max_length)r\rmetavarrr@)r RegexpValidator_BINAUTHZ_GKE_POLICY_REGEXrBr^r_ArgDict)r!rhplatform_policy_types r"rg%FleetFlags._AddBinauthzPolicyBindingssw'66" I &22$& __MN ,"(  3r%c URSSS9nURSSS/SS[R"S 5S 9 URS [R "5SS [R"S 5S9 g)z'Add compliance (posture) configuration.zCompliance configuration.T)rhiddenz --complianceenabledrWNzcompliance=MODEz To enable compliance for clusters in the fleet, $ {command} --compliance=enabled To disable compliance for clusters in the fleet, $ {command} --compliance=disabled )r[r\r}rz--compliance-standardszcompliance-standards=STANDARDSz To configure compliance standards for clusters in the fleet supply a comma-delimited list: $ {command} --compliance-standards=standard-1,standard-2 If this flag is supplied, it cannot be empty. )r@r\r}r)rHrBr^r_r ArgList)r!rLcompliance_posture_config_groups r"rK&FleetFlags._AddCompliancePostureConfigs'C&L&L ('M'#$00J'! __   1 $00  "0 __ 1 r%c[R"SS[RURUR 5[R S9$)Nz$gkehub.projects.locations.operations operation) resource_name api_version locationsId projectsId)r ResourceSpecr VERSION_MAPr8_LocationAttributeConfig DEFAULT_PROJECT_ATTRIBUTE_CONFIGr's r"_OperationResourceSpec!FleetFlags._OperationResourceSpecsD  .!$$T%7%78113<<  r%c[RRSUR5SR UR 5SS9R UR5 URRSS9 g)Nrzoperation to {}.T) group_helprequiredglobal)location) r ConceptParser ForResourcerformatrr<r set_defaultsr's r"AddOperationResourceArg"FleetFlags.AddOperationResourceArgsd!!-- ##%%,,T[[9 . k$++KKh/r%c,[R"SSS9$)z.Gets Google Cloud location resource attribute.rz)Google Cloud location for the {resource}.)ry help_text)r ResourceParameterAttributeConfigr's r"r#FleetFlags._LocationAttributeConfigs  4 4 = r%cDURRS[SSS9 g)Nz --locationzThe location name.ro)r@rr\rAr's r" AddLocationFleetFlags.AddLocations%KK  ! r%rN) __name__ __module__ __qualname____firstlineno____doc__rArgumentInterceptorr#propertyrrrCr+rr r4r8r=rDrMrIrPrQrJrfrgrKrrrr__static_attributes__r%r"rr;s5/22     $DI $  $ !c! ! "T.." "-CN*:*N*NN +;+O+O  +;+O+O G*:*N*NG)9)M)M&)9)M)M6%*:*N*N%N0r%rcv\rSrSrSrS\R S\R4Sjr S\ RS\ 4Sjr S\ R4S jrSS\R 4S jjrS\4S jrS\4S jrS\ 4SjrS\R*4SjrS\R.4SjrS\R24SjrSS\R64SjjrS\R:4SjrS\\R@4Sjr!SS\RDS\RD4Sjjr#SS\RH4Sjjr%S\&RN4Sjr(S\4Sjr)S\*4Sjr+S\*4Sjr,Sr-g )FleetFlagParseri z)Parse flags during fleet command runtime.argsr8cRXlX l[R"U5Ulgr)rr8r GetMessagesModuler)r!rr8s r"r#FleetFlagParser.__init__#s!I&**=9DMr%messager)c(U[U5"5:H$)zDetermines if a message is empty. Args: message: A message to check the emptiness. Returns: A bool indictating if the message is equivalent to a newly initialized empty message instance. )r@r!rs r"IsEmptyFleetFlagParser.IsEmpty*s d7mo %%r%c4URU5(dU$g)z/Trim empty messages to avoid cluttered request.N)rrs r" TrimEmptyFleetFlagParser.TrimEmpty6s << n r%NcURR5n[R"UR 55UlUR 5UlURU5Ul U$)zFleet resource.) rFleetr FleetResourceNameProjectry _DisplayName displayName_DefaultClusterConfigdefaultClusterConfig)r!existing_fleetfleets r"rFleetFlagParser.Fleet=sW MM   !E'' 7EJ))+E!%!;!;N!KE Lr%c.URR$r)r display_namer's r"rFleetFlagParser._DisplayNameFs 99 ! !!r%cB[R"URSSS9$)Nz --projectT) use_defaults)rGetFromNamespacerr's r"rFleetFlagParser.ProjectIs  % %dii4 PPr%c.URR$)zParses --async flag. The internal representation of --async is set to args.async_, defined in calliope/base.py file. Returns: bool, True if specified, False if unspecified. )rasync_r's r"AsyncFleetFlagParser.AsyncLs 99  r%cURR5nUR5UlUR 5UlUR U5$r)rSecurityPostureConfig_SecurityPostureModemode!_VulnerabilityModeValueValuesEnumvulnerabilityModer)r!rets r"_SecurityPostureConfig&FleetFlagParser._SecurityPostureConfigWsD -- - - /C((*CH BBDC >># r%cSURR5;agURRRnUR UR URS.nX RR$)zParses --security-posture.rUNrV) rGetSpecifiedArgsrrModeValueValuesEnumDISABLEDBASIC ENTERPRISEsecurity_posturer! enum_typemappings r"r$FleetFlagParser._SecurityPostureMode]sf499#=#=#??  33GGI&&OO**G 99-- ..r%cSURR5;agURRRnUR UR URS.nX RR$)z)Parses --workload-vulnerability-scanning.rcNrV) rrrr VulnerabilityModeValueValuesEnumVULNERABILITY_DISABLEDVULNERABILITY_BASICVULNERABILITY_ENTERPRISEworkload_vulnerability_scanningrs r"r1FleetFlagParser._VulnerabilityModeValueValuesEnumlso+$))2L2L2NN  ++LL441188G 99<< ==r%cZURR5nUR5Ul[ UR 55UlUcUnO>UnURbURUlUR bUR UlUR (a:UR(d)[R"S[RSSS95eURURRRR:Xa/UlURU5$)z$Construct binauthz config from args.rwzbinauthz-evaluation-modezbinauthz-policy-bindings) prerequisiteopt)rBinaryAuthorizationConfig_EvaluationModeevaluationModelist_PolicyBindingspolicyBindingsr InvalidArgumentException_PREREQUISITE_OPTION_ERROR_MSGrEvaluationModeValueValuesEnumrr)r!existing_binauthz new_binauthzrs r"_BinaryAuthorizationConfig*FleetFlagParser._BinaryAuthorizationConfig}s==::L c c  $ $ 0)88  $ $ 0)88 #"4"4  / / & ( / /5, 0    //MMVVc >># r%cSURR5;agURRRnUR UR S.nX RR$)z"Parses --binauthz-evaluation-mode.rkN)rWrl)rrrrrrPOLICY_BINDINGSbinauthz_evaluation_moders r"rFleetFlagParser._EvaluationModesf$499+E+E+GG  //MM&&$44G 9955 66r%cR^TRRnUb U4SjU5$/$)z"Parses --binauthz-policy-bindings.c3\># UH!nTRRUSS9v M# g7f)ry)ryN)r PolicyBinding).0bindingr!s r" 2FleetFlagParser._PolicyBindings..s.(g -- % %76? % ;(s),)rbinauthz_policy_bindings)r!policy_bindingss` r"rFleetFlagParser._PolicyBindingss1ii88O"( Ir% existing_cfgcUbUOURR5nURRc(URRcUR U5$URRGbURRS;a*[ R"URR5eURRS:Xa-URRb[ R"S5eURRS:Xa0URRRRUl OIURRS:Xa/URRRRUl URc[ R"S5eURRb`URRVs/sHnURRUS9PM nnU(d[ R"S5eXBlUR U5$s snf)z0Construct compliance (posture) config from args.>rrWrWz@Cannot configure compliance standards when disabling Compliance.rzECannot configure compliance standards without a mode first being set.)rXz@--compliance-standards must be a non-empty comma-delimited list.)rCompliancePostureConfigr compliancecompliance_standardsrrInvalidComplianceModeConfiguringDisabledCompliancerENABLEDrrConfiguringMissingComplianceComplianceStandardcomplianceStandards)r!r cfgsdesired_standardss r"_CompliancePostureConfig(FleetFlagParser._CompliancePostureConfigs  #  ]] 2 2 4 yy# (F(F(N ^^C   yy'   %< <**499+?+?@@ ))  * ,ii,,822 N      * MM 1 1 E E M M  99  : - MM 1 1 E E N N   xx  / /    yy%%199111a -- * *A * 6111 N  !2 >># s'#IcUb UROSnURR5nUR5UlUb!UR UR 5UlOUR 5UlUb!URUR5UlOUR5UlURU5$)zConstruct default cluster config from args. Args: existing_fleet_cfg: proto message of any currently existing configuration. Returns: Proto message for the default cluster configuration. N) rrDefaultClusterConfigrsecurityPostureConfigrbinaryAuthorizationConfigrcompliancePostureConfigr)r!existing_fleet_cfgexisting_default_cluster_configrs r"r%FleetFlagParser._DefaultClusterConfigs  ) // $ -- , , .C $ ; ; =C&2&*&E&E ) C C'c#'+&E&E&Gc#&2$($A$A ) A A%c!%)$A$A$Cc! >># r%c^URRRR5$)z#Parses resource argument operation.)rCONCEPTSrParser's r" OperationRefFleetFlagParser.OperationRefs! 99   ' ' - - //r%c.URR$r)rrr's r"LocationFleetFlagParser.Locations 99  r%c.URR$)z$Returns page size in a list request.)r page_sizer's r"PageSizeFleetFlagParser.PageSizes 99  r%c.URR$)z Returns limit in a list request.)rlimitr's r"LimitFleetFlagParser.Limit!s 99??r%)rrr8r).rrrrrr Namespacer r4r#rMessageboolrrr rrCrrrrr(SecurityPostureConfigModeValueValuesEnumr5SecurityPostureConfigVulnerabilityModeValueValuesEnumrrr6BinaryAuthorizationConfigEvaluationModeValueValuesEnumrrrrrrrrrResourcer(r+intr/r3rrr%r"rr sz1:#--:>B>O>O: &X-- &$ &x//%++"C"QsQ T e&A&A / 55 /> BB>$#! &&!F7 CC7 x(;(;<;?7777 $$7v! !!!F0I..0Sr%r)$r __future__rrrr^typingrrapitools.base.protorpcliter&googlecloudsdk.api_lib.container.fleetr r googlecloudsdk.callioper r r rr googlecloudsdk.calliope.conceptsr*googlecloudsdk.command_lib.container.fleetr$googlecloudsdk.command_lib.util.apisr(googlecloudsdk.command_lib.util.conceptsrgooglecloudsdk.corerArgumentALL_MEMBERSHIPS_FLAGrrrrrr%r"rIs0&'!/87/(.455=:D) }}   ( ?" bbJCCr%