\)dSrSSKJr SSKJr SSKJr SSKJrJr SSKJ r SSK J r SSK Jr SSK J r SS KJr SS KJr SS KJr SS KJr SS KJr SS KJr SSKJr SSKJr SSKJ r SSK!J r" SSK#J$r$ SSK#J%r% SSK&J'r' Sr(Sr)S/r*/SQr+"SS\RX\RZ5r.Sr/g)z7Utilities for interacting with the Connect Gateway API.)absolute_import)division)unicode_literals)ListUnion) projects_api)util)client) enable_api)apis)base)api_util)gwkubeconfig_util) overrides)errors)log) properties) platformsz0connectgateway_{project}_{location}_{membership}zihttps://{service_name}/{version}/projects/{project_number}/locations/{location}/{collection}/{membership}gkehub.gateway.get)zgkehub.memberships.getrzserviceusage.services.getc \rSrSrSrSSjrSS\S\S\S\\S44S jjr SS jr S \S \ \4S jr Sr SSjr\S5rSrg)GetCredentialsCommand5zeGetCredentialsCommand is a base class with util functions for Gateway credential generating commands.Nc[R"5 [RR 5n[ R RS5 [ R RSU-5 URU[5 [RRRS5R5n[!U["R$"US55 UR'XBU5nSnUS:XaOI[)US5(a8[)UR*S5(aUR*R,(aSnUR/["R$"XR5UUUUU5 S UR1XBX5-S -n[ R RU5 g![Ra SnNf=f) Nz'Starting to build Gateway kubeconfig...zCurrent project_id: gkehub membershipszgkeconnect-proberendpoint gkeClustergkeMembershipsA new kubeconfig entry "4" has been generated and set as the current context.)container_utilCheckKubectlInstalledhub_base HubCommandProjectrstatusPrint RunIamCheckREQUIRED_CLIENT_PERMISSIONSrVALUESapi_endpoint_overridesPropertyGetNoSuchPropertyErrorCheckGatewayApiEnablementr GetConnectGatewayServiceNameReadClusterMembershiphasattrrrGenerateKubeconfig KubeContext) self membership_id arg_location arg_namespace project_idhub_endpoint_override membership collectionmsgs 9lib/googlecloudsdk/command_lib/container/fleet/gateway.pyRunGetCredentials'GetCredentialsCommand.RunGetCredentials9s((*$$,,.JJJ>?JJ+j89Z!<=#(//FFOO   ))*?F ++-J J((  J'' J'' 6 6    * *#j ))*?N  #    m   A  AJJSU  ) )#"#s 7F**GGr6r7force_use_agentr8c [RRS5 [R"5 [ R R5n[ R RSS9nURU[5 Sn[RR5(a$[R"UR55n[ R""U5 [$R&"UR55nUR)SUSUSU3UUUS9n SSS5 [*R,R/W R05n [*R,R35n U R5U SS 9 U R7[9U R:R=55S 5 U R?5 S U R@S 3n [RRU 5 g!,(df  N=f) aRunServerSide generates credentials using server-side kubeconfig generation. Args: membership_id: The short name of the membership to generate credentials for. arg_location: The location of the membership to generate credentials for. force_use_agent: Whether to force the use of Connect Agent in generated credentials. arg_namespace: The namespace to use in the kubeconfig context. zFetching Gateway kubeconfig...T)numberNz projects/z /locations/z /memberships/)namerAkubernetes_namespaceoperating_system) overwriterrr )!rr&r'r!r"r#r$r%r(REQUIRED_SERVER_PERMISSIONSrOperatingSystem IsWindows gateway_utilWindowsOperatingSystem ReleaseTrackrRegionalGatewayEndpointgateway_client GatewayClientGenerateCredentialskconfig Kubeconfig LoadFromBytes kubeconfigDefaultMergeSetCurrentContextlistcontextskeys SaveToFilecurrent_context) r5r6r7rAr8r9project_numberrFr respnewrUr=s r> RunServerSide#GetCredentialsCommand.RunServerSideqs"JJ56((*$$,,.J((000=N  Z!<=  **,,%<<      * *< 8++D,=,=,?@f  ' '>*+l^=Q^P_`),+ (d 9    * *4?? ;C##++-JSD)  cll&7&7&9!:1!=> #:#=#=">?5 5JJS) 9 8s %AG99 HcL[RXUS9nU(aUSU-- nU$)N)projectlocationr;z_ns-)KUBECONTEXT_FORMATformat)r5r9rer; namespacekcs r>r4!GetCredentialsCommand.KubeContexts5  " "* # BFY b Ir9 permissionsc[R"U5n[R"X25nURn[ U5R [ U55(d[R"5eg)z^Run an IAM check, making sure the caller has the necessary permissions to use the Gateway API.N) project_util ParseProjectrTestIamPermissionsrlsetissubsetmemberships_errorsInsufficientPermissionsError)r5r9rl project_refresultgranted_permissionss r>r(!GetCredentialsCommand.RunIamChecks^++J7K  , ,[ FF ,, {  $ $S)<%= > >  ; ; == ?rkc\[R"XU5n[R"U5$N) hubapi_util MembershipRef GetMembership)r5r9rer; resource_names r>r1+GetCredentialsCommand.ReadClusterMemberships%--jJOM  $ $] 33rkc :[R"U5nUUU[RUUR 5UUUUS9SS.nSS0n 0n UR X#XV5n UR X#U5n [ RR5n [ R"XX5U RU '[ R"U 40U D6U RU '[ R"XS40U D6U RU 'U RU 5 U R!5 U $)N) service_nameversionr^rer<r;gcp)r;rer9server auth_providerrr)rnGetProjectNumber SERVER_FORMATrg GetVersionr4rRrSrVContextrZUserusersClusterclustersrXr\)r5rr9rer<r;rhr^kwargs user_kwargscluster_kwargscontextclusterrUs r>r3(GetCredentialsCommand.GenerateKubeconfigs+"22:>N  &&%OO%)!! '  F KNzZKGzZ@G##++-J#*??'$J !( W D DJW#*??!$%3$J   ) rkc UR5[RRLagUR5[RRLagUR5[RRLagg)Nv1alpha1v1beta1v1)rMr ALPHABETAGA)clss r>r GetCredentialsCommand.GetVersionse T..444    t0055 5    t0033 3  rkrz)FN)__name__ __module__ __qualname____firstlineno____doc__r?strboolrrar4rr(r1r3 classmethodr__static_attributes__rrkr>rr5sm6x$(, 555 5 39% 5n>C>d3i>4*Xrkrc [R"X5(d/[R"UU[R "SX55 gg![R Ra gf=f)aChecks if the Connect Gateway API is enabled for a given project. Prompts the user to enable the API if the API is not enabled. Defaults to "No". Throws an error if the user declines to enable the API. Args: project_id: The ID of the project on which to check/enable the API. service_name: The name of the service to check/enable the API. Raises: memberships_errors.ServiceNotEnabledError: if the user declines to attempt to enable the API. exceptions.GetServicesPermissionDeniedException: if a 403 or 404 error is returned by the Get request. apitools_exceptions.HttpError: Another miscellaneous error with the listing service. api_exceptions.HttpException: API not enabled error if the user chooses to not enable the API. zConnect Gateway APIN)r IsServiceEnabledr PromptToEnableApirsServiceNotEnabledErrorapitools_exceptions RequestError)r9rs r>r/r/sh(  $ $Z > >       3 3#\  ?  # # 0 0   s-A A-,A-N)0r __future__rrrtypingrr+googlecloudsdk.api_lib.cloudresourcemanagerr googlecloudsdk.api_lib.containerr r!5googlecloudsdk.api_lib.container.fleet.connectgatewayr rOrKgooglecloudsdk.api_lib.servicesr googlecloudsdk.api_lib.utilr googlecloudsdk.callioper *googlecloudsdk.command_lib.container.fleetrr{r#rrRr6googlecloudsdk.command_lib.container.fleet.membershipsrrs#googlecloudsdk.command_lib.projectsrngooglecloudsdk.corerrgooglecloudsdk.core.utilrrfrrHr)r$Commandrr/rrkr>rs>&'DCZV6,(NGS@_GD#*.G{ ~H//~B  rk