mDSrSSKJr SSKJr SSKJr SSKJr SSKrSSKrSSKrSSK r SSK J r SSK J r SS K Jr SS KJr SS KJr SS KJr SS KJr SS KJr SSKJr SSKJr SSKJr SSKJr SSKJ r SSKJ!r! SSK"J#r$ SSK"J%r& SSK'J(r( Sr)Sr*Sr+Sr,"SS\RZ5r."SS\RZ5r/Sr0Sr1S r2"S!S"\35r4"S#S$\35r5"S%S&\Rl5r7"S'S(\35r8"S)S*\35r9"S+S,\35r:S-r;S.ri     C J J   %,       9 @ @ K s A B:C c2\rSrSrSrSrSrSrSrSr Sr g ) MembershipCRDCreationOperationz;An operation that waits for a membership CRD to be created. unchanged configuredcFXlSUlSUlSUlX lgNF)r*donerArBmembership_crd_manifest)selfr*rLs r#__init__'MembershipCRDCreationOperation.__init__s#"DIDNDJ#: r"cg)NzrrMs r#__str__&MembershipCRDCreationOperation.__str__s &r"cURRUR5upU(aSUlX lgUR U;dUR U;aSUlSUlgg)zBUpdates this operation with the latest membership creation status.TN)r*CreateMembershipCRDrLrKrBCREATED_KEYWORDCONFIGURED_KEYWORDrArMouterrs r#Update%MembershipCRDCreationOperation.Updatese33 $$HC dij    $(?(?3(Fdidn)Gr")rKrBr*rLrAN) rrrrr rVrWrNrRr[r!rr"r#rErEsC/#;' r"rEc.\rSrSrSrSrSrSSjrSrg) KubeconfigProcessorz?A helper class that processes kubeconfig and context arguments.c XlX lX0lX@lXPlX`lXplXl[R"5(d[R"S5eSUl SUl g)aConstructor for KubeconfigProcessor. Args: api_adapter: the GKE api adapter used for running kubernetes commands gke_uri: the URI of the GKE cluster; for example, 'https://container.googleapis.com/v1/projects/my-project/locations/us-central1-a/clusters/my-cluster' gke_cluster: the "location/name" of the GKE cluster. The location can be a zone or a region for e.g `us-central1-a/my-cluster` kubeconfig: the kubeconfig path internal_ip: whether to persist the internal IP of the endpoint. cross_connect_subnetwork: full path of the cross connect subnet whose endpoint to persist (optional) private_endpoint_fqdn: whether to persist the private fqdn. context: the context to use Raises: exceptions.Error: if kubectl is not installed zkubectl not installed.N)rgke_uri gke_clusterr internal_ipcross_connect_subnetworkprivate_endpoint_fqdncontextc_utilCheckKubectlInstalledr r?gke_cluster_self_linkgke_cluster_uri) rMrrarbrrcrdrerfs r#rNKubeconfigProcessor.__init__sb<#L" O"$<!!6L  ' ' ) )   5 66!%DDr"c UR(dUR(aSnUR(a$[R"UR5up#nOT[R R RR5n[R"UR5up4[R"X#U5uUl Ul [URUUUUURUR UR"5S4$UR$(dU[&R("[*R,S5(a+[&R("[*R,S5(agUR$=(d. [&R("[*R,S5=(d Sn[.R0"U5nU(d[2R4"S/S5e[6R8R;U5nUR<nXR>;a%[@RB"S REX55eXh4$) aGets the kubeconfig, cluster context and resource link from arguments and defaults. Args: temp_kubeconfig_dir: a TemporaryDirectoryObject. Returns: the kubeconfig filepath and context name Raises: calliope_exceptions.MinimumArgumentException: if a kubeconfig file cannot be deduced from the command line flags or environment exceptions.Error: if the context does not exist in the deduced kubeconfig file NKUBERNETES_SERVICE_PORTKUBERNETES_SERVICE_HOSTNN KUBECONFIGz~/.kube/config --kubeconfigzoPlease specify --kubeconfig, set the $KUBECONFIG environment variable, or ensure that $HOME/.kube/config existsz.context [{}] does not exist in kubeconfig [{}])#rarbr ParseGKEURIrVALUEScoreproject GetOrFailParseGKECluster%ConstructGKEClusterResourceLinkAndURIrirj_GetGKEKubeconfigrrcrdrerrGetEncodedValueosenvironr ExpandHomeDircalliope_exceptionsMinimumArgumentExceptionkconfig Kubeconfig LoadFromFilerfcontextsr r?r9) rMtemp_kubeconfig_dircluster_projectlocationnamekubeconfig_filerkc context_names r#GetKubeconfigAndContext+KubeconfigProcessor.GetKubeconfigAndContexts" ||t''o *2*>*>t||*L'4$++0088BBD!11$2B2BC  8 8 7d $"6 !++((    ( OO  $ $RZZ1J K K  $ $RZZ1J K K     # #BJJ =   $$_5J   8 8   ?     ( ( 4B<>r"c&UR5 U$r)r[)rM operation_refs r#PollKubernetesPoller.Poll@s r"c2URUR4$r)rArBrs r# GetResultKubernetesPoller.GetResultDs    11r"rN) rrrrr rrrr!rr"r#r7r7:sO2r"r7c\rSrSrSrS'SjrSrSrSrSr S r S r S r S r S rSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrSrSr S(S jr!S(S!jr"S(S"jr#S(S#jr$S)S$jr%S(S%jr&S&r'g)*KubernetesClientiHz6A client for accessing a subset of the Kubernetes API.Nc SUlSUlU(dU(a[R"5Ul[ UUUUUUUUS9UlUR R UR5uUlUlU (d"U (aUR R(agU (a6UR RURUR5Ul gg)aConstructor for KubernetesClient. Args: api_adapter: the GKE api adapter used for running kubernetes commands gke_uri: the URI of the GKE cluster; for example, 'https://container.googleapis.com/v1/projects/my-project/locations/us-central1-a/clusters/my-cluster' gke_cluster: the "location/name" of the GKE cluster. The location can be a zone or a region for e.g `us-central1-a/my-cluster` kubeconfig: the kubeconfig path internal_ip: whether to persist the internal IP of the endpoint. cross_connect_subnetwork: full path of the cross connect subnet whose endpoint to persist (optional) private_endpoint_fqdn: whether to persist the private fqdn. context: the context to use public_issuer_url: the public issuer url enable_workload_identity: whether to enable workload identity Raises: exceptions.Error: if the client cannot be configured calliope_exceptions.MinimumArgumentException: if a kubeconfig file cannot be deduced from the command line flags or environment 20sN)rrarbrrcrdrerf) kubectl_timeoutrrTemporaryDirectoryr^ processorrrrfrjrr*) rMrrarbrrcrdrerfpublic_issuer_urlenable_workload_identitys r#rNKubernetesClient.__init__KsF!D#D+!&!9!9!;d(!93 DN%)NN$J$J   %!DOT\ T^^%C%C 55 //4<<d r"cU$rrrQs r# __enter__KubernetesClient.__enter__s Kr"cTURbURR5 ggr)rClose)rM_s r#__exit__KubernetesClient.__exit__s% + $$&,r"cUR/SQS5upU(a[SRU55eSU;a [S5eg)zCheck to see if the user can perform all the actions in any namespace. Raises: KubectlError: if failing to get check for cluster-admin permissions. RBACError: if cluster-admin permissions are not found. )authzcan-i*rz--all-namespacesNz2Failed to check if the user is a cluster-admin: {}yesaeMissing cluster-admin RBAC role: The cluster-admin role-based accesscontrol (RBAC) ClusterRole grants you the cluster permissions necessary to connect your clusters back to Google. To create a ClusterRoleBinding resource in the cluster, run the following command: kubectl create clusterrolebinding [BINDING_NAME] --clusterrole cluster-admin --user [USER]) _RunKubectlr%r9rrXs r#CheckClusterAdminPermissions-KubernetesClient.CheckClusterAdminPermissionss\7HC  > E Ec J  C  ( r"cURSSUSS/S5up#U(a%[R"SRU55eUR SS5$)Ngetr@-ozjsonpath='{.metadata.uid}'z(Failed to get the UID of the cluster: {}')rr r?r9replacerMr@rYrZs r#r( KubernetesClient.GetNamespaceUIDs_  Y.JK HC    4 ; ;C @  ;;sB r"cUR/SQS5upU(a%[R"SRU55e[R "U5nUSSS-USS-nU$)zGet server version of the cluster. Raises: exceptions.Error: if failing to get namespaces. Returns: Server version of the cluster in major.minor format (e.g. 1.21) )versionrjsonNz3Failed to get the server version of the cluster: {} serverVersionmajor.minor)rr r?r9rloads)rMrYrZ version_strs r#r-!KubernetesClient.GetServerVersionsz 94@HC    ? F Fs K  **S/C OW%+c/.B7.KK r"ctURSSSU-S/S5up#U(a[R"5eU$)z!Get k8s events for the namespace.reventsz --namespace=z--sort-by='{.lastTimestamp}'N)rr r?rs r# GetEventsKubernetesClient.GetEventssH   Y & *  HC     Jr"czURSSSUSS/S5up#U(a%[R"SRU55eUS:Xa/$URSSSUSS /S5up#U(a%[R"SRU55eU(aUR 5R S 5$/$) zGet the Connect Agent namespace by label. Args: label: the label used for namespace selection Raises: exceptions.Error: if failing to get namespaces. Returns: The first namespace with the label selector. r namespacesz --selectorrzjsonpath={.items}Nz,Failed to list namespaces in the cluster: {}z[]z"jsonpath={.items[0].metadata.name} )rr r?r9stripsplit)rMlabelrYrZs r#NamespacesWithLabelSelector,KubernetesClient.NamespacesWithLabelSelectors  lE49LM HC    8 ? ? D  d{ i      0    HC    8 ? ? D &)399;  S !0b0r"c0UR/SQ5upU$)N)delete membershiprrrMrrZs r#DeleteMembership!KubernetesClient.DeleteMemberships   D EFA Jr"c[R"S5n[R"S5nURUR55(aFUR SSUSS/5upVU(a%[ R "SRU55eU$URUR55(aFUR SSUSS/5upVU(a%[ R "SRU55eU$g ) )Get the RBAC cluster role binding policy. ^clusterrole/^role/rclusterrolebindingryaml Error retrieving RBAC policy: {} rolebindingN)recompilematchlowerrr r?r9)rMrbac_policy_namerolecluster_patternnamespace_patternrYrBs r#GetRbacPermissionPolicy(KubernetesClient.GetRbacPermissionPolicysjj1O 8,TZZ\**## &(8$ Gjc  . 5 56F G  jtzz|,,## -!14 @jc  . 5 56F G  j-r"cvUHnUSnUSnURSX4/S5upVU(a[SU;a0[RRSR X455 M`[ R "SR U55e[RRSR U55 M g ) z.Clean up the RBAC cluster role binding policy.rrNNotFoundz!{} for RBAC policy: {} not exist.zError deleting RBAC policy: {}z{}T)rrstatusPrintr9r r?)rM rbac_to_checkrbac_policy_pair rbac_type rbac_namerYrZs r#CleanUpRbacPolicy"KubernetesClient.CleanUpRbacPolicy-s)"1%i"1%i!!8Y"BDIhc   **  188N    !A!H!H!MN N S)** r"c6URSSU/S5up#X#4$)Ndiff-f)_RunKubectlDiff)rMrbac_policy_filerYrZs r#GetRbacPolicyDiff"KubernetesClient.GetRbacPolicyDiff?s%##VT3C$DdKHC 8Or"cSnUHXnUSnUSnURSXE/5upgU(a/SU;aSnM3[R"SRU55e g U(agg) rFrrrrTrNrr r?r9)rMr not_foundrrrrrZs r# GetRbacPolicyKubernetesClient.GetRbacPolicyEszI)"1%i"1%i =>fa  )  !C!J!J3!OP P* r"c [R"S5n[R"S5n/n U(aCU RS[R"SX1XE54S[R"SX1XE54/5 U(a+U R S[R"SX1XE545 U $UR UR55(a+U R S[R"SX1XE545 U $UR UR55(a)U R S[R"SX1XE545 U $) z$Get the formatted RBAC policy names.rr clusterrole impersonateranthos permissionr)rrextendr RbacPolicyNameappendrr) rMrr project_ididentityis_useranthos_supportrrrs r#GetRBACForOperations%KubernetesClient.GetRBACForOperationsVsHjj1O 8,M(( #((       $ $   .    tzz| , ,   $ $JH      . .   $ $JH  r"cUR/SQS5upU(a,SU;ag[R"SRU55eg)z:Returns a boolean indicating if the Membership CRD exists.)r.customresourcedefinitions.apiextensions.k8s.iomemberships.hub.gke.ioNrFz#Error retrieving Membership CRD: {}Trrs r#MembershipCRDExists$KubernetesClient.MembershipCRDExistssN    FA s    BII#N OO r"cUR/SQS5upU(a,SU;ag[R"SRU55eU$)z1Get the YAML representation of the Membership CR.)rrrrrNrrz"Error retrieving membership CR: {}rrXs r#GetMembershipCR KubernetesClient.GetMembershipCRsK94HC s    AHHM NN Jr"cUR/SQS5upU(a,SU;ag[R"SRU55eU$)z2Get the YAML representation of the Membership CRD.)rrrrrNrrz#Error retrieving membership CRD: {}rrXs r#GetMembershipCRD!KubernetesClient.GetMembershipCRDsP   HC s    BII#N OO Jr"cUR5(dgUR/SQS5upU(a,SU;ag[R"SR U55eU$)z7Looks up the owner id field in the Membership resource.N)rrrrzjsonpath={.spec.owner.id}rz"Error retrieving membership id: {})rrr r?r9rXs r#GetMembershipOwnerID%KubernetesClient.GetMembershipOwnerIDs^  # # % % N HC s    AHHM NN Jr"c$URU5$r)Apply)rMrLs r#rU$KubernetesClient.CreateMembershipCRDs ::- ..r"c pU(ah[R"[5[X5[[ [ [S9up4U(a%[R"SRU55eU(a@URU5up5U(a%[R"SRU55egg)zApply membership resources.r0z.Membership CRD creation failed to complete: {}z,Failed to apply Membership CR to cluster: {}N) r r6r7rEr:r;r<r=r r?r9r()rMrLmembership_cr_manifestrrBrZs r#ApplyMembership KubernetesClient.ApplyMemberships   ( G?3A> ha  < C CE J  zz01fa  : A A# F   r"cURU5up#U(a%[R"SRU55eg)z Applying RBAC policy to Cluster.z/Failed to apply rbac policy file to cluster: {}N) ApplyRbacr r?r9)rMrrrZs r#ApplyRbacPolicy KubernetesClient.ApplyRbacPolicys< ^^, -FA    ; B B3 G  r"c6URSSU/5up#USL$)Nrr@rrMr@rrZs r#r5 KubernetesClient.NamespaceExistss%   uk9= >FA $;r"c0URSSU/SS9up#U$)Nrr@z --timeout) timeout_flagrr3s r#rC KubernetesClient.DeleteNamespaces,    ; *FA Jr"cU(aSU/O/nURSUSSRU5/5 URU5$)aReturns the value of a field on a Kubernetes resource. Args: namespace: the namespace of the resource, or None if this resource is cluster-scoped resource: the resource, in the format /; e.g., 'configmap/foo', or for a list of resources json_path: the JSONPath expression to filter with Returns: The field value (which could be empty if there is no such field), or the error printed by the command if there is an error. -nrrzjsonpath={{{}}})rr9r)rMr@resource json_pathcmds r#GetResourceField!KubernetesClient.GetResourceFieldsD )4 bCJJx'8'?'? 'JKL   C  r"c6URSSU/S5up#X#4$)Napplyrr)rM rbac_policyrYrZs r#r/KubernetesClient.ApplyRbacs$$ = 400. headersizstatus: {}, reason: {}) r GetSessionrequest status_coder r?r9reasoncontent)rMmethodurlrSrrs r# _WebRequestKubernetesClient._WebRequests] %%f7%CA ]]F }   5<= 400. N BearerToken)rSquerys auth_settingsrR)r*update_params_for_authr configurationhost rest_clientrUdata)rMrYapi_pathrSrZr[s r#_ClusterRequest KubernetesClient._ClusterRequest.s|g ++]O, $""0055x @C $$,,V',JA 66Mr"cSS0nSnUb$URS5S-nURSX2S9$SnURSX2S9$![a*n[R "SR X455eSnAff=f) a!Get the OpenID Provider Configuration for the K8s API server. Args: issuer_url: string, the issuer URL to query for the OpenID Provider Configuration. If None, queries the custer's built-in endpoint. Returns: The JSON response as a string. Raises: Error: If the query failed. Content-Typezapplication/jsonN/z!/.well-known/openid-configurationGETrRz7Failed to get OpenID Provider Configuration from {}: {})rstripr\rh Exceptionr r?r9)rM issuer_urlrSrZes r#GetOpenIDConfiguration'KubernetesClient.GetOpenIDConfigurationNs *G C   $'JJs<<1##E3#@@     C J J  s&AA A5 %A00A5cSS0nSnUbUnURSX2S9$SnURSX2S9$![a*n[R"SR X455eSnAff=f)aGet the JSON Web Key Set for the K8s API server. Args: jwks_uri: string, the JWKS URI to query for the JSON Web Key Set. If None, queries the cluster's built-in endpoint. Returns: The JSON response as a string. Raises: Error: If the query failed. rkzapplication/jwk-set+jsonNrmrRz/openid/v1/jwksz*Failed to get JSON Web Key Set from {}: {})r\rhror r?r9)rMjwks_urirSrZrqs r#GetOpenIDKeyset KubernetesClient.GetOpenIDKeysetms 2G C   s<<##E3#@@     6 = =c E s// A#%AA#c[R"5/nUR(aURSUR/5 UR(aURSUR/5 URX0R /5 URU5 [ R"5n[ R"5n[R"USURURUS9nUS:wa5UR5(d URSRU55 US:XaUR5OSUS:waUR54$S4$)a_Runs a kubectl command with the cluster referenced by this client. Args: args: command line arguments to pass to kubectl stdin: text to be passed to kubectl via stdin timeout_flag: kubectl command flag used to set timeout Returns: The contents of stdout if the return code is 0, stderr (or a fabricated error if stderr is empty) otherwise --contextrqTno_exitout_funcerr_funcin_strrz"kubectl exited with return code {}N) rgrhrfrrrioStringIOrExecwritegetvaluer9)rMargsrFr6r<rYrZ returncodes r#rKubernetesClient._RunKubectls   ' ' ) *C || jj+t||,-  jj.$//23JJ 2234JJt ++-C ++-C %% TCII %JQs||~~ ii4;;JGH%/ t$/  /3 r"cP[R"5/nUR(aURSUR/5 UR(aURSUR/5 URSUR /5 URU5 [ R"5n[ R"5n[R"USURURUS9nUS:XaUR5OSUS:aUR54$S4$)aRuns a kubectl diff command with the specified args. Args: args: command line arguments to pass to kubectl stdin: text to be passed to kubectl via stdin Returns: The contents of stdout if the return code is 1, stderr (or a fabricated error if stderr is empty) otherwise ryrq--request-timeoutTrzrN) rgrhrfrrrrrrrrr)rMrrFr<rYrZrs r#r KubernetesClient._RunKubectlDiffs  ' ' ) *C || jj+t||,-  jj.$//23JJ#T%9%9:;JJt ++-C ++-C %% TCII %J%/ t$q.  .2 r")rfr*rrrr) NNNNFNNNNFr)Nr)(rrrrr rNrrrr(r-rrrrrrr rrrr"r%rUr,r0r5rCr=r/r(rJrOr\rhrrrvrrr!rr"r#rrHs># $HT' 4  . &1P 0$ "0d $ / , !$ C(@>:!Fr"rc*\rSrSrSrSrSrSrSrg) DeploymentPodsAvailableOperationizGAn operation that tracks whether a Deployment's Pods are all available.c^XlX lX0lX@lSUlSUlSUlgrJ)r@deployment_nameimager*rKrArB)rMr@rrr*s r#rN)DeploymentPodsAvailableOperation.__init__s-N*J"DIDNDJr"cNSRURUR5$)Nz)r9r@rrQs r#rR(DeploymentPodsAvailableOperation.__str__s$ ) 0 0 ,, r"c^SRTR5nU4SjnTRRTRUS5up4U(a U"U5 gUTR :wagTRRTRUS5upTU(a U"U5 gTRRTRUS5updU(a U"U5 gTRRTRUS5uptU(a U"U5 gTRRTRUS5upU(a U"U5 gX:agXh:agXx:agS TlS Tlg) zFUpdates this operation with the latest Deployment availability status.z deployment/{}c>>SU;agSTlSTlUTlg)z-Updates the operation for the provided error.rNTF)rKrArB)rZrMs r# _HandleErr;DeploymentPodsAvailableOperation.Update.._HandleErrs' s didndjr"z'.spec.template.spec.containers[0].imageNz.spec.replicasz.status.replicasz.status.availableReplicasz.status.updatedReplicasT)r9rr*r=r@rrArK) rMdeployment_resourcerdeployment_imagerZ spec_replicasstatus_replicasavailable_replicasupdated_replicass ` r#r['DeploymentPodsAvailableOperation.Updatesg)001E1EF !,,== 1  o 4::% )):: +-=M o ++<< +-?O o "..?? +-H o  ,,== +-F o ' ) , DNDIr")rrKrBrr*r@rAN rrrrr rNrRr[r!rr"r#rrsO Er"rc*\rSrSrSrSrSrSrSrg)r8i(z6An operation that waits for a namespace to be deleted.cFXlX lSUlSUlSUlgrJ)r@r*rKrArB)rMr@r*s r#rN!NamespaceDeleteOperation.__init__+s"N"DIDNDJr"c8SRUR5$)Nz)r9r@rQs r#rR NamespaceDeleteOperation.__str__2s $ + +DNN ;;r"cURRUR5nU(dgSU;aSUlSUlgXlg)zAUpdates this operation with the latest namespace deletion status.NrT)r*rCr@rKrArB)rMrZs r#r[NamespaceDeleteOperation.Update5sA    * *4>> :C  Sdidnjr")rKrBr*r@rANrrr"r#r8r8(s><r"r8c[RRURS5n[R"[R S5n [R "[R SU5 Uc[R"S5nURX2U5n URU 5n U Rn U =(a U R=(a U Rn U (dR[RR!5(d/[R""SR%U R&55e[RR)U U R&UUU5 U (a([R "[R SU 5 U$[R S U$!U (a'[R "[R SU 5 f[R S f=f)aThe kubeconfig of GKE Cluster is fetched using the GKE APIs. The 'KUBECONFIG' value in `os.environ` will be temporarily updated with the temporary kubeconfig's path if the kubeconfig arg is not None. Consequently, subprocesses started with googlecloudsdk.core.execution_utils.Exec will see the temporary KUBECONFIG environment variable. Using GKE APIs the GKE cluster is validated, and the ClusterConfig object, is persisted in the temporarily updated 'KUBECONFIG'. Args: api_adapter: the GKE api adapter used for running kubernetes commands project: string, the project id of the cluster for which kube config is to be fetched location_id: string, the id of the location to which the cluster belongs cluster_id: string, the id of the cluster temp_kubeconfig_dir: TemporaryDirectory object internal_ip: whether to persist the internal IP of the endpoint. cross_connect_subnetwork: full path of the cross connect subnet whose endpoint to persist (optional) private_endpoint_fqdn: whether to persist the private fqdn. Raises: Error: If unable to get credentials for kubernetes cluster. Returns: the path to the kubeconfig file rrpv1zGUnable to get cluster credentials. User must have edit permission on {})r{pathjoinrrzr|SetEncodedValuegke_api_adapter NewAPIAdapter ParseCluster GetCluster masterAuthclientCertificate clientKeyrg ClusterConfigUseGCPAuthProviderr?r9 projectIdPersist)rru location_id cluster_idrrcrdrerold_kubeconfig cluster_refclusterr valid_credss r#ryryFswNww||/44lC*++BJJ E.# RZZzB#11$7k**:GLK$$[1G   DD411DdnnK v33FFHH LL #VK$9$9:      rzz<H  **\ "  rzz<H **\ "sDF00AG1c6[U5nUR(aU(a[R"SS5eUR(aU(d[R"SS5eUR (aU(d[R"SS5egg)aeValidates if --gke-cluster | --gke-uri is supplied for GKE cluster, and --context for non GKE clusters. Args: kube_client: A Kubernetes client for the cluster to be registered. args: An argparse namespace. All arguments that were provided to this command invocation. Raises: calliope_exceptions.ConflictingArgumentsException: --context, --gke-uri, --gke-cluster are conflicting arguments. calliope_exceptions.ConflictingArgumentsException is raised if more than one of these arguments is set. calliope_exceptions.InvalidArgumentException is raised if --context is set for non GKE clusters. ryz]--context cannot be used for GKE clusters. Either --gke-uri | --gke-cluster must be specifiedz --gke-uriz#use --context for non GKE clusters.z --gke-clusterN) IsGKEClusterrfr~InvalidArgumentExceptionrarb)r*ris_gke_clusters r#ValidateClusterIdentifierFlagsrs" ,. \\n  6 6 =   \\.  6 6:  n  6 6> -r"cUR(aURR(agURSSS5upU(a%[R"SR U55eU(dgg)aReturns true if the cluster to be registered is a GKE cluster. There is no straightforward way to obtain this information from the cluster API server directly. This method uses metadata on the Kubernetes nodes to determine the instance ID. The instance ID field is unique to GKE clusters: Kubernetes-on-GCE clusters do not have this field. This test doesn't work in identifing a GKE cluster with zero nodes. Args: kube_client: A Kubernetes client for the cluster to be registered. Raises: exceptions.Error: if failing there's a permission error or for invalid command. Returns: bool: True if kubeclient communicates with a GKE Cluster, false otherwise. TNnodeszE.items[*].metadata.annotations.container\.googleapis\.com/instance_idz)kubectl returned non-zero status code: {}F)rrir=r r?r9)r*vm_instance_idrZs r#rrsk,{44JJ #44  O.    3::3?    r")>r __future__rrrrrrr{r googlecloudsdk.api_lib.containerrrrrr rggooglecloudsdk.api_lib.utilr googlecloudsdk.callioper r~*googlecloudsdk.command_lib.container.fleetr 6googlecloudsdk.command_lib.container.fleet.membershipsr googlecloudsdk.corerrrrgooglecloudsdk.core.utilrr kubernetesrrrrsix.moves.urllib.parserr:r;r<r=r?rr%r+r.rCobjectrEr^OperationPollerr7rrr8ryrrrr"r#rs <&%' KB;.EBK*/#*(-*03*&'" -*3'.6+5   5>:##>4"("!HV@U)&U)p 2v-- 2D vD NVvVrv