-SrSSKJr SSKJr SSKJr SSKrSSKrSSKrSSKJ r SSK J r SSK J r SS K Jr S rS rS rS rSrSrSrSrSrSrSrSrSrSrSrSrSrSr Sr!Sr"Sr#Sr$Sr%S r&S!r'S"r(S#r)S$r*g)%zUtils for Fleet commands.)absolute_import)division)unicode_literalsN) projects_api) exceptions) properties)filesunknownautopushstagingprodz[ table( displayName:sort=1, name.segment(1):label=PROJECT, uid ) z table( name.basename():label=NAME, unique_id:label=UNIQUE_ID, name.scope().segment(-3):label=LOCATION ) z_ table( name.segment(5):sort=1:label=NAME, name.segment(1):label=PROJECT ) z_ table( name.segment(7):sort=1:label=NAME, name.segment(1):label=PROJECT ) z table( name.segment(7):sort=1:label=NAME, user:sort=1:label=USER, group:sort=1:label=GROUP, role.predefinedRole:label=ROLE, role.customRole:label=CUSTOM_ROLE ) zz table( name.segment(7):sort=1:label=NAME, scope:sort=2:label=SCOPE, fleet:sort=2:label=FLEET ) zj table( name.basename():label=NAME, name.segment(3):label=LOCATION, state.code:label=STATUS ) a? table( name.basename():label=NAME, metadata.verb:label=ACTION, metadata.target.segment(-2):label=TYPE, metadata.target.basename():label=TARGET, name.segment(3):label=LOCATION, done:label=DONE, metadata.createTime.date():label=START_TIME:sort=1, metadata.endTime.date():label=END_TIME ) zy table( name.basename():label=NAME, state:label=STATE, create_time.date():sort=1:reverse:label=CREATE_TIME ) zM table( name.basename():label=NAME, name.segment(3):label=LOCATION ) a table( principal:sort=1:label=PRINCIPAL, overall_role:label=OVERALL_ROLE, scope_rrb_role:label=SCOPE_RBAC, scope_iam_role:label=SCOPE_IAM, project_iam_role:label=PROJECT_IAM, log_view_access:label=LOG_VIEW_ACCESS ) cg)zEReturns 'default' to be used as a fallthrough hook in resources.yaml.defaultr6lib/googlecloudsdk/command_lib/container/fleet/util.pyDefaultFleetIDrs rcURSSSS9nURS[[R"S5S9 URS[S[R"S 5S 9 URS S 9nURS [S[R"S5S9 URS[[R"S5S9 g)zAdds the flags necessary to create a KubeClient. Args: parser: an argparse.ArgumentParser, to which the common flags will be added TzCluster identifier.)mutexrequiredhelpz --gke-uria The URI of a GKE cluster that you want to register to Hub; for example, 'https://container.googleapis.com/v1/projects/my-project/locations/us-central1-a/clusters/my-cluster'. To obtain the URI, you can run 'gcloud container clusters list --uri'. Note that this should only be provided if the cluster being registered is a GKE cluster. The service will validate the provided URI to confirm that it maps to a valid GKE cluster." typerz --gke-clusterzLOCATION/CLUSTER_NAMEz The location/name of the GKE cluster. The location can be a zone or a region for e.g `us-central1-a/my-cluster`. )rmetavarrzNon-GKE cluster identifier.)r --contextz The cluster context as it appears in the kubeconfig file. You can get this value from the command line by running command: `kubectl config current-context`. )rrr --kubeconfigz The kubeconfig file containing an entry for the cluster. Defaults to $KUBECONFIG if it is set in the environment, otherwise defaults to $HOME/.kube/config. N) add_group add_argumentstrtextwrapdedent)parsergroup context_groups rAddClusterConnectionCommonArgsr%s    4&;  %  ??    % ??  //'D/E-  ??     ?? rcURS[[R"S5S9 URS[[R"S5S9 g)zAdds the flags shared between 'hub' subcommands to parser. Args: parser: an argparse.ArgumentParser, to which the common flags will be added rz The kubeconfig file containing an entry for the cluster. Defaults to $KUBECONFIG if it is set in the environment, otherwise defaults to to $HOME/.kube/config. rrzM The context in the kubeconfig file that specifies the cluster. N)rrr r!)r"s r AddCommonArgsr'sZ    ??     ??  rcL[S[R"555$)zZRetrieve the project IDs of projects the user can access. Returns: set of project IDs. c38# UHoRv M g7f)N) projectId).0ps r -UserAccessibleProjectIDSet..s 6"5Q[["5s)setrListrrrUserAccessibleProjectIDSetr1s 6,"3"3"5 6 66rc~[R"[R"[R"U555$)aReads the provided file, and returns its contents, base64-encoded. Args: filename: The path to the file, absolute or relative to the current working directory. Returns: A string, the contents of filename, base64-encoded. Raises: files.Error: if the file cannot be read. )base64 b64encoder ReadBinaryFileContents ExpandHomeDir)filenames rBase64EncodedFileContentsr8s0    ""5#6#6x#@A rcUR(aU(dSRX#5$UR(dU(aSRX#5$g)amGenerates user message with information about enabling/disabling Workload Identity. We do not allow updating issuer url from one non-empty value to another. Args: membership: membership resource. issuer_url: The discovery URL for the cluster's service account token issuer. resource_name: The full membership resource name. cluster_name: User supplied cluster_name. Returns: A string, the message string for user to display information about enabling/disabling WI on a membership, if the issuer url is changed from empty to non-empty value or vice versa. An empty string is returned for other cases zA membership [{}] for the cluster [{}] already exists. The cluster was previously registered with Workload Identity enabled. Continuing will disable Workload Identity on your membership, and will reinstall the Connect agent deployment.zA membership [{}] for the cluster [{}] already exists. The cluster was previously registered without Workload Identity. Continuing will enable Workload Identity on your membership, and will reinstall the Connect agent deployment.) authorityformat) membership issuer_url resource_name cluster_names rGenerateWIUpdateMsgStringrAs[&* HIO I    * HIO I  rc6URnU(aUS-$S$)zReturns a prefix to add to a gcloud command. This is meant for formatting an example string, such as: gcloud {}container fleet register-cluster Args: release_track: A ReleaseTrack Returns: a prefix to add to a gcloud based on the release track  r:)prefix) release_trackrDs rReleaseTrackCommandPrefixrF(s    &#'R'rcg)z?Returns '-' to be used as a fallthrough hook in resources.yaml.-rrrrDefaultToAllLocationsrI9s rcg)zDReturns 'global' to be used as a fallthrough hook in resources.yaml.globalrrrrDefaultToGlobalrL>s rc [RRRS5R 5nU(aSU;a[ $SU;a[$SU;a[$[$![R a SnNIf=f)zReturns the current GKEHub API environment. Assumes prod endpoint if override is unset, unknown endpoint if overrides has unrecognized value. Returns: One of prod, staging, autopush, or unknown. gkehubNzgkehub.googleapis.comzstaging-gkehubzautopush-gkehub) rVALUESapi_endpoint_overridesPropertyGetNoSuchPropertyErrorPROD_API STAGING_API AUTOPUSH_API UNKNOWN_API)hub_endpoint_overrides r APIEndpointrYCs!&--DDMM ce $9 9 O00 11    ' '! !s7A**BBcSnUR(aQ[R"SUR5nU(aURS5nU$[R "S5eUR (aQ[R"SUR 5nU(aURS5nU$[R "S5eU$)aReturns the location for a membership based on GKE cluster flags. For GKE clusters, use cluster location as membership location, unless they are registered with kubeconfig in which case they are not considered "GKE clusters." Args: args: The command line args Returns: a location, e.g. "global" or "us-central1". Raises: a core.Error, if the location could not be found in the flag r:z+([a-z0-9]+\-[a-z0-9]+)(\-[a-z])?/(\-[a-z])?zUnable to parse location from `gke-cluster` parameter. Expecting `$CLUSTER_LOCATION/$CLUSTER_NAME` e.g. `us-central1/my-cluster`zC(regions|locations|zones)/([a-z0-9]+\-[a-z0-9]+)(\-[a-z])?/clusterszUnable to parse location from `gke-uri` parameter. Expecting a string like projects/123/locations/us-central1-a/clusters/my-cluster) gke_clusterresearchr#rErrorgke_uri)argslocation location_res rLocationFromGKEArgsre_s ( ))68H8HK""1%h& /#    M  ||))N K""1%h /    Q  /rc2URS5nXS-S$)zReturns resource ID from resource path. Args: path: resource path, e.g., "projects/p/locations/global/scopes/my-scope" Returns: resource ID, e.g., "my-scope" Raises ValueError if resource ID could not be found /r[N)rindex)pathidxs rResourceIdFromPathrks  C# Aghr)+__doc__ __future__rrrr3r^r +googlecloudsdk.api_lib.cloudresourcemanagerrgooglecloudsdk.corerrgooglecloudsdk.core.utilr rWrVrUrT LIST_FORMATMEM_LIST_FORMATSC_LIST_FORMATNS_LIST_FORMATSC_NS_LIST_FORMATRB_LIST_FORMAT B_LIST_FORMAT FLEET_FORMATOPERATION_FORMATROLLOUT_LIST_FORMATROLLOUTSEQUENCE_LIST_FORMATAPP_OPERATOR_LIST_FORMATrr%r'r1r8rArFrIrLrYrerkrrrr}s &' D***         3l27$+ \("  8*Z r