.-vSrSSKJr SSKJr SSKJr SSKJr SSKJr SrSr S r S r S r SS jr SS jrg)z*Common flags for workforce pools commands.)absolute_import)division)unicode_literals) arg_parsers)basecVURSSRUS:XaSOSU5SS9 g)Nz--organizationz8The parent organization of the workforce pool{0} to {1}.listsThelprequired add_argumentformatparserverbs ;lib/googlecloudsdk/command_lib/iam/workforce_pools/flags.pyAddParentFlagsrs8 E L L#R  cVURSSRUS:XaSOSU5SS9 g)Nz --locationz-The location of the workforce pool{0} to {1}.r r r Tr rrs rAddLocationFlagr"s8 : A A#R  rcfURS5(dgSRUR5$)Nlocationzlocations/globalz locations/{}) IsSpecifiedrr)argss r ParseLocationr,s+  * % %    t}} --rc\[R"SSSSSS9n[R"SSSSS S9n[R"S S 9nURU5 UR[ SS 95 [R"S S 9nURU5 UR[ SS 95 X#/$) zCreates an ArgumentGroup for ExtraAttributesOAuth2Client and ExtendedAttributesOAuth2Client Attributes for the update-oidc command.z--clear-extra-attributes-configclear_extra_attributes_config store_trueFz)Clear the extra attributes configuration.)destactionrr z"--clear-extended-attributes-config clear_extended_attributes_configz,Clear the extended attributes configuration.T)mutex)r)rArgument ArgumentGroup AddArgument*ExtraAttributesOAuth2ClientAttributesGroup-ExtendedAttributesOAuth2ClientAttributesGroup)!clear_extra_attributes_config_arg$clear_extended_attributes_config_arg clearable_extra_attributes_group#clearable_extended_attributes_groups r2AddClearableExtraAndExtendedAttributesOAuth2Clientr/2s&*mm' *  6 '#*.* -  9 *&&*%7%7d%C""..'#..0%@)-(:(: )%&11*&113UC + PPrc*[5[5/$)zCreates an ArgumentGroup for ExtraAttributesOAuth2Client and ExtendedAttributesOAuth2Client Attributes for the create-oidc command.)r)r*rr)AddExtraAndExtendedAttributesOAuth2Clientr2Ws1235 rc $[R"SS[USSS9n[R"SS[USS S9n[R"S S [US S S9n[R"SS[R"/SQS/SSS9USSS9n[R"SS[SSSS9n[R "5nUR U5 UR U5 UR U5 UR U5 UR U5 U$)zDCreates an ArgumentGroup for ExtraAttributesOAuth2Client Attributes.z--extra-attributes-client-idextra_attributes_client_idEXTRA_ATTRIBUTES_CLIENT_IDzThe OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the access token using client credentials grant flow.r"typermetavarr z&--extra-attributes-client-secret-value$extra_attributes_client_secret_value$EXTRA_ATTRIBUTES_CLIENT_SECRET_VALUEzThe OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the access token using client credentials grant flow.z--extra-attributes-issuer-uriextra_attributes_issuer_uriEXTRA_ATTRIBUTES_ISSUER_URIOIDC identity provider's issuer URI. Must be a valid URI using the `https` scheme. Required to get the OIDC discovery document.z--extra-attributes-typeextra_attributes_type)zazure-ad-groups-mailazure-ad-groups-idazure-ad-groups-display-namer@)choiceshidden_choices max_length min_lengthEXTRA_ATTRIBUTES_TYPEKRepresents the identity provider and type of claims that should be fetched.z--extra-attributes-filterextra_attributes_filterFEXTRA_ATTRIBUTES_FILTERaThe filter used to request specific records from the IdP. By default, all of the groups that are associated with a user are fetched. For Microsoft Entra ID, you can add `$search` query parameters using [Keyword Query Language] (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). To learn more about `$search` querying in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.microsoft.com/en-us/graph/search-query-parameter). Additionally, Workforce Identity Federation automatically adds the following [`$filter` query parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based on the value of `attributes_type`. Values passed to `filter` are converted to `$search` query parameters. Additional `$filter` query parameters cannot be added using this field. * `AZURE_AD_GROUPS_MAIL`: `mailEnabled` and `securityEnabled` filters are applied. * `AZURE_AD_GROUPS_ID`: `securityEnabled` filter is applied.rr&strrArgListr'r()rextra_attributes_client_id_arg(extra_attributes_client_secret_value_argextra_attributes_issuer_uri_argextra_attributes_type_argextra_attributes_filter_argcreate_extra_attributes_groups rr)r)_s?#'==$ ' * % $ .2]]. 1 4 , .*%)MM% ( +  %!#mm "    99 % !(!% ! $ ' !6#'"4"4"6++,JK++. ++,KL++,EF++,GH &&rc [R"SS[USSS9n[R"SS[USS S9n[R"S S [US S S9n[R"SS[R"S/SSS9USSS9n[R"SS[SSSS9n[R "5nUR U5 UR U5 UR U5 UR U5 UR U5 U$)zGCreates an ArgumentGroup for ExtendedAttributesOAuth2Client Attributes.z--extended-attributes-client-idextended_attributes_client_idEXTENDED_ATTRIBUTES_CLIENT_IDzThe OAuth 2.0 client ID for retrieving extended attributes from the identity provider. Required to get extended group memberships for a subset of Google Cloud products.r6z)--extended-attributes-client-secret-value'extended_attributes_client_secret_value'EXTENDED_ATTRIBUTES_CLIENT_SECRET_VALUEzThe OAuth 2.0 client secret for retrieving extended attributes from the identity provider. Required to get extended group memberships for a subset of Google Cloud products.z --extended-attributes-issuer-uriextended_attributes_issuer_uriEXTENDED_ATTRIBUTES_ISSUER_URIr=z--extended-attributes-typeextended_attributes_typer?rA)rBrDrEEXTENDED_ATTRIBUTES_TYPErGz--extended-attributes-filterextended_attributes_filterFEXTENDED_ATTRIBUTES_FILTERaThe filter used to request specific records from the IdP. By default, all of the groups that are associated with a user are fetched. For Microsoft Entra ID, you can add `$search` query parameters using [Keyword Query Language] (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). To learn more about `$search` querying in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.microsoft.com/en-us/graph/search-query-parameter). Additionally, Workforce Identity Federation automatically adds the following [`$filter` query parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based on the value of `attributes_type`. Values passed to `filter` are converted to `$search` query parameters. Additional `$filter` query parameters cannot be added using this field. * `AZURE_AD_GROUPS_ID`: `securityEnabled` filter is applied.rJ)r!extended_attributes_client_id_arg+extended_attributes_client_secret_value_arg"extended_attributes_issuer_uri_argextended_attributes_type_argextended_attributes_filter_arg create_extended_attributes_groups rr*r*sE&*mm' * - 0 '#15 1 4 7 4 1-(,}}( + .  ($"&" %   "   ( ""$(==$ ' * H$ 0&*%7%7%9""..'#..1#..(#../KL"../MN ))rN)T)__doc__ __future__rrrgooglecloudsdk.callioperrrrrr/r2r)r*r1rrrgsA1&'/(. "QJa'H_*r