s[PSrSSKJr SSKJr SSKJr SSKJr SSKJ r SSK J r SSK J r SSKJr S rS rS rS rS rSrSrSr\\4r\\\4r\\\\4r\\\\\\\4r\\\\\\\\4rSrSrSr Sr!Sr"S$Sjr#Sr$S$Sjr%Sr&Sr'Sr(Sr)Sr*S$Sjr+Sr,S$S jr-S!r.S"r/g#)%zUtils for IAP commands.)absolute_import)division)unicode_literals)util) exceptions)iam_util) propertiesz app-enginezbackend-servicesiap_webcompute organizationfolderzforwarding-rulez cloud-runcHURSSSS9 URSSSS9 g)zAdds DestGroup args for managing IAM policies. Args: parser: An argparse.ArgumentParser-like object. It is mocked out in order to capture some information, but behaves like an ArgumentParser. z --dest-groupTName of the Destination Group.requiredhelp--region Region of the Destination Group.N add_argumentparsers *lib/googlecloudsdk/command_lib/iap/util.pyAddIamDestGroupArgsrIs>  +-  -/cHURSSS9 URSSSSS9 g ) zAdds DestGroup args for managing the resource. Args: parser: An argparse.ArgumentParser-like object. It is mocked out in order to capture some information, but behaves like an ArgumentParser. group_namerrrREGIONTr)metavarrrNrrs rAddDestGroupArgsr!Zs>  +-  - /rcDURSSS9 URSSS9 g)zAdds IP and FQDN args for DestGroup Create command. Args: parser: An argparse.ArgumentParser-like object. It is mocked out in order to capture some information, but behaves like an ArgumentParser. --ip-range-list+List of ip-ranges in the Destination Group.r --fqdn-list'List of FQDNs in the Destination Group.Nrrs rAddDestGroupCreateIpAndFqdnArgsr'ks8  8:  46rcbURSS9nURSSS9 URSSS9 g) zAdds IP and FQDN args for DestGroup Update command. Args: parser: An argparse.ArgumentParser-like object. It is mocked out in order to capture some information, but behaves like an ArgumentParser. T)rr#r$rr%r&N add_grouprrgroups rAddDestGroupUpdateIpAndFqdnArgsr-zsK   D  )% 8: 46rc*URSSSSSS9 g)zAdds Region arg for DestGroup List command. Args: parser: An argparse.ArgumentParser-like object. It is mocked out in order to capture some information, but behaves like an ArgumentParser. rrFzARegion of the Destination Group, will list all regions by default-)r rrdefaultNrrs rAddDestGroupListRegionArgsr1s&  N rcUR5nU(aURS[SS9 OURS[SS9 URSSS9 U(aURSSS9 OURSS S9 URS S S9 g ) aAdds flags for an IAP IAM resource. Args: parser: An argparse.ArgumentParser-like object. It is mocked out in order to capture some information, but behaves like an ArgumentParser. support_cloud_run: bool, provide support to cloud-run resource-type. --resource-type"Resource type of the IAP resource.choicesr --servicez Service name.rrzRegion name. Not applicable for `resource-type=app-engine`. Required when `resource-type=backend-services` and regional scoped. Not applicable for global backend-services. Required when `resource-type=cloud-run`.zRegion name. Should only be specified with `--resource-type=backend-services` if it is a regional scoped. Not applicable for global scoped backend services. --versionzLService version. Should only be specified with `--resource-type=app-engine`.N)r*r!IAM_RESOURCE_TYPE_ENUM_ALPHA_BETAIAM_RESOURCE_TYPE_ENUMrsupport_cloud_runr,s rAddIapIamResourceArgsr=s    % 1 1  & 1 [7  *  B *rcUR5nURSS[SS9 URSSS9 URSS S9 g ) zAdds flags for an IAP resource. Args: parser: An argparse.ArgumentParser-like object. It is mocked out in order to capture some information, but behaves like an ArgumentParser. r3Tr4)rr6rr7z?Service name. Required with `--resource-type=backend-services`.rrz_Region name. Not applicable for ``app-engine''. Optional when ``resource-type'' is ``compute''.N)r*r%WEB_ENABLE_DISABLE_RESOURCE_TYPE_ENUMr+s rAddIapResourceArgsr@sj    %3 / 1  LN /rcxUR5nURSSS9 URSSS9 URSSS9 U(aURS[S S 9 OURS[S S 9 URS S S9 U(aURS SS9 OURS SS9 URSSS9 g)aAdds flags for an IAP settings resource. Args: parser: An argparse.ArgumentParser-like object. It is mocked out in order to capture some information, but behaves like an ArgumentParser. support_cloud_run: bool, provide support to cloud-run resource-type. z--organizationzOrganization ID.rz--folderz Folder ID. --projectz Project ID.r3z|Resource type of the IAP resource. For Backend Services, you can use both `compute` and `backend-services` as resource type.r5r7zIService name. Optional when `resource-type` is `compute` or `app-engine`.rzRegion name. Not applicable for `app-engine`. Required when `resource-type=compute` and regional scoped. Not applicable for global scoped compute. Required when `resource-type=cloud-run`.zRegion name. Not applicable for `app-engine`. Required when `resource-type=compute` and regional scoped. Not applicable for global scoped compute.r8zUVersion name. Not applicable for `compute`. Optional when `resource-type=app-engine`.N)r*r%SETTING_RESOURCE_TYPE_ENUM_ALPHA_BETASETTING_RESOURCE_TYPE_ENUMr;s rAddIapSettingArgrEs    %%,>?Zl3[}5 5 K  * K    *  5 )rchUR5nURSSSS9 URSSSS9 g)zAdds OAuth client args. Args: parser: An argparse.ArgumentParser-like object. It is mocked out in order to capture some information, but behaves like an ArgumentParser. z--oauth2-client-idTzOAuth 2.0 client ID to use.rz--oauth2-client-secretzOAuth 2.0 client secret to use.Nr)r+s rAddOauthClientArgsrG-sL    % (* ,.rc.[R"USS9 gNT) add_condition)rAddArgsForAddIamPolicyBindingrs rAddAddIamPolicyBindingArgsrL?s (( rc.[R"USS9 grI)r AddArgsForRemoveIamPolicyBindingrs rAddRemoveIamPolicyBindingArgsrOEs ++ rc$URSSS9 g)zAdds flags for an IAM policy file. Args: parser: An argparse.ArgumentParser-like object. It is mocked out in order to capture some information, but behaves like an ArgumentParser. policy_filez,JSON or YAML file containing the IAM policy.rNrrs rAddIAMPolicyFileArgrRKs HJrc$URSSS9 g)zAdd flags for the IAP setting file. Args: parser: An argparse.ArgumentParser-like object. It is mocked out in order to capture some information, but behaves like an ArgumentParser. setting_fileaJSON or YAML file containing the IAP resource settings. JSON example: ``` { "access_settings": { "oauth_settings": { "login_hint": { "value": "test_hint" } }, "gcip_settings": { "tenant_ids": [ "tenant1-p9puj", "tenant2-y8rxc" ], "login_page_uri": { "value": "https://test.com/?apiKey=abcd_efgh" } }, "cors_settings": { "allow_http_options": { "value": true } } }, "application_settings": { "csm_settings": { "rctoken_aud": { "value": "test_aud" } } } } ``` YAML example: ``` accessSettings : oauthSettings: loginHint: test_hint gcipSettings: tenantIds: - tenant1-p9puj - tenant2-y8rxc loginPageUri: https://test.com/?apiKey=abcd_efgh corsSettings: allowHttpOptions: true applicationSettings: csmSettings: rctokenAud: test_aud ``` rNrrs rAddIapSettingFileArgrUVs 6 8rct[RRRR 5nUR (dUR (a[R"SS5eUR(a[R"SS5eUR(a[R"SS5e[R"X5$UR [:XaUR(a[R"SS5eUR (a=UR(a,[R"XUR UR5$UR (a![R"XUR 5$UR(a[R"SS5e[R "X5$UR [":XaUR(a[R"SS 5eUR(a^UR (a,[R$"XURUR 5$[R&"XUR5$UR (a"[R$"XS UR 5$[R&"XS 5$UR [(:XaUR(a[R"SS 5eUR (a,[R*"XURUR 5$[R,"XUR5$U(aUR [.:XaUR(a[R"SS 5eUR(d[R"SS 5eUR (a,[R0"XURUR 5$[R2"XUR5$[4R6"S5e)a&Parse an IAP IAM resource from the input arguments. Args: release_track: base.ReleaseTrack, release track of command. args: an argparse namespace. All the arguments that were provided to this command invocation. support_cloud_run: bool, whether to support cloud run. Raises: calliope_exc.InvalidArgumentException: if a provided argument does not apply to the specified resource type. iap_exc.InvalidIapIamResourceError: if an IapIamResource could not be parsed from the arguments. Returns: The specified IapIamResource r7:`--service` cannot be specified without `--resource-type`.r9`--region` cannot be specified without `--resource-type`.r8:`--version` cannot be specified without `--resource-type`.z@`--region` cannot be specified for `--resource-type=app-engine`.z4`--version` cannot be specified without `--service`.zG`--version` cannot be specified for `--resource-type=backend-services`.NF`--version` cannot be specified for `--resource-type=forwarding-rule`.@`--version` cannot be specified for `--resource-type=cloud-run`.=`--region` must be specified for `--resource-type=cloud-run`.z!Could not parse IAP IAM resource.)r VALUEScoreproject GetOrFail resource_typeservice calliope_excInvalidArgumentExceptionregionversioniap_apiIAPWebAPP_ENGINE_RESOURCE_TYPEAppEngineServiceVersionAppEngineServiceAppEngineApplicationBACKEND_SERVICES_RESOURCE_TYPEBackendServiceBackendServicesFORWARDING_RULE_RESOURCE_TYPEForwardingRuleForwardingRulesCLOUD_RUN_RESOURCE_TYPECloudRun CloudRunsiap_excInvalidIapIamResourceError) release_trackargsr<r_s rParseIapIamResourcerzs!,    " " * * 4 4 6'   ||  1 1  F  {{  1 1  E  ||  1 1  F  >>- 11 55 {{  1 1  L  ||  , , $,,    % %mdll KK ||  1 1 M   ' ' ?? ;; ||  1 1  0   {{ %% DKK  &&}t{{KK   # #MD$,, OO  " "=4 @@ :: ||  1 1  /   ||  # #MDKK$(LL22 $ $]T[[ IId004KK ||  1 1  )  ;;  1 1  )   ||   mdkk4<< PP   }t{{ CC **+NOOrc*[RRRR 5nUR (aUR [ :Xa?UR(a[R"SS5e[R"UU5$UR [:XaTUR(d[R"SS5e[R"XURUR5$[ R""S5e)aParse an IAP resource from the input arguments. Args: release_track: base.ReleaseTrack, release track of command. args: an argparse namespace. All the arguments that were provided to this command invocation. Raises: calliope_exc.InvalidArgumentException: if `--version` was specified with resource type 'backend-services'. iap_exc.InvalidIapIamResourceError: if an IapIamResource could not be parsed from the arguments. Returns: The specified IapIamResource r7zA`--service` cannot be specified for `--resource-type=app-engine`.zE`--service` must be specified for `--resource-type=backend-services`.zCould not parse IAP resource.)r r]r^r_r`rarirbrcrdrgrlrmRequiredArgumentExceptionrnrervrwrxryr_s rParseIapResourcer~s"    " " * * 4 4 6'  55 33  ,- - ) )     = = \\44  23 3  # # $++t|| **+JKKrc  UR(aUR(a[R"SS5eUR(a[R"SS5e[ R "USRUR55$UR(aUR(a[R"SS5eUR(a[R"SS5e[ R "USRUR55$UR(Ga UR(a(UR(d[R"S S 5eUR(a(UR(d[R"S S 5eUR(a(UR(d[R"S S5eUR(d0[ R "USRUR55$UR[:Xa0[ R "USRUR55$UR[:XaUR(d;[ R "USRURUR55$UR(aQ[ R "USRURURURUR55$[ R "USRURURUR55$UR[:XdUR[:XaSURS/nUR(a+UR!SRUR55 OUR!S5 UR(aUR#SUR/5 [ R "USR%U55$UR[&:XaSURS/nUR(a[R"S S5eUR(a+UR!SRUR55 OUR!S5 UR(aUR#SUR/5 [ R "USR%U55$U(aUR[(:XaSURS/nUR(a[R"S S5eUR(d[R"S S5eUR!SRUR55 UR(aUR#SUR/5 [ R "USR%U55$[*R,"S 5e[*R,"S!5e)"aParse an IAP setting resource from the input arguments. Args: release_track: base.ReleaseTrack, release track of command. args: an argparse namespace. All the arguments that were provided to this command invocation. support_cloud_run: bool, whether to support cloud run. Raises: calliope_exc.InvalidArgumentException: if `--version` was specified with resource type 'backend-services'. Returns: The specified IapSettingsResource r3z?`--resource-type` should not be specified at organization levelrBz9`--project` should not be specified at organization levelzorganizations/{0}z9`--resource-type` should not be specified at folder levelz3`--project` should not be specified at folder levelz folders/{0}r7rWrrXr8rYz projects/{0}zprojects/{0}/iap_webz"projects/{0}/iap_web/appengine-{1}z ? ++' ( << ++z4<<0 1**=#((4.II    "9 9DLL)4 <<55-  {{55-  N))$++67 << ++z4<<0 1**=#((4.II00 57 7 **. 00rc[RRRR 5n[ USS5nUc UR n[R"XURU5$)aParses an IAP TCP DestGroup resource from the input arguments. Args: release_track: base.ReleaseTrack, release track of command. args: an argparse namespace. All the arguments that were provided to this command invocation. Returns: The specified IAP TCP DestGroup resource. rN) r r]r^r_r`getattr dest_grouprgIapTunnelDestGroupResourcere)rxryr_r,s rParseIapDestGroupResourcers^    " " * * 4 4 6' $ d +% ] OOE  + +MDKK,1 33rc[RRRR 5n[ R "XUR5$)aParses an IAP TCP Tunnel resource from the input arguments. Args: release_track: base.ReleaseTrack, release track of command. args: an argparse namespace. All the arguments that were provided to this command invocation. Returns: The specified IAP TCP Tunnel resource. )r r]r^r_r`rgrrer}s r&ParseIapDestGroupResourceWithNoGroupIdrs;    " " * * 4 4 6'  + +MDKK PPrN)F)0__doc__ __future__rrrgooglecloudsdk.api_lib.iaprrggooglecloudsdk.callioperrcgooglecloudsdk.command_lib.iamrgooglecloudsdk.command_lib.iaprvgooglecloudsdk.corer rirmrrORG_RESOURCE_TYPEFOLDER_RESOURCE_TYPErprsr?r:r9rDrCrr!r'r-r1r=r@rErGrLrOrRrUrzr~rrrrrrsG &'6>3@*(!3!" 1%")% "! "! %!"!!" )%/"/" 6 6 "$2j4$BJ.$  J?JiPX'LZO0d3& Qr