L,SrSSKJr SSKJr SSKJr SSKrSSKrSSKJr SSK J r SSK J r SS KJr SS KJr S rS rS rSrSrSrSrSrSrSrSrSrSrSrSr Sr!SSjr"g)zOrg Policy command utilities.)absolute_import)division)unicode_literalsN)encoding)service) exceptions)yaml)filesz constraints/zcustomConstraints/zpolicy.cURR[5(a UR$[UR-$)a\Returns the constraint from the user-specified arguments. A constraint has the following syntax: constraints/{constraint_name}. This handles both cases in which the user specifies and does not specify the constraint prefix. Args: args: argparse.Namespace, An object that contains the values for the arguments specified in the Args method. ) constraint startswithCONSTRAINT_PREFIXargss 4lib/googlecloudsdk/command_lib/org_policies/utils.pyGetConstraintFromArgsr#s3 __ 122 ?? T__ ,,cURR[5(aUR[[5S$UR$)aReturns the constraint name from the user-specified arguments. This handles both cases in which the user specifies and does not specify the constraint prefix. Args: args: argparse.Namespace, An object that contains the values for the arguments specified in the Args method. N)r r rlenrs rGetConstraintNameFromArgsr5s< __ 122 ??3012 33 rcURR[5(aUR[[5S$UR$)a(Returns the custom constraint name from the user-specified arguments. This handles both cases in which the user specifies and does not specify the custom constraint prefix. Args: args: argparse.Namespace, An object that contains the values for the arguments specified in the Args method. N)custom_constraintr CUSTOM_CONSTRAINT_PREFIXrrs rGetCustomConstraintNameFromArgsrEsB &&'?@@  ! !#&>"?"@ AA  rcUR=(d UR=(d URnUR(aSnOUR(aSnOSnSRX!5$)aReturns the resource from the user-specified arguments. A resource has the following syntax: [organizations|folders|projects]/{resource_id}. Args: args: argparse.Namespace, An object that contains the values for the arguments specified in the Args method. organizationsfoldersprojectsz{}/{}) organizationfolderprojectformat)r resource_id resource_types rGetResourceFromArgsr%UsO!!@T[[@DLL+ #M {{MM  33rcP[U5n[U5nSRX5$)a)Returns the policy name from the user-specified arguments. A policy name has the following syntax: [organizations|folders|projects]/{resource_id}/policies/{constraint_name}. Args: args: argparse.Namespace, An object that contains the values for the arguments specified in the Args method. z{}/policies/{})r%rr")rresourceconstraint_names rGetPolicyNameFromArgsr)ks)! &(-d3/   ;;rcTURn[U5nSRUU5$)a-Returns the CustomConstraint from the user-specified arguments. A CustomConstraint has the following syntax: organizations/{organization_id}/customConstraints/{constraint_name}. Args: args: argparse.Namespace, An object that contains the values for the arguments specified in the Args method. z%organizations/{}/customConstraints/{})rrr")rorganization_idr(s rGetCustomConstraintFromArgsr,{s3%%/3D9/ 0 7 78G IIrc2URc UR$URR[5(a UR$URS:Xd URS:XdURS:Xa[UR-$UR$)aDReturns the update-mask from the user-specified arguments. This handles both cases in which the user specifies and does not specify the policy prefix for partial update of spec or dry_run_spec fields. Args: args: argparse.Namespace, An object that contains the values for the arguments specified in the Args method. spec dry_run_spec dryRunSpec) update_maskr UPDATE_MASK_POLICY_PREFIXrs rGetUpdateMaskFromArgsr3s     ""#<==    F"d&6&6.&H L( $t'7'7 77  rcZ[R"U5R5nSU-S-$)zHReturns the organization policy message name based on the release_track.GoogleCloudOrgpolicyPolicy)org_policy_service GetApiVersion capitalize) release_track api_versions r_GetPolicyMessageNamer<s+"00?JJL+ + - 88rc[R"U5n[R"U5n[R "U5n[R"U5n[U[U55n[R"Xd5$![R a UnNZf=f![a*n[R"SR!X55eSnAff=f)Returns a message populated from the JSON or YAML file on the specified filepath. Args: filepath: str, A local path to an object specification in JSON or YAML format. release_track: calliope.base.ReleaseTrack, Release track of the command. Unable to parse file [{}]: {}.N)r ReadFileContentsr loadjsondumpsYAMLParseErrorr7OrgPolicyMessagesgetattrr<r JsonToMessage ExceptionrInvalidInputErrorr"filepathr: file_contentsyaml_objjson_strorg_policy_messagesmessagees rGetMessageFromFilerRs((2-yy'Hzz(#H+<<]K ')>})M N'  ! !' 44   H   & &'G'N'N( s),B0B"BB" C,%CCc[R"U5n[R"U5n[R "U5n[R"U5n[US5n[R"Xd5$![R a UnNQf=f![a*n[R"SRX55eSnAff=f)r>&GoogleCloudOrgpolicyV2CustomConstraintr?N)r r@r rArBrCrDr7rErFrrGrHrrIr"rJs r"GetCustomConstraintMessageFromFilerUs((2-yy'Hzz(#H+<<]K '< >'  ! !' 44   H   & &'G'N'N( s),A='B=BB C #%CC c[R"U5nURR(dU$[ UR 5nURRHOnUR cMUR RVs/sH nXd;dM UPM snUR lMQ [X25$s snf)aiRemoves the specified allowed values from all policy rules containing the specified condition. It searches for and removes the specified values from the lists of allowed values on those rules. Any modified rule with empty lists of allowed values and denied values after this operation is deleted. Args: policy: messages.GoogleCloudOrgpolicy{api_version}Policy, The policy to be updated. args: argparse.Namespace, An object that contains the values for the arguments specified in the Args method. release_track: calliope.base.ReleaseTrack, Release track of the command. Returns: The updated policy. ) copydeepcopyr.rulessetvaluevalues allowedValues_DeleteRulesWithEmptyValuespolicyrr: new_policyspecified_valuesrule_to_updater[s rRemoveAllowedValuesFromPolicyrds"}}V$*    M_"--n(+22@@-@E  * @-n). %Z ?? - B=B=c[R"U5nURR(dU$[ UR 5nURRHOnUR cMUR RVs/sH nXd;dM UPM snUR lMQ [X25$s snf)aDRemoves the specified denied values from all policy rules. It searches for and removes the specified values from the lists of denied values on those rules. Any modified rule with empty lists of allowed values and denied values after this operation is deleted. Args: policy: messages.GoogleCloudOrgpolicy{api_version}Policy, The policy to be updated. args: argparse.Namespace, An object that contains the values for the arguments specified in the Args method. release_track: calliope.base.ReleaseTrack, Release track of the command. Returns: The updated policy. ) rWrXr.rYrZr[r\ deniedValuesr^r_s rRemoveDeniedValuesFromPolicyrhs"}}V$*    M_"--n(+22??,?E  * ?,n(. %Z ?? ,rec [R"U5n[R"U5nUR 5nUR US9nUR RVs/sH ofU:wdM UPM snUR lU$s snf)a)Delete any rule with empty lists of allowed values and denied values and no other field set. Args: policy: messages.GoogleCloudOrgpolicy{api_version}Policy, The policy to be updated. release_track: calliope.base.ReleaseTrack, Release track of the command. Returns: The updated policy. )r\)rWrXr7 OrgPolicyApi%BuildPolicySpecPolicyRuleStringValuesBuildPolicySpecPolicyRuler.rY)r`r:raorg_policy_apir\matching_empty_rulerules rr^r^s}}V$*%22=A.  ? ? A&&@@@O",,,t8K0Kd,*//  s $ B 1B c[R"U5n[R"U5nSnUbURR US9nUR US9nURRRU5 Xd4$)aCreates a rule on the policy that contains the specified condition expression. In the case that condition_expression is None, a rule without a condition is created. Args: policy: messages.GoogleCloudOrgpolicy{api_version}Policy, The policy object to be updated. release_track: release track of the command condition_expression: str, The condition expression to create a new rule with. Returns: The rule that was created as well as the new policy that includes this rule. N) expression) condition) r7rjrWrXmessagesGoogleTypeExprrlr.rYappend)r`r:condition_expressionrmrarrnew_rules rCreateRuleOnPolicyrx3s"&22=A.}}V$*)%''66'7)I 5 5 5 J( //x(  r)N)#__doc__ __future__rrrrWrBapitools.base.pyr googlecloudsdk.api_lib.orgpolicyrr7'googlecloudsdk.command_lib.org_policiesrgooglecloudsdk.corer googlecloudsdk.core.utilr rrr2rrrr%r)r,r3r<rRrUrdrhr^rxrrrs$&' %J>$*"/%-$   4, < I"(9 24@B@B0r