5SrSSKJr SSKJr SSKJr SSKJr SSKrSSKrSSKrSSK r SSK J r SSK J r SS K Jr "S S \R5r"S S \R5rSrSrSSjrSrSrSr"SS\5rg)zEOperations on secret names and the run.google.com/secrets annotation.)absolute_import)division)print_function)unicode_literalsN)container_resource) exceptions) platformsc\rSrSrSrSrSrg)SpecialVersion z1Special cases for ReachableSecret.secret_version.rN)__name__ __module__ __qualname____firstlineno____doc__ MOUNT_ALL__static_attributes__r 5lib/googlecloudsdk/command_lib/run/secrets_mapping.pyr r s 9)rr c\rSrSrSrSrSrg)SpecialConnector(z-Special cases for ReachableSecret._connector.rr N)rrrrr PATH_OR_ENVrr rrrr(s 5+rrcjURRR[RS5$)N)template annotationsgetrSECRETS_ANNOTATION)resources r_GetSecretsAnnotationr"4s,    & & * *++R rcURRnU(aX[R'gU[R g![a gf=fN)rrrr KeyError)r!valuers r_SetSecretsAnnotationr':sK!!--+ 9>"556 (;; <    sA AAc20nU(d0$URS5HZnURS5upE[RU5(d[SU-5e[U[R US9X$'M\ U$![a [SU-5ef=f)zParse existing secrets annotation. Args: formatted_annotation: str force_managed: bool Returns: Dict[local_alias_str, ReachableSecret] ,:z%Invalid secret entry %r in annotationz$Invalid secret path %r in annotation) force_managed)split ValueErrorReachableSecret IsRemotePathrr)formatted_annotationr+reachable_secretspair local_alias remote_paths rParseAnnotationr5Es  I"((-dG!%Ck  ' ' 4 4 = K LL%4%11&".  G >E FFGs A==Bc`SRS[UR5555$)Nr)c3T# UHupU<SUR5<3v M g7f)r*N)FormatAnnotationItem).0aliasreachable_secrets r $_FormatAnnotation..as)%F !%(==?@%Fs&()joinsorteditems)r1s r_FormatAnnotationrA`s/ %+,=,C,C,E%F rcF[RRSURRR 555n[ [R"SURRRR 55SU555$)zSet of all secret names (local names & remote aliases) in use. Args: resource: ContainerResource Returns: List of local names and remote aliases. c3j# UH)nURRR5v M+ g7fr$)env_varssecretsvalues)r9 containers rr<_InUse..ps/+<)  ''))[0-9]{1,19})z (?P[a-zA-Z0-9-_]{1,255})z:(?P.+)z/versions/(?P.+)z(?:|z)?z ^projects/z /secrets/$c^[[R"[RU55$r$)boolresearchr._REMOTE_SECRET_FLAG_VALUE) secret_names rr/ReachableSecret.IsRemotePaths#  /;;[I rcX lX0lU(d[R"5(a[R "UR U5nU(azURS5UlURS5Ul URS5Ul URcURS5Ul URcSUl gURX5 g)aParse flag value to make a ReachableSecret. Args: flag_value: str. A secret identifier like 'sec1:latest'. See tests for other supported formats (which vary by platform). connector_name: Union[str, PATH_OR_ENV]. An env var ('ENV1') or a mount point ('/a/b') for use in error messages. Also used in validation since you can only use MOUNT_ALL mode with a mount path. force_managed: bool. If True, always use the behavior of managed Cloud Run even if the platform is set to gke. Used by Cloud Run local development. projectsecret version_shortN version_longlatest) _connectorr+r IsManagedrcrdregroupremote_project_numberrfsecret_version_InitWithLocalSecret)self flag_valueconnector_namer+matchs r__init__ReachableSecret.__init__s%O& ++--ii66 Ce %*[[%;" ;;x0#kk/:    & % N ;$     & ($ j9rc"SUlURS5n[U5S:Xa UuUlUR U5UlO-[U5S:XaUuUlUlO[ SU-5eURUR5 g)aHInit this ReachableSecret for a simple, non-remote secret. Args: flag_value: str. A secret identifier like 'sec1:latest'. See tests for other supported formats. connector_name: Union[str, PATH_OR_ENV]. An env var, a mount point, or PATH_OR_ENV. See __init__ docs. Raises: ValueError on flag value parse failure. Nr*zInvalid secret spec %r)rqr,lenrf_OmittedSecretKeyDefaultrrr-_AssertValidLocalSecretName)rtrurvpartss rrs$ReachableSecret._InitWithLocalSecrets"&D   S !E 5zQ!t 99.Id Uq.3+d+ /*< ==$$T%5%56rcURnUR[R:Xa URnURbSUR-OSnSR UUR US9$)Nz project=%s rzO)project_displayrfversion_display)rrr rrPrqformatrf)rtrrs r__repr__ReachableSecret.__repr__s|))O n666',,o  % % 1 222  %&,V+((+&,& rcURUR:H=(a9 URUR:H=(a URUR:H$r$)rqrfrrrtothers r__eq__ReachableSecret.__eq__sM ""e&A&AA 8    1 1 1 8   5#7#7 7rc X:X+$r$r rs r__ne__ReachableSecret.__ne__ s  rcUR(d[R"5(a#[R"SR US95eUR [RLa[SU-5eUR RS5(d%[R"SR U55e[R$)aThe key/version value to use for a secret flag that has no version. Args: name: The env var or mount point, for use in an error message. Returns: str value to use as the secret version. Raises: ConfigurationError: If the key is required on this platform. zZNo secret version specified for {name}. Use {name}:latest to reference the latest version.)rPz0Can't determine default key for secret named %r./z1Missing required item key for the secret at [{}].) r+r rorConfigurationErrorrrnrr TypeError startswithr rrtrPs rr~(ReachableSecret._OmittedSecretKeyDefault s Y0022  ) ) ??Ev4v?P  ,88 8 > E  __ ' ' , ,++ ? F Ft L  '''rc[R"SUR-S-U5(d[R"SU-5eg)N^r`z%r is not a valid secret name.)rcrd_SECRET_NAME_PARTIALrrrs rr+ReachableSecret._AssertValidLocalSecretName+sD 99TD555>     0:23G"==?  +  !$s*S->>II($5g$>? rcUR5(d [S5eSRURURS9$)zRender a secret path for the run.googleapis.com/secrets annotation. Returns: str like 'projects/123/secrets/s1' Raises: TypeError for a local secret name that doesn't belong in the annotation. z#Only remote paths go in annotationsz6projects/{remote_project_number}/secrets/{secret_name})rqrf)rrrrqrfrs rr8$ReachableSecret.FormatAnnotationItemcsH >>   ; << C J J"88$$ K rcz[R"5(aURU5$URU5$)zBuild message for adding to resource.template.volumes.secrets. Args: resource: k8s_object that may get modified with new aliases. Returns: messages.SecretVolumeSource )r ro!_AsSecretVolumeSource_ManagedMode$_AsSecretVolumeSource_NonManagedMode)rtr!s rAsSecretVolumeSource$ReachableSecret.AsSecretVolumeSourcess5  3 3H ==  6 6x @@rcUR5nURUR5URS9nURR U5 g)N)pathkey)MessagesModule KeyToPathrrrr@append)rtr!outmessagesitems rAppendToSecretVolumeSource*ReachableSecret.AppendToSecretVolumeSourcesD&&(H   4>>#39L9L  MDIITrcUR5nURURU5S9nURX5 U$)NrJ)rSecretVolumeSourcerrrtr!rrs rr1ReachableSecret._AsSecretVolumeSource_ManagedModesH&&(H  % %))(3 & C ##H2 JrcUR5nURURU5S9nUR[R :wa=UR RURURURS95 U$)NrJ)rr) rrrrrr rr@rrrs rr4ReachableSecret._AsSecretVolumeSource_NonManagedModes&&(H  % %))(3 & C n666 ii   !4!44;N;N  O JrcUR5nURURU5URS9nUR US9$)zBuild message for adding to resource.template.env_vars.secrets. Args: resource: k8s_object that may get modified with new aliases. Returns: messages.EnvVarSource )rPr)rO)rSecretKeySelectorrrr EnvVarSource)rtr!rselectors rAsEnvVarSourceReachableSecret.AsEnvVarSourcesS&&(H))  # #H -43F3F*H  h 77r)rnr+rqrfrrNF)rrrrr_PROJECT_NUMBER_PARTIALr_REMOTE_SECRET_VERSION_SHORT_REMOTE_SECRET_VERSION_LONG_REMOTE_SECRET_VERSIONre staticmethodr/rxrsrrrr~rrrrr8rrrrrrr rrr.r.s8<!: A $%   $$         :<7.,(> . 2> A   8rr.r)r __future__rrrrenumrQrcrgooglecloudsdk.api_lib.runrgooglecloudsdk.command_lib.runrr Enumr rr"r'r5rArWr\objectr.r rrrsxL&%'  954TYY tyy   60>$U8fU8r