4SrSSKJr SSKJr SSKJr SSKJr SSKJr SSKJ r SSK J r SS K J r SS K J r SS K Jr SS KJr SS KJr SSKJr SSKJr SSKJr SrSrSrSrg)z+Utilities for storage surface IAM commands.)absolute_import)division)unicode_literals) cloud_api) gcs_iam_util)iam_util)errors)plurality_checkable_iterator) storage_url)wildcard_iterator)task) task_executor)task_graph_executor) task_status) task_utilcp[R"U5(d[R"U5$[R"U[ R RS9n[R"U5nUR5(a[R"S5e[U5SR$)zEGets cloud resource, allowing wildcards that match only one resource.) fields_scopez2get-iam-policy must match a single cloud resource.r)r contains_wildcardr storage_url_from_stringget_wildcard_iteratorr FieldsScopeSHORTr PluralityCheckableIterator is_pluralr InvalidUrlErrorlist) url_stringresource_iterator%plurality_checkable_resource_iterators :lib/googlecloudsdk/command_lib/storage/iam_command_util.pyget_single_matching_urlr!#s  , ,Z 8 8  . .z ::'==y44::<#==>OP(+4466  < >> 3 4Q 7 C CCc [R"U5nUR5(dRS[R"[ U5R 5R[RR54$[RR5n[R"USU[ R""[ R$R&SS9US9nUS4$)a Executes single or multiple set-IAM tasks with different handling. Args: iterator (iter[set_iam_policy_task._SetIamPolicyTask]): Contains set IAM task(s) to execute. continue_on_error (bool): If multiple tasks in iterator, determines whether to continue executing after an error. Returns: int: Status code. For multiple tasks, the task executor will return if any of the tasks failed. object|None: If executing a single task, the newly set IAM policy. This is useful for outputting to the terminal. rTN)increment_type manifest_path)parallelizabletask_status_queueprogress_manager_argscontinue_on_error)r rrr"get_first_matching_message_payloadnextexecutemessagesr TopicSET_IAM_POLICYrmultiprocessing_contextQueuer execute_tasksrProgressManagerArgs IncrementTypeINTEGER)iteratorr)!plurality_checkable_task_iteratorr' exit_codes r execute_set_iam_task_iteratorr94s #==hG$ + 4 4 6 6 i:: ./779BB !!# ##*AAGGI))')';;$22::$P) +) Dr"c[R"U5n[RUl[R "UR RURUURURU5 U"X5R5n[R"UR[R R"5$)aExtracts new binding from args and applies to existing policy. Args: args (argparse Args): Contains flags user ran command with. url (CloudUrl): URL of target resource, already validated for type. messages (object): Must contain IAM data types needed to create new policy. policy (object): Existing IAM policy on target to update. task_type (set_iam_policy_task._SetIamPolicyTask): The task instance to use to execute the iam binding change. Returns: object: The updated IAM policy set in the cloud. )rValidateAndExtractConditionrIAM_POLICY_VERSIONversion"AddBindingToIamPolicyWithConditionPolicyBindingsValueListEntryExprmemberroler,rr*r-r r.r/)argsurlr-policy task_type condition task_outputs r add_iam_binding_to_resourcerJXs2248)22&. --oo,,hmmV kk499i)#&..0+  5 5k6J6J6:jj6O6O QQr"cd[R"U5n[RUl[R "X R URUUR5 U"X5R5n[R"UR[RR5$)aExtracts binding from args and removes it from existing policy. Args: args (argparse Args): Contains flags user ran command with. url (CloudUrl): URL of target resource, already validated for type. policy (object): Existing IAM policy on target to update. task_type (set_iam_policy_task._SetIamPolicyTask): The task instance to use to execute the iam binding change. Returns: object: The updated IAM policy set in the cloud. )rr;rr<r='RemoveBindingFromIamPolicyWithConditionrBrCallr,rr*r-r r.r/)rDrErFrGrHrIs r remove_iam_binding_from_resourcerNrs2248)22&. 226;;3799i3788=#&..0+  5 5k6J6J6:jj6O6O QQr"N)__doc__ __future__rrrgooglecloudsdk.api_lib.storagerrgooglecloudsdk.command_lib.iamr"googlecloudsdk.command_lib.storager r r r (googlecloudsdk.command_lib.storage.tasksr rrrrr!r9rJrNr"r rVsO2&'4735K:@9BH@>D"!HQ4Qr"