PSrSSKJr SSKJr SSKJr SSKrSSKrSSKrSSKrSSK r SSK r SSK r SSK r SSK r SSKrSSKJr SSKJr SSKJr SS KJr SS KJr SS KJr SSKJr SS KJr SS KJr SSKJr SSK J!r! SSK"J#r$ SSK"Jr% SSK"J&r' SSK(J)r) SSK(J*r* SSK(J+r+ SSK,r,SSK-J.r. \ R^RaSSS5r1\ R^RaSSS5r2\ R^RaSSS5r3Sr4Sr5Sr6Sr7"SS \Rp5r9"S!S"\Rp5r:"S#S$\Rp5r;"S%S&\Rp5r<"S'S(\Rp5r="S)S*\R|5r?"S+S,\@5rAS-rB"S.S/\R|5rC"S0S1\R|5rD"S2S3\@5rES4rFS5rGS6rHS7rIS8rJS9rKS:rLS^S;jrMS<rN"S=S>\@5rOS_S?jrPS@rQS`SAjrRSBrS"SCSD\@5rTS`SEjrUSFrVSGrWSHrXSaSIjrYSJrZSKr[SLr\"SMSN\@5r]SOr^SPr_SQr`SRraSSrb"STSU\@5rc"SVSW\@5rd"SXSY\@5re"SZS[\@5rf"S\S]\@5rgg)bzJSSH client utilities for key-generation, dispatching the ssh commands etc.)absolute_import)division)unicode_literalsN) exceptions)client)base) oslogin_utils)gaia)config)execution_utils)log) properties) console_io)creds)store)files) platforms)retry)quote~.sshr google_compute_engine_skgoogle_compute_engine_certzenable-osloginzenable-oslogin-2fazenable-oslogin-skzenable-oslogin-certificatesc\rSrSrSrSrg)InvalidKeyError?z#Indicates a key file was not found.N__name__ __module__ __qualname____firstlineno____doc____static_attributes__r.lib/googlecloudsdk/command_lib/util/ssh/ssh.pyrr?s+r%rc\rSrSrSrSrg)MissingCommandErrorCz8Indicates that an external executable couldn't be found.rNrrr%r&r(r(Cs@r%r(c0^\rSrSrSrSU4SjjrSrU=r$) CommandErrorGz7Raise for a failure when invoking ssh, scp, or similar.cd>U(dU(d [S5eXlU(aSRU5OSnU(aSRU5OSnSRXE4Vs/sH of(dM UPM sn5n[[ U]SRURU5US9 gs snf)Nz*One of message or return_code is required.z[{0}]zreturn code [{0}]z and z[{0}] exited with {1}.) exit_code) ValueErrorcmdformatjoinsuperr+__init__) selfr0message return_code message_textreturn_code_textf why_failed __class__s r&r4CommandError.__init__Js { C DDH.57>>'*4L3>"";/D!4:4q4:J ,& ''*=' ;s % B-3B-)r0NNrr r!r"r#r4r$ __classcell__r<s@r&r+r+Gs?r%r+c,^\rSrSrSrU4SjrSrU=r$)InvalidConfigurationError^z@When arguments provided have misconfigured sources/destinations.cP>[[U] USRX#5-5 g)Nz" Got sources: {}, destination: {})r3rCr4r1)r5msgsources destinationr<s r&r4"InvalidConfigurationError.__init__as' #T3 299'OOr%rr?rAs@r&rCrC^sHr%rCc\rSrSrSrSrg)BadCharacterErrorgz9Indicates a character was found that couldn't be escaped.rNrrr%r&rKrKgsAr%rKc \rSrSrSrSrSrSrg)Suitekz'Represents an SSH implementation suite.OpenSSHPuTTYrN)rr r!r"r#OPENSSHPUTTYr$rr%r&rNrNks/ ' %r%rNc\rSrSrSr\R SSSSS.\RSSS S S.0r\R S \RS 0r SSjr Sr Sr \ S5rSrg ) EnvironmentraEnvironment maps SSH commands to executable location on file system. Recommended usage: env = Environment.Current() env.RequireSSH() cmd = [env.ssh, 'user@host'] An attribute which is None indicates that the executable couldn't be found. Attributes: suite: Suite, The suite for this environment. bin_path: str, The path where the commands are located. If None, use standard `$PATH`. ssh: str, Location of ssh command (or None if not found). ssh_term: str, Location of ssh terminal command (or None if not found), for interactive sessions. scp: str, Location of scp command (or None if not found). keygen: str, Location of the keygen command (or None if not found). ssh_exit_code: int, Exit code indicating SSH command failure. sshscpz ssh-keygen)rWssh_termrXkeygenplinkputtypscp winkeygenNc $XlX lSUlSUlSUlSUl[ R"URU5H-up4[X[R"X@RS95 M/ URUUl g)zCreate a new environment by supplying a suite and command directory. Args: suite: Suite, the suite for this environment. bin_path: str, the path where the commands are located. If None, use standard $PATH. Npath)suitebin_pathrWrYrXrZsix iteritemsCOMMANDSsetattrrFindExecutableOnPathSSH_EXIT_CODES ssh_exit_code)r5rdrekeyr0s r&r4Environment.__init__stJMDHDMDHDKMM$--"67 d33CmmLM8,,U3Dr%cp[URURURUR45$)zpWhether all SSH commands are supported. Returns: True if and only if all commands are supported, else False. )allrWrYrXrZr5s r& SupportsSSHEnvironment.SupportsSSHs( $--4;;? @@r%cDUR5(d [S5eg)zSimply raises an error if any SSH command is not supported. Raises: MissingCommandError: One or more of the commands were not found. z#Your platform does not support SSH.N)rrr(rqs r& RequireSSHEnvironment.RequireSSHs$       E FF r%c[RR5(a[Rn[ 5nO[R nSn[X5$)zoRetrieve the current environment. Returns: Environment, the active and current environment on this machine. N)rOperatingSystem IsWindowsrNrS _SdkHelperBinrRrU)clsrdres r&CurrentEnvironment.CurrentsB  **,,kkehmmeh u ''r%)rerZrXrWrlrYrdN)rr r!r"r#rNrRrSrhrkr4rrru classmethodr|r$rr%r&rUrUrs0 mm   kk  (" mmS kk1. 4$AG ( (r%rUc&[SU55$)Nc3V# UHn[U5S:=(a US:gv M! g7f) N)ord).0cs r& &_IsValidSshUsername..s$ 51SVc\ &a3h &s'))rpusers r&_IsValidSshUsernamers 5 5 55r%c \rSrSrSrSrSrSrg) KeyFileStatusOKz NOT FOUNDBROKENrN)rr r!r"PRESENTABSENTrr$rr%r&rrs ' & &r%rc$\rSrSrSrSrSrSrSrg) _KeyFileKindz-List of supported (by gcloud) key file kinds.privatepublicz PuTTY PPKrN) rr r!r"r#PRIVATEPUBLICPPKr$rr%r&rrs5 ' &#r%rc\rSrSrSr\R RSSS5r"SS\ 5r "SS \ 5r SS jr \ SS j5r\S 5rSrSrSSjrSrSrSSjrSrg )KeysaManages private and public SSH key files. This class manages the SSH public and private key files, and verifies correctness of them. A Keys object is instantiated with a path to a private key file. The public key locations are inferred by the private key file by simply appending a different file ending (`.pub` and `.ppk`). If the keys are broken or do not yet exist, the EnsureKeysExist method can be utilized to shell out to the system SSH keygen and write new key files. By default, there is an SSH key for the gcloud installation, `DEFAULT_KEY_FILE` which should likely be used. Note that SSH keys are generated and managed on a per-installation basis. Strictly speaking, there is no 1:1 relationship between installation and user account. Verifies correctness of key files: - Populates list of SSH key files (key pair, ppk key on Windows). - Checks if files are present and (to basic extent) correct. - Can remove broken key (if permitted by user). - Provides status information. rrgoogle_compute_enginec<\rSrSrSrSSjr\S5rS SjrSr g) Keys.PublicKeyizRepresents a public key. Attributes: key_type: str, Key generation type, e.g. `ssh-rsa` or `ssh-dss`. key_data: str, Base64-encoded key data. comment: str, Non-semantic comment, may be empty string or contain spaces. c(XlX lX0lgr~)key_typekey_datacomment)r5rrrs r&r4Keys.PublicKey.__init__ smmlr%cbUR5n[U[R5(aUR SS5nUR SS5n[ U5S:a[SRU55e[ U5S:aUSR5OSnU"USUSU5$) a/Construct a public key from a typical OpenSSH-style key string. Args: key_string: str, on the format `TYPE DATA [COMMENT]`. Example: `ssh-rsa ABCDEF me@host.com`. Raises: InvalidKeyError: The public key file does not contain key (heuristic). Returns: Keys.PublicKey, the parsed public key. zutf-8replacerzPublic key [{}] is invalid.rr`) strip isinstancerf binary_typedecodesplitlenrr1)r{ key_string decoded_keypartsrs r& FromKeyStringKeys.PublicKey.FromKeyStrings$$$&k J 0 0!(()< Q'e Ua;BB:NOO$'JNa g q58W --r%cSnU(aUR(aUS- nURURURURS9$)zFormat this key into a text entry. Args: include_comment: str, Include the comment part in this entry. Returns: str, A key string on the form `TYPE DATA` or `TYPE DATA COMMENT`. z {type} {data}z {comment})typedatar)rr1rr)r5include_comment out_formats r&ToEntryKeys.PublicKey.ToEntry*sG#j T\\l"   }}4==$,,r%)rrrN)rF) rr r!r"r#r4rrrr$rr%r& PublicKeyrs% ..4r%rc\rSrSrSrSrg)Keys.KeyFileDatai:cXlSUlgr~filenamestatus)r5rs r&r4Keys.KeyFileData.__init__<smdkr%rN)rr r!r"r4r$rr%r& KeyFileDatar:sr%rNc4[RR[R"U55n[RR U5UlU=(d [R5Ul [RURU5[RURUS-50UlURR[ R"La0URUS-5UR[R$'gg)a"Create a Keys object which manages the given files. Args: key_file: str, The file path to the private SSH key file (other files are derived from this name). Automatically handles symlinks and user expansion. env: Environment, Current environment or None to infer from current. z.pub.ppkN)osrcrealpathr ExpandHomeDirdirnamedirrUr|envrrrrkeysrdrNrSr)r5key_filerprivate_key_files r&r4 Keys.__init__Csww''(;(;H(EFww/0DH+k))+DHd../?@T--.>.GHDI xx~~$$($4$45E5N$Odii   !%r%cBU"U=(d [RU5$)aCreate Keys object given a file name. Args: filename: str or None, the name to the file or DEFAULT_KEY_FILE if None env: Environment, Current environment or None to infer from current. Returns: Keys, an instance which manages the keys with the given name. )rDEFAULT_KEY_FILE)r{rrs r& FromFilenameKeys.FromFilenameVs x0400# 66r%cPUR[RR$)z!Filename of the private key file.)rrrrrqs r&r Keys.key_filecs 99\)) * 3 33r%c V/nSnSnURHZnURUn[U[UR55n[U[URR55nM\ URHnURUnUR SR URS-RUS-5SURR-S-RUS-5UR55 M UR5 SRU5$) z3Prepares human readable SSH key status information.rz {} {} [{}] z key()rr) rmaxrvaluerappendr1ljustrsortr2)r5messages key_paddingstatus_paddingkindrs r&_StatusMessageKeys._StatusMessagehsHKN  YYt_d S_5k>3t{{/@/@+ABn  YYt_doo   zzF"))+/:T[[&&&,33NQ4FGmm  MMO 778 r%c6^U4SjnTRHnU"U5TRUlM TR[RR[R LaTR 5 [R"TR5Vs/sHo3RPM nn[SU55(a[R$[SU55(a[R $[R$![at [R"SRTR[R55 [RTR[RlGNf=fs snf)aPerforms minimum key files validation. Note that this is a simple best-effort parser intended for machine generated keys. If the file has been user modified, there's a risk of both false positives and false negatives. Returns: KeyFileStatus.PRESENT if key files meet minimum requirements. KeyFileStatus.ABSENT if neither private nor public keys exist. KeyFileStatus.BROKEN if there is some key, but it is broken or incomplete. c>TRTRURUR5n[ U[ 5(aU$UTRUl[ R$r~)_WarnOrReadFirstKeyLinerrrrr first_liner)rstatus_or_liner5s r& ValidateFile#Keys.Validate..ValidateFiles[33 ))D/ " "DJJn NM 2 2%3 $"$$$r%z(The public SSH key file [{}] is corrupt.c3F# UHo[R:Hv M g7fr~)rrrxs r&r Keys.Validate..s ?.> $$ $.>!c3F# UHo[R:Hv M g7fr~)rrrs r&rrs B1AA-'' '1Ar)rrrrrr GetPublicKeyrr warningr1rrf itervaluesrpr)r5r file_kindrcollected_valuess` r&Validate Keys.Validate}s8%YY $0$;dii !  yy$$%,, 0E0EEE +...*CD*CQ*CD ?.> ???  ! !! B1A B B B  " ""  ! !!E 6 = = ,--.  1>0D0D ,%%&- EEs.D FA:FFcSUR5-nUSLa[R"US-5eUS- n[R"U5 Uc[R "SSS9 [ R"UR5H$n[R"UR5 M& g![a*nUR[R:XaeSnAMXSnAff=f)aRemoves all SSH key files if user permitted this behavior. Precondition: The SSH key files are currently in a broken state. Depending on `force_key_file_overwrite`, delete all SSH key files: - If True, delete key files. - If False, cancel immediately. - If None and - interactive, prompt the user. - non-interactive, cancel. Args: force_key_file_overwrite: bool or None, overwrite broken key files. Raises: console_io.OperationCancelledError: Operation intentionally cancelled. OSError: Error deleting the broken file(s). zYour SSH key files are broken. FzOperation aborted.z*We are going to overwrite all above files.NT)default cancel_on_no)rrOperationCancelledErrorr rPromptContinuerf viewvaluesrrremoverOSErrorerrnoEISDIR)r5force_key_file_overwriter6res r&RemoveKeyFilesIfPermittedOrFail$Keys.RemoveKeyFilesIfPermittedOrFails(143F3F3HHG5(  . .w9M/M NN ;;GKK'DANN499- (##$. 77ell "  #s B.. C"8CC"c[R"U5nUR5R5nU(a UsSSS5 $Sn[R nSSS5 [R"SUW5 W$!,(df  N(=f![R a Sn[RnNS[Ra Sn[R nNzf=f)aReturns the first line from the key file path. A None return indicates an error and is always accompanied by a log.warning message. Args: path: The path of the file to read from. kind: The kind of key file, 'private' or 'public'. Returns: None (and prints a log.warning message) if the file does not exist, is not readable, or is empty. Otherwise returns the first line utf8 decoded. Nzis emptyzdoes not existzis not readablez"The %s SSH key file for gcloud %s.) r FileReaderreadlinerrrMissingFileErrorrErrorr r)r5rcrr:linerFrs r&rKeys._WarnOrReadFirstKeyLines $   D !Qzz|!!#  " !%% "KK4dC@ M " !  ! !$ c##f ;;$ c##f$s?B'A= B A=B= B B B&C6%CCcUR[RRn[R "U5nUR 5nURRU5sSSS5 $!,(df  g=f)a%Returns the public key verbatim from file as a string. Precondition: The public key must exist. Run Keys.EnsureKeysExist() prior. Raises: InvalidKeyError: If the public key file does not contain key (heuristic). Returns: Keys.PublicKey, a public key (that passed primitive validation). N) rrrrrr r rr)r5filepathr:rs r&rKeys.GetPublicKeysYyy,,-66H   ( #q::AA WW^^. / / !6!6 6mme$ # ''$((  F  ! !"4b 90%{{ F )):AA!D E E  Fs$G>>I%H<<I)rrrr~r>)T)rr r!r"r#rrcr2robjectrrr4rrpropertyrrrrrrr#r$rr%r&rrs.WW\\#v/FG7&7rFP& 7 7 4 4*/"b&P<6$=Fr%rc[RR[R"[ 55n[RR USRXU55$Nz{}_{}_{}-cert.pubrrcrrrCERTIFICATE_DIRr2r1)projectregion deploymentcert_dirs r&CertFileFromCloudRunDeploymentr/FsI WW  e11/B C(   *= r%c [RR[R"[ 55n[RR USRXX#55$)Nz{}_{}_{}_{}-cert.pubr))r+serviceversioninstancer.s r&CertFileFromAppEngineInstancer4NsI WW  e11/B C( ##GgH r%c[RR[R"[ 55n[RR USRXU55$r(r)) project_idzone instance_idr.s r&CertFileFromComputeInstancer9VsI WW  e11/B C( #**:[I r%cn[RR[R"[ 55n[R "USS9 [XU5n[R"XP5 g![Ra/n[R"SRXV55 SnAgSnAff=f)aWrites a certificate associated with the key pair for Cloud Run. Args: cert: string, The SSH certificate data. project: string, The project ID of the instance. region: string, The region of the deployment. deployment: string, The deployment name. rmode)Failed to update the certificate {}: [{}]N) rrcrrrr*rr/rr r rr1)certr+r,r-r.rrs r&WriteCloudRunCertificater?]sWW  e11/B C(--u% +GZ H(O H+ OII9@@MNNOA11B4%B//B4cn[RR[R"[ 55n[R "USS9 [XX45n[R"X`5 g![Ra/n[R"SRXg55 SnAgSnAff=f)a+Writes a certificate associated with the key pair for App Engine. Args: cert: string, The SSH certificate data. project: string, The project ID of the instance. service: string, The service of the instance. version: string, The version of the instance. instance: string, The instance ID. rr;r=N) rrcrrrr*rr4rr r rr1)r>r+r1r2r3r.rrs r&WriteAppEngineCertificaterBpsWW  e11/B C(--u% *7W O(O H+ OII9@@MNNOr@cn[RR[R"[ 55n[R "USS9 [XU5n[R"XP5 g![Ra/n[R"SRXV55 SnAgSnAff=f)zWrites a certificate associated with the key pair. Args: cert: string, The SSH certificate data. project_id: string, The project ID of the instance. zone: string, The zone of the instance. instance_id: string, The instance ID. rr;r=N) rrcrrrr*rr9rr r rr1)r>r6r7r8r.rrs r&WriteComputeCertificaterDsWW  e11/B C(--u% (; G(O H+ OII9@@MNNOr@c[XU5n[RRU5(a[R"U5 gg)zDeletes an OS Login certificate file. Args: project_id: string, The project ID of the instance. zone: string, The zone of the instance. instance_id: string, The instance ID. N)r9rrcrr)r6r7r8rs r&DeleteCertificateFilerFs4); G(WW^^HIIhr%c^U4SjnU(a[USUSUSUS5nO'U(a[UUSUS5nO [XU5n[USS 9n[R R U5(aURUS 9 g g ![a/n [R"S RXy55 S n A g S n A ff=f) aChecks if the certificate is currently valid for a given instance. Args: oslogin_state: An OsloginState object. project_id: string, The project ID of the instance. zone: string, The zone of the instance. instance_id: string, The instance ID. app_engine_params: dict, values of (appsId, servicesId, versionId, instanceId, serviceAccount, region) for App Engine instances. cloud_run_params: dict, values of (region, deployment_name, project_id) for Cloud Run deployments. c8>Sn[R"SU5nU(dg[RRUSU5n[RRUSU5n[RR 5nXS:=(a XT:Tlg)Nz%Y-%m-%dT%H:%M:%Sz#\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}rr`)refindalldatetimestrptimenowsigned_ssh_key)r> time_formatmatchstartendrM oslogin_states r& IsCertValid(ValidateCertificate..IsCertValids|%K JJ=t DE     & &uQx =E    $ $U1X{ ;C      !C#&;#<39M r%appsId servicesId versionsId instancesIdr,deployment_nameT) print_cert)out_funcz(Cert File [{0}] could not be opened: {1}N) r4r/r9rrrcrrr+r rr1) rSr6r7r8app_engine_paramscloud_run_paramsrT cert_filer0rs ` r&ValidateCertificater`s(=-(#,','-( I ."*+I ,JkJIiD1#O ww~~i   gg{g#! OII8?? MNNOs3B C %CC cURS:XagURnU(dg[RR [ R "[55n[ R"USS9 /n[R"U5HPnURS5(dM[RRX$5n[R"U5 MR [U5H[upgSRU5n[RRX$5n[ R"XWSS9 UR!U5 M] U$) zWrites temporary files from a list of key data. Args: oslogin_state: An OsloginState object. Returns: List of file paths for security keys or None if security keys are not supported. r\Nrr;tmp_skz tmp_sk_{0}Tr) environment security_keysrrcrrrSECURITY_KEY_DIRrlistdir startswithr2r enumerater1rr)rSrekey_dir key_filesr file_pathnumrms r&WriteSecurityKeysrns') ---   GG  U001AB C'--e$)**W%h8$$'',,w1iii & M*hc""3'H W/I ID9 Y + r%c \rSrSrSr\R R\R"\R RSSS555r Sr \ S5r\ S5rS rSS jrSS jrS rS rg) KnownHostsizRepresents known hosts file, supports read, write and basic key management. Currently a very naive, but sufficient, implementation where each entry is simply a string, and all entries are list of those strings. rrgoogle_compute_known_hostscXlX lg)zConstruct a known hosts representation based on a list of key strings. Args: known_hosts: str, list each corresponding to a line in known_hosts_file. file_path: str, path to the known_hosts_file. N) known_hostsrl)r5rsrls r&r4KnownHosts.__init__s#Nr%c[R"U5R5n[X!5$![Ra1n/n[R "SR X55 SnANKSnAff=f)zCreate a KnownHosts object given a known_hosts_file. Args: file_path: str, path to the known_hosts_file. Returns: KnownHosts object corresponding to the file. If the file could not be opened, the KnownHosts object will have no entries. z3SSH Known Hosts File [{0}] could not be opened: {1}N)rReadFileContents splitlinesr r rr1rp)r{rlrsrs r&FromFileKnownHosts.FromFilesj**95@@Bk k -- ;;k ii ? F F s$1A6'A11A6cH[R[R5$)zCreate a KnownHosts object from the default known_hosts_file. Returns: KnownHosts object corresponding to the default known_hosts_file. )rprx DEFAULT_PATH)r{s r&FromDefaultFileKnownHosts.FromDefaultFile0s   z66 77r%cB^[U4SjUR55$)aCheck if a host key alias exists in one of the known hosts. Args: host_key_alias: str, the host key alias Returns: bool, True if host_key_alias is in the known hosts file. If the known hosts file couldn't be opened it will be treated as if empty and False returned. c3.># UH nTU;v M g7fr~r)rrhost_key_aliass r&r+KnownHosts.ContainsAlias..DsC2B$~%2Bs)anyrs)r5rs `r& ContainsAliasKnownHosts.ContainsAlias9s C$2B2BC CCr%cSRX5n[UR5H2upVURU5(dMU(aX@RU' g URR U5 g)aoAdd or update the entry for the given hostname. If there is no entry for the given hostname, it will be added. If there is an entry already and overwrite_keys is False, nothing will be changed. If there is an entry and overwrite_keys is True, the key will be updated if it has changed. Args: hostname: str, The hostname for the known_hosts entry. host_key: str, The host key for the given hostname. overwrite: bool, If true, will overwrite the entry corresponding to hostname with the new host_key if it already exists. If false and an entry already exists for hostname, will ignore the new host_key value. {0} {1}N)r1rirsrhr)r5hostnamehost_keyr  new_key_entryirms r&AddKnownHosts.AddFsd$$X8MD,,-  ! !  -  1  .  m,r%cSnUVs/sHnSRX5PM nnU(dU$URVs/sHowRU5(dMUPM nnU(a_U(aVURVs/sHowRU5(aMUPM snUlURRU5 SnU$URRU5 SnU$s snfs snfs snf)aAdd or update multiple entries for the given hostname. If there is no entry for the given hostname, the keys will be added. If there is an entry already, and overwrite keys is False, nothing will be changed. If there is an entry and overwrite_keys is True, all current entries for the given hostname will be removed and the new keys added. Args: hostname: str, The hostname for the known_hosts entry. host_keys: list, A list of host keys for the given hostname. overwrite: bool, If true, will overwrite the entries corresponding to hostname with the new host_key if it already exists. If false and an entry already exists for hostname, will ignore the new host_key values. Returns: bool, True if new keys were added. FrT)r1rsrhextend) r5r host_keysr new_keys_addedrnew_key_entriesrmexisting_entriess r& AddMultipleKnownHosts.AddMultiple^s$N=F=F ,Y  '''>>(+C' ++ +C>>(3KC+  0  o.n '   sC%C*C*<C/C/c|[R"URSRUR5S-SS9 g)zWrites the file to disk. TrcN)rrrlr2rsrqs r&WriteKnownHosts.Writes/   $"2"23d:Dr%)rlrsNr)rr r!r"r#rrcrrrr2r{r4rrxr|rrrrr$rr%r&rprps!!  '',,sF$@ A, ..*88 D-0&Pr%rpc:[R"5n[U5(du[RR R RSS9n[R"U5nU(a%[R"SRX55 UnU$)aReturns the default username for ssh. The default username is the local username, unless that username is invalid. In that case, the default username is the username portion of the current account. Emits a warning if it's not using the local account username. Args: warn_on_account_user: bool, whether to warn if using the current account instead of the local username. Returns: str, the default SSH username. T)requiredzaInvalid characters in local username [{0}]. Using username corresponding to active account: [{1}]) getpassgetuserrrVALUEScoreaccountGetr MapGaiaEmailToDefaultAccountNamer rr1)warn_on_account_userr full_account account_users r&GetDefaultSshUsernamers  $ T " "$$))1155t5DL88FL kk BBH&C  D +r%cU(aUR(dgURVs/sH o"RU:XdMURPM" nnU(dgUSR5S:H$s snf)aReturn true if the metadata has the supplied key and it is set to 'true'. Args: metadata: Instance or Project metadata. key_name: The name of the metadata key to check. e.g. 'oslogin-enable'. Returns: True if Enabled, False if Disabled, None if key is not presesnt. Nrtrue)itemsrmrlower)metadatakey_nameitemmatching_valuess r&MetadataHasEnablerse x~~ %^^+Txx8/Cjdjj^     ! ! #v -- s A/A/c|SnUb[URU5nOUbUnUcURn[XR5nU$)aReturn True if the feature associated with the supplied key is enabled. If the key is set to 'true' in instance metadata, will return True. If the key is set to 'false' in instance metadata, will return False. If key is not set in instance metadata, will return the value in project metadata unless instance_override is not None (set to True or False). Args: instance: The current instance object. project: The current project object. key_name: The name of metadata key to check. e.g. 'oslogin-enable'. instance_override: The value of the instance metadata key. Used if the instance object cannot be passed in. None if not set. Returns: bool, True if the feature associated with the supplied key is enabled in instance/project metadata. N)rrcommonInstanceMetadata)r3r+rinstance_overridefeature_enabledproject_metadatas r&FeatureEnabledInMetadatarsO*/ '(9(98DO$'O55'(8CO r%c[R5nUR[R:XagSS/n[ SUSS9nUR 5n[R"U5 [R"[R"U[RS95n[R"U5 UR#5n[R"S RU55 UHnUR%S 5(dM g g![Ra7 [R"SRSR!U555 gf=f) aCheck the local SSH installation for security key support. Runs 'ssh -Q key' and looks for keys starting with 'sk-'. PuTTY on Windows will return False. Returns: True if SSH supports security keys, False if not, and None if support cannot be determined. Fz-QrmN) extra_flagstty)stderrz;Cannot determine SSH supported key types using command: {0}rzSupported SSH key types: {0}zsk-T)rUr|rdrNrS SSHCommandBuildr rrf ensure_str subprocess check_outputSTDOUTCalledProcessErrorr1r2rwrh)r ssh_flagsr0cmd_listoutputkeys_supportedrms r&CheckSshSecurityKeySupportrs # YY%++ Um)4YE:# YY[())H  ^^1B1BCFIIf$$&.)) * 1 1. AB c ~~e  !  & &IIELL HHX    s*A DAEEcB\rSrSrSrSSjrSrSrSrg) OsloginStateia]Class for holding OS Login State. Attributes: oslogin_enabled: bool, True if OS Login is enabled on the instance. oslogin_2fa_enabled: bool, True if OS Login 2FA is enabled on the instance. security_keys_enabled: bool, True if Security Keys should be used for SSH authentication. user: str, The username that SSH should use for connecting. third_party_user: bool, True if the authenticated user is an external account user. ssh_security_key_support: bool, True if the SSH client supports security keys. environment: str, A hint about the current environment. ('ssh' or 'putty') security_keys: list, A list of 'private' keys associated with the security keys configured in the user's account. signed_ssh_key: bool, True if a valid signed ssh key exists. require_certificates: bool, True if passing a certificate is required. Nc XlX lX0lX@lXPlX`lXplUc/UlOXlXlXl gr~) oslogin_enabledoslogin_2fa_enabledsecurity_keys_enabledrthird_party_userssh_security_key_supportrdrerNrequire_certificates) r5rrrrrrrdrerNrs r&r4OsloginState.__init__#sM+2!6I,$<!"d(( 4r%c D[R"S5RURURUR UR URURURSRUR5URUR5 $)Na6 OS Login Enabled: {0} 2FA Enabled: {1} Security Keys Enabled: {2} Username: {3} Third Party User: {4} SSH Security Key Support: {5} Environment: {6} Security Keys: {7} Signed SSH Key: {8} Require Certificates: {9} r)textwrapdedentr1rrrrrrrdr2rerNrrqs r&__str__OsloginState.__str__>s ??  V     ""   %%  $$$%  !! r%c SRURURURURUR UR URURURUR5 $)NzOsloginState(oslogin_enabled={0}, oslogin_2fa_enabled={1}, security_keys_enabled={2}, user={3}, third_party_user={4}ssh_security_key_support={5}, environment={6}, security_keys={7}, signed_ssh_key={8}, require_certificates={9})) r1rrrrrrrdrerNrrqs r&__repr__OsloginState.__repr__Xsp $%+F   $ $  & & II  ! !  ) )           % % % r%) rdrrrrerrNrrr) FFFNFNNNFF) rr r!r"r#r4rrr$rr%r&rrs6*! # 564r%rcjU(aUR(aU(dg[[[SUR55S5nU(a URO/nU=(d /Vs/sHoDR PM nnU=(a# UR RRU;$s snf)NFcUR$r~)boot)disks r&$_IsInstanceWindows..qsDIIr%) disksnextiterfilterguestOsFeaturesrGuestOsFeatureTypeValueValuesEnumWINDOWS)r3r boot_diskguest_os_featuresfeaturefeaturess r&_IsInstanceWindowsrms x 45x~~FGN)3O P 6-&&  r%cURUURUUSSUSSUSSUSSUS 3S 9n[URUSUSUSUS 5 g ) zASigns and writes a certificate for the given App Engine instance.serviceAccountzapps/rVrrWz /versions/rX /instances/rY)service_accountapp_engine_instanceN)rnamerBr)rrr+r,r]rs r&!_SignAndWriteAppEngineCertificaters55 ll '(89 #H-.j9J<9X8YYcduwCeDdEEPQbcpQqPr s 6-&&! % % & r%c "URUURUUR(aURSROSSURSUSUR3S9n[ UR URXER5 g)z>Signs and writes a certificate for the given Compute instance.rrrz/zones/r)rcompute_instanceN)rrserviceAccountsemailidrDr)rrr+r,r7r3rs r&_SignAndWriteComputeCertificaters55 ll  ! !..q177 gll^74& HKK= I6 -&& dKKr%c  [US9nU(aSnO[UU[U S9nU(dU$[X S9(a![R R S5 U$Xl[5Ul U(aSUl SUl SUl O?[UU[U S9Ul [UU[U S9Ul [UU[U S9Ul [ R#5nUR$[&R(:XaSUlOSUlUR(a[-5Ul[0R2"U5n[4R6R8R:R=5=(d2 [4R6R>R@R=5nS nS nU(aOURB(a>URBRES 5RG5nUS URIS 5nO U(aUS nU[JRLRN[JRLRP4;aUR(dUR(a[SUS S9nU(a [UX5 O7U(a[UUUUSS9 O![UXRVUURX5 URZ(d<U(a[]UX1UU5 O%U(a[_UUU5 O[aUX1UUU5 URkUU(aUSO URVURS9nGOGUR(a [mS5eUR(a [mS5eURkUU(aUSO URVURS9nUR(aK[nRp"UUUS9Ul9URt(dURwUS5nURxnO[nRz"UUUS9n[nR|"UU5nU(aURt(d URwUUUSUS9nURxnOU(aURUUUUSUS9 S nURtHKnU=(d URnURU:XaUs $UR(dM?URnMM UUlBU(a1[R R SRgUU55 U$[R"SRgUU55 U$![bRda [R R SRgUURV55 URiUURVU5 U(a[]UX1UU5 GNU(a[_UX75 GN[aUX1UUU5 GNf=f)a Check instance/project metadata for oslogin and return updated username. Check to see if OS Login is enabled in metadata and if it is, return the OS Login user and a boolean value indicating if OS Login is being used. Args: instance: instance, The object representing the instance we are connecting to. If None, instance metadata will be ignored. project: project, The object representing the current project. requested_user: str, The default or requested username to connect as. public_key: str, The public key of the user connecting. expiration_time: int, Microseconds after epoch when the ssh key should expire. If None, an existing key will not be modified and a new key will not be set to expire. If not None, an existing key may be modified with the new expiry. release_track: release_track, The object representing the release track. app_engine_params: dict, The fields required to identify an App Engine instance. This should be None for Compute instances and Cloud Run deployments. If present, this should contain fields for 'appsId', 'servicesId', 'versionsId', 'instancesId', and 'serviceAccount'. cloud_run_params: dict, The fields required to identify a Cloud Run deployment. This should be None for Compute and App Engine instances. If present, this should contain fields for 'deployment_name', 'project_id', and 'region'. username_requested: bool, True if the user has passed a specific username in the args. instance_enable_oslogin: True if the instance's metadata indicates that OS Login is enabled, and False if not enabled. Used when the instance cannot be passed through the instance argument. None if not specified. instance_enable_2fa: True if the instance's metadata indicates that OS Login 2FA is enabled, and False if not enabled. Used when the instance cannot be passed through the instance argument. None if not specified. instance_enable_security_keys: True if the instance's metadata indicates that OS Login security keys are enabled, and False if not enabled. Used when the instance cannot be passed through the instance argument. None if not specified. instance_require_certificates: True if the instance's metadata indicates that OS Login SSH certificates are to be used exclusively, False otherwise. An override to be used when the instance cannot be passed through the "instance" argument. None if not specified. messages: API messages class, The compute API messages. Returns: object, An object containing the OS Login state, with values indicating whether OS Login is enabled, Security Keys are enabled, the username to connect as and a list of security keys. rT)r)rz=OS Login is not available on Windows VMs. Using ssh metadata.Fr\rWN/-r,z:@)safer6)r^r6zSNo OS Login profile found for user [{0}] for project [{1}]. Creating POSIX account.)include_security_keyszSSH using federated workforce identities is not yet generally available (GA). Please use `gcloud beta compute ssh` to SSH using a third-party identity.zSSH using certificates is not yet generally available (GA). Please use `gcloud beta compute ssh` to SSH to VMs that require certificate authentication.)profiler)expiration_timerr,expirationTimeUsec)rz9Using OS Login user [{0}] instead of requested user [{1}]z7Using OS Login user [{0}] instead of default user [{1}])DrrOSLOGIN_ENABLE_METADATA_KEYrr rPrintrIsThirdPartyUserrrrrOSLOGIN_ENABLE_2FA_METADATA_KEYOSLOGIN_ENABLE_SK_METADATA_KEY(OSLOGIN_ENABLE_CERTIFICATES_METADATA_KEYrUr|rdrNrSrdrroslogin_client OsloginClientrrauthimpersonate_service_accountrrrr7rpoprindexr ReleaseTrackALPHABETArr`rrrNrrrrHttpNotFoundErrorr1ProvisionPosixAccountGetLoginProfileNotImplementedErrorr GetSecurityKeysFromProfilere posixAccountsImportSshPublicKey loginProfileGetKeyDictionaryFromProfileFindKeyInKeyListUpdateSshPublicKeyusernameprimaryrinfo)r3r+requested_userrr release_trackr]r^username_requestedinstance_enable_oslogininstance_enable_2fainstance_enable_security_keysinstance_require_certificatesrrSrrr user_emailr7r, login_profileimport_responser fingerprint oslogin_userpas r&GetOsloginStater3s]~N3-O.#1 O  4JJH "1#3#5- (-M%*/M')-M&(@'- )M% +C&7 +M' *B07 *M& #YY%++ 'M %M((-G-IM*  ( ( 7'88<<>.      ' ' + + - $ & (-- ==  s # ' ' )D $DKK$ %F x (F    ' '=+M+Mz-J-;  +%l3 -tX[[I  ' '   +zF4E  * *zFD( *++*:& +AA,M%%  $  ))  )  ++*:& +AA,M **$1$L$L g}%m! ( (!44ZD'44  6 6 g}d"22:tDk  ; ;!44  +"' 5 (44 ""     + # ,  ' 'b.2;;L {{n$  [[l ($-JJCJJ .   HHAHH .  K ) )   ''-vj',,'G  %%j',,G  +zF4E  *z  *zFD(  s+U+UUA?W9W9&W98W9cj[R"SS9n[ RRU5nU[ RR[ RR[ RR4;$![Ra [R "S5 gf=f)z1Checks if the Authenticated User is a BYOID User.T)use_google_authz!Failed to load fresh credentials.F) c_storeLoadFreshCredentialcreds_exceptionsr r rc_credsCredentialTypeGoogleAuthFromCredentialsEXTERNAL_ACCOUNTEXTERNAL_ACCOUNT_USER EXTERNAL_ACCOUNT_AUTHORIZED_USER)r creds_types r&r r s  ' ' =E//??F*  &&77 &&<< &&GG    II12 sB*B21B2cl/nUR(aURHnU(dM US:wdMUR5HhnUnSU;aURSUR5nSU;aURSU5nSU;aURSU5nUR U5 Mj M U$)z.Obtain extra flags from the command arguments.--z%USER%z %INSTANCE%z %INTERNAL%)ssh_flagrrrr)argsremoteinstance_addressinternal_addressrflag flag_part deref_flags r&ParseAndSubstituteSSHFlagsrJs+ ]]  $$,I *  ##++HfkkBJ Z '#++L:JKJ Z '#++L:JKJ   Z (&$ r%c~[RR[R"5R SS5$)z0Returns the SDK helper executable bin directory.binsdk)rrcr2r rsdk_rootrr%r&rzrzs' flln--ue <jd  !! r%c4[UR55$r~)hashrWrqs r&__hash__Remote.__hash__=s  r%c~[U5[U5L=(a! UR5UR5:H$r~rrWr5others r&__eq__ Remote.__eq__@+ :e $ F)FFr%c.URU5(+$r~rgres r&__ne__ Remote.__ne__C{{5! !!r%c"UR5$r~rWrqs r&rRemote.__repr__F ::<r%rRr~)rr r!r"r#rIcompilerZr4rWrr]rargrlrr$rr%r&rPrPsL&**DE-C G"r%rPc UH/nS[U5s=::aS:aMO [SU<SU<S35e UR[RLa[ U5n[ U5nU$[U5RSS5$)zReturns s escaped such that it can be a ProxyCommand arg. Args: s: str, Argument to escape. Must be non-empty. env: Environment, data about the ssh client. Raises: BadCharacterError: If s contains a bad character. zSpecial character z (part of z&) couldn't be escaped for ProxyCommand%%%) rrKrdrNrS_EscapeWindowsArgvElement_EscapePuttyBackslashPercent_EscapeForBashr)srrs r&_EscapeProxyCommandArgr}Js a 3q6 D       YY%++ "!$A$Q'A H   " "3 --r%c$/nSnUSSS2HdnUS:XaURS5 SnMUS:Xa-U(aURS5 M>URS5 MQURU5 SnMf SS RU5SSS2-S-$) zReturns s escaped such that it can be passed to a windows executable. Args: s: str, What to escape. Must be ASCII and non-control. TN"z"\\\\Fr)rr2)r|resultfollowing_quoters r&ryryqs & / TrT7aCx mmEo d  f d mmAo  rwwvtt$ $s **r%cFURSS5RSS5$)Nrrrwrx)r)r|s r&rzrzs" 4 ( (d 33r%c[[R[R-S-5n/nUH/nX1;aUR U5 MUR SU-5 M1 SR U5$)zReturns s escaped so it can be used as a single bash argument. Args: s: str, What to escape. Must be ASCII, non-control, and non-empty. z %+-./:=@_rr)setstring ascii_lettersdigitsrr2)r| good_charsrrs r&r{r{sb6''&--7+EF* & a mmA mmD1H r%c U(d/$UR(a>1SknURH*nUR5(aMX2;dM![S5e [R"5nUVs/sHn[ XQ5PM nnUR (aURUR 5 UR[RLaSOSupgUR(aURSSS[URS5-S UR-S URS R-S URS -SUR -/5 URS(a!URSURS-5 URS(a!URSURS-5 OUR(aURSSXpR-U-Xv-U-SSUR-/5 UR"(aURSUR"-5 UR (aURSUR -5 UR$(aURSUR$-5 O ['S5eUR(HnUR[ X55 M [*R,"5n U (aURSU -5 UR[RLaSSR/U5/$SSR/S/U-5SS/$s snf)aCalculate the ProxyCommand flags for IAP Tunnel if necessary. IAP Tunnel with ssh runs an second inner version of gcloud by passing a command to do so as a ProxyCommand argument to OpenSSH/Putty. Args: iap_tunnel_args: iap_tunnel.SshTunnelArgs or None, options about IAP Tunnel. env: Environment, data about the ssh client. Raises: BadCharacterError: If instance arg contains any invalid characters. ValueError: If no instance or cloud run args are provided. Returns: [str], the additional arguments for OpenSSH or Putty. >r._z6Instance name/IP/hostname contains illegal characters.)z%portr)z%p'runzstart-iap-tunnelz--project_number=project_numberz --project_id=z--workload_type= workload_typez--deployment_name=rZz --region=r8z --instance= container_idz --container=computez--listen-on-stdinz --project=z--zone=z --network=z'No instance or cloud run args provided.z --verbosity=z -proxycmdr-o ProxyCommandzProxyUseFdpass=no)r3isalnumrKr ArgsForGcloudr}trackrrdrNrScloud_run_argsrstrr+rr,r7networkr/pass_through_argsr GetVerbosityNamer2) iap_tunnel_argsrallowed_non_alnum_charschargcloud_commandr port_token quotationr\ verbositys r&_BuildIapTunnelProxyCommandArgsrs"  I -(( \\^^ C D  ) #002. =KKNq*12N.K///0ekk1o|*##  o,,-=> ? @  ! ! "  ( ( 9 ? ? @  ( (): ; <o,,,  %%m4 /88G G%%n5 ?99.I I,,,y8*... I(<(<<=K/*@*@@AL?+B+BBC > ??  . .c0:;/""$).945YY%++ .1 22  .!N23   uLs2Mc:\rSrSrSrSSjrS SjrS SjrSrg) riaPlatform independent SSH client key generation command. For OpenSSH, we use `ssh-keygen(1)`. For PuTTY, we use a custom binary. Currently, the only supported algorithm is 'rsa'. The command generates the following files: - ``: Private key, on OpenSSH format (possibly encrypted). - `.pub`: Public key, on OpenSSH format. - `.ppk`: Unencrypted PPK key-pair, on PuTTY format. The PPK-file is only generated from a PuTTY environment, and encodes the same private- and public keys as the other files. Attributes: identity_file: str, path to private key file. allow_passphrase: bool, If True, attempt at prompting the user for a passphrase for private key encryption, given that the following conditions are also true: - Running in an OpenSSH environment (Linux and Mac) - Running in interactive mode (from an actual TTY) - Prompts are enabled in gcloud reencode_ppk: bool, If True, reencode the PPK file if it was generated with a bad encoding, instead of generating a new key. This is only valid for PuTTY. print_cert: bool, If True, ssh-keygen will print certificate information. c4XlX lX0lX@lg)z3Construct a suite independent `ssh-keygen` command.N) identity_filerrr[)r5rrrr[s r&r4KeygenCommand.__init__/s',$ Or%NcpU=(d [R5nUR(d [S5eUR/nUR[ R LaUR(a URSSUR/5 U$UR=(a [R"5nU(dURSS/5 URSSSUR/5 U$UR(aURS5 URUR5 U$) a!Construct the actual command according to the given environment. Args: env: Environment, to construct the command for (or current if None). Raises: MissingCommandError: If keygen command was not found. Returns: [str], the command args (where the first arg is the command itself). z4Keygen command not found in the current environment.z-Lz-fz-Nr-trsaz--reencode-ppk)rUr|rZr(rdrNrRr[rrrr CanPromptrr)r5rrCprompt_passphrases r&rKeygenCommand.Build7s  &$$&C ::  @  JJNone: A function call with the stdout of ssh-keygen. Raises: MissingCommandError: Keygen command not found. CommandError: Keygen command failed. Running command [{}].rT)no_exitr\rr7N)rr rr1r2r Execr+)r5rr\rCrs r&rKeygenCommand.RunXs^ ::c?DII%,,SXXd^<=  ! !$x HF af 55r%)rrr[r)TFFr~r> rr r!r"r#r4rrr$rr%r&rrs!2IN!B6r%rcT\rSrSrSrSSjrS SjrS SjrSrg) rijaRepresents a platform independent SSH command. This class is intended to manage the most important suite- and platform specifics. We manage the following data: - The executable to call, either `ssh`, `putty` or `plink`. - User and host, through the `remote` arg. - Potential remote command to execute, `remote_command` arg. In addition, it manages these flags: -t, -T Pseudo-terminal allocation -p, -P Port -i Identity file (private key) -o Key=Val OpenSSH specific options that should be added, `options` arg. For flexibility, SSHCommand also accepts `extra_flags`. Always use these with caution -- they will be added as-is to the command invocation without validation. Specifically, do not add any of the above mentioned flags. Nc XlX lX0lX@lXlU=(d 0UlU=(d /UlU=(d /UlXlXl Xl SUl g)aConstruct a suite independent SSH command. Note that `extra_flags` and `remote_command` arguments are lists of strings: `remote_command=['echo', '-e', 'hello']` is different from `remote_command=['echo', '-e hello']` -- the former is likely desired. For the same reason, `extra_flags` should be passed like `['-k', 'v']`. Args: remote: Remote, the remote to connect to. port: str, port. identity_file: str, path to private key file. cert_file: str, path to certificate file. options: {str: str}, options (`-o`) for OpenSSH, see `ssh_config(5)`. extra_flags: [str], extra flags to append to ssh invocation. Both binary style flags `['-b']` and flags with values `['-k', 'v']` are accepted. remote_command: [str], command to run remotely. tty: bool, launch a terminal. If None, determine automatically based on presence of remote command. iap_tunnel_args: iap_tunnel.SshTunnelArgs or None, options about IAP Tunnel. remainder: [str], NOT RECOMMENDED. Arguments to be appended directly to the native tool invocation, after the `[user@]host` part but prior to the remote command. On PuTTY, this can only be a remote command. On OpenSSH, this can be flags followed by a remote command. Cannot be combined with `remote_command`. Use `extra_flags` and `remote_command` instead. identity_list: list, A list of paths to private key files. Overrides the identity_file argument, and sets multiple `['-i']` flags. N) rDportrr_ identity_listoptionsrremote_commandrr remainder_remote_command_file) r5rDrrr_rrrrrrrs r&r4SSHCommand.__init__~s]VKI&N&=bDL"(bD(.BDH*N $Dr%c U=(d [R5nUR(aUR(d [ S5eUR S;a UR OUR (+nU(aURS/O URS/nUR(a=UR[RLaSOSnURX@R/5 UR(a+URSRUR5/5 UR(a'URHnURSU/5 M OhUR(aWURnUR[RLaUR!S 5(dUS - nURSU/5 UR[R"LaR[%[&R("UR*55H%upgURS S RXgS 9/5 M' UR[-UR.U55 URUR05 UR2(a)UR5UR2R755 UR8(aURUR85 UR (aUR[R"La.UR5S 5 URUR 5 U$U(a[:R<"SSS9UlUR>RASRCUR 55 SSS5 URSUR>RD/5 U$URUR 5 U$!,(df  NT=f)a+Construct the actual command according to the given environment. Args: env: Environment, to construct the command for (or current if None). Raises: MissingCommandError: If SSH command(s) required were not found. Returns: [str], the command args (where the first arg is the command itself). z"The current environment lacks SSH.)TFrz-T-Pz-pz-o CertificateFile={}-irr{k}={v}kvrAzw+tF)r<deleterNz-m)#rUr|rWrYr(rrrrdrNrSrr_r1rrendswithrRsortedrfrgrrrrrDrrWrtempfileNamedTemporaryFilerwriter2r)r5rrrC port_flagrrmrs r&rSSHCommand.Builds  &$$&C GG  D EEhh-/$((9L9L5LC#&CLL$ SWWdOD yy))u{{2$i kk9ii() ~~ kk*11$..ABC --- T=)*.  ((m ekk !-*@*@*H*H  kk4'( yyEMM!s}}T\\:;*# T9++c+;<=< KK/0D0DcJKKK  ! {{ kk$++##%& ~~ kk$..!  emm # D D''( K  ( (u  &  # # ) )#((43F3F*G H  T44499:; K D''( K  s :O O(cU=(d [R5nURU5n[R"SR SR U555 UR[RLa U(aSnOSn0nU(aX8S'U(aXHS'U(aXXS'[R"U4SUS .UD6n UR(a+[R"URR5 XR":Xa [%US U S 9eU $![ a< [R"S R URR55 Ncf=f) aRun the SSH command using the given environment. Args: env: Environment, environment to run in (or current if None). putty_force_connect: bool, whether to inject 'y' into the prompts for `plink`, which is insecure and not recommended. It serves legacy compatibility purposes for existing usages only; DO NOT SET THIS IN NEW CODE. explicit_output_file: Pipe stdout into this file-like object explicit_error_file: Pipe stderr into this file-like object explicit_input_file: Pipe stdin from this file-like object Raises: MissingCommandError: If SSH command(s) not found. CommandError: SSH command failed (not to be confused with the eventual failure of the remote command). Returns: int, The exit code of the remote command, forwarded from the client. rry NstdoutrstdinTrin_strz)Failed to delete remote command file [{}]rr)rUr|rr rr1r2rdrNrSr rrrrrrrlr+) r5rputty_force_connectexplicit_output_fileexplicit_error_fileexplicit_input_filerCrextra_popen_kwargsrs r&rSSHCommand.Runs:8  &$$&C ::c?DII%,,SXXd^<= yyEKK$7ff%9"%8"$7!  ! ! 6-?F      $++001""" af 55 M  7 > >))..   s*D##AE)(E)) rr_rrrrrrrrDrr) NNNNNNNNNNr~)NFNNNrrr%r&rrjsK,  6%pAJ  Cr%rc\\rSrSrSrS Sjr\S Sj5rS SjrS Sjr Sr g) SCPCommandi?azRepresents a platform independent SCP command. This class is intended to manage the most important suite- and platform specifics. We manage the following data: - The executable to call, either `scp` or `pscp`. - User and host, through either `sources` or `destination` arg. Multiple remote sources are allowed but not supported under PuTTY. Multiple local sources are always allowed. - Potential remote command to execute, `remote_command` arg. In addition, it manages these flags: -r Recursive copy -C Compression -P Port -i Identity file (private key) -o Key=Val OpenSSH specific options that should be added, `options` arg. For flexibility, SCPCommand also accepts `extra_flags`. Always use these with caution -- they will be added as-is to the command invocation without validation. Specifically, do not add any of the above mentioned flags. Nc [U[5(aU/OUUlX lX0lX@lXPlX`lXplXl U=(d 0Ul U =(d /Ul Xl g)aConstruct a suite independent SCP command. Args: sources: [FileReference] or FileReference, the source(s) for this copy. At least one source is required. NOTE: Multiple remote sources are not supported in PuTTY and is discouraged for consistency. destination: FileReference, the destination file or directory. If remote source, this must be local, and vice versa. recursive: bool, recursive directory copy. compress: bool, enable compression. port: str, port. identity_file: str, path to private key file. cert_file: str, path to OpenSSH certificate file. options: {str: str}, options (`-o`) for OpenSSH, see `ssh_config(5)`. extra_flags: [str], extra flags to append to scp invocation. Both binary style flags `['-b']` and flags with values `['-k', 'v']` are accepted. iap_tunnel_args: iap_tunnel.SshTunnelArgs or None, options about IAP Tunnel. identity_list: list, A list of paths to private key files. Overrides the identity_file argument, and sets multiple `['-i']` flags. N) r FileReferencerGrH recursivecompressrrr_rrrr) r5rGrHrrrrr_rrrrs r&r4SCPCommand.__init__Vs`F!+7M B BG9DL"NMI&N&=bDL"(bD*r%cU=(d [R5nU(d [SX5eUR(a8[ UVs/sHoURPM sn5(a [SUU5egUR [ RLa[U5S:wa [SUU5e[UVs/sHoURPM sn5(d [SUU5eU(a@[[UVs/sHoURPM sn55S:wa [SUU5eggs snfs snfs snf)aFVerify that the source- and destination config is sound. Checks that sources are remote if destination is local and vice versa, plus raises error for multiple remote sources in PuTTY, which is not supported by `pscp`. Args: sources: [FileReference], see SCPCommand.sources. destination: FileReference, see SCPCommand.destination. single_remote: bool, if True, enforce that all remote sources refer to the same Remote (user and host). env: Environment, the current environment. Raises: InvalidConfigurationError: The source/destination configuration is invalid. zNo sources provided.z;All sources must be local files when destination is remote.r`z/Multiple remote sources not supported by PuTTY.z3Source(s) must be remote when destination is local.zDAll sources must refer to the same remote when destination is local.N) rUr|rCrDrrdrNrSrrpr)r{rGrH single_remotersrcs r&VerifySCPCommand.Verifys,&  &$$&C  % '  G ,GSjjG , - -' I     . ekk !c'la&7' =    0**0 1 1' A    3s'#B'3JJ'#BCDI'      J'-1 $Cs D2<D7?D< c U=(d [R5nUR(d [S5eUR UR UR US9 UR/nUR(aURS5 UR(aURS5 UR(aURSUR/5 UR(a6UR[RLaURUR S'UR"(a'UR"HnURSU/5 M OhUR$(aWUR$nUR[R&LaUR)S5(dUS- nURSU/5 UR[RLaR[+[,R."UR 55H%upEURS S R1XES 9/5 M' UR[3UR4U55 URUR65 URUR Vs/sHofR95PM sn5 URUR R955 U$s snf) a}Construct the actual command according to the given environment. Args: env: Environment, to construct the command for (or current if None). Raises: InvalidConfigurationError: The source/destination configuration is invalid. MissingCommandError: If SCP command(s) required were not found. Returns: [str], the command args (where the first arg is the command itself). z:The current environment lacks an SCP (secure copy) client.)rz-rz-CrCertificateFilerrrrr)rUr|rXr(rrGrHrrrrrr_rdrNrRrrrrSrrrfrgr1rrrrW)r5rrCrrmrsources r&rSCPCommand.Builds  &$$&C 77  F  KK d..CK8 GG9D ~~ kk$ }} kk$ yy kk4#$ ~~#))u}}4(,dll$% --- T=)*.  ((m ekk !-*@*@*H*H  kk4'( yyEMM!s}}T\\:;*# T9++c+;<=< KK/0D0DcJKKK  ! KKdll;lFl;<KK  &&() K.i s L0Hr%)kwargsshould_retry_ifrN) rUr|rdrNrRrDEVNULLrRetryOnExceptionrrr)r5rrrun_argss r&PollSSHPoller.PollD sz(  &$$&C2H yyEMM!(2(:(:h$%MM"" H #r%)rrr)NNNNi`iNr)rr r!r"r#r4rr$rr%r&rr s* $HL'r%rcJ\rSrSrSrS SjrSr\S5rSr Sr S r S r g) rin zA reference to a local or remote file (or directory) for SCP. Attributes: path: str, The path to the file. remote: Remote or None, the remote referred or None if local. NcXlX lg)zConstructor for FileReference. Args: path: str, The path to the file. remote: Remote or None, the remote referred or None if local. NrcrD)r5rcrDs r&r4FileReference.__init__v sIKr%cUR(d UR$SRURR5URS9$)zConvert to a positional argument, in the form expected by `scp`/`pscp`. Returns: str, A string on the form `remote:path` if remote or `path` if local. z{remote}:{path})rDrc)rDrcr1rWrqs r&rWFileReference.ToArg s< ;; YY  # #4;;+<+<+>TYY # OOr%c[RRU5SnURS5up4nU(a[R U5OSnU(a U(dU"XVS9$U"US9$)aMConvert an SCP-style positional argument to a file reference. Note that this method does not raise. No lookup of either local or remote file presence exists. Args: path: str, A path on the canonical scp form `[remote:]path`. If remote, `path` can be empty, e.g. `me@host:`. Returns: FileReference, the constructed object. rrNrrb)rrc splitdrive partitionrPr])r{rc local_drive remote_argseprlrDs r&FromPathFileReference.FromPath s\''$$T*1-K!%!4JY+.V^^J 'DF k i // d^r%c~[U5[U5L=(a! UR5UR5:H$r~rdres r&rgFileReference.__eq__ rir%c.URU5(+$r~rkres r&rlFileReference.__ne__ rnr%c"UR5$r~rprqs r&rFileReference.__repr__ rrr%rr~) rr r!r"r#r4rWrrrgrlrr$rr%r&rrn s6P,G"r%r)NNNNNrr~)NNFNNNNN)hr# __future__rrrrKenumrrrrIrrrrapitools.base.pyrgooglecloudsdk.api_lib.osloginrrgooglecloudsdk.callioper"googlecloudsdk.command_lib.osloginr googlecloudsdk.command_lib.utilr googlecloudsdk.corer core_exceptionsr r rgooglecloudsdk.core.consolergooglecloudsdk.core.credentialsrr9r8rr6googlecloudsdk.core.utilrrrrfsix.moves.urllib.parserrcr2PER_USER_SSH_CONFIG_FILErfr*r r r rr rr(r+rCrKEnumrNr%rUrrrrr/r4r9r?rBrDrFr`rnrprrrrrrrrrr3r rJrzrPr}ryrzr{rrrrrrrr%r&r)s Q&'  'C(<0&=/#*2<J<*.* (77<<VX>77<<V-GH'',,sF,HI."6!4+H(,o++,A///A?((. 5 5B--BDII](&](@6DII 499\F6\F~ O&O(O&   2Oj&RHHV>.*48B+\[6[| 24@ "&"& K\ 6= CVCL$.N"+J4"dNR6FR6jRRjR6R6jWWt:F:r%