,SrSSKJr SSKJr SSKJr SSKrSSKJr SSKJ r SSK J r SS K J r SS K Jr S rS r\ R""S S\ R$55rg)z.Command for deleting access approval settings.)absolute_import)division)unicode_literalsN)settings)apis)base) exceptions)parent) ORGANIZATIONFOLDERPROJECT) transparencystreamlined-supportaccess-approvalinherit-policy-from-parentcV\rSrSrSrS\R "S50r\S5r Sr Sr g) Update'zUpdate Access Approval settings. Update the Access Approval settings associated with a project, a folder, or organization. Partial updates are supported (for example, you can update the notification emails without modifying the enrolled services). EXAMPLESa Update notification emails associated with project `p1`, run: $ {command} --project=p1 --notification_emails='foo@example.com, bar@example.com' Enable Access Approval enforcement for folder `f1`: $ {command} --folder=f1 --enrolled_services=all Enable Access Approval enforcement for organization `org1` for only Cloud Storage and Compute products and set the notification emails at the same time: $ {command} --organization=org1 --enrolled_services='storage.googleapis.com,compute.googleapis.com' --notification_emails='security_team@example.com' Update active key version for project `p1`: $ {command} --project=p1 --active_key_version='projects/p1/locations/global/keyRings/signing-keys/cryptoKeys/signing-key/cryptoKeyVersions/1' Update preferred request expiration days for project `p1`: $ {command} --project=p1 --preferred_request_expiration_days=5 Enable prefer no broad approval requests for project `p1`: $ {command} --project=p1 --prefer_no_broad_approval_requests=true Update notification pubsub topic for project `p1`: $ {command} --project=p1 --notification_pubsub_topic='exampleTopic' Update request scope max width preference for project `p1`: $ {command} --project=p1 --request_scope_max_width_preference=PROJECT Update approval policy for project `p1`: $ {command} --project=p1 --approval_policy=transparency c[R"U5 URSSS9 URSSS9 URSSS9 URS[S S 9 URS [S S 9 URS SS9 URS[ SS9 URS[SS 9 URS[ SS9 g)zAdd command-specific args.--notification_emailszComma-separated list of email addresses to which notifications relating to approval requests should be sent or '' to clear all saved notification emails.)help--enrolled_serviceszComma-separated list of services to enroll for Access Approval or 'all' for all supported services. Note for project and folder enrollments, only 'all' is supported. Use '' to clear all enrolled services.--active_key_versionzpThe asymmetric crypto key version to use for signing approval requests. Use '' to remove the custom signing key.#--preferred_request_expiration_dayszThe default expiration time for approval requests. This value must be between 1 and 30. Note that this can be overridden at time of Approval Request creation and modified by the customer at approval time.)typer#--prefer_no_broad_approval_requestszIf set to true it will communicate the preference to Google personnel to request access with as targeted a resource scope as possible.--notification_pubsub_topiczMThe pubsub topic to publish notifications to when approval requests are made.$--request_scope_max_width_preferencez^The preference for the broadest scope of access for access requests without a specific method.)choicesr(--require_customer_visible_justificationzThe preference to configure if a customer visible justification (i.e. Vector Case) is required for a Googler to create an Access Ticket to send to the customer when attempting to access customer resources.--approval_policyzDThe preference to configure the approval policy for access requests.N)r Args add_argumentintbool _PREFERENCES_APPROVAL_POLICY_PREFERENCES)parsers .lib/surface/access_approval/settings/update.pyr# Update.ArgsYs# KK  *  "  B -     -    % " . 3  2     ,  cd[R"U5nURcURctURcgUR cZUR cMURc@URc3URc&URc[R"/SQS5e/n/nURb\URS5 UR(a:URRS5nUVs/sHoUR5PM nn/nURb\URS5 UR(a:URRS5nUVs/sHoUR5PM nnURbURS5 UR bURS5 UR bURS 5 URbURS 5 [ R""S S 5nSnURbURS 5 URn U S:Xa!UR$R&R(nOMU S:Xa!UR$R&R*nO&U S:Xa UR$R&R,nURbURS5 URbURS5 URn U S:Xa.UR/UR.R0R2S9n OU S:Xa.UR/UR.R0R4S9n OjU S:Xa.UR/UR.R0R6S9n O6U S:Xa-UR/UR.R0R8S9n OSn [:R<"US3UUURUR UR URUURW SR?U5S9 $s snfs snf)zThis is what gets called when the user runs this command. Args: args: an argparse namespace. All the arguments that were provided to this command invocation. Returns: Some value that we want to have printed later. N) rrrrrrrr!r"z(must specify at least one of these flagsnotification_emails,enrolled_servicesactive_key_version!preferred_request_expiration_days!prefer_no_broad_approval_requestsnotification_pubsub_topicaccessapprovalv1"request_scope_max_width_preferencer r r &require_customer_visible_justificationapproval_policyr) justificationBasedApprovalPolicyrrrz/accessApprovalSettings) namer.r0r1r2r3r4r7r8r9 update_mask) r GetParentr.r0r1r2r3r4r7r8r9r MinimumArgumentExceptionappendsplitstriprGetMessagesModuleAccessApprovalSettings-RequestScopeMaxWidthPreferenceValueValuesEnumr r r CustomerApprovalApprovalPolicy/JustificationBasedApprovalPolicyValueValuesEnum(JUSTIFICATION_BASED_APPROVAL_ENABLED_ALL>>n > )  ' ' U U b b + X %  ' ' U U \ \ + Y &  ' ' U U ] ] + 22>AB '*+ 00  .==-1-P-P.A.A.j.j>   " #==-1-P-P.A.A.~.~>  "3 3==-1-P-P.A.A.j.j>  "> >==-1-P-P.A.A.h.h> o ??s) *''22*.*P*P*.*P*P"&"@"@+M/3/Z/Z'HH[)  O7;s 7P("P-N) __name__ __module__ __qualname____firstlineno____doc__textwrapdedent detailed_help staticmethodr#rU__static_attributes__rWr,r*rr'sA(//%# % '-RNN`r,r)r\ __future__rrrr]&googlecloudsdk.api_lib.access_approvalrgooglecloudsdk.api_lib.utilrgooglecloudsdk.callioperr *googlecloudsdk.command_lib.access_approvalr r'r(UniverseCompatibleCommandrrWr,r*ris\5&';,(.=5  AT\\AAr,