fSrSSKJr SSKJr SSKJr SSKrSSKJr SSKJr SSK J r SS K J r SS K Jr SS K Jr SS KJr SSKJr SS KJr SSKJr "SS\R05rSrg)z.Revoke credentials being used by the CloudSDK.)absolute_import)division)unicode_literalsN)base) exceptions) auth_util)config)log) properties)creds)store)resource_printerc4\rSrSrSr\S5rSrSrSr g)Revoke$aRevoke access credentials for an account. Revokes credentials for the specified user accounts, service accounts or external accounts (workload identity pools). When given a user account, this command revokes the user account token on the server. If the revocation is successful, or if the token has already been revoked, this command removes the credential from the local machine. When given a service account, this command does not revoke the service account token on the server because service account tokens are not revocable. Instead, it will print a warning and remove the credential from the local machine. When used with a service account, this command has only a local effect and the key associated with the service account is not deleted. This can be done by executing `gcloud iam service-accounts keys delete` after `revoke`. When given an external account (workload identity pool), whether impersonated or not, the command does not revoke the corresponding token on the server because these tokens are not revocable. The underlying external credentials (OIDC, AWS, etc.) used to generate these access tokens have to be revoked too, but gcloud has no control over that. Instead, it will print a warning and remove the credential from the local machine. If no account is specified, this command revokes credentials for the currently active account, effectively logging out of that account. If --all is given, the behaviors described above apply individually to each account in the list. You can revoke credentials when you want to prevent gcloud and other Google Cloud CLI tools from using the specified account. You do not need to revoke credentials to switch between accounts. c~URSSSS9 URSSSS9 URRS 5 g) Naccounts*z-Accounts whose credentials are to be revoked.)nargshelpz--all store_truez$Revoke credentials for all accounts.)actionrz"list[title="Revoked credentials:"]) add_argument display_info AddFormat)parsers lib/surface/auth/revoke.pyArgs Revoke.ArgsEsM  #LN  CE !!"FGcTUR=(d /n[U[5(aU/n[R"5n[ U5[ U5- nU(a&[ R"SSRU55eUR(aUn[RRRR5nU(d U(aU/nU(d[ R"SS5eSnUGH|nXW:Xa9[R "[RRRS5 [R""USSS9n[R("U5(GdUR+S5(a'[,R."S R1U55 M[2R4"U5(a'[,R."S R1U55 M[2R6"U5(d8"U5(a([,R."S R1U55 GMR[,R."S R1U55 GMzSnGM [;U5 U$![$R&a SnGNNf=f) z-Revoke credentials and update active account.r z#No credentials available to revoke.FNT)prevent_refreshuse_google_authz.gserviceaccount.comac[{}] appears to be a service account. Service account tokens cannot be revoked, but they will expire automatically. To prevent use of the service account token earlier than the expiration, delete or disable the parent service account. To explicitly delete the key associated with the service account use `gcloud iam service-accounts keys delete` instead`.zv[{}] appears to be an external account. External account tokens cannot be revoked, but they will expire automatically.z[{}] appears to be an external account user. External account user tokens cannot be revoked, but they will expire automatically.z+[{}] already inactive (previously revoked?))r isinstancestrc_storeAvailableAccountssetc_excUnknownArgumentExceptionjoinallr VALUEScoreaccountGetInvalidArgumentExceptionPersistPropertyLoadcreds_exceptionsErrorrendswithr warningformatc_credsIsExternalAccountCredentials IsExternalAccountUserCredentials*IsExternalAccountAuthorizedUserCredentials_WarnIfRevokeAndADCExists) selfargsravailable_accountsunknown_accountsactive_account creds_revokedr0r s rRun Revoke.RunMs"}}"H(C  h 2248}s+='>>  * * chh/0 22 xx#h&&++33779N  !h   * * ; ==M  """:#4#4#9#9#A#A4H T4A ^^G $ $   2 3 3 ++H IOI   1 1% 8 8 ++Nvg  5 5 HHOO ++%vg 0 ++;BB7K M UXm, OC # #sJ  J'&J'c[R"5n[R"[R[ R S9nURU5 g)N)out)r' AllAccountsrPrinterACCOUNT_TABLE_FORMATr statusPrint)r?unused_results_were_displayedrprinters rEpilog Revoke.Epilogs=""$H&&$$#**G MM(r N) __name__ __module__ __qualname____firstlineno____doc__ staticmethodrrErP__static_attributes__rRr rrr$s*@HHFPr rcU(aj[RR[R"55(a2[ R "5(a[R"S5 gggg)NaHYou also have Application Default Credentials (ADC) set up. If you want to revoke your Application Default Credentials as well, use the `gcloud auth application-default revoke` command. For information about ADC credentials and gcloud CLI credentials, see https://cloud.google.com/docs/authentication/external/credential-types ) ospathisfiler ADCFilePathrADCIsUserAccountr r8)rDs rr>r>sLv'9'9';<<  ""KK #=mr )rW __future__rrrr[googlecloudsdk.callioperrr*googlecloudsdk.command_lib.authrgooglecloudsdk.corer r r googlecloudsdk.core.credentialsr r:r5r r'googlecloudsdk.core.resourcerCommandrr>rRr rrgsL 5&' (75&#*<J<9vT\\vr r