A"SrSSKJr SSKJr SSKJr SSKrSSKrSSKJr SSK J r SSK J r SS K J r SS K J r SS K Jr SS KJr SS KJr SSKJr SSKJr SSKJr SSKJr SSKJr SSKJr SSKJr SSK Jr Sr!Sr"Sr#Sr$SS/r%Sr&\RN"S5r(\RN"S5r)\RN"S5r*\RN"S5r+\RN"S 5r,\RN"S!5r-\RN"S"5r.\R^\R`"\RbRd\RbRf\RbRh5"S#S$\Rj555r6g!\ a SrGNf=f)%zFImplements the command for resetting a password in a Windows instance.)absolute_import)division)unicode_literalsN)encoding) base_classes) constants)metadata_utils)openssl_encryption_utils)utils)base)flags)gaia) time_util)log) properties) console_io)files)windows_encryption_utilsz%Y-%m-%dT%H:%M:%S+0000i,z windows-keyszgce-initial-windows-userzgce-initial-windows-passwordz Did not receive password in a reasonable amount of time. Please try again. If this persists, confirm that the clock on your local system is correct. Current UTC time on your system: [{0}]z The instance may not be ready for use. This can occur if the instance was recently created or if the instance is not running Windows. Please wait a few minutes and try again.a, This Windows instance appears to be too old and does not support the reset-windows-password command. Please run the following command and look for the keys "gce-initial-windows-user" and "gce-initial-windows-password" in the metadata: [gcloud compute instances describe {0} --zone {1}] Alternatively, you can recreate the instance and update it to take advantage of reset-windows-password. More information can be found here: https://cloud.google.com/compute/docs/operating-systems/windows#upgrade_existing_instances z User [{0}] cannot be created on instance [{1}]. The user name and instance name must differ on Windows instances. Please use the "--user" flag to select a different username for this instance.z Instance [{0}] does not appear to have an external IP address, so it will not be able to accept external connections. To add an external IP address to the instance, use gcloud compute instances add-access-config.a Instance [{0}] appears to have been created with an older version of gcloud (or another tool that is still setting legacy credentials for Windows instances) and the metadata for this instance contains insecure (and likely invalid) authentication credentials. It is recommended that they be removed with the following command: [gcloud compute instances remove-metadata {1} --zone {2} --keys {3}] a This command creates an account and sets an initial password for the user [{0}] if the account does not already exist. If the account already exists, resetting the password can cause the LOSS OF ENCRYPTED DATA secured with the current password, including files and stored passwords. For more information, see: https://cloud.google.com/compute/docs/operating-systems/windows#resetcz\rSrSrSr\R r\S5r Sr Sr Sr Sr SrS rSS jrS rS rS rg)ResetWindowsPasswordlaReset and return a password for a Windows machine instance. *{command}* allows a user to reset and retrieve a password for a Windows virtual machine instance. If the Windows account does not exist, this command will cause the account to be created and the password for that new account will be returned. For Windows instances that are running a domain controller, running this command creates a new domain user if the user does not exist, or resets the password if the user does exist. It is not possible to use this command to create a local user on a domain-controller instance. NOTE: When resetting passwords or adding a new user to a Domain Controller in this way, the user will be added to the built in Admin Group on the Domain Controller. This will give the user wide reaching permissions. If this is not the desired outcome then Active Directory Users and Computers should be used instead. For all other instances, including domain-joined instances, running this command creates a local user or resets the password for a local user. WARNING: Resetting a password for an existing user can cause the loss of data encrypted with the current Windows password, such as encrypted files or stored passwords. The user running this command must have write permission for the Google Compute Engine project containing the Windows instance. ## EXAMPLES To reset the password for user 'foo' on a Windows instance 'my-instance' in zone 'us-central1-f', run: $ {command} my-instance --zone=us-central1-f --user=foo cURRS5 URSSS9 [RR U5 g)Nz [private]textz--userz ``USER'' specifies the username to get the password for. If omitted, the username is derived from your authenticated account email address. )help) display_info AddFormat add_argumentinstance_flags INSTANCE_ARG AddArgument)parsers -lib/surface/compute/reset_windows_password.pyArgsResetWindowsPassword.ArgssG !!/2   ++F3cURRSURR"S0UR 5D64$)NGet)apitools_client instancesmessagesComputeInstancesGetRequestAsDict)selfclient instance_refs r# GetGetRequest"ResetWindowsPassword.GetGetRequests>  " " , ,  OO 6 6 O9L9L9N O QQr&cURRSURR"SSUR0UR 5D64$)N SetMetadatametadatar))r*r+r,"ComputeInstancesSetMetadataRequestr6r.)r/r0r1 replacements r# GetSetRequest"ResetWindowsPassword.GetSetRequestsO  " " , ,  OO > > )$-- )%%' ) **r&cf[RRX2[R"U5S9$)N) scope_lister)rr ResolveAsResourceGetInstanceZoneScopeLister)r/r0 resourcesargss r#CreateReference$ResetWindowsPassword.CreateReferences3  & & 8 8 #>>vF 9 HHr&c[R"U5n[USS5n[R"UR [ URU50US9nXSlU$)Nr6)message_classesr6existing_metadata) rCopyProtoMessagegetattrr ConstructMetadataMessager, METADATA_KEY_UpdateWindowsKeysValuer6)r/r0existing new_objectrE new_metadatas r#ModifyResetWindowsPassword.Modifysb**84J*d;!::   ( (): ;=, -L' r&c[R"[5nU[R"U5[R"U5UUS.n[ R "USS9nU$)z1Return a JSON formatted entry for 'windows-keys'.)userNamemodulusexponentemailexpireOnT) sort_keys)rCalculateExpirationRSA_KEY_EXPIRATION_TIME_SEC core_encodingDecodejsondumps)r/userrRrSrT expire_strwindows_key_datawindows_key_entrys r#_ConstructWindowsKeyEntry.ResetWindowsPassword._ConstructWindowsKeyEntrysZ../JKJ$(#0#7#7#@$1$8$8$B!&$. 0  #3tD r&c</n/UlURHnUR[:XaAURR S5Vs/sHoD(dM UR 5PM nnUR[;dMnURRUR5 M URUR5 /nSn[U5Hn[US-5nSn[R"U5n [R"U S5(aSnU(a'[$R&"SR)U55 MxXg-[*R,:a6[$R&"SR)[*R,U55 MURU5 Xg- nM [$R&"SR)[U555 UR/5 SR1U5$s snf![ ["4a Nf=f) ahReturns a string appropriate for the metadata. Values are removed if they have expired and non-expired keys are removed from the head of the list only if the total key size is greater than MAX_METADATA_VALUE_SIZE_IN_BYTES. Args: existing_metadata: The existing metadata for the instance to be updated. Returns: A new-line-joined string of Windows keys.  rFrUTzPThe following Windows key has expired and will be removed from your project: {0}zThe following Windows key will be removed from your project because your windows keys metadata value has reached its maximum allowed size of {0} bytes: {1}zNumber of Windows Keys: {0})old_metadata_keysitemskeyrIvaluesplitstripOLD_METADATA_KEYSappendr`reversedlenr[loadsr IsExpired ValueErrorKeyErrorrdebugformatr MAX_METADATA_VALUE_SIZE_IN_BYTESreversejoin) r/rE windows_keysitemrgkeysbytes_consumed num_bytes key_expiredkey_datas r#rJ,ResetWindowsPassword._UpdateWindowsKeysValuesLD!'' \ !/3zz/?/?/EM/E  /E M & & %%dhh/ (../ DN %cDj/ik ::c?   x 3 4 4+  ++16#; 8  &88 9 ;6)DDcJ L C#3&6II+223t9=>LLN 99T?QN,( #   s HH+6HHHcURRSURR"SSU0UR 5D64nUR U/5nUSR $)z5Returns the serial port output for self.instance_ref.GetSerialPortOutputportrr))r*r+r,*ComputeInstancesGetSerialPortOutputRequestr. MakeRequestscontents)r/r0r1rrequestobjectss r#_GetSerialPortOutput)ResetWindowsPassword._GetSerialPortOutput sj%%//$II,,!((*,-G !!7),G 1:  r&c:0n[R"5nSnSnU(Gd[R"SR U55 [R"5U[ -:a<[ R"[R [R"555eURXSS9RS5n[U5Hn [R"U 5n U R!S5n U (dU R!S5(aS nU R!S 5(dMb["R$"U5["R$"U 5:XdMU n O U(dmUR&(a@[(R UR*UR,5n [ R."U 5e[0n [ R2"U 5e[R4"[65 US- nU(dGMUS n U $![a GMJf=f) z@Returns the decrypted password from the data in the serial port.FzGet Serial Port Output, Try {0})rrdrRreadyTencryptedPassword)rCurrentTimeSecrrsrtWINDOWS_PASSWORD_TIMEOUT_SECr TimeoutError TIMEOUT_ERRORCurrentDatetimeUtcrrirmr[rorqgetrYrZreOLD_WINDOWS_BUILD_ERRORinstancezoneWrongInstanceTypeErrorNOT_READY_ERRORInstanceNotReadyErrorSleep POLLING_SEC)r/r0r1search_modulusencrypted_password_data start_timecount agent_readyserial_port_outputlineencrypted_password_dictrRmessageencrypted_passwords r##_GetEncryptedPasswordFromSerialPort8ResetWindowsPassword._GetEncryptedPasswordFromSerialPorts!))+J EK% ii188?@  " " $ 6 6 8   !=!=!? @B B44 Q5((-d -.$ $(JJt$4 ! *--i8 -11'::+'**+>??    0M4H4H 5 $; ! %/&  ! !+22<3H3H3?3D3DF',,W5 5#'++G4 4ook" qjeI&%J11DE 5   sH  HHc [R"UR55nURn[R "5n[ R"S5n[(a[R"5nO4U(a[R"U5nO[R"S5e[RR R"R%5nUR&(a UR&nO[(R*"U5nUR,U:Xa3[R."[0R3XR,55e[4R3U5n SR3U5n [6R8"U U SS9 [:R<R?SR3XR,55 URA5n URCUREU 55upURGXX5Ul$URKX2RLU5nUROX>5nURQU/5nURSUUS5nUSU:Xa=[:R<R?SR3USRT55 U$URQURWX>U5/5SnURYX>U 5nUR[U U5n[]U[^5(d[`Rb"U5nURdSRfnUSRhnURr(ac[:Rn"[tR3URvURvURxS R{URr555 [:R|"S R3[R "5U- 55 UUUS .nU$![j[l4a@n[:Rn"[pR3URT55 SnSnAGNSnAff=f) Nopensslz'Your platform does not support OpenSSL.z5Would you like to set or reset the password for [{0}]T)r prompt_string cancel_on_noz4Resetting and retrieving password for [{0}] on [{1}]rz/No change requested; skipping update for [{0}].,zTotal Elapsed Time: {0})usernamepassword ip_address)?rComputeApiHolder ReleaseTrackr0rrrFindExecutableOnPathrWinCryptr OpensslCryptr MissingDependencyErrorrVALUEScoreaccount GetOrFailr]r MapGaiaEmailToDefaultAccountName instance_nameInvalidUserErrorMACHINE_USERNAME_SAME_ERRORrtRESET_PASSWORD_WARNINGrPromptContinuerstatusPrint GetKeyPairGetModulusExponentFromPublicKey GetPublicKeyrar`rAr?r2rrNnamer9rDecryptMessage isinstancestrrYrZnetworkInterfaces accessConfigsnatIPrr IndexErrorwarning NO_IP_WARNINGreOLD_KEYS_WARNINGrrrwinfo)r/r@holderr0startopenssl_executablecryptrTr]rrrgrRrSr1 get_requestrrLupdated_instance enc_passwordraccess_configsexternal_ip_address_connection_infos r#RunResetWindowsPassword.RunFs  * *4+<+<+> ?F ]]F  $ $ &E33I>&//1e &334FGe  ( ( 3 55    " " * * 4 4 6E yy YYd  2 25 9d T!  " " % , ,T3E3E F HH%++D1GLfTl# JJKfT#5#568    C== 3!G";; x(D ''0@0@$GL$$V:K!!;-0GVWQZ0J qzZ jj ; B Bajoo  n**  F* =>@@AC;;g'L##C6H h $ $%%h/h!'99!<JJn*1-33   kk")),*?*?*6*?*?*6*;*;*-((43I3I*JLM HH &fY--/%78:$(#+%8:O % j !! kk-&&'7'<'<=> !s&(PQ5QQ)rer`N)r)__name__ __module__ __qualname____firstlineno____doc__r TOOLS_CATEGORYcategory staticmethodr$r2r9rArNrarJrrr__static_attributes__r)r&r#rrlsY$L ( 4 4Q *H  :x-^ar&r)7r __future__rrrr[textwrapapitools.base.pyrgooglecloudsdk.api_lib.computerrr r r googlecloudsdk.callioper ,googlecloudsdk.command_lib.compute.instancesr rgooglecloudsdk.command_lib.utilrrgooglecloudsdk.corerrgooglecloudsdk.core.consolergooglecloudsdk.core.utilrYrr ImportErrorEXPIRATION_DATE_FORMATrrXrIrkrdedentrrrrrrrDefaultUniverseOnly ReleaseTracksrGABETAALPHA UpdateCommandrr)r&r#rsM&' %749C0(P05#*2>*"E2!! /1OP !./ //#01 #// +  'oo/ !34 ??$ "*MND%%(($*;*;*@*@%%++-x4--x-xE"!"s8FF F