hSrSSKJr SSKJr SSKJr SSKJr SSKJr SSKJ r SSK J r SS K J r SS KJr SSKJ r \ R""\ R$R&5"S S \ R(55rg )zCCommand to set service account and scopes for an instance resource.)absolute_import)division)unicode_literals) base_classes) constants)base)flags)scope) exceptionscp^\rSrSrSrSSS.rU4Sjr\S5rSr S r S r S r S r S rSrSrU=r$)SetServiceAccountzLSet a service account and access scopes for a Compute Engine VM instance. a `{command}` lets you configure a service account and access scopes for a Compute Engine VM instance. As a best practice, grant the ``cloud-platform'' access scope on your VM instance. Then, to restrict resource access, grant only the required IAM roles to the VM instance's service account. For more information, see [](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#changeserviceaccountandscopes#best_practices). z To set a service account with the ``cloud-platform'' scope, run: $ {command} example-instance --scopes=cloud-platform --zone=us-central1-b --service-account=example-account ) DESCRIPTIONEXAMPLEScH>[URU] "U0UD6 SUlg)N)super __class____init__ _instance)selfargskwargsrs 4lib/surface/compute/instances/set_service_account.pyrSetServiceAccount.__init__4s" $..$($9&9DNcp[RRU5 [R"US5 g)NT)r INSTANCE_ARG AddArgumentAddServiceAccountAndScopeArgs)parsers rArgsSetServiceAccount.Args8s& ""6* ''5rcUR(d[URRSURR"S0UR 5D64nUR U/S9nUSUlUR$)z@Return cached instance if there isn't one fetch referrenced one.Get)requestsr)rapitools_client instancesmessagesComputeInstancesGetRequestAsDict MakeRequests)r instance_refclientrequestinstances r _get_instanceSetServiceAccount._get_instance=sp >>''115;;.#**,./g$$wi$8h{dn >>rcrURX5nUcgURnU(aUSR$g)z2Return email of service account instance is using.Nr)r1serviceAccountsemail)rr-r.r0orignal_service_accountss r_original_email!SetServiceAccount._original_emailIs>!!,7H '77 %a ( . .. rc|URX5nUc/$URn/nUHnXVR- nM U$)z Return scopes instance is using.)r1r4scopes)rr-r.r0r6resultaccountss r_original_scopes"SetServiceAccount._original_scopesSsI!!,7H i'77 F, f- MrcUR(agUR(a UR$URX#5$)z8Return email to set as service account for the instance.N)no_service_accountservice_accountr7rrr-r.s r_emailSetServiceAccount._email^s4     ! !!    55rc|UR(a/$URb UR$URX#5$)z&Return scopes to set for the instance.) no_scopesr:r=rBs r_unprocessed_scopes%SetServiceAccount._unprocessed_scopesfs3 ~~ i {{ [[   66rc/nURUX#5H4n[RRXU/5nUR U5 M6 U$)a*Get list of scopes to be assigned to the instance. Args: args: parsed command line arguments. instance_ref: reference to the instance to which scopes will be assigned. client: a compute_holder.client instance Returns: List of scope urls extracted from args, with scope aliases expanded. )rGrSCOPESgetextend)rrr-r.r;unprocessed_scoper s r_scopesSetServiceAccount._scopesnsSF!55d6BL""#46IJe mmEL Mrc[R"UR55nURn[R "U5 [R RXR[RR[R"U5S9nURXU5nURXU5nU(aU(d[ R""S5eUR$R'UR$R)UUS9UR*UR,UR/5S9nUR1UR2R4SU4/5$)N) default_scope scope_listerz4Can not set scopes when there is no service acoount.)r5r:)!instancesSetServiceAccountRequestprojectzoner0r )rComputeApiHolder ReleaseTrackr.r "ValidateServiceAccountAndScopeArgsrResolveAsResource resources compute_scope ScopeEnumZONE compute_flagsGetDefaultScopeListerrCrNr $ScopesWithoutServiceAccountExceptionr)(ComputeInstancesSetServiceAccountRequest!InstancesSetServiceAccountRequestrTrUNamer,r'r()rrcompute_holderr.r-r5r:r/s rRunSetServiceAccount.RunsB!2243D3D3FGN  " "F ,,T2%%77 &&#--22"88@8BL KKF 3E \\$f 5F e  ; ; @ BBooFF OO = = >  $$   ""$G G   ((!  r)r)__name__ __module__ __qualname____firstlineno____doc__ detailed_helpr staticmethodr!r1r7r=rCrGrNre__static_attributes__ __classcell__)rs@rr r sZ  -"66  67$!!rr N)rk __future__rrrgooglecloudsdk.api_lib.computerrgooglecloudsdk.callioper"googlecloudsdk.command_lib.computer r^r r[,googlecloudsdk.command_lib.compute.instancesr ReleaseTracksrWGA SilentCommandr r&rrrxsdJ&'74(EEC>D%%(()B**B*Br