\SrSSKJr SSKJr SSKJr SSKJr SSKJr SSKJ r SSK J r SS K J r SS K J r SS K Jr SS KJr SS KJr SSKJr \ R(\ R*\ R,"\ R.R05"SS\ R25555rg)zEvaluate policy command.)absolute_import)division)unicode_literals)apis)platform_policy)base)flags)parsing)sigstore_image)util)log)yaml)Errorc.\rSrSrSr\S5rSrSrg)EvaluateAndSign!aEvaluate a Binary Authorization platform policy and sign the results, if conformant. ## EXAMPLES To evaluate and sign a policy using its resource name: $ {command} projects/my-proj/platforms/gke/policies/my-policy --resource=$KUBERNETES_RESOURCE To evaluate the same policy using flags against multiple images: $ {command} my-policy --platform=gke --project=my-proj --image=$IMAGE1 --image=$IMAGE2 To return a modified resource with attestations added as an annotation on the input resource, without uploading attestations to the registry: $ {command} projects/my-proj/platforms/gke/policies/my-policy --resource=$KUBERNETES_RESOURCE --output-file=$MODIFIED_RESOURCE --no-upload To upload attestations using Docker credentials located in a custom directory: $ {command} projects/my-proj/platforms/gke/policies/my-policy --image=$IMAGE --use-docker-creds --docker-config-dir=$CUSTOM_DIR c[R"US5 [R"U5 [R"U5 [R"U5 [R "U5 g)Nzto evaluate and sign)r AddPlatformPolicyResourceArgAddEvaluationUnitArgAddNoUploadArgAddOutputFileArgAddDockerCredsArgs)parsers :lib/surface/container/binauthz/policy/evaluate_and_sign.pyArgsEvaluateAndSign.Args?sK &&v/EF v&   6" V$c.URRR5R5nUR S5SnUS:wa[ SR U55eUR(a'UR(d[R "S5eUR(a'UR(a[R "S5eUR(a'UR(d[R "S5eUR(a![R"UR5nO [R"UR 5n["R$"S5R'X$S 5nUR([*R,"S5R.R0R2:wa S UlU$UR(dUR6H}n[8R:"U5n[<R>"S R U55 [8R@"U[8RB"U5URURS 9 M UR(a[RD"XER65n[RF"UR5[RHRJ:Xa[LRN"U5n[<RP"URUS S S S9 U$)N/gkezVFound unsupported platform '{}'. Currently only 'gke' platform policies are supported.z0Cannot specify --output-file without --resource.z3Cannot specify --use-docker-creds with --no-upload.z>Cannot specify --docker-config-dir without --use-docker-creds.v1TzUploading attestation for {}) image_url attestationuse_docker_credsdocker_config_dirF) overwritebinaryprivate))CONCEPTSpolicy_resource_nameParse RelativeNamesplitrformat output_fileresourcer r& no_uploadr'r LoadResourceFileGeneratePodSpecFromImagesimagerClientEvaluateverdictrGetMessagesModuleEvaluateGkePolicyResponseVerdictValueValuesEnum CONFORMANT exit_code attestationsr AttestationToImageUrlr PrintUploadAttestationToRegistryStandardOrUrlsafeBase64DecodeAddInlineAttestationsToResourceGetResourceFileTypeResourceFileTypeYAMLrdumpWriteToFileOrStdout) selfargs policy_ref platform_id resource_objresponser%r$modified_resources rRunEvaluateAndSign.RunGsR3399;HHJJ""3'*Ke  $$*F;$7    JJI JJ  JJL MM d&;&; JJ J  }}--dmm>!..+"88E  077 BC22&DD"22"44  / >> --  % %dmm 4  % % * * +!II&78       Or)r>N) __name__ __module__ __qualname____firstlineno____doc__ staticmethodrrQ__static_attributes__rrrr!s!4%%GrrN)rW __future__rrr)googlecloudsdk.api_lib.container.binauthzrrgooglecloudsdk.callioper-googlecloudsdk.command_lib.container.binauthzr r r r googlecloudsdk.corer rgooglecloudsdk.core.exceptionsrHiddenDefaultUniverseOnly ReleaseTracks ReleaseTrackALPHACommandrrZrrrgs&':E(?AH>#$0D%%++,jdllj- jr