SrSSKJr SSKJr SSKJr SSKrSSKJr SSKJ r SSK J r "S S \R5r g) z^Command to create a configuration file to allow authentication from 3rd party user identities.)absolute_import)division)unicode_literalsN)base)flags) cred_configcZ\rSrSrSrS\R "S50rSr\ S5r Sr Sr g ) CreateCredConfigzCreate a configuration file for generated credentials. This command creates a configuration file to allow access to authenticated Google Cloud actions from a variety of external user accounts. EXAMPLESa To create a file-sourced credential configuration for your project, run: $ {command} locations/$REGION/workforcePools/$WORKFORCE_POOL_ID/providers/$PROVIDER_ID --credential-source-file=$PATH_TO_OIDC_ID_TOKEN --workforce-pool-user-project=$PROJECT_NUMBER --output-file=credentials.json To create a URL-sourced credential configuration for your project, run: $ {command} locations/$REGION/workforcePools/$WORKFORCE_POOL_ID/providers/$PROVIDER_ID --credential-source-url=$URL_FOR_OIDC_TOKEN --credential-source-headers=Key=Value --workforce-pool-user-project=$PROJECT_NUMBER --output-file=credentials.json To create an executable-source credential configuration for your project, run the following command: $ {command} locations/$REGION/workforcePools/$WORKFORCE_POOL_ID/providers/$PROVIDER_ID --executable-command=$EXECUTABLE_COMMAND --executable-timeout-millis=30000 --executable-output-file=$CACHE_FILE --workforce-pool-user-project=$PROJECT_NUMBER --output-file=credentials.json To use the resulting file for any of these commands, set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to the generated file. Fcj[R"U[RR5 UR SSS9 UR SSSS9nUR SSS9 UR S S S9 UR S S S9 UR S SSS9 UR SSS9 UR SSSSS9 g)Naudiencez*The workforce pool provider resource name.)helpTzCredential types.)mutexrequiredrz--credential-source-filez5The location of the file which stores the credential.z--credential-source-urlz&The URL to obtain the credential from.z--executable-commandzqThe full command to run to retrieve the credential. Must be an absolute path for the program including arguments.z--workforce-pool-user-projectzThe client project number used to identify the application (client project) to the server when calling Google APIs. The user principal must have serviceusage.services.use IAM permission to use the specified project.)rrz--subject-token-typezkThe type of token being used for authorization. This defaults to urn:ietf:params:oauth:token-type:id_token.z --enable-mtlszUse mTLS for STS endpoints. store_true)ractionhidden)rAddCommonByoidCreateConfigFlagsr ConfigTypeWORKFORCE_POOLS add_argument add_group)clsparsercredential_typess 5lib/surface/iam/workforce_pools/create_cred_config.pyArgsCreateCredConfig.Args9s )) &&668 EG''T(;(=!!" D"F!!! 5"7!! B" '!  FG   * cb[R"U[RR5 g)N)rcreate_credential_configrr)selfargss rRunCreateCredConfig.Runhs"(()4)?)?)O)OQr N) __name__ __module__ __qualname____firstlineno____doc__textwrapdedent detailed_help_use_pluggable_auth classmethodrr%__static_attributes__r'r rr r sD(// -(,,\Qr r )r, __future__rrrr-googlecloudsdk.calliopergooglecloudsdk.command_lib.iamr.googlecloudsdk.command_lib.iam.byoid_utilitiesr CreateCommandr r'r rr8s6e&'(0FNQt))NQr