D(>SrSSKJr SSKJr SSKJr SSKrSSKJr SSKJ r SSK J r SS K J r S S S S .r S SSS .rSrSrSr\ R$"\ R&R(5\ R*"SS\ R,555r\ R$"\ R&R05\ R*"SS\ R,555r\ R$"\ R&R45"SS\ R,55rg)zCommand to query activities.)absolute_import)division)unicode_literalsN) list_pager)policy_analyzer) arg_parsers)basez,Query activities on cloud resource. z Query activities with certain types of specific container resource. For --activity-type, supported values are: - serviceAccountLastAuthentication - serviceAccountKeyLastAuthentication aU To query serviceAccountKeyLastAuthentication activities of a project, run: $ {command} --activity-type=serviceAccountKeyLastAuthentication --project=project-id To query serviceAccountLastAuthentication activities of a project with no limit, run: $ {command} --activity-type=serviceAccountLastAuthentication --project=project-id --limit=unlimited To query serviceAccountLastAuthentication with filtering on certain service account, run: $ {command} --activity-type=serviceAccountLastAuthentication --project=project-id --query-filter='activities.full_resource_name="//iam.googleapis.com/projects/project-id/serviceAccounts/service-account-name@project-id.iam.gserviceaccount.com"' To query serviceAccountLastAuthentication with filtering on multiple service accounts, run: $ {command} --activity-type=serviceAccountLastAuthentication --project=project-id --query-filter='activities.full_resource_name="//iam.googleapis.com/projects/project-id/serviceAccounts/service-account-name-1@project-id.iam.gserviceaccount.com" OR activities.full_resource_name="//iam.googleapis.com/projects/project-id/serviceAccounts/service-account-name-2@project-id.iam.gserviceaccount.com" OR activities.full_resource_name="//iam.googleapis.com/projects/project-id/serviceAccounts/service-account-name-3@project-id.iam.gserviceaccount.com"' )brief DESCRIPTIONEXAMPLESz Query activities with certain types of specific container resource. For --activity-type, supported values are: - serviceAccountLastAuthentication - serviceAccountKeyLastAuthentication - dailyAuthorization a To query serviceAccountKeyLastAuthentication activities of a project, run: $ {command} --activity-type=serviceAccountKeyLastAuthentication --project=project-id To query serviceAccountLastAuthentication activities of a project with no limit, run: $ {command} --activity-type=serviceAccountLastAuthentication --project=project-id --limit=unlimited To query serviceAccountLastAuthentication with filtering on certain service account, run: $ {command} --activity-type=serviceAccountLastAuthentication --project=project-id --query-filter='activities.full_resource_name="//iam.googleapis.com/projects/project-id/serviceAccounts/service-account-name@project-id.iam.gserviceaccount.com"' To query serviceAccountLastAuthentication with filtering on multiple service accounts, run: $ {command} --activity-type=serviceAccountLastAuthentication --project=project-id --query-filter='activities.full_resource_name="//iam.googleapis.com/projects/project-id/serviceAccounts/service-account-name-1@project-id.iam.gserviceaccount.com" OR activities.full_resource_name="//iam.googleapis.com/projects/project-id/serviceAccounts/service-account-name-2@project-id.iam.gserviceaccount.com" OR activities.full_resource_name="//iam.googleapis.com/projects/project-id/serviceAccounts/service-account-name-3@project-id.iam.gserviceaccount.com"' To query dailyAuthorization activities of a project, run: $ {command} --activity-type=dailyAuthorization --project=project-id To query dailyAuthorization of a project with filtering on certain resource, permission, principal and date, run: $ {command} --activity-type=dailyAuthorization --project=project-id --query-filter='activities.activity.full_resource_name="" AND activities.activity.permission="" AND activities.activity.principal="" AND activities.activity.date=""' c \URSS[SS/SS9 URSS9RS[S S 9 URS [S S S9 URS[R"S[ R SS9SSS9 URS[R"SS5SSS9 g)"Parses arguments for the commands.--activity-typeT serviceAccountLastAuthentication#serviceAccountKeyLastAuthenticationType of the activities. requiredtypechoiceshelpr --project8The project ID or number to query the activities. rr--query-filteraFilter on activities, separated by "OR" if multiple filters are specified. At most 10 filter restrictions are supported in the query-filter. e.g. --query-filter='activities.full_resource_name="//iam.googleapis.com/projects/project-id/serviceAccounts/service-account-name-1@project-id.iam.gserviceaccount.com" OR activities.full_resource_name="//iam.googleapis.com/projects/project-id/serviceAccounts/service-account-name-2@project-id.iam.gserviceaccount.com"'rdefaultr--limit unlimited`Max number of query result. Default to be 1000 and max to be unlimited, i.e., --limit=unlimited. --page-sizeKMax page size for each http response. Default to be 500 and max to be 1000.N add_argumentstradd_mutually_exclusive_groupr BoundedIntsysmaxsizeparsers 1lib/surface/policy_intelligence/query_activity.py_Argsr3cs  , /    %%t%4AA  B    [     ! !!S[[D A m     ! !!T * X c \URSS[/SQSS9 URSS9RS[SS 9 URS [S S S 9 URS[R"S[ R SS9SSS 9 URS[R"SS5SSS 9 g)rrT)rrdailyAuthorizationrrrrrrrraFilter on activities. For last authentication activities, this field is separated by "OR" if multiple filters are specified. At most 10 filter restrictions are supported in the query-filter. e.g. --query-filter='activities.full_resource_name="//iam.googleapis.com/projects/project-id/serviceAccounts/service-account-name-1@project-id.iam.gserviceaccount.com" OR activities.full_resource_name="//iam.googleapis.com/projects/project-id/serviceAccounts/service-account-name-2@project-id.iam.gserviceaccount.com"' For daily authorization activities, this field is separated by "OR" and "AND". At most 10 filter restrictions per layer and at most 2 layers are supported in the query-filter. e.g. --query-filter='activities.activity.date="2022-01-01" AND activities.activity.permission="spanner.databases.list" AND (activities.activity.principal="principal_1@your-organization.com" OR activities.activity.principal="principal_2@your-organization.com")'rr r!r"r$r%r&r'r(Nr)r0s r2 _ArgsAlphar7s     %%t%4AA  B    Q     ! !!S[[D A m     ! !!T * X r4c ,[R"5upSRURUR5nUR X0R S9nURU5n[R"UUSURSURSS9$)Nz/projects/{0}/locations/global/activityTypes/{1})parentfilterQuery activitiespageSize)method batch_sizefieldlimitbatch_size_attribute) rGetClientAndMessagesformatproject activity_typeBPolicyanalyzerProjectsLocationsActivityTypesActivitiesQueryRequest query_filter/ProjectsLocationsActivityTypesActivitiesServicer YieldFromList page_sizerA)argspolicy_analyzer_clientmessagesquery_activity_parentquery_activity_requestpolicy_analyzer_services r2_RunrRs%4%I%I%K"KRR llD&&(#ff "+<+<g>2bb  ! !   JJ% ''r4c2\rSrSrSr\r\S5rSr Sr g)QueryActivityAlpha#Query activities on cloud resource.c[U5 grN)r7r0s r2ArgsQueryActivityAlpha.Argss vr4c[U5$NrRselfrLs r2RunQueryActivityAlpha.Run :r4N) __name__ __module__ __qualname____firstlineno____doc___DETAILED_HELP_ALPHA detailed_help staticmethodrYr`__static_attributes__rcr4r2rTrTs#,&-r4rTc2\rSrSrSr\r\S5rSr Sr g)QueryActivityBetarVc[U5 grXr3r0s r2rYQueryActivityBeta.Args  &Mr4c[U5$r\r]r^s r2r`QueryActivityBeta.Runrbr4rcN rdrerfrgrh_DETAILED_HELPrjrkrYr`rlrcr4r2rnrns#, -r4rnc2\rSrSrSr\r\S5rSr Sr g)QueryActivityGArVc[U5 grXrqr0s r2rYQueryActivityGA.Argsrsr4c[U5$r\r]r^s r2r`QueryActivityGA.Runrbr4rcNrvrcr4r2ryrys!+ -r4ry)rh __future__rrrr.apitools.base.pyr*googlecloudsdk.api_lib.policy_intelligencergooglecloudsdk.callioperr rwrir3r7rR ReleaseTracks ReleaseTrackALPHAHiddenCommandrTBETArnGAryrcr4r2rs#&' 'F/(   @   %P"J&R'$D%%++,   - D%%**+   , D%%(() dll * r4