davidkotnik/novafarma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add new gcloud commands, API clients, and third-party libraries across various services.

Browse Source
This commit is contained in:
David Kotnik
2026-01-01 20:26:35 +01:00
parent 5e23cbece0
commit a19e592eb7
25221 changed files with 8324611 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
gcloud auth application-default login/google-cloud-sdk/lib/googlecloudsdk/api_lib/iam/__init__.py Normal file
View File

29
gcloud auth application-default login/google-cloud-sdk/lib/googlecloudsdk/api_lib/iam/assist.py Normal file
View File

@@ -0,0 +1,29 @@
# -*- coding: utf-8 -*- #
# Copyright 2019 Google Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Utilities for IAM Simulator API."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.util import apis
_API_NAME = 'policysimulator'
def GetSimulatorClientAndMessages(api_version):
client = apis.GetClientInstance(_API_NAME, api_version)
messages = apis.GetMessagesModule(_API_NAME, api_version)
return client, messages

37
gcloud auth application-default login/google-cloud-sdk/lib/googlecloudsdk/api_lib/iam/exceptions.py Normal file
View File

@@ -0,0 +1,37 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Exceptions for the iam surface."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.core import exceptions
class Error(exceptions.Error):
"""Base class for exceptions in the iam surface."""
class FileReadException(Error):
"""Raised when there is an error reading a file."""
class InvalidResourceException(Error):
"""Raised when there is an error parsing a resource."""
class InvalidArgumentException(Error):
"""Raised when there is an invalid argument."""

113
gcloud auth application-default login/google-cloud-sdk/lib/googlecloudsdk/api_lib/iam/policies.py Normal file
View File

@@ -0,0 +1,113 @@
# -*- coding: utf-8 -*- #
# Copyright 2020 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Utilities for Policies API."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import binascii
from apitools.base.protorpclite import messages as apitools_messages
from apitools.base.py import encoding
from googlecloudsdk.api_lib.util import apis
from googlecloudsdk.calliope import base
from googlecloudsdk.calliope import exceptions as gcloud_exceptions
from googlecloudsdk.command_lib.iam import iam_util
from googlecloudsdk.core import yaml
import six
def GetClientInstance(release_track, no_http=False):
if release_track == base.ReleaseTrack.ALPHA:
return apis.GetClientInstance('iam', 'v2alpha', no_http=no_http)
elif release_track == base.ReleaseTrack.BETA:
return apis.GetClientInstance('iam', 'v2beta', no_http=no_http)
else:
return apis.GetClientInstance('iam', 'v2', no_http=no_http)
def GetMessagesModule(release_track, client=None):
client = client or GetClientInstance(release_track)
return client.MESSAGES_MODULE
def ParseYamlOrJsonPolicyFile(policy_file_path, policy_message_type):
"""Create an IAM V2 Policy protorpc.Message from YAML or JSON formatted file.
Returns the parsed policy object.
Args:
policy_file_path: Path to the YAML or JSON IAM policy file.
policy_message_type: Policy message type to convert YAML to.
Returns:
policy that is a protorpc.Message of type policy_message_type filled in
from the JSON or YAML policy file
Raises:
BadFileException if the YAML or JSON file is malformed.
IamEtagReadError if the etag is badly formatted.
"""
policy_to_parse = yaml.load_path(policy_file_path)
try:
policy = encoding.PyValueToMessage(policy_message_type, policy_to_parse)
except (AttributeError, apitools_messages.ValidationError) as e:
# Raised when the input file is not properly formatted YAML policy file.
raise gcloud_exceptions.BadFileException(
'Policy file [{0}] is not a properly formatted YAML or JSON '
'policy file. {1}'.format(policy_file_path, six.text_type(e)))
except (apitools_messages.DecodeError, binascii.Error) as e:
# DecodeError is raised when etag is badly formatted (not proper Base64)
raise iam_util.IamEtagReadError(
'The etag of policy file [{0}] is not properly formatted. {1}'.format(
policy_file_path, six.text_type(e)))
return policy
def ListDenyPolicies(resource_id, resource_type, release_track):
"""Gets the IAM Deny policies for an organization.
Args:
resource_id: id for the resource
resource_type: what type of a resource the id represents. Either
organization, project, or folder
release_track: ALPHA or BETA or GA
Returns:
The output from the ListPolicies API call for deny policies for the passed
resource.
"""
client = GetClientInstance(release_track)
messages = GetMessagesModule(release_track)
policies_to_return = []
if resource_type in ['organization', 'folder', 'project']:
attachment_point = 'policies/cloudresourcemanager.googleapis.com%2F{}s%2F{}/denypolicies'.format(
resource_type, resource_id)
policies_to_fetch = client.policies.ListPolicies(
messages.IamPoliciesListPoliciesRequest(
parent=attachment_point)).policies
for policy_metadata in policies_to_fetch:
policy = client.policies.Get(
messages.IamPoliciesGetRequest(name=policy_metadata.name))
policies_to_return.append(policy)
return policies_to_return
raise gcloud_exceptions.UnknownArgumentException('resource_type',
resource_type)

14
gcloud auth application-default login/google-cloud-sdk/lib/googlecloudsdk/api_lib/iam/simulator/__init__.py Normal file
View File

@@ -0,0 +1,14 @@
# -*- coding: utf-8 -*- #
# Copyright 2019 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

77
gcloud auth application-default login/google-cloud-sdk/lib/googlecloudsdk/api_lib/iam/simulator/operations.py Normal file
View File

@@ -0,0 +1,77 @@
# -*- coding: utf-8 -*- #
# Copyright 2019 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""API client library for Cloud IAM Simulator Replay Operations."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from apitools.base.py import list_pager
from googlecloudsdk.api_lib.util import apis
from googlecloudsdk.api_lib.util import waiter
from googlecloudsdk.core import properties
from googlecloudsdk.core import resources
_MAX_WAIT_TIME_MS = 60 * 60 * 1000 # 60 minutes.
class Client(object):
"""API client for Cloud IAM Simulator Replay Operations."""
def __init__(self, api_version, client, messages=None):
self._api_version = api_version
self._client = client
self._service = self._client.operations
self._messages = messages or client.MESSAGES_MODULE
@classmethod
def FromApiVersion(cls, version):
return cls(version, apis.GetClientInstance('policysimulator', version))
def GetReplayId(self, operation_name):
return operation_name.split('/')[-1]
def Get(self, operation_ref):
request = self._messages.PolicysimulatorOperationsGetRequest(
name=operation_ref.RelativeName())
return self._service.Get(request)
def List(self, parent_ref, limit=None, page_size=None, list_filter=None):
request = self._messages.PolicysimulatorOperationsListRequest(
name=parent_ref.RelativeName(), filter=list_filter)
return list_pager.YieldFromList(
self._service,
request,
batch_size=page_size,
limit=limit,
field='operations',
batch_size_attribute='pageSize')
def WaitForOperation(self, operation, message):
"""Wait for the operation to complete."""
registry = resources.REGISTRY.Clone()
registry.RegisterApiByName('policysimulator', self._api_version)
operation_ref = registry.Parse(
operation.name,
params={
'projectsId': properties.VALUES.core.project.GetOrFail,
'locationsId': 'global',
'replaysId': self.GetReplayId(operation.name),
},
collection='policysimulator.projects.locations.replays.operations')
poller = waiter.CloudOperationPollerNoResources(self._service)
return waiter.WaitFor(
poller, operation_ref, message, wait_ceiling_ms=_MAX_WAIT_TIME_MS)

140
gcloud auth application-default login/google-cloud-sdk/lib/googlecloudsdk/api_lib/iam/util.py Normal file
View File

@@ -0,0 +1,140 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Utilities for IAM commands to call IAM APIs."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from apitools.base.py import list_pager
from googlecloudsdk.api_lib.util import apis
from googlecloudsdk.command_lib.iam import iam_util
def GetClientAndMessages():
client = apis.GetClientInstance('iam', 'v1')
return client, client.MESSAGES_MODULE
def GetIamCredentialsClientAndMessages():
client = apis.GetClientInstance('iamcredentials', 'v1')
return client, client.MESSAGES_MODULE
def GetTestablePermissions(iam_client, messages, resource):
"""Returns the testable permissions for a resource.
Args:
iam_client: The iam client.
messages: The iam messages.
resource: Resource reference.
Returns:
List of permissions.
"""
return list_pager.YieldFromList(
iam_client.permissions,
messages.QueryTestablePermissionsRequest(
fullResourceName=iam_util.GetFullResourceName(resource),
pageSize=1000),
batch_size=1000,
method='QueryTestablePermissions',
field='permissions',
batch_size_attribute='pageSize')
class PermissionsHelper(object):
"""Get different kinds of permissions list from permissions provided.
Attributes:
messages: The iam messages.
source_permissions: A list of permissions to inspect.
testable_permissions_map: A dict maps from permissions name string to
Permission message provided by the API.
"""
def __init__(self, iam_client, messages, resource, permissions):
"""Create a PermissionsHelper object.
To get the testable permissions for the given resource and store as a dict.
Args:
iam_client: The iam client.
messages: The iam messages.
resource: Resource reference for the project/organization whose
permissions are being inspected.
permissions: A list of permissions to inspect.
"""
self.messages = messages
self.source_permissions = permissions
self.testable_permissions_map = {}
if permissions:
for permission in GetTestablePermissions(iam_client, messages, resource):
self.testable_permissions_map[permission.name] = permission
def GetTestingPermissions(self):
"""Returns the TESTING permissions among the permissions provided."""
testing_permissions = []
for permission in self.source_permissions:
if (permission in self.testable_permissions_map and
(self.testable_permissions_map[permission].customRolesSupportLevel ==
self.messages.Permission.CustomRolesSupportLevelValueValuesEnum.
TESTING)):
testing_permissions.append(permission)
return testing_permissions
def GetValidPermissions(self):
"""Returns the valid permissions among the permissions provided."""
valid_permissions = []
for permission in self.source_permissions:
if (permission in self.testable_permissions_map and
(self.testable_permissions_map[permission].customRolesSupportLevel !=
self.messages.Permission.CustomRolesSupportLevelValueValuesEnum.
NOT_SUPPORTED)):
valid_permissions.append(permission)
return valid_permissions
def GetNotSupportedPermissions(self):
"""Returns the not supported permissions among the permissions provided."""
not_supported_permissions = []
for permission in self.source_permissions:
if (permission in self.testable_permissions_map and
(self.testable_permissions_map[permission].customRolesSupportLevel ==
self.messages.Permission.CustomRolesSupportLevelValueValuesEnum.
NOT_SUPPORTED)):
not_supported_permissions.append(permission)
return not_supported_permissions
def GetApiDisabledPermissons(self):
"""Returns the API disabled permissions among the permissions provided."""
api_disabled_permissions = []
for permission in self.source_permissions:
if (permission in self.testable_permissions_map and
(self.testable_permissions_map[permission].customRolesSupportLevel !=
self.messages.Permission.CustomRolesSupportLevelValueValuesEnum.
NOT_SUPPORTED) and
self.testable_permissions_map[permission].apiDisabled):
api_disabled_permissions.append(permission)
return api_disabled_permissions
def GetNotApplicablePermissions(self):
"""Returns the not applicable permissions among the permissions provided."""
not_applicable_permissions = []
for permission in self.source_permissions:
if permission not in self.testable_permissions_map:
not_applicable_permissions.append(permission)
return not_applicable_permissions

0
gcloud auth application-default login/google-cloud-sdk/lib/googlecloudsdk/api_lib/iam/workload_identity_pools/__init__.py Normal file
View File

140
gcloud auth application-default login/google-cloud-sdk/lib/googlecloudsdk/api_lib/iam/workload_identity_pools/workload_sources.py Normal file
View File

@@ -0,0 +1,140 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Commands for interacting with WorkloadSources API that will be used by multiple commands."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from typing import List, Optional
from googlecloudsdk.api_lib.util import waiter
from googlecloudsdk.command_lib.iam import identity_pool_waiter
from googlecloudsdk.core import resources as sdkresources
# TODO(b/301983349): Delete this once other CLs have been submitted.
def CreateGcpWorkloadSource(
client,
messages,
workload_source_id: str,
resources: Optional[List[str]],
attached_service_accounts: Optional[List[str]],
parent: str,
for_managed_identity: bool = False,
):
"""Make API calls to Create a GCP workload source.
Args:
client: the iam v1 client.
messages: the iam v1 messages.
workload_source_id: the workload source id to be created.
resources: the list of resource attribute conditions to be created
attached_service_accounts: the list of service account attribute conditions
to be created
parent: the parent resource name, should be a namespace or a managed
identity resource
for_managed_identity: whether to create the workload source under a managed
identity
Returns:
The LRO ref for a create response
"""
conditions = []
if resources is not None:
conditions += [
messages.WorkloadSourceCondition(attribute='resource', value=resource)
for resource in resources
]
if attached_service_accounts is not None:
conditions += [
messages.WorkloadSourceCondition(
attribute='attached_service_account', value=account
)
for account in attached_service_accounts
]
new_workload_source = messages.WorkloadSource(
conditionSet=messages.WorkloadSourceConditionSet(conditions=conditions)
)
if for_managed_identity:
return client.projects_locations_workloadIdentityPools_namespaces_managedIdentities_workloadSources.Create(
messages.IamProjectsLocationsWorkloadIdentityPoolsNamespacesManagedIdentitiesWorkloadSourcesCreateRequest(
parent=parent,
workloadSource=new_workload_source,
workloadSourceId=workload_source_id,
)
)
else:
return client.projects_locations_workloadIdentityPools_namespaces_workloadSources.Create(
messages.IamProjectsLocationsWorkloadIdentityPoolsNamespacesWorkloadSourcesCreateRequest(
parent=parent,
workloadSource=new_workload_source,
workloadSourceId=workload_source_id,
)
)
def WaitForWorkloadSourceOperation(
client,
lro_ref,
for_managed_identity: bool = False,
delete: bool = False,
):
"""Make API calls to poll for a workload source LRO.
Args:
client: the iam v1 client.
lro_ref: the lro ref returned from a LRO workload source API call.
for_managed_identity: whether the workload source LRO is under a managed
identity
delete: whether it's a delete operation
Returns:
The result workload source or None for delete
"""
lro_resource = sdkresources.REGISTRY.ParseRelativeName(
lro_ref.name,
collection=(
'iam.projects.locations.workloadIdentityPools.namespaces.managedIdentities.workloadSources.operations'
if for_managed_identity
else 'iam.projects.locations.workloadIdentityPools.namespaces.workloadSources'
),
)
if delete:
result = waiter.WaitFor(
identity_pool_waiter.IdentityPoolOperationPollerNoResources(
client.projects_locations_workloadIdentityPools_namespaces_workloadSources,
client.projects_locations_workloadIdentityPools_namespaces_workloadSources_operations,
),
lro_resource,
'Waiting for operation [{}] to complete'.format(lro_ref.name),
# Wait for a maximum of 5 minutes, as the IAM replication has a lag of
# up to 80 seconds.
max_wait_ms=300000,
)
else:
result = waiter.WaitFor(
identity_pool_waiter.IdentityPoolOperationPoller(
client.projects_locations_workloadIdentityPools_namespaces_workloadSources,
client.projects_locations_workloadIdentityPools_namespaces_workloadSources_operations,
),
lro_resource,
'Waiting for operation [{}] to complete'.format(lro_ref.name),
# Wait for a maximum of 5 minutes, as the IAM replication has a lag of
# up to 80 seconds.
max_wait_ms=300000,
)
return result