feat: Add new gcloud commands, API clients, and third-party libraries across various services.

2026-01-01 20:26:35 +01:00
parent 5e23cbece0
commit a19e592eb7
25221 changed files with 8324611 additions and 0 deletions
--- a/login/google-cloud-sdk/lib/googlecloudsdk/command_lib/pam/init.py
+++ b/login/google-cloud-sdk/lib/googlecloudsdk/command_lib/pam/init.py
--- a/login/google-cloud-sdk/lib/googlecloudsdk/command_lib/pam/resources.yaml
+++ b/login/google-cloud-sdk/lib/googlecloudsdk/command_lib/pam/resources.yaml
@@ -0,0 +1,138 @@
+project:
+  name: project
+  collection: privilegedaccessmanager.projects
+  attributes:
+  - &project
+    parameter_name: projectsId
+    attribute_name: project
+    help: The name of the project
+
+folder:
+  name: folder
+  collection: privilegedaccessmanager.folders
+  attributes:
+  - &folder
+    parameter_name: foldersId
+    attribute_name: folder
+    help: The name of the folder
+
+organization:
+  name: organization
+  collection: privilegedaccessmanager.organizations
+  attributes:
+  - &organization
+    parameter_name: organizationsId
+    attribute_name: organization
+    help: The name of the organization
+
+location:
+  name: location
+  resources:
+  - name: location
+    collection: privilegedaccessmanager.projects.locations
+    attributes:
+    - *project
+    - &location
+      parameter_name: locationsId
+      attribute_name: location
+      help: The resource location
+    disable_auto_completers: true
+  - name: location
+    collection: privilegedaccessmanager.folders.locations
+    attributes:
+    - *folder
+    - *location
+    disable_auto_completers: true
+  - name: location
+    collection: privilegedaccessmanager.organizations.locations
+    attributes:
+    - *organization
+    - *location
+    disable_auto_completers: true
+
+entitlement:
+  name: entitlement
+  resources:
+  - name: entitlement
+    collection: privilegedaccessmanager.projects.locations.entitlements
+    attributes:
+    - *project
+    - *location
+    - &entitlement
+      parameter_name: entitlementsId
+      attribute_name: entitlement
+      help: The entitlement id
+    disable_auto_completers: true
+  - name: entitlement
+    collection: privilegedaccessmanager.folders.locations.entitlements
+    attributes:
+    - *folder
+    - *location
+    - *entitlement
+    disable_auto_completers: true
+  - name: entitlement
+    collection: privilegedaccessmanager.organizations.locations.entitlements
+    attributes:
+    - *organization
+    - *location
+    - *entitlement
+    disable_auto_completers: true
+
+grant:
+  name: grant
+  resources:
+  - name: grant
+    collection: privilegedaccessmanager.projects.locations.entitlements.grants
+    attributes:
+    - *project
+    - *location
+    - *entitlement
+    - &grant
+      parameter_name: grantsId
+      attribute_name: grant
+      help: The grant id
+    disable_auto_completers: true
+  - name: grant
+    collection: privilegedaccessmanager.folders.locations.entitlements.grants
+    attributes:
+    - *folder
+    - *location
+    - *entitlement
+    - *grant
+    disable_auto_completers: true
+  - name: grant
+    collection: privilegedaccessmanager.organizations.locations.entitlements.grants
+    attributes:
+    - *organization
+    - *location
+    - *entitlement
+    - *grant
+    disable_auto_completers: true
+
+operation:
+  name: operation
+  resources:
+  - name: operation
+    collection: privilegedaccessmanager.projects.locations.operations
+    attributes:
+    - *project
+    - *location
+    - &operation
+      parameter_name: operationsId
+      attribute_name: operation
+      help: The operation id
+    disable_auto_completers: true
+  - name: operation
+    collection: privilegedaccessmanager.folders.locations.operations
+    attributes:
+    - *folder
+    - *location
+    - *operation
+    disable_auto_completers: true
+  - name: operation
+    collection: privilegedaccessmanager.organizations.locations.operations
+    attributes:
+    - *organization
+    - *location
+    - *operation
+    disable_auto_completers: true
--- a/login/google-cloud-sdk/lib/googlecloudsdk/command_lib/pam/util.py
+++ b/login/google-cloud-sdk/lib/googlecloudsdk/command_lib/pam/util.py
@@ -0,0 +1,157 @@
+# -*- coding: utf-8 -*- #
+# Copyright 2024 Google LLC. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Utility functions for `gcloud pam` commands."""
+
+from __future__ import absolute_import
+from __future__ import division
+from __future__ import unicode_literals
+
+import re
+
+from googlecloudsdk.api_lib.util import apis
+from googlecloudsdk.calliope import arg_parsers
+from googlecloudsdk.calliope import base
+from googlecloudsdk.core import log
+from googlecloudsdk.core import yaml
+
+
+def SetForceFieldInDeleteEntitlementRequest(unused_ref, unused_args, req):
+  """Modify request hook to set the force field in delete entitlement requests to true."""
+  req.force = True
+  return req
+
+
+def ParseEntitlementNameIntoCreateEntitlementRequest(unused_ref, args, req):
+  """Modify request hook to parse the entitlement name into a CreateEntitlementRequest."""
+  entitlement = args.CONCEPTS.entitlement.Parse()
+  req.parent = entitlement.result.Parent().RelativeName()
+  req.entitlementId = entitlement.result.Name()
+  return req
+
+
+def SetUpdateMaskInUpdateEntitlementRequest(unused_ref, unused_args, req):
+  """Modify request hook to set the update mask field in update entitlement requests to '*'."""
+  req.updateMask = '*'
+  return req
+
+
+def FormatWithdrawResponse(response, unused_args):
+  """Formats the response of the withdraw command."""
+  modified_response = {}
+  if response.name:
+    modified_response['name'] = response.name
+  if not response.metadata:
+    return modified_response
+  modified_response['metadata'] = {}
+  properties = response.metadata.additionalProperties
+  for prop in properties:
+    if prop.key in ('apiVersion', 'createTime', 'target'):
+      modified_response['metadata'][prop.key] = prop.value.string_value
+
+  log.status.Print(
+      'Grant withdrawal initiated. The operation will complete in some time. To'
+      ' track its status, run:\n`gcloud pam operations wait {}`\nNote that'
+      ' the wait command requires you to have the'
+      ' `privilegedaccessmanager.operations.get` permission on the resource.'
+      .format(response.name)
+  )
+  return modified_response
+
+
+def GetApiVersionFromArgs(args):
+  """Return API version based on args.
+
+  Args:
+    args: The argparse namespace.
+
+  Returns:
+    API version (e.g. v1alpha or v1beta).
+  """
+  release_track = args.calliope_command.ReleaseTrack()
+  if release_track == base.ReleaseTrack.ALPHA:
+    return 'v1alpha'
+  if release_track == base.ReleaseTrack.BETA:
+    return 'v1beta'
+  if release_track == base.ReleaseTrack.GA:
+    return 'v1'
+
+
+def SetRequestedPrivilegedAccessInCreateGrantRequest(unused_ref, args, req):
+  """Modify request hook to populate the requestedPrivilegedAccess field in create grant requests."""
+  if not args.requested_resources:
+    return req
+  messages = apis.GetMessagesModule(
+      'privilegedaccessmanager', GetApiVersionFromArgs(args)
+  )
+  if len(args.requested_resources) > 1:
+    raise arg_parsers.ArgumentTypeError(
+        'Only one resource is supported for grant scope.'
+    )
+  for resource in args.requested_resources:
+    resource = resource.strip()
+    pattern = r'^(projects|organizations|folders)\/.+'
+    components = resource.split('/')
+    if not re.match(pattern, resource) or len(components) != 2:
+      raise arg_parsers.ArgumentTypeError(
+          'Invalid resource name: {}. Resource name must be of the form'
+          ' (projects|organizations|folders)/<id>.'.format(resource)
+      )
+    resource_type = (
+        'cloudresourcemanager.googleapis.com/' + components[0].capitalize()[:-1]
+    )
+    full_name = '//cloudresourcemanager.googleapis.com/' + resource
+    requested_privileged_access = messages.RequestedPrivilegedAccess()
+    requested_privileged_access.gcpIamAccess = (
+        messages.RequestedPrivilegedAccessGcpIamAccess()
+    )
+    requested_privileged_access.gcpIamAccess.resourceType = resource_type
+    requested_privileged_access.gcpIamAccess.resource = full_name
+    req.grant.requestedPrivilegedAccess.append(requested_privileged_access)
+
+  return req
+
+
+def LoadGrantScopeFromYaml(stream):
+  """Loads a YAML document from a stream.
+
+  This function takes a stream (expected to be a list with a single string
+  element) and parses it as a YAML document. It returns the loaded YAML data as
+  a Python object (typically a list or dictionary).
+
+  Args:
+    stream: The stream to load from.
+
+  Returns:
+   The loaded YAML data.
+  """
+  if not stream or not stream[0]:
+    # Return an empty list if no file is provided or the file is empty.
+    return []
+  return yaml.load(stream[0])
+
+
+# TODO(b/261183749): Remove modify_request_hook when singleton resource args
+# are enabled in declarative.
+def UpdateSettingsResource(unused_ref, unused_args, req):
+  """Modify request hook to update the resource field in settings requests."""
+  req.name = req.name + '/settings'
+  return req
+
+
+def SetUpdateMaskInUpdateSettingsRequest(unused_ref, unused_args, req):
+  """Modify request hook to set the update mask field in update settings requests to '*'."""
+  req.updateMask = '*'
+  return req