davidkotnik/novafarma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add new gcloud commands, API clients, and third-party libraries across various services.

Browse Source
This commit is contained in:
David Kotnik
2026-01-01 20:26:35 +01:00
parent 5e23cbece0
commit a19e592eb7
25221 changed files with 8324611 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_approval/__init__.py Normal file
View File

@@ -0,0 +1,33 @@
# -*- coding: utf-8 -*- #
# Copyright 2020 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command group for Access Approval."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA,
base.ReleaseTrack.GA)
class AccessApproval(base.Group):
"""Manage Access Approval requests and settings.
Access Approval enables customers to require explicit approval whenever
Google support and engineering needs to access customer data.
"""
category = base.IDENTITY_AND_SECURITY_CATEGORY

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_approval/requests/__init__.py Normal file
View File

@@ -0,0 +1,31 @@
# -*- coding: utf-8 -*- #
# Copyright 2020 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command group for Access Approval requests."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
class AccessApproval(base.Group):
"""Manage Access Approval requests.
Approval requests are created by Google personnel to request approval from
Access Approval customers prior to making administrative accesses to their
resources. Customers can act on these requests using the commands in this
command group.
"""

59
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_approval/requests/approve.py Normal file
View File

@@ -0,0 +1,59 @@
# -*- coding: utf-8 -*- #
# Copyright 2020 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for approving an access approval request."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.access_approval import requests
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.access_approval import request_name
class Approve(base.Command):
"""Approve an Access Approval request.
Approve an Access Approval request. This will raise an error if the request
does not exist or is not in a pending state.
"""
detailed_help = {
'EXAMPLES':
textwrap.dedent("""\
To approve an approval request using its name (e.g. projects/12345/approvalRequests/abc123), run:
$ {command} projects/12345/approvalRequests/abc123
"""),
}
@staticmethod
def Args(parser):
"""Add command-specific args."""
request_name.Args(parser)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
Some value that we want to have printed later.
"""
return requests.Approve(request_name.GetName(args))

60
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_approval/requests/dismiss.py Normal file
View File

@@ -0,0 +1,60 @@
# -*- coding: utf-8 -*- #
# Copyright 2020 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for dismissing and access approval request."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.access_approval import requests
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.access_approval import request_name
class Dismiss(base.Command):
"""Dismiss an Access Approval request.
Dismiss an Access Approval request. Note: this does not deny access to the
resource if another request has been made and approved for the same resource.
This will raise an error if the request does not exist.
"""
detailed_help = {
'EXAMPLES':
textwrap.dedent("""\
To dismiss an approval request using its name (e.g. projects/12345/approvalRequests/abc123), run:
$ {command} projects/12345/approvalRequests/abc123
"""),
}
@staticmethod
def Args(parser):
"""Add command-specific args."""
request_name.Args(parser)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
Some value that we want to have printed later.
"""
return requests.Dismiss(request_name.GetName(args))

58
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_approval/requests/get.py Normal file
View File

@@ -0,0 +1,58 @@
# -*- coding: utf-8 -*- #
# Copyright 2020 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command to get an access approval request."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.access_approval import requests
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.access_approval import request_name
class Get(base.DescribeCommand):
"""Get an Access Approval request.
Get an Access Approval Request. Raise error if the request does not exist.
"""
detailed_help = {
'EXAMPLES':
textwrap.dedent("""\
To get an approval request using its name (e.g. projects/my-project-123/approvalRequests/abc123), run:
$ {command} projects/my-project-123/approvalRequests/abc123
"""),
}
@staticmethod
def Args(parser):
"""Add command-specific args."""
request_name.Args(parser)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
Some value that we want to have printed later.
"""
return requests.Get(request_name.GetName(args))

59
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_approval/requests/invalidate.py Normal file
View File

@@ -0,0 +1,59 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for invalidating an access approval request."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.access_approval import requests
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.access_approval import request_name
class Invalidate(base.Command):
"""Invalidate an Access Approval request.
Invalidate an Access Approval request. This will raise an error if the request
does not exist or is not in an approved state.
"""
detailed_help = {
'EXAMPLES':
textwrap.dedent("""\
To invalidate an approval request using its name (e.g. projects/12345/approvalRequests/abc123), run:
$ {command} projects/12345/approvalRequests/abc123
"""),
}
@staticmethod
def Args(parser):
"""Add command-specific args."""
request_name.Args(parser)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
Some value that we want to have printed later.
"""
return requests.Invalidate(request_name.GetName(args))

76
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_approval/requests/list.py Normal file
View File

@@ -0,0 +1,76 @@
# -*- coding: utf-8 -*- #
# Copyright 2020 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for access approval list requests."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.access_approval import requests
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.access_approval import parent
class List(base.ListCommand):
"""List Access Approval requests.
List Access Approval requests by parent (project/folder/organization).
"""
detailed_help = {
'EXAMPLES':
textwrap.dedent("""\
To list all approval requests owned by project my-project-123, run:
$ {command} --project=my-project-123 --state=all
To list pending approval requests owned by organization 999, run:
$ {command} --organization=999
or
$ {command} --organization=999 --state=pending
Note that the user needs to have permission
accessapproval.requests.list on the project/folder/organization
"""),
}
@staticmethod
def Args(parser):
"""Add command-specific args."""
parent.Args(parser)
parser.add_argument(
'--state',
default='pending',
help='filter for request state')
base.URI_FLAG.RemoveFromParser(parser)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
Some value that we want to have printed later.
"""
p = parent.GetParent(args)
return requests.List(parent=p, filter=(
args.state.upper() if args.state else None))

30
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_approval/service_account/__init__.py Normal file
View File

@@ -0,0 +1,30 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command group for managing Access Approval settings."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(base.ReleaseTrack.GA)
class AccessApproval(base.Group):
"""Manage Access Approval service account.
Access Approval uses a unique service account when accessing custom keys for
signing approvals for a project, folder, or organization.
"""

69
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_approval/service_account/get.py Normal file
View File

@@ -0,0 +1,69 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for getting access approval settings."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.access_approval import service_account
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.access_approval import parent
@base.ReleaseTracks(base.ReleaseTrack.GA)
class Get(base.DescribeCommand):
"""Get Access Approval service account.
Retrieves the service account that is used by Access Approval to access KMS
keys for signing approved approval requests.
"""
detailed_help = {
'EXAMPLES':
textwrap.dedent("""\
To get the service account for the current project use
$ {command}
To get the service account for folder f1 use
$ {command} --folder=f1
To get the service account for organization org1 use
$ {command} --organization=org1
"""),
}
@staticmethod
def Args(parser):
"""Add command-specific args."""
parent.Args(parser)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
Some value that we want to have printed later.
"""
p = parent.GetParent(args)
return service_account.Get(name=('%s/serviceAccount' % p))

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_approval/settings/__init__.py Normal file
View File

@@ -0,0 +1,31 @@
# -*- coding: utf-8 -*- #
# Copyright 2020 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command group for managing Access Approval settings."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
class AccessApproval(base.Group):
"""Manage Access Approval settings.
Access Approval settings can be set on projects, folders, or
organizations. The settings apply hierarchically. For example, enabling
Access Approval at the organization level enables it for all folders and
projects under the organization.
"""

64
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_approval/settings/delete.py Normal file
View File

@@ -0,0 +1,64 @@
# -*- coding: utf-8 -*- #
# Copyright 2020 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for deleting access approval settings."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.access_approval import settings
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.access_approval import parent
class Delete(base.UpdateCommand):
"""Delete Access Approval settings.
Delete the Access Approval settings associated with a project, a folder, or
organization.
"""
detailed_help = {
'EXAMPLES':
textwrap.dedent("""\
To delete the settings for the current project use
$ {command}
To delete the settings for folder f1 use
$ {command} --folder=f1
"""),
}
@staticmethod
def Args(parser):
"""Add command-specific args."""
parent.Args(parser)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
Some value that we want to have printed later.
"""
p = parent.GetParent(args)
return settings.Delete(name=('%s/accessApprovalSettings' % p))

64
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_approval/settings/get.py Normal file
View File

@@ -0,0 +1,64 @@
# -*- coding: utf-8 -*- #
# Copyright 2020 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for getting access approval settings."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.access_approval import settings
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.access_approval import parent
class Get(base.DescribeCommand):
"""Get Access Approval settings.
Get the Access Approval settings associated with a project, a folder, or
organization.
"""
detailed_help = {
'EXAMPLES':
textwrap.dedent("""\
To get the settings for the current project use
$ {command}
To get the settings for folder f1 use
$ {command} --folder=f1
"""),
}
@staticmethod
def Args(parser):
"""Add command-specific args."""
parent.Args(parser)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
Some value that we want to have printed later.
"""
p = parent.GetParent(args)
return settings.Get(name=('%s/accessApprovalSettings' % p))

297
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_approval/settings/update.py Normal file
View File

@@ -0,0 +1,297 @@
# -*- coding: utf-8 -*- #
# Copyright 2020 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for deleting access approval settings."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.access_approval import settings
from googlecloudsdk.api_lib.util import apis
from googlecloudsdk.calliope import base
from googlecloudsdk.calliope import exceptions
from googlecloudsdk.command_lib.access_approval import parent
_PREFERENCES = ('ORGANIZATION', 'FOLDER', 'PROJECT')
_APPROVAL_POLICY_PREFERENCES = (
'transparency',
'streamlined-support',
'access-approval',
'inherit-policy-from-parent',
)
@base.UniverseCompatible
class Update(base.Command):
"""Update Access Approval settings.
Update the Access Approval settings associated with a project, a folder, or
organization. Partial updates are supported (for example, you can update the
notification emails without modifying the enrolled services).
"""
detailed_help = {
'EXAMPLES': textwrap.dedent("""\
Update notification emails associated with project `p1`, run:
$ {command} --project=p1 --notification_emails='foo@example.com, bar@example.com'
Enable Access Approval enforcement for folder `f1`:
$ {command} --folder=f1 --enrolled_services=all
Enable Access Approval enforcement for organization `org1` for only Cloud Storage and Compute
products and set the notification emails at the same time:
$ {command} --organization=org1 --enrolled_services='storage.googleapis.com,compute.googleapis.com' --notification_emails='security_team@example.com'
Update active key version for project `p1`:
$ {command} --project=p1 --active_key_version='projects/p1/locations/global/keyRings/signing-keys/cryptoKeys/signing-key/cryptoKeyVersions/1'
Update preferred request expiration days for project `p1`:
$ {command} --project=p1 --preferred_request_expiration_days=5
Enable prefer no broad approval requests for project `p1`:
$ {command} --project=p1 --prefer_no_broad_approval_requests=true
Update notification pubsub topic for project `p1`:
$ {command} --project=p1 --notification_pubsub_topic='exampleTopic'
Update request scope max width preference for project `p1`:
$ {command} --project=p1 --request_scope_max_width_preference=PROJECT
Update approval policy for project `p1`:
$ {command} --project=p1 --approval_policy=transparency
"""),
}
@staticmethod
def Args(parser):
"""Add command-specific args."""
parent.Args(parser)
parser.add_argument(
'--notification_emails',
help=(
'Comma-separated list of email addresses to which notifications'
" relating to approval requests should be sent or '' to clear all"
' saved notification emails.'
),
)
parser.add_argument(
'--enrolled_services',
help=(
'Comma-separated list of services to enroll for Access Approval or'
" 'all' for all supported services. Note for project and folder"
" enrollments, only 'all' is supported. Use '' to clear all"
' enrolled services.'
),
)
parser.add_argument(
'--active_key_version',
help=(
'The asymmetric crypto key version to use for signing approval'
" requests. Use '' to remove the custom signing key."
),
)
parser.add_argument(
'--preferred_request_expiration_days',
type=int,
help=(
'The default expiration time for approval requests. This value must'
' be between 1 and 30. Note that this can be overridden at time of'
' Approval Request creation and modified by the customer at'
' approval time.'
),
)
parser.add_argument(
'--prefer_no_broad_approval_requests',
type=bool,
help=(
'If set to true it will communicate the preference to Google'
' personnel to request access with as targeted a resource scope as'
' possible.'
),
)
parser.add_argument(
'--notification_pubsub_topic',
help=(
'The pubsub topic to publish notifications to when approval'
' requests are made.'
),
)
parser.add_argument(
'--request_scope_max_width_preference',
choices=_PREFERENCES,
help=(
'The preference for the broadest scope of access for access'
' requests without a specific method.'
),
)
parser.add_argument(
'--require_customer_visible_justification',
type=bool,
help=(
'The preference to configure if a customer visible justification'
' (i.e. Vector Case) is required for a Googler to create an Access'
' Ticket to send to the customer when attempting to access customer'
' resources.'
),
)
parser.add_argument(
'--approval_policy',
choices=_APPROVAL_POLICY_PREFERENCES,
help=(
'The preference to configure the approval policy for access'
' requests.'
),
)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
Some value that we want to have printed later.
"""
p = parent.GetParent(args)
if (
args.notification_emails is None
and args.enrolled_services is None
and args.active_key_version is None
and args.preferred_request_expiration_days is None
and args.prefer_no_broad_approval_requests is None
and args.notification_pubsub_topic is None
and args.request_scope_max_width_preference is None
and args.require_customer_visible_justification is None
and args.approval_policy is None
):
raise exceptions.MinimumArgumentException(
[
'--notification_emails',
'--enrolled_services',
'--active_key_version',
'--preferred_request_expiration_days',
'--prefer_no_broad_approval_requests',
'--notification_pubsub_topic',
'--request_scope_max_width_preference',
'--require_customer_visible_justification',
'--approval_policy',
],
'must specify at least one of these flags',
)
update_mask = []
emails_list = []
if args.notification_emails is not None:
update_mask.append('notification_emails')
if args.notification_emails:
emails_list = args.notification_emails.split(',')
emails_list = [i.strip() for i in emails_list]
services_list = []
if args.enrolled_services is not None:
update_mask.append('enrolled_services')
if args.enrolled_services:
services_list = args.enrolled_services.split(',')
services_list = [i.strip() for i in services_list]
if args.active_key_version is not None:
update_mask.append('active_key_version')
if args.preferred_request_expiration_days is not None:
update_mask.append('preferred_request_expiration_days')
if args.prefer_no_broad_approval_requests is not None:
update_mask.append('prefer_no_broad_approval_requests')
if args.notification_pubsub_topic is not None:
update_mask.append('notification_pubsub_topic')
msgs = apis.GetMessagesModule('accessapproval', 'v1')
request_scope_max_width_preference = None
if args.request_scope_max_width_preference is not None:
update_mask.append('request_scope_max_width_preference')
# Converts the string value of the RequestScopeMaxWidthPreference flag
# passed on the command line into the correct enum value.
preference_arg = args.request_scope_max_width_preference
if preference_arg == 'ORGANIZATION':
request_scope_max_width_preference = (
msgs.AccessApprovalSettings.RequestScopeMaxWidthPreferenceValueValuesEnum.ORGANIZATION
)
elif preference_arg == 'FOLDER':
request_scope_max_width_preference = (
msgs.AccessApprovalSettings.RequestScopeMaxWidthPreferenceValueValuesEnum.FOLDER
)
elif preference_arg == 'PROJECT':
request_scope_max_width_preference = (
msgs.AccessApprovalSettings.RequestScopeMaxWidthPreferenceValueValuesEnum.PROJECT
)
if args.require_customer_visible_justification is not None:
update_mask.append('require_customer_visible_justification')
if args.approval_policy is not None:
update_mask.append('approval_policy')
approval_policy_arg = args.approval_policy
if approval_policy_arg == 'transparency':
approval_policy = msgs.CustomerApprovalApprovalPolicy(
justificationBasedApprovalPolicy=msgs.CustomerApprovalApprovalPolicy.JustificationBasedApprovalPolicyValueValuesEnum.JUSTIFICATION_BASED_APPROVAL_ENABLED_ALL
)
elif (
approval_policy_arg
== 'streamlined-support'
):
approval_policy = msgs.CustomerApprovalApprovalPolicy(
justificationBasedApprovalPolicy=msgs.CustomerApprovalApprovalPolicy.JustificationBasedApprovalPolicyValueValuesEnum.JUSTIFICATION_BASED_APPROVAL_ENABLED_EXTERNAL_JUSTIFICATIONS
)
elif approval_policy_arg == 'access-approval':
approval_policy = msgs.CustomerApprovalApprovalPolicy(
justificationBasedApprovalPolicy=msgs.CustomerApprovalApprovalPolicy.JustificationBasedApprovalPolicyValueValuesEnum.JUSTIFICATION_BASED_APPROVAL_NOT_ENABLED
)
elif approval_policy_arg == 'inherit-policy-from-parent':
approval_policy = msgs.CustomerApprovalApprovalPolicy(
justificationBasedApprovalPolicy=msgs.CustomerApprovalApprovalPolicy.JustificationBasedApprovalPolicyValueValuesEnum.JUSTIFICATION_BASED_APPROVAL_INHERITED
)
else:
approval_policy = None
return settings.Update(
name=f'{p}/accessApprovalSettings',
notification_emails=emails_list,
enrolled_services=services_list,
active_key_version=args.active_key_version,
preferred_request_expiration_days=args.preferred_request_expiration_days,
prefer_no_broad_approval_requests=args.prefer_no_broad_approval_requests,
notification_pubsub_topic=args.notification_pubsub_topic,
request_scope_max_width_preference=request_scope_max_width_preference,
require_customer_visible_justification=args.require_customer_visible_justification,
approval_policy=approval_policy,
update_mask=','.join(update_mask),
)