davidkotnik/novafarma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add new gcloud commands, API clients, and third-party libraries across various services.

Browse Source
This commit is contained in:
David Kotnik
2026-01-01 20:26:35 +01:00
parent 5e23cbece0
commit a19e592eb7
25221 changed files with 8324611 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/service_accounts/keys/__init__.py Normal file
View File

@@ -0,0 +1,26 @@
# -*- coding: utf-8 -*- #
# Copyright 2015 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Commands for managing service account keys."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
class Keys(base.Group):
"""Manage service account keys."""

26
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/service_accounts/keys/config/__init__.py Normal file
View File

@@ -0,0 +1,26 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command group for managing Iam key configurations."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(base.ReleaseTrack.ALPHA)
class Config(base.Group):
"""Manage Iam key configurations."""

38
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/service_accounts/keys/config/export.yaml Normal file
View File

@@ -0,0 +1,38 @@
release_tracks: [ALPHA]
command_type: CONFIG_EXPORT
help_text:
brief: Export the configuration for a Iam key.
description: |
*{command}* exports the configuration for a Iam key.
Key configurations can be exported in
Kubernetes Resource Model (krm) or Terraform HCL formats. The
default format is `krm`.
Specifying `--all` allows you to export the configurations for all
keys within the project.
Specifying `--path` allows you to export the configuration(s) to
a local directory.
examples: |
To export the configuration for a key, run:
$ {command} my-key
To export the configuration for a key to a file, run:
$ {command} my-key --path=/path/to/dir/
To export the configuration for a key in Terraform
HCL format, run:
$ {command} my-key --resource-format=terraform
To export the configurations for all keys within a
project, run:
$ {command} --all
arguments:
resource:
help_text: Key to export the configuration for.
spec: !REF googlecloudsdk.command_lib.iam.resources:iam_key

95
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/service_accounts/keys/create.py Normal file
View File

@@ -0,0 +1,95 @@
# -*- coding: utf-8 -*- #
# Copyright 2015 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command to create service account keys."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.iam import util
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iam import iam_util
from googlecloudsdk.core import log
class Create(base.Command):
"""Create a service account key.
If the service account does not exist, this command returns a
`PERMISSION_DENIED` error.
"""
detailed_help = {
'NOTES': textwrap.dedent("""
The option --key-file-type=p12 is available here only for legacy
reasons; all new use cases are encouraged to use the default 'json'
format.
"""),
'EXAMPLES': textwrap.dedent("""
To create a new service account key and save the private
portion of the key locally, run:
$ {command} key.json --iam-account=my-iam-account@my-project.iam.gserviceaccount.com
"""),
}
@staticmethod
def Args(parser):
parser.add_argument('--key-file-type',
choices=['json', 'p12'],
default='json',
help='The type of key to create.')
parser.add_argument('--iam-account',
required=True,
type=iam_util.GetIamAccountFormatValidator(),
help="""\
The service account for which to create a key.
To list all service accounts in the project, run:
$ gcloud iam service-accounts list
""")
parser.add_argument('output',
metavar='OUTPUT-FILE',
type=iam_util.GetIamOutputFileValidator(),
help='The path where the resulting private key should '
'be written. File system write permission will be '
'checked on the specified path prior to the key '
'creation.')
def Run(self, args):
client, messages = util.GetClientAndMessages()
result = client.projects_serviceAccounts_keys.Create(
messages.IamProjectsServiceAccountsKeysCreateRequest(
name=iam_util.EmailToAccountResourceName(args.iam_account),
createServiceAccountKeyRequest=
messages.CreateServiceAccountKeyRequest(
privateKeyType=iam_util.KeyTypeToCreateKeyType(
iam_util.KeyTypeFromString(args.key_file_type)))))
# Only the creating user has access. Set file permission to "-rw-------".
log.WriteToFileOrStdout(
args.output, content=result.privateKeyData, binary=True, private=True)
log.status.Print(
'created key [{0}] of type [{1}] as [{2}] for [{3}]'.format(
iam_util.GetKeyIdFromResourceName(result.name),
iam_util.KeyTypeToString(result.privateKeyType),
args.output,
args.iam_account))

85
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/service_accounts/keys/delete.py Normal file
View File

@@ -0,0 +1,85 @@
# -*- coding: utf-8 -*- #
# Copyright 2015 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for deleting a service account key."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.iam import util
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iam import iam_util
from googlecloudsdk.core import log
from googlecloudsdk.core import resources
from googlecloudsdk.core.console import console_io
class Delete(base.Command):
"""Delete a service account key.
If the service account does not exist, this command returns a
`PERMISSION_DENIED` error.
"""
detailed_help = {
'EXAMPLES': textwrap.dedent("""
To delete a key with ID `b4f1037aeef9ab37deee9` for the service
account `my-iam-account@my-project.iam.gserviceaccount.com`, run:
$ {command} b4f1037aeef9ab37deee9 --iam-account=my-iam-account@my-project.iam.gserviceaccount.com
"""),
}
@staticmethod
def Args(parser):
parser.add_argument('--iam-account',
required=True,
type=iam_util.GetIamAccountFormatValidator(),
help="""\
The service account from which to delete a key.
To list all service accounts in the project, run:
$ gcloud iam service-accounts list
""")
parser.add_argument('key',
metavar='KEY-ID',
help='The key to delete.')
def Run(self, args):
key_ref = resources.REGISTRY.Parse(
args.key,
collection='iam.projects.serviceAccounts.keys',
params={
'serviceAccountsId': args.iam_account,
'projectsId': '-'
})
key = key_ref.keysId
console_io.PromptContinue(
message='You are about to delete key [{0}] for service '
'account [{1}].'.format(args.key, args.iam_account),
cancel_on_no=True)
client, messages = util.GetClientAndMessages()
client.projects_serviceAccounts_keys.Delete(
messages.IamProjectsServiceAccountsKeysDeleteRequest(
name=key_ref.RelativeName()))
log.status.Print('deleted key [{1}] for service account [{0}]'.format(
args.iam_account, key))

30
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/service_accounts/keys/disable.yaml Normal file
View File

@@ -0,0 +1,30 @@
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Disable a service account key.
description: |
Disable a service account key.
If the service account does not exist, this command returns a `PERMISSION_DENIED` error.
examples: |
To disable a key with ID `b4f1037aeef9ab37deee9` for the service
account `my-iam-account@my-project.iam.gserviceaccount.com`, run:
{command} b4f1037aeef9ab37deee9 --iam-account=my-iam-account@my-project.iam.gserviceaccount.com
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.iam.resources:iam_key
is_positional: true
help_text: |
The id of the key to disable.
request:
collection: iam.projects.serviceAccounts.keys
method: disable
modify_request_hooks:
- googlecloudsdk.command_lib.iam.hooks:EraseProjectHook
response:
modify_response_hooks:
- googlecloudsdk.command_lib.iam.hooks:DisableIamKeyConfirmation

31
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/service_accounts/keys/enable.yaml Normal file
View File

@@ -0,0 +1,31 @@
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Enable a service account key.
description: |
Enable a service account key.
If the service account does not exist, this command returns a `PERMISSION_DENIED` error.
examples: |
To enable a key with ID `b4f1037aeef9ab37deee9` for the service
account `my-iam-account@my-project.iam.gserviceaccount.com`, run:
{command} b4f1037aeef9ab37deee9 --iam-account=my-iam-account@my-project.iam.gserviceaccount.com
arguments:
resource:
spec: !REF googlecloudsdk.command_lib.iam.resources:iam_key
is_positional: true
help_text: |
The id of the key to disable.
request:
collection: iam.projects.serviceAccounts.keys
method: enable
modify_request_hooks:
- googlecloudsdk.command_lib.iam.hooks:EraseProjectHook
response:
modify_response_hooks:
- googlecloudsdk.command_lib.iam.hooks:EnableIamKeyConfirmation

89
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/service_accounts/keys/get_public_key.py Normal file
View File

@@ -0,0 +1,89 @@
# -*- coding: utf-8 -*- #
# Copyright 2017 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for listing service account keys."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.iam import util
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iam import iam_util
from googlecloudsdk.core import log
from googlecloudsdk.core import resources
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA)
class GetPublicKey(base.Command):
"""Get the public key for a service account key pair.
Get the public key for a service account key pair in pem or raw format.
"""
detailed_help = {
'EXAMPLES':
textwrap.dedent("""
To get the public key for some key ID for some service account
(to validate a blob or JWT signature, for example), run:
$ {command} keyid --output-file=key-file --iam-account=my-iam-account@my-project.iam.gserviceaccount.com
"""),
}
@staticmethod
def Args(parser):
parser.add_argument('key', metavar='KEY-ID', help='The key to get.')
parser.add_argument(
'--output-file',
required=True,
help='The output file to write the public key.')
parser.add_argument(
'--iam-account',
required=True,
type=iam_util.GetIamAccountFormatValidator(),
help='A textual name to display for the account.')
parser.add_argument(
'--type',
choices=['pem', 'raw'],
default='pem',
help='The type of the public key to get.')
parser.display_info.AddFormat(iam_util.SERVICE_ACCOUNT_KEY_FORMAT)
def Run(self, args):
key_ref = resources.REGISTRY.Parse(
args.key,
collection='iam.projects.serviceAccounts.keys',
params={
'serviceAccountsId': args.iam_account,
'projectsId': '-'
})
key = key_ref.keysId
client, messages = util.GetClientAndMessages()
result = client.projects_serviceAccounts_keys.Get(
messages.IamProjectsServiceAccountsKeysGetRequest(
name=key_ref.RelativeName(),
publicKeyType=iam_util.PublicKeyTypeFromString(args.type)))
log.WriteToFileOrStdout(
args.output_file, content=result.publicKeyData, binary=True)
log.status.Print('written key [{0}] for [{2}] as [{1}]'.format(
key, args.output_file, args.iam_account))

83
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/service_accounts/keys/list.py Normal file
View File

@@ -0,0 +1,83 @@
# -*- coding: utf-8 -*- #
# Copyright 2015 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for listing service account keys."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import textwrap
from googlecloudsdk.api_lib.iam import util
from googlecloudsdk.calliope import arg_parsers
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iam import iam_util
from googlecloudsdk.core.util import times
class List(base.ListCommand):
"""List the keys for a service account.
If the service account does not exist, this command returns a
`PERMISSION_DENIED` error.
"""
detailed_help = {
'EXAMPLES': textwrap.dedent("""
To list all user-managed keys created before noon on July 19th, 2015
(to perform key rotation, for example), run:
$ {command} --iam-account=my-iam-account@my-project.iam.gserviceaccount.com --managed-by=user --created-before=2015-07-19T12:00:00Z
"""),
}
@staticmethod
def Args(parser):
parser.add_argument('--managed-by',
choices=['user', 'system', 'any'],
default='any',
help='The types of keys to list.')
parser.add_argument(
'--created-before',
type=arg_parsers.Datetime.Parse,
help=('Return only keys created before the specified time. '
'Common time formats are accepted. This is equivalent to '
'--filter="validAfterTime<DATE_TIME". See '
'$ gcloud topic datetimes for information on time formats.'))
parser.add_argument('--iam-account',
required=True,
type=iam_util.GetIamAccountFormatValidator(),
help='A textual name to display for the account.')
parser.display_info.AddFormat(iam_util.SERVICE_ACCOUNT_KEY_FORMAT)
base.URI_FLAG.RemoveFromParser(parser)
def Run(self, args):
client, messages = util.GetClientAndMessages()
result = client.projects_serviceAccounts_keys.List(
messages.IamProjectsServiceAccountsKeysListRequest(
name=iam_util.EmailToAccountResourceName(args.iam_account),
keyTypes=iam_util.ManagedByFromString(args.managed_by)))
keys = result.keys
if args.created_before:
ts = args.created_before
keys = [
key for key in keys if times.ParseDateTime(key.validAfterTime) < ts
]
return keys

34
gcloud auth application-default login/google-cloud-sdk/lib/surface/iam/service_accounts/keys/upload.yaml Normal file
View File

@@ -0,0 +1,34 @@
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Upload a public key for an IAM service account.
description: |
Upload a public key for an IAM service account.
If the service account does not exist, this command returns a `PERMISSION_DENIED` error.
examples: |
The following command uploads a public key certificate to a service account:
{command} test_data/public_key.cert --iam-account=my-iam-account@my-project.iam.gserviceaccount.com
arguments:
resource:
help_text: The service account for which to upload a key.
spec: !REF googlecloudsdk.command_lib.iam.resources:iam_account
is_positional: false
is_parent_resource: true
params:
- arg_name: public_key_file
api_field: uploadServiceAccountKeyRequest.publicKeyData
required: true
is_positional: true
help_text: |
Path of the file containing the public key. Note that only public key data in the format of
RSA_X509_PEM is supported. See https://cloud.google.com/iot/docs/concepts/device-security#public_key_format
for more information.
processor: googlecloudsdk.command_lib.iam.hooks:GeneratePublicKeyDataFromFile
request:
collection: iam.projects.serviceAccounts.keys
modify_request_hooks:
- googlecloudsdk.command_lib.iam.hooks:EraseProjectHook
- googlecloudsdk.command_lib.iam.hooks:SetServiceAccountResource
method: upload