davidkotnik/novafarma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add new gcloud commands, API clients, and third-party libraries across various services.

Browse Source
This commit is contained in:
David Kotnik
2026-01-01 20:26:35 +01:00
parent 5e23cbece0
commit a19e592eb7
25221 changed files with 8324611 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
gcloud auth application-default login/google-cloud-sdk/lib/surface/iap/web/__init__.py Normal file
View File

@@ -0,0 +1,40 @@
# -*- coding: utf-8 -*- #
# Copyright 2019 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The super-group for the IAP web CLI."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(base.ReleaseTrack.GA, base.ReleaseTrack.BETA,
base.ReleaseTrack.ALPHA)
class Web(base.Group):
"""Manage IAP web policies.
Cloud Identity-Aware Proxy (Cloud IAP) controls access to your cloud
applications running on Google Cloud Platform. Cloud IAP works by
verifying user identity and context of the request to determine if a user
should be allowed to access the application.
More information on Cloud IAP can be found here:
https://cloud.google.com/iap and detailed documentation can be found here:
https://cloud.google.com/iap/docs/
"""
category = 'Identity and Security'

124
gcloud auth application-default login/google-cloud-sdk/lib/surface/iap/web/add_iam_policy_binding.py Normal file
View File

@@ -0,0 +1,124 @@
# -*- coding: utf-8 -*- #
# Copyright 2019 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Add IAM Policy Binding."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iam import iam_util
from googlecloudsdk.command_lib.iap import util as iap_util
@base.ReleaseTracks(base.ReleaseTrack.GA)
@base.DefaultUniverseOnly
class AddIamPolicyBinding(base.Command):
"""Add IAM policy binding to an IAP IAM resource.
Adds a policy binding to the IAM policy of an IAP IAM resource. One binding
consists of a member, a role, and an optional condition.
See $ {parent_command} get-iam-policy for examples of how to specify an IAP
IAM resource.
"""
detailed_help = {
'EXAMPLES':
"""\
See $ {parent_command} get-iam-policy for examples of how to specify
an IAP IAM resource.
To add an IAM policy binding for the role of 'roles/editor' for the
user 'test-user@gmail.com' on IAP IAM resource IAP_IAM_RESOURCE,
run:
$ {command} --resource-type=IAP_IAM_RESOURCE --member='user:test-user@gmail.com'
--role='roles/editor'
To add an IAM policy binding for the role of 'roles/editor' for the
user 'test-user@gmail.com' on regional IAP IAM resource
IAP_IAM_RESOURCE, run:
$ {command} --resource-type=IAP_IAM_RESOURCE --member='user:test-user@gmail.com'
--role='roles/editor' --region=REGION
To add an IAM policy binding for the role of 'roles/editor' for all
authenticated users on IAP IAM resource IAP_IAM_RESOURCE,
run:
$ {command} --resource-type=IAP_IAM_RESOURCE --member='allAuthenticatedUsers'
--role='roles/editor'
To add an IAM policy binding which expires at the end of the year 2018
for the role of 'roles/browser' and the user 'test-user@gmail.com' on
IAP IAM resource IAP_IAM_RESOURCE, run:
$ {command} --resource-type=IAP_IAM_RESOURCE --member='user:test-user@gmail.com'
--role='roles/browser' --condition='expression=request.time <
timestamp("2019-01-01T00:00:00Z"),title=expires_end_of_2018,
description=Expires at midnight on 2018-12-31'
See https://cloud.google.com/iam/docs/managing-policies for details of
policy role and member types.
""",
}
_support_cloud_run = False
@classmethod
def Args(cls, parser):
"""Register flags for this command.
Args:
parser: An argparse.ArgumentParser-like object. It is mocked out in order
to capture some information, but behaves like an ArgumentParser.
"""
iap_util.AddIapIamResourceArgs(
parser,
support_cloud_run=cls._support_cloud_run,
)
iap_util.AddAddIamPolicyBindingArgs(parser)
base.URI_FLAG.RemoveFromParser(parser)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
The specified function with its description and configured filter.
"""
condition = iam_util.ValidateAndExtractConditionMutexRole(args)
iap_iam_ref = iap_util.ParseIapIamResource(
self.ReleaseTrack(),
args,
self._support_cloud_run,
)
return iap_iam_ref.AddIamPolicyBinding(args.member, args.role, condition)
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA)
class AddIamPolicyBindingAlpha(AddIamPolicyBinding):
"""Add IAM policy binding to an IAP IAM resource.
Adds a policy binding to the IAM policy of an IAP IAM resource. One binding
consists of a member, a role, and an optional condition.
See $ {parent_command} get-iam-policy for examples of how to specify an IAP
IAM resource.
"""
_support_cloud_run = True

76
gcloud auth application-default login/google-cloud-sdk/lib/surface/iap/web/disable.py Normal file
View File

@@ -0,0 +1,76 @@
# -*- coding: utf-8 -*- #
# Copyright 2019 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Disable Identity-Aware Proxy."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iap import util as iap_util
@base.ReleaseTracks(
base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA, base.ReleaseTrack.GA
)
@base.DefaultUniverseOnly
class Disable(base.Command):
"""Disable Cloud Identity-Aware Proxy (Cloud IAP) on an IAP resource.
This command disables Cloud Identity-Aware Proxy on an IAP resource. Disabling
IAP does not clear the OAuth 2.0 credentials.
"""
detailed_help = {
'EXAMPLES':
"""\
To disable IAP on an App Engine application, run:
$ {command} --resource-type=app-engine
To disable IAP on a global backend service, run:
$ {command} --resource-type=backend-services --service=SERVICE_ID
To disable IAP on a region backend service, run:
$ {command} --resource-type=backend-services --service=SERVICE_ID
--region=REGION
""",
}
@classmethod
def Args(cls, parser):
"""Register flags for this command.
Args:
parser: An argparse.ArgumentParser-like object. It is mocked out in order
to capture some information, but behaves like an ArgumentParser.
"""
iap_util.AddIapResourceArgs(parser)
base.URI_FLAG.RemoveFromParser(parser)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
The specified function with its description and configured filter.
"""
iap_ref = iap_util.ParseIapResource(self.ReleaseTrack(), args)
return iap_ref.Disable()

82
gcloud auth application-default login/google-cloud-sdk/lib/surface/iap/web/enable.py Normal file
View File

@@ -0,0 +1,82 @@
# -*- coding: utf-8 -*- #
# Copyright 2019 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Enable Identity-Aware Proxy."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iap import util as iap_util
@base.ReleaseTracks(
base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA, base.ReleaseTrack.GA
)
@base.DefaultUniverseOnly
class Enable(base.Command):
"""Enable Cloud Identity-Aware Proxy (Cloud IAP) on an IAP resource.
This command enables Cloud Identity-Aware Proxy on an IAP resource. OAuth 2.0
credentials must be set, or must have been previously set, to enable IAP.
"""
detailed_help = {
'EXAMPLES':
"""\
To enable IAP on an App Engine application, run:
$ {command} --resource-type=app-engine
--oauth2-client-id=CLIENT_ID --oauth2-client-secret=SECRET
To enable IAP on a global backend service, run:
$ {command} --resource-type=backend-services
--oauth2-client-id=CLIENT_ID --oauth2-client-secret=SECRET
--service=SERVICE_ID
To enable IAP on a region backend service, run:
$ {command} --resource-type=backend-services
--oauth2-client-id=CLIENT_ID --oauth2-client-secret=SECRET
--service=SERVICE_ID --region=REGION
""",
}
@classmethod
def Args(cls, parser):
"""Register flags for this command.
Args:
parser: An argparse.ArgumentParser-like object. It is mocked out in order
to capture some information, but behaves like an ArgumentParser.
"""
iap_util.AddIapResourceArgs(parser)
iap_util.AddOauthClientArgs(parser)
base.URI_FLAG.RemoveFromParser(parser)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
The specified function with its description and configured filter.
"""
iap_ref = iap_util.ParseIapResource(self.ReleaseTrack(), args)
return iap_ref.Enable(args.oauth2_client_id, args.oauth2_client_secret)

132
gcloud auth application-default login/google-cloud-sdk/lib/surface/iap/web/get_iam_policy.py Normal file
View File

@@ -0,0 +1,132 @@
# -*- coding: utf-8 -*- #
# Copyright 2019 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Get IAM Policy."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iap import util as iap_util
@base.ReleaseTracks(base.ReleaseTrack.GA)
@base.DefaultUniverseOnly
class GetIamPolicy(base.ListCommand):
"""Get IAM policy for an IAP IAM resource.
*{command}* displays the IAM policy associated with an IAP IAM
resource. If formatted as JSON, the output can be edited and used as a policy
file for set-iam-policy. The output includes an "etag" field
identifying the version emitted and allowing detection of
concurrent policy updates; see
$ {parent_command} set-iam-policy for additional details.
"""
detailed_help = {
'EXAMPLES':
"""\
To get the IAM policy for the web accesses to the IAP protected
resources within the active project,
run:
$ {command}
To get the IAM policy for the web accesses to the IAP protected
resources within a project, run:
$ {command} --project=PROJECT_ID
To get the IAM policy for the web accesses to the IAP protected
resources within an App Engine application, run:
$ {command} --resource-type=app-engine
To get the IAM policy for the web accesses to the IAP protected
resources within an App Engine service, run:
$ {command} --resource-type=app-engine --service=SERVICE_ID
To get the IAM policy for the web accesses to the IAP protected
resources within an App Engine service version, run:
$ {command} --resource-type=app-engine --service=SERVICE_ID
--version=VERSION
To get the IAM policy for the web accesses to the IAP protected
resources within all backend services, run:
$ {command} --resource-type=backend-services
To get the IAM policy for the web accesses to the IAP protected
resources within a backend service, run:
$ {command} --resource-type=backend-services --service=SERVICE_ID
To get the IAM policy for the web accesses to the IAP protected
resources within a regional backend service, run:
$ {command} --resource-type=backend-services --service=SERVICE_ID
--region=REGION
""",
}
_support_cloud_run = False
@classmethod
def Args(cls, parser):
"""Register flags for this command.
Args:
parser: An argparse.ArgumentParser-like object. It is mocked out in order
to capture some information, but behaves like an ArgumentParser.
"""
iap_util.AddIapIamResourceArgs(
parser,
support_cloud_run=cls._support_cloud_run,
)
base.URI_FLAG.RemoveFromParser(parser)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
The specified function with its description and configured filter.
"""
iap_iam_ref = iap_util.ParseIapIamResource(
self.ReleaseTrack(),
args,
self._support_cloud_run)
return iap_iam_ref.GetIamPolicy()
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA)
class GetIamPolicyAlpha(GetIamPolicy):
"""Get IAM policy for an IAP IAM resource.
*{command}* displays the IAM policy associated with an IAP IAM
resource. If formatted as JSON, the output can be edited and used as a policy
file for set-iam-policy. The output includes an "etag" field
identifying the version emitted and allowing detection of
concurrent policy updates; see
$ {parent_command} set-iam-policy for additional details.
"""
_support_cloud_run = True

133
gcloud auth application-default login/google-cloud-sdk/lib/surface/iap/web/remove_iam_policy_binding.py Normal file
View File

@@ -0,0 +1,133 @@
# -*- coding: utf-8 -*- #
# Copyright 2019 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Remove IAM Policy Binding."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iam import iam_util
from googlecloudsdk.command_lib.iap import util as iap_util
@base.ReleaseTracks(base.ReleaseTrack.GA)
@base.DefaultUniverseOnly
class RemoveIamPolicyBinding(base.Command):
"""Remove IAM policy binding from an IAP IAM resource.
Removes a policy binding from the IAM policy of an IAP IAM resource. One
binding consists of a member, a role and an optional condition.
See $ {parent_command} get-iam-policy for examples of how to
specify an IAP IAM resource.
"""
detailed_help = {
'EXAMPLES':
"""\
See $ {parent_command} get-iam-policy for examples of how to specify
an IAP IAM resource.
To remove an IAM policy binding for the role of 'roles/editor' for the
user 'test-user@gmail.com' on IAP IAM resource IAP_IAM_RESOURCE, run:
$ {command} --resource-type=IAP_IAM_RESOURCE --member='user:test-user@gmail.com'
--role='roles/editor'
To remove an IAM policy binding for the role of 'roles/editor' for the
user 'test-user@gmail.com' on regional IAP IAM resource
IAP_IAM_RESOURCE, run:
$ {command} --resource-type=IAP_IAM_RESOURCE --member='user:test-user@gmail.com'
--role='roles/editor' --region=REGION
To remove an IAM policy binding for the role of 'roles/editor' from
all authenticated users on IAP IAM resource IAP_IAM_RESOURCE,run:
$ {command} --resource-type=IAP_IAM_RESOURCE --member='allAuthenticatedUsers'
--role='roles/editor'
To remove an IAM policy binding with a condition of
expression='request.time < timestamp("2019-01-01T00:00:00Z")',
title='expires_end_of_2018', and description='Expires at midnight on
2018-12-31' for the role of 'roles/browser' for the user
'test-user@gmail.com' on IAP IAM resource IAP_IAM_RESOURCE,
run:
$ {command} --resource-type=IAP_IAM_RESOURCE --member='user:test-user@gmail.com'
--role='roles/browser' --condition='expression=request.time <
timestamp("2019-01-01T00:00:00Z"),title=expires_end_of_2018,
description=Expires at midnight on 2018-12-31'
To remove all IAM policy bindings regardless of the condition for the
role of 'roles/browser' and for the user 'test-user@gmail.com' on IAP
IAM resource IAP_IAM_RESOURCE, run:
$ {command} --resource-type=IAP_IAM_RESOURCE --member='user:test-user@gmail.com'
--role='roles/browser' --all
See https://cloud.google.com/iam/docs/managing-policies for details of
policy role and member types.
""",
}
_support_cloud_run = False
@classmethod
def Args(cls, parser):
"""Register flags for this command.
Args:
parser: An argparse.ArgumentParser-like object. It is mocked out in order
to capture some information, but behaves like an ArgumentParser.
"""
iap_util.AddIapIamResourceArgs(
parser,
support_cloud_run=cls._support_cloud_run,
)
iap_util.AddRemoveIamPolicyBindingArgs(parser)
base.URI_FLAG.RemoveFromParser(parser)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
The specified function with its description and configured filter.
"""
condition = iam_util.ValidateAndExtractCondition(args)
iap_iam_ref = iap_util.ParseIapIamResource(
self.ReleaseTrack(),
args,
self._support_cloud_run,
)
return iap_iam_ref.RemoveIamPolicyBinding(args.member, args.role, condition,
args.all)
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA)
class RemoveIamPolicyBindingAlpha(RemoveIamPolicyBinding):
"""Remove IAM policy binding from an IAP IAM resource.
Removes a policy binding from the IAM policy of an IAP IAM resource. One
binding consists of a member, a role and an optional condition.
See $ {parent_command} get-iam-policy for examples of how to
specify an IAP IAM resource.
"""
_support_cloud_run = True

139
gcloud auth application-default login/google-cloud-sdk/lib/surface/iap/web/set_iam_policy.py Normal file
View File

@@ -0,0 +1,139 @@
# -*- coding: utf-8 -*- #
# Copyright 2019 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Set IAM Policy."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.iap import util as iap_util
@base.ReleaseTracks(base.ReleaseTrack.GA)
@base.DefaultUniverseOnly
class SetIamPolicy(base.Command):
"""Set the IAM policy for an IAP IAM resource.
This command replaces the existing IAM policy for an IAP IAM resource, given
a file encoded in JSON or YAML that contains the IAM policy. If the given
policy file specifies an "etag" value, then the replacement will succeed only
if the policy already in place matches that etag. (An etag obtained via
$ {parent_command} get-iam-policy will prevent the replacement if
the policy for the resource has been subsequently updated.) A policy
file that does not contain an etag value will replace any existing policy for
the resource.
"""
detailed_help = {
'EXAMPLES':
"""\
To set the IAM policy for the web accesses to the IAP protected
resources within the active project,
run:
$ {command} POLICY_FILE
To set the IAM policy for the web accesses to the IAP protected
resources within a project, run:
$ {command} POLICY_FILE --project=PROJECT_ID
To set the IAM policy for the web accesses to the IAP protected
resources within an App Engine application, run:
$ {command} POLICY_FILE --resource-type=app-engine
To set the IAM policy for the web accesses to the IAP protected
resources within an App Engine service, run:
$ {command} POLICY_FILE --resource-type=app-engine
--service=SERVICE_ID
To set the IAM policy for the web accesses to the IAP protected
resources within an App Engine service version, run:
$ {command} POLICY_FILE --resource-type=app-engine
--service=SERVICE_ID --version=VERSION
To set the IAM policy for the web accesses to the IAP protected
resources within all backend services, run:
$ {command} POLICY_FILE --resource-type=backend-services
To set the IAM policy for the web accesses to the IAP protected
resources within a backend service, run:
$ {command} POLICY_FILE --resource-type=backend-services
--service=SERVICE_ID
To set the IAM policy for the web accesses to the IAP protected
resources within a regional backend service, run:
$ {command} POLICY_FILE --resource-type=backend-services
--service=SERVICE_ID --region=REGION
""",
}
_support_cloud_run = False
@classmethod
def Args(cls, parser):
"""Register flags for this command.
Args:
parser: An argparse.ArgumentParser-like object. It is mocked out in order
to capture some information, but behaves like an ArgumentParser.
"""
iap_util.AddIapIamResourceArgs(
parser,
support_cloud_run=cls._support_cloud_run
)
iap_util.AddIAMPolicyFileArg(parser)
base.URI_FLAG.RemoveFromParser(parser)
def Run(self, args):
"""This is what gets called when the user runs this command.
Args:
args: an argparse namespace. All the arguments that were provided to this
command invocation.
Returns:
The specified function with its description and configured filter.
"""
iap_iam_ref = iap_util.ParseIapIamResource(
self.ReleaseTrack(),
args,
self._support_cloud_run,
)
return iap_iam_ref.SetIamPolicy(args.policy_file)
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA)
class SetIamPolicyAlpha(SetIamPolicy):
"""Set the IAM policy for an IAP IAM resource.
This command replaces the existing IAM policy for an IAP IAM resource, given
a file encoded in JSON or YAML that contains the IAM policy. If the given
policy file specifies an "etag" value, then the replacement will succeed only
if the policy already in place matches that etag. (An etag obtained via
$ {parent_command} get-iam-policy will prevent the replacement if
the policy for the resource has been subsequently updated.) A policy
file that does not contain an etag value will replace any existing policy for
the resource.
"""
_support_cloud_run = True