davidkotnik/novafarma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add new gcloud commands, API clients, and third-party libraries across various services.

Browse Source
This commit is contained in:
David Kotnik
2026-01-01 20:26:35 +01:00
parent 5e23cbece0
commit a19e592eb7
25221 changed files with 8324611 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/__init__.py Normal file
View File

@@ -0,0 +1,33 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Provide commands for managing SSL certificates of Cloud SQL instances."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
from googlecloudsdk.calliope import exceptions
@base.ReleaseTracks(base.ReleaseTrack.GA, base.ReleaseTrack.BETA,
base.ReleaseTrack.ALPHA)
class Ssl(base.Group):
"""Provide commands for managing SSL certificates of Cloud SQL instances.
Provide commands for managing client certs and server CA certs of Cloud SQL
instances.
"""
category = base.DATABASES_CATEGORY

34
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/client_certs/__init__.py Normal file
View File

@@ -0,0 +1,34 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Provide commands for managing client certificates of Cloud SQL instances."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
from googlecloudsdk.calliope import exceptions
@base.ReleaseTracks(base.ReleaseTrack.GA, base.ReleaseTrack.BETA,
base.ReleaseTrack.ALPHA)
class ClientCerts(base.Group):
"""Provide commands for managing client certificates of Cloud SQL instances.
Provide commands for managing client certificates of Cloud SQL instances,
including creating, deleting, listing, and getting information about
certificates.
"""

114
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/client_certs/create.py Normal file
View File

@@ -0,0 +1,114 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Create a client certificate for a Cloud SQL instance."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import os
from googlecloudsdk.api_lib.sql import api_util
from googlecloudsdk.api_lib.sql import exceptions
from googlecloudsdk.api_lib.sql import validate
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.sql import flags
from googlecloudsdk.core import log
from googlecloudsdk.core import properties
from googlecloudsdk.core.util import files
import six
class _BaseAddCert(object):
"""Base class for sql ssl client_certs create."""
@staticmethod
def Args(parser):
"""Declare flag and positional arguments for the command parser."""
parser.add_argument(
'common_name',
help='User supplied name. Constrained to ```[a-zA-Z.-_ ]+```.')
parser.add_argument(
'cert_file',
default=None,
help=('Location of file which the private key of the created ssl-cert'
' will be written to.'))
flags.AddInstance(parser)
parser.display_info.AddFormat(flags.CLIENT_CERTS_FORMAT)
def Run(self, args):
"""Create a client certificate for a Cloud SQL instance.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
A dict object representing the operations resource describing the create
operation if the create was successful.
Raises:
ArgumentError: If the file path provided cannot be written to.
"""
if os.path.exists(args.cert_file):
raise exceptions.ArgumentError(
'file [{path}] already exists'.format(path=args.cert_file))
# First check if args.out_file is writeable. If not, abort and don't create
# the useless cert.
try:
files.WriteFileContents(
args.cert_file, 'placeholder\n', private=True, create_path=False)
except (files.Error, OSError) as e:
raise exceptions.ArgumentError('unable to write [{path}]: {error}'.format(
path=args.cert_file, error=six.text_type(e)))
client = api_util.SqlClient(api_util.API_VERSION_DEFAULT)
sql_client = client.sql_client
sql_messages = client.sql_messages
validate.ValidateInstanceName(args.instance)
instance_ref = client.resource_parser.Parse(
args.instance,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='sql.instances')
# TODO(b/36049399): figure out how to rectify the common_name and the
# sha1fingerprint, so that things can work with the resource parser.
result = sql_client.sslCerts.Insert(
sql_messages.SqlSslCertsInsertRequest(
project=instance_ref.project,
instance=instance_ref.instance,
sslCertsInsertRequest=sql_messages.SslCertsInsertRequest(
commonName=args.common_name)))
private_key = result.clientCert.certPrivateKey
files.WriteFileContents(args.cert_file, private_key + '\n', private=True)
cert_ref = client.resource_parser.Create(
collection='sql.sslCerts',
project=instance_ref.project,
instance=instance_ref.instance,
sha1Fingerprint=result.clientCert.certInfo.sha1Fingerprint)
log.CreatedResource(cert_ref)
return result.clientCert.certInfo
@base.ReleaseTracks(base.ReleaseTrack.GA, base.ReleaseTrack.BETA,
base.ReleaseTrack.ALPHA)
class AddCert(_BaseAddCert, base.CreateCommand):
"""Create a client certificate for a Cloud SQL instance."""
pass

116
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/client_certs/delete.py Normal file
View File

@@ -0,0 +1,116 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Delete a client certificate for a Cloud SQL instance."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.sql import api_util
from googlecloudsdk.api_lib.sql import cert
from googlecloudsdk.api_lib.sql import exceptions
from googlecloudsdk.api_lib.sql import operations
from googlecloudsdk.api_lib.sql import validate
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.sql import flags
from googlecloudsdk.core import log
from googlecloudsdk.core import properties
from googlecloudsdk.core.console import console_io
class _BaseDelete(object):
"""Base class for sql ssl client_certs delete."""
@staticmethod
def Args(parser):
"""Args is called by calliope to gather arguments for this command.
Args:
parser: An argparse parser that you can use to add arguments that go
on the command line after this command. Positional arguments are
allowed.
"""
base.ASYNC_FLAG.AddToParser(parser)
parser.add_argument(
'common_name',
help='User supplied name. Constrained to ```[a-zA-Z.-_ ]+```.')
flags.AddInstance(parser)
@base.ReleaseTracks(base.ReleaseTrack.GA, base.ReleaseTrack.BETA,
base.ReleaseTrack.ALPHA)
class Delete(_BaseDelete, base.Command):
"""Delete a client certificate for a Cloud SQL instance."""
def Run(self, args):
"""Delete a client certificate for a Cloud SQL instance.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
A dict object representing the operations resource describing the delete
operation if the api request was successful.
Raises:
ResourceNotFoundError: The ssl cert could not be found for the instance.
"""
client = api_util.SqlClient(api_util.API_VERSION_DEFAULT)
sql_client = client.sql_client
sql_messages = client.sql_messages
validate.ValidateInstanceName(args.instance)
instance_ref = client.resource_parser.Parse(
args.instance,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='sql.instances')
# TODO(b/36050482): figure out how to rectify the common_name and the
# sha1fingerprint, so that things can work with the resource parser.
console_io.PromptContinue(
message='{0} will be deleted. New connections can no longer be made '
'using this certificate. Existing connections are not affected.'.format(
args.common_name),
default=True,
cancel_on_no=True)
cert_ref = cert.GetCertRefFromName(sql_client, sql_messages,
client.resource_parser, instance_ref,
args.common_name)
if not cert_ref:
raise exceptions.ResourceNotFoundError(
'no ssl cert named [{name}] for instance [{instance}]'.format(
name=args.common_name, instance=instance_ref))
result = sql_client.sslCerts.Delete(
sql_messages.SqlSslCertsDeleteRequest(
project=cert_ref.project,
instance=cert_ref.instance,
sha1Fingerprint=cert_ref.sha1Fingerprint))
operation_ref = client.resource_parser.Create(
'sql.operations', operation=result.name, project=cert_ref.project)
if args.async_:
return sql_client.operations.Get(
sql_messages.SqlOperationsGetRequest(
project=operation_ref.project,
operation=operation_ref.operation))
operations.OperationsV1Beta4.WaitForOperation(sql_client, operation_ref,
'Deleting sslCert')
log.DeletedResource(cert_ref)

76
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/client_certs/describe.py Normal file
View File

@@ -0,0 +1,76 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Retrieve information about a client cert for a Cloud SQL instance."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.sql import api_util
from googlecloudsdk.api_lib.sql import cert
from googlecloudsdk.api_lib.sql import validate
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.sql import flags
from googlecloudsdk.core import properties
class _BaseGet(object):
"""Base class for sql ssl client_certs list."""
@staticmethod
def Args(parser):
"""Args is called by calliope to gather arguments for this command.
Args:
parser: An argparse parser that you can use it to add arguments that go
on the command line after this command. Positional arguments are
allowed.
"""
parser.add_argument(
'common_name',
help='User supplied name. Constrained to ```[a-zA-Z.-_ ]+```.')
flags.AddInstance(parser)
def Run(self, args):
"""Retrieve information about a client cert for a Cloud SQL instance.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
A dict object representing the sslCerts resource if the api request was
successful.
"""
client = api_util.SqlClient(api_util.API_VERSION_DEFAULT)
sql_client = client.sql_client
sql_messages = client.sql_messages
validate.ValidateInstanceName(args.instance)
instance_ref = client.resource_parser.Parse(
args.instance,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='sql.instances')
# sha1fingerprint, so that things can work with the resource parser.
return cert.GetCertFromName(sql_client, sql_messages, instance_ref,
args.common_name)
@base.ReleaseTracks(base.ReleaseTrack.GA, base.ReleaseTrack.BETA,
base.ReleaseTrack.ALPHA)
class Get(_BaseGet, base.DescribeCommand):
"""Retrieve information about a client cert for a Cloud SQL instance."""
pass

67
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/client_certs/list.py Normal file
View File

@@ -0,0 +1,67 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""List all client certs for a Cloud SQL instance."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.sql import api_util
from googlecloudsdk.api_lib.sql import validate
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.sql import flags
from googlecloudsdk.core import properties
class _BaseList(object):
"""Base class for sql ssl client_certs list."""
@staticmethod
def Args(parser):
flags.AddInstance(parser)
parser.display_info.AddFormat(flags.CLIENT_CERTS_FORMAT)
def Run(self, args):
"""List all client certs for a Cloud SQL instance.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
A dict object that has the list of sslCerts resources if the api request
was successful.
"""
client = api_util.SqlClient(api_util.API_VERSION_DEFAULT)
sql_client = client.sql_client
sql_messages = client.sql_messages
validate.ValidateInstanceName(args.instance)
instance_ref = client.resource_parser.Parse(
args.instance,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='sql.instances')
result = sql_client.sslCerts.List(
sql_messages.SqlSslCertsListRequest(
project=instance_ref.project, instance=instance_ref.instance))
return iter(result.items)
@base.ReleaseTracks(base.ReleaseTrack.GA, base.ReleaseTrack.BETA,
base.ReleaseTrack.ALPHA)
class List(_BaseList, base.ListCommand):
"""List all client certs for a Cloud SQL instance."""
pass

32
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/entraid_certs/__init__.py Normal file
View File

@@ -0,0 +1,32 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Provide commands for managing Entra ID certificates of Cloud SQL instances."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
from googlecloudsdk.calliope import exceptions
@base.ReleaseTracks(base.ReleaseTrack.BETA, base.ReleaseTrack.ALPHA)
@base.DefaultUniverseOnly
class EntraIdCerts(base.Group):
"""Provide commands for managing Entra ID certificates of Cloud SQL instances.
Provide commands for managing Entra ID certificates of Cloud SQL instances,
including creating, listing, rotating in, and rolling back certificates.
"""

95
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/entraid_certs/create.py Normal file
View File

@@ -0,0 +1,95 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Create an Entra ID certificate for a Cloud SQL instance."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.sql import api_util
from googlecloudsdk.api_lib.sql import operations
from googlecloudsdk.api_lib.sql import validate
from googlecloudsdk.api_lib.sql.ssl import entraid_certs
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.sql import flags
from googlecloudsdk.core import properties
class _BaseAddCert(object):
"""Base class for sql entraid-certs create."""
@staticmethod
def Args(parser):
"""Declare flag and positional arguments for the command parser."""
base.ASYNC_FLAG.AddToParser(parser)
flags.AddInstance(parser)
parser.display_info.AddFormat(flags.ENTRAID_CERTS_FORMAT)
def Run(self, args):
"""Create a Entra ID certificate for a Cloud SQL instance.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
The upcoming Entra ID Cert, if the operation was successful.
"""
client = api_util.SqlClient(api_util.API_VERSION_DEFAULT)
sql_client = client.sql_client
sql_messages = client.sql_messages
validate.ValidateInstanceName(args.instance)
instance_ref = client.resource_parser.Parse(
args.instance,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='sql.instances')
result_operation = sql_client.instances.AddEntraIdCertificate(
sql_messages.SqlInstancesAddEntraIdCertificateRequest(
project=instance_ref.project, instance=instance_ref.instance
)
)
operation_ref = client.resource_parser.Create(
'sql.operations',
operation=result_operation.name,
project=instance_ref.project)
operations.OperationsV1Beta4.WaitForOperation(
sql_client, operation_ref, 'Creating Entra ID Certificate'
)
added_entraid_cert, status = entraid_certs.GetAddedEntraIdCertificate(
sql_client, sql_messages, instance_ref
)
return flags.EntraIdCertForPrint(
added_entraid_cert,
status,
)
@base.ReleaseTracks(
base.ReleaseTrack.BETA, base.ReleaseTrack.ALPHA
)
@base.DefaultUniverseOnly
class AddCert(_BaseAddCert, base.CreateCommand):
"""Create an Entra ID certificate for a Cloud SQL instance."""
pass

84
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/entraid_certs/list.py Normal file
View File

@@ -0,0 +1,84 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""List Entra ID certificates for a Cloud SQL instance."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.sql import api_util
from googlecloudsdk.api_lib.sql import validate
from googlecloudsdk.api_lib.sql.ssl import entraid_certs
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.sql import flags
from googlecloudsdk.core import properties
class _BaseList(object):
"""Base class for sql ssl entraid_certs list."""
@staticmethod
def Args(parser):
flags.AddInstance(parser)
parser.display_info.AddFormat(flags.ENTRAID_CERTS_FORMAT)
def Run(self, args):
"""List all Entra ID certificates for a Cloud SQL instance.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
A dict object that has the list of Entra ID Certs resources if the api
request was successful.
"""
client = api_util.SqlClient(api_util.API_VERSION_DEFAULT)
sql_client = client.sql_client
sql_messages = client.sql_messages
validate.ValidateInstanceName(args.instance)
instance_ref = client.resource_parser.Parse(
args.instance,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='sql.instances')
resp = entraid_certs.ListEntraIdCertificates(
sql_client, sql_messages, instance_ref
)
if not resp.certs:
return iter([flags.EntraIdCertForPrint(None, None)])
entraid_cert_types = entraid_certs.GetEntraIdCertificateTypeDict(resp)
hash2status = {
cert.sha1Fingerprint: status
for status, cert in entraid_cert_types.items()
}
result = [
flags.EntraIdCertForPrint(
cert, hash2status[cert.sha1Fingerprint]
)
for cert in resp.certs
]
return iter(result)
@base.ReleaseTracks(
base.ReleaseTrack.BETA, base.ReleaseTrack.ALPHA
)
@base.DefaultUniverseOnly
class List(_BaseList, base.ListCommand):
"""List all Entra ID certificates for a Cloud SQL instance."""
pass

107
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/entraid_certs/rollback.py Normal file
View File

@@ -0,0 +1,107 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Roll back to the previous Entra ID certificate for a Cloud SQL instance."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.sql import api_util
from googlecloudsdk.api_lib.sql import exceptions
from googlecloudsdk.api_lib.sql import operations
from googlecloudsdk.api_lib.sql import validate
from googlecloudsdk.api_lib.sql.ssl import entraid_certs
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.sql import flags
from googlecloudsdk.core import properties
class _BaseRollbackCert(object):
"""Base class for sql entraid_certs rollback."""
@staticmethod
def Args(parser):
"""Declare flag and positional arguments for the command parser."""
base.ASYNC_FLAG.AddToParser(parser)
flags.AddInstance(parser)
parser.display_info.AddFormat(flags.ENTRAID_CERTS_FORMAT)
def Run(self, args):
"""Roll back to the previous Entra ID certificate for a Cloud SQL instance.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
The Entra ID Cert that was rolled back to, if the operation was
successful.
"""
client = api_util.SqlClient(api_util.API_VERSION_DEFAULT)
sql_client = client.sql_client
sql_messages = client.sql_messages
validate.ValidateInstanceName(args.instance)
instance_ref = client.resource_parser.Parse(
args.instance,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='sql.instances',
)
previous_entraid_cert, _ = entraid_certs.GetPreviousEntraIdCertificate(
sql_client, sql_messages, instance_ref
)
if not previous_entraid_cert:
raise exceptions.ResourceNotFoundError(
'No previous Entra ID Certificate exists.'
)
result_operation = sql_client.instances.RotateEntraIdCertificate(
sql_messages.SqlInstancesRotateEntraIdCertificateRequest(
project=instance_ref.project,
instance=instance_ref.instance,
instancesRotateEntraIdCertificateRequest=sql_messages.InstancesRotateEntraIdCertificateRequest(
rotateEntraIdCertificateContext=sql_messages.RotateEntraIdCertificateContext(
nextVersion=previous_entraid_cert.sha1Fingerprint
)
),
)
)
operation_ref = client.resource_parser.Create(
'sql.operations',
operation=result_operation.name,
project=instance_ref.project,
)
operations.OperationsV1Beta4.WaitForOperation(
sql_client,
operation_ref,
'Rolling back to previous Entra ID Certificate',
)
# The previous cert is now active after the rollback.
return flags.EntraIdCertForPrint(
previous_entraid_cert, entraid_certs.ACTIVE_CERT_LABEL
)
@base.ReleaseTracks(base.ReleaseTrack.BETA, base.ReleaseTrack.ALPHA)
@base.DefaultUniverseOnly
class RollbackCert(_BaseRollbackCert, base.CreateCommand):
"""Roll back to the previous Entra ID certificate for a Cloud SQL instance."""
pass

99
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/entraid_certs/rotate.py Normal file
View File

@@ -0,0 +1,99 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Rotate in the next Entra ID certificate for a Cloud SQL instance."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.sql import api_util
from googlecloudsdk.api_lib.sql import exceptions
from googlecloudsdk.api_lib.sql import operations
from googlecloudsdk.api_lib.sql import validate
from googlecloudsdk.api_lib.sql.ssl import entraid_certs
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.sql import flags
from googlecloudsdk.core import properties
class _BaseRotateCert(object):
"""Base class for sql ssl entraid_certs rotate."""
@staticmethod
def Args(parser):
"""Declare flag and positional arguments for the command parser."""
base.ASYNC_FLAG.AddToParser(parser)
flags.AddInstance(parser)
parser.display_info.AddFormat(flags.ENTRAID_CERTS_FORMAT)
def Run(self, args):
"""Rotate in the upcoming Entra ID certificate for a Cloud SQL instance.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
The Entra ID certificate that was rotated in, if the operation was
successful.
"""
client = api_util.SqlClient(api_util.API_VERSION_DEFAULT)
sql_client = client.sql_client
sql_messages = client.sql_messages
validate.ValidateInstanceName(args.instance)
instance_ref = client.resource_parser.Parse(
args.instance,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='sql.instances')
next_entraid_cert, _ = entraid_certs.GetNextEntraIdCertificate(
sql_client, sql_messages, instance_ref
)
if next_entraid_cert is None:
raise exceptions.ResourceNotFoundError(
'No upcoming Entra ID Certificate exists.'
)
result_operation = sql_client.instances.RotateEntraIdCertificate(
sql_messages.SqlInstancesRotateEntraIdCertificateRequest(
project=instance_ref.project, instance=instance_ref.instance
)
)
operation_ref = client.resource_parser.Create(
'sql.operations',
operation=result_operation.name,
project=instance_ref.project)
operations.OperationsV1Beta4.WaitForOperation(
sql_client, operation_ref, 'Rotating to upcoming Entra ID Certificate'
)
# After the rotation, the next Entra ID certificate becomes the active one.
return flags.EntraIdCertForPrint(
next_entraid_cert, entraid_certs.ACTIVE_CERT_LABEL
)
@base.ReleaseTracks(
base.ReleaseTrack.BETA, base.ReleaseTrack.ALPHA
)
@base.DefaultUniverseOnly
class RotateCert(_BaseRotateCert, base.CreateCommand):
"""Rotate in the upcoming Entra ID certificate for a Cloud SQL instance."""
pass

34
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/server_ca_certs/__init__.py Normal file
View File

@@ -0,0 +1,34 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Provide commands for managing server CA certs of Cloud SQL instances."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
from googlecloudsdk.calliope import exceptions
@base.ReleaseTracks(
base.ReleaseTrack.GA, base.ReleaseTrack.BETA, base.ReleaseTrack.ALPHA
)
@base.UniverseCompatible
class ServerCaCerts(base.Group):
"""Provide commands for managing server CA certs of Cloud SQL instances.
Provide commands for managing server CA certs of Cloud SQL instances,
including creating, listing, rotating in, and rolling back certs.
"""

93
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/server_ca_certs/create.py Normal file
View File

@@ -0,0 +1,93 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Create a server CA cert for a Cloud SQL instance."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.sql import api_util
from googlecloudsdk.api_lib.sql import operations
from googlecloudsdk.api_lib.sql import validate
from googlecloudsdk.api_lib.sql.ssl import server_ca_certs
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.sql import flags
from googlecloudsdk.core import log
from googlecloudsdk.core import properties
class _BaseAddCert(object):
"""Base class for sql server_ca_certs create."""
@staticmethod
def Args(parser):
"""Declare flag and positional arguments for the command parser."""
base.ASYNC_FLAG.AddToParser(parser)
flags.AddInstance(parser)
parser.display_info.AddFormat(flags.SERVER_CA_CERTS_FORMAT)
def Run(self, args):
"""Create a server CA cert for a Cloud SQL instance.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
The upcoming Server CA Cert, if the operation was successful.
"""
client = api_util.SqlClient(api_util.API_VERSION_DEFAULT)
sql_client = client.sql_client
sql_messages = client.sql_messages
validate.ValidateInstanceName(args.instance)
instance_ref = client.resource_parser.Parse(
args.instance,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='sql.instances')
result_operation = sql_client.instances.AddServerCa(
sql_messages.SqlInstancesAddServerCaRequest(
project=instance_ref.project, instance=instance_ref.instance))
operation_ref = client.resource_parser.Create(
'sql.operations',
operation=result_operation.name,
project=instance_ref.project)
operations.OperationsV1Beta4.WaitForOperation(
sql_client, operation_ref, 'Creating Server CA Certificate')
next_server_ca = server_ca_certs.GetNextServerCa(sql_client, sql_messages,
instance_ref)
cert_ref = client.resource_parser.Create(
collection='sql.sslCerts',
project=instance_ref.project,
instance=instance_ref.instance,
sha1Fingerprint=next_server_ca.sha1Fingerprint)
log.CreatedResource(cert_ref)
return next_server_ca
@base.ReleaseTracks(
base.ReleaseTrack.GA, base.ReleaseTrack.BETA, base.ReleaseTrack.ALPHA
)
@base.UniverseCompatible
class AddCert(_BaseAddCert, base.CreateCommand):
"""Create a server CA cert for a Cloud SQL instance."""
pass

69
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/server_ca_certs/list.py Normal file
View File

@@ -0,0 +1,69 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""List all server CA certs for a Cloud SQL instance."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.sql import api_util
from googlecloudsdk.api_lib.sql import validate
from googlecloudsdk.api_lib.sql.ssl import server_ca_certs
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.sql import flags
from googlecloudsdk.core import properties
class _BaseList(object):
"""Base class for sql ssl server_ca_certs list."""
@staticmethod
def Args(parser):
flags.AddInstance(parser)
parser.display_info.AddFormat(flags.SERVER_CA_CERTS_FORMAT)
def Run(self, args):
"""List all server CA certs for a Cloud SQL instance.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
A dict object that has the list of sslCerts resources if the api request
was successful.
"""
client = api_util.SqlClient(api_util.API_VERSION_DEFAULT)
sql_client = client.sql_client
sql_messages = client.sql_messages
validate.ValidateInstanceName(args.instance)
instance_ref = client.resource_parser.Parse(
args.instance,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='sql.instances')
result = server_ca_certs.ListServerCas(sql_client, sql_messages,
instance_ref)
return iter(result.certs)
@base.ReleaseTracks(
base.ReleaseTrack.GA, base.ReleaseTrack.BETA, base.ReleaseTrack.ALPHA
)
@base.UniverseCompatible
class List(_BaseList, base.ListCommand):
"""List all server CA certs for a Cloud SQL instance."""
pass

97
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/server_ca_certs/rollback.py Normal file
View File

@@ -0,0 +1,97 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Roll back to the previous server CA cert for a Cloud SQL instance."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.sql import api_util
from googlecloudsdk.api_lib.sql import exceptions
from googlecloudsdk.api_lib.sql import operations
from googlecloudsdk.api_lib.sql import validate
from googlecloudsdk.api_lib.sql.ssl import server_ca_certs
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.sql import flags
from googlecloudsdk.core import properties
class _BaseRollbackCert(object):
"""Base class for sql server_ca_certs rollback."""
@staticmethod
def Args(parser):
"""Declare flag and positional arguments for the command parser."""
base.ASYNC_FLAG.AddToParser(parser)
flags.AddInstance(parser)
parser.display_info.AddFormat(flags.SERVER_CA_CERTS_FORMAT)
def Run(self, args):
"""Roll back to the previous server CA cert for a Cloud SQL instance.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
The Server CA Cert that was rolled back to, if the operation was
successful.
"""
client = api_util.SqlClient(api_util.API_VERSION_DEFAULT)
sql_client = client.sql_client
sql_messages = client.sql_messages
validate.ValidateInstanceName(args.instance)
instance_ref = client.resource_parser.Parse(
args.instance,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='sql.instances')
previous_server_ca = server_ca_certs.GetPreviousServerCa(
sql_client, sql_messages, instance_ref)
if not previous_server_ca:
raise exceptions.ResourceNotFoundError(
'No previous Server CA Certificate exists.')
result_operation = sql_client.instances.RotateServerCa(
sql_messages.SqlInstancesRotateServerCaRequest(
project=instance_ref.project,
instance=instance_ref.instance,
instancesRotateServerCaRequest=sql_messages.
InstancesRotateServerCaRequest(
rotateServerCaContext=sql_messages.RotateServerCaContext(
nextVersion=previous_server_ca.sha1Fingerprint))))
operation_ref = client.resource_parser.Create(
'sql.operations',
operation=result_operation.name,
project=instance_ref.project)
operations.OperationsV1Beta4.WaitForOperation(
sql_client, operation_ref,
'Rolling back to previous Server CA Certificate')
return previous_server_ca
@base.ReleaseTracks(
base.ReleaseTrack.GA, base.ReleaseTrack.BETA, base.ReleaseTrack.ALPHA
)
@base.UniverseCompatible
class RollbackCert(_BaseRollbackCert, base.CreateCommand):
"""Roll back to the previous server CA cert for a Cloud SQL instance."""
pass

94
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/server_ca_certs/rotate.py Normal file
View File

@@ -0,0 +1,94 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Rotate in the next server CA cert for a Cloud SQL instance."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.sql import api_util
from googlecloudsdk.api_lib.sql import exceptions
from googlecloudsdk.api_lib.sql import operations
from googlecloudsdk.api_lib.sql import validate
from googlecloudsdk.api_lib.sql.ssl import server_ca_certs
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.sql import flags
from googlecloudsdk.core import properties
class _BaseRotateCert(object):
"""Base class for sql server_ca_certs rotate."""
@staticmethod
def Args(parser):
"""Declare flag and positional arguments for the command parser."""
base.ASYNC_FLAG.AddToParser(parser)
flags.AddInstance(parser)
parser.display_info.AddFormat(flags.SERVER_CA_CERTS_FORMAT)
def Run(self, args):
"""Rotate in the upcoming server CA cert for a Cloud SQL instance.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
The Server CA Cert that was rotated in, if the operation was successful.
"""
client = api_util.SqlClient(api_util.API_VERSION_DEFAULT)
sql_client = client.sql_client
sql_messages = client.sql_messages
validate.ValidateInstanceName(args.instance)
instance_ref = client.resource_parser.Parse(
args.instance,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='sql.instances')
next_server_ca = server_ca_certs.GetNextServerCa(sql_client, sql_messages,
instance_ref)
if not next_server_ca:
raise exceptions.ResourceNotFoundError(
'No upcoming Server CA Certificate exists. To create a new one, run '
'`gcloud sql ssl server-ca-certs create`.\n\nNote: For '
'instances using Certificate Authority Service (CAS), '
'instead, create or rotate the server certificate '
'using `gcloud sql ssl server-certs create`.')
result_operation = sql_client.instances.RotateServerCa(
sql_messages.SqlInstancesRotateServerCaRequest(
project=instance_ref.project, instance=instance_ref.instance))
operation_ref = client.resource_parser.Create(
'sql.operations',
operation=result_operation.name,
project=instance_ref.project)
operations.OperationsV1Beta4.WaitForOperation(
sql_client, operation_ref, 'Rotating to upcoming Server CA Certificate')
return next_server_ca
@base.ReleaseTracks(
base.ReleaseTrack.GA, base.ReleaseTrack.BETA, base.ReleaseTrack.ALPHA
)
@base.UniverseCompatible
class RotateCert(_BaseRotateCert, base.CreateCommand):
"""Rotate in the upcoming server CA cert for a Cloud SQL instance."""
pass

34
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/server_certs/__init__.py Normal file
View File

@@ -0,0 +1,34 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Provide commands for managing server certificates of Cloud SQL instances."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
from googlecloudsdk.calliope import exceptions
@base.ReleaseTracks(
base.ReleaseTrack.GA, base.ReleaseTrack.BETA, base.ReleaseTrack.ALPHA
)
@base.DefaultUniverseOnly
class ServerCerts(base.Group):
"""Provide commands for managing server certificates of Cloud SQL instances.
Provide commands for managing server certificates of Cloud SQL instances,
including creating, listing, rotating in, and rolling back certificates.
"""

100
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/server_certs/create.py Normal file
View File

@@ -0,0 +1,100 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Create a server certificate for a Cloud SQL instance."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.sql import api_util
from googlecloudsdk.api_lib.sql import operations
from googlecloudsdk.api_lib.sql import validate
from googlecloudsdk.api_lib.sql.ssl import server_certs
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.sql import flags
from googlecloudsdk.core import log
from googlecloudsdk.core import properties
class _BaseAddCert(object):
"""Base class for sql server_certs create."""
@staticmethod
def Args(parser):
"""Declare flag and positional arguments for the command parser."""
base.ASYNC_FLAG.AddToParser(parser)
flags.AddInstance(parser)
parser.display_info.AddFormat(flags.SERVER_CERTS_FORMAT)
def Run(self, args):
"""Create a server certificate for a Cloud SQL instance.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
The upcoming Server Cert, if the operation was successful.
"""
client = api_util.SqlClient(api_util.API_VERSION_DEFAULT)
sql_client = client.sql_client
sql_messages = client.sql_messages
validate.ValidateInstanceName(args.instance)
instance_ref = client.resource_parser.Parse(
args.instance,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='sql.instances')
result_operation = sql_client.instances.AddServerCertificate(
sql_messages.SqlInstancesAddServerCertificateRequest(
project=instance_ref.project, instance=instance_ref.instance
)
)
operation_ref = client.resource_parser.Create(
'sql.operations',
operation=result_operation.name,
project=instance_ref.project)
operations.OperationsV1Beta4.WaitForOperation(
sql_client, operation_ref, 'Creating Server Certificate'
)
next_server_cert = server_certs.GetNextServerCertificate(
sql_client, sql_messages, instance_ref
)
cert_ref = client.resource_parser.Create(
collection='sql.sslCerts',
project=instance_ref.project,
instance=instance_ref.instance,
sha1Fingerprint=next_server_cert.sha1Fingerprint,
)
log.CreatedResource(cert_ref)
return flags.ServerCertForPrint(
next_server_cert, server_certs.NEXT_CERT_LABEL
)
@base.ReleaseTracks(
base.ReleaseTrack.GA, base.ReleaseTrack.BETA, base.ReleaseTrack.ALPHA
)
@base.DefaultUniverseOnly
class AddCert(_BaseAddCert, base.CreateCommand):
"""Create a server certificate for a Cloud SQL instance."""
pass

81
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/server_certs/list.py Normal file
View File

@@ -0,0 +1,81 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""List all server certificates for a Cloud SQL instance."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.sql import api_util
from googlecloudsdk.api_lib.sql import validate
from googlecloudsdk.api_lib.sql.ssl import server_certs
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.sql import flags
from googlecloudsdk.core import properties
class _BaseList(object):
"""Base class for sql ssl server_certs list."""
@staticmethod
def Args(parser):
flags.AddInstance(parser)
parser.display_info.AddFormat(flags.SERVER_CERTS_FORMAT)
def Run(self, args):
"""List all server certificates for a Cloud SQL instance.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
A dict object that has the list of sslCerts resources if the api request
was successful.
"""
client = api_util.SqlClient(api_util.API_VERSION_DEFAULT)
sql_client = client.sql_client
sql_messages = client.sql_messages
validate.ValidateInstanceName(args.instance)
instance_ref = client.resource_parser.Parse(
args.instance,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='sql.instances')
resp = server_certs.ListServerCertificates(
sql_client, sql_messages, instance_ref
)
server_cert_types = server_certs.GetServerCertificateTypeDict(resp)
hash2status = {
cert.sha1Fingerprint: status
for status, cert in server_cert_types.items()
}
result = [
flags.ServerCertForPrint(
cert, hash2status[cert.sha1Fingerprint], resp.caCerts[i]
)
for i, cert in enumerate(resp.serverCerts)
]
return iter(result)
@base.ReleaseTracks(
base.ReleaseTrack.GA, base.ReleaseTrack.BETA, base.ReleaseTrack.ALPHA
)
@base.DefaultUniverseOnly
class List(_BaseList, base.ListCommand):
"""List all server certificates for a Cloud SQL instance."""
pass

105
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/server_certs/rollback.py Normal file
View File

@@ -0,0 +1,105 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Roll back to the previous server certificate for a Cloud SQL instance."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.sql import api_util
from googlecloudsdk.api_lib.sql import exceptions
from googlecloudsdk.api_lib.sql import operations
from googlecloudsdk.api_lib.sql import validate
from googlecloudsdk.api_lib.sql.ssl import server_certs
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.sql import flags
from googlecloudsdk.core import properties
class _BaseRollbackCert(object):
"""Base class for sql server_certs rollback."""
@staticmethod
def Args(parser):
"""Declare flag and positional arguments for the command parser."""
base.ASYNC_FLAG.AddToParser(parser)
flags.AddInstance(parser)
parser.display_info.AddFormat(flags.SERVER_CERTS_FORMAT)
def Run(self, args):
"""Roll back to the previous server certificate for a Cloud SQL instance.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
The Server Cert that was rolled back to, if the operation was
successful.
"""
client = api_util.SqlClient(api_util.API_VERSION_DEFAULT)
sql_client = client.sql_client
sql_messages = client.sql_messages
validate.ValidateInstanceName(args.instance)
instance_ref = client.resource_parser.Parse(
args.instance,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='sql.instances')
previous_server_cert = server_certs.GetPreviousServerCertificate(
sql_client, sql_messages, instance_ref
)
if not previous_server_cert:
raise exceptions.ResourceNotFoundError(
'No previous Server Certificate exists.'
)
result_operation = sql_client.instances.RotateServerCertificate(
sql_messages.SqlInstancesRotateServerCertificateRequest(
project=instance_ref.project,
instance=instance_ref.instance,
instancesRotateServerCertificateRequest=sql_messages.InstancesRotateServerCertificateRequest(
rotateServerCertificateContext=sql_messages.RotateServerCertificateContext(
nextVersion=previous_server_cert.sha1Fingerprint
)
),
)
)
operation_ref = client.resource_parser.Create(
'sql.operations',
operation=result_operation.name,
project=instance_ref.project)
operations.OperationsV1Beta4.WaitForOperation(
sql_client, operation_ref, 'Rolling back to previous Server Certificate'
)
# The previous cert is now active after the rollback.
return flags.ServerCertForPrint(
previous_server_cert, server_certs.ACTIVE_CERT_LABEL
)
@base.ReleaseTracks(
base.ReleaseTrack.GA, base.ReleaseTrack.BETA, base.ReleaseTrack.ALPHA
)
@base.DefaultUniverseOnly
class RollbackCert(_BaseRollbackCert, base.CreateCommand):
"""Roll back to the previous server certificate for a Cloud SQL instance."""
pass

98
gcloud auth application-default login/google-cloud-sdk/lib/surface/sql/ssl/server_certs/rotate.py Normal file
View File

@@ -0,0 +1,98 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Rotate in the next server certificate for a Cloud SQL instance."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.sql import api_util
from googlecloudsdk.api_lib.sql import exceptions
from googlecloudsdk.api_lib.sql import operations
from googlecloudsdk.api_lib.sql import validate
from googlecloudsdk.api_lib.sql.ssl import server_certs
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.sql import flags
from googlecloudsdk.core import properties
class _BaseRotateCert(object):
"""Base class for sql server_certs rotate."""
@staticmethod
def Args(parser):
"""Declare flag and positional arguments for the command parser."""
base.ASYNC_FLAG.AddToParser(parser)
flags.AddInstance(parser)
parser.display_info.AddFormat(flags.SERVER_CERTS_FORMAT)
def Run(self, args):
"""Rotate in the upcoming server certificate for a Cloud SQL instance.
Args:
args: argparse.Namespace, The arguments that this command was invoked
with.
Returns:
The Server Cert that was rotated in, if the operation was successful.
"""
client = api_util.SqlClient(api_util.API_VERSION_DEFAULT)
sql_client = client.sql_client
sql_messages = client.sql_messages
validate.ValidateInstanceName(args.instance)
instance_ref = client.resource_parser.Parse(
args.instance,
params={'project': properties.VALUES.core.project.GetOrFail},
collection='sql.instances')
next_server_cert = server_certs.GetNextServerCertificate(
sql_client, sql_messages, instance_ref
)
if not next_server_cert:
raise exceptions.ResourceNotFoundError(
'No upcoming Server Certificate exists.'
)
result_operation = sql_client.instances.RotateServerCertificate(
sql_messages.SqlInstancesRotateServerCertificateRequest(
project=instance_ref.project, instance=instance_ref.instance
)
)
operation_ref = client.resource_parser.Create(
'sql.operations',
operation=result_operation.name,
project=instance_ref.project)
operations.OperationsV1Beta4.WaitForOperation(
sql_client, operation_ref, 'Rotating to upcoming Server Certificate'
)
# After the rotation, the next server certificate becomes the active one.
return flags.ServerCertForPrint(
next_server_cert, server_certs.ACTIVE_CERT_LABEL
)
@base.ReleaseTracks(
base.ReleaseTrack.GA, base.ReleaseTrack.BETA, base.ReleaseTrack.ALPHA
)
@base.DefaultUniverseOnly
class RotateCert(_BaseRotateCert, base.CreateCommand):
"""Rotate in the upcoming server certificate for a Cloud SQL instance."""
pass