1#!/usr/bin/env python 2"""CLI for iam, version v1.""" 3# NOTE: This file is autogenerated and should not be edited by hand. 4 5import code 6import os 7import platform 8import sys 9 10from apitools.base.protorpclite import message_types 11from apitools.base.protorpclite import messages 12 13from google.apputils import appcommands 14import gflags as flags 15 16import apitools.base.py as apitools_base 17from apitools.base.py import cli as apitools_base_cli 18import iam_v1_client as client_lib 19import iam_v1_messages as messages 20 21 22def _DeclareIamFlags(): 23 """Declare global flags in an idempotent way.""" 24 if 'api_endpoint' in flags.FLAGS: 25 return 26 flags.DEFINE_string( 27 'api_endpoint', 28 u'https://iam.googleapis.com/', 29 'URL of the API endpoint to use.', 30 short_name='iam_url') 31 flags.DEFINE_string( 32 'history_file', 33 u'~/.iam.v1.history', 34 'File with interactive shell history.') 35 flags.DEFINE_multistring( 36 'add_header', [], 37 'Additional http headers (as key=value strings). ' 38 'Can be specified multiple times.') 39 flags.DEFINE_string( 40 'service_account_json_keyfile', '', 41 'Filename for a JSON service account key downloaded' 42 ' from the Developer Console.') 43 flags.DEFINE_enum( 44 'f__xgafv', 45 u'_1', 46 [u'_1', u'_2'], 47 u'V1 error format.') 48 flags.DEFINE_string( 49 'access_token', 50 None, 51 u'OAuth access token.') 52 flags.DEFINE_enum( 53 'alt', 54 u'json', 55 [u'json', u'media', u'proto'], 56 u'Data format for response.') 57 flags.DEFINE_string( 58 'bearer_token', 59 None, 60 u'OAuth bearer token.') 61 flags.DEFINE_string( 62 'callback', 63 None, 64 u'JSONP') 65 flags.DEFINE_string( 66 'fields', 67 None, 68 u'Selector specifying which fields to include in a partial response.') 69 flags.DEFINE_string( 70 'key', 71 None, 72 u'API key. Your API key identifies your project and provides you with ' 73 u'API access, quota, and reports. Required unless you provide an OAuth ' 74 u'2.0 token.') 75 flags.DEFINE_string( 76 'oauth_token', 77 None, 78 u'OAuth 2.0 token for the current user.') 79 flags.DEFINE_boolean( 80 'pp', 81 'True', 82 u'Pretty-print response.') 83 flags.DEFINE_boolean( 84 'prettyPrint', 85 'True', 86 u'Returns response with indentations and line breaks.') 87 flags.DEFINE_string( 88 'quotaUser', 89 None, 90 u'Available to use for quota purposes for server-side applications. Can' 91 u' be any arbitrary string assigned to a user, but should not exceed 40' 92 u' characters.') 93 flags.DEFINE_string( 94 'trace', 95 None, 96 'A tracing token of the form "token:<tokenid>" to include in api ' 97 'requests.') 98 flags.DEFINE_string( 99 'uploadType', 100 None, 101 u'Legacy upload protocol for media (e.g. "media", "multipart").') 102 flags.DEFINE_string( 103 'upload_protocol', 104 None, 105 u'Upload protocol for media (e.g. "raw", "multipart").') 106 107 108FLAGS = flags.FLAGS 109apitools_base_cli.DeclareBaseFlags() 110_DeclareIamFlags() 111 112 113def GetGlobalParamsFromFlags(): 114 """Return a StandardQueryParameters based on flags.""" 115 result = messages.StandardQueryParameters() 116 if FLAGS['f__xgafv'].present: 117 result.f__xgafv = messages.StandardQueryParameters.FXgafvValueValuesEnum(FLAGS.f__xgafv) 118 if FLAGS['access_token'].present: 119 result.access_token = FLAGS.access_token.decode('utf8') 120 if FLAGS['alt'].present: 121 result.alt = messages.StandardQueryParameters.AltValueValuesEnum(FLAGS.alt) 122 if FLAGS['bearer_token'].present: 123 result.bearer_token = FLAGS.bearer_token.decode('utf8') 124 if FLAGS['callback'].present: 125 result.callback = FLAGS.callback.decode('utf8') 126 if FLAGS['fields'].present: 127 result.fields = FLAGS.fields.decode('utf8') 128 if FLAGS['key'].present: 129 result.key = FLAGS.key.decode('utf8') 130 if FLAGS['oauth_token'].present: 131 result.oauth_token = FLAGS.oauth_token.decode('utf8') 132 if FLAGS['pp'].present: 133 result.pp = FLAGS.pp 134 if FLAGS['prettyPrint'].present: 135 result.prettyPrint = FLAGS.prettyPrint 136 if FLAGS['quotaUser'].present: 137 result.quotaUser = FLAGS.quotaUser.decode('utf8') 138 if FLAGS['trace'].present: 139 result.trace = FLAGS.trace.decode('utf8') 140 if FLAGS['uploadType'].present: 141 result.uploadType = FLAGS.uploadType.decode('utf8') 142 if FLAGS['upload_protocol'].present: 143 result.upload_protocol = FLAGS.upload_protocol.decode('utf8') 144 return result 145 146 147def GetClientFromFlags(): 148 """Return a client object, configured from flags.""" 149 log_request = FLAGS.log_request or FLAGS.log_request_response 150 log_response = FLAGS.log_response or FLAGS.log_request_response 151 api_endpoint = apitools_base.NormalizeApiEndpoint(FLAGS.api_endpoint) 152 additional_http_headers = dict(x.split('=', 1) for x in FLAGS.add_header) 153 credentials_args = { 154 'service_account_json_keyfile': os.path.expanduser(FLAGS.service_account_json_keyfile) 155 } 156 try: 157 client = client_lib.IamV1( 158 api_endpoint, log_request=log_request, 159 log_response=log_response, 160 credentials_args=credentials_args, 161 additional_http_headers=additional_http_headers) 162 except apitools_base.CredentialsError as e: 163 print 'Error creating credentials: %s' % e 164 sys.exit(1) 165 return client 166 167 168class PyShell(appcommands.Cmd): 169 170 def Run(self, _): 171 """Run an interactive python shell with the client.""" 172 client = GetClientFromFlags() 173 params = GetGlobalParamsFromFlags() 174 for field in params.all_fields(): 175 value = params.get_assigned_value(field.name) 176 if value != field.default: 177 client.AddGlobalParam(field.name, value) 178 banner = """ 179 == iam interactive console == 180 client: a iam client 181 apitools_base: base apitools module 182 messages: the generated messages module 183 """ 184 local_vars = { 185 'apitools_base': apitools_base, 186 'client': client, 187 'client_lib': client_lib, 188 'messages': messages, 189 } 190 if platform.system() == 'Linux': 191 console = apitools_base_cli.ConsoleWithReadline( 192 local_vars, histfile=FLAGS.history_file) 193 else: 194 console = code.InteractiveConsole(local_vars) 195 try: 196 console.interact(banner) 197 except SystemExit as e: 198 return e.code 199 200 201class IamPoliciesGetPolicyDetails(apitools_base_cli.NewCmd): 202 """Command wrapping iamPolicies.GetPolicyDetails.""" 203 204 usage = """iamPolicies_getPolicyDetails""" 205 206 def __init__(self, name, fv): 207 super(IamPoliciesGetPolicyDetails, self).__init__(name, fv) 208 flags.DEFINE_string( 209 'fullResourcePath', 210 None, 211 u'REQUIRED: The full resource path of the current policy being ' 212 u'requested, e.g., `//dataflow.googleapis.com/projects/../jobs/..`.', 213 flag_values=fv) 214 flags.DEFINE_integer( 215 'pageSize', 216 None, 217 u'Limit on the number of policies to include in the response. Further' 218 u' accounts can subsequently be obtained by including the ' 219 u'GetPolicyDetailsResponse.next_page_token in a subsequent request. ' 220 u'If zero, the default page size 20 will be used. Must be given a ' 221 u'value in range [0, 100], otherwise an invalid argument error will ' 222 u'be returned.', 223 flag_values=fv) 224 flags.DEFINE_string( 225 'pageToken', 226 None, 227 u'Optional pagination token returned in an earlier ' 228 u'GetPolicyDetailsResponse.next_page_token response.', 229 flag_values=fv) 230 231 def RunWithArgs(self): 232 """Returns the current IAM policy and the policies on the inherited 233 resources that the user has access to. 234 235 Flags: 236 fullResourcePath: REQUIRED: The full resource path of the current policy 237 being requested, e.g., 238 `//dataflow.googleapis.com/projects/../jobs/..`. 239 pageSize: Limit on the number of policies to include in the response. 240 Further accounts can subsequently be obtained by including the 241 GetPolicyDetailsResponse.next_page_token in a subsequent request. If 242 zero, the default page size 20 will be used. Must be given a value in 243 range [0, 100], otherwise an invalid argument error will be returned. 244 pageToken: Optional pagination token returned in an earlier 245 GetPolicyDetailsResponse.next_page_token response. 246 """ 247 client = GetClientFromFlags() 248 global_params = GetGlobalParamsFromFlags() 249 request = messages.GetPolicyDetailsRequest( 250 ) 251 if FLAGS['fullResourcePath'].present: 252 request.fullResourcePath = FLAGS.fullResourcePath.decode('utf8') 253 if FLAGS['pageSize'].present: 254 request.pageSize = FLAGS.pageSize 255 if FLAGS['pageToken'].present: 256 request.pageToken = FLAGS.pageToken.decode('utf8') 257 result = client.iamPolicies.GetPolicyDetails( 258 request, global_params=global_params) 259 print apitools_base_cli.FormatOutput(result) 260 261 262class ProjectsServiceAccountsCreate(apitools_base_cli.NewCmd): 263 """Command wrapping projects_serviceAccounts.Create.""" 264 265 usage = """projects_serviceAccounts_create <name>""" 266 267 def __init__(self, name, fv): 268 super(ProjectsServiceAccountsCreate, self).__init__(name, fv) 269 flags.DEFINE_string( 270 'createServiceAccountRequest', 271 None, 272 u'A CreateServiceAccountRequest resource to be passed as the request ' 273 u'body.', 274 flag_values=fv) 275 276 def RunWithArgs(self, name): 277 """Creates a ServiceAccount and returns it. 278 279 Args: 280 name: Required. The resource name of the project associated with the 281 service accounts, such as `projects/my-project-123`. 282 283 Flags: 284 createServiceAccountRequest: A CreateServiceAccountRequest resource to 285 be passed as the request body. 286 """ 287 client = GetClientFromFlags() 288 global_params = GetGlobalParamsFromFlags() 289 request = messages.IamProjectsServiceAccountsCreateRequest( 290 name=name.decode('utf8'), 291 ) 292 if FLAGS['createServiceAccountRequest'].present: 293 request.createServiceAccountRequest = apitools_base.JsonToMessage(messages.CreateServiceAccountRequest, FLAGS.createServiceAccountRequest) 294 result = client.projects_serviceAccounts.Create( 295 request, global_params=global_params) 296 print apitools_base_cli.FormatOutput(result) 297 298 299class ProjectsServiceAccountsDelete(apitools_base_cli.NewCmd): 300 """Command wrapping projects_serviceAccounts.Delete.""" 301 302 usage = """projects_serviceAccounts_delete <name>""" 303 304 def __init__(self, name, fv): 305 super(ProjectsServiceAccountsDelete, self).__init__(name, fv) 306 307 def RunWithArgs(self, name): 308 """Deletes a ServiceAccount. 309 310 Args: 311 name: The resource name of the service account in the following format: 312 `projects/{project}/serviceAccounts/{account}`. Using `-` as a 313 wildcard for the project will infer the project from the account. The 314 `account` value can be the `email` address or the `unique_id` of the 315 service account. 316 """ 317 client = GetClientFromFlags() 318 global_params = GetGlobalParamsFromFlags() 319 request = messages.IamProjectsServiceAccountsDeleteRequest( 320 name=name.decode('utf8'), 321 ) 322 result = client.projects_serviceAccounts.Delete( 323 request, global_params=global_params) 324 print apitools_base_cli.FormatOutput(result) 325 326 327class ProjectsServiceAccountsGet(apitools_base_cli.NewCmd): 328 """Command wrapping projects_serviceAccounts.Get.""" 329 330 usage = """projects_serviceAccounts_get <name>""" 331 332 def __init__(self, name, fv): 333 super(ProjectsServiceAccountsGet, self).__init__(name, fv) 334 335 def RunWithArgs(self, name): 336 """Gets a ServiceAccount. 337 338 Args: 339 name: The resource name of the service account in the following format: 340 `projects/{project}/serviceAccounts/{account}`. Using `-` as a 341 wildcard for the project will infer the project from the account. The 342 `account` value can be the `email` address or the `unique_id` of the 343 service account. 344 """ 345 client = GetClientFromFlags() 346 global_params = GetGlobalParamsFromFlags() 347 request = messages.IamProjectsServiceAccountsGetRequest( 348 name=name.decode('utf8'), 349 ) 350 result = client.projects_serviceAccounts.Get( 351 request, global_params=global_params) 352 print apitools_base_cli.FormatOutput(result) 353 354 355class ProjectsServiceAccountsGetIamPolicy(apitools_base_cli.NewCmd): 356 """Command wrapping projects_serviceAccounts.GetIamPolicy.""" 357 358 usage = """projects_serviceAccounts_getIamPolicy <resource>""" 359 360 def __init__(self, name, fv): 361 super(ProjectsServiceAccountsGetIamPolicy, self).__init__(name, fv) 362 363 def RunWithArgs(self, resource): 364 """Returns the IAM access control policy for specified IAM resource. 365 366 Args: 367 resource: REQUIRED: The resource for which the policy is being 368 requested. `resource` is usually specified as a path, such as 369 `projects/*project*/zones/*zone*/disks/*disk*`. The format for the 370 path specified in this value is resource specific and is specified in 371 the `getIamPolicy` documentation. 372 """ 373 client = GetClientFromFlags() 374 global_params = GetGlobalParamsFromFlags() 375 request = messages.IamProjectsServiceAccountsGetIamPolicyRequest( 376 resource=resource.decode('utf8'), 377 ) 378 result = client.projects_serviceAccounts.GetIamPolicy( 379 request, global_params=global_params) 380 print apitools_base_cli.FormatOutput(result) 381 382 383class ProjectsServiceAccountsList(apitools_base_cli.NewCmd): 384 """Command wrapping projects_serviceAccounts.List.""" 385 386 usage = """projects_serviceAccounts_list <name>""" 387 388 def __init__(self, name, fv): 389 super(ProjectsServiceAccountsList, self).__init__(name, fv) 390 flags.DEFINE_integer( 391 'pageSize', 392 None, 393 u'Optional limit on the number of service accounts to include in the ' 394 u'response. Further accounts can subsequently be obtained by ' 395 u'including the ListServiceAccountsResponse.next_page_token in a ' 396 u'subsequent request.', 397 flag_values=fv) 398 flags.DEFINE_string( 399 'pageToken', 400 None, 401 u'Optional pagination token returned in an earlier ' 402 u'ListServiceAccountsResponse.next_page_token.', 403 flag_values=fv) 404 flags.DEFINE_boolean( 405 'removeDeletedServiceAccounts', 406 None, 407 u'Do not list service accounts deleted from Gaia. <b><font ' 408 u'color="red">DO NOT INCLUDE IN EXTERNAL DOCUMENTATION</font></b>.', 409 flag_values=fv) 410 411 def RunWithArgs(self, name): 412 """Lists ServiceAccounts for a project. 413 414 Args: 415 name: Required. The resource name of the project associated with the 416 service accounts, such as `projects/my-project-123`. 417 418 Flags: 419 pageSize: Optional limit on the number of service accounts to include in 420 the response. Further accounts can subsequently be obtained by 421 including the ListServiceAccountsResponse.next_page_token in a 422 subsequent request. 423 pageToken: Optional pagination token returned in an earlier 424 ListServiceAccountsResponse.next_page_token. 425 removeDeletedServiceAccounts: Do not list service accounts deleted from 426 Gaia. <b><font color="red">DO NOT INCLUDE IN EXTERNAL 427 DOCUMENTATION</font></b>. 428 """ 429 client = GetClientFromFlags() 430 global_params = GetGlobalParamsFromFlags() 431 request = messages.IamProjectsServiceAccountsListRequest( 432 name=name.decode('utf8'), 433 ) 434 if FLAGS['pageSize'].present: 435 request.pageSize = FLAGS.pageSize 436 if FLAGS['pageToken'].present: 437 request.pageToken = FLAGS.pageToken.decode('utf8') 438 if FLAGS['removeDeletedServiceAccounts'].present: 439 request.removeDeletedServiceAccounts = FLAGS.removeDeletedServiceAccounts 440 result = client.projects_serviceAccounts.List( 441 request, global_params=global_params) 442 print apitools_base_cli.FormatOutput(result) 443 444 445class ProjectsServiceAccountsSetIamPolicy(apitools_base_cli.NewCmd): 446 """Command wrapping projects_serviceAccounts.SetIamPolicy.""" 447 448 usage = """projects_serviceAccounts_setIamPolicy <resource>""" 449 450 def __init__(self, name, fv): 451 super(ProjectsServiceAccountsSetIamPolicy, self).__init__(name, fv) 452 flags.DEFINE_string( 453 'setIamPolicyRequest', 454 None, 455 u'A SetIamPolicyRequest resource to be passed as the request body.', 456 flag_values=fv) 457 458 def RunWithArgs(self, resource): 459 """Sets the IAM access control policy for the specified IAM resource. 460 461 Args: 462 resource: REQUIRED: The resource for which the policy is being 463 specified. `resource` is usually specified as a path, such as 464 `projects/*project*/zones/*zone*/disks/*disk*`. The format for the 465 path specified in this value is resource specific and is specified in 466 the `setIamPolicy` documentation. 467 468 Flags: 469 setIamPolicyRequest: A SetIamPolicyRequest resource to be passed as the 470 request body. 471 """ 472 client = GetClientFromFlags() 473 global_params = GetGlobalParamsFromFlags() 474 request = messages.IamProjectsServiceAccountsSetIamPolicyRequest( 475 resource=resource.decode('utf8'), 476 ) 477 if FLAGS['setIamPolicyRequest'].present: 478 request.setIamPolicyRequest = apitools_base.JsonToMessage(messages.SetIamPolicyRequest, FLAGS.setIamPolicyRequest) 479 result = client.projects_serviceAccounts.SetIamPolicy( 480 request, global_params=global_params) 481 print apitools_base_cli.FormatOutput(result) 482 483 484class ProjectsServiceAccountsSignBlob(apitools_base_cli.NewCmd): 485 """Command wrapping projects_serviceAccounts.SignBlob.""" 486 487 usage = """projects_serviceAccounts_signBlob <name>""" 488 489 def __init__(self, name, fv): 490 super(ProjectsServiceAccountsSignBlob, self).__init__(name, fv) 491 flags.DEFINE_string( 492 'signBlobRequest', 493 None, 494 u'A SignBlobRequest resource to be passed as the request body.', 495 flag_values=fv) 496 497 def RunWithArgs(self, name): 498 """Signs a blob using a service account's system-managed private key. 499 500 Args: 501 name: The resource name of the service account in the following format: 502 `projects/{project}/serviceAccounts/{account}`. Using `-` as a 503 wildcard for the project will infer the project from the account. The 504 `account` value can be the `email` address or the `unique_id` of the 505 service account. 506 507 Flags: 508 signBlobRequest: A SignBlobRequest resource to be passed as the request 509 body. 510 """ 511 client = GetClientFromFlags() 512 global_params = GetGlobalParamsFromFlags() 513 request = messages.IamProjectsServiceAccountsSignBlobRequest( 514 name=name.decode('utf8'), 515 ) 516 if FLAGS['signBlobRequest'].present: 517 request.signBlobRequest = apitools_base.JsonToMessage(messages.SignBlobRequest, FLAGS.signBlobRequest) 518 result = client.projects_serviceAccounts.SignBlob( 519 request, global_params=global_params) 520 print apitools_base_cli.FormatOutput(result) 521 522 523class ProjectsServiceAccountsSignJwt(apitools_base_cli.NewCmd): 524 """Command wrapping projects_serviceAccounts.SignJwt.""" 525 526 usage = """projects_serviceAccounts_signJwt <name>""" 527 528 def __init__(self, name, fv): 529 super(ProjectsServiceAccountsSignJwt, self).__init__(name, fv) 530 flags.DEFINE_string( 531 'signJwtRequest', 532 None, 533 u'A SignJwtRequest resource to be passed as the request body.', 534 flag_values=fv) 535 536 def RunWithArgs(self, name): 537 """Signs a JWT using a service account's system-managed private key. If 538 no `exp` (expiry) time is contained in the claims, we will provide an 539 expiry of one hour in the future. If an expiry of more than one hour in 540 the future is requested, the request will fail. 541 542 Args: 543 name: The resource name of the service account in the following format: 544 `projects/{project}/serviceAccounts/{account}`. Using `-` as a 545 wildcard for the project will infer the project from the account. The 546 `account` value can be the `email` address or the `unique_id` of the 547 service account. 548 549 Flags: 550 signJwtRequest: A SignJwtRequest resource to be passed as the request 551 body. 552 """ 553 client = GetClientFromFlags() 554 global_params = GetGlobalParamsFromFlags() 555 request = messages.IamProjectsServiceAccountsSignJwtRequest( 556 name=name.decode('utf8'), 557 ) 558 if FLAGS['signJwtRequest'].present: 559 request.signJwtRequest = apitools_base.JsonToMessage(messages.SignJwtRequest, FLAGS.signJwtRequest) 560 result = client.projects_serviceAccounts.SignJwt( 561 request, global_params=global_params) 562 print apitools_base_cli.FormatOutput(result) 563 564 565class ProjectsServiceAccountsTestIamPermissions(apitools_base_cli.NewCmd): 566 """Command wrapping projects_serviceAccounts.TestIamPermissions.""" 567 568 usage = """projects_serviceAccounts_testIamPermissions <resource>""" 569 570 def __init__(self, name, fv): 571 super(ProjectsServiceAccountsTestIamPermissions, self).__init__(name, fv) 572 flags.DEFINE_string( 573 'testIamPermissionsRequest', 574 None, 575 u'A TestIamPermissionsRequest resource to be passed as the request ' 576 u'body.', 577 flag_values=fv) 578 579 def RunWithArgs(self, resource): 580 """Tests the specified permissions against the IAM access control policy 581 for the specified IAM resource. 582 583 Args: 584 resource: REQUIRED: The resource for which the policy detail is being 585 requested. `resource` is usually specified as a path, such as 586 `projects/*project*/zones/*zone*/disks/*disk*`. The format for the 587 path specified in this value is resource specific and is specified in 588 the `testIamPermissions` documentation. 589 590 Flags: 591 testIamPermissionsRequest: A TestIamPermissionsRequest resource to be 592 passed as the request body. 593 """ 594 client = GetClientFromFlags() 595 global_params = GetGlobalParamsFromFlags() 596 request = messages.IamProjectsServiceAccountsTestIamPermissionsRequest( 597 resource=resource.decode('utf8'), 598 ) 599 if FLAGS['testIamPermissionsRequest'].present: 600 request.testIamPermissionsRequest = apitools_base.JsonToMessage(messages.TestIamPermissionsRequest, FLAGS.testIamPermissionsRequest) 601 result = client.projects_serviceAccounts.TestIamPermissions( 602 request, global_params=global_params) 603 print apitools_base_cli.FormatOutput(result) 604 605 606class ProjectsServiceAccountsUpdate(apitools_base_cli.NewCmd): 607 """Command wrapping projects_serviceAccounts.Update.""" 608 609 usage = """projects_serviceAccounts_update <name>""" 610 611 def __init__(self, name, fv): 612 super(ProjectsServiceAccountsUpdate, self).__init__(name, fv) 613 flags.DEFINE_string( 614 'description', 615 None, 616 u'Optional. A user-specified opaque description of the service ' 617 u'account.', 618 flag_values=fv) 619 flags.DEFINE_string( 620 'displayName', 621 None, 622 u'Optional. A user-specified description of the service account. ' 623 u'Must be fewer than 100 UTF-8 bytes.', 624 flag_values=fv) 625 flags.DEFINE_string( 626 'email', 627 None, 628 u'@OutputOnly The email address of the service account.', 629 flag_values=fv) 630 flags.DEFINE_string( 631 'etag', 632 None, 633 u'Used to perform a consistent read-modify-write.', 634 flag_values=fv) 635 flags.DEFINE_string( 636 'oauth2ClientId', 637 None, 638 u'@OutputOnly. The OAuth2 client id for the service account. This is ' 639 u'used in conjunction with the OAuth2 clientconfig API to make three ' 640 u'legged OAuth2 (3LO) flows to access the data of Google users.', 641 flag_values=fv) 642 flags.DEFINE_string( 643 'projectId', 644 None, 645 u'@OutputOnly The id of the project that owns the service account.', 646 flag_values=fv) 647 flags.DEFINE_string( 648 'uniqueId', 649 None, 650 u'@OutputOnly The unique and stable id of the service account.', 651 flag_values=fv) 652 653 def RunWithArgs(self, name): 654 """Updates a ServiceAccount. Currently, only the following fields are 655 updatable: `display_name` . The `etag` is mandatory. 656 657 Args: 658 name: The resource name of the service account in the following format: 659 `projects/{project}/serviceAccounts/{account}`. Requests using `-` as 660 a wildcard for the project will infer the project from the `account` 661 and the `account` value can be the `email` address or the `unique_id` 662 of the service account. In responses the resource name will always be 663 in the format `projects/{project}/serviceAccounts/{email}`. 664 665 Flags: 666 description: Optional. A user-specified opaque description of the 667 service account. 668 displayName: Optional. A user-specified description of the service 669 account. Must be fewer than 100 UTF-8 bytes. 670 email: @OutputOnly The email address of the service account. 671 etag: Used to perform a consistent read-modify-write. 672 oauth2ClientId: @OutputOnly. The OAuth2 client id for the service 673 account. This is used in conjunction with the OAuth2 clientconfig API 674 to make three legged OAuth2 (3LO) flows to access the data of Google 675 users. 676 projectId: @OutputOnly The id of the project that owns the service 677 account. 678 uniqueId: @OutputOnly The unique and stable id of the service account. 679 """ 680 client = GetClientFromFlags() 681 global_params = GetGlobalParamsFromFlags() 682 request = messages.ServiceAccount( 683 name=name.decode('utf8'), 684 ) 685 if FLAGS['description'].present: 686 request.description = FLAGS.description.decode('utf8') 687 if FLAGS['displayName'].present: 688 request.displayName = FLAGS.displayName.decode('utf8') 689 if FLAGS['email'].present: 690 request.email = FLAGS.email.decode('utf8') 691 if FLAGS['etag'].present: 692 request.etag = FLAGS.etag 693 if FLAGS['oauth2ClientId'].present: 694 request.oauth2ClientId = FLAGS.oauth2ClientId.decode('utf8') 695 if FLAGS['projectId'].present: 696 request.projectId = FLAGS.projectId.decode('utf8') 697 if FLAGS['uniqueId'].present: 698 request.uniqueId = FLAGS.uniqueId.decode('utf8') 699 result = client.projects_serviceAccounts.Update( 700 request, global_params=global_params) 701 print apitools_base_cli.FormatOutput(result) 702 703 704class ProjectsServiceAccountsKeysCreate(apitools_base_cli.NewCmd): 705 """Command wrapping projects_serviceAccounts_keys.Create.""" 706 707 usage = """projects_serviceAccounts_keys_create <name>""" 708 709 def __init__(self, name, fv): 710 super(ProjectsServiceAccountsKeysCreate, self).__init__(name, fv) 711 flags.DEFINE_string( 712 'createServiceAccountKeyRequest', 713 None, 714 u'A CreateServiceAccountKeyRequest resource to be passed as the ' 715 u'request body.', 716 flag_values=fv) 717 718 def RunWithArgs(self, name): 719 """Creates a ServiceAccountKey and returns it. 720 721 Args: 722 name: The resource name of the service account in the following format: 723 `projects/{project}/serviceAccounts/{account}`. Using `-` as a 724 wildcard for the project will infer the project from the account. The 725 `account` value can be the `email` address or the `unique_id` of the 726 service account. 727 728 Flags: 729 createServiceAccountKeyRequest: A CreateServiceAccountKeyRequest 730 resource to be passed as the request body. 731 """ 732 client = GetClientFromFlags() 733 global_params = GetGlobalParamsFromFlags() 734 request = messages.IamProjectsServiceAccountsKeysCreateRequest( 735 name=name.decode('utf8'), 736 ) 737 if FLAGS['createServiceAccountKeyRequest'].present: 738 request.createServiceAccountKeyRequest = apitools_base.JsonToMessage(messages.CreateServiceAccountKeyRequest, FLAGS.createServiceAccountKeyRequest) 739 result = client.projects_serviceAccounts_keys.Create( 740 request, global_params=global_params) 741 print apitools_base_cli.FormatOutput(result) 742 743 744class ProjectsServiceAccountsKeysDelete(apitools_base_cli.NewCmd): 745 """Command wrapping projects_serviceAccounts_keys.Delete.""" 746 747 usage = """projects_serviceAccounts_keys_delete <name>""" 748 749 def __init__(self, name, fv): 750 super(ProjectsServiceAccountsKeysDelete, self).__init__(name, fv) 751 752 def RunWithArgs(self, name): 753 """Deletes a ServiceAccountKey. 754 755 Args: 756 name: The resource name of the service account key in the following 757 format: `projects/{project}/serviceAccounts/{account}/keys/{key}`. 758 Using `-` as a wildcard for the project will infer the project from 759 the account. The `account` value can be the `email` address or the 760 `unique_id` of the service account. 761 """ 762 client = GetClientFromFlags() 763 global_params = GetGlobalParamsFromFlags() 764 request = messages.IamProjectsServiceAccountsKeysDeleteRequest( 765 name=name.decode('utf8'), 766 ) 767 result = client.projects_serviceAccounts_keys.Delete( 768 request, global_params=global_params) 769 print apitools_base_cli.FormatOutput(result) 770 771 772class ProjectsServiceAccountsKeysGet(apitools_base_cli.NewCmd): 773 """Command wrapping projects_serviceAccounts_keys.Get.""" 774 775 usage = """projects_serviceAccounts_keys_get <name>""" 776 777 def __init__(self, name, fv): 778 super(ProjectsServiceAccountsKeysGet, self).__init__(name, fv) 779 flags.DEFINE_enum( 780 'publicKeyType', 781 u'TYPE_NONE', 782 [u'TYPE_NONE', u'TYPE_X509_PEM_FILE', u'TYPE_RAW_PUBLIC_KEY'], 783 u'The output format of the public key requested. X509_PEM is the ' 784 u'default output format.', 785 flag_values=fv) 786 787 def RunWithArgs(self, name): 788 """Gets the ServiceAccountKey by key id. 789 790 Args: 791 name: The resource name of the service account key in the following 792 format: `projects/{project}/serviceAccounts/{account}/keys/{key}`. 793 Using `-` as a wildcard for the project will infer the project from 794 the account. The `account` value can be the `email` address or the 795 `unique_id` of the service account. 796 797 Flags: 798 publicKeyType: The output format of the public key requested. X509_PEM 799 is the default output format. 800 """ 801 client = GetClientFromFlags() 802 global_params = GetGlobalParamsFromFlags() 803 request = messages.IamProjectsServiceAccountsKeysGetRequest( 804 name=name.decode('utf8'), 805 ) 806 if FLAGS['publicKeyType'].present: 807 request.publicKeyType = messages.IamProjectsServiceAccountsKeysGetRequest.PublicKeyTypeValueValuesEnum(FLAGS.publicKeyType) 808 result = client.projects_serviceAccounts_keys.Get( 809 request, global_params=global_params) 810 print apitools_base_cli.FormatOutput(result) 811 812 813class ProjectsServiceAccountsKeysList(apitools_base_cli.NewCmd): 814 """Command wrapping projects_serviceAccounts_keys.List.""" 815 816 usage = """projects_serviceAccounts_keys_list <name>""" 817 818 def __init__(self, name, fv): 819 super(ProjectsServiceAccountsKeysList, self).__init__(name, fv) 820 flags.DEFINE_enum( 821 'keyTypes', 822 u'KEY_TYPE_UNSPECIFIED', 823 [u'KEY_TYPE_UNSPECIFIED', u'USER_MANAGED', u'SYSTEM_MANAGED'], 824 u'Filters the types of keys the user wants to include in the list ' 825 u'response. Duplicate key types are not allowed. If no key type is ' 826 u'provided, all keys are returned.', 827 flag_values=fv) 828 829 def RunWithArgs(self, name): 830 """Lists ServiceAccountKeys. 831 832 Args: 833 name: The resource name of the service account in the following format: 834 `projects/{project}/serviceAccounts/{account}`. Using `-` as a 835 wildcard for the project, will infer the project from the account. The 836 `account` value can be the `email` address or the `unique_id` of the 837 service account. 838 839 Flags: 840 keyTypes: Filters the types of keys the user wants to include in the 841 list response. Duplicate key types are not allowed. If no key type is 842 provided, all keys are returned. 843 """ 844 client = GetClientFromFlags() 845 global_params = GetGlobalParamsFromFlags() 846 request = messages.IamProjectsServiceAccountsKeysListRequest( 847 name=name.decode('utf8'), 848 ) 849 if FLAGS['keyTypes'].present: 850 request.keyTypes = [messages.IamProjectsServiceAccountsKeysListRequest.KeyTypesValueValuesEnum(x) for x in FLAGS.keyTypes] 851 result = client.projects_serviceAccounts_keys.List( 852 request, global_params=global_params) 853 print apitools_base_cli.FormatOutput(result) 854 855 856class RolesQueryGrantableRoles(apitools_base_cli.NewCmd): 857 """Command wrapping roles.QueryGrantableRoles.""" 858 859 usage = """roles_queryGrantableRoles""" 860 861 def __init__(self, name, fv): 862 super(RolesQueryGrantableRoles, self).__init__(name, fv) 863 flags.DEFINE_string( 864 'fullResourceName', 865 None, 866 u'Required. The full resource name to query from the list of ' 867 u'grantable roles. The name follows the Google Cloud Platform ' 868 u'resource format. For example, a Cloud Platform project with id `my-' 869 u'project` will be named ' 870 u'`//cloudresourcemanager.googleapis.com/projects/my-project`.', 871 flag_values=fv) 872 873 def RunWithArgs(self): 874 """Queries roles that can be granted on a particular resource. 875 876 Flags: 877 fullResourceName: Required. The full resource name to query from the 878 list of grantable roles. The name follows the Google Cloud Platform 879 resource format. For example, a Cloud Platform project with id `my- 880 project` will be named `//cloudresourcemanager.googleapis.com/projects 881 /my-project`. 882 """ 883 client = GetClientFromFlags() 884 global_params = GetGlobalParamsFromFlags() 885 request = messages.QueryGrantableRolesRequest( 886 ) 887 if FLAGS['fullResourceName'].present: 888 request.fullResourceName = FLAGS.fullResourceName.decode('utf8') 889 result = client.roles.QueryGrantableRoles( 890 request, global_params=global_params) 891 print apitools_base_cli.FormatOutput(result) 892 893 894def main(_): 895 appcommands.AddCmd('pyshell', PyShell) 896 appcommands.AddCmd('iamPolicies_getPolicyDetails', IamPoliciesGetPolicyDetails) 897 appcommands.AddCmd('projects_serviceAccounts_create', ProjectsServiceAccountsCreate) 898 appcommands.AddCmd('projects_serviceAccounts_delete', ProjectsServiceAccountsDelete) 899 appcommands.AddCmd('projects_serviceAccounts_get', ProjectsServiceAccountsGet) 900 appcommands.AddCmd('projects_serviceAccounts_getIamPolicy', ProjectsServiceAccountsGetIamPolicy) 901 appcommands.AddCmd('projects_serviceAccounts_list', ProjectsServiceAccountsList) 902 appcommands.AddCmd('projects_serviceAccounts_setIamPolicy', ProjectsServiceAccountsSetIamPolicy) 903 appcommands.AddCmd('projects_serviceAccounts_signBlob', ProjectsServiceAccountsSignBlob) 904 appcommands.AddCmd('projects_serviceAccounts_signJwt', ProjectsServiceAccountsSignJwt) 905 appcommands.AddCmd('projects_serviceAccounts_testIamPermissions', ProjectsServiceAccountsTestIamPermissions) 906 appcommands.AddCmd('projects_serviceAccounts_update', ProjectsServiceAccountsUpdate) 907 appcommands.AddCmd('projects_serviceAccounts_keys_create', ProjectsServiceAccountsKeysCreate) 908 appcommands.AddCmd('projects_serviceAccounts_keys_delete', ProjectsServiceAccountsKeysDelete) 909 appcommands.AddCmd('projects_serviceAccounts_keys_get', ProjectsServiceAccountsKeysGet) 910 appcommands.AddCmd('projects_serviceAccounts_keys_list', ProjectsServiceAccountsKeysList) 911 appcommands.AddCmd('roles_queryGrantableRoles', RolesQueryGrantableRoles) 912 913 apitools_base_cli.SetupLogger() 914 if hasattr(appcommands, 'SetDefaultCommand'): 915 appcommands.SetDefaultCommand('pyshell') 916 917 918run_main = apitools_base_cli.run_main 919 920if __name__ == '__main__': 921 appcommands.Run() 922