j i3dZddlZddlZddlZddlZdZ dZ dZ dZdZ Gdd e Z Gd d ej j ZdS) a6Non-API-specific IAM policy definitions For allowed roles / permissions, see: https://cloud.google.com/iam/docs/understanding-roles Example usage: .. code-block:: python # ``get_iam_policy`` returns a :class:'~google.api_core.iam.Policy`. policy = resource.get_iam_policy(requested_policy_version=3) phred = "user:phred@example.com" admin_group = "group:admins@groups.example.com" account = "serviceAccount:account-1234@accounts.example.com" policy.version = 3 policy.bindings = [ { "role": "roles/owner", "members": {phred, admin_group, account} }, { "role": "roles/editor", "members": {"allAuthenticatedUsers"} }, { "role": "roles/viewer", "members": {"allUsers"} "condition": { "title": "request_time", "description": "Requests made before 2021-01-01T00:00:00Z", "expression": "request.time < timestamp("2021-01-01T00:00:00Z")" } } ] resource.set_iam_policy(policy) Nz roles/ownerz roles/editorz roles/viewerz_Assigning to '{}' is deprecated. Use the `policy.bindings` property to modify bindings instead.zWDict access is not supported on policies with version > 1 or with conditional bindings.ceZdZdZdS)InvalidOperationExceptionz1Raised when trying to use Policy class as a dict.N)__name__ __module__ __qualname____doc__K/srv/django_bis/venv311/lib/python3.11/site-packages/google/api_core/iam.pyrrMs;;Dr rceZdZdZefZ efZ efZ ddZ dZ dZ dZ dZdZd Zd Zed Zejd Zed ZejdZedZejdZedZejdZedZedZedZedZedZedZedZ dZ!dS)Policya1IAM Policy Args: etag (Optional[str]): ETag used to identify a unique of the policy version (Optional[int]): The syntax schema version of the policy. Note: Using conditions in bindings requires the policy's version to be set to `3` or greater, depending on the versions that are currently supported. Accessing the policy using dict operations will raise InvalidOperationException when the policy's version is set to 3. Use the policy.bindings getter/setter to retrieve and modify the policy's bindings. See: IAM Policy https://cloud.google.com/iam/reference/rest/v1/Policy Policy versions https://cloud.google.com/iam/docs/policies#versions Conditions overview https://cloud.google.com/iam/docs/conditions-overview. Nc0||_||_g|_dSN)etagversion _bindings)selfrrs r __init__zPolicy.__init__rs  r cL|d|jDS)Nc36K|]}|d |dVdS)membersroleNr ).0bindings r z"Policy.__iter__..zs0TTGASTTTTTTTr )__check_version__rrs r __iter__zPolicy.__iter__ws*    TTt~TTTTr c|tt|Sr)rlenlistrrs r __len__zPolicy.__len__|s2    4 (()))r c||jD]}|d|kr |dcS|td}|j||dSNrrrr)rrsetappend)rkeyb new_bindings r __getitem__zPolicy.__getitem__s}     $ $AyC|### #suu55  k***9%%r c|t|}|jD]}|d|kr||d<dS|j||ddSr$)rr&rr')rr(valuers r __setitem__zPolicy.__setitem__s{    E ~  Gv#%%%* "& su==>>>>>r c||jD]+}|d|kr|j|dS,t|)Nr)rrremoveKeyError)rr(r)s r __delitem__zPolicy.__delitem__sd      AyC%%a((( smmr c|jduo |jdk}|s|rttdS)z[Raise InvalidOperationException if version is greater than 1 or policy contains conditions.N)r_contains_conditionsr_DICT_ACCESS_MSG)r raise_versions r rzPolicy.__check_version__sN D0ET\A5E  >D5577 >+,<== = > >r cJ|jD]}|ddSdS)N conditionTF)rget)rr)s r r5zPolicy._contains_conditionss6  Auu[!!-tt.ur c|jS)aEThe policy's list of bindings. A binding is specified by a dictionary with keys: * role (str): Role that is assigned to `members`. * members (:obj:`set` of str): Specifies the identities associated to this binding. * condition (:obj:`dict` of str:str): Specifies a condition under which this binding will apply. * title (str): Title for the condition. * description (:obj:str, optional): Description of the condition. * expression: A CEL expression. Type: :obj:`list` of :obj:`dict` See: Policy versions https://cloud.google.com/iam/docs/policies#versions Conditions overview https://cloud.google.com/iam/docs/conditions-overview. Example: .. code-block:: python USER = "user:phred@example.com" ADMIN_GROUP = "group:admins@groups.example.com" SERVICE_ACCOUNT = "serviceAccount:account-1234@accounts.example.com" CONDITION = { "title": "request_time", "description": "Requests made before 2021-01-01T00:00:00Z", # Optional "expression": "request.time < timestamp("2021-01-01T00:00:00Z")" } # Set policy's version to 3 before setting bindings containing conditions. policy.version = 3 policy.bindings = [ { "role": "roles/viewer", "members": {USER, ADMIN_GROUP, SERVICE_ACCOUNT}, "condition": CONDITION }, ... ] rrs r bindingszPolicy.bindingss d~r c||_dSrr<)rr=s r r=zPolicy.bindingss !r ct}|jD]0}||dD]}||1t |S)zLegacy access to owner role. Raise InvalidOperationException if version is greater than 1 or policy contains conditions. DEPRECATED: use `policy.bindings` to access bindings instead. r )r& _OWNER_ROLESr:add frozensetrresultrmembers r ownersz Policy.ownerssd% # #D((4,, # # 6"""" #   r ctjtdtt ||t<dS)zUpdate owners. Raise InvalidOperationException if version is greater than 1 or policy contains conditions. DEPRECATED: use `policy.bindings` to access bindings instead. rFN)warningswarn_ASSIGNMENT_DEPRECATED_MSGformat OWNER_ROLEDeprecationWarningrr-s r rFz Policy.ownerss@  & - -h C CEW   !Zr ct}|jD]0}||dD]}||1t |S)zLegacy access to editor role. Raise InvalidOperationException if version is greater than 1 or policy contains conditions. DEPRECATED: use `policy.bindings` to access bindings instead. r )r& _EDITOR_ROLESr:rArBrCs r editorszPolicy.editorsd& # #D((4,, # # 6"""" #   r ctjtdtt ||t<dS)zUpdate editors. Raise InvalidOperationException if version is greater than 1 or policy contains conditions. DEPRECATED: use `policy.bindings` to modify bindings instead. rQN)rHrIrJrK EDITOR_ROLErMrNs r rQzPolicy.editors @  & - -i E E    "[r ct}|jD]0}||dD]}||1t |S)zLegacy access to viewer role. Raise InvalidOperationException if version is greater than 1 or policy contains conditions. DEPRECATED: use `policy.bindings` to modify bindings instead. r )r& _VIEWER_ROLESr:rArBrCs r viewerszPolicy.viewersrRr ctjtdtt ||t<dS)zUpdate viewers. Raise InvalidOperationException if version is greater than 1 or policy contains conditions. DEPRECATED: use `policy.bindings` to modify bindings instead. rXN)rHrIrJrK VIEWER_ROLErMrNs r rXzPolicy.viewers(rUr c d|S)zFactory method for a user member. Args: email (str): E-mail for this particular user. Returns: str: A member string corresponding to the given user. zuser:r emails r userz Policy.user6s"E##r c d|S)zFactory method for a service account member. Args: email (str): E-mail for this particular service account. Returns: str: A member string corresponding to the given service account. zserviceAccount:r r\s r service_accountzPolicy.service_accountBs',e--r c d|S)zFactory method for a group member. Args: email (str): An id or e-mail for this particular group. Returns: str: A member string corresponding to the given group. zgroup:r r\s r groupz Policy.groupOs#U$$r c d|S)zFactory method for a domain member. Args: domain (str): The domain for this member. Returns: str: A member string corresponding to the given domain. zdomain:r )domains r rdz Policy.domain[s%f&&r cdS)zFactory method for a member representing all users. Returns: str: A member string representing all users. allUsersr r r r all_userszPolicy.all_usersgs zr cdS)zFactory method for a member representing all authenticated users. Returns: str: A member string representing all authenticated users. allAuthenticatedUsersr r r r authenticated_userszPolicy.authenticated_usersps '&r c|d}|d}|||}|dg|_|jD](}t|dd|d<)|S)zFactory: create a policy from a JSON resource. Args: resource (dict): policy resource returned by ``getIamPolicy`` API. Returns: :class:`Policy`: the parsed policy rrr=rr )r:r=r&)clsresourcerrpolicyrs r from_api_reprzPolicy.from_api_reprys,,y))||F##T7##",,z266 A AG!$W[[B%?%?!@!@GI   r ci}|j |j|d<|j |j|d<|jrt|jdkrg}|jD]b}|d}|rI|dt |d}|d}|r||d<||c|r(tjd}t || |d <|S) zRender a JSON policy resource. Returns: dict: a resource to be passed to the ``setIamPolicy`` API. Nrrrrrr%r9)r(r=) rrrr r:sortedr'operator itemgetter)rrmr=rrr*r9r(s r to_api_reprzPolicy.to_api_reprs  9 #yHV  < #"&,HY  > Ac$.11A55H> 1 1!++i001+26?vg"W"WK ' K 8 8I =3< K0OOK000 A)&11'-hC'@'@'@$r )NN)"rrrrrLr@rTrPrZrWrrr"r+r.r2rr5propertyr=setterrFrQrX staticmethodr^r`rbrdrgrj classmethodrortr r r r r Ssk*=L5 NM6 NM6 UUU *** & & &???>>> 11X1f_""_" ! !X ! ] ! !] ! ! !X ! ^ " "^ " ! !X ! ^ " "^ " $ $\ $ . .\ . % %\ % ' '\ '\''\'[&r r )r collectionscollections.abcrrrHrLrTrZrJr6 ExceptionrabcMutableMappingr r r r r~s&&P 4 7 7c[        XXXXX[_ +XXXXXr