davidkotnik/novafarma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add new gcloud commands, API clients, and third-party libraries across various services.

Browse Source
This commit is contained in:
David Kotnik
2026-01-01 20:26:35 +01:00
parent 5e23cbece0
commit a19e592eb7
25221 changed files with 8324611 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_context_manager/policies/__init__.py Normal file
View File

@@ -0,0 +1,28 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The policy command group for the Access Context Manager CLI."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
class AccessContextManager(base.Group):
"""Manage Access Context Manager policies.
An access policy is a container for access levels and access zones.
"""

36
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_context_manager/policies/add_iam_policy_binding.yaml Normal file
View File

@@ -0,0 +1,36 @@
release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Add IAM policy binding for an access policy.
description: |
Adds a policy binding to the IAM policy of an access policy. The binding consists of a role,
identity, and access policy.
examples: |
To add an IAM policy binding for the role of ``roles/notebooks.admin'' for the user 'test-user@gmail.com'
on the access policy 'accessPolicies/123', run:
$ {command} --member='user:test-user@gmail.com' --role='roles/notebooks.admin' accessPolicies/123
See https://cloud.google.com/iam/docs/managing-policies for details of
policy role and member types.
request:
collection: accesscontextmanager.accessPolicies
use_relative_name: true
ALPHA:
api_version: v1alpha
method: setIamPolicy
BETA:
api_version: v1
method: setIamPolicy
GA:
api_version: v1
method: setIamPolicy
arguments:
resource:
help_text: The access policy to add the IAM binding.
spec: !REF googlecloudsdk.command_lib.accesscontextmanager.resources:policy
iam:
enable_condition: true
policy_version: 3
get_iam_policy_version_path: getIamPolicyRequest.options.requestedPolicyVersion

26
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_context_manager/policies/config/__init__.py Normal file
View File

@@ -0,0 +1,26 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command group for managing Access Context Manager access policy configurations."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(base.ReleaseTrack.ALPHA)
class Config(base.Group):
"""Manage Access Context Manager access policy configurations."""

38
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_context_manager/policies/config/export.yaml Normal file
View File

@@ -0,0 +1,38 @@
release_tracks: [ALPHA]
command_type: CONFIG_EXPORT
help_text:
brief: Export the configuration for a Access Context Manager access policy.
description: |
*{command}* exports the configuration for a Access Context Manager access policy.
Access policy configurations can be exported in
Kubernetes Resource Model (krm) or Terraform HCL formats. The
default format is `krm`.
Specifying `--all` allows you to export the configurations for all
access policies within the project.
Specifying `--path` allows you to export the configuration(s) to
a local directory.
examples: |
To export the configuration for an access policy, run:
$ {command} my-access-policy
To export the configuration for an access policy to a file, run:
$ {command} my-access-policy --path=/path/to/dir/
To export the configuration for an access policy in Terraform
HCL format, run:
$ {command} my-access-policy --resource-format=terraform
To export the configurations for all access policies within a
project, run:
$ {command} --all
arguments:
resource:
help_text: Access policy to export the configuration for.
spec: !REF googlecloudsdk.command_lib.accesscontextmanager.resources:policy

67
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_context_manager/policies/create.yaml Normal file
View File

@@ -0,0 +1,67 @@
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Create a new access policy.
description: |
Create a new Access Context Manager policy. An Access Context Manager policy, also known as
an access policy, is a container for access levels and VPC Service Controls service
perimeters.
You can optionally specify either a folder or a project as a scope of an access policy. A
scoped policy only allows projects under that scope to be restricted by any service perimeters
defined with that policy. The scope must be within the organization that this policy is
associated with. You can specify only one folder or project as the scope for an access
policy. If you don't specify a scope, then the scope extends to the entire organization and
any projects within the organization can be added to service perimeters in this policy.
This command only creates an access policy. Access levels and service perimeters need to be
created explicitly.
examples: |
To create an access policy that applies to the entire organization, run:
$ {command} --organization=organizations/123 --title="My Policy"
To create an access policy that applies to the folder with the ID 345, run:
$ {command} --organization=organizations/123 --scopes=folders/345 \
--title="My Folder Policy"
Only projects within this folder can be added to service perimeters within this policy.
To create an access policy that applies only to the project with the project number 567, run:
$ {command} --organization=organizations/123 --scopes=projects/567 \
--title="My Project Policy"
request:
collection: accesscontextmanager.accessPolicies
api_version: v1
BETA:
api_version: v1
ALPHA:
api_version: v1alpha
async:
collection: accesscontextmanager.operations
result_attribute: response
extract_resource_result: false
arguments:
params:
- api_field: title
arg_name: title
required: true
help_text: Short human-readable title of the access policy.
- api_field: parent
arg_name: organization
required: true
type: googlecloudsdk.command_lib.util.hooks.types:Resource:collection=cloudresourcemanager.organizations
processor: googlecloudsdk.command_lib.util.hooks.processors:RelativeName
help_text: Parent organization for the access policies.
- api_field: scopes
arg_name: scopes
required: false
help_text: |
Folder or project on which this policy is applicable. You can specify only one folder or
project as the scope and the scope must exist within the specified organization. If you
don't specify a scope, the policy applies to the entire organization.

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_context_manager/policies/delete.yaml Normal file
View File

@@ -0,0 +1,18 @@
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Delete an access policy.
description: Delete a given access policy.
request:
collection: accesscontextmanager.accessPolicies
api_version: v1
BETA:
api_version: v1
ALPHA:
api_version: v1alpha
arguments:
resource:
help_text: The access policy you want to delete.
spec: !REF googlecloudsdk.command_lib.accesscontextmanager.resources:policy

18
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_context_manager/policies/describe.yaml Normal file
View File

@@ -0,0 +1,18 @@
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Show details about an access policy.
description: Show details about a given access policy.
request:
collection: accesscontextmanager.accessPolicies
api_version: v1
BETA:
api_version: v1
ALPHA:
api_version: v1alpha
arguments:
resource:
help_text: The access level you want to show details about.
spec: !REF googlecloudsdk.command_lib.accesscontextmanager.resources:policy

33
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_context_manager/policies/get_iam_policy.yaml Normal file
View File

@@ -0,0 +1,33 @@
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Get the IAM policy for an access policy.
description: |
*{command}* Displays the IAM policy associated with an access policy.
If formatted as JSON, the output can be edited and used as
a policy file for *set-iam-policy*. The output includes an "etag"
field identifying the version emitted and allowing detection of
concurrent policy updates; see
$ {parent} set-iam-policy for additional details.
examples: |
To print the IAM policy for a given access policy, run:
$ {command} accessPolicies/1234
request:
collection: accesscontextmanager.accessPolicies
use_relative_name: true
ALPHA:
api_version: v1alpha
method: getIamPolicy
BETA:
api_version: v1
method: getIamPolicy
GA:
api_version: v1
method: getIamPolicy
arguments:
resource:
help_text: The access policy for which to display the IAM policy.
spec: !REF googlecloudsdk.command_lib.accesscontextmanager.resources:policy

42
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_context_manager/policies/list.yaml Normal file
View File

@@ -0,0 +1,42 @@
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: List access policies.
description: |
List access policies.
## EXAMPLES
To list access policies, run the following command:
$ {command}
This command prints a list of Access Policies in a tabular form:
NAME ORGANIZATION SCOPE TITLE ETAG
MY_POLICY 12345 projects/123 My Policy 123abcdef
request:
collection: accesscontextmanager.accessPolicies
api_version: v1
BETA:
api_version: v1
ALPHA:
api_version: v1alpha
resource_method_params:
parent: '{__relative_name__}'
arguments:
resource:
help_text: The parent organization of the policies you want to list.
spec: !REF googlecloudsdk.command_lib.organizations.resources:organization
output:
format: |
table(
name.basename(),
parent.basename():label=ORGANIZATION,
scopes.flatten(),
title,
etag
)

27
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_context_manager/policies/quotas/__init__.py Normal file
View File

@@ -0,0 +1,27 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command group for managing Access Context Manager access policy configurations."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.Hidden
@base.ReleaseTracks(base.ReleaseTrack.ALPHA)
class Quotas(base.Group):
"""Manage Access Context Manager access policy quotas."""

174
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_context_manager/policies/quotas/list.py Normal file
View File

@@ -0,0 +1,174 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""`gcloud access-context-manager policies quotas list` command."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import dataclasses
from googlecloudsdk.api_lib.accesscontextmanager import levels as levels_api
from googlecloudsdk.api_lib.accesscontextmanager import zones as perimeters_api
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.accesscontextmanager import policies
@dataclasses.dataclass
class Metric:
title: str
usage: int
@base.Hidden
@base.ReleaseTracks(base.ReleaseTrack.ALPHA)
class ListPoliciesQuotas(base.ListCommand):
"""Lists the Quota Usage."""
_API_VERSION = 'v1alpha'
def GetPrimetersQuotaUsage(self, perimeters_to_display):
"""Returns service primeters quota usage.
Args:
perimeters_to_display: Response of ListServicePerimeters API
"""
arguments = list(perimeters_to_display)
service_primeters = len(arguments)
protected_resources = 0
ingress_rules = 0
egress_rules = 0
total_ingress_egress_attributes = self.GetTotalIngressEgressAttributes(
arguments
)
for metric in arguments:
configs = []
if metric.status:
configs.append(metric.status)
if metric.spec:
configs.append(metric.spec)
for config in configs:
protected_resources += len(config.resources)
ingress_rules += len(config.ingressPolicies)
egress_rules += len(config.egressPolicies)
return [
Metric('Service primeters', service_primeters),
Metric('Protected resources', protected_resources),
Metric('Ingress rules', ingress_rules),
Metric('Egress rules', egress_rules),
Metric(
'Total ingress/egress attributes', total_ingress_egress_attributes
),
]
def GetLevelsQuotaUsage(self, levels_to_display):
"""Returns levels quota usage, only counts basic access levels.
Args:
levels_to_display: Response of ListAccessLevels API
"""
access_levels = 0
for level in levels_to_display:
if level.basic:
access_levels += 1
return [Metric('Access levels', access_levels)]
def GetTotalIngressEgressAttributes(self, perimeters_to_display):
"""Returns total ingress/egress attributes quota usage.
Args:
perimeters_to_display: Response of ListServicePerimeters API
"""
elements_count = 0
for metric in perimeters_to_display:
configs = []
if metric.status:
configs.append(metric.status)
if metric.spec:
configs.append(metric.spec)
for config in configs:
if config.ingressPolicies:
for ingress_policy in config.ingressPolicies:
elements_count += len(ingress_policy.ingressFrom.sources)
elements_count += len(ingress_policy.ingressFrom.identities)
elements_count += sum(
len(o.methodSelectors)
for o in ingress_policy.ingressTo.operations
)
elements_count += len(ingress_policy.ingressTo.resources)
if config.egressPolicies:
for egress_policy in config.egressPolicies:
elements_count += len(egress_policy.egressFrom.identities)
elements_count += sum(
len(o.methodSelectors)
for o in egress_policy.egressTo.operations
)
elements_count += len(egress_policy.egressTo.resources)
return elements_count
@staticmethod
def Args(parser):
policies.AddResourceArg(parser, 'to list the quota usage')
base.URI_FLAG.RemoveFromParser(parser)
parser.display_info.AddFormat('table(title, usage)')
def Run(self, args):
perimeters_client = perimeters_api.Client(version=self._API_VERSION)
levels_client = levels_api.Client(version=self._API_VERSION)
policy_ref = args.CONCEPTS.policy.Parse()
levels_to_display = levels_client.List(policy_ref)
perimeters_to_display = perimeters_client.List(policy_ref)
primeters_quota_usage = self.GetPrimetersQuotaUsage(perimeters_to_display)
levels_quota_usage = self.GetLevelsQuotaUsage(levels_to_display)
return primeters_quota_usage + levels_quota_usage
detailed_help = {
'brief': (
'List the quota usage of a specific Access Context Manager policy.'
),
'DESCRIPTION': (
'List quota usage of a specific Access Context Manager policy,'
' also known as an access policy. Metrics include: Serivce perimeters,'
' Protected resources, Ingress rules, Egress rules, Access rules and'
' Total ingress/egress attributes. For access levels, this only counts'
' basic access levels.'
),
'EXAMPLES': """
To list the quota usage of a specific Access Context Manager policy:
$ {command} POLICY
Sample output:
===
TITLE USAGE
Service primeters 1
Protected resources 1
Ingress rules 1
Egress rules 1
Total ingress/egress attributes 3
Access levels 1
""",
}
ListPoliciesQuotas.detailed_help = detailed_help

35
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_context_manager/policies/remove_iam_policy_binding.yaml Normal file
View File

@@ -0,0 +1,35 @@
release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Remove IAM policy binding for an access policy.
description: |
Removes a policy binding to the IAM policy of an access policy, given an access policy ID and the binding.
examples: |
To remove an IAM policy binding for the role of ``roles/editor'' for the user 'test-user@gmail.com'
on the access policy 'accessPolicies/123', run:
$ {command} accessPolicies/123 --member='user:test-user@gmail.com' --role='roles/editor'
See https://cloud.google.com/iam/docs/managing-policies for details of
policy role and member types.
request:
collection: accesscontextmanager.accessPolicies
use_relative_name: true
ALPHA:
api_version: v1alpha
method: setIamPolicy
BETA:
api_version: v1
method: setIamPolicy
GA:
api_version: v1
method: setIamPolicy
arguments:
resource:
help_text: The access policy to remove the IAM binding.
spec: !REF googlecloudsdk.command_lib.accesscontextmanager.resources:policy
iam:
enable_condition: true
policy_version: 3
get_iam_policy_version_path: getIamPolicyRequest.options.requestedPolicyVersion

35
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_context_manager/policies/set_iam_policy.yaml Normal file
View File

@@ -0,0 +1,35 @@
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Set IAM policy for an access policy.
description: |
Sets the IAM policy for a access policy, given access policy ID and a file
encoded in JSON or YAML that contains the IAM policy.
examples: |
The following command reads an IAM policy defined in a JSON file
`policy.json` and sets it for the access policy with the ID
`accessPolicies/1234`:
$ {command} accessPolicies/1234 policy.json
See https://cloud.google.com/iam/docs/managing-policies for details of the
policy file format and contents.
request:
collection: accesscontextmanager.accessPolicies
use_relative_name: true
ALPHA:
api_version: v1alpha
method: setIamPolicy
BETA:
api_version: v1
method: setIamPolicy
GA:
api_version: v1
method: setIamPolicy
modify_request_hooks:
- googlecloudsdk.command_lib.iam.hooks:UseMaxRequestedPolicyVersion:api_field=setIamPolicyRequest.policy.version
arguments:
resource:
help_text: The access policy to set the IAM policy for.
spec: !REF googlecloudsdk.command_lib.accesscontextmanager.resources:policy

52
gcloud auth application-default login/google-cloud-sdk/lib/surface/access_context_manager/policies/update.py Normal file
View File

@@ -0,0 +1,52 @@
# -*- coding: utf-8 -*- #
# Copyright 2018 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""`gcloud access-context-manager policies update` command."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.accesscontextmanager import policies as policies_api
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.accesscontextmanager import common
from googlecloudsdk.command_lib.accesscontextmanager import policies
@base.ReleaseTracks(base.ReleaseTrack.GA)
class UpdatePoliciesGA(base.UpdateCommand):
"""Update an existing access policy."""
_API_VERSION = 'v1'
@staticmethod
def Args(parser):
policies.AddResourceArg(parser, 'to update')
common.GetTitleArg('access policy').AddToParser(parser)
def Run(self, args):
client = policies_api.Client(version=self._API_VERSION)
policy_ref = args.CONCEPTS.policy.Parse()
return client.Patch(policy_ref, title=args.title)
@base.ReleaseTracks(base.ReleaseTrack.ALPHA)
class UpdatePoliciesAlpha(UpdatePoliciesGA):
_API_VERSION = 'v1alpha'
@base.ReleaseTracks(base.ReleaseTrack.BETA)
class UpdatePoliciesBeta(UpdatePoliciesGA):
_API_VERSION = 'v1'