davidkotnik/novafarma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add new gcloud commands, API clients, and third-party libraries across various services.

Browse Source
This commit is contained in:
David Kotnik
2026-01-01 20:26:35 +01:00
parent 5e23cbece0
commit a19e592eb7
25221 changed files with 8324611 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/__init__.py Normal file
View File

@@ -0,0 +1,38 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Commands for reading and manipulating firewall policies."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.DefaultUniverseOnly
@base.ReleaseTracks(
base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA, base.ReleaseTrack.GA)
class OrgFirewallPolicies(base.Group):
"""Manage Compute Engine organization firewall policies.
Manage Compute Engine organization firewall policies. Organization
firewall policies are used to control incoming/outgoing traffic.
"""
category = base.COMPUTE_CATEGORY
OrgFirewallPolicies.detailed_help = {
'brief': ('Manage Compute Engine organization firewall policies.'),
}

28
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/associations/__init__.py Normal file
View File

@@ -0,0 +1,28 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Commands for reading and manipulating organization firewall policies associations."""
from __future__ import absolute_import
from __future__ import division
from __future__ import print_function
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.UniverseCompatible
class FirewallPolicyAssociations(base.Group):
"""Read and manipulate Compute Engine organization firewall policy associations."""

102
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/associations/create.py Normal file
View File

@@ -0,0 +1,102 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for creating organization firewall policy associations."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import sys
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
from googlecloudsdk.core import log
import six
class Create(base.CreateCommand):
"""Create a new association between a firewall policy and an organization or folder resource.
*{command}* is used to create organization firewall policy associations. An
organization firewall policy is a set of rules that controls access to various
resources.
"""
@classmethod
def Args(cls, parser):
flags.AddArgsCreateAssociation(parser)
parser.display_info.AddCacheUpdater(flags.FirewallPoliciesCompleter)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
org_firewall_policy = client.OrgFirewallPolicy(
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
name = None
attachment_target = None
replace_existing_association = False
if args.IsSpecified('name'):
name = args.name
attachment_target = None
if args.IsSpecified('folder'):
attachment_target = 'folders/' + args.folder
if name is None:
name = 'folder-' + args.folder
if args.IsSpecified('organization') and attachment_target is None:
attachment_target = 'organizations/' + args.organization
if name is None:
name = 'organization-' + args.organization
if attachment_target is None:
log.error(
'Must specify attachment target with --organization=ORGANIZATION or '
'--folder=FOLDER')
sys.exit()
replace_existing_association = False
if args.replace_association_on_target:
replace_existing_association = True
association = holder.client.messages.FirewallPolicyAssociation(
attachmentTarget=attachment_target, name=name)
firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId(
org_firewall_policy,
args.firewall_policy,
organization=args.organization)
return org_firewall_policy.AddAssociation(
association=association,
firewall_policy_id=firewall_policy_id,
replace_existing_association=replace_existing_association,
only_generate_request=False)
Create.detailed_help = {
'EXAMPLES':
"""\
To associate an organization firewall policy under folder with ID
``123456789" to folder ``987654321", run:
$ {command} --firewall-policy=123456789 --folder=987654321
""",
}

77
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/associations/delete.py Normal file
View File

@@ -0,0 +1,77 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for deleting organization firewall policy associations."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
import six
@base.DefaultUniverseOnly
class Delete(base.DeleteCommand):
"""Delete a Compute Engine organization firewall policy association.
*{command}* is used to delete organization firewall policy association.
"""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyAssociationsArgument(
required=True
)
cls.FIREWALL_POLICY_ARG.AddArgument(parser, operation_type='delete')
flags.AddArgsDeleteAssociation(parser)
parser.display_info.AddCacheUpdater(flags.FirewallPoliciesCompleter)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False
)
org_firewall_policy = client.OrgFirewallPolicy(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower(),
)
firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId(
org_firewall_policy,
args.firewall_policy,
organization=args.organization,
)
return org_firewall_policy.DeleteAssociation(
firewall_policy_id=firewall_policy_id,
association_name=args.name,
only_generate_request=False,
)
Delete.detailed_help = {
'EXAMPLES': """\
To delete an association with name ``example-association" of an organization
firewall policy with ID ``123456789", run:
$ {command} example-association --firewall-policy=123456789
""",
}

76
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/associations/list.py Normal file
View File

@@ -0,0 +1,76 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for listing the associations of an organization or folder resource."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import flags
import six
# TODO(b/175792396): change displayName to shortName once API is rolled out
DEFAULT_LIST_FORMAT = """\
table(
name,
displayName,
firewallPolicyId
)"""
class List(base.DescribeCommand, base.ListCommand):
"""List the associations of an organization or folder resource.
*{command}* is used to list the associations of an organization or folder
resource.
"""
@classmethod
def Args(cls, parser):
flags.AddArgsListAssociation(parser)
parser.display_info.AddFormat(DEFAULT_LIST_FORMAT)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
org_firewall_policy = client.OrgFirewallPolicy(
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
target_resource = None
if args.IsSpecified('organization'):
target_resource = 'organizations/' + args.organization
elif args.IsSpecified('folder'):
target_resource = 'folders/' + args.folder
res = org_firewall_policy.ListAssociations(
target_resource=target_resource, only_generate_request=False)
if not res:
return None
return res[0].associations
List.detailed_help = {
'EXAMPLES':
"""\
To list the associations of the folder with ID ``987654321", run:
$ {command} --folder=987654321
""",
}

83
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/clone_rules.py Normal file
View File

@@ -0,0 +1,83 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for replacing the rules of organization firewall policies."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
import six
@base.DefaultUniverseOnly
class CloneRules(base.UpdateCommand):
"""Replace the rules of a Compute Engine organization firewall policy with rules from another policy.
*{command}* is used to replace the rules of organization firewall policies. An
organization firewall policy is a set of rules that controls access to
various resources.
"""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyArgument(
required=True, operation='clone the rules to'
)
cls.FIREWALL_POLICY_ARG.AddArgument(parser, operation_type='clone-rules')
flags.AddArgsCloneRules(parser)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False
)
org_firewall_policy = client.OrgFirewallPolicy(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower(),
)
dest_fp_id = firewall_policies_utils.GetFirewallPolicyId(
org_firewall_policy, ref.Name(), organization=args.organization
)
return org_firewall_policy.CloneRules(
only_generate_request=False,
dest_fp_id=dest_fp_id,
source_firewall_policy=args.source_firewall_policy,
)
CloneRules.detailed_help = {
'EXAMPLES': """\
To clone the rules of an organization firewall policy with ID ``123456789",
from another organization firewall policy with ID ``987654321", run:
$ {command} 123456789 --source-firewall-policy=987654321
""",
'IAM PERMISSIONS': """\
To clone rules to a firewall policy, the user must have the following
permission: *`compute.firewallPolicies.cloneRules`.
To find predefined roles that contain those permissions, see the [Compute
Engine IAM roles](https://cloud.google.com/compute/docs/access/iam).
""",
}

77
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/create.py Normal file
View File

@@ -0,0 +1,77 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for creating organization firewall policies."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import flags
import six
@base.DefaultUniverseOnly
class Create(base.CreateCommand):
"""Create a Compute Engine organization firewall policy.
*{command}* is used to create organization firewall policies. An organization
firewall policy is a set of rules that controls access to various resources.
"""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
flags.AddArgFirewallPolicyCreation(parser)
parser.display_info.AddCacheUpdater(flags.FirewallPoliciesCompleter)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
org_firewall_policy = client.OrgFirewallPolicy(
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
if args.IsSpecified('organization'):
parent_id = 'organizations/' + args.organization
elif args.IsSpecified('folder'):
parent_id = 'folders/' + args.folder
firewall_policy = holder.client.messages.FirewallPolicy(
description=args.description, displayName=args.short_name)
return org_firewall_policy.Create(
firewall_policy=firewall_policy,
parent_id=parent_id,
only_generate_request=False)
Create.detailed_help = {
'EXAMPLES':
"""\
To create an organization firewall policy under folder with ID ``123456789",
run:
$ {command} --short-name=my-policy --folder=123456789
""",
'IAM PERMISSIONS': """\
To create rules to a firewall policy, the user must have the following
permission: *`compute.firewallPolicies.create`.
To find predefined roles that contain those permissions, see the [Compute
Engine IAM roles](https://cloud.google.com/compute/docs/access/iam).
"""
}

78
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/delete.py Normal file
View File

@@ -0,0 +1,78 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for deleting organization firewall policies."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
import six
@base.DefaultUniverseOnly
class Delete(base.DeleteCommand):
"""Delete a Compute Engine organization firewall policy.
*{command}* is used to delete organization firewall policies. An organization
firewall policy is a set of rules that controls access to various resources.
"""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyArgument(
required=True, operation='delete')
cls.FIREWALL_POLICY_ARG.AddArgument(parser, operation_type='delete')
parser.add_argument(
'--organization',
help=('Organization in which the organization firewall policy is to be'
' deleted. Must be set if FIREWALL_POLICY is the short name.'))
parser.display_info.AddCacheUpdater(flags.FirewallPoliciesCompleter)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
org_firewall_policy = client.OrgFirewallPolicy(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
fp_id = firewall_policies_utils.GetFirewallPolicyId(
org_firewall_policy, ref.Name(), organization=args.organization)
return org_firewall_policy.Delete(fp_id=fp_id, only_generate_request=False)
Delete.detailed_help = {
'EXAMPLES':
"""\
To delete an organization firewall policy with ID ``123456789", run:
$ {command} 123456789
""",
'IAM PERMISSIONS': """\
To delete a firewall policy, the user must have the following
permission: *`compute.firewallPolicies.delete`.
To find predefined roles that contain those permissions, see the [Compute
Engine IAM roles](https://cloud.google.com/compute/docs/access/iam).
"""
}

80
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/describe.py Normal file
View File

@@ -0,0 +1,80 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for describing organization firewall policies."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
import six
@base.DefaultUniverseOnly
class Describe(base.DescribeCommand):
"""Describe a Compute Engine organization firewall policy.
*{command}* is used to describe organization firewall policies. An
organization firewall policy is a set of rules that controls access to various
resources.
"""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyArgument(
required=True, operation='describe')
cls.FIREWALL_POLICY_ARG.AddArgument(parser, operation_type='get')
parser.add_argument(
'--organization',
help=('Organization in which the organization firewall policy is to be'
' described. Must be set if FIREWALL_POLICY is short name.'))
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
org_firewall_policy = client.OrgFirewallPolicy(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
fp_id = firewall_policies_utils.GetFirewallPolicyId(
org_firewall_policy, ref.Name(), organization=args.organization)
return org_firewall_policy.Describe(
fp_id=fp_id, only_generate_request=False)
Describe.detailed_help = {
'EXAMPLES':
"""\
To describe an organization firewall policy with ID ``123456789", run:
$ {command} 123456789
""",
'IAM PERMISSIONS': """\
To describe a firewall policy, the user must have the following
permission: *`compute.firewallPolicies.get`.
To find predefined roles that contain those permissions, see the [Compute
Engine IAM roles](https://cloud.google.com/compute/docs/access/iam).
"""
}

131
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/export_rules.py Normal file
View File

@@ -0,0 +1,131 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Export firewall policy rules command."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import sys
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
from googlecloudsdk.command_lib.export import util as export_util
from googlecloudsdk.core.util import files
import six
DETAILED_HELP = {
'DESCRIPTION': """\
Exports Firewall Policy rules configuration to a file.
""",
'EXAMPLES': """\
Firewall Policy rules can be exported by running:
$ {command} FIREWALL_POLICY --destination=<path-to-file>
--organization=<organization>
""",
}
@base.DefaultUniverseOnly
@base.ReleaseTracks(
base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA, base.ReleaseTrack.GA
)
class Export(base.Command):
"""Export Compute Engine organization firewall policy rules.
Exports organization firewall policy rules configuration to a file.
This configuration can be imported at a later time.
"""
FIREWALL_POLICY_ARG = None
detailed_help = DETAILED_HELP
@classmethod
def GetApiVersion(cls):
"""Returns the API version based on the release track."""
if cls.ReleaseTrack() == base.ReleaseTrack.ALPHA:
return 'alpha'
elif cls.ReleaseTrack() == base.ReleaseTrack.BETA:
return 'beta'
return 'v1'
@classmethod
def GetSchemaPath(cls, for_help=False):
"""Returns the resource schema path."""
return export_util.GetSchemaPath(
'compute',
cls.GetApiVersion(),
'FirewallPolicy',
for_help=for_help,
)
@classmethod
def Args(cls, parser):
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyArgument(
required=True, operation='export rules from'
)
cls.FIREWALL_POLICY_ARG.AddArgument(parser, operation_type='export-rules')
parser.add_argument(
'--organization',
help=(
'Organization in which the organization firewall policy rules'
' export from. Must be set if FIREWALL_POLICY is short name.'
),
)
export_util.AddExportFlags(parser, cls.GetSchemaPath(for_help=True))
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
firewall_policy_ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False
)
org_firewall_policy = client.OrgFirewallPolicy(
ref=firewall_policy_ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower(),
)
fp_id = firewall_policies_utils.GetFirewallPolicyId(
org_firewall_policy,
firewall_policy_ref.Name(),
organization=args.organization,
)
firewall_policy = org_firewall_policy.Describe(
fp_id=fp_id, only_generate_request=False
)[0]
# only rules are exported
firewall_policy_rules = holder.client.messages.FirewallPolicy(
rules=firewall_policy.rules
)
if args.destination:
with files.FileWriter(args.destination) as stream:
export_util.Export(
message=firewall_policy_rules,
stream=stream,
schema_path=self.GetSchemaPath(),
)
else:
export_util.Export(
message=firewall_policy_rules,
stream=sys.stdout,
schema_path=self.GetSchemaPath(),
)

82
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/force_start_progressive_rollout.py Normal file
View File

@@ -0,0 +1,82 @@
# -*- coding: utf-8 -*- #
# Copyright 2025 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for replacing the rules of organization firewall policies."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
import six
@base.DefaultUniverseOnly
@base.ReleaseTracks(base.ReleaseTrack.ALPHA)
class ForceStartProgressiveRollout(base.UpdateCommand):
"""Starts a new rollout of organization firewall policy."""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyArgument(
required=True, operation='start a new rollout of'
)
cls.FIREWALL_POLICY_ARG.AddArgument(
parser, operation_type='force-start-progressive-rollout'
)
flags.AddArgsForceStartProgressiveRollout(parser)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False
)
org_firewall_policy = client.OrgFirewallPolicy(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower(),
)
dest_fp_id = firewall_policies_utils.GetFirewallPolicyId(
org_firewall_policy, ref.Name(), organization=args.organization
)
return org_firewall_policy.ForceStartProgressiveRollout(
firewall_policy=dest_fp_id,
only_generate_request=False,
)
ForceStartProgressiveRollout.detailed_help = {
'EXAMPLES': """\
To start a new rollout of an organization firewall policy with ID ``123456789", run:
$ {command} 123456789
""",
'IAM PERMISSIONS': """\
To start rollout of a firewall policy, the user must have the following
permission:
*`compute.firewallPolicies.update`,
*`compute.firewallPolicies.use',
*'compute.organizations.setFirewallPolicy'.
To find predefined roles that contain those permissions, see the [Compute
Engine IAM roles](https://cloud.google.com/compute/docs/access/iam).
""",
}

133
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/import_rules.py Normal file
View File

@@ -0,0 +1,133 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Import firewall policy rules command."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
from googlecloudsdk.command_lib.export import util as export_util
from googlecloudsdk.core.console import console_io
import six
DETAILED_HELP = {
'DESCRIPTION': """\
Imports Firewall Policy rules configuration from a file.
""",
'EXAMPLES': """\
Firewall Policy rules can be imported by running:
$ {command} FIREWALL_POLICY --source=<path-to-file>
--organization=<organization>
""",
}
@base.DefaultUniverseOnly
@base.ReleaseTracks(
base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA, base.ReleaseTrack.GA
)
class Import(base.Command):
"""Import Compute Engine organization firewall policy rules.
Imports organization firewall policy rules configuration from a file.
"""
NETWORK_FIREWALL_POLICY_ARG = None
detailed_help = DETAILED_HELP
@classmethod
def GetApiVersion(cls):
"""Returns the API version based on the release track."""
if cls.ReleaseTrack() == base.ReleaseTrack.ALPHA:
return 'alpha'
elif cls.ReleaseTrack() == base.ReleaseTrack.BETA:
return 'beta'
return 'v1'
@classmethod
def GetSchemaPath(cls, for_help=False):
"""Returns the resource schema path."""
return export_util.GetSchemaPath(
'compute',
cls.GetApiVersion(),
'FirewallPolicy',
for_help=for_help,
)
@classmethod
def Args(cls, parser):
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyArgument(
required=True, operation='imports rules to'
)
cls.FIREWALL_POLICY_ARG.AddArgument(parser, operation_type='export-rules')
parser.add_argument(
'--organization',
help=(
'Organization in which the organization firewall policy rules'
' import to. Must be set if FIREWALL_POLICY is short name.'
),
)
export_util.AddImportFlags(parser, cls.GetSchemaPath(for_help=True))
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
firewall_policy_ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False
)
org_firewall_policy = client.OrgFirewallPolicy(
ref=firewall_policy_ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower(),
)
data = console_io.ReadFromFileOrStdin(args.source or '-', binary=False)
firewall_policy_rules = export_util.Import(
message_type=holder.client.messages.FirewallPolicy,
stream=data,
schema_path=self.GetSchemaPath(),
)
fp_id = firewall_policies_utils.GetFirewallPolicyId(
org_firewall_policy,
firewall_policy_ref.Name(),
organization=args.organization,
)
existing_firewall_policy = org_firewall_policy.Describe(
fp_id=fp_id, only_generate_request=False
)[0]
console_io.PromptContinue(
message='Firewall Policy rules will be overwritten.', cancel_on_no=True
)
firewall_policy = holder.client.messages.FirewallPolicy(
fingerprint=existing_firewall_policy.fingerprint,
rules=firewall_policy_rules.rules,
packetMirroringRules=firewall_policy_rules.packetMirroringRules,
)
return org_firewall_policy.Update(
fp_id=fp_id,
only_generate_request=False,
firewall_policy=firewall_policy,
)

76
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/list.py Normal file
View File

@@ -0,0 +1,76 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for listing organization firewall policies."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from apitools.base.py import list_pager
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute import lister
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import flags
@base.DefaultUniverseOnly
class List(base.ListCommand):
"""List Compute Engine organization firewall policies.
*{command}* is used to list organization firewall policies. An organization
firewall policy is a set of rules that controls access to various resources.
"""
@classmethod
def Args(cls, parser):
flags.AddArgsListFirewallPolicy(parser)
parser.display_info.AddFormat(flags.DEFAULT_LIST_FORMAT)
lister.AddBaseListerArgs(parser)
parser.display_info.AddCacheUpdater(flags.FirewallPoliciesCompleter)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
client = holder.client.apitools_client
messages = client.MESSAGES_MODULE
if args.organization:
parent_id = 'organizations/' + args.organization
elif args.folder:
parent_id = 'folders/' + args.folder
request = messages.ComputeFirewallPoliciesListRequest(parentId=parent_id)
return list_pager.YieldFromList(
client.firewallPolicies,
request,
field='items',
limit=args.limit,
batch_size=None)
List.detailed_help = {
'EXAMPLES':
"""\
To list organization firewall policies under folder with ID
``123456789", run:
$ {command} --folder=123456789
""",
'IAM PERMISSIONS': """\
To list firewall policies, the user must have the following
permission: *`compute.firewallPolicies.list`.
To find predefined roles that contain those permissions, see the [Compute
Engine IAM roles](https://cloud.google.com/compute/docs/access/iam).
"""
}

124
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/list_rules.py Normal file
View File

@@ -0,0 +1,124 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for listing the rules of organization firewall policies."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute import firewalls_utils
from googlecloudsdk.api_lib.compute import lister
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
from googlecloudsdk.core import log
import six
LIST_NOTICE = """\
To show all fields of the firewall, please show in JSON format: --format=json
To show more fields in table format, please see the examples in --help.
"""
DEFAULT_LIST_FORMAT = """\
table(
priority,
direction,
action,
match.srcIpRanges.list():label=SRC_RANGES,
match.destIpRanges.list():label=DEST_RANGES,
match.layer4Configs.map().org_firewall_rule().list():label=PORT_RANGES
)"""
@base.DefaultUniverseOnly
class ListRules(base.DescribeCommand, base.ListCommand):
"""List the rules of a Compute Engine organization firewall policy.
*{command}* is used to list the rules of an organization firewall policy.
"""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyArgument(
required=True, operation='list rules for')
cls.FIREWALL_POLICY_ARG.AddArgument(parser, operation_type='get')
parser.add_argument(
'--organization',
help=('Organization which the organization firewall policy belongs to. '
'Must be set if FIREWALL_POLICY is short name.'))
parser.display_info.AddFormat(DEFAULT_LIST_FORMAT)
lister.AddBaseListerArgs(parser)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
org_firewall_policy = client.OrgFirewallPolicy(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
fp_id = firewall_policies_utils.GetFirewallPolicyId(
org_firewall_policy, ref.Name(), organization=args.organization)
response = org_firewall_policy.Describe(
fp_id=fp_id, only_generate_request=False)
if not response:
return None
return firewalls_utils.SortFirewallPolicyRules(holder.client,
response[0].rules)
def Epilog(self, resources_were_displayed):
del resources_were_displayed
log.status.Print('\n' + LIST_NOTICE)
ListRules.detailed_help = {
'EXAMPLES':
"""\
To list the rules of an organization firewall policy with ID
``123456789", run:
$ {command} 123456789
To list all the fields of the rules of an organization firewall policy with
ID ``123456789", run:
$ {command} 123456789 --format="table(
priority,
action,
direction,
match.srcIpRanges.list():label=SRC_RANGES,
match.destIpRanges.list():label=DEST_RANGES,
match.layer4Configs.map().org_firewall_rule().list():label=PORT_RANGES,
targetServiceAccounts.list():label=TARGET_SVC_ACCT,
targetResources:label=TARGET_RESOURCES,
ruleTupleCount,
enableLogging,
description)"
""",
'IAM PERMISSIONS': """\
To list rules of a firewall policy, the user must have the following
permission: *`compute.firewallPolicies.get`.
To find predefined roles that contain those permissions, see the [Compute
Engine IAM roles](https://cloud.google.com/compute/docs/access/iam).
"""
}

27
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/mirroring_rules/__init__.py Normal file
View File

@@ -0,0 +1,27 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Commands for reading and manipulating organization firewall policy packet mirroirng rules."""
from __future__ import absolute_import
from __future__ import division
from __future__ import print_function
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.DefaultUniverseOnly
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA)
class FirewallPolicyPacketMirroringRules(base.Group):
"""Read and manipulate Compute Engine organization firewall policy packet mirroring rules."""

157
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/mirroring_rules/create.py Normal file
View File

@@ -0,0 +1,157 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for creating organization firewall policy rules."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute import firewall_policy_rule_utils as rule_utils
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
import six
@base.UniverseCompatible
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA)
class Create(base.CreateCommand):
r"""Creates a Compute Engine firewall policy packet mirroring rule.
*{command}* is used to create organization firewall policy packet mirroring
rules.
"""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyRuleArgument(
required=True, operation='create'
)
cls.FIREWALL_POLICY_ARG.AddArgument(parser, operation_type='create')
flags.AddPacketMirroringAction(parser)
flags.AddFirewallPolicyId(parser, operation='inserted')
flags.AddSrcIpRanges(parser)
flags.AddDestIpRanges(parser)
flags.AddLayer4Configs(parser, required=True)
flags.AddDirection(parser)
flags.AddDisabled(parser)
flags.AddTargetResources(parser)
flags.AddMirroringSecurityProfileGroup(parser)
flags.AddDescription(parser)
flags.AddOrganization(parser, required=False)
parser.display_info.AddCacheUpdater(flags.FirewallPoliciesCompleter)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False
)
org_firewall_policy = client.OrgFirewallPolicy(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower(),
)
firewall_policy_rule_client = client.OrgFirewallPolicyPacketMirroringRule(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower(),
)
src_ip_ranges = []
dest_ip_ranges = []
layer4_configs = []
target_resources = []
security_profile_group = None
disabled = False
if args.IsSpecified('src_ip_ranges'):
src_ip_ranges = args.src_ip_ranges
if args.IsSpecified('dest_ip_ranges'):
dest_ip_ranges = args.dest_ip_ranges
if args.IsSpecified('layer4_configs'):
layer4_configs = args.layer4_configs
if args.IsSpecified('target_resources'):
target_resources = args.target_resources
if args.IsSpecified('security_profile_group'):
security_profile_group = (
firewall_policies_utils.BuildSecurityProfileGroupUrl(
security_profile_group=args.security_profile_group,
optional_organization=args.organization,
firewall_policy_client=org_firewall_policy,
firewall_policy_id=args.firewall_policy,
)
)
if args.IsSpecified('disabled'):
disabled = args.disabled
layer4_config_list = rule_utils.ParseLayer4Configs(
layer4_configs, holder.client.messages
)
matcher = holder.client.messages.FirewallPolicyRuleMatcher(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
layer4Configs=layer4_config_list,
)
traffic_direct = (
holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.INGRESS
)
if args.IsSpecified('direction'):
if args.direction == 'INGRESS':
traffic_direct = (
holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.INGRESS
)
else:
traffic_direct = (
holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.EGRESS
)
firewall_policy_rule = holder.client.messages.FirewallPolicyRule(
priority=rule_utils.ConvertPriorityToInt(ref.Name()),
action=args.action,
match=matcher,
direction=traffic_direct,
targetResources=target_resources,
securityProfileGroup=security_profile_group,
description=args.description,
disabled=disabled,
)
firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId(
firewall_policy_rule_client,
args.firewall_policy,
organization=args.organization,
)
return firewall_policy_rule_client.CreateRule(
firewall_policy=firewall_policy_id,
firewall_policy_rule=firewall_policy_rule,
)
Create.detailed_help = {
'EXAMPLES': """\
To create a packet mirroring rule with priority ``10" in an organization firewall policy with ID
``123456789", run:
$ {command} 10 --firewall-policy=123456789 --action=mirror --security-profile-group=organizations/123/locations/global/securityProfileGroups/custom-security-profile-group
--description=example-rule
""",
}

81
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/mirroring_rules/delete.py Normal file
View File

@@ -0,0 +1,81 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for deleting organization firewall policy packet mirroring rules."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute import firewall_policy_rule_utils as rule_utils
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
import six
@base.UniverseCompatible
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA)
class Delete(base.DeleteCommand):
"""Deletes a Compute Engine organization firewall policy packet mirroring rule.
*{command}* is used to delete organization firewall policy packet mirroring
rules.
"""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyRuleArgument(
required=True, operation="delete"
)
cls.FIREWALL_POLICY_ARG.AddArgument(parser)
flags.AddFirewallPolicyId(parser, operation="deleted")
flags.AddOrganization(parser, required=False)
parser.display_info.AddCacheUpdater(flags.FirewallPoliciesCompleter)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False
)
firewall_policy_rule_client = client.OrgFirewallPolicyPacketMirroringRule(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower(),
)
firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId(
firewall_policy_rule_client,
args.firewall_policy,
organization=args.organization,
)
return firewall_policy_rule_client.DeleteRule(
priority=rule_utils.ConvertPriorityToInt(ref.Name()),
firewall_policy_id=firewall_policy_id,
only_generate_request=False,
)
Delete.detailed_help = {
"EXAMPLES": """\
To delete a rule with priority ``10" in an organization firewall policy with
ID ``123456789", run:
$ {command} 10 --firewall-policy=123456789
""",
}

80
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/mirroring_rules/describe.py Normal file
View File

@@ -0,0 +1,80 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for describing organization firewall policy packet mirroring rules."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute import firewall_policy_rule_utils as rule_utils
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
import six
@base.UniverseCompatible
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA)
class Describe(base.DescribeCommand):
"""Describes a Compute Engine organization firewall policy packet mirroring rule.
*{command}* is used to describe organization firewall policy packet mirroring
rules.
"""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyRuleArgument(
required=True, operation="describe"
)
cls.FIREWALL_POLICY_ARG.AddArgument(parser)
flags.AddOrganization(parser, required=False)
flags.AddFirewallPolicyId(parser, operation="described")
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False
)
firewall_policy_rule_client = client.OrgFirewallPolicyPacketMirroringRule(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower(),
)
firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId(
firewall_policy_rule_client,
args.firewall_policy,
organization=args.organization,
)
return firewall_policy_rule_client.DescribeRule(
priority=rule_utils.ConvertPriorityToInt(ref.Name()),
firewall_policy_id=firewall_policy_id,
only_generate_request=False,
)
Describe.detailed_help = {
"EXAMPLES": """\
To describe a packet mirroring rule with priority ``10" in an organization firewall policy
with ID ``123456789", run:
$ {command} 10 --firewall-policy=123456789
""",
}

186
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/mirroring_rules/update.py Normal file
View File

@@ -0,0 +1,186 @@
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for updating organization firewall policy packet mirroring rules."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute import firewall_policy_rule_utils as rule_utils
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
import six
@base.UniverseCompatible
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA)
class Update(base.UpdateCommand):
r"""Updates a Compute Engine firewall policy packet mirroring rule.
*{command}* is used to update organization firewall policy packet mirroring
rules.
"""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyRuleArgument(
required=True, operation='update'
)
cls.FIREWALL_POLICY_ARG.AddArgument(parser)
flags.AddPacketMirroringAction(parser, required=False)
flags.AddFirewallPolicyId(parser, operation='updated')
flags.AddSrcIpRanges(parser)
flags.AddDestIpRanges(parser)
flags.AddLayer4Configs(parser)
flags.AddDirection(parser)
flags.AddDisabled(parser)
flags.AddTargetResources(parser)
flags.AddMirroringSecurityProfileGroup(parser)
flags.AddDescription(parser)
flags.AddNewPriority(parser, operation='update')
flags.AddOrganization(parser, required=False)
def Run(self, args):
clearable_arg_name_to_field_name = {
'src_ip_ranges': 'match.srcIpRanges',
'dest_ip_ranges': 'match.destIpRanges',
'security_profile_group': 'securityProfileGroup',
'target_resources': 'targetResources',
}
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False
)
org_firewall_policy = client.OrgFirewallPolicy(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower(),
)
firewall_policy_rule_client = client.OrgFirewallPolicyPacketMirroringRule(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower(),
)
cleared_fields = []
priority = rule_utils.ConvertPriorityToInt(ref.Name())
src_ip_ranges = []
dest_ip_ranges = []
layer4_config_list = []
target_resources = []
disabled = None
should_setup_match = False
traffic_direct = None
matcher = None
security_profile_group = None
for arg in clearable_arg_name_to_field_name:
if args.IsKnownAndSpecified(arg) and not args.GetValue(arg):
cleared_fields.append(clearable_arg_name_to_field_name[arg])
if args.IsSpecified('src_ip_ranges'):
src_ip_ranges = args.src_ip_ranges
should_setup_match = True
if args.IsSpecified('dest_ip_ranges'):
dest_ip_ranges = args.dest_ip_ranges
should_setup_match = True
if args.IsSpecified('layer4_configs'):
should_setup_match = True
layer4_config_list = rule_utils.ParseLayer4Configs(
args.layer4_configs, holder.client.messages
)
if args.IsSpecified('target_resources'):
target_resources = args.target_resources
if args.IsSpecified('security_profile_group'):
security_profile_group = (
firewall_policies_utils.BuildSecurityProfileGroupUrl(
security_profile_group=args.security_profile_group,
optional_organization=args.organization,
firewall_policy_client=org_firewall_policy,
firewall_policy_id=args.firewall_policy,
)
)
elif (
args.IsSpecified('action')
and args.action != 'apply_security_profile_group'
):
cleared_fields.append('securityProfileGroup')
if args.IsSpecified('disabled'):
disabled = args.disabled
if args.IsSpecified('new_priority'):
new_priority = rule_utils.ConvertPriorityToInt(args.new_priority)
else:
new_priority = priority
# If need to construct a new matcher.
if should_setup_match:
matcher = holder.client.messages.FirewallPolicyRuleMatcher(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
layer4Configs=layer4_config_list,
)
if args.IsSpecified('direction'):
if args.direction == 'INGRESS':
traffic_direct = (
holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.INGRESS
)
else:
traffic_direct = (
holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.EGRESS
)
firewall_policy_rule = holder.client.messages.FirewallPolicyRule(
priority=new_priority,
action=args.action,
match=matcher,
direction=traffic_direct,
targetResources=target_resources,
description=args.description,
disabled=disabled,
securityProfileGroup=security_profile_group,
)
firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId(
firewall_policy_rule_client,
args.firewall_policy,
organization=args.organization,
)
with holder.client.apitools_client.IncludeFields(cleared_fields):
return firewall_policy_rule_client.UpdateRule(
priority=priority,
firewall_policy=firewall_policy_id,
firewall_policy_rule=firewall_policy_rule,
)
Update.detailed_help = {
'EXAMPLES': """\
To update a rule with priority ``10" in an organization firewall policy
with ID ``123456789" to change the action to ``allow" and description to
``new-example-rule", run:
$ {command} 10 --firewall-policy=123456789 --action=do_not_mirror
--description=new-example-rule
""",
}

90
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/move.py Normal file
View File

@@ -0,0 +1,90 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for moving organization firewall policies."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import sys
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
from googlecloudsdk.core import log
import six
@base.DefaultUniverseOnly
class Move(base.UpdateCommand):
"""Move a Compute Engine organization firewall policy.
*{command}* is used to move is used to move organization firewall policies to
new parent nodes.
"""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyArgument(
required=True, operation='move')
cls.FIREWALL_POLICY_ARG.AddArgument(parser, operation_type='move')
flags.AddArgsMove(parser)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
org_firewall_policy = client.OrgFirewallPolicy(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
parent_id = None
if args.IsSpecified('organization'):
parent_id = 'organizations/' + args.organization
if args.IsSpecified('folder'):
parent_id = 'folders/' + args.folder
if parent_id is None:
log.error('Must specify parent id with --organization=ORGANIZATION or'
'--folder=FOLDER')
sys.exit()
fp_id = firewall_policies_utils.GetFirewallPolicyId(
org_firewall_policy, ref.Name(), organization=args.organization)
return org_firewall_policy.Move(
only_generate_request=False, fp_id=fp_id, parent_id=parent_id)
Move.detailed_help = {
'EXAMPLES':
"""\
To move an organization firewall policy under folder with ID ``123456789" to
folder ``987654321", run:
$ {command} 123456789 --folder=987654321
""",
'IAM PERMISSIONS': """\
To move a firewall policy, the user must have the following
permission: *`compute.firewallPolicies.move`.
To find predefined roles that contain those permissions, see the [Compute
Engine IAM roles](https://cloud.google.com/compute/docs/access/iam).
"""
}

26
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/rules/__init__.py Normal file
View File

@@ -0,0 +1,26 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Commands for reading and manipulating organization firewall policy rules."""
from __future__ import absolute_import
from __future__ import division
from __future__ import print_function
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.DefaultUniverseOnly
class FirewallPolicyAssociations(base.Group):
"""Read and manipulate Compute Engine organization firewall policy rules."""

363
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/rules/create.py Normal file
View File

@@ -0,0 +1,363 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for creating organization firewall policy rules."""
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute import firewall_policy_rule_utils as rule_utils
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.calliope import exceptions
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
from googlecloudsdk.command_lib.compute.network_firewall_policies import secure_tags_utils
import six
@base.UniverseCompatible
class Create(base.CreateCommand):
r"""Creates a Compute Engine firewall policy rule.
*{command}* is used to create organization firewall policy rules.
"""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
support_network_scopes = (
cls.ReleaseTrack() == base.ReleaseTrack.ALPHA
or cls.ReleaseTrack() == base.ReleaseTrack.BETA
)
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyRuleArgument(
required=True, operation='create'
)
cls.FIREWALL_POLICY_ARG.AddArgument(parser, operation_type='create')
flags.AddAction(parser)
flags.AddFirewallPolicyId(parser, operation='inserted')
flags.AddSrcIpRanges(parser)
flags.AddDestIpRanges(parser)
flags.AddLayer4Configs(parser, required=True)
flags.AddDirection(parser)
flags.AddEnableLogging(parser)
flags.AddDisabled(parser)
flags.AddTargetResources(parser)
flags.AddTargetServiceAccounts(parser)
flags.AddSrcSecureTags(parser)
flags.AddTargetSecureTags(parser)
flags.AddSrcThreatIntelligence(parser, support_network_scopes)
flags.AddDestThreatIntelligence(parser, support_network_scopes)
flags.AddSrcRegionCodes(parser, support_network_scopes)
flags.AddDestRegionCodes(parser, support_network_scopes)
flags.AddSrcFqdns(parser)
flags.AddDestFqdns(parser)
flags.AddSrcAddressGroups(parser)
flags.AddDestAddressGroups(parser)
flags.AddSecurityProfileGroup(parser)
flags.AddTlsInspect(parser)
flags.AddDescription(parser)
flags.AddOrganization(parser, required=False)
if (
cls.ReleaseTrack() == base.ReleaseTrack.ALPHA
or cls.ReleaseTrack() == base.ReleaseTrack.BETA
):
flags.AddSrcNetworkScope(parser)
flags.AddSrcNetworks(parser)
flags.AddDestNetworkScope(parser)
flags.AddSrcNetworkType(parser)
flags.AddDestNetworkType(parser)
if cls.ReleaseTrack() == base.ReleaseTrack.ALPHA:
flags.AddSrcNetworkContext(parser)
flags.AddDestNetworkContext(parser)
parser.display_info.AddCacheUpdater(flags.FirewallPoliciesCompleter)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False
)
org_firewall_policy = client.OrgFirewallPolicy(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower(),
)
firewall_policy_rule_client = client.OrgFirewallPolicyRule(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower(),
)
src_ip_ranges = []
dest_ip_ranges = []
layer4_configs = []
target_resources = []
target_service_accounts = []
src_secure_tags = []
target_secure_tags = []
src_address_groups = []
dest_address_groups = []
src_fqdns = []
dest_fqdns = []
src_region_codes = []
dest_region_codes = []
src_threat_intelligence = []
dest_threat_intelligence = []
security_profile_group = None
tls_inspect = None
enable_logging = False
disabled = False
src_network_scope = None
src_networks = []
dest_network_scope = None
src_network_context = None
dest_network_context = None
if args.IsSpecified('src_ip_ranges'):
src_ip_ranges = args.src_ip_ranges
if args.IsSpecified('dest_ip_ranges'):
dest_ip_ranges = args.dest_ip_ranges
if args.IsSpecified('layer4_configs'):
layer4_configs = args.layer4_configs
if args.IsSpecified('target_resources'):
target_resources = args.target_resources
if args.IsSpecified('target_service_accounts'):
target_service_accounts = args.target_service_accounts
if args.IsSpecified('src_secure_tags'):
src_secure_tags = secure_tags_utils.TranslateSecureTagsForFirewallPolicy(
holder.client, args.src_secure_tags
)
if args.IsSpecified('target_secure_tags'):
target_secure_tags = (
secure_tags_utils.TranslateSecureTagsForFirewallPolicy(
holder.client, args.target_secure_tags
)
)
if args.IsSpecified('src_threat_intelligence'):
src_threat_intelligence = args.src_threat_intelligence
if args.IsSpecified('dest_threat_intelligence'):
dest_threat_intelligence = args.dest_threat_intelligence
if args.IsSpecified('src_region_codes'):
src_region_codes = args.src_region_codes
if args.IsSpecified('dest_region_codes'):
dest_region_codes = args.dest_region_codes
if args.IsSpecified('src_address_groups'):
src_address_groups = [
firewall_policies_utils.BuildAddressGroupUrl(
x, args.organization, org_firewall_policy, args.firewall_policy
)
for x in args.src_address_groups
]
if args.IsSpecified('dest_address_groups'):
dest_address_groups = [
firewall_policies_utils.BuildAddressGroupUrl(
x, args.organization, org_firewall_policy, args.firewall_policy
)
for x in args.dest_address_groups
]
if args.IsSpecified('src_fqdns'):
src_fqdns = args.src_fqdns
if args.IsSpecified('dest_fqdns'):
dest_fqdns = args.dest_fqdns
if args.IsSpecified('security_profile_group'):
security_profile_group = (
firewall_policies_utils.BuildSecurityProfileGroupUrl(
security_profile_group=args.security_profile_group,
optional_organization=args.organization,
firewall_policy_client=org_firewall_policy,
firewall_policy_id=args.firewall_policy,
)
)
if args.IsSpecified('tls_inspect'):
tls_inspect = args.tls_inspect
if args.IsSpecified('enable_logging'):
enable_logging = args.enable_logging
if args.IsSpecified('disabled'):
disabled = args.disabled
if (
self.ReleaseTrack() == base.ReleaseTrack.ALPHA
or self.ReleaseTrack() == base.ReleaseTrack.BETA
):
if args.IsSpecified('src_network_scope') and args.IsSpecified(
'src_network_type'
):
raise exceptions.ToolException(
'At most one of src_network_scope and src_network_type can be'
' specified.'
)
if args.IsSpecified('dest_network_scope') and args.IsSpecified(
'dest_network_type'
):
raise exceptions.ToolException(
'At most one of dest_network_scope and dest_network_type can be'
' specified.'
)
if args.IsSpecified('src_network_scope'):
if not args.src_network_scope:
src_network_scope = (
holder.client.messages.FirewallPolicyRuleMatcher.SrcNetworkScopeValueValuesEnum.UNSPECIFIED
)
else:
src_network_scope = holder.client.messages.FirewallPolicyRuleMatcher.SrcNetworkScopeValueValuesEnum(
args.src_network_scope
)
if args.IsSpecified('src_networks'):
src_networks = args.src_networks
if args.IsSpecified('dest_network_scope'):
if not args.dest_network_scope:
dest_network_scope = (
holder.client.messages.FirewallPolicyRuleMatcher.DestNetworkScopeValueValuesEnum.UNSPECIFIED
)
else:
dest_network_scope = holder.client.messages.FirewallPolicyRuleMatcher.DestNetworkScopeValueValuesEnum(
args.dest_network_scope
)
if args.IsSpecified('src_network_type'):
# src_network_type and src_network_scope are mutually exclusive so only
# one of them can be specified.
if not args.src_network_type:
src_network_scope = (
holder.client.messages.FirewallPolicyRuleMatcher.SrcNetworkScopeValueValuesEnum.UNSPECIFIED
)
else:
src_network_scope = holder.client.messages.FirewallPolicyRuleMatcher.SrcNetworkScopeValueValuesEnum(
args.src_network_type
)
if args.IsSpecified('dest_network_type'):
# dest_network_type and dest_network_scope are mutually exclusive so
# only one of them can be specified.
if not args.dest_network_type:
dest_network_scope = (
holder.client.messages.FirewallPolicyRuleMatcher.DestNetworkScopeValueValuesEnum.UNSPECIFIED
)
else:
dest_network_scope = holder.client.messages.FirewallPolicyRuleMatcher.DestNetworkScopeValueValuesEnum(
args.dest_network_type
)
if self.ReleaseTrack() == base.ReleaseTrack.ALPHA:
if args.IsSpecified('src_network_context'):
if not args.src_network_context:
src_network_context = (
holder.client.messages.FirewallPolicyRuleMatcher.SrcNetworkContextValueValuesEnum.UNSPECIFIED
)
else:
src_network_context = holder.client.messages.FirewallPolicyRuleMatcher.SrcNetworkContextValueValuesEnum(
args.src_network_context
)
if args.IsSpecified('dest_network_context'):
if not args.dest_network_context:
dest_network_context = (
holder.client.messages.FirewallPolicyRuleMatcher.DestNetworkContextValueValuesEnum.UNSPECIFIED
)
else:
dest_network_context = holder.client.messages.FirewallPolicyRuleMatcher.DestNetworkContextValueValuesEnum(
args.dest_network_context
)
layer4_config_list = rule_utils.ParseLayer4Configs(
layer4_configs, holder.client.messages
)
if (
self.ReleaseTrack() == base.ReleaseTrack.ALPHA
or self.ReleaseTrack() == base.ReleaseTrack.BETA
):
matcher = holder.client.messages.FirewallPolicyRuleMatcher(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
layer4Configs=layer4_config_list,
srcAddressGroups=src_address_groups,
destAddressGroups=dest_address_groups,
srcSecureTags=src_secure_tags,
srcFqdns=src_fqdns,
destFqdns=dest_fqdns,
srcRegionCodes=src_region_codes,
destRegionCodes=dest_region_codes,
srcThreatIntelligences=src_threat_intelligence,
destThreatIntelligences=dest_threat_intelligence,
srcNetworkScope=src_network_scope,
srcNetworks=src_networks,
destNetworkScope=dest_network_scope,
)
else:
matcher = holder.client.messages.FirewallPolicyRuleMatcher(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
layer4Configs=layer4_config_list,
srcAddressGroups=src_address_groups,
destAddressGroups=dest_address_groups,
srcSecureTags=src_secure_tags,
srcFqdns=src_fqdns,
destFqdns=dest_fqdns,
srcRegionCodes=src_region_codes,
destRegionCodes=dest_region_codes,
srcThreatIntelligences=src_threat_intelligence,
destThreatIntelligences=dest_threat_intelligence,
)
traffic_direct = (
holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.INGRESS
)
if args.IsSpecified('direction'):
if args.direction == 'INGRESS':
traffic_direct = (
holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.INGRESS
)
else:
traffic_direct = (
holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.EGRESS
)
if self.ReleaseTrack() == base.ReleaseTrack.ALPHA:
matcher.srcNetworkContext = src_network_context
matcher.destNetworkContext = dest_network_context
firewall_policy_rule = holder.client.messages.FirewallPolicyRule(
priority=rule_utils.ConvertPriorityToInt(ref.Name()),
action=args.action,
match=matcher,
direction=traffic_direct,
targetResources=target_resources,
targetServiceAccounts=target_service_accounts,
targetSecureTags=target_secure_tags,
securityProfileGroup=security_profile_group,
tlsInspect=tls_inspect,
description=args.description,
enableLogging=enable_logging,
disabled=disabled,
)
firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId(
firewall_policy_rule_client,
args.firewall_policy,
organization=args.organization,
)
return firewall_policy_rule_client.CreateRule(
firewall_policy=firewall_policy_id,
firewall_policy_rule=firewall_policy_rule,
)
Create.detailed_help = {
'EXAMPLES': """\
To create a rule with priority ``10" in an organization firewall policy with ID
``123456789", run:
$ {command} 10 --firewall-policy=123456789 --action=allow
--description=example-rule
""",
}

74
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/rules/delete.py Normal file
View File

@@ -0,0 +1,74 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for deleting organization firewall policy rules."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute import firewall_policy_rule_utils as rule_utils
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
import six
class Delete(base.DeleteCommand):
"""Deletes a Compute Engine organization firewall policy rule.
*{command}* is used to delete organization firewall policy rules.
"""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyRuleArgument(
required=True, operation="delete")
cls.FIREWALL_POLICY_ARG.AddArgument(parser)
flags.AddFirewallPolicyId(parser, operation="deleted")
flags.AddOrganization(parser, required=False)
parser.display_info.AddCacheUpdater(flags.FirewallPoliciesCompleter)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
firewall_policy_rule_client = client.OrgFirewallPolicyRule(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId(
firewall_policy_rule_client,
args.firewall_policy,
organization=args.organization)
return firewall_policy_rule_client.DeleteRule(
priority=rule_utils.ConvertPriorityToInt(ref.Name()),
firewall_policy_id=firewall_policy_id,
only_generate_request=False)
Delete.detailed_help = {
"EXAMPLES":
"""\
To delete a rule with priority ``10" in an organization firewall policy with
ID ``123456789", run:
$ {command} 10 --firewall-policy=123456789
""",
}

73
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/rules/describe.py Normal file
View File

@@ -0,0 +1,73 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for describing organization firewall policy rules."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute import firewall_policy_rule_utils as rule_utils
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
import six
class Describe(base.DescribeCommand):
"""Describes a Compute Engine organization firewall policy rule.
*{command}* is used to describe organization firewall policy rules.
"""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyRuleArgument(
required=True, operation="describe")
cls.FIREWALL_POLICY_ARG.AddArgument(parser)
flags.AddOrganization(parser, required=False)
flags.AddFirewallPolicyId(parser, operation="described")
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
firewall_policy_rule_client = client.OrgFirewallPolicyRule(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId(
firewall_policy_rule_client,
args.firewall_policy,
organization=args.organization)
return firewall_policy_rule_client.DescribeRule(
priority=rule_utils.ConvertPriorityToInt(ref.Name()),
firewall_policy_id=firewall_policy_id,
only_generate_request=False)
Describe.detailed_help = {
"EXAMPLES":
"""\
To describe a rule with priority ``10" in an organization firewall policy
with ID ``123456789", run:
$ {command} 10 --firewall-policy=123456789
""",
}

432
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/rules/update.py Normal file
View File

@@ -0,0 +1,432 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for updating organization firewall policy rules."""
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute import firewall_policy_rule_utils as rule_utils
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.calliope import exceptions
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
from googlecloudsdk.command_lib.compute.network_firewall_policies import secure_tags_utils
import six
@base.UniverseCompatible
class Update(base.UpdateCommand):
r"""Updates a Compute Engine firewall policy rule.
*{command}* is used to update organization firewall policy rules.
"""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
support_network_scopes = (
cls.ReleaseTrack() == base.ReleaseTrack.ALPHA
or cls.ReleaseTrack() == base.ReleaseTrack.BETA
)
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyRuleArgument(
required=True, operation='update'
)
cls.FIREWALL_POLICY_ARG.AddArgument(parser)
flags.AddAction(parser, required=False)
flags.AddFirewallPolicyId(parser, operation='updated')
flags.AddSrcIpRanges(parser)
flags.AddDestIpRanges(parser)
flags.AddLayer4Configs(parser)
flags.AddDirection(parser)
flags.AddEnableLogging(parser)
flags.AddDisabled(parser)
flags.AddTargetResources(parser)
flags.AddTargetServiceAccounts(parser)
flags.AddSrcSecureTags(parser)
flags.AddTargetSecureTags(parser)
flags.AddSrcThreatIntelligence(parser, support_network_scopes)
flags.AddDestThreatIntelligence(parser, support_network_scopes)
flags.AddSrcRegionCodes(parser, support_network_scopes)
flags.AddDestRegionCodes(parser, support_network_scopes)
flags.AddSrcAddressGroups(parser)
flags.AddDestAddressGroups(parser)
flags.AddSrcFqdns(parser)
flags.AddDestFqdns(parser)
flags.AddSecurityProfileGroup(parser)
flags.AddTlsInspect(parser)
flags.AddDescription(parser)
flags.AddNewPriority(parser, operation='update')
flags.AddOrganization(parser, required=False)
if (
cls.ReleaseTrack() == base.ReleaseTrack.ALPHA
or cls.ReleaseTrack() == base.ReleaseTrack.BETA
):
flags.AddSrcNetworkScope(parser)
flags.AddSrcNetworks(parser)
flags.AddDestNetworkScope(parser)
flags.AddSrcNetworkType(parser)
flags.AddDestNetworkType(parser)
if cls.ReleaseTrack() == base.ReleaseTrack.ALPHA:
flags.AddSrcNetworkContext(parser)
flags.AddDestNetworkContext(parser)
def Run(self, args):
clearable_arg_name_to_field_name = {
'src_ip_ranges': 'match.srcIpRanges',
'dest_ip_ranges': 'match.destIpRanges',
'src_region_codes': 'match.srcRegionCodes',
'dest_region_codes': 'match.destRegionCodes',
'src_fqdns': 'match.srcFqdns',
'dest_fqdns': 'match.destFqdns',
'src_address_groups': 'match.srcAddressGroups',
'dest_address_groups': 'match.destAddressGroups',
'src_threat_intelligence': 'match.srcThreatIntelligences',
'dest_threat_intelligence': 'match.destThreatIntelligences',
'src_networks': 'match.srcNetworks',
'security_profile_group': 'securityProfileGroup',
'target_resources': 'targetResources',
'target_service_accounts': 'targetServiceAccounts',
'src_secure_tags': 'srcSecureTags',
'target_secure_tags': 'targetSecureTags',
}
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False
)
org_firewall_policy = client.OrgFirewallPolicy(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower(),
)
firewall_policy_rule_client = client.OrgFirewallPolicyRule(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower(),
)
cleared_fields = []
priority = rule_utils.ConvertPriorityToInt(ref.Name())
src_ip_ranges = []
dest_ip_ranges = []
layer4_config_list = []
target_resources = []
target_service_accounts = []
src_secure_tags = []
target_secure_tags = []
src_address_groups = []
dest_address_groups = []
src_fqdns = []
dest_fqdns = []
src_region_codes = []
dest_region_codes = []
src_threat_intelligence = []
dest_threat_intelligence = []
enable_logging = None
disabled = None
should_setup_match = False
traffic_direct = None
matcher = None
security_profile_group = None
tls_inspect = None
src_network_scope = None
src_networks = []
dest_network_scope = None
src_network_context = None
dest_network_context = None
for arg in clearable_arg_name_to_field_name:
if args.IsKnownAndSpecified(arg) and not args.GetValue(arg):
cleared_fields.append(clearable_arg_name_to_field_name[arg])
if args.IsSpecified('src_ip_ranges'):
src_ip_ranges = args.src_ip_ranges
should_setup_match = True
if args.IsSpecified('dest_ip_ranges'):
dest_ip_ranges = args.dest_ip_ranges
should_setup_match = True
if args.IsSpecified('layer4_configs'):
should_setup_match = True
layer4_config_list = rule_utils.ParseLayer4Configs(
args.layer4_configs, holder.client.messages
)
if args.IsSpecified('target_resources'):
target_resources = args.target_resources
if args.IsSpecified('target_service_accounts'):
target_service_accounts = args.target_service_accounts
if args.IsSpecified('src_secure_tags'):
src_secure_tags = secure_tags_utils.TranslateSecureTagsForFirewallPolicy(
holder.client, args.src_secure_tags
)
if args.IsSpecified('target_secure_tags'):
target_secure_tags = (
secure_tags_utils.TranslateSecureTagsForFirewallPolicy(
holder.client, args.target_secure_tags
)
)
if args.IsSpecified('src_threat_intelligence'):
src_threat_intelligence = args.src_threat_intelligence
should_setup_match = True
if args.IsSpecified('dest_threat_intelligence'):
dest_threat_intelligence = args.dest_threat_intelligence
should_setup_match = True
if args.IsSpecified('src_region_codes'):
src_region_codes = args.src_region_codes
should_setup_match = True
if args.IsSpecified('dest_region_codes'):
dest_region_codes = args.dest_region_codes
should_setup_match = True
if args.IsSpecified('src_address_groups'):
src_address_groups = [
firewall_policies_utils.BuildAddressGroupUrl(
x, args.organization, org_firewall_policy, args.firewall_policy
)
for x in args.src_address_groups
]
should_setup_match = True
if args.IsSpecified('dest_address_groups'):
dest_address_groups = [
firewall_policies_utils.BuildAddressGroupUrl(
x, args.organization, org_firewall_policy, args.firewall_policy
)
for x in args.dest_address_groups
]
should_setup_match = True
if args.IsSpecified('src_fqdns'):
src_fqdns = args.src_fqdns
should_setup_match = True
if args.IsSpecified('dest_fqdns'):
dest_fqdns = args.dest_fqdns
should_setup_match = True
if args.IsSpecified('security_profile_group'):
security_profile_group = (
firewall_policies_utils.BuildSecurityProfileGroupUrl(
security_profile_group=args.security_profile_group,
optional_organization=args.organization,
firewall_policy_client=org_firewall_policy,
firewall_policy_id=args.firewall_policy,
)
)
elif (
args.IsSpecified('action')
and args.action != 'apply_security_profile_group'
):
cleared_fields.append('securityProfileGroup')
if args.IsSpecified('tls_inspect'):
tls_inspect = args.tls_inspect
if args.IsSpecified('enable_logging'):
enable_logging = args.enable_logging
if args.IsSpecified('disabled'):
disabled = args.disabled
if args.IsSpecified('new_priority'):
new_priority = rule_utils.ConvertPriorityToInt(args.new_priority)
else:
new_priority = priority
if (
self.ReleaseTrack() == base.ReleaseTrack.ALPHA
or self.ReleaseTrack() == base.ReleaseTrack.BETA
):
if args.IsSpecified('src_network_scope') and args.IsSpecified(
'src_network_type'
):
raise exceptions.ToolException(
'At most one of src_network_scope and src_network_type can be'
' specified.'
)
if args.IsSpecified('dest_network_scope') and args.IsSpecified(
'dest_network_type'
):
raise exceptions.ToolException(
'At most one of dest_network_scope and dest_network_type can be'
' specified.'
)
if args.IsSpecified('src_network_scope'):
if not args.src_network_scope:
src_network_scope = (
holder.client.messages.FirewallPolicyRuleMatcher.SrcNetworkScopeValueValuesEnum.UNSPECIFIED
)
else:
src_network_scope = holder.client.messages.FirewallPolicyRuleMatcher.SrcNetworkScopeValueValuesEnum(
args.src_network_scope
)
should_setup_match = True
if args.IsSpecified('src_networks'):
src_networks = args.src_networks
should_setup_match = True
if args.IsSpecified('dest_network_scope'):
if not args.dest_network_scope:
dest_network_scope = (
holder.client.messages.FirewallPolicyRuleMatcher.DestNetworkScopeValueValuesEnum.UNSPECIFIED
)
else:
dest_network_scope = holder.client.messages.FirewallPolicyRuleMatcher.DestNetworkScopeValueValuesEnum(
args.dest_network_scope
)
should_setup_match = True
if args.IsSpecified('src_network_type'):
# src_network_type and src_network_scope are mutually exclusive so only
# one of them can be specified.
if not args.src_network_type:
src_network_scope = (
holder.client.messages.FirewallPolicyRuleMatcher.SrcNetworkScopeValueValuesEnum.UNSPECIFIED
)
else:
src_network_scope = holder.client.messages.FirewallPolicyRuleMatcher.SrcNetworkScopeValueValuesEnum(
args.src_network_type
)
should_setup_match = True
if args.IsSpecified('dest_network_type'):
# dest_network_type and dest_network_scope are mutually exclusive so
# only one of them can be specified.
if not args.dest_network_type:
dest_network_scope = (
holder.client.messages.FirewallPolicyRuleMatcher.DestNetworkScopeValueValuesEnum.UNSPECIFIED
)
else:
dest_network_scope = holder.client.messages.FirewallPolicyRuleMatcher.DestNetworkScopeValueValuesEnum(
args.dest_network_type
)
should_setup_match = True
if (
src_network_scope is not None
and src_network_scope
!= holder.client.messages.FirewallPolicyRuleMatcher.SrcNetworkScopeValueValuesEnum.VPC_NETWORKS
):
cleared_fields.append('match.srcNetworks')
if self.ReleaseTrack() == base.ReleaseTrack.ALPHA:
if args.IsSpecified('src_network_context'):
if not args.src_network_context:
src_network_context = (
holder.client.messages.FirewallPolicyRuleMatcher.SrcNetworkContextValueValuesEnum.UNSPECIFIED
)
else:
src_network_context = holder.client.messages.FirewallPolicyRuleMatcher.SrcNetworkContextValueValuesEnum(
args.src_network_context
)
should_setup_match = True
if args.IsSpecified('dest_network_context'):
if not args.dest_network_context:
dest_network_context = (
holder.client.messages.FirewallPolicyRuleMatcher.DestNetworkContextValueValuesEnum.UNSPECIFIED
)
else:
dest_network_context = holder.client.messages.FirewallPolicyRuleMatcher.DestNetworkContextValueValuesEnum(
args.dest_network_context
)
should_setup_match = True
if (
src_network_context is not None
and src_network_context
!= holder.client.messages.FirewallPolicyRuleMatcher.SrcNetworkContextValueValuesEnum.VPC_NETWORKS
):
cleared_fields.append('match.srcNetworks')
# If need to construct a new matcher.
if should_setup_match:
if (
self.ReleaseTrack() == base.ReleaseTrack.ALPHA
or self.ReleaseTrack() == base.ReleaseTrack.BETA
):
matcher = holder.client.messages.FirewallPolicyRuleMatcher(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
layer4Configs=layer4_config_list,
srcAddressGroups=src_address_groups,
destAddressGroups=dest_address_groups,
srcFqdns=src_fqdns,
destFqdns=dest_fqdns,
srcRegionCodes=src_region_codes,
destRegionCodes=dest_region_codes,
srcThreatIntelligences=src_threat_intelligence,
destThreatIntelligences=dest_threat_intelligence,
srcNetworkScope=src_network_scope,
srcNetworks=src_networks,
destNetworkScope=dest_network_scope,
srcSecureTags=src_secure_tags,
)
else:
matcher = holder.client.messages.FirewallPolicyRuleMatcher(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
layer4Configs=layer4_config_list,
srcAddressGroups=src_address_groups,
destAddressGroups=dest_address_groups,
srcFqdns=src_fqdns,
destFqdns=dest_fqdns,
srcRegionCodes=src_region_codes,
destRegionCodes=dest_region_codes,
srcThreatIntelligences=src_threat_intelligence,
destThreatIntelligences=dest_threat_intelligence,
srcSecureTags=src_secure_tags,
)
if args.IsSpecified('direction'):
if args.direction == 'INGRESS':
traffic_direct = (
holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.INGRESS
)
else:
traffic_direct = (
holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.EGRESS
)
if self.ReleaseTrack() == base.ReleaseTrack.ALPHA:
matcher.srcNetworkContext = src_network_context
matcher.destNetworkContext = dest_network_context
firewall_policy_rule = holder.client.messages.FirewallPolicyRule(
priority=new_priority,
action=args.action,
match=matcher,
direction=traffic_direct,
targetResources=target_resources,
targetSecureTags=target_secure_tags,
targetServiceAccounts=target_service_accounts,
description=args.description,
enableLogging=enable_logging,
disabled=disabled,
securityProfileGroup=security_profile_group,
tlsInspect=tls_inspect,
)
firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId(
firewall_policy_rule_client,
args.firewall_policy,
organization=args.organization,
)
with holder.client.apitools_client.IncludeFields(cleared_fields):
return firewall_policy_rule_client.UpdateRule(
priority=priority,
firewall_policy=firewall_policy_id,
firewall_policy_rule=firewall_policy_rule,
)
Update.detailed_help = {
'EXAMPLES': """\
To update a rule with priority ``10" in an organization firewall policy
with ID ``123456789" to change the action to ``allow" and description to
``new-example-rule", run:
$ {command} 10 --firewall-policy=123456789 --action=allow
--description=new-example-rule
""",
}

84
gcloud auth application-default login/google-cloud-sdk/lib/surface/compute/firewall_policies/update.py Normal file
View File

@@ -0,0 +1,84 @@
# -*- coding: utf-8 -*- #
# Copyright 2021 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for updating organization firewall policies."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
import six
@base.DefaultUniverseOnly
class Update(base.UpdateCommand):
"""Update a Compute Engine organization firewall policy.
*{command}* is used to update organization firewall policies. An organization
firewall policy is a set of rules that controls access to various resources.
"""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyArgument(
required=True, operation='update')
cls.FIREWALL_POLICY_ARG.AddArgument(parser, operation_type='update')
flags.AddArgsUpdateFirewallPolicy(parser)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
org_firewall_policy = client.OrgFirewallPolicy(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
fp_id = firewall_policies_utils.GetFirewallPolicyId(
org_firewall_policy, ref.Name(), organization=args.organization)
existing_firewall_policy = org_firewall_policy.Describe(
fp_id=fp_id, only_generate_request=False)[0]
firewall_policy = holder.client.messages.FirewallPolicy(
description=args.description,
fingerprint=existing_firewall_policy.fingerprint)
return org_firewall_policy.Update(
fp_id=fp_id,
only_generate_request=False,
firewall_policy=firewall_policy)
Update.detailed_help = {
'EXAMPLES':
"""\
To update an organization firewall policy with ID ``123456789" to change the
description to ``New description", run:
$ {command} 123456789 --description='New description'
""",
'IAM PERMISSIONS': """\
To update a firewall policy, the user must have the following
permission: *`compute.firewallPolicies.update`.
To find predefined roles that contain those permissions, see the [Compute
Engine IAM roles](https://cloud.google.com/compute/docs/access/iam).
"""
}