davidkotnik/novafarma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add new gcloud commands, API clients, and third-party libraries across various services.

Browse Source
This commit is contained in:
David Kotnik
2026-01-01 20:26:35 +01:00
parent 5e23cbece0
commit a19e592eb7
25221 changed files with 8324611 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
gcloud auth application-default login/google-cloud-sdk/lib/surface/container/fleet/policycontroller/__init__.py Normal file
View File

@@ -0,0 +1,30 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command group for Policy Controller Feature."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(
base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA, base.ReleaseTrack.GA
)
class Policycontroller(base.Group):
"""Manage Policy Controller Feature."""
category = base.COMPUTE_CATEGORY

30
gcloud auth application-default login/google-cloud-sdk/lib/surface/container/fleet/policycontroller/content/__init__.py Normal file
View File

@@ -0,0 +1,30 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command group for Policy Controller content management."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(
base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA, base.ReleaseTrack.GA
)
class Policycontroller(base.Group):
"""Manage Policy Controller content."""
category = base.COMPUTE_CATEGORY

30
gcloud auth application-default login/google-cloud-sdk/lib/surface/container/fleet/policycontroller/content/bundles/__init__.py Normal file
View File

@@ -0,0 +1,30 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command group for Policy Controller content bundles management."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(
base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA, base.ReleaseTrack.GA
)
class Policycontroller(base.Group):
"""Manage Policy Controller content bundles."""
category = base.COMPUTE_CATEGORY

65
gcloud auth application-default login/google-cloud-sdk/lib/surface/container/fleet/policycontroller/content/bundles/remove.py Normal file
View File

@@ -0,0 +1,65 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Manages content bundles for Policy Controller."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.command_lib.container.fleet.features import base
from googlecloudsdk.command_lib.container.fleet.membershipfeatures import base as mf_base
from googlecloudsdk.command_lib.container.fleet.policycontroller import command
from googlecloudsdk.command_lib.container.fleet.policycontroller import content
class Remove(base.UpdateCommand, mf_base.UpdateCommand, command.PocoCommand):
"""Removes a bundle installation for Policy Controller content.
Google-defined policy bundles of constraints can be installed onto Policy
Controller installations. This command removes those bundles.
## EXAMPLES
To remove a policy bundle:
$ {command} cis-k8s-v1.5.1
"""
feature_name = 'policycontroller'
mf_name = 'policycontroller'
@classmethod
def Args(cls, parser):
cmd_flags = content.Flags(parser, 'bundles')
cmd_flags.add_memberships()
parser.add_argument(
content.ARG_LABEL_BUNDLE,
help='The constraint bundle to remove from Policy Controller.',
)
def Run(self, args):
parser = content.FlagParser(args, self.messages)
specs = self.path_specs(args, True)
updated_specs = {path: self.modify(s, parser) for path, s in specs.items()}
return self.update_specs(updated_specs)
def modify(self, spec, parser):
policy_content = (
spec.policycontroller.policyControllerHubConfig.policyContent
)
spec.policycontroller.policyControllerHubConfig.policyContent = (
parser.remove_bundle(policy_content)
)
return spec

84
gcloud auth application-default login/google-cloud-sdk/lib/surface/container/fleet/policycontroller/content/bundles/set.py Normal file
View File

@@ -0,0 +1,84 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Manages content bundles for Policy Controller."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.command_lib.container.fleet.features import base
from googlecloudsdk.command_lib.container.fleet.membershipfeatures import base as mf_base
from googlecloudsdk.command_lib.container.fleet.policycontroller import command
from googlecloudsdk.command_lib.container.fleet.policycontroller import content
class Set(base.UpdateCommand, mf_base.UpdateCommand, command.PocoCommand):
"""Sets bundle installation for Policy Controller content.
Google-defined policy bundles of constraints can be installed onto Policy
Controller installations.
The namespace exclusion flag (`--exempted-namespaces`) will specify a set of
namespaces that the installed bundle will ignore. Subsequent calls with the
same bundle name and this flag will overwrite what namespaces are being
ignored. Using `--no-exempted-namespaces` or specifying no namespaces with
`--exempted-namespaces` will remove all namespaces from the ignore list.
To uninstall a bundle, use the `remove` command.
## EXAMPLES
To install a policy bundle:
$ {command} cis-k8s-v1.5.1
To install a policy bundle, while ignoring (exempting) certain namespaces from
being affected by the bundle:
$ {command} cis-k8s-v1.5.1
--exempted-namespaces=kube-system,gatekeeper-system
To remove all exempted namespaces from a particular bundles ignore list:
$ {command} cis-k8s-v1.5.1 --no-exempted-namespaces
"""
feature_name = 'policycontroller'
mf_name = 'policycontroller'
@classmethod
def Args(cls, parser):
cmd_flags = content.Flags(parser, 'bundles')
cmd_flags.add_memberships()
cmd_flags.add_exempted_namespaces()
parser.add_argument(
content.ARG_LABEL_BUNDLE,
help='The constraint bundle to install in Policy Controller.',
)
def Run(self, args):
parser = content.FlagParser(args, self.messages)
specs = self.path_specs(args, True)
updated_specs = {path: self.modify(s, parser) for path, s in specs.items()}
return self.update_specs(updated_specs)
def modify(self, spec, parser):
policy_content = (
spec.policycontroller.policyControllerHubConfig.policyContent
)
spec.policycontroller.policyControllerHubConfig.policyContent = (
parser.install_bundle(policy_content)
)
return spec

30
gcloud auth application-default login/google-cloud-sdk/lib/surface/container/fleet/policycontroller/content/templates/__init__.py Normal file
View File

@@ -0,0 +1,30 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command group for Policy Controller content templates management."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(
base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA, base.ReleaseTrack.GA
)
class Policycontroller(base.Group):
"""Manage Policy Controller content templates."""
category = base.COMPUTE_CATEGORY

54
gcloud auth application-default login/google-cloud-sdk/lib/surface/container/fleet/policycontroller/content/templates/disable.py Normal file
View File

@@ -0,0 +1,54 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Disables content template library for Policy Controller."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.command_lib.container.fleet.features import base
from googlecloudsdk.command_lib.container.fleet.membershipfeatures import base as mf_base
from googlecloudsdk.command_lib.container.fleet.policycontroller import command
from googlecloudsdk.command_lib.container.fleet.policycontroller import content
class Disable(base.UpdateCommand, mf_base.UpdateCommand, command.PocoCommand):
"""Disable template installation for Policy Controller content.
The Google-defined template library can be installed onto Policy Controller
installations. This command removes that template library.
## EXAMPLES
To remove the template library:
$ {command}
"""
feature_name = 'policycontroller'
mf_name = 'policycontroller'
@classmethod
def Args(cls, parser):
cmd_flags = content.Flags(parser, 'enable')
cmd_flags.add_memberships()
def Run(self, args):
parser = content.FlagParser(args, self.messages)
specs = self.path_specs(args, True)
updated_specs = {
path: parser.uninstall_template_library(poco_cfg)
for path, poco_cfg in specs.items()
}
return self.update_specs(updated_specs)

54
gcloud auth application-default login/google-cloud-sdk/lib/surface/container/fleet/policycontroller/content/templates/enable.py Normal file
View File

@@ -0,0 +1,54 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Manages content bundles for Policy Controller."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.command_lib.container.fleet.features import base
from googlecloudsdk.command_lib.container.fleet.membershipfeatures import base as mf_base
from googlecloudsdk.command_lib.container.fleet.policycontroller import command
from googlecloudsdk.command_lib.container.fleet.policycontroller import content
class Enable(base.UpdateCommand, mf_base.UpdateCommand, command.PocoCommand):
"""Installs the template library for Policy Controller.
Google-defined template library can be installed onto Policy Controller
installations. To uninstall the template library, use the `disable` command.
## EXAMPLES
To install a template library:
$ {command}
"""
feature_name = 'policycontroller'
mf_name = 'policycontroller'
@classmethod
def Args(cls, parser):
cmd_flags = content.Flags(parser, 'enable')
cmd_flags.add_memberships()
def Run(self, args):
parser = content.FlagParser(args, self.messages)
specs = self.path_specs(args, True)
updated_specs = {
path: parser.install_template_library(poco_cfg)
for path, poco_cfg in specs.items()
}
return self.update_specs(updated_specs)

30
gcloud auth application-default login/google-cloud-sdk/lib/surface/container/fleet/policycontroller/deployment/__init__.py Normal file
View File

@@ -0,0 +1,30 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command group for Policy Controller component deployment configuration."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.calliope import base
@base.ReleaseTracks(
base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA, base.ReleaseTrack.GA
)
class Policycontroller(base.Group):
"""Configure Policy Controller component deployments."""
category = base.COMPUTE_CATEGORY

178
gcloud auth application-default login/google-cloud-sdk/lib/surface/container/fleet/policycontroller/deployment/remove.py Normal file
View File

@@ -0,0 +1,178 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Removes configuration properties from Policy Controller components."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import argparse
from googlecloudsdk.api_lib.container.fleet.policycontroller import protos
from googlecloudsdk.command_lib.container.fleet.features import base
from googlecloudsdk.command_lib.container.fleet.membershipfeatures import base as mf_base
from googlecloudsdk.command_lib.container.fleet.policycontroller import command
from googlecloudsdk.command_lib.container.fleet.policycontroller import deployment_configs as deployment
from googlecloudsdk.command_lib.container.fleet.policycontroller import flags
from googlecloudsdk.core import exceptions
class Remove(base.UpdateCommand, mf_base.UpdateCommand, command.PocoCommand):
"""Removes configuration properties from Policy Controller components.
Remove customizations of on-cluster components in Policy Controller. These
components are managed as individual kubernetes deployments (e.g. 'admission')
in the gatekeeper-system namespace.
When removing a 'toleration' property, it must match exactly, including the
key, value and effect flag (if originally specified).
## EXAMPLES
To remove the replica count for a component:
$ {command} admission replica-count
To remove the replica count for a component across all fleet memberships:
$ {command} admission replica-count --all-memberships
To remove a toleration with key 'my-key' on a component:
$ {command} admission toleration my-key
To remove a toleration with key 'my-key' and 'my-value' on a component:
$ {command} admission toleration my-key=my-value
To remove a toleration with key 'my-key' and 'my-value' on a component, along
with the effect 'NoSchedule':
$ {command} admission toleration my-key=my-value --effect=NoSchedule
To remove a memory limit:
$ {command} audit memory-limit
To remove a memory request:
$ {command} mutation memory-request
To remove a cpu limit:
$ {command} admission cpu-limit
To remove a cpu request:
$ {command} audit cpu-request
To remove the anti-affinity configuration:
$ {command} admission pod-affinity
"""
feature_name = 'policycontroller'
mf_name = 'policycontroller'
@classmethod
def Args(cls, parser):
cmd_flags = flags.PocoFlags(parser, 'remove deployment configuration')
cmd_flags.add_memberships()
parser.add_argument(
'deployment',
choices=deployment.G8R_COMPONENTS,
help=(
'The PolicyController deployment component (i.e, "admission", '
' "audit" or "mutation" from which to remove configuration.'
),
)
parser.add_argument(
'property',
choices=deployment.SUPPORTED_PROPERTIES,
help='Property to be removed.',
)
parser.add_argument(
'value',
nargs=argparse.OPTIONAL,
default=None,
help=(
'This is only required to remove a toleration. It should not be'
' included for any other property.'
),
)
parser.add_argument(
'--effect',
choices=deployment.K8S_SCHEDULING_OPTIONS,
help=(
'Applies only to "toleration" property. To be removed, tolerations'
' must match exactly, including the effect setting.'
),
type=str,
)
def Run(self, args):
# All the membership specs for this feature.
specs = self.path_specs(args)
updated_specs = {
path: self.remove(spec, args) for path, spec in specs.items()
}
return self.update_specs(updated_specs)
def remove(self, spec, args):
cfgs = protos.additional_properties_to_dict(
spec.policycontroller.policyControllerHubConfig.deploymentConfigs
)
deployment_cfg = cfgs.get(
args.deployment,
self.messages.PolicyControllerPolicyControllerDeploymentConfig(),
)
cfgs[args.deployment] = self.set_deployment_config(
deployment_cfg,
args.property,
args.value,
args.effect,
)
# Convert back to a list of additionalProperties.
dcv = protos.set_additional_properties(
self.messages.PolicyControllerHubConfig.DeploymentConfigsValue(), cfgs
)
spec.policycontroller.policyControllerHubConfig.deploymentConfigs = dcv
return spec
def set_deployment_config(self, deployment_cfg, prop, value, effect):
if prop == 'toleration':
return deployment.remove_toleration(deployment_cfg, value, effect)
if value is not None: # Only valid for toleration.
raise exceptions.Error(
'"value" argument only accepted when removing a toleration.'
)
if effect is not None:
raise exceptions.Error(
'"effect" flag only accepted when removing a toleration.'
)
if prop == 'cpu-limit':
return deployment.update_cpu_limit(self.messages, deployment_cfg, None)
if prop == 'cpu-request':
return deployment.update_cpu_request(self.messages, deployment_cfg, None)
if prop == 'memory-limit':
return deployment.update_mem_limit(self.messages, deployment_cfg, None)
if prop == 'memory-request':
return deployment.update_mem_request(self.messages, deployment_cfg, None)
if prop == 'replica-count':
return deployment.update_replica_count(deployment_cfg, None)
if prop == 'pod-affinity':
return deployment.update_pod_affinity(self.messages, deployment_cfg, None)

178
gcloud auth application-default login/google-cloud-sdk/lib/surface/container/fleet/policycontroller/deployment/set.py Normal file
View File

@@ -0,0 +1,178 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Sets configuration properties of the Policy Controller component deployments."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.container.fleet.policycontroller import protos
from googlecloudsdk.command_lib.container.fleet.features import base
from googlecloudsdk.command_lib.container.fleet.membershipfeatures import base as mf_base
from googlecloudsdk.command_lib.container.fleet.policycontroller import command
from googlecloudsdk.command_lib.container.fleet.policycontroller import deployment_configs as deployment
from googlecloudsdk.command_lib.container.fleet.policycontroller import flags
from googlecloudsdk.core import exceptions
class Set(base.UpdateCommand, mf_base.UpdateCommand, command.PocoCommand):
"""Sets configuration of the Policy Controller components.
Customizes on-cluster components of Policy Controller. Supported
properties may be set with this command, or removed with 'remove'. These
components are managed as individual kubernetes deployments (e.g. 'admission')
in the gatekeeper-system namespace.
When setting cpu or memory limits and requests, Kubernetes-standard resource
units are used.
All properties set using this command will overwrite previous properties, with
the exception of tolerations which can only be added, and any number may be
added. To edit a toleration, use 'remove' to first delete it, and then 'set'
the desired toleration.
## EXAMPLES
To set the replica count for a component:
$ {command} admission replica-count 3
To set the replica count for a component across all fleet memberships:
$ {command} admission replica-count 3 --all-memberships
To set a toleration with key 'my-key' on a component (which is an 'Exists'
operator):
$ {command} admission toleration my-key
To set a toleration with key 'my-key' and 'my-value' on a component (which is
an 'Equal' operator):
$ {command} admission toleration my-key=my-value
To set a toleration with key 'my-key' and 'my-value' on a component, along
with the effect 'NoSchedule' (which is an 'Equal' operator):
$ {command} admission toleration my-key=my-value --effect=NoSchedule
To set a memory limit:
$ {command} audit memory-limit 4Gi
To set a memory request:
$ {command} mutation memory-request 2Gi
To set a cpu limit:
$ {command} admission cpu-limit 500m
To set a cpu request:
$ {command} audit cpu-request 250m
To set anti-affinity to achieve high availability on the mutation deployment:
$ {command} mutation pod-affinity anti
"""
feature_name = 'policycontroller'
mf_name = 'policycontroller'
@classmethod
def Args(cls, parser):
cmd_flags = flags.PocoFlags(parser, 'set deployment configuration')
cmd_flags.add_memberships()
parser.add_argument(
'deployment',
choices=deployment.G8R_COMPONENTS,
help=(
'The PolicyController deployment component (e.g. "admission", '
' "audit" or "mutation") upon which to set configuration.'
),
)
parser.add_argument(
'property',
choices=deployment.SUPPORTED_PROPERTIES,
help='Property to be set.',
)
parser.add_argument(
'value',
help=(
'The value to set the property to. Valid input varies'
' based on the property being set.'
),
)
parser.add_argument(
'--effect',
choices=deployment.K8S_SCHEDULING_OPTIONS,
type=str,
help='Applies only to "toleration" property.',
)
def Run(self, args):
# All the membership specs for this feature.
specs = self.path_specs(args)
updated_specs = {path: self.set(spec, args) for path, spec in specs.items()}
return self.update_specs(updated_specs)
def set(self, spec, args):
cfgs = protos.additional_properties_to_dict(
spec.policycontroller.policyControllerHubConfig.deploymentConfigs
)
deployment_cfg = cfgs.get(
args.deployment,
self.messages.PolicyControllerPolicyControllerDeploymentConfig(),
)
cfgs[args.deployment] = self.set_deployment_config(
deployment_cfg,
args.property,
args.value,
args.effect,
)
# Convert back to a list of additionalProperties.
dcv = protos.set_additional_properties(
self.messages.PolicyControllerHubConfig.DeploymentConfigsValue(), cfgs
)
spec.policycontroller.policyControllerHubConfig.deploymentConfigs = dcv
return spec
def set_deployment_config(self, deployment_cfg, prop, value, effect):
if prop == 'toleration':
return deployment.add_toleration(
self.messages, deployment_cfg, value, effect
)
if effect is not None:
raise exceptions.Error(
'"effect" flag only accepted when setting a toleration.'
)
if prop == 'cpu-limit':
return deployment.update_cpu_limit(self.messages, deployment_cfg, value)
if prop == 'cpu-request':
return deployment.update_cpu_request(self.messages, deployment_cfg, value)
if prop == 'memory-limit':
return deployment.update_mem_limit(self.messages, deployment_cfg, value)
if prop == 'memory-request':
return deployment.update_mem_request(self.messages, deployment_cfg, value)
if prop == 'replica-count':
return deployment.update_replica_count(deployment_cfg, value)
if prop == 'pod-affinity':
return deployment.update_pod_affinity(
self.messages, deployment_cfg, value
)

58
gcloud auth application-default login/google-cloud-sdk/lib/surface/container/fleet/policycontroller/describe.py Normal file
View File

@@ -0,0 +1,58 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Describe Policy Controller feature command."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.container.fleet.policycontroller import protos
from googlecloudsdk.command_lib.container.fleet.features import base
from googlecloudsdk.command_lib.container.fleet.policycontroller import command
from googlecloudsdk.command_lib.container.fleet.policycontroller import flags
class Describe(base.DescribeCommand, command.PocoCommand):
"""Describe Policy Controller feature.
## EXAMPLES
To describe the Policy Controller feature:
$ {command}
"""
feature_name = 'policycontroller'
@classmethod
def Args(cls, parser):
cmd_flags = flags.PocoFlags(parser, 'describe')
cmd_flags.add_memberships()
def Run(self, args):
feature = self.GetFeature()
if args.memberships is not None:
specs = self.path_specs(args, ignore_metadata=False)
feature.membershipSpecs = protos.set_additional_properties(
self.messages.Feature.MembershipSpecsValue(), specs
)
states = self.path_states(args)
feature.membershipStates = protos.set_additional_properties(
self.messages.Feature.MembershipStatesValue(), states
)
return feature

71
gcloud auth application-default login/google-cloud-sdk/lib/surface/container/fleet/policycontroller/detach.py Normal file
View File

@@ -0,0 +1,71 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The command to detach the Policy Controller webhooks."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.command_lib.container.fleet.features import base
from googlecloudsdk.command_lib.container.fleet.membershipfeatures import base as mf_base
from googlecloudsdk.command_lib.container.fleet.policycontroller import command
from googlecloudsdk.command_lib.container.fleet.policycontroller import flags
class Detach(base.UpdateCommand, mf_base.UpdateCommand, command.PocoCommand):
"""Detach Policy Controller Feature.
Detaches Policy Controller. This will halt all administration of the Policy
Controller installation by the GKE Fleet. It will not uninstall it from the
cluster. To re-attach Policy Controller, use the `enable` command.
## EXAMPLES
To detach Policy Controller, run:
$ {command}
To re-attach Policy Controller, use the `enable` command:
$ {parent_command} enable
"""
feature_name = 'policycontroller'
mf_name = 'policycontroller'
@classmethod
def Args(cls, parser):
cmd_flags = flags.PocoFlags(parser, 'detach')
cmd_flags.add_memberships()
def Run(self, args):
specs = self.path_specs(args)
updated_specs = {path: self.detach(spec) for path, spec in specs.items()}
return self.update_specs(updated_specs)
def detach(self, spec):
"""Sets the membership spec to DETACHED.
Args:
spec: The spec to be detached.
Returns:
Updated spec, based on the message api version.
"""
spec.policycontroller.policyControllerHubConfig.installSpec = (
self.messages.PolicyControllerHubConfig.InstallSpecValueValuesEnum.INSTALL_SPEC_DETACHED
)
return spec

73
gcloud auth application-default login/google-cloud-sdk/lib/surface/container/fleet/policycontroller/disable.py Normal file
View File

@@ -0,0 +1,73 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The command to disable Policy Controller Feature."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.command_lib.container.fleet.features import base
from googlecloudsdk.command_lib.container.fleet.policycontroller import flags
class Disable(base.UpdateCommand):
"""Disable (Uninstall) Policy Controller.
Uninstalls Policy Controller.
## EXAMPLES
To uninstall Policy Controller, run:
$ {command}
"""
feature_name = 'policycontroller'
@classmethod
def Args(cls, parser):
top_group = parser.add_argument_group(mutex=True)
flags.no_fleet_default_cfg_flag().AddToParser(top_group)
cmd_flags = flags.PocoFlags(top_group, 'disable')
cmd_flags.add_memberships()
def Run(self, args):
membership_specs = {}
poco_not_installed = self.messages.PolicyControllerHubConfig.InstallSpecValueValuesEnum(
self.messages.PolicyControllerHubConfig.InstallSpecValueValuesEnum.INSTALL_SPEC_NOT_INSTALLED
)
poco_hub_config = self.messages.PolicyControllerHubConfig(
installSpec=poco_not_installed
)
memberships = base.ParseMembershipsPlural(
args, prompt=True, prompt_cancel=False, search=True
)
for membership in memberships:
membership_path = membership
membership_specs[membership_path] = self.messages.MembershipFeatureSpec(
policycontroller=self.messages.PolicyControllerMembershipSpec(
policyControllerHubConfig=poco_hub_config
)
)
patch = self.messages.Feature(
membershipSpecs=self.hubclient.ToMembershipSpecs(membership_specs)
)
return self.Update(['membership_specs'], patch)

121
gcloud auth application-default login/google-cloud-sdk/lib/surface/container/fleet/policycontroller/enable.py Normal file
View File

@@ -0,0 +1,121 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The command to enable Policy Controller Feature."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from apitools.base.protorpclite import messages
from googlecloudsdk.command_lib.container.fleet.features import base
from googlecloudsdk.command_lib.container.fleet.membershipfeatures import base as mf_base
from googlecloudsdk.command_lib.container.fleet.policycontroller import command
from googlecloudsdk.command_lib.container.fleet.policycontroller import flags
class Enable(
base.UpdateCommand,
mf_base.UpdateCommand,
base.EnableCommand,
command.PocoCommand,
):
"""Enable Policy Controller Feature.
Enables the Policy Controller Feature in a fleet.
## EXAMPLES
To enable the Policy Controller Feature, run:
$ {command}
"""
feature_name = 'policycontroller'
mf_name = 'policycontroller'
@classmethod
def Args(cls, parser):
top_group = parser.add_argument_group(mutex=True)
flags.fleet_default_cfg_group().AddToParser(top_group)
modal_group = top_group.add_argument_group(mutex=False)
membership_group = modal_group.add_argument_group(mutex=True)
scope_flags = flags.PocoFlags(modal_group, 'enable')
config_group = membership_group.add_argument_group(mutex=False)
manual_flags = flags.PocoFlags(config_group, 'config')
# Scope Flags
scope_flags.add_memberships()
# Configuration Flags
manual_flags.add_audit_interval()
manual_flags.add_constraint_violation_limit()
manual_flags.add_exemptable_namespaces()
manual_flags.add_log_denies_enabled()
manual_flags.add_monitoring()
manual_flags.add_mutation()
manual_flags.add_no_content()
manual_flags.add_no_default_bundles()
manual_flags.add_referential_rules()
manual_flags.add_version()
def Run(self, args):
parser = flags.PocoFlagParser(args, self.messages)
if parser.is_feature_update():
self._configure_feature(parser)
else: # Otherwise we are updating memberships.
specs = self.path_specs(args, True)
updated_specs = {p: self.enable(s, parser) for p, s in specs.items()}
self.update_specs(updated_specs)
def _configure_feature(self, parser):
default_cfg = parser.load_fleet_default_cfg()
if default_cfg is None:
# The remove case has been selected
self.update_fleet_default(None)
else:
self.update_fleet_default(default_cfg)
def _get_hub_config(self, spec: messages.Message) -> messages.Message:
if spec.policyControllerHubConfig is None:
return self.messages.PolicyControllerHubConfig()
return spec.policyControllerHubConfig
def _get_policycontroller(self, spec: messages.Message) -> messages.Message:
if spec.policycontroller is None:
return self.messages.PolicyControllerMembershipSpec()
return spec.policycontroller
def enable(self, spec, parser):
pc = self._get_policycontroller(spec)
hub_cfg = self._get_hub_config(pc)
hub_cfg = parser.update_audit_interval(hub_cfg)
hub_cfg = parser.update_constraint_violation_limit(hub_cfg)
hub_cfg = parser.update_exemptable_namespaces(hub_cfg)
hub_cfg = parser.update_log_denies(hub_cfg)
hub_cfg = parser.update_monitoring(hub_cfg)
hub_cfg = parser.update_mutation(hub_cfg)
hub_cfg = parser.update_no_content(hub_cfg)
hub_cfg = parser.update_referential_rules(hub_cfg)
hub_cfg.installSpec = (
self.messages.PolicyControllerHubConfig.InstallSpecValueValuesEnum.INSTALL_SPEC_ENABLED
)
# If this is a first installation, attempt to inject default bundle.
if spec.policycontroller is None:
hub_cfg = parser.update_default_bundles(hub_cfg)
pc.policyControllerHubConfig = hub_cfg
pc = parser.update_version(pc)
spec.policycontroller = pc
return spec

72
gcloud auth application-default login/google-cloud-sdk/lib/surface/container/fleet/policycontroller/suspend.py Normal file
View File

@@ -0,0 +1,72 @@
# -*- coding: utf-8 -*- #
# Copyright 2023 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The command to suspend the Policy Controller webhooks."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.command_lib.container.fleet.features import base
from googlecloudsdk.command_lib.container.fleet.membershipfeatures import base as mf_base
from googlecloudsdk.command_lib.container.fleet.policycontroller import command
from googlecloudsdk.command_lib.container.fleet.policycontroller import flags
class Suspend(base.UpdateCommand, mf_base.UpdateCommand, command.PocoCommand):
"""Suspend Policy Controller Feature.
Suspends the Policy Controller. This will disable all kubernetes webhooks on
the configured cluster, thereby removing admission and mutation functionality.
Audit functionality will remain in place.
## EXAMPLES
To suspend Policy Controller, run:
$ {command}
To re-enable Policy Controller webhooks, use the `enable` command:
$ {parent_command} enable
"""
feature_name = 'policycontroller'
mf_name = 'policycontroller'
@classmethod
def Args(cls, parser):
cmd_flags = flags.PocoFlags(parser, 'suspend')
cmd_flags.add_memberships()
def Run(self, args):
specs = self.path_specs(args)
updated_specs = {
path: self.suspend(spec) for path, spec in specs.items()
}
return self.update_specs(updated_specs)
def suspend(self, spec):
"""Sets the membership spec to SUSPENDED.
Args:
spec: The spec to be suspended.
Returns:
Updated spec, based on message api version.
"""
spec.policycontroller.policyControllerHubConfig.installSpec = (
self.messages.PolicyControllerHubConfig.InstallSpecValueValuesEnum.INSTALL_SPEC_SUSPENDED
)
return spec

102
gcloud auth application-default login/google-cloud-sdk/lib/surface/container/fleet/policycontroller/update.py Normal file
View File

@@ -0,0 +1,102 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The command to update Policy Controller Feature."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from apitools.base.protorpclite import messages
from googlecloudsdk.command_lib.container.fleet.features import base
from googlecloudsdk.command_lib.container.fleet.membershipfeatures import base as mf_base
from googlecloudsdk.command_lib.container.fleet.policycontroller import command
from googlecloudsdk.command_lib.container.fleet.policycontroller import flags
class Update(base.UpdateCommand, mf_base.UpdateCommand, command.PocoCommand):
"""Updates the configuration of Policy Controller Feature.
Updates the configuration of the Policy Controller installation
## EXAMPLES
To change the installed version, run:
$ {command} --version=VERSION
To modify the audit interval to 120 seconds, run:
$ {command} --audit-interval=120
"""
feature_name = 'policycontroller'
mf_name = 'policycontroller'
@classmethod
def Args(cls, parser):
modal_group = parser.add_argument_group(mutex=False)
membership_group = modal_group.add_argument_group(mutex=True)
scope_flags = flags.PocoFlags(modal_group, 'update')
config_group = membership_group.add_argument_group(mutex=False)
manual_flags = flags.PocoFlags(config_group, 'update')
# Scope Flags
scope_flags.add_memberships()
# Configuration Flags
manual_flags.add_audit_interval()
manual_flags.add_constraint_violation_limit()
manual_flags.add_exemptable_namespaces()
manual_flags.add_log_denies_enabled()
manual_flags.add_monitoring()
manual_flags.add_mutation()
manual_flags.add_referential_rules()
manual_flags.add_version()
# Configuration origin flag
flags.origin_flag().AddToParser(membership_group)
def Run(self, args):
parser = flags.PocoFlagParser(args, self.messages)
specs = self.path_specs(args)
updated_specs = {path: self.update(s, parser) for path, s in specs.items()}
return self.update_specs(updated_specs, parser.use_default_cfg())
def feature_cache(self, refresh: bool = False):
"""Gets and caches the current feature for this object."""
cache = getattr(self, '__feature_cache', None)
if cache is None or refresh:
cache = self.GetFeature()
setattr(self, '__feature_cache', cache)
return cache
def update(self, spec: messages.Message, parser: flags.PocoFlagParser):
if parser.use_default_cfg():
parser.set_default_cfg(self.feature_cache(), spec)
else:
pc = spec.policycontroller
pc = parser.update_version(pc)
hub_cfg = pc.policyControllerHubConfig
hub_cfg = parser.update_audit_interval(hub_cfg)
hub_cfg = parser.update_constraint_violation_limit(hub_cfg)
hub_cfg = parser.update_exemptable_namespaces(hub_cfg)
hub_cfg = parser.update_log_denies(hub_cfg)
hub_cfg = parser.update_mutation(hub_cfg)
hub_cfg = parser.update_monitoring(hub_cfg)
hub_cfg = parser.update_referential_rules(hub_cfg)
pc.policyControllerHubConfig = hub_cfg
spec.policycontroller = pc
return spec