280 lines
9.4 KiB
Python
280 lines
9.4 KiB
Python
# -*- coding: utf-8 -*- #
|
|
# Copyright 2014 Google LLC. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
"""Command for creating target HTTPS proxies."""
|
|
|
|
from __future__ import absolute_import
|
|
from __future__ import division
|
|
from __future__ import unicode_literals
|
|
|
|
from googlecloudsdk.api_lib.compute import base_classes
|
|
from googlecloudsdk.api_lib.compute import target_proxies_utils
|
|
from googlecloudsdk.calliope import base
|
|
from googlecloudsdk.command_lib.certificate_manager import resource_args as cm_resource_args
|
|
from googlecloudsdk.command_lib.compute import reference_utils
|
|
from googlecloudsdk.command_lib.compute import scope as compute_scope
|
|
from googlecloudsdk.command_lib.compute.ssl_certificates import flags as ssl_certificates_flags
|
|
from googlecloudsdk.command_lib.compute.ssl_policies import flags as ssl_policies_flags
|
|
from googlecloudsdk.command_lib.compute.target_https_proxies import flags
|
|
from googlecloudsdk.command_lib.compute.target_https_proxies import target_https_proxies_utils
|
|
from googlecloudsdk.command_lib.compute.url_maps import flags as url_map_flags
|
|
from googlecloudsdk.command_lib.network_security import resource_args as ns_resource_args
|
|
|
|
|
|
def _DetailedHelp():
|
|
return {
|
|
'brief': 'Create a target HTTPS proxy.',
|
|
'DESCRIPTION': """
|
|
*{command}* is used to create target HTTPS proxies. A target
|
|
HTTPS proxy is referenced by one or more forwarding rules which
|
|
specify the network traffic that the proxy is responsible for
|
|
routing. The target HTTPS proxy points to a URL map that defines
|
|
the rules for routing the requests. The URL map's job is to map
|
|
URLs to backend services which handle the actual requests. The
|
|
target HTTPS proxy also points to at most 15 SSL certificates
|
|
used for server-side authentication. The target HTTPS proxy can
|
|
be associated with at most one SSL policy.
|
|
""",
|
|
'EXAMPLES': """
|
|
If there is an already-created URL map with the name URL_MAP
|
|
and a SSL certificate named SSL_CERTIFICATE, create a
|
|
global target HTTPS proxy pointing to this map by running:
|
|
|
|
$ {command} PROXY_NAME --url-map=URL_MAP --ssl-certificates=SSL_CERTIFICATE
|
|
|
|
Create a regional target HTTPS proxy by running:
|
|
|
|
$ {command} PROXY_NAME --url-map=URL_MAP --ssl-certificates=SSL_CERTIFICATE --region=REGION_NAME
|
|
""",
|
|
}
|
|
|
|
|
|
def _Args(
|
|
parser,
|
|
traffic_director_security=False,
|
|
list_format=None,
|
|
):
|
|
"""Add the target https proxies command line flags to the parser."""
|
|
|
|
parser.display_info.AddFormat(list_format)
|
|
parser.add_argument(
|
|
'--description',
|
|
help='An optional, textual description for the target HTTPS proxy.',
|
|
)
|
|
|
|
parser.display_info.AddCacheUpdater(flags.TargetHttpsProxiesCompleter)
|
|
target_proxies_utils.AddQuicOverrideCreateArgs(parser)
|
|
target_proxies_utils.AddTlsEarlyDataCreateArgs(parser)
|
|
|
|
if traffic_director_security:
|
|
flags.AddProxyBind(parser, False)
|
|
|
|
target_proxies_utils.AddHttpKeepAliveTimeoutSec(parser)
|
|
|
|
ns_resource_args.GetServerTlsPolicyResourceArg(
|
|
'to attach', name='server-tls-policy', region_fallthrough=True
|
|
).AddToParser(parser)
|
|
|
|
cm_resource_args.AddCertificateMapResourceArg(
|
|
parser,
|
|
'to attach',
|
|
name='certificate-map',
|
|
positional=False,
|
|
required=False,
|
|
with_location=False,
|
|
)
|
|
|
|
|
|
def _Run(
|
|
args,
|
|
holder,
|
|
proxy_ref,
|
|
url_map_ref,
|
|
ssl_certificates,
|
|
ssl_policy_ref,
|
|
traffic_director_security,
|
|
certificate_map_ref,
|
|
server_tls_policy_ref,
|
|
):
|
|
"""Issues requests necessary to create Target HTTPS Proxies."""
|
|
client = holder.client
|
|
|
|
if traffic_director_security and args.proxy_bind:
|
|
target_https_proxy = client.messages.TargetHttpsProxy(
|
|
description=args.description,
|
|
name=proxy_ref.Name(),
|
|
urlMap=url_map_ref.SelfLink(),
|
|
sslCertificates=ssl_certificates,
|
|
proxyBind=args.proxy_bind,
|
|
)
|
|
else:
|
|
target_https_proxy = client.messages.TargetHttpsProxy(
|
|
description=args.description,
|
|
name=proxy_ref.Name(),
|
|
urlMap=url_map_ref.SelfLink(),
|
|
sslCertificates=ssl_certificates,
|
|
)
|
|
|
|
if args.IsSpecified('http_keep_alive_timeout_sec'):
|
|
target_https_proxy.httpKeepAliveTimeoutSec = (
|
|
args.http_keep_alive_timeout_sec
|
|
)
|
|
|
|
if args.IsSpecified('quic_override'):
|
|
quic_enum = client.messages.TargetHttpsProxy.QuicOverrideValueValuesEnum
|
|
target_https_proxy.quicOverride = quic_enum(args.quic_override)
|
|
|
|
if args.tls_early_data:
|
|
tls_early_data_enum = (
|
|
client.messages.TargetHttpsProxy.TlsEarlyDataValueValuesEnum
|
|
)
|
|
target_https_proxy.tlsEarlyData = tls_early_data_enum(args.tls_early_data)
|
|
|
|
if ssl_policy_ref:
|
|
target_https_proxy.sslPolicy = ssl_policy_ref.SelfLink()
|
|
|
|
if server_tls_policy_ref:
|
|
target_https_proxy.serverTlsPolicy = server_tls_policy_ref.SelfLink()
|
|
|
|
if certificate_map_ref:
|
|
target_https_proxy.certificateMap = certificate_map_ref.SelfLink()
|
|
|
|
if target_https_proxies_utils.IsRegionalTargetHttpsProxiesRef(proxy_ref):
|
|
request = client.messages.ComputeRegionTargetHttpsProxiesInsertRequest(
|
|
project=proxy_ref.project,
|
|
region=proxy_ref.region,
|
|
targetHttpsProxy=target_https_proxy,
|
|
)
|
|
collection = client.apitools_client.regionTargetHttpsProxies
|
|
else:
|
|
request = client.messages.ComputeTargetHttpsProxiesInsertRequest(
|
|
project=proxy_ref.project, targetHttpsProxy=target_https_proxy
|
|
)
|
|
collection = client.apitools_client.targetHttpsProxies
|
|
|
|
return client.MakeRequests([(collection, 'Insert', request)])
|
|
|
|
|
|
@base.ReleaseTracks(base.ReleaseTrack.GA)
|
|
@base.UniverseCompatible
|
|
class Create(base.CreateCommand):
|
|
"""Create a target HTTPS proxy."""
|
|
|
|
_traffic_director_security = False
|
|
_list_format = flags.DEFAULT_LIST_FORMAT
|
|
|
|
SSL_CERTIFICATES_ARG = None
|
|
TARGET_HTTPS_PROXY_ARG = None
|
|
URL_MAP_ARG = None
|
|
SSL_POLICY_ARG = None
|
|
detailed_help = _DetailedHelp()
|
|
|
|
@classmethod
|
|
def Args(cls, parser):
|
|
certificate_group = parser.add_mutually_exclusive_group()
|
|
cls.SSL_CERTIFICATES_ARG = (
|
|
ssl_certificates_flags.SslCertificatesArgumentForOtherResource(
|
|
'target HTTPS proxy', required=False
|
|
)
|
|
)
|
|
cls.SSL_CERTIFICATES_ARG.AddArgument(
|
|
parser, mutex_group=certificate_group, cust_metavar='SSL_CERTIFICATE'
|
|
)
|
|
cm_resource_args.AddCertificateResourceArg(
|
|
parser,
|
|
'to attach',
|
|
noun='certificate-manager-certificates',
|
|
name='certificate-manager-certificates',
|
|
positional=False,
|
|
required=False,
|
|
plural=True,
|
|
group=certificate_group,
|
|
with_location=False,
|
|
)
|
|
|
|
cls.TARGET_HTTPS_PROXY_ARG = flags.TargetHttpsProxyArgument()
|
|
cls.TARGET_HTTPS_PROXY_ARG.AddArgument(parser, operation_type='create')
|
|
|
|
cls.URL_MAP_ARG = url_map_flags.UrlMapArgumentForTargetProxy(
|
|
proxy_type='HTTPS'
|
|
)
|
|
cls.URL_MAP_ARG.AddArgument(parser)
|
|
|
|
cls.SSL_POLICY_ARG = (
|
|
ssl_policies_flags.GetSslPolicyMultiScopeArgumentForOtherResource(
|
|
'HTTPS', required=False
|
|
)
|
|
)
|
|
cls.SSL_POLICY_ARG.AddArgument(parser)
|
|
|
|
_Args(
|
|
parser,
|
|
traffic_director_security=cls._traffic_director_security,
|
|
list_format=cls._list_format,
|
|
)
|
|
|
|
def Run(self, args):
|
|
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
|
|
proxy_ref = self.TARGET_HTTPS_PROXY_ARG.ResolveAsResource(
|
|
args, holder.resources, default_scope=compute_scope.ScopeEnum.GLOBAL
|
|
)
|
|
url_map_ref = target_https_proxies_utils.ResolveTargetHttpsProxyUrlMap(
|
|
args, self.URL_MAP_ARG, proxy_ref, holder.resources
|
|
)
|
|
ssl_certificates = target_https_proxies_utils.ResolveSslCertificates(
|
|
args, self.SSL_CERTIFICATES_ARG, proxy_ref, holder.resources
|
|
)
|
|
location = target_https_proxies_utils.GetLocation(proxy_ref)
|
|
if ssl_certificates:
|
|
ssl_certificates = [ref.SelfLink() for ref in ssl_certificates]
|
|
elif args.certificate_manager_certificates:
|
|
ssl_certificates = [
|
|
reference_utils.BuildCcmCertificateUrl(
|
|
proxy_ref.project, location, certificate_name
|
|
)
|
|
for certificate_name in args.certificate_manager_certificates
|
|
]
|
|
if args.ssl_policy:
|
|
ssl_policy_ref = target_https_proxies_utils.ResolveSslPolicy(
|
|
args, self.SSL_POLICY_ARG, proxy_ref, holder.resources
|
|
)
|
|
else:
|
|
ssl_policy_ref = None
|
|
certificate_map_ref = args.CONCEPTS.certificate_map.Parse()
|
|
|
|
server_tls_policy_ref = None
|
|
if args.IsKnownAndSpecified('server_tls_policy'):
|
|
server_tls_policy_ref = args.CONCEPTS.server_tls_policy.Parse()
|
|
return _Run(
|
|
args,
|
|
holder,
|
|
proxy_ref,
|
|
url_map_ref,
|
|
ssl_certificates,
|
|
ssl_policy_ref,
|
|
self._traffic_director_security,
|
|
certificate_map_ref,
|
|
server_tls_policy_ref,
|
|
)
|
|
|
|
|
|
@base.ReleaseTracks(base.ReleaseTrack.BETA)
|
|
class CreateBeta(Create):
|
|
pass
|
|
|
|
|
|
@base.ReleaseTracks(base.ReleaseTrack.ALPHA)
|
|
class CreateAlpha(CreateBeta):
|
|
_traffic_director_security = True
|