def _initialize_firewall_enforcer(self,
expected_rules,
rules_before_enforcement,
add_rule_callback=None):
"""Gets current and expected rules, returns a FirewallEnforcer object.
Args:
expected_rules (fe.FirewallRules): A list of expected firewall
rules to apply to the project.
rules_before_enforcement (fe.FirewallRules): The list of current
firewall rules configured on the project.
add_rule_callback (Callable): A callback function that checks
whether a firewall rule should be applied. If the callback
returns False, that rule will not be modified.
Returns:
fe.FirewallEnforcer: A new FirewallEnforcer object configured with
the expected policy for the project.
"""
enforcer = fe.FirewallEnforcer(
self.project_id,
self.firewall_api,
expected_rules,
rules_before_enforcement,
project_sema=self._project_sema,
operation_sema=self._operation_sema,
add_rule_callback=add_rule_callback)
return enforcer
def _initialize_firewall_enforcer(self):
"""Gets current and expected rules, returns a FirewallEnforcer object.
Returns:
A new FirewallEnforcer object configured with the expected policy for
the project.
Raises:
EnforcementError: Raised if there are any errors fetching the current
firewall rules or building the expected rules from the policy.
"""
if not self.project_networks:
raise EnforcementError(STATUS_ERROR,
'no networks found for project')
self.rules_before_enforcement = self._get_current_fw_rules()
self.expected_rules = fe.FirewallRules(self.project_id)
try:
for network_name in self.project_networks:
self.expected_rules.add_rules(self.firewall_policy,
network_name=network_name)
except fe.InvalidFirewallRuleError as e:
raise EnforcementError(
STATUS_ERROR, 'error adding the expected '
'firewall rules from the policy: %s' % e)
enforcer = fe.FirewallEnforcer(self.project_id,
self.firewall_api,
self.expected_rules,
self.rules_before_enforcement,
project_sema=self._project_sema,
operation_sema=self._operation_sema)
return enforcer