def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
security_policy_rule_client = client.OrgSecurityPolicyRule(
ref=ref, compute_client=holder.client)
priority = rule_utils.ConvertPriorityToInt(ref.Name())
src_ip_ranges = []
dest_ip_ranges = []
dest_ports = []
target_resources = []
enable_logging = False
if args.IsSpecified('src_ip_ranges'):
src_ip_ranges = args.src_ip_ranges
if args.IsSpecified('dest_ip_ranges'):
dest_ip_ranges = args.dest_ip_ranges
if args.IsSpecified('dest_ports'):
dest_ports = args.dest_ports
if args.IsSpecified('target_resources'):
target_resources = args.target_resources
if args.IsSpecified('enable_logging'):
enable_logging = True
if args.IsSpecified('new_priority'):
new_priority = rule_utils.ConvertPriorityToInt(args.new_priority)
else:
new_priority = priority
dest_port_list = rule_utils.ParseDestPorts(dest_ports,
holder.client.messages)
matcher = holder.client.messages.SecurityPolicyRuleMatcher(
versionedExpr=holder.client.messages.SecurityPolicyRuleMatcher.
VersionedExprValueValuesEnum.FIREWALL,
config=holder.client.messages.SecurityPolicyRuleMatcherConfig(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
destPorts=dest_port_list))
traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.INGRESS
if args.IsSpecified('direction'):
if args.direction == 'INGRESS':
traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.INGRESS
else:
traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.EGRESS
security_policy_rule = holder.client.messages.SecurityPolicyRule(
priority=new_priority,
action=args.action,
match=matcher,
direction=traffic_direct,
targetResources=target_resources,
description=args.description,
enableLogging=enable_logging)
return security_policy_rule_client.Update(
priority=priority,
security_policy=args.security_policy,
security_policy_rule=security_policy_rule)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
security_policy_rule_client = client.OrgSecurityPolicyRule(
ref=ref, compute_client=holder.client)
src_ip_ranges = []
dest_ip_ranges = []
dest_ports = []
layer4_configs = []
target_resources = []
target_service_accounts = []
enable_logging = False
if args.IsSpecified('src_ip_ranges'):
src_ip_ranges = args.src_ip_ranges
if args.IsSpecified('dest_ip_ranges'):
dest_ip_ranges = args.dest_ip_ranges
if args.IsSpecified('dest_ports'):
dest_ports = args.dest_ports
if args.IsSpecified('layer4_configs'):
layer4_configs = args.layer4_configs
if args.IsSpecified('target_resources'):
target_resources = args.target_resources
if args.IsSpecified('target_service_accounts'):
target_service_accounts = args.target_service_accounts
if args.IsSpecified('enable_logging'):
enable_logging = True
dest_ports_list = rule_utils.ParseDestPorts(dest_ports,
holder.client.messages)
layer4_config_list = rule_utils.ParseLayer4Configs(layer4_configs,
holder.client.messages)
matcher = holder.client.messages.SecurityPolicyRuleMatcher(
versionedExpr=holder.client.messages.SecurityPolicyRuleMatcher
.VersionedExprValueValuesEnum.FIREWALL,
config=holder.client.messages.SecurityPolicyRuleMatcherConfig(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
destPorts=dest_ports_list,
layer4Configs=layer4_config_list))
traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.INGRESS
if args.IsSpecified('direction'):
if args.direction == 'INGRESS':
traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.INGRESS
else:
traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.EGRESS
security_policy_rule = holder.client.messages.SecurityPolicyRule(
priority=rule_utils.ConvertPriorityToInt(ref.Name()),
action=args.action,
match=matcher,
direction=traffic_direct,
targetResources=target_resources,
targetServiceAccounts=target_service_accounts,
description=args.description,
enableLogging=enable_logging)
org_security_policy = client.OrgSecurityPolicy(
ref=ref, compute_client=holder.client)
security_policy_id = org_security_policies_utils.GetSecurityPolicyId(
org_security_policy,
args.security_policy,
organization=args.organization)
return security_policy_rule_client.Create(
security_policy=security_policy_id,
security_policy_rule=security_policy_rule)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
security_policy_rule_client = client.OrgSecurityPolicyRule(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
priority = rule_utils.ConvertPriorityToInt(ref.Name())
src_ip_ranges = []
dest_ip_ranges = []
dest_ports_list = []
layer4_config_list = []
target_resources = []
target_service_accounts = []
enable_logging = False
should_setup_match = False
traffic_direct = None
matcher = None
if args.IsSpecified('src_ip_ranges'):
src_ip_ranges = args.src_ip_ranges
should_setup_match = True
if args.IsSpecified('dest_ip_ranges'):
dest_ip_ranges = args.dest_ip_ranges
should_setup_match = True
if self.ReleaseTrack() == base.ReleaseTrack.ALPHA and args.IsSpecified(
'dest_ports'):
should_setup_match = True
dest_ports_list = rule_utils.ParseDestPorts(
args.dest_ports, holder.client.messages)
if args.IsSpecified('layer4_configs'):
should_setup_match = True
layer4_config_list = rule_utils.ParseLayer4Configs(
args.layer4_configs, holder.client.messages)
if args.IsSpecified('target_resources'):
target_resources = args.target_resources
if args.IsSpecified('target_service_accounts'):
target_service_accounts = args.target_service_accounts
if args.IsSpecified('enable_logging'):
enable_logging = True
if args.IsSpecified('new_priority'):
new_priority = rule_utils.ConvertPriorityToInt(args.new_priority)
else:
new_priority = priority
# If need to construct a new matcher.
if should_setup_match:
if self.ReleaseTrack() == base.ReleaseTrack.ALPHA:
matcher = holder.client.messages.SecurityPolicyRuleMatcher(
versionedExpr=holder.client.messages.
SecurityPolicyRuleMatcher.VersionedExprValueValuesEnum.
FIREWALL,
config=holder.client.messages.
SecurityPolicyRuleMatcherConfig(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
destPorts=dest_ports_list,
layer4Configs=layer4_config_list))
else:
matcher = holder.client.messages.SecurityPolicyRuleMatcher(
versionedExpr=holder.client.messages.
SecurityPolicyRuleMatcher.VersionedExprValueValuesEnum.
FIREWALL,
config=holder.client.messages.
SecurityPolicyRuleMatcherConfig(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
layer4Configs=layer4_config_list))
if args.IsSpecified('direction'):
if args.direction == 'INGRESS':
traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.INGRESS
else:
traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.EGRESS
security_policy_rule = holder.client.messages.SecurityPolicyRule(
priority=new_priority,
action=args.action,
match=matcher,
direction=traffic_direct,
targetResources=target_resources,
targetServiceAccounts=target_service_accounts,
description=args.description,
enableLogging=enable_logging)
security_policy_id = org_security_policies_utils.GetSecurityPolicyId(
security_policy_rule_client,
args.security_policy,
organization=args.organization)
return security_policy_rule_client.Update(
priority=priority,
security_policy=security_policy_id,
security_policy_rule=security_policy_rule)