def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
policies.ValidateAccessPolicyArg(perimeter_ref, args)
perimeter = client.Get(perimeter_ref)
print(perimeters.GenerateDryRunConfigDiff(perimeter,
self._API_VERSION))
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
messages = util.GetMessages(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
policies.ValidateAccessPolicyArg(perimeter_ref, args)
original_perimeter = client.Get(perimeter_ref)
base_config = _GetBaseConfig(original_perimeter)
updated_resources = repeated.ParsePrimitiveArgs(
args, 'resources', lambda: base_config.resources or [])
updated_restricted_services = repeated.ParsePrimitiveArgs(
args, 'restricted-services',
lambda: base_config.restrictedServices or [])
updated_access_levels = repeated.ParsePrimitiveArgs(
args, 'access-levels', lambda: base_config.accessLevels or [])
base_vpc_config = base_config.vpcAccessibleServices
if base_vpc_config is None:
base_vpc_config = messages.VpcAccessibleServices()
updated_vpc_services = repeated.ParsePrimitiveArgs(
args, 'vpc-allowed-services',
lambda: base_vpc_config.allowedServices or [])
if args.IsSpecified('enable_vpc_accessible_services'):
updated_vpc_enabled = args.enable_vpc_accessible_services
elif base_config.vpcAccessibleServices is not None:
updated_vpc_enabled = base_vpc_config.enableRestriction
else:
updated_vpc_enabled = None
return client.PatchDryRunConfig(
perimeter_ref,
resources=updated_resources,
levels=updated_access_levels,
restricted_services=updated_restricted_services,
vpc_allowed_services=updated_vpc_services,
enable_vpc_accessible_services=updated_vpc_enabled)
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
result = repeated.CachedResult.FromFunc(client.Get, perimeter_ref)
policies.ValidateAccessPolicyArg(perimeter_ref, args)
return self.Patch(
client=client,
args=args,
result=result,
perimeter_ref=perimeter_ref,
description=args.description,
title=args.title,
perimeter_type=perimeters.GetTypeEnumMapper(
version=self._API_VERSION).GetEnumForChoice(args.type),
resources=perimeters.ParseResources(args, result),
restricted_services=perimeters.ParseRestrictedServices(
args, result),
levels=perimeters.ParseLevels(args, result,
perimeter_ref.accessPoliciesId),
vpc_allowed_services=perimeters.ParseVpcRestriction(
args, result, self._API_VERSION),
enable_vpc_accessible_services=args.enable_vpc_accessible_services,
ingress_policies=perimeters.ParseUpdateDirectionalPoliciesArgs(
args, self._release_track, 'ingress-policies'),
egress_policies=perimeters.ParseUpdateDirectionalPoliciesArgs(
args, self._release_track, 'egress-policies'))
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
policy_id = policies.GetDefaultPolicy()
if args.IsSpecified('policy'):
policy_id = args.policy
policy_ref = resources.REGISTRY.Parse(
policy_id, collection='accesscontextmanager.accessPolicies')
perimeters_to_display = [p for p in client.List(policy_ref)]
for p in perimeters_to_display:
# When a Service Perimeter has use_explicit_dry_run_spec set to false, the
# dry-run spec is implicitly the same as the status. In order to clearly
# show the user what exactly is being used as the dry-run spec, we set
# status to None (this list command is only for the dry-run config) and
# copy over the status to the spec when the spec is absent. We also append
# an asterisk to the name to signify that these perimeters are not
# actually identical to what the API returns.
if not p.useExplicitDryRunSpec:
p.spec = p.status
p.name += '*'
p.status = None
print(
'Note: Perimeters marked with \'*\' do not have an explicit `spec`. '
'Instead, their `status` also acts as the `spec`.')
return perimeters_to_display
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
messages = util.GetMessages(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
policies.ValidateAccessPolicyArg(perimeter_ref, args)
original_perimeter = client.Get(perimeter_ref)
base_config = _GetBaseConfig(original_perimeter)
if _IsFieldSpecified('resources', args):
updated_resources = _GetRepeatedFieldValue(
args, 'resources', base_config.resources,
original_perimeter.useExplicitDryRunSpec)
else:
updated_resources = base_config.resources
if _IsFieldSpecified('restricted_services', args):
updated_restricted_services = _GetRepeatedFieldValue(
args, 'restricted_services', base_config.restrictedServices,
original_perimeter.useExplicitDryRunSpec)
else:
updated_restricted_services = base_config.restrictedServices
if _IsFieldSpecified('access_levels', args):
updated_access_levels = _GetRepeatedFieldValue(
args, 'access_levels', base_config.accessLevels,
original_perimeter.useExplicitDryRunSpec)
else:
updated_access_levels = base_config.accessLevels
base_vpc_config = base_config.vpcAccessibleServices
if base_vpc_config is None:
base_vpc_config = messages.VpcAccessibleServices()
if _IsFieldSpecified('vpc_allowed_services', args):
updated_vpc_services = _GetRepeatedFieldValue(
args, 'vpc-allowed-services', base_vpc_config.allowedServices,
original_perimeter.useExplicitDryRunSpec)
elif base_config.vpcAccessibleServices is not None:
updated_vpc_services = base_vpc_config.allowedServices
else:
updated_vpc_services = None
if args.IsSpecified('enable_vpc_accessible_services'):
updated_vpc_enabled = args.enable_vpc_accessible_services
elif base_config.vpcAccessibleServices is not None:
updated_vpc_enabled = base_vpc_config.enableRestriction
else:
updated_vpc_enabled = None
# Vpc allowed services list should only be populated if enable restrictions
# is set to true.
if updated_vpc_enabled is None:
updated_vpc_services = None
elif not updated_vpc_enabled:
updated_vpc_services = []
return client.PatchDryRunConfig(
perimeter_ref,
resources=updated_resources,
levels=updated_access_levels,
restricted_services=updated_restricted_services,
vpc_allowed_services=updated_vpc_services,
enable_vpc_accessible_services=updated_vpc_enabled,
ingress_policies=perimeters.ParseUpdateDirectionalPoliciesArgs(
args, 'ingress-policies'),
egress_policies=perimeters.ParseUpdateDirectionalPoliciesArgs(
args, 'egress-policies'))
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
result = repeated.CachedResult.FromFunc(client.Get, perimeter_ref)
policies.ValidateAccessPolicyArg(perimeter_ref, args)
return self.Patch(client=client,
args=args,
result=result,
perimeter_ref=perimeter_ref)
def testUnsetSpec_unsetUseExplictDryRunSpecFlag(self):
self.SetUpForAPI(self.api_version)
client = zones.Client(self.client)
perimeter_update = self.messages.ServicePerimeter(
useExplicitDryRunSpec=False, spec=None)
perimeter_ref = FakePerimeterRef()
self._ExpectPatch(perimeter_ref, perimeter_update,
'spec,useExplicitDryRunSpec')
client.UnsetSpec(perimeter_ref, False)
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
perimeter_type = perimeters.GetPerimeterTypeEnumForShortName(
args.perimeter_type, self._API_VERSION)
# Extract the arguments that reside in a ServicePerimeterConfig.
resources = _ParseArgWithShortName(args, 'resources')
levels = _ParseArgWithShortName(args, 'access_levels')
levels = perimeters.ExpandLevelNamesIfNecessary(
levels, perimeter_ref.accessPoliciesId)
restricted_services = _ParseArgWithShortName(args,
'restricted_services')
vpc_allowed_services = _ParseArgWithShortName(args,
'vpc_allowed_services')
ingress_policies, egress_policies = _ParseDirectionalPolicies(
args, self._release_track)
if (args.enable_vpc_accessible_services is None
and args.perimeter_enable_vpc_accessible_services is None):
enable_vpc_accessible_services = None
else:
enable_vpc_accessible_services = (
args.enable_vpc_accessible_services
or args.perimeter_enable_vpc_accessible_services)
result = repeated.CachedResult.FromFunc(client.Get, perimeter_ref)
try:
result.Get() # Check if the perimeter was actually obtained.
except apitools_exceptions.HttpNotFoundError:
if args.perimeter_title is None or perimeter_type is None:
raise exceptions.RequiredArgumentException(
'perimeter-title',
('Since this Service Perimeter does not exist, perimeter-title '
'and perimeter-type must be supplied.'))
else:
if args.perimeter_title is not None or perimeter_type is not None:
raise exceptions.InvalidArgumentException(
'perimeter-title',
('A Service Perimeter with the given name already exists. The '
'title and the type fields cannot be updated in the dry-run mode.'
))
policies.ValidateAccessPolicyArg(perimeter_ref, args)
return client.PatchDryRunConfig(
perimeter_ref,
title=args.perimeter_title,
description=args.perimeter_description,
perimeter_type=perimeter_type,
resources=resources,
levels=levels,
restricted_services=restricted_services,
vpc_allowed_services=vpc_allowed_services,
enable_vpc_accessible_services=enable_vpc_accessible_services,
ingress_policies=ingress_policies,
egress_policies=egress_policies)
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
policy_id = policies.GetDefaultPolicy()
if args.IsSpecified('policy'):
policy_id = args.policy
policy_ref = resources.REGISTRY.Parse(
policy_id, collection='accesscontextmanager.accessPolicies')
return client.Commit(policy_ref, args.etag)
def Run(self, args):
client = zones_api.Client()
zone_ref = args.CONCEPTS.zone.Parse()
result = repeated.CachedResult.FromFunc(client.Get, zone_ref)
return client.Patch(
zone_ref,
description=args.description,
title=args.title,
zone_type=zones.GetTypeEnumMapper().GetEnumForChoice(args.type),
resources=zones.ParseResources(args, result),
restricted_services=zones.ParseRestrictedServices(args, result),
unrestricted_services=zones.ParseUnrestrictedServices(args, result),
levels=zones.ParseLevels(args, result, zone_ref.accessPoliciesId))
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
result = repeated.CachedResult.FromFunc(client.Get, perimeter_ref)
return client.Patch(
perimeter_ref,
description=args.description,
title=args.title,
perimeter_type=perimeters.GetTypeEnumMapper(
version=self._API_VERSION).GetEnumForChoice(args.type),
resources=perimeters.ParseResources(args, result),
restricted_services=perimeters.ParseRestrictedServices(args, result),
levels=perimeters.ParseLevels(args, result,
perimeter_ref.accessPoliciesId))
def testPatchDryRunConfig(self):
self.SetUpForAPI(self.api_version)
client = zones.Client(self.client)
perimeter_update = self.messages.ServicePerimeter(
useExplicitDryRunSpec=True,
spec=self.messages.ServicePerimeterConfig(
resources=['projects/123', 'projects/456'],
restrictedServices=['bigquery.googleapis.com']))
perimeter_ref = FakePerimeterRef()
self._ExpectPatch(
perimeter_ref, perimeter_update,
'spec.resources,spec.restrictedServices,useExplicitDryRunSpec')
client.PatchDryRunConfig(
perimeter_ref,
resources=['projects/123', 'projects/456'],
restricted_services=['bigquery.googleapis.com'])
def testEnforceDryRunConfig(self):
self.SetUpForAPI(self.api_version)
client = zones.Client(self.client)
perimeter_before = self.messages.ServicePerimeter(
status=None,
useExplicitDryRunSpec=True,
spec=self.messages.ServicePerimeterConfig(
resources=['projects/123']))
perimeter_update = self.messages.ServicePerimeter(
useExplicitDryRunSpec=False,
spec=None,
status=self.messages.ServicePerimeterConfig(
resources=['projects/123']))
perimeter_ref = FakePerimeterRef()
self._ExpectGet(perimeter_ref.RelativeName(), perimeter_before)
self._ExpectPatch(perimeter_ref, perimeter_update,
'spec,status,useExplicitDryRunSpec')
client.EnforceDryRunConfig(perimeter_ref)
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
policies.ValidateAccessPolicyArg(perimeter_ref, args)
return client.UnsetSpec(perimeter_ref, use_explicit_dry_run_spec=True)
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
policies.ValidateAccessPolicyArg(perimeter_ref, args)
return client.EnforceDryRunConfig(perimeter_ref)
