def _CreateFirewall(self, holder, args): client = holder.client if args.rules and args.allow: raise firewalls_utils.ArgumentValidationError( 'Can NOT specify --rules and --allow in the same request.') if bool(args.action) ^ bool(args.rules): raise firewalls_utils.ArgumentValidationError( 'Must specify --rules with --action.') allowed = firewalls_utils.ParseRules(args.allow, client.messages, firewalls_utils.ActionType.ALLOW) network_ref = self.NETWORK_ARG.ResolveAsResource( args, holder.resources) firewall_ref = self.FIREWALL_RULE_ARG.ResolveAsResource( args, holder.resources) firewall = client.messages.Firewall(allowed=allowed, name=firewall_ref.Name(), description=args.description, network=network_ref.SelfLink(), sourceRanges=args.source_ranges, sourceTags=args.source_tags, targetTags=args.target_tags) firewall.direction = None if args.direction and args.direction in ['EGRESS', 'OUT']: firewall.direction = ( client.messages.Firewall.DirectionValueValuesEnum.EGRESS) else: firewall.direction = ( client.messages.Firewall.DirectionValueValuesEnum.INGRESS) firewall.priority = args.priority firewall.destinationRanges = args.destination_ranges allowed = [] denied = [] if not args.action: allowed = firewalls_utils.ParseRules( args.allow, client.messages, firewalls_utils.ActionType.ALLOW) elif args.action == 'ALLOW': allowed = firewalls_utils.ParseRules( args.rules, client.messages, firewalls_utils.ActionType.ALLOW) elif args.action == 'DENY': denied = firewalls_utils.ParseRules( args.rules, client.messages, firewalls_utils.ActionType.DENY) firewall.allowed = allowed firewall.denied = denied firewall.sourceServiceAccounts = args.source_service_accounts firewall.targetServiceAccounts = args.target_service_accounts return firewall, firewall_ref.project
def CreateRequests(self, args): """Returns a list of requests necessary for adding firewall rules.""" if args.rules and args.allow: raise firewalls_utils.ArgumentValidationError( 'Can NOT specify --rules and --allow in the same request.') if bool(args.action) ^ bool(args.rules): raise firewalls_utils.ArgumentValidationError( 'Must specify --rules with --action.') direction = None if args.direction and args.direction in ['EGRESS', 'OUT']: direction = self.messages.Firewall.DirectionValueValuesEnum.EGRESS else: direction = self.messages.Firewall.DirectionValueValuesEnum.INGRESS priority = args.priority allowed = [] denied = [] if not args.action: allowed = firewalls_utils.ParseRules( args.allow, self.messages, firewalls_utils.ActionType.ALLOW) elif args.action == 'ALLOW': allowed = firewalls_utils.ParseRules( args.rules, self.messages, firewalls_utils.ActionType.ALLOW) elif args.action == 'DENY': denied = firewalls_utils.ParseRules( args.rules, self.messages, firewalls_utils.ActionType.DENY) network_ref = self.NETWORK_ARG.ResolveAsResource(args, self.resources) firewall_ref = self.FIREWALL_RULE_ARG.ResolveAsResource( args, self.resources) request = self.messages.ComputeFirewallsInsertRequest( firewall=self.messages.Firewall( allowed=allowed, denied=denied, direction=direction, priority=priority, name=firewall_ref.Name(), description=args.description, network=network_ref.SelfLink(), sourceRanges=args.source_ranges, destinationRanges=args.destination_ranges, sourceTags=args.source_tags, targetTags=args.target_tags, sourceServiceAccounts=args.source_service_accounts, targetServiceAccounts=args.target_service_accounts), project=self.project) return [request]
def CreateRequests(self, args): """Returns a list of requests necessary for adding firewall rules.""" # TODO(user): remove the check once allow was deprecated. if args.rules and args.allow: raise firewalls_utils.ArgumentValidationError( 'Can NOT specify --rules and --allow in the same request.') if bool(args.action) ^ bool(args.rules): raise firewalls_utils.ArgumentValidationError( 'Must specify --rules with --action.') direction = None if args.direction and args.direction in ['EGRESS', 'OUT']: direction = self.messages.Firewall.DirectionValueValuesEnum.EGRESS else: direction = self.messages.Firewall.DirectionValueValuesEnum.INGRESS priority = args.priority allowed = [] denied = [] if not args.action: allowed = firewalls_utils.ParseRules( args.allow, self.messages, firewalls_utils.ActionType.ALLOW) elif args.action == 'ALLOW': allowed = firewalls_utils.ParseRules( args.rules, self.messages, firewalls_utils.ActionType.ALLOW) elif args.action == 'DENY': denied = firewalls_utils.ParseRules( args.rules, self.messages, firewalls_utils.ActionType.DENY) network_ref = self.CreateGlobalReference(args.network, resource_type='networks') firewall_ref = self.CreateGlobalReference(args.name, resource_type='firewalls') request = self.messages.ComputeFirewallsInsertRequest( firewall=self.messages.Firewall( allowed=allowed, denied=denied, direction=direction, priority=priority, name=firewall_ref.Name(), description=args.description, network=network_ref.SelfLink(), sourceRanges=args.source_ranges, destinationRanges=args.destination_ranges, sourceTags=args.source_tags, targetTags=args.target_tags), project=self.project) return [request]
def ValidateArgument(self, messages, args): self.new_allowed = firewalls_utils.ParseRules( args.allow, messages, firewalls_utils.ActionType.ALLOW) args_unset = all(x is None for x in (args.allow, args.description, args.source_ranges, args.source_tags, args.target_tags)) if self.with_egress_firewall: args_unset = args_unset and all( x is None for x in (args.destination_ranges, args.priority, args.rules)) if self.with_service_account: args_unset = args_unset and all( x is None for x in (args.source_service_accounts, args.target_service_accounts)) args_unset = args_unset and args.disabled is None args_unset = (args_unset and args.enable_logging is None) if self.support_logging_metadata: args_unset = args_unset and not args.logging_metadata if args_unset: raise calliope_exceptions.ToolException( 'At least one property must be modified.') if args.rules and args.allow: raise firewalls_utils.ArgumentValidationError( 'Can NOT specify --rules and --allow in the same request.')
def ValidateArgument(self, messages, args): super(BetaUpdateFirewall, self).ValidateArgument(messages, args) if args.rules and args.allow: raise firewalls_utils.ArgumentValidationError( 'Can NOT specify --rules and --allow in the same request.')
def _CreateFirewall(self, holder, args): client = holder.client if args.rules and args.allow: raise firewalls_utils.ArgumentValidationError( 'Can NOT specify --rules and --allow in the same request.') if bool(args.action) ^ bool(args.rules): raise firewalls_utils.ArgumentValidationError( 'Must specify --rules with --action.') allowed = firewalls_utils.ParseRules(args.allow, client.messages, firewalls_utils.ActionType.ALLOW) network_ref = self.NETWORK_ARG.ResolveAsResource( args, holder.resources) firewall_ref = self.FIREWALL_RULE_ARG.ResolveAsResource( args, holder.resources) firewall = client.messages.Firewall(allowed=allowed, name=firewall_ref.Name(), description=args.description, network=network_ref.SelfLink(), sourceRanges=args.source_ranges, sourceTags=args.source_tags, targetTags=args.target_tags) if args.disabled is not None: firewall.disabled = args.disabled firewall.direction = None if args.direction and args.direction in ['EGRESS', 'OUT']: firewall.direction = ( client.messages.Firewall.DirectionValueValuesEnum.EGRESS) else: firewall.direction = ( client.messages.Firewall.DirectionValueValuesEnum.INGRESS) firewall.priority = args.priority firewall.destinationRanges = args.destination_ranges allowed = [] denied = [] if not args.action: allowed = firewalls_utils.ParseRules( args.allow, client.messages, firewalls_utils.ActionType.ALLOW) elif args.action == 'ALLOW': allowed = firewalls_utils.ParseRules( args.rules, client.messages, firewalls_utils.ActionType.ALLOW) elif args.action == 'DENY': denied = firewalls_utils.ParseRules( args.rules, client.messages, firewalls_utils.ActionType.DENY) firewall.allowed = allowed firewall.denied = denied firewall.sourceServiceAccounts = args.source_service_accounts firewall.targetServiceAccounts = args.target_service_accounts if args.IsSpecified('logging_metadata') and not args.enable_logging: raise exceptions.InvalidArgumentException( '--logging-metadata', 'cannot toggle logging metadata if logging is not enabled.') if args.IsSpecified('enable_logging'): log_config = client.messages.FirewallLogConfig( enable=args.enable_logging) if args.IsSpecified('logging_metadata'): log_config.metadata = flags.GetLoggingMetadataArg( client.messages).GetEnumForChoice(args.logging_metadata) firewall.logConfig = log_config return firewall, firewall_ref.project