def Modify(self, args, existing, cleared_fields): """Returns a modified Firewall message.""" # TODO(user): Remove the check once allow was deprecated. new_firewall = super(AlphaUpdateFirewall, self).Modify(args, existing, cleared_fields) if args.rules: if existing.allowed: new_firewall.allowed = firewalls_utils.ParseRules( args.rules, self.messages, firewalls_utils.ActionType.ALLOW) else: new_firewall.denied = firewalls_utils.ParseRules( args.rules, self.messages, firewalls_utils.ActionType.DENY) new_firewall.direction = existing.direction if args.priority is None: new_firewall.priority = existing.priority else: new_firewall.priority = args.priority if args.destination_ranges: new_firewall.destinationRanges = args.destination_ranges elif args.destination_ranges is None: new_firewall.destinationRanges = existing.destinationRanges else: new_firewall.destinationRanges = [] cleared_fields.append('destinationRanges') return new_firewall
def Modify(self, client, args, existing, cleared_fields): """Returns a modified Firewall message.""" new_firewall = super(BetaUpdateFirewall, self).Modify( client, args, existing, cleared_fields) if args.rules: if existing.allowed: new_firewall.allowed = firewalls_utils.ParseRules( args.rules, client.messages, firewalls_utils.ActionType.ALLOW) else: new_firewall.denied = firewalls_utils.ParseRules( args.rules, client.messages, firewalls_utils.ActionType.DENY) new_firewall.direction = existing.direction if args.priority is None: new_firewall.priority = existing.priority else: new_firewall.priority = args.priority if args.destination_ranges: new_firewall.destinationRanges = args.destination_ranges elif args.destination_ranges is None: new_firewall.destinationRanges = existing.destinationRanges else: new_firewall.destinationRanges = [] cleared_fields.append('destinationRanges') return new_firewall
def _CreateFirewall(self, holder, args): client = holder.client if args.rules and args.allow: raise firewalls_utils.ArgumentValidationError( 'Can NOT specify --rules and --allow in the same request.') if bool(args.action) ^ bool(args.rules): raise firewalls_utils.ArgumentValidationError( 'Must specify --rules with --action.') allowed = firewalls_utils.ParseRules(args.allow, client.messages, firewalls_utils.ActionType.ALLOW) network_ref = self.NETWORK_ARG.ResolveAsResource( args, holder.resources) firewall_ref = self.FIREWALL_RULE_ARG.ResolveAsResource( args, holder.resources) firewall = client.messages.Firewall(allowed=allowed, name=firewall_ref.Name(), description=args.description, network=network_ref.SelfLink(), sourceRanges=args.source_ranges, sourceTags=args.source_tags, targetTags=args.target_tags) if args.disabled is not None: firewall.disabled = args.disabled firewall.direction = None if args.direction and args.direction in ['EGRESS', 'OUT']: firewall.direction = ( client.messages.Firewall.DirectionValueValuesEnum.EGRESS) else: firewall.direction = ( client.messages.Firewall.DirectionValueValuesEnum.INGRESS) firewall.priority = args.priority firewall.destinationRanges = args.destination_ranges allowed = [] denied = [] if not args.action: allowed = firewalls_utils.ParseRules( args.allow, client.messages, firewalls_utils.ActionType.ALLOW) elif args.action == 'ALLOW': allowed = firewalls_utils.ParseRules( args.rules, client.messages, firewalls_utils.ActionType.ALLOW) elif args.action == 'DENY': denied = firewalls_utils.ParseRules( args.rules, client.messages, firewalls_utils.ActionType.DENY) firewall.allowed = allowed firewall.denied = denied firewall.sourceServiceAccounts = args.source_service_accounts firewall.targetServiceAccounts = args.target_service_accounts return firewall, firewall_ref.project
def CreateRequests(self, args): """Returns a list of requests necessary for adding firewall rules.""" if args.rules and args.allow: raise firewalls_utils.ArgumentValidationError( 'Can NOT specify --rules and --allow in the same request.') if bool(args.action) ^ bool(args.rules): raise firewalls_utils.ArgumentValidationError( 'Must specify --rules with --action.') direction = None if args.direction and args.direction in ['EGRESS', 'OUT']: direction = self.messages.Firewall.DirectionValueValuesEnum.EGRESS else: direction = self.messages.Firewall.DirectionValueValuesEnum.INGRESS priority = args.priority allowed = [] denied = [] if not args.action: allowed = firewalls_utils.ParseRules( args.allow, self.messages, firewalls_utils.ActionType.ALLOW) elif args.action == 'ALLOW': allowed = firewalls_utils.ParseRules( args.rules, self.messages, firewalls_utils.ActionType.ALLOW) elif args.action == 'DENY': denied = firewalls_utils.ParseRules( args.rules, self.messages, firewalls_utils.ActionType.DENY) network_ref = self.NETWORK_ARG.ResolveAsResource(args, self.resources) firewall_ref = self.FIREWALL_RULE_ARG.ResolveAsResource( args, self.resources) request = self.messages.ComputeFirewallsInsertRequest( firewall=self.messages.Firewall( allowed=allowed, denied=denied, direction=direction, priority=priority, name=firewall_ref.Name(), description=args.description, network=network_ref.SelfLink(), sourceRanges=args.source_ranges, destinationRanges=args.destination_ranges, sourceTags=args.source_tags, targetTags=args.target_tags, sourceServiceAccounts=args.source_service_accounts, targetServiceAccounts=args.target_service_accounts), project=self.project) return [request]
def CreateRequests(self, args): """Returns a list of requests necessary for adding firewall rules.""" # TODO(user): remove the check once allow was deprecated. if args.rules and args.allow: raise firewalls_utils.ArgumentValidationError( 'Can NOT specify --rules and --allow in the same request.') if bool(args.action) ^ bool(args.rules): raise firewalls_utils.ArgumentValidationError( 'Must specify --rules with --action.') direction = None if args.direction and args.direction in ['EGRESS', 'OUT']: direction = self.messages.Firewall.DirectionValueValuesEnum.EGRESS else: direction = self.messages.Firewall.DirectionValueValuesEnum.INGRESS priority = args.priority allowed = [] denied = [] if not args.action: allowed = firewalls_utils.ParseRules( args.allow, self.messages, firewalls_utils.ActionType.ALLOW) elif args.action == 'ALLOW': allowed = firewalls_utils.ParseRules( args.rules, self.messages, firewalls_utils.ActionType.ALLOW) elif args.action == 'DENY': denied = firewalls_utils.ParseRules( args.rules, self.messages, firewalls_utils.ActionType.DENY) network_ref = self.CreateGlobalReference(args.network, resource_type='networks') firewall_ref = self.CreateGlobalReference(args.name, resource_type='firewalls') request = self.messages.ComputeFirewallsInsertRequest( firewall=self.messages.Firewall( allowed=allowed, denied=denied, direction=direction, priority=priority, name=firewall_ref.Name(), description=args.description, network=network_ref.SelfLink(), sourceRanges=args.source_ranges, destinationRanges=args.destination_ranges, sourceTags=args.source_tags, targetTags=args.target_tags), project=self.project) return [request]
def ValidateArgument(self, messages, args): self.new_allowed = firewalls_utils.ParseRules( args.allow, messages, firewalls_utils.ActionType.ALLOW) args_unset = all(x is None for x in (args.allow, args.description, args.source_ranges, args.source_tags, args.target_tags)) if self.with_egress_firewall: args_unset = args_unset and all( x is None for x in (args.destination_ranges, args.priority, args.rules)) if self.with_service_account: args_unset = args_unset and all( x is None for x in (args.source_service_accounts, args.target_service_accounts)) args_unset = args_unset and args.disabled is None args_unset = (args_unset and args.enable_logging is None) if self.support_logging_metadata: args_unset = args_unset and not args.logging_metadata if args_unset: raise calliope_exceptions.ToolException( 'At least one property must be modified.') if args.rules and args.allow: raise firewalls_utils.ArgumentValidationError( 'Can NOT specify --rules and --allow in the same request.')
def Modify(self, args, existing, cleared_fields): """Returns a modified Firewall message.""" new_firewall = super(AlphaUpdateFirewall, self).Modify(args, existing, cleared_fields) if args.rules: if existing.allowed: new_firewall.allowed = firewalls_utils.ParseRules( args.rules, self.messages, firewalls_utils.ActionType.ALLOW) else: new_firewall.denied = firewalls_utils.ParseRules( args.rules, self.messages, firewalls_utils.ActionType.DENY) new_firewall.direction = existing.direction if args.priority is None: new_firewall.priority = existing.priority else: new_firewall.priority = args.priority if args.destination_ranges: new_firewall.destinationRanges = args.destination_ranges elif args.destination_ranges is None: new_firewall.destinationRanges = existing.destinationRanges else: new_firewall.destinationRanges = [] cleared_fields.append('destinationRanges') if args.source_service_accounts: new_firewall.sourceServiceAccounts = args.source_service_accounts elif args.source_service_accounts is None: new_firewall.sourceServiceAccounts = existing.sourceServiceAccounts else: new_firewall.sourceServiceAccounts = [] cleared_fields.append('sourceServiceAccounts') if args.target_service_accounts: new_firewall.targetServiceAccounts = args.target_service_accounts elif args.target_service_accounts is None: new_firewall.targetServiceAccounts = existing.targetServiceAccounts else: new_firewall.targetServiceAccounts = [] cleared_fields.append('targetServiceAccounts') return new_firewall
def ValidateArgument(self, args): self.new_allowed = firewalls_utils.ParseRules( args.allow, self.messages, firewalls_utils.ActionType.ALLOW) args_unset = (args.allow is None and args.description is None and args.source_ranges is None and args.source_tags is None and args.target_tags is None) if self.with_egress_firewall: args_unset = (args_unset and args.destination_ranges is None and args.priority is None and args.rules is None) if args_unset: raise calliope_exceptions.ToolException( 'At least one property must be modified.')
def _CreateFirewall(self, args): allowed = firewalls_utils.ParseRules(args.allow, self.messages, firewalls_utils.ActionType.ALLOW) network_ref = self.NETWORK_ARG.ResolveAsResource(args, self.resources) firewall_ref = self.FIREWALL_RULE_ARG.ResolveAsResource(args, self.resources) if not args.source_ranges and not args.source_tags: args.source_ranges = ['0.0.0.0/0'] return self.messages.Firewall( allowed=allowed, name=firewall_ref.Name(), description=args.description, network=network_ref.SelfLink(), sourceRanges=args.source_ranges, sourceTags=args.source_tags, targetTags=args.target_tags)
def ValidateArgument(self, messages, args): self.new_allowed = firewalls_utils.ParseRules( args.allow, messages, firewalls_utils.ActionType.ALLOW) args_unset = all( x is None for x in (args.allow, args.description, args.source_ranges, args.source_tags, args.target_tags)) if self.with_egress_firewall: args_unset = args_unset and all( x is None for x in (args.destination_ranges, args.priority, args.rules)) if self.with_service_account: args_unset = args_unset and all( x is None for x in (args.source_service_accounts, args.target_service_accounts)) if args_unset: raise calliope_exceptions.ToolException( 'At least one property must be modified.')
def CreateRequests(self, args): """Returns a list of requests necessary for adding firewall rules.""" if not args.source_ranges and not args.source_tags: args.source_ranges = ['0.0.0.0/0'] allowed = firewalls_utils.ParseRules(args.allow, self.messages, firewalls_utils.ActionType.ALLOW) network_ref = self.NETWORK_ARG.ResolveAsResource(args, self.resources) firewall_ref = self.FIREWALL_RULE_ARG.ResolveAsResource( args, self.resources) request = self.messages.ComputeFirewallsInsertRequest( firewall=self.messages.Firewall(allowed=allowed, name=firewall_ref.Name(), description=args.description, network=network_ref.SelfLink(), sourceRanges=args.source_ranges, sourceTags=args.source_tags, targetTags=args.target_tags), project=self.project) return [request]
def Modify(self, client, args, existing, cleared_fields): """Returns a modified Firewall message and included fields.""" if args.allow: allowed = self.new_allowed elif args.allow is None: allowed = existing.allowed else: cleared_fields.append('allowed') allowed = [] if args.description: description = args.description elif args.description is None: description = existing.description else: cleared_fields.append('description') description = None if args.source_ranges: source_ranges = args.source_ranges elif args.source_ranges is None: source_ranges = existing.sourceRanges else: cleared_fields.append('sourceRanges') source_ranges = [] if args.source_tags: source_tags = args.source_tags elif args.source_tags is None: source_tags = existing.sourceTags else: cleared_fields.append('sourceTags') source_tags = [] if args.target_tags: target_tags = args.target_tags elif args.target_tags is None: target_tags = existing.targetTags else: cleared_fields.append('targetTags') target_tags = [] denied = [] if args.rules: if existing.allowed: allowed = firewalls_utils.ParseRules( args.rules, client.messages, firewalls_utils.ActionType.ALLOW) else: denied = firewalls_utils.ParseRules( args.rules, client.messages, firewalls_utils.ActionType.DENY) elif args.rules is not None: if existing.allowed: cleared_fields.append('allowed') allowed = [] else: cleared_fields.append('denied') denied = [] direction = existing.direction if args.priority is None: priority = existing.priority else: priority = args.priority destination_ranges = [] if args.destination_ranges: destination_ranges = args.destination_ranges elif args.destination_ranges is None: destination_ranges = existing.destinationRanges else: cleared_fields.append('destinationRanges') source_service_accounts = [] if args.source_service_accounts: source_service_accounts = args.source_service_accounts elif args.source_service_accounts is None: source_service_accounts = existing.sourceServiceAccounts else: cleared_fields.append('sourceServiceAccounts') target_service_accounts = [] if args.target_service_accounts: target_service_accounts = args.target_service_accounts elif args.target_service_accounts is None: target_service_accounts = existing.targetServiceAccounts else: cleared_fields.append('targetServiceAccounts') if args.IsSpecified('enable_logging'): log_config = client.messages.FirewallLogConfig( enable=args.enable_logging) else: log_config = existing.logConfig new_firewall = client.messages.Firewall( name=existing.name, direction=direction, priority=priority, allowed=allowed, denied=denied, description=description, network=existing.network, sourceRanges=source_ranges, sourceTags=source_tags, destinationRanges=destination_ranges, targetTags=target_tags, sourceServiceAccounts=source_service_accounts, targetServiceAccounts=target_service_accounts, logConfig=log_config) if args.disabled is not None: new_firewall.disabled = args.disabled return new_firewall
def _CreateFirewall(self, holder, args): client = holder.client if args.rules and args.allow: raise firewalls_utils.ArgumentValidationError( 'Can NOT specify --rules and --allow in the same request.') if bool(args.action) ^ bool(args.rules): raise firewalls_utils.ArgumentValidationError( 'Must specify --rules with --action.') allowed = firewalls_utils.ParseRules(args.allow, client.messages, firewalls_utils.ActionType.ALLOW) network_ref = self.NETWORK_ARG.ResolveAsResource( args, holder.resources) firewall_ref = self.FIREWALL_RULE_ARG.ResolveAsResource( args, holder.resources) firewall = client.messages.Firewall(allowed=allowed, name=firewall_ref.Name(), description=args.description, network=network_ref.SelfLink(), sourceRanges=args.source_ranges, sourceTags=args.source_tags, targetTags=args.target_tags) if args.disabled is not None: firewall.disabled = args.disabled firewall.direction = None if args.direction and args.direction in ['EGRESS', 'OUT']: firewall.direction = ( client.messages.Firewall.DirectionValueValuesEnum.EGRESS) else: firewall.direction = ( client.messages.Firewall.DirectionValueValuesEnum.INGRESS) firewall.priority = args.priority firewall.destinationRanges = args.destination_ranges allowed = [] denied = [] if not args.action: allowed = firewalls_utils.ParseRules( args.allow, client.messages, firewalls_utils.ActionType.ALLOW) elif args.action == 'ALLOW': allowed = firewalls_utils.ParseRules( args.rules, client.messages, firewalls_utils.ActionType.ALLOW) elif args.action == 'DENY': denied = firewalls_utils.ParseRules( args.rules, client.messages, firewalls_utils.ActionType.DENY) firewall.allowed = allowed firewall.denied = denied firewall.sourceServiceAccounts = args.source_service_accounts firewall.targetServiceAccounts = args.target_service_accounts if args.IsSpecified('logging_metadata') and not args.enable_logging: raise exceptions.InvalidArgumentException( '--logging-metadata', 'cannot toggle logging metadata if logging is not enabled.') if args.IsSpecified('enable_logging'): log_config = client.messages.FirewallLogConfig( enable=args.enable_logging) if args.IsSpecified('logging_metadata'): log_config.metadata = flags.GetLoggingMetadataArg( client.messages).GetEnumForChoice(args.logging_metadata) firewall.logConfig = log_config return firewall, firewall_ref.project
def Modify(self, client, args, existing, cleared_fields): """Returns a modified Firewall message and included fields.""" if args.allow: allowed = self.new_allowed elif args.allow is None: allowed = existing.allowed else: cleared_fields.append('allowed') allowed = [] if args.description: description = args.description elif args.description is None: description = existing.description else: cleared_fields.append('description') description = None if args.source_ranges: source_ranges = args.source_ranges elif args.source_ranges is None: source_ranges = existing.sourceRanges else: cleared_fields.append('sourceRanges') source_ranges = [] if args.source_tags: source_tags = args.source_tags elif args.source_tags is None: source_tags = existing.sourceTags else: cleared_fields.append('sourceTags') source_tags = [] if args.target_tags: target_tags = args.target_tags elif args.target_tags is None: target_tags = existing.targetTags else: cleared_fields.append('targetTags') target_tags = [] denied = [] if args.rules: if existing.allowed: allowed = firewalls_utils.ParseRules(args.rules, client.messages, firewalls_utils.ActionType.ALLOW) else: denied = firewalls_utils.ParseRules(args.rules, client.messages, firewalls_utils.ActionType.DENY) elif args.rules is not None: if existing.allowed: cleared_fields.append('allowed') allowed = [] else: cleared_fields.append('denied') denied = [] direction = existing.direction if args.priority is None: priority = existing.priority else: priority = args.priority destination_ranges = [] if args.destination_ranges: destination_ranges = args.destination_ranges elif args.destination_ranges is None: destination_ranges = existing.destinationRanges else: cleared_fields.append('destinationRanges') new_firewall = client.messages.Firewall( name=existing.name, direction=direction, priority=priority, allowed=allowed, denied=denied, description=description, network=existing.network, sourceRanges=source_ranges, sourceTags=source_tags, destinationRanges=destination_ranges, targetTags=target_tags,) return new_firewall