def Run(self, args): if not os.path.exists(args.file_name): raise exceptions.BadFileException( 'no such file [{0}]'.format(args.file_name)) if os.path.isdir(args.file_name): raise exceptions.BadFileException( '[{0}] is a directory'.format(args.file_name)) holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.SECURITY_POLICY_ARG.ResolveAsResource(args, holder.resources) # Get the imported security policy config. try: with open(args.file_name) as import_file: imported = security_policies_utils.SecurityPolicyFromFile( import_file, holder.client.messages) except Exception as exp: msg = (u'unable to read security policy config from specified file [{0}] ' u'because [{1}]'.format(args.file_name, exp.message)) raise exceptions.ToolException(msg) # Send the change to the service. security_policy = client.SecurityPolicy(ref, compute_client=holder.client) security_policy.Patch(security_policy=imported) msg = u'Updated [{0}] with config from [{1}].'.format( ref.Name(), args.file_name) log.status.Print(msg)
def Run(self, args): # Get the security policy. holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources) requests = [] security_policy = client.SecurityPolicy(ref, compute_client=holder.client) requests.extend(security_policy.Describe(only_generate_request=True)) resources = holder.client.MakeRequests(requests) # Export the security policy. try: with open(args.file_name, 'w') as export_file: if args.file_format == 'json': security_policies_utils.WriteToFile( export_file, resources[0], 'json') else: security_policies_utils.WriteToFile( export_file, resources[0], 'yaml') except EnvironmentError as exp: msg = 'Unable to export security policy to file [{0}]: {1}'.format( args.file_name, exp) raise exceptions.BadFileException(msg) log.status.Print('Exported security policy to [{0}].'.format( args.file_name))
def Run(self, args): self._ValidateArgs(args) holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.SECURITY_POLICY_ARG.ResolveAsResource(args, holder.resources) security_policy = client.SecurityPolicy( ref=ref, compute_client=holder.client) existing_security_policy = security_policy.Describe()[0] description = existing_security_policy.description adaptive_protection_config = ( existing_security_policy.adaptiveProtectionConfig) if args.description is not None: description = args.description if (args.IsSpecified('enable_layer7_ddos_defense') or args.IsSpecified('layer7_ddos_defense_rule_visibility')): adaptive_protection_config = ( security_policies_utils.CreateAdaptiveProtectionConfig( holder.client, args, adaptive_protection_config)) updated_security_policy = holder.client.messages.SecurityPolicy( description=description, adaptiveProtectionConfig=adaptive_protection_config, fingerprint=existing_security_policy.fingerprint) return security_policy.Patch(security_policy=updated_security_policy)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources) security_policy = client.SecurityPolicy(ref, compute_client=holder.client) return security_policy.Describe()
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) refs = self.SECURITY_POLICY_ARG.ResolveAsResource(args, holder.resources) utils.PromptForDeletion(refs) requests = [] for ref in refs: security_policy = client.SecurityPolicy(ref, compute_client=holder.client) requests.extend(security_policy.Delete(only_generate_request=True)) return holder.client.MakeRequests(requests)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.SECURITY_POLICY_ARG.ResolveAsResource(args, holder.resources) security_policy = client.SecurityPolicy(ref, compute_client=holder.client) if args.file_name: template = self._GetTemplateFromFile(args, holder.client.messages) template.name = ref.Name() else: template = holder.client.messages.SecurityPolicy( name=ref.Name(), description=args.description) return security_policy.Create(template)
def Run(self, args): self._ValidateArgs(args) holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.SECURITY_POLICY_ARG.ResolveAsResource(args, holder.resources) security_policy = client.SecurityPolicy( ref=ref, compute_client=holder.client) existing_security_policy = security_policy.Describe()[0] description = existing_security_policy.description cloud_armor_config = existing_security_policy.cloudArmorConfig adaptive_protection_config = ( existing_security_policy.adaptiveProtectionConfig) advanced_options_config = existing_security_policy.advancedOptionsConfig recaptcha_options_config = existing_security_policy.recaptchaOptionsConfig ddos_protection_config = existing_security_policy.ddosProtectionConfig if args.description is not None: description = args.description if args.enable_ml is not None: cloud_armor_config = security_policies_utils.CreateCloudArmorConfig( holder.client, args) if (args.IsSpecified('enable_layer7_ddos_defense') or args.IsSpecified('layer7_ddos_defense_rule_visibility')): adaptive_protection_config = ( security_policies_utils.CreateAdaptiveProtectionConfig( holder.client, args, adaptive_protection_config)) if (args.IsSpecified('json_parsing') or args.IsSpecified('log_level')): advanced_options_config = ( security_policies_utils.CreateAdvancedOptionsConfig( holder.client, args, advanced_options_config)) if args.IsSpecified('recaptcha_redirect_site_key'): recaptcha_options_config = ( security_policies_utils.CreateRecaptchaOptionsConfig( holder.client, args, recaptcha_options_config)) if args.IsSpecified('ddos_protection'): ddos_protection_config = ( security_policies_utils.CreateDdosProtectionConfig( holder.client, args, ddos_protection_config)) updated_security_policy = holder.client.messages.SecurityPolicy( description=description, cloudArmorConfig=cloud_armor_config, adaptiveProtectionConfig=adaptive_protection_config, advancedOptionsConfig=advanced_options_config, recaptchaOptionsConfig=recaptcha_options_config, ddosProtectionConfig=ddos_protection_config, fingerprint=existing_security_policy.fingerprint) return security_policy.Patch(security_policy=updated_security_policy)
def Run(self, args): self._ValidateArgs(args) holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources) security_policy = client.SecurityPolicy(ref=ref, compute_client=holder.client) existing_security_policy = security_policy.Describe()[0] description = existing_security_policy.description cloud_armor_config = existing_security_policy.cloudArmorConfig if args.description is not None: description = args.description if args.enable_ml is not None: cloud_armor_config = security_policies_utils.CreateCloudArmorConfig( holder.client, args) updated_security_policy = holder.client.messages.SecurityPolicy( description=description, cloudArmorConfig=cloud_armor_config, fingerprint=existing_security_policy.fingerprint) return security_policy.Patch(security_policy=updated_security_policy)