def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(args, holder.resources, with_project=False) org_firewall_policy = client.OrgFirewallPolicy( ref=ref, compute_client=holder.client, resources=holder.resources, version=six.text_type(self.ReleaseTrack()).lower()) parent_id = None if args.IsSpecified('organization'): parent_id = 'organizations/' + args.organization if args.IsSpecified('folder'): parent_id = 'folders/' + args.folder if parent_id is None: log.error( 'Must specify parent id with --organization=ORGANIZATION or' '--folder=FOLDER') sys.exit() fp_id = firewall_policies_utils.GetFirewallPolicyId( org_firewall_policy, ref.Name(), organization=args.organization) return org_firewall_policy.Move(only_generate_request=False, fp_id=fp_id, parent_id=parent_id)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(args, holder.resources, with_project=False) org_firewall_policy = client.OrgFirewallPolicy( ref=ref, compute_client=holder.client, resources=holder.resources, version=six.text_type(self.ReleaseTrack()).lower()) fp_id = firewall_policies_utils.GetFirewallPolicyId( org_firewall_policy, ref.Name(), organization=args.organization) return org_firewall_policy.Delete(fp_id=fp_id, only_generate_request=False)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) org_firewall_policy = client.OrgFirewallPolicy( compute_client=holder.client, resources=holder.resources, version=six.text_type(self.ReleaseTrack()).lower()) name = None attachment_target = None replace_existing_association = False if args.IsSpecified('name'): name = args.name attachment_target = None if args.IsSpecified('folder'): attachment_target = 'folders/' + args.folder if name is None: name = 'folder-' + args.folder if args.IsSpecified('organization') and attachment_target is None: attachment_target = 'organizations/' + args.organization if name is None: name = 'organization-' + args.organization if attachment_target is None: log.error( 'Must specify attachment target with --organization=ORGANIZATION or ' '--folder=FOLDER') sys.exit() replace_existing_association = False if args.replace_association_on_target: replace_existing_association = True association = holder.client.messages.FirewallPolicyAssociation( attachmentTarget=attachment_target, name=name) firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId( org_firewall_policy, args.firewall_policy, organization=args.organization) return org_firewall_policy.AddAssociation( association=association, firewall_policy_id=firewall_policy_id, replace_existing_association=replace_existing_association, only_generate_request=False)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(args, holder.resources, with_project=False) firewall_policy_rule_client = client.OrgFirewallPolicyRule( ref=ref, compute_client=holder.client, resources=holder.resources, version=six.text_type(self.ReleaseTrack()).lower()) firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId( firewall_policy_rule_client, args.firewall_policy, organization=args.organization) return firewall_policy_rule_client.Delete( priority=rule_utils.ConvertPriorityToInt(ref.Name()), firewall_policy_id=firewall_policy_id, only_generate_request=False)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(args, holder.resources, with_project=False) firewall_policy_rule_client = client.OrgFirewallPolicyRule( ref=ref, compute_client=holder.client, resources=holder.resources, version=six.text_type(self.ReleaseTrack()).lower()) priority = rule_utils.ConvertPriorityToInt(ref.Name()) src_ip_ranges = [] dest_ip_ranges = [] layer4_config_list = [] target_resources = [] target_service_accounts = [] enable_logging = False disabled = False should_setup_match = False traffic_direct = None matcher = None if args.IsSpecified('src_ip_ranges'): src_ip_ranges = args.src_ip_ranges should_setup_match = True if args.IsSpecified('dest_ip_ranges'): dest_ip_ranges = args.dest_ip_ranges should_setup_match = True if args.IsSpecified('layer4_configs'): should_setup_match = True layer4_config_list = rule_utils.ParseLayer4Configs( args.layer4_configs, holder.client.messages) if args.IsSpecified('target_resources'): target_resources = args.target_resources if args.IsSpecified('target_service_accounts'): target_service_accounts = args.target_service_accounts if args.IsSpecified('enable_logging'): enable_logging = args.enable_logging if args.IsSpecified('disabled'): disabled = args.disabled if args.IsSpecified('new_priority'): new_priority = rule_utils.ConvertPriorityToInt(args.new_priority) else: new_priority = priority # If need to construct a new matcher. if should_setup_match: matcher = holder.client.messages.FirewallPolicyRuleMatcher( srcIpRanges=src_ip_ranges, destIpRanges=dest_ip_ranges, layer4Configs=layer4_config_list) if args.IsSpecified('direction'): if args.direction == 'INGRESS': traffic_direct = holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.INGRESS else: traffic_direct = holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.EGRESS firewall_policy_rule = holder.client.messages.FirewallPolicyRule( priority=new_priority, action=args.action, match=matcher, direction=traffic_direct, targetResources=target_resources, targetServiceAccounts=target_service_accounts, description=args.description, enableLogging=enable_logging, disabled=disabled) firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId( firewall_policy_rule_client, args.firewall_policy, organization=args.organization) return firewall_policy_rule_client.Update( priority=priority, firewall_policy=firewall_policy_id, firewall_policy_rule=firewall_policy_rule)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(args, holder.resources, with_project=False) firewall_policy_rule_client = client.OrgFirewallPolicyRule( ref=ref, compute_client=holder.client, resources=holder.resources, version=six.text_type(self.ReleaseTrack()).lower()) src_ip_ranges = [] dest_ip_ranges = [] layer4_configs = [] target_resources = [] target_service_accounts = [] src_fqdns = [] dest_fqdns = [] src_region_codes = [] dest_region_codes = [] src_threat_intelligence = [] dest_threat_intelligence = [] enable_logging = False disabled = False if args.IsSpecified('src_ip_ranges'): src_ip_ranges = args.src_ip_ranges if args.IsSpecified('dest_ip_ranges'): dest_ip_ranges = args.dest_ip_ranges if args.IsSpecified('layer4_configs'): layer4_configs = args.layer4_configs if args.IsSpecified('target_resources'): target_resources = args.target_resources if args.IsSpecified('target_service_accounts'): target_service_accounts = args.target_service_accounts if self.ReleaseTrack() == base.ReleaseTrack.ALPHA: if args.IsSpecified('src_fqdns'): src_fqdns = args.src_fqdns if args.IsSpecified('dest_fqdns'): dest_fqdns = args.dest_fqdns if args.IsSpecified('src_region_codes'): src_region_codes = args.src_region_codes if args.IsSpecified('dest_region_codes'): dest_region_codes = args.dest_region_codes if args.IsSpecified('src_threat_intelligence'): src_threat_intelligence = args.src_threat_intelligence if args.IsSpecified('dest_threat_intelligence'): dest_threat_intelligence = args.dest_threat_intelligence if args.IsSpecified('enable_logging'): enable_logging = args.enable_logging if args.IsSpecified('disabled'): disabled = args.disabled layer4_config_list = rule_utils.ParseLayer4Configs( layer4_configs, holder.client.messages) if self.ReleaseTrack() == base.ReleaseTrack.ALPHA: matcher = holder.client.messages.FirewallPolicyRuleMatcher( srcIpRanges=src_ip_ranges, destIpRanges=dest_ip_ranges, layer4Configs=layer4_config_list, srcFqdns=src_fqdns, destFqdns=dest_fqdns, srcRegionCodes=src_region_codes, destRegionCodes=dest_region_codes, srcThreatIntelligences=src_threat_intelligence, destThreatIntelligences=dest_threat_intelligence) else: matcher = holder.client.messages.FirewallPolicyRuleMatcher( srcIpRanges=src_ip_ranges, destIpRanges=dest_ip_ranges, layer4Configs=layer4_config_list) traffic_direct = holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.INGRESS if args.IsSpecified('direction'): if args.direction == 'INGRESS': traffic_direct = holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.INGRESS else: traffic_direct = holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.EGRESS firewall_policy_rule = holder.client.messages.FirewallPolicyRule( priority=rule_utils.ConvertPriorityToInt(ref.Name()), action=args.action, match=matcher, direction=traffic_direct, targetResources=target_resources, targetServiceAccounts=target_service_accounts, description=args.description, enableLogging=enable_logging, disabled=disabled) firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId( firewall_policy_rule_client, args.firewall_policy, organization=args.organization) return firewall_policy_rule_client.Create( firewall_policy=firewall_policy_id, firewall_policy_rule=firewall_policy_rule)