def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
org_security_policy = client.OrgSecurityPolicy(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
parent_id = None
if args.IsSpecified('organization'):
parent_id = 'organizations/' + args.organization
if args.IsSpecified('folder'):
parent_id = 'folders/' + args.folder
if parent_id is None:
log.error(
'Must specify parent id with --organization=ORGANIZATION or'
'--folder=FOLDER')
sys.exit()
sp_id = org_security_policies_utils.GetSecurityPolicyId(
org_security_policy, ref.Name(), organization=args.organization)
return org_security_policy.Move(only_generate_request=False,
sp_id=sp_id,
parent_id=parent_id)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
org_security_policy = client.OrgSecurityPolicy(
ref=ref, compute_client=holder.client)
sp_id = org_security_policies_utils.GetSecurityPolicyId(
org_security_policy, ref.Name(), organization=args.organization)
return org_security_policy.Delete(sp_id=sp_id, only_generate_request=False)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
org_security_policy = client.OrgSecurityPolicy(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
dest_sp_id = org_security_policies_utils.GetSecurityPolicyId(
org_security_policy, ref.Name(), organization=args.organization)
return org_security_policy.CopyRules(
only_generate_request=False,
dest_sp_id=dest_sp_id,
source_security_policy=args.source_security_policy)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
org_security_policy = client.OrgSecurityPolicy(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
sp_id = org_security_policies_utils.GetSecurityPolicyId(
org_security_policy, ref.Name(), organization=args.organization)
response = org_security_policy.Describe(sp_id=sp_id,
only_generate_request=False)
if not response:
return None
return response[0].rules
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
security_policy_rule_client = client.OrgSecurityPolicyRule(
ref=ref, compute_client=holder.client)
org_security_policy = client.OrgSecurityPolicy(
ref=ref, compute_client=holder.client)
security_policy_id = org_security_policies_utils.GetSecurityPolicyId(
org_security_policy,
args.security_policy,
organization=args.organization)
return security_policy_rule_client.Describe(
priority=rule_utils.ConvertPriorityToInt(ref.Name()),
security_policy_id=security_policy_id,
only_generate_request=False)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
org_security_policy = client.OrgSecurityPolicy(
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
name = None
attachment_id = None
replace_existing_association = False
if args.IsSpecified('name'):
name = args.name
attachment_id = None
if args.IsSpecified('folder'):
attachment_id = 'folders/' + args.folder
if name is None:
name = 'folder-' + args.folder
if args.IsSpecified('organization') and attachment_id is None:
attachment_id = 'organizations/' + args.organization
if name is None:
name = 'organization-' + args.organization
if attachment_id is None:
log.error(
'Must specify attachment ID with --organization=ORGANIZATION or '
'--folder=FOLDER')
sys.exit()
replace_existing_association = False
if args.replace_association_on_target:
replace_existing_association = True
association = holder.client.messages.SecurityPolicyAssociation(
attachmentId=attachment_id, name=name)
security_policy_id = org_security_policies_utils.GetSecurityPolicyId(
org_security_policy,
args.security_policy,
organization=args.organization)
return org_security_policy.AddAssociation(
association=association,
security_policy_id=security_policy_id,
replace_existing_association=replace_existing_association,
only_generate_request=False)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
org_security_policy = client.OrgSecurityPolicy(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
sp_id = org_security_policies_utils.GetSecurityPolicyId(
org_security_policy, ref.Name(), organization=args.organization)
existing_security_policy = org_security_policy.Describe(
sp_id=sp_id, only_generate_request=False)[0]
security_policy = holder.client.messages.SecurityPolicy(
description=args.description,
fingerprint=existing_security_policy.fingerprint)
return org_security_policy.Update(sp_id=sp_id,
only_generate_request=False,
security_policy=security_policy)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
security_policy_rule_client = client.OrgSecurityPolicyRule(
ref=ref, compute_client=holder.client)
src_ip_ranges = []
dest_ip_ranges = []
dest_ports = []
layer4_configs = []
target_resources = []
target_service_accounts = []
enable_logging = False
if args.IsSpecified('src_ip_ranges'):
src_ip_ranges = args.src_ip_ranges
if args.IsSpecified('dest_ip_ranges'):
dest_ip_ranges = args.dest_ip_ranges
if args.IsSpecified('dest_ports'):
dest_ports = args.dest_ports
if args.IsSpecified('layer4_configs'):
layer4_configs = args.layer4_configs
if args.IsSpecified('target_resources'):
target_resources = args.target_resources
if args.IsSpecified('target_service_accounts'):
target_service_accounts = args.target_service_accounts
if args.IsSpecified('enable_logging'):
enable_logging = True
dest_ports_list = rule_utils.ParseDestPorts(dest_ports,
holder.client.messages)
layer4_config_list = rule_utils.ParseLayer4Configs(layer4_configs,
holder.client.messages)
matcher = holder.client.messages.SecurityPolicyRuleMatcher(
versionedExpr=holder.client.messages.SecurityPolicyRuleMatcher
.VersionedExprValueValuesEnum.FIREWALL,
config=holder.client.messages.SecurityPolicyRuleMatcherConfig(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
destPorts=dest_ports_list,
layer4Configs=layer4_config_list))
traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.INGRESS
if args.IsSpecified('direction'):
if args.direction == 'INGRESS':
traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.INGRESS
else:
traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.EGRESS
security_policy_rule = holder.client.messages.SecurityPolicyRule(
priority=rule_utils.ConvertPriorityToInt(ref.Name()),
action=args.action,
match=matcher,
direction=traffic_direct,
targetResources=target_resources,
targetServiceAccounts=target_service_accounts,
description=args.description,
enableLogging=enable_logging)
org_security_policy = client.OrgSecurityPolicy(
ref=ref, compute_client=holder.client)
security_policy_id = org_security_policies_utils.GetSecurityPolicyId(
org_security_policy,
args.security_policy,
organization=args.organization)
return security_policy_rule_client.Create(
security_policy=security_policy_id,
security_policy_rule=security_policy_rule)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False)
security_policy_rule_client = client.OrgSecurityPolicyRule(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
priority = rule_utils.ConvertPriorityToInt(ref.Name())
src_ip_ranges = []
dest_ip_ranges = []
dest_ports_list = []
layer4_config_list = []
target_resources = []
target_service_accounts = []
enable_logging = False
should_setup_match = False
traffic_direct = None
matcher = None
if args.IsSpecified('src_ip_ranges'):
src_ip_ranges = args.src_ip_ranges
should_setup_match = True
if args.IsSpecified('dest_ip_ranges'):
dest_ip_ranges = args.dest_ip_ranges
should_setup_match = True
if self.ReleaseTrack() == base.ReleaseTrack.ALPHA and args.IsSpecified(
'dest_ports'):
should_setup_match = True
dest_ports_list = rule_utils.ParseDestPorts(
args.dest_ports, holder.client.messages)
if args.IsSpecified('layer4_configs'):
should_setup_match = True
layer4_config_list = rule_utils.ParseLayer4Configs(
args.layer4_configs, holder.client.messages)
if args.IsSpecified('target_resources'):
target_resources = args.target_resources
if args.IsSpecified('target_service_accounts'):
target_service_accounts = args.target_service_accounts
if args.IsSpecified('enable_logging'):
enable_logging = True
if args.IsSpecified('new_priority'):
new_priority = rule_utils.ConvertPriorityToInt(args.new_priority)
else:
new_priority = priority
# If need to construct a new matcher.
if should_setup_match:
if self.ReleaseTrack() == base.ReleaseTrack.ALPHA:
matcher = holder.client.messages.SecurityPolicyRuleMatcher(
versionedExpr=holder.client.messages.
SecurityPolicyRuleMatcher.VersionedExprValueValuesEnum.
FIREWALL,
config=holder.client.messages.
SecurityPolicyRuleMatcherConfig(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
destPorts=dest_ports_list,
layer4Configs=layer4_config_list))
else:
matcher = holder.client.messages.SecurityPolicyRuleMatcher(
versionedExpr=holder.client.messages.
SecurityPolicyRuleMatcher.VersionedExprValueValuesEnum.
FIREWALL,
config=holder.client.messages.
SecurityPolicyRuleMatcherConfig(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
layer4Configs=layer4_config_list))
if args.IsSpecified('direction'):
if args.direction == 'INGRESS':
traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.INGRESS
else:
traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.EGRESS
security_policy_rule = holder.client.messages.SecurityPolicyRule(
priority=new_priority,
action=args.action,
match=matcher,
direction=traffic_direct,
targetResources=target_resources,
targetServiceAccounts=target_service_accounts,
description=args.description,
enableLogging=enable_logging)
security_policy_id = org_security_policies_utils.GetSecurityPolicyId(
security_policy_rule_client,
args.security_policy,
organization=args.organization)
return security_policy_rule_client.Update(
priority=priority,
security_policy=security_policy_id,
security_policy_rule=security_policy_rule)
