def _ValidateTerm(self):
if self.term.destination_tag or self.term.source_tag:
raise gcp.TermError('Hierarchical Firewall does not support tags')
if self.term.protocol:
for protocol in self.term.protocol:
if protocol not in self._ALLOW_PROTO_NAME:
raise gcp.TermError('Protocol %s is not supported' % protocol)
if self.term.direction == 'INGRESS':
if not self.term.source_address:
raise gcp.TermError('Ingress rule missing source address')
elif self.term.direction == 'EGRESS':
if not self.term.destination_address:
raise gcp.TermError('Egress rule missing destination address')
for proj, vpc in self.term.target_resources:
if not gcp.IsProjectIDValid(proj):
raise gcp.TermError('Project ID "%s" must have lowercase letters, '
'digits, or hyphens. It must start with a '
'lowercase letter and end with a letter or number.')
if not gcp.IsVPCNameValid(vpc):
raise gcp.TermError('VPC name "%s" must start with a lowercase letter '
'followed by up to 62 lowercase letters, numbers, '
'or hyphens, and cannot end with a hyphen.')
if self.term.source_port:
raise gcp.TermError('Hierarchical firewall does not support source port '
'restrictions.')
if self.term.option:
raise gcp.TermError('Hierarchical firewall does not support the '
'TCP_ESTABLISHED option.')
def _ValidateTerm(self):
if self.term.destination_tag or self.term.source_tag:
raise gcp.TermError('Hierarchical Firewall does not support tags')
if self.term.protocol:
for protocol in self.term.protocol:
if protocol not in self._PROTO_NAMES:
raise gcp.TermError('Protocol %s is not supported' %
protocol)
for proj, vpc in self.term.target_resources:
if not gcp.IsProjectIDValid(proj):
raise gcp.TermError(
'Project ID "%s" must be 6 to 30 lowercase letters, digits, or hyphens.'
' It must start with a letter. Trailing hyphens are prohibited.'
% proj)
if not gcp.IsVPCNameValid(vpc):
raise gcp.TermError(
'VPC name "%s" must start with a lowercase letter '
'followed by up to 62 lowercase letters, numbers, '
'or hyphens, and cannot end with a hyphen.' % vpc)
if self.term.source_port:
raise gcp.TermError(
'Hierarchical firewall does not support source port '
'restrictions.')
if self.term.option:
raise gcp.TermError('Hierarchical firewall does not support the '
'TCP_ESTABLISHED option.')
def _ValidateTerm(self):
if self.term.destination_tag or self.term.source_tag:
raise gcp.TermError('Hierarchical Firewall does not support tags')
if len(self.term.target_resources) > self._TERM_TARGET_RESOURCES_LIMIT:
raise gcp.TermError(
'Term: %s target_resources field contains %s resources. It should not contain more than "%s".'
% (self.term.name, str(len(self.term.target_resources)),
self._TERM_TARGET_RESOURCES_LIMIT))
for proj, vpc in self.term.target_resources:
if not gcp.IsProjectIDValid(proj):
raise gcp.TermError(
'Project ID "%s" must be 6 to 30 lowercase letters, digits, or hyphens.'
' It must start with a letter. Trailing hyphens are prohibited.'
% proj)
if not gcp.IsVPCNameValid(vpc):
raise gcp.TermError(
'VPC name "%s" must start with a lowercase letter '
'followed by up to 62 lowercase letters, numbers, '
'or hyphens, and cannot end with a hyphen.' % vpc)
if self.term.source_port:
raise gcp.TermError(
'Hierarchical firewall does not support source port '
'restrictions.')
if self.term.option:
raise gcp.TermError('Hierarchical firewall does not support the '
'TCP_ESTABLISHED option.')
if len(self.term.destination_port
) > self._TERM_DESTINATION_PORTS_LIMIT:
raise gcp.TermError(
'Term: %s destination_port field contains %s ports. It should not contain more than "%s".'
% (self.term.name, str(len(self.term.destination_port)),
self._TERM_DESTINATION_PORTS_LIMIT))
# Since policy_inet_version is used to handle 'mixed'.
# We should error out if the individual term's inet version (address_family)
# is anything other than inet/inet6, since this should never happen
# naturally. Something has gone horribly wrong if you encounter this error.
if self.address_family == 'mixed':
raise gcp.TermError(
'Hierarchical firewall rule has incorrect inet_version for rule: %s'
% self.term.name)
def _ValidateTerm(self):
if self.term.destination_tag or self.term.source_tag:
raise gcp.TermError('Hierarchical Firewall does not support tags')
if self.term.protocol:
for protocol in self.term.protocol:
if protocol not in self._PROTO_NAMES:
raise gcp.TermError('Protocol %s is not supported' %
protocol)
if len(self.term.target_resources) > self._TERM_TARGET_RESOURCES_LIMIT:
raise gcp.TermError(
'Term: %s target_resources field contains %s resources. It should not contain more than "%s".'
% (self.term.name, str(len(self.term.target_resources)),
self._TERM_TARGET_RESOURCES_LIMIT))
for proj, vpc in self.term.target_resources:
if not gcp.IsProjectIDValid(proj):
raise gcp.TermError(
'Project ID "%s" must be 6 to 30 lowercase letters, digits, or hyphens.'
' It must start with a letter. Trailing hyphens are prohibited.'
% proj)
if not gcp.IsVPCNameValid(vpc):
raise gcp.TermError(
'VPC name "%s" must start with a lowercase letter '
'followed by up to 62 lowercase letters, numbers, '
'or hyphens, and cannot end with a hyphen.' % vpc)
if self.term.source_port:
raise gcp.TermError(
'Hierarchical firewall does not support source port '
'restrictions.')
if self.term.option:
raise gcp.TermError('Hierarchical firewall does not support the '
'TCP_ESTABLISHED option.')
if len(self.term.destination_port
) > self._TERM_DESTINATION_PORTS_LIMIT:
raise gcp.TermError(
'Term: %s destination_port field contains %s ports. It should not contain more than "%s".'
% (self.term.name, str(len(self.term.destination_port)),
self._TERM_DESTINATION_PORTS_LIMIT))
def testIsVPCNameValidFails(self, vpc): self.assertFalse(gcp.IsVPCNameValid(vpc))
def testIsVPCNameValidPasses(self, vpc): self.assertTrue(gcp.IsVPCNameValid(vpc))