def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources, with_project=False) org_security_policy = client.OrgSecurityPolicy( ref=ref, compute_client=holder.client) return org_security_policy.Delete(only_generate_request=False)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources, with_project=False) org_security_policy = client.OrgSecurityPolicy( ref=ref, compute_client=holder.client, resources=holder.resources, version=six.text_type(self.ReleaseTrack()).lower()) parent_id = None if args.IsSpecified('organization'): parent_id = 'organizations/' + args.organization if args.IsSpecified('folder'): parent_id = 'folders/' + args.folder if parent_id is None: log.error( 'Must specify parent id with --organization=ORGANIZATION or' '--folder=FOLDER') sys.exit() sp_id = org_security_policies_utils.GetSecurityPolicyId( org_security_policy, ref.Name(), organization=args.organization) return org_security_policy.Move(only_generate_request=False, sp_id=sp_id, parent_id=parent_id)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources, with_project=False) org_security_policy = client.OrgSecurityPolicy( ref=ref, compute_client=holder.client) sp_id = org_security_policies_utils.GetSecurityPolicyId( org_security_policy, ref.Name(), organization=args.organization) return org_security_policy.Delete(sp_id=sp_id, only_generate_request=False)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources, with_project=False) org_security_policy = client.OrgSecurityPolicy( ref=ref, compute_client=holder.client) if args.IsSpecified('organization'): parent_id = 'organizations/' + args.organization elif args.IsSpecified('folder'): parent_id = 'folders/' + args.folder return org_security_policy.Move(only_generate_request=False, parent_id=parent_id)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) org_security_policy = client.OrgSecurityPolicy( compute_client=holder.client) if args.organization: parent_id = 'organizations/' + args.organization elif args.folder: parent_id = 'folders/' + args.folder return org_security_policy.List(parent_id=parent_id, only_generate_request=False)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) org_security_policy = client.OrgSecurityPolicy( compute_client=holder.client) target_resource = None if args.IsSpecified('organization'): target_resource = 'organizations/' + args.organization elif args.IsSpecified('folder'): target_resource = 'folders/' + args.folder return org_security_policy.ListAssociations( target_resource=target_resource, only_generate_request=False)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources, with_project=False) org_security_policy = client.OrgSecurityPolicy( ref=ref, compute_client=holder.client) existing_security_policy = org_security_policy.Describe( only_generate_request=False)[0] security_policy = holder.client.messages.SecurityPolicy( description=args.description, fingerprint=existing_security_policy.fingerprint) return org_security_policy.Update(only_generate_request=False, security_policy=security_policy)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources, with_project=False) org_security_policy = client.OrgSecurityPolicy( ref=ref, compute_client=holder.client, resources=holder.resources, version=six.text_type(self.ReleaseTrack()).lower()) dest_sp_id = org_security_policies_utils.GetSecurityPolicyId( org_security_policy, ref.Name(), organization=args.organization) return org_security_policy.CopyRules( only_generate_request=False, dest_sp_id=dest_sp_id, source_security_policy=args.source_security_policy)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) org_security_policy = client.OrgSecurityPolicy( compute_client=holder.client) if args.IsSpecified('organization'): parent_id = 'organizations/' + args.organization elif args.IsSpecified('folder'): parent_id = 'folders/' + args.folder security_policy = holder.client.messages.SecurityPolicy( description=args.description, type=holder.client.messages.SecurityPolicy.TypeValueValuesEnum. FIREWALL) return org_security_policy.Create(security_policy=security_policy, parent_id=parent_id, only_generate_request=False)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources, with_project=False) org_security_policy = client.OrgSecurityPolicy( ref=ref, compute_client=holder.client, resources=holder.resources, version=six.text_type(self.ReleaseTrack()).lower()) sp_id = org_security_policies_utils.GetSecurityPolicyId( org_security_policy, ref.Name(), organization=args.organization) response = org_security_policy.Describe(sp_id=sp_id, only_generate_request=False) if not response: return None return response[0].rules
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources, with_project=False) security_policy_rule_client = client.OrgSecurityPolicyRule( ref=ref, compute_client=holder.client) org_security_policy = client.OrgSecurityPolicy( ref=ref, compute_client=holder.client) security_policy_id = org_security_policies_utils.GetSecurityPolicyId( org_security_policy, args.security_policy, organization=args.organization) return security_policy_rule_client.Describe( priority=rule_utils.ConvertPriorityToInt(ref.Name()), security_policy_id=security_policy_id, only_generate_request=False)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) org_security_policy = client.OrgSecurityPolicy( compute_client=holder.client, resources=holder.resources, version=six.text_type(self.ReleaseTrack()).lower()) name = None attachment_id = None replace_existing_association = False if args.IsSpecified('name'): name = args.name attachment_id = None if args.IsSpecified('folder'): attachment_id = 'folders/' + args.folder if name is None: name = 'folder-' + args.folder if args.IsSpecified('organization') and attachment_id is None: attachment_id = 'organizations/' + args.organization if name is None: name = 'organization-' + args.organization if attachment_id is None: log.error( 'Must specify attachment ID with --organization=ORGANIZATION or ' '--folder=FOLDER') sys.exit() replace_existing_association = False if args.replace_association_on_target: replace_existing_association = True association = holder.client.messages.SecurityPolicyAssociation( attachmentId=attachment_id, name=name) security_policy_id = org_security_policies_utils.GetSecurityPolicyId( org_security_policy, args.security_policy, organization=args.organization) return org_security_policy.AddAssociation( association=association, security_policy_id=security_policy_id, replace_existing_association=replace_existing_association, only_generate_request=False)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) org_security_policy = client.OrgSecurityPolicy( compute_client=holder.client, resources=holder.resources, version=six.text_type(self.ReleaseTrack()).lower()) target_resource = None if args.IsSpecified('organization'): target_resource = 'organizations/' + args.organization elif args.IsSpecified('folder'): target_resource = 'folders/' + args.folder res = org_security_policy.ListAssociations( target_resource=target_resource, only_generate_request=False) if not res: return None return res[0].associations
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources, with_project=False) org_security_policy = client.OrgSecurityPolicy( ref=ref, compute_client=holder.client, resources=holder.resources, version=six.text_type(self.ReleaseTrack()).lower()) sp_id = org_security_policies_utils.GetSecurityPolicyId( org_security_policy, ref.Name(), organization=args.organization) existing_security_policy = org_security_policy.Describe( sp_id=sp_id, only_generate_request=False)[0] security_policy = holder.client.messages.SecurityPolicy( description=args.description, fingerprint=existing_security_policy.fingerprint) return org_security_policy.Update(sp_id=sp_id, only_generate_request=False, security_policy=security_policy)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) org_security_policy = client.OrgSecurityPolicy( compute_client=holder.client) name = None attachment_id = None security_policy_id = None replace_existing_association = False if args.security_policy: security_policy_id = args.security_policy if args.IsSpecified('name'): name = args.name if args.IsSpecified('organization'): attachment_id = 'organizations/' + args.organization if name is None: name = 'organization-' + args.organization elif args.IsSpecified('folder'): attachment_id = 'folders/' + args.folder if name is None: name = 'folder-' + args.folder replace_existing_association = False if args.replace_association_on_target: replace_existing_association = True association = holder.client.messages.SecurityPolicyAssociation( attachmentId=attachment_id, name=name) return org_security_policy.AddAssociation( association=association, security_policy_id=security_policy_id, replace_existing_association=replace_existing_association, only_generate_request=False)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources, with_project=False) security_policy_rule_client = client.OrgSecurityPolicyRule( ref=ref, compute_client=holder.client) src_ip_ranges = [] dest_ip_ranges = [] dest_ports = [] layer4_configs = [] target_resources = [] target_service_accounts = [] enable_logging = False if args.IsSpecified('src_ip_ranges'): src_ip_ranges = args.src_ip_ranges if args.IsSpecified('dest_ip_ranges'): dest_ip_ranges = args.dest_ip_ranges if args.IsSpecified('dest_ports'): dest_ports = args.dest_ports if args.IsSpecified('layer4_configs'): layer4_configs = args.layer4_configs if args.IsSpecified('target_resources'): target_resources = args.target_resources if args.IsSpecified('target_service_accounts'): target_service_accounts = args.target_service_accounts if args.IsSpecified('enable_logging'): enable_logging = True dest_ports_list = rule_utils.ParseDestPorts(dest_ports, holder.client.messages) layer4_config_list = rule_utils.ParseLayer4Configs(layer4_configs, holder.client.messages) matcher = holder.client.messages.SecurityPolicyRuleMatcher( versionedExpr=holder.client.messages.SecurityPolicyRuleMatcher .VersionedExprValueValuesEnum.FIREWALL, config=holder.client.messages.SecurityPolicyRuleMatcherConfig( srcIpRanges=src_ip_ranges, destIpRanges=dest_ip_ranges, destPorts=dest_ports_list, layer4Configs=layer4_config_list)) traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.INGRESS if args.IsSpecified('direction'): if args.direction == 'INGRESS': traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.INGRESS else: traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.EGRESS security_policy_rule = holder.client.messages.SecurityPolicyRule( priority=rule_utils.ConvertPriorityToInt(ref.Name()), action=args.action, match=matcher, direction=traffic_direct, targetResources=target_resources, targetServiceAccounts=target_service_accounts, description=args.description, enableLogging=enable_logging) org_security_policy = client.OrgSecurityPolicy( ref=ref, compute_client=holder.client) security_policy_id = org_security_policies_utils.GetSecurityPolicyId( org_security_policy, args.security_policy, organization=args.organization) return security_policy_rule_client.Create( security_policy=security_policy_id, security_policy_rule=security_policy_rule)