コード例 #1
0
ファイル: list.py プロジェクト: PrateekKhatri/gcloud_cli
  def Run(self, args):
    org_policy_api = org_policy_service.OrgPolicyApi(self.ReleaseTrack())
    parent = utils.GetResourceFromArgs(args)
    output = []

    policies = org_policy_api.ListPolicies(parent).policies
    for policy in policies:
      spec = policy.spec
      list_policy_set = HasListPolicy(spec)
      boolean_policy_set = HasBooleanPolicy(spec)
      output.append({
          'constraint': policy.name.split('/')[-1],
          'listPolicy': 'SET' if list_policy_set else '-',
          'booleanPolicy': 'SET' if boolean_policy_set else '-',
          'etag': spec.etag
      })
    if args.show_unset:
      constraints = org_policy_api.ListConstraints(parent).constraints

      existing_policy_names = {row['constraint'] for row in output}
      for constraint in constraints:
        constraint_name = constraint.name.split('/')[-1]
        if constraint_name not in existing_policy_names:
          output.append({
              'constraint': constraint_name,
              'listPolicy': '-',
              'booleanPolicy': '-'
          })

    return output
コード例 #2
0
def CreateRuleOnPolicy(policy, release_track, condition_expression=None):
    """Creates a rule on the policy that contains the specified condition expression.

  In the case that condition_expression is None, a rule without a condition is
  created.

  Args:
    policy: messages.GoogleCloudOrgpolicy{api_version}Policy, The policy object
      to be updated.
    release_track: release track of the command
    condition_expression: str, The condition expression to create a new rule
      with.

  Returns:
    The rule that was created as well as the new policy that includes this
    rule.
  """
    org_policy_api = org_policy_service.OrgPolicyApi(release_track)

    new_policy = copy.deepcopy(policy)

    condition = None
    if condition_expression is not None:
        condition = org_policy_api.messages.GoogleTypeExpr(
            expression=condition_expression)

    new_rule = org_policy_api.BuildPolicySpecPolicyRule(condition=condition)
    new_policy.spec.rules.append(new_rule)

    return new_rule, new_policy
コード例 #3
0
    def __init__(self, cli, context):
        """Extends superclass method and add shared properties as well as a new property to toggle creation behavior.

    The new `disable_create` toggle controls behavior for when a policy cannot
    be found. If set to False (the default), the resource in question is
    created. If set to True, an exception is thrown.

    Args:
      cli: calliope.cli.CLI, The CLI object representing this command line tool.
      context: {str:object}, A set of key-value pairs that can be used for
        common initialization among commands.
    """
        super(OrgPolicyGetAndUpdateCommand, self).__init__(cli, context)

        self.org_policy_api = org_policy_service.OrgPolicyApi(
            self.ReleaseTrack())
        self.disable_create = False
コード例 #4
0
ファイル: delete.py プロジェクト: PrateekKhatri/gcloud_cli
    def Run(self, args):
        """Deletes an organization policy.

    The policy is deleted using DeletePolicy.

    Args:
      args: argparse.Namespace, An object that contains the values for the
        arguments specified in the Args method.

    Returns:
       If the policy is deleted, then messages.GoogleProtobufEmpty.
    """
        org_policy_api = org_policy_service.OrgPolicyApi(self.ReleaseTrack())
        policy_name = utils.GetPolicyNameFromArgs(args)

        delete_response = org_policy_api.DeletePolicy(policy_name)
        log.DeletedResource(policy_name, 'policy')
        return delete_response
    def Run(self, args):
        """Creates or updates a custom constraint from a JSON or YAML file.

    This first converts the contents of the specified file into a custom
    constraint object. It then fetches the current custom constraint using
    GetCustomConstraint. If it does not exist, the custom constraint is created
    using CreateCustomConstraint. If it does, the retrieved custom constraint is
    checked to see if it needs to be updated. If so, the custom constraint is
    updated using UpdateCustomConstraint.

    Args:
      args: argparse.Namespace, An object that contains the values for the
        arguments specified in the Args method.

    Returns:
      The created or updated custom constraint.
    """
        org_policy_api = org_policy_service.OrgPolicyApi(self.ReleaseTrack())
        input_custom_constraint = utils.GetCustomConstraintMessageFromFile(
            args.custom_constraint_file, self.ReleaseTrack())
        if not input_custom_constraint.name:
            raise exceptions.InvalidInputError(
                'Name field not present in the custom constraint.')
        if not input_custom_constraint.name.startswith('organizations/'):
            raise exceptions.InvalidInputError(
                'Name field contains invalid resource type: ' +
                input_custom_constraint.name +
                '. Custom constraints can be created only on organization resources.'
            )
        try:
            custom_constraint = org_policy_api.GetCustomConstraint(
                input_custom_constraint.name)
        except api_exceptions.HttpNotFoundError:
            create_response = org_policy_api.CreateCustomConstraint(
                input_custom_constraint)
            log.CreatedResource(input_custom_constraint.name,
                                'custom constraint')
            return create_response
        if custom_constraint == input_custom_constraint:
            return custom_constraint
        update_response = org_policy_api.UpdateCustomConstraint(
            input_custom_constraint)
        log.UpdatedResource(input_custom_constraint.name, 'custom constraint')
        return update_response
コード例 #6
0
    def Run(self, args):
        """Gets the (effective) organization policy.

    If --effective is not specified, then the policy is retrieved using
    GetPolicy.

    If --effective is specified, then the effective policy is retrieved using
    GetEffectivePolicy.

    Args:
      args: argparse.Namespace, An object that contains the values for the
        arguments specified in the Args method.

    Returns:
       The retrieved policy.
    """
        org_policy_api = org_policy_service.OrgPolicyApi(self.ReleaseTrack())
        policy_name = utils.GetPolicyNameFromArgs(args)

        if args.effective:
            return org_policy_api.GetEffectivePolicy(policy_name)

        return org_policy_api.GetPolicy(policy_name)
コード例 #7
0
def _DeleteRulesWithEmptyValues(policy, release_track):
    """Delete any rule with empty lists of allowed values and denied values and no other field set.

  Args:
    policy: messages.GoogleCloudOrgpolicy{api_version}Policy, The policy to be
      updated.
    release_track: calliope.base.ReleaseTrack, Release track of the command.

  Returns:
    The updated policy.
  """
    new_policy = copy.deepcopy(policy)
    org_policy_api = org_policy_service.OrgPolicyApi(release_track)

    values = org_policy_api.BuildPolicySpecPolicyRuleStringValues()
    matching_empty_rule = org_policy_api.BuildPolicySpecPolicyRule(
        values=values)

    new_policy.spec.rules = [
        rule for rule in new_policy.spec.rules if rule != matching_empty_rule
    ]

    return new_policy
コード例 #8
0
    def Run(self, args):
        """Creates or updates a policy from a JSON or YAML file.

    This first converts the contents of the specified file into a policy object.
    It then fetches the current policy using GetPolicy. If it does not exist,
    the policy is created using CreatePolicy. If it does, the retrieved policy
    is checked to see if it needs to be updated. If so, the policy is updated
    using UpdatePolicy.

    Args:
      args: argparse.Namespace, An object that contains the values for the
        arguments specified in the Args method.

    Returns:
      The created or updated policy.
    """
        org_policy_api = org_policy_service.OrgPolicyApi(self.ReleaseTrack())
        input_policy = utils.GetMessageFromFile(args.policy_file,
                                                self.ReleaseTrack())
        if not input_policy.name:
            raise exceptions.InvalidInputError(
                'Name field not present in the organization policy.')

        try:
            policy = org_policy_api.GetPolicy(input_policy.name)
        except api_exceptions.HttpNotFoundError:
            create_response = org_policy_api.CreatePolicy(input_policy)
            log.CreatedResource(input_policy.name, 'policy')
            return create_response

        if policy == input_policy:
            return policy

        update_response = org_policy_api.UpdatePolicy(input_policy)
        log.UpdatedResource(input_policy.name, 'policy')
        return update_response