def Run(self, args): org_policy_api = org_policy_service.OrgPolicyApi(self.ReleaseTrack()) parent = utils.GetResourceFromArgs(args) output = [] policies = org_policy_api.ListPolicies(parent).policies for policy in policies: spec = policy.spec list_policy_set = HasListPolicy(spec) boolean_policy_set = HasBooleanPolicy(spec) output.append({ 'constraint': policy.name.split('/')[-1], 'listPolicy': 'SET' if list_policy_set else '-', 'booleanPolicy': 'SET' if boolean_policy_set else '-', 'etag': spec.etag }) if args.show_unset: constraints = org_policy_api.ListConstraints(parent).constraints existing_policy_names = {row['constraint'] for row in output} for constraint in constraints: constraint_name = constraint.name.split('/')[-1] if constraint_name not in existing_policy_names: output.append({ 'constraint': constraint_name, 'listPolicy': '-', 'booleanPolicy': '-' }) return output
def CreateRuleOnPolicy(policy, release_track, condition_expression=None): """Creates a rule on the policy that contains the specified condition expression. In the case that condition_expression is None, a rule without a condition is created. Args: policy: messages.GoogleCloudOrgpolicy{api_version}Policy, The policy object to be updated. release_track: release track of the command condition_expression: str, The condition expression to create a new rule with. Returns: The rule that was created as well as the new policy that includes this rule. """ org_policy_api = org_policy_service.OrgPolicyApi(release_track) new_policy = copy.deepcopy(policy) condition = None if condition_expression is not None: condition = org_policy_api.messages.GoogleTypeExpr( expression=condition_expression) new_rule = org_policy_api.BuildPolicySpecPolicyRule(condition=condition) new_policy.spec.rules.append(new_rule) return new_rule, new_policy
def __init__(self, cli, context): """Extends superclass method and add shared properties as well as a new property to toggle creation behavior. The new `disable_create` toggle controls behavior for when a policy cannot be found. If set to False (the default), the resource in question is created. If set to True, an exception is thrown. Args: cli: calliope.cli.CLI, The CLI object representing this command line tool. context: {str:object}, A set of key-value pairs that can be used for common initialization among commands. """ super(OrgPolicyGetAndUpdateCommand, self).__init__(cli, context) self.org_policy_api = org_policy_service.OrgPolicyApi( self.ReleaseTrack()) self.disable_create = False
def Run(self, args): """Deletes an organization policy. The policy is deleted using DeletePolicy. Args: args: argparse.Namespace, An object that contains the values for the arguments specified in the Args method. Returns: If the policy is deleted, then messages.GoogleProtobufEmpty. """ org_policy_api = org_policy_service.OrgPolicyApi(self.ReleaseTrack()) policy_name = utils.GetPolicyNameFromArgs(args) delete_response = org_policy_api.DeletePolicy(policy_name) log.DeletedResource(policy_name, 'policy') return delete_response
def Run(self, args): """Creates or updates a custom constraint from a JSON or YAML file. This first converts the contents of the specified file into a custom constraint object. It then fetches the current custom constraint using GetCustomConstraint. If it does not exist, the custom constraint is created using CreateCustomConstraint. If it does, the retrieved custom constraint is checked to see if it needs to be updated. If so, the custom constraint is updated using UpdateCustomConstraint. Args: args: argparse.Namespace, An object that contains the values for the arguments specified in the Args method. Returns: The created or updated custom constraint. """ org_policy_api = org_policy_service.OrgPolicyApi(self.ReleaseTrack()) input_custom_constraint = utils.GetCustomConstraintMessageFromFile( args.custom_constraint_file, self.ReleaseTrack()) if not input_custom_constraint.name: raise exceptions.InvalidInputError( 'Name field not present in the custom constraint.') if not input_custom_constraint.name.startswith('organizations/'): raise exceptions.InvalidInputError( 'Name field contains invalid resource type: ' + input_custom_constraint.name + '. Custom constraints can be created only on organization resources.' ) try: custom_constraint = org_policy_api.GetCustomConstraint( input_custom_constraint.name) except api_exceptions.HttpNotFoundError: create_response = org_policy_api.CreateCustomConstraint( input_custom_constraint) log.CreatedResource(input_custom_constraint.name, 'custom constraint') return create_response if custom_constraint == input_custom_constraint: return custom_constraint update_response = org_policy_api.UpdateCustomConstraint( input_custom_constraint) log.UpdatedResource(input_custom_constraint.name, 'custom constraint') return update_response
def Run(self, args): """Gets the (effective) organization policy. If --effective is not specified, then the policy is retrieved using GetPolicy. If --effective is specified, then the effective policy is retrieved using GetEffectivePolicy. Args: args: argparse.Namespace, An object that contains the values for the arguments specified in the Args method. Returns: The retrieved policy. """ org_policy_api = org_policy_service.OrgPolicyApi(self.ReleaseTrack()) policy_name = utils.GetPolicyNameFromArgs(args) if args.effective: return org_policy_api.GetEffectivePolicy(policy_name) return org_policy_api.GetPolicy(policy_name)
def _DeleteRulesWithEmptyValues(policy, release_track): """Delete any rule with empty lists of allowed values and denied values and no other field set. Args: policy: messages.GoogleCloudOrgpolicy{api_version}Policy, The policy to be updated. release_track: calliope.base.ReleaseTrack, Release track of the command. Returns: The updated policy. """ new_policy = copy.deepcopy(policy) org_policy_api = org_policy_service.OrgPolicyApi(release_track) values = org_policy_api.BuildPolicySpecPolicyRuleStringValues() matching_empty_rule = org_policy_api.BuildPolicySpecPolicyRule( values=values) new_policy.spec.rules = [ rule for rule in new_policy.spec.rules if rule != matching_empty_rule ] return new_policy
def Run(self, args): """Creates or updates a policy from a JSON or YAML file. This first converts the contents of the specified file into a policy object. It then fetches the current policy using GetPolicy. If it does not exist, the policy is created using CreatePolicy. If it does, the retrieved policy is checked to see if it needs to be updated. If so, the policy is updated using UpdatePolicy. Args: args: argparse.Namespace, An object that contains the values for the arguments specified in the Args method. Returns: The created or updated policy. """ org_policy_api = org_policy_service.OrgPolicyApi(self.ReleaseTrack()) input_policy = utils.GetMessageFromFile(args.policy_file, self.ReleaseTrack()) if not input_policy.name: raise exceptions.InvalidInputError( 'Name field not present in the organization policy.') try: policy = org_policy_api.GetPolicy(input_policy.name) except api_exceptions.HttpNotFoundError: create_response = org_policy_api.CreatePolicy(input_policy) log.CreatedResource(input_policy.name, 'policy') return create_response if policy == input_policy: return policy update_response = org_policy_api.UpdatePolicy(input_policy) log.UpdatedResource(input_policy.name, 'policy') return update_response