def Run(self, args): """Deletes a whole policy or removes rules containing the specified condition from the policy. If --condition is not specified, then the policy is deleted using DeletePolicy. If --condition is specified, then the policy is fetched using GetPolicy. It then searches for and removes the rules that contain the specified condition from the policy. If the policy is empty after this operation and inheritFromParent is False, the policy is deleted using DeletePolicy. If not, the policy is updated using UpdatePolicy. Args: args: argparse.Namespace, An object that contains the values for the arguments specified in the Args method. Returns: If the policy is deleted, then messages.GoogleProtobufEmpty. If only a partial delete is issued, then the updated policy. """ policy_service = org_policy_service.PolicyService() org_policy_messages = org_policy_service.OrgPolicyMessages() policy_name = utils.GetPolicyNameFromArgs(args) if args.IsSpecified('condition') and args.IsSpecified('label_parent'): utils.TransformLabelDisplayNameConditionToLabelNameCondition(args) if args.condition is not None: get_request = org_policy_messages.OrgpolicyPoliciesGetRequest( name=policy_name) policy = policy_service.Get(get_request) new_policy = copy.deepcopy(policy) new_policy.spec.rules = org_policy_utils.GetNonMatchingRulesFromPolicy( policy, args.condition) if policy == new_policy: return policy if new_policy.spec.rules or new_policy.spec.inheritFromParent: update_request = org_policy_messages.OrgpolicyPoliciesPatchRequest( name=policy_name, forceUnconditionalWrite=False, googleCloudOrgpolicyV2alpha1Policy=new_policy) update_response = policy_service.Patch(update_request) log.UpdatedResource(policy_name, 'policy') return update_response delete_request = org_policy_messages.OrgpolicyPoliciesDeleteRequest( name=policy_name) delete_response = policy_service.Delete(delete_request) log.DeletedResource(policy_name, 'policy') return delete_response
def Run(self, args): """Extends the superclass method to process label aliasing. Args: args: argparse.Namespace, An object that contains the values for the arguments specified in the Args method. """ if args.IsSpecified('condition') and args.IsSpecified('label_parent'): utils.TransformLabelDisplayNameConditionToLabelNameCondition(args) return super(EnableEnforce, self).Run(args)
def Run(self, args): """Extends the superclass method to do validation and disable creation of a new policy if --remove is specified. Args: args: argparse.Namespace, An object that contains the values for the arguments specified in the Args method. """ if not args.value and args.remove: raise exceptions.InvalidInputError( 'One or more values need to be specified if --remove is specified.' ) if args.remove: self.disable_create = True if args.IsSpecified('condition') and args.IsSpecified('label_parent'): utils.TransformLabelDisplayNameConditionToLabelNameCondition(args) return super(Allow, self).Run(args)