예제 #1
0
    def Modify(self, args, existing, cleared_fields):
        """Returns a modified Firewall message."""

        # TODO(user): Remove the check once allow was deprecated.
        new_firewall = super(AlphaUpdateFirewall,
                             self).Modify(args, existing, cleared_fields)

        if args.rules:
            if existing.allowed:
                new_firewall.allowed = firewalls_utils.ParseRules(
                    args.rules, self.messages,
                    firewalls_utils.ActionType.ALLOW)
            else:
                new_firewall.denied = firewalls_utils.ParseRules(
                    args.rules, self.messages, firewalls_utils.ActionType.DENY)

        new_firewall.direction = existing.direction

        if args.priority is None:
            new_firewall.priority = existing.priority
        else:
            new_firewall.priority = args.priority

        if args.destination_ranges:
            new_firewall.destinationRanges = args.destination_ranges
        elif args.destination_ranges is None:
            new_firewall.destinationRanges = existing.destinationRanges
        else:
            new_firewall.destinationRanges = []
            cleared_fields.append('destinationRanges')

        return new_firewall
  def Modify(self, client, args, existing, cleared_fields):
    """Returns a modified Firewall message."""

    new_firewall = super(BetaUpdateFirewall, self).Modify(
        client, args, existing, cleared_fields)

    if args.rules:
      if existing.allowed:
        new_firewall.allowed = firewalls_utils.ParseRules(
            args.rules, client.messages, firewalls_utils.ActionType.ALLOW)
      else:
        new_firewall.denied = firewalls_utils.ParseRules(
            args.rules, client.messages, firewalls_utils.ActionType.DENY)

    new_firewall.direction = existing.direction

    if args.priority is None:
      new_firewall.priority = existing.priority
    else:
      new_firewall.priority = args.priority

    if args.destination_ranges:
      new_firewall.destinationRanges = args.destination_ranges
    elif args.destination_ranges is None:
      new_firewall.destinationRanges = existing.destinationRanges
    else:
      new_firewall.destinationRanges = []
      cleared_fields.append('destinationRanges')

    return new_firewall
예제 #3
0
    def _CreateFirewall(self, holder, args):
        client = holder.client

        if args.rules and args.allow:
            raise firewalls_utils.ArgumentValidationError(
                'Can NOT specify --rules and --allow in the same request.')

        if bool(args.action) ^ bool(args.rules):
            raise firewalls_utils.ArgumentValidationError(
                'Must specify --rules with --action.')

        allowed = firewalls_utils.ParseRules(args.allow, client.messages,
                                             firewalls_utils.ActionType.ALLOW)

        network_ref = self.NETWORK_ARG.ResolveAsResource(
            args, holder.resources)
        firewall_ref = self.FIREWALL_RULE_ARG.ResolveAsResource(
            args, holder.resources)

        firewall = client.messages.Firewall(allowed=allowed,
                                            name=firewall_ref.Name(),
                                            description=args.description,
                                            network=network_ref.SelfLink(),
                                            sourceRanges=args.source_ranges,
                                            sourceTags=args.source_tags,
                                            targetTags=args.target_tags)

        if args.disabled is not None:
            firewall.disabled = args.disabled

        firewall.direction = None
        if args.direction and args.direction in ['EGRESS', 'OUT']:
            firewall.direction = (
                client.messages.Firewall.DirectionValueValuesEnum.EGRESS)
        else:
            firewall.direction = (
                client.messages.Firewall.DirectionValueValuesEnum.INGRESS)

        firewall.priority = args.priority
        firewall.destinationRanges = args.destination_ranges

        allowed = []
        denied = []
        if not args.action:
            allowed = firewalls_utils.ParseRules(
                args.allow, client.messages, firewalls_utils.ActionType.ALLOW)
        elif args.action == 'ALLOW':
            allowed = firewalls_utils.ParseRules(
                args.rules, client.messages, firewalls_utils.ActionType.ALLOW)
        elif args.action == 'DENY':
            denied = firewalls_utils.ParseRules(
                args.rules, client.messages, firewalls_utils.ActionType.DENY)
        firewall.allowed = allowed
        firewall.denied = denied

        firewall.sourceServiceAccounts = args.source_service_accounts
        firewall.targetServiceAccounts = args.target_service_accounts
        return firewall, firewall_ref.project
예제 #4
0
    def CreateRequests(self, args):
        """Returns a list of requests necessary for adding firewall rules."""

        if args.rules and args.allow:
            raise firewalls_utils.ArgumentValidationError(
                'Can NOT specify --rules and --allow in the same request.')

        if bool(args.action) ^ bool(args.rules):
            raise firewalls_utils.ArgumentValidationError(
                'Must specify --rules with --action.')

        direction = None
        if args.direction and args.direction in ['EGRESS', 'OUT']:
            direction = self.messages.Firewall.DirectionValueValuesEnum.EGRESS
        else:
            direction = self.messages.Firewall.DirectionValueValuesEnum.INGRESS

        priority = args.priority

        allowed = []
        denied = []
        if not args.action:
            allowed = firewalls_utils.ParseRules(
                args.allow, self.messages, firewalls_utils.ActionType.ALLOW)
        elif args.action == 'ALLOW':
            allowed = firewalls_utils.ParseRules(
                args.rules, self.messages, firewalls_utils.ActionType.ALLOW)
        elif args.action == 'DENY':
            denied = firewalls_utils.ParseRules(
                args.rules, self.messages, firewalls_utils.ActionType.DENY)

        network_ref = self.NETWORK_ARG.ResolveAsResource(args, self.resources)
        firewall_ref = self.FIREWALL_RULE_ARG.ResolveAsResource(
            args, self.resources)

        request = self.messages.ComputeFirewallsInsertRequest(
            firewall=self.messages.Firewall(
                allowed=allowed,
                denied=denied,
                direction=direction,
                priority=priority,
                name=firewall_ref.Name(),
                description=args.description,
                network=network_ref.SelfLink(),
                sourceRanges=args.source_ranges,
                destinationRanges=args.destination_ranges,
                sourceTags=args.source_tags,
                targetTags=args.target_tags,
                sourceServiceAccounts=args.source_service_accounts,
                targetServiceAccounts=args.target_service_accounts),
            project=self.project)
        return [request]
예제 #5
0
    def CreateRequests(self, args):
        """Returns a list of requests necessary for adding firewall rules."""

        # TODO(user): remove the check once allow was deprecated.
        if args.rules and args.allow:
            raise firewalls_utils.ArgumentValidationError(
                'Can NOT specify --rules and --allow in the same request.')

        if bool(args.action) ^ bool(args.rules):
            raise firewalls_utils.ArgumentValidationError(
                'Must specify --rules with --action.')

        direction = None
        if args.direction and args.direction in ['EGRESS', 'OUT']:
            direction = self.messages.Firewall.DirectionValueValuesEnum.EGRESS
        else:
            direction = self.messages.Firewall.DirectionValueValuesEnum.INGRESS

        priority = args.priority

        allowed = []
        denied = []
        if not args.action:
            allowed = firewalls_utils.ParseRules(
                args.allow, self.messages, firewalls_utils.ActionType.ALLOW)
        elif args.action == 'ALLOW':
            allowed = firewalls_utils.ParseRules(
                args.rules, self.messages, firewalls_utils.ActionType.ALLOW)
        elif args.action == 'DENY':
            denied = firewalls_utils.ParseRules(
                args.rules, self.messages, firewalls_utils.ActionType.DENY)

        network_ref = self.CreateGlobalReference(args.network,
                                                 resource_type='networks')
        firewall_ref = self.CreateGlobalReference(args.name,
                                                  resource_type='firewalls')

        request = self.messages.ComputeFirewallsInsertRequest(
            firewall=self.messages.Firewall(
                allowed=allowed,
                denied=denied,
                direction=direction,
                priority=priority,
                name=firewall_ref.Name(),
                description=args.description,
                network=network_ref.SelfLink(),
                sourceRanges=args.source_ranges,
                destinationRanges=args.destination_ranges,
                sourceTags=args.source_tags,
                targetTags=args.target_tags),
            project=self.project)
        return [request]
예제 #6
0
    def ValidateArgument(self, messages, args):
        self.new_allowed = firewalls_utils.ParseRules(
            args.allow, messages, firewalls_utils.ActionType.ALLOW)

        args_unset = all(x is None
                         for x in (args.allow, args.description,
                                   args.source_ranges, args.source_tags,
                                   args.target_tags))
        if self.with_egress_firewall:
            args_unset = args_unset and all(
                x is None
                for x in (args.destination_ranges, args.priority, args.rules))
        if self.with_service_account:
            args_unset = args_unset and all(
                x is None for x in (args.source_service_accounts,
                                    args.target_service_accounts))
        args_unset = args_unset and args.disabled is None
        args_unset = (args_unset and args.enable_logging is None)
        if self.support_logging_metadata:
            args_unset = args_unset and not args.logging_metadata
        if args_unset:
            raise calliope_exceptions.ToolException(
                'At least one property must be modified.')

        if args.rules and args.allow:
            raise firewalls_utils.ArgumentValidationError(
                'Can NOT specify --rules and --allow in the same request.')
예제 #7
0
    def Modify(self, args, existing, cleared_fields):
        """Returns a modified Firewall message."""

        new_firewall = super(AlphaUpdateFirewall,
                             self).Modify(args, existing, cleared_fields)

        if args.rules:
            if existing.allowed:
                new_firewall.allowed = firewalls_utils.ParseRules(
                    args.rules, self.messages,
                    firewalls_utils.ActionType.ALLOW)
            else:
                new_firewall.denied = firewalls_utils.ParseRules(
                    args.rules, self.messages, firewalls_utils.ActionType.DENY)

        new_firewall.direction = existing.direction

        if args.priority is None:
            new_firewall.priority = existing.priority
        else:
            new_firewall.priority = args.priority

        if args.destination_ranges:
            new_firewall.destinationRanges = args.destination_ranges
        elif args.destination_ranges is None:
            new_firewall.destinationRanges = existing.destinationRanges
        else:
            new_firewall.destinationRanges = []
            cleared_fields.append('destinationRanges')

        if args.source_service_accounts:
            new_firewall.sourceServiceAccounts = args.source_service_accounts
        elif args.source_service_accounts is None:
            new_firewall.sourceServiceAccounts = existing.sourceServiceAccounts
        else:
            new_firewall.sourceServiceAccounts = []
            cleared_fields.append('sourceServiceAccounts')

        if args.target_service_accounts:
            new_firewall.targetServiceAccounts = args.target_service_accounts
        elif args.target_service_accounts is None:
            new_firewall.targetServiceAccounts = existing.targetServiceAccounts
        else:
            new_firewall.targetServiceAccounts = []
            cleared_fields.append('targetServiceAccounts')

        return new_firewall
예제 #8
0
    def ValidateArgument(self, args):
        self.new_allowed = firewalls_utils.ParseRules(
            args.allow, self.messages, firewalls_utils.ActionType.ALLOW)

        args_unset = (args.allow is None and args.description is None
                      and args.source_ranges is None
                      and args.source_tags is None
                      and args.target_tags is None)
        if self.with_egress_firewall:
            args_unset = (args_unset and args.destination_ranges is None
                          and args.priority is None and args.rules is None)
        if args_unset:
            raise calliope_exceptions.ToolException(
                'At least one property must be modified.')
예제 #9
0
  def _CreateFirewall(self, args):
    allowed = firewalls_utils.ParseRules(args.allow, self.messages,
                                         firewalls_utils.ActionType.ALLOW)

    network_ref = self.NETWORK_ARG.ResolveAsResource(args, self.resources)
    firewall_ref = self.FIREWALL_RULE_ARG.ResolveAsResource(args,
                                                            self.resources)
    if not args.source_ranges and not args.source_tags:
      args.source_ranges = ['0.0.0.0/0']

    return self.messages.Firewall(
        allowed=allowed,
        name=firewall_ref.Name(),
        description=args.description,
        network=network_ref.SelfLink(),
        sourceRanges=args.source_ranges,
        sourceTags=args.source_tags,
        targetTags=args.target_tags)
  def ValidateArgument(self, messages, args):
    self.new_allowed = firewalls_utils.ParseRules(
        args.allow, messages, firewalls_utils.ActionType.ALLOW)

    args_unset = all(
        x is None
        for x in (args.allow, args.description, args.source_ranges,
                  args.source_tags, args.target_tags))
    if self.with_egress_firewall:
      args_unset = args_unset and all(
          x is None
          for x in (args.destination_ranges, args.priority, args.rules))
    if self.with_service_account:
      args_unset = args_unset and all(
          x is None
          for x in (args.source_service_accounts, args.target_service_accounts))
    if args_unset:
      raise calliope_exceptions.ToolException(
          'At least one property must be modified.')
예제 #11
0
    def CreateRequests(self, args):
        """Returns a list of requests necessary for adding firewall rules."""
        if not args.source_ranges and not args.source_tags:
            args.source_ranges = ['0.0.0.0/0']

        allowed = firewalls_utils.ParseRules(args.allow, self.messages,
                                             firewalls_utils.ActionType.ALLOW)

        network_ref = self.NETWORK_ARG.ResolveAsResource(args, self.resources)
        firewall_ref = self.FIREWALL_RULE_ARG.ResolveAsResource(
            args, self.resources)

        request = self.messages.ComputeFirewallsInsertRequest(
            firewall=self.messages.Firewall(allowed=allowed,
                                            name=firewall_ref.Name(),
                                            description=args.description,
                                            network=network_ref.SelfLink(),
                                            sourceRanges=args.source_ranges,
                                            sourceTags=args.source_tags,
                                            targetTags=args.target_tags),
            project=self.project)
        return [request]
예제 #12
0
    def Modify(self, client, args, existing, cleared_fields):
        """Returns a modified Firewall message and included fields."""
        if args.allow:
            allowed = self.new_allowed
        elif args.allow is None:
            allowed = existing.allowed
        else:
            cleared_fields.append('allowed')
            allowed = []

        if args.description:
            description = args.description
        elif args.description is None:
            description = existing.description
        else:
            cleared_fields.append('description')
            description = None

        if args.source_ranges:
            source_ranges = args.source_ranges
        elif args.source_ranges is None:
            source_ranges = existing.sourceRanges
        else:
            cleared_fields.append('sourceRanges')
            source_ranges = []

        if args.source_tags:
            source_tags = args.source_tags
        elif args.source_tags is None:
            source_tags = existing.sourceTags
        else:
            cleared_fields.append('sourceTags')
            source_tags = []

        if args.target_tags:
            target_tags = args.target_tags
        elif args.target_tags is None:
            target_tags = existing.targetTags
        else:
            cleared_fields.append('targetTags')
            target_tags = []

        denied = []
        if args.rules:
            if existing.allowed:
                allowed = firewalls_utils.ParseRules(
                    args.rules, client.messages,
                    firewalls_utils.ActionType.ALLOW)
            else:
                denied = firewalls_utils.ParseRules(
                    args.rules, client.messages,
                    firewalls_utils.ActionType.DENY)
        elif args.rules is not None:
            if existing.allowed:
                cleared_fields.append('allowed')
                allowed = []
            else:
                cleared_fields.append('denied')
                denied = []

        direction = existing.direction

        if args.priority is None:
            priority = existing.priority
        else:
            priority = args.priority

        destination_ranges = []
        if args.destination_ranges:
            destination_ranges = args.destination_ranges
        elif args.destination_ranges is None:
            destination_ranges = existing.destinationRanges
        else:
            cleared_fields.append('destinationRanges')

        source_service_accounts = []
        if args.source_service_accounts:
            source_service_accounts = args.source_service_accounts
        elif args.source_service_accounts is None:
            source_service_accounts = existing.sourceServiceAccounts
        else:
            cleared_fields.append('sourceServiceAccounts')

        target_service_accounts = []
        if args.target_service_accounts:
            target_service_accounts = args.target_service_accounts
        elif args.target_service_accounts is None:
            target_service_accounts = existing.targetServiceAccounts
        else:
            cleared_fields.append('targetServiceAccounts')

        if args.IsSpecified('enable_logging'):
            log_config = client.messages.FirewallLogConfig(
                enable=args.enable_logging)
        else:
            log_config = existing.logConfig

        new_firewall = client.messages.Firewall(
            name=existing.name,
            direction=direction,
            priority=priority,
            allowed=allowed,
            denied=denied,
            description=description,
            network=existing.network,
            sourceRanges=source_ranges,
            sourceTags=source_tags,
            destinationRanges=destination_ranges,
            targetTags=target_tags,
            sourceServiceAccounts=source_service_accounts,
            targetServiceAccounts=target_service_accounts,
            logConfig=log_config)

        if args.disabled is not None:
            new_firewall.disabled = args.disabled

        return new_firewall
예제 #13
0
    def _CreateFirewall(self, holder, args):
        client = holder.client

        if args.rules and args.allow:
            raise firewalls_utils.ArgumentValidationError(
                'Can NOT specify --rules and --allow in the same request.')

        if bool(args.action) ^ bool(args.rules):
            raise firewalls_utils.ArgumentValidationError(
                'Must specify --rules with --action.')

        allowed = firewalls_utils.ParseRules(args.allow, client.messages,
                                             firewalls_utils.ActionType.ALLOW)

        network_ref = self.NETWORK_ARG.ResolveAsResource(
            args, holder.resources)
        firewall_ref = self.FIREWALL_RULE_ARG.ResolveAsResource(
            args, holder.resources)

        firewall = client.messages.Firewall(allowed=allowed,
                                            name=firewall_ref.Name(),
                                            description=args.description,
                                            network=network_ref.SelfLink(),
                                            sourceRanges=args.source_ranges,
                                            sourceTags=args.source_tags,
                                            targetTags=args.target_tags)

        if args.disabled is not None:
            firewall.disabled = args.disabled

        firewall.direction = None
        if args.direction and args.direction in ['EGRESS', 'OUT']:
            firewall.direction = (
                client.messages.Firewall.DirectionValueValuesEnum.EGRESS)
        else:
            firewall.direction = (
                client.messages.Firewall.DirectionValueValuesEnum.INGRESS)

        firewall.priority = args.priority
        firewall.destinationRanges = args.destination_ranges

        allowed = []
        denied = []
        if not args.action:
            allowed = firewalls_utils.ParseRules(
                args.allow, client.messages, firewalls_utils.ActionType.ALLOW)
        elif args.action == 'ALLOW':
            allowed = firewalls_utils.ParseRules(
                args.rules, client.messages, firewalls_utils.ActionType.ALLOW)
        elif args.action == 'DENY':
            denied = firewalls_utils.ParseRules(
                args.rules, client.messages, firewalls_utils.ActionType.DENY)
        firewall.allowed = allowed
        firewall.denied = denied

        firewall.sourceServiceAccounts = args.source_service_accounts
        firewall.targetServiceAccounts = args.target_service_accounts

        if args.IsSpecified('logging_metadata') and not args.enable_logging:
            raise exceptions.InvalidArgumentException(
                '--logging-metadata',
                'cannot toggle logging metadata if logging is not enabled.')

        if args.IsSpecified('enable_logging'):
            log_config = client.messages.FirewallLogConfig(
                enable=args.enable_logging)
            if args.IsSpecified('logging_metadata'):
                log_config.metadata = flags.GetLoggingMetadataArg(
                    client.messages).GetEnumForChoice(args.logging_metadata)
            firewall.logConfig = log_config

        return firewall, firewall_ref.project
예제 #14
0
  def Modify(self, client, args, existing, cleared_fields):
    """Returns a modified Firewall message and included fields."""
    if args.allow:
      allowed = self.new_allowed
    elif args.allow is None:
      allowed = existing.allowed
    else:
      cleared_fields.append('allowed')
      allowed = []

    if args.description:
      description = args.description
    elif args.description is None:
      description = existing.description
    else:
      cleared_fields.append('description')
      description = None

    if args.source_ranges:
      source_ranges = args.source_ranges
    elif args.source_ranges is None:
      source_ranges = existing.sourceRanges
    else:
      cleared_fields.append('sourceRanges')
      source_ranges = []

    if args.source_tags:
      source_tags = args.source_tags
    elif args.source_tags is None:
      source_tags = existing.sourceTags
    else:
      cleared_fields.append('sourceTags')
      source_tags = []

    if args.target_tags:
      target_tags = args.target_tags
    elif args.target_tags is None:
      target_tags = existing.targetTags
    else:
      cleared_fields.append('targetTags')
      target_tags = []

    denied = []
    if args.rules:
      if existing.allowed:
        allowed = firewalls_utils.ParseRules(args.rules, client.messages,
                                             firewalls_utils.ActionType.ALLOW)
      else:
        denied = firewalls_utils.ParseRules(args.rules, client.messages,
                                            firewalls_utils.ActionType.DENY)
    elif args.rules is not None:
      if existing.allowed:
        cleared_fields.append('allowed')
        allowed = []
      else:
        cleared_fields.append('denied')
        denied = []

    direction = existing.direction

    if args.priority is None:
      priority = existing.priority
    else:
      priority = args.priority

    destination_ranges = []
    if args.destination_ranges:
      destination_ranges = args.destination_ranges
    elif args.destination_ranges is None:
      destination_ranges = existing.destinationRanges
    else:
      cleared_fields.append('destinationRanges')

    new_firewall = client.messages.Firewall(
        name=existing.name,
        direction=direction,
        priority=priority,
        allowed=allowed,
        denied=denied,
        description=description,
        network=existing.network,
        sourceRanges=source_ranges,
        sourceTags=source_tags,
        destinationRanges=destination_ranges,
        targetTags=target_tags,)
    return new_firewall