def Run(self, args):
if not os.path.exists(args.file_name):
raise exceptions.BadFileException(
'no such file [{0}]'.format(args.file_name))
if os.path.isdir(args.file_name):
raise exceptions.BadFileException(
'[{0}] is a directory'.format(args.file_name))
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.SECURITY_POLICY_ARG.ResolveAsResource(args, holder.resources)
# Get the imported security policy config.
try:
with open(args.file_name) as import_file:
imported = security_policies_utils.SecurityPolicyFromFile(
import_file, holder.client.messages)
except Exception as exp:
msg = (u'unable to read security policy config from specified file [{0}] '
u'because [{1}]'.format(args.file_name, exp.message))
raise exceptions.ToolException(msg)
# Send the change to the service.
security_policy = client.SecurityPolicy(ref, compute_client=holder.client)
security_policy.Patch(security_policy=imported)
msg = u'Updated [{0}] with config from [{1}].'.format(
ref.Name(), args.file_name)
log.status.Print(msg)
def Run(self, args):
# Get the security policy.
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.SECURITY_POLICY_ARG.ResolveAsResource(
args, holder.resources)
requests = []
security_policy = client.SecurityPolicy(ref,
compute_client=holder.client)
requests.extend(security_policy.Describe(only_generate_request=True))
resources = holder.client.MakeRequests(requests)
# Export the security policy.
try:
with open(args.file_name, 'w') as export_file:
if args.file_format == 'json':
security_policies_utils.WriteToFile(
export_file, resources[0], 'json')
else:
security_policies_utils.WriteToFile(
export_file, resources[0], 'yaml')
except EnvironmentError as exp:
msg = 'Unable to export security policy to file [{0}]: {1}'.format(
args.file_name, exp)
raise exceptions.BadFileException(msg)
log.status.Print('Exported security policy to [{0}].'.format(
args.file_name))
def Run(self, args):
self._ValidateArgs(args)
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.SECURITY_POLICY_ARG.ResolveAsResource(args, holder.resources)
security_policy = client.SecurityPolicy(
ref=ref, compute_client=holder.client)
existing_security_policy = security_policy.Describe()[0]
description = existing_security_policy.description
adaptive_protection_config = (
existing_security_policy.adaptiveProtectionConfig)
if args.description is not None:
description = args.description
if (args.IsSpecified('enable_layer7_ddos_defense') or
args.IsSpecified('layer7_ddos_defense_rule_visibility')):
adaptive_protection_config = (
security_policies_utils.CreateAdaptiveProtectionConfig(
holder.client, args, adaptive_protection_config))
updated_security_policy = holder.client.messages.SecurityPolicy(
description=description,
adaptiveProtectionConfig=adaptive_protection_config,
fingerprint=existing_security_policy.fingerprint)
return security_policy.Patch(security_policy=updated_security_policy)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.SECURITY_POLICY_ARG.ResolveAsResource(
args, holder.resources)
security_policy = client.SecurityPolicy(ref,
compute_client=holder.client)
return security_policy.Describe()
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
refs = self.SECURITY_POLICY_ARG.ResolveAsResource(args, holder.resources)
utils.PromptForDeletion(refs)
requests = []
for ref in refs:
security_policy = client.SecurityPolicy(ref, compute_client=holder.client)
requests.extend(security_policy.Delete(only_generate_request=True))
return holder.client.MakeRequests(requests)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.SECURITY_POLICY_ARG.ResolveAsResource(args, holder.resources)
security_policy = client.SecurityPolicy(ref, compute_client=holder.client)
if args.file_name:
template = self._GetTemplateFromFile(args, holder.client.messages)
template.name = ref.Name()
else:
template = holder.client.messages.SecurityPolicy(
name=ref.Name(), description=args.description)
return security_policy.Create(template)
def Run(self, args):
self._ValidateArgs(args)
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.SECURITY_POLICY_ARG.ResolveAsResource(args, holder.resources)
security_policy = client.SecurityPolicy(
ref=ref, compute_client=holder.client)
existing_security_policy = security_policy.Describe()[0]
description = existing_security_policy.description
cloud_armor_config = existing_security_policy.cloudArmorConfig
adaptive_protection_config = (
existing_security_policy.adaptiveProtectionConfig)
advanced_options_config = existing_security_policy.advancedOptionsConfig
recaptcha_options_config = existing_security_policy.recaptchaOptionsConfig
ddos_protection_config = existing_security_policy.ddosProtectionConfig
if args.description is not None:
description = args.description
if args.enable_ml is not None:
cloud_armor_config = security_policies_utils.CreateCloudArmorConfig(
holder.client, args)
if (args.IsSpecified('enable_layer7_ddos_defense') or
args.IsSpecified('layer7_ddos_defense_rule_visibility')):
adaptive_protection_config = (
security_policies_utils.CreateAdaptiveProtectionConfig(
holder.client, args, adaptive_protection_config))
if (args.IsSpecified('json_parsing') or args.IsSpecified('log_level')):
advanced_options_config = (
security_policies_utils.CreateAdvancedOptionsConfig(
holder.client, args, advanced_options_config))
if args.IsSpecified('recaptcha_redirect_site_key'):
recaptcha_options_config = (
security_policies_utils.CreateRecaptchaOptionsConfig(
holder.client, args, recaptcha_options_config))
if args.IsSpecified('ddos_protection'):
ddos_protection_config = (
security_policies_utils.CreateDdosProtectionConfig(
holder.client, args, ddos_protection_config))
updated_security_policy = holder.client.messages.SecurityPolicy(
description=description,
cloudArmorConfig=cloud_armor_config,
adaptiveProtectionConfig=adaptive_protection_config,
advancedOptionsConfig=advanced_options_config,
recaptchaOptionsConfig=recaptcha_options_config,
ddosProtectionConfig=ddos_protection_config,
fingerprint=existing_security_policy.fingerprint)
return security_policy.Patch(security_policy=updated_security_policy)
def Run(self, args):
self._ValidateArgs(args)
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.SECURITY_POLICY_ARG.ResolveAsResource(
args, holder.resources)
security_policy = client.SecurityPolicy(ref=ref,
compute_client=holder.client)
existing_security_policy = security_policy.Describe()[0]
description = existing_security_policy.description
cloud_armor_config = existing_security_policy.cloudArmorConfig
if args.description is not None:
description = args.description
if args.enable_ml is not None:
cloud_armor_config = security_policies_utils.CreateCloudArmorConfig(
holder.client, args)
updated_security_policy = holder.client.messages.SecurityPolicy(
description=description,
cloudArmorConfig=cloud_armor_config,
fingerprint=existing_security_policy.fingerprint)
return security_policy.Patch(security_policy=updated_security_policy)
