def Args(cls, parser):
parser.display_info.AddFormat(flags.DEFAULT_LIST_FORMAT)
cls.FIREWALL_RULE_ARG = flags.FirewallRuleArgument()
cls.FIREWALL_RULE_ARG.AddArgument(parser)
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'The network to which this rule is attached.', required=False)
firewalls_utils.AddCommonArgs(parser, for_update=False)
def Args(cls, parser):
cls.FIREWALL_RULE_ARG = flags.FirewallRuleArgument()
cls.FIREWALL_RULE_ARG.AddArgument(parser)
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'The network to which this rule is attached.', required=False)
firewalls_utils.AddCommonArgs(
parser, for_update=False, with_egress_support=True)
def _Run(args, holder, include_alpha_logging, include_beta_logging,
include_l7_internal_load_balancing, include_private_ipv6_access):
"""Issues a list of requests necessary for adding a subnetwork."""
client = holder.client
network_ref = network_flags.NetworkArgumentForOtherResource(
'The network to which the subnetwork belongs.').ResolveAsResource(
args, holder.resources)
subnet_ref = flags.SubnetworkArgument().ResolveAsResource(
args,
holder.resources,
scope_lister=compute_flags.GetDefaultScopeLister(client))
subnetwork = _CreateSubnetwork(client.messages, subnet_ref, network_ref,
args, include_alpha_logging,
include_beta_logging,
include_l7_internal_load_balancing,
include_private_ipv6_access)
request = client.messages.ComputeSubnetworksInsertRequest(
subnetwork=subnetwork,
region=subnet_ref.region,
project=subnet_ref.project)
secondary_ranges = []
if args.secondary_range:
for secondary_range in args.secondary_range:
for range_name, ip_cidr_range in sorted(
six.iteritems(secondary_range)):
secondary_ranges.append(
client.messages.SubnetworkSecondaryRange(
rangeName=range_name, ipCidrRange=ip_cidr_range))
request.subnetwork.secondaryIpRanges = secondary_ranges
return client.MakeRequests([(client.apitools_client.subnetworks, 'Insert',
request)])
def Args(cls, parser):
parser.display_info.AddFormat(flags.DEFAULT_LIST_FORMAT)
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'The network for this router')
cls.NETWORK_ARG.AddArgument(parser)
cls.ROUTER_ARG = flags.RouterArgument()
cls.ROUTER_ARG.AddArgument(parser, operation_type='create')
flags.AddCreateRouterArgs(parser)
def Args(cls, parser):
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'Specifies the network to which the route will be applied.',
required=False)
cls.INSTANCE_ARG = instance_flags.InstanceArgumentForRoute(required=False)
cls.VPN_TUNNEL_ARG = vpn_flags.VpnTunnelArgumentForRoute(required=False)
cls.ROUTE_ARG = flags.RouteArgument()
cls.ROUTE_ARG.AddArgument(parser)
_Args(parser)
def Args(cls, parser):
parser.display_info.AddFormat(flags.DEFAULT_BETA_LIST_FORMAT)
cls.FIREWALL_RULE_ARG = flags.FirewallRuleArgument()
cls.FIREWALL_RULE_ARG.AddArgument(parser, operation_type='create')
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'The network to which this rule is attached.', required=False)
firewalls_utils.AddCommonArgs(parser,
for_update=False,
with_egress_support=True,
with_service_account=True)
firewalls_utils.AddArgsForServiceAccount(parser, for_update=False)
def Args(cls, parser):
parser.display_info.AddFormat(flags.DEFAULT_LIST_FORMAT)
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'Specifies the network to which the route will be applied.',
required=False)
cls.INSTANCE_ARG = instance_flags.InstanceArgumentForRoute(required=False)
cls.VPN_TUNNEL_ARG = vpn_flags.VpnTunnelArgumentForRoute(required=False)
cls.ILB_ARG = ilb_flags.ForwardingRuleArgumentForRoute(required=False)
cls.ROUTE_ARG = flags.RouteArgument()
cls.ROUTE_ARG.AddArgument(parser, operation_type='create')
_Args(parser)
def Args(cls, parser):
cls.FIREWALL_RULE_ARG = flags.FirewallRuleArgument()
cls.FIREWALL_RULE_ARG.AddArgument(parser)
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'The network to which this rule is attached.', required=False)
firewalls_utils.AddCommonArgs(parser, False)
network = parser.add_argument(
'--network',
default='default',
help='The network to which this rule is attached.')
network.detailed_help = """\
def Args(cls, parser):
"""See base.CreateCommand."""
parser.display_info.AddFormat(flags.DEFAULT_LIST_FORMAT)
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'The network for this router')
cls.NETWORK_ARG.AddArgument(parser)
cls.ROUTER_ARG = flags.RouterArgument()
cls.ROUTER_ARG.AddArgument(parser, operation_type='create')
base.ASYNC_FLAG.AddToParser(parser)
flags.AddCreateRouterArgs(parser)
flags.AddReplaceCustomAdvertisementArgs(parser, 'router')
def _Args(cls, parser, support_keepalive_interval=False):
parser.display_info.AddFormat(flags.DEFAULT_LIST_FORMAT)
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'The network for this router')
cls.NETWORK_ARG.AddArgument(parser)
cls.ROUTER_ARG = flags.RouterArgument()
cls.ROUTER_ARG.AddArgument(parser, operation_type='create')
base.ASYNC_FLAG.AddToParser(parser)
flags.AddCreateRouterArgs(parser)
if support_keepalive_interval:
flags.AddKeepaliveIntervalArg(parser)
flags.AddReplaceCustomAdvertisementArgs(parser, 'router')
parser.display_info.AddCacheUpdater(flags.RoutersCompleter)
def Args(cls, parser):
cls.FIREWALL_RULE_ARG = flags.FirewallRuleArgument()
cls.FIREWALL_RULE_ARG.AddArgument(parser)
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'The network to which this rule is attached.', required=False)
firewalls_utils.AddCommonArgs(parser, for_update=False)
parser.add_argument('--network',
default='default',
help="""\
The network to which this rule is attached. If omitted, the
rule is attached to the ``default'' network.
""")
def Args(cls, parser):
cls.SUBNETWORK_ARG = flags.SubnetworkArgument()
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'The network to which the subnetwork belongs.')
cls.SUBNETWORK_ARG.AddArgument(parser)
cls.NETWORK_ARG.AddArgument(parser)
parser.add_argument('--description',
help='An optional description of this subnetwork.')
parser.add_argument(
'--range',
required=True,
help='The IP space allocated to this subnetwork in CIDR format.')
def Args(cls, parser):
"""Adds arguments to the supplied parser."""
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
"""\
A reference to a network in this project to
contain the VPN Gateway.
""")
cls.NETWORK_ARG.AddArgument(parser)
cls.TARGET_VPN_GATEWAY_ARG = flags.TargetVpnGatewayArgument()
cls.TARGET_VPN_GATEWAY_ARG.AddArgument(parser, operation_type='create')
parser.add_argument(
'--description',
help='An optional, textual description for the target VPN Gateway.')
def Args(cls, parser):
messages = apis.GetMessagesModule(
'compute', compute_api.COMPUTE_ALPHA_API_VERSION)
parser.display_info.AddFormat(flags.DEFAULT_LIST_FORMAT)
cls.FIREWALL_RULE_ARG = flags.FirewallRuleArgument()
cls.FIREWALL_RULE_ARG.AddArgument(parser, operation_type='create')
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'The network to which this rule is attached.', required=False)
firewalls_utils.AddCommonArgs(parser,
for_update=False,
with_egress_support=True,
with_service_account=True)
firewalls_utils.AddArgsForServiceAccount(parser, for_update=False)
flags.AddEnableLogging(parser)
flags.AddLoggingMetadata(parser, messages)
def Args(cls, parser):
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'The network for this router')
cls.NETWORK_ARG.AddArgument(parser)
cls.ROUTER_ARG = flags.RouterArgument()
cls.ROUTER_ARG.AddArgument(parser, operation_type='create')
parser.add_argument('--description',
help='An optional description of this router.')
parser.add_argument(
'--asn',
required=True,
type=int,
# TODO(b/36051028): improve this help
help='The BGP asn for this router')
def _AddArgs(cls, parser):
"""Add subnetwork create arguments to parser."""
cls.SUBNETWORK_ARG = flags.SubnetworkArgument()
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'The network to which the subnetwork belongs.')
cls.SUBNETWORK_ARG.AddArgument(parser, operation_type='create')
cls.NETWORK_ARG.AddArgument(parser)
parser.add_argument('--description',
help='An optional description of this subnetwork.')
parser.add_argument(
'--range',
required=True,
help='The IP space allocated to this subnetwork in CIDR format.')
parser.add_argument(
'--enable-private-ip-google-access',
action='store_true',
default=False,
help=(
'Enable/disable access to Google Cloud APIs from this subnet for '
'instances without a public ip address.'))
parser.add_argument('--secondary-range',
type=arg_parsers.ArgDict(min_length=1),
action='append',
metavar='PROPERTY=VALUE',
help="""\
Adds a secondary IP range to the subnetwork for use in IP aliasing.
For example, `--secondary-range range1=192.168.64.0/24` adds
a secondary range 192.168.64.0/24 with name range1.
* `RANGE_NAME` - Name of the secondary range.
* `RANGE` - `IP range in CIDR format.`
""")
parser.add_argument(
'--enable-flow-logs',
action='store_true',
default=None,
help=(
'Enable/disable VPC flow logging for this subnet. More information '
'for VPC flow logs can be found at '
'https://cloud.google.com/vpc/docs/using-flow-logs.'))
def _AddArgs(cls, parser):
"""Add subnetwork create arguments to parser."""
cls.SUBNETWORK_ARG = flags.SubnetworkArgument()
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'The network to which the subnetwork belongs.')
cls.SUBNETWORK_ARG.AddArgument(parser)
cls.NETWORK_ARG.AddArgument(parser)
parser.add_argument('--description',
help='An optional description of this subnetwork.')
parser.add_argument(
'--range',
required=True,
help='The IP space allocated to this subnetwork in CIDR format.')
parser.add_argument(
'--enable-private-ip-google-access',
action='store_true',
default=False,
help=(
'Enable/disable access to Google Cloud APIs from this subnet for '
'instances without a public ip address.'))
def _Run(args, holder, include_alpha_logging,
include_l7_internal_load_balancing, include_global_managed_proxy,
include_aggregate_purpose, include_private_service_connect, include_l2,
include_reserved_internal_range):
"""Issues a list of requests necessary for adding a subnetwork."""
client = holder.client
network_ref = network_flags.NetworkArgumentForOtherResource(
'The network to which the subnetwork belongs.').ResolveAsResource(
args, holder.resources)
subnet_ref = flags.SubnetworkArgument().ResolveAsResource(
args,
holder.resources,
scope_lister=compute_flags.GetDefaultScopeLister(client))
subnetwork = _CreateSubnetwork(
client.messages, subnet_ref, network_ref, args, include_alpha_logging,
include_l7_internal_load_balancing, include_global_managed_proxy,
include_aggregate_purpose, include_private_service_connect, include_l2,
include_reserved_internal_range)
request = client.messages.ComputeSubnetworksInsertRequest(
subnetwork=subnetwork,
region=subnet_ref.region,
project=subnet_ref.project)
if include_reserved_internal_range:
secondary_ranges = subnets_utils.CreateSecondaryRanges(
client, args.secondary_range,
args.secondary_range_with_reserved_internal_range)
else:
secondary_ranges = subnets_utils.CreateSecondaryRanges(
client, args.secondary_range, None)
request.subnetwork.secondaryIpRanges = secondary_ranges
return client.MakeRequests([(client.apitools_client.subnetworks, 'Insert',
request)])
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
client = holder.client
messages = holder.client.messages
if hasattr(args, 'project') and args.project:
project = args.project
else:
project = properties.VALUES.core.project.GetOrFail()
if hasattr(args, 'region') and args.region:
region = args.region
else:
region = properties.VALUES.compute.region.GetOrFail()
network = network_flags.NetworkArgumentForOtherResource(
short_help=None).ResolveAsResource(args, holder.resources)
network_ref = network.SelfLink() if network else None
request = messages.ComputeRegionNetworkFirewallPoliciesGetEffectiveFirewallsRequest(
project=project, region=region, network=network_ref)
responses = client.MakeRequests([
(client.apitools_client.regionNetworkFirewallPolicies,
'GetEffectiveFirewalls', request)
])
res = responses[0]
network_firewall = []
all_firewall_policy = []
if hasattr(res, 'firewalls'):
network_firewall = firewalls_utils.SortNetworkFirewallRules(
client, res.firewalls)
if hasattr(res, 'firewallPolicys') and res.firewallPolicys:
for fp in res.firewallPolicys:
firewall_policy_rule = firewalls_utils.SortFirewallPolicyRules(
client, fp.rules)
fp_response = (
client.messages.
RegionNetworkFirewallPoliciesGetEffectiveFirewallsResponseEffectiveFirewallPolicy(
name=fp.name, rules=firewall_policy_rule,
type=fp.type))
all_firewall_policy.append(fp_response)
if args.IsSpecified('format') and args.format == 'json':
return client.messages.RegionNetworkFirewallPoliciesGetEffectiveFirewallsResponse(
firewalls=network_firewall,
firewallPolicys=all_firewall_policy)
result = []
for fp in all_firewall_policy:
result.extend(
firewalls_utils.ConvertFirewallPolicyRulesToEffectiveFwRules(
client,
fp,
True,
support_region_network_firewall_policy=True))
result.extend(
firewalls_utils.ConvertNetworkFirewallRulesToEffectiveFwRules(
network_firewall))
return result
def _AddArgs(parser, include_alpha_logging, include_global_managed_proxy,
include_l7_internal_load_balancing, include_aggregate_purpose,
include_private_service_connect,
include_l2, include_private_nat, include_reserved_internal_range,
api_version):
"""Add subnetwork create arguments to parser."""
parser.display_info.AddFormat(flags.DEFAULT_LIST_FORMAT_WITH_IPV6_FIELD)
flags.SubnetworkArgument().AddArgument(parser, operation_type='create')
network_flags.NetworkArgumentForOtherResource(
'The network to which the subnetwork belongs.').AddArgument(parser)
messages = apis.GetMessagesModule('compute',
compute_api.COMPUTE_GA_API_VERSION)
parser.add_argument(
'--description', help='An optional description of this subnetwork.')
parser.add_argument(
'--range',
required=not include_reserved_internal_range,
help='The IP space allocated to this subnetwork in CIDR format.')
parser.add_argument(
'--enable-private-ip-google-access',
action='store_true',
default=False,
help=('Enable/disable access to Google Cloud APIs from this subnet for '
'instances without a public ip address.'))
parser.add_argument(
'--secondary-range',
type=arg_parsers.ArgDict(min_length=1),
action='append',
metavar='PROPERTY=VALUE',
help="""\
Adds a secondary IP range to the subnetwork for use in IP aliasing.
For example, `--secondary-range range1=192.168.64.0/24` adds
a secondary range 192.168.64.0/24 with name range1.
* `RANGE_NAME` - Name of the secondary range.
* `RANGE` - `IP range in CIDR format.`
""")
parser.add_argument(
'--enable-flow-logs',
action='store_true',
default=None,
help=('Enable/disable VPC Flow Logs for this subnet. More information '
'for VPC Flow Logs can be found at '
'https://cloud.google.com/vpc/docs/using-flow-logs.'))
flags.AddLoggingAggregationInterval(parser, messages)
parser.add_argument(
'--logging-flow-sampling',
type=arg_parsers.BoundedFloat(lower_bound=0.0, upper_bound=1.0),
help="""\
Can only be specified if VPC Flow Logs for this subnetwork is
enabled. The value of the field must be in [0, 1]. Set the sampling rate
of VPC flow logs within the subnetwork where 1.0 means all collected
logs are reported and 0.0 means no logs are reported. Default is 0.5
which means half of all collected logs are reported.
""")
parser.add_argument(
'--logging-filter-expr',
help="""\
Can only be specified if VPC Flow Logs for this subnetwork is enabled.
Export filter used to define which logs should be generated.
""")
flags.AddLoggingMetadata(parser, messages)
parser.add_argument(
'--logging-metadata-fields',
type=arg_parsers.ArgList(),
metavar='METADATA_FIELD',
default=None,
help="""\
Can only be specified if VPC Flow Logs for this subnetwork is enabled
and "metadata" is set to CUSTOM_METADATA. The comma-separated list of
metadata fields that should be added to reported logs.
""")
if include_alpha_logging:
messages = apis.GetMessagesModule('compute',
compute_api.COMPUTE_ALPHA_API_VERSION)
flags.AddLoggingAggregationIntervalDeprecated(parser, messages)
parser.add_argument(
'--flow-sampling',
type=arg_parsers.BoundedFloat(lower_bound=0.0, upper_bound=1.0),
help="""\
Can only be specified if VPC flow logging for this subnetwork is
enabled. The value of the field must be in [0, 1]. Set the sampling rate
of VPC flow logs within the subnetwork where 1.0 means all collected
logs are reported and 0.0 means no logs are reported. Default is 0.5
which means half of all collected logs are reported.
""")
flags.AddLoggingMetadataDeprecated(parser, messages)
purpose_choices = {
'PRIVATE':
'Regular user created or automatically created subnet.',
'INTERNAL_HTTPS_LOAD_BALANCER':
'Reserved for Internal HTTP(S) Load Balancing.',
'REGIONAL_MANAGED_PROXY':
'Reserved for Regional HTTP(S) Load Balancing.',
}
if include_global_managed_proxy:
purpose_choices['GLOBAL_MANAGED_PROXY'] = (
'Reserved for Global HTTP(S) Load Balancing.')
if include_aggregate_purpose:
purpose_choices['AGGREGATE'] = (
'Reserved for Aggregate Ranges used for aggregating '
'private subnetworks.')
if include_private_service_connect:
purpose_choices['PRIVATE_SERVICE_CONNECT'] = (
'Reserved for Private Service Connect Internal Load Balancing.')
if include_private_nat:
purpose_choices['PRIVATE_NAT'] = (
'Reserved for use as source range for Private NAT.')
# Subnetwork purpose is introduced with L7ILB feature. Aggregate purpose
# will have to be enabled for a given release track only after L7ILB feature
# is enabled for that release track. Hence if include_aggregate_purpose
# true, this code assumes that L7ILB purpose is enabled.
if include_l7_internal_load_balancing:
parser.add_argument(
'--purpose',
choices=purpose_choices,
type=arg_utils.ChoiceToEnumName,
help='The purpose of this subnetwork.')
if include_l7_internal_load_balancing:
if include_global_managed_proxy:
help_text = (
'The role of subnetwork. This field is required when the '
'purpose is set to GLOBAL_MANAGED_PROXY, REGIONAL_MANAGED_PROXY or '
'INTERNAL_HTTPS_LOAD_BALANCER.')
else:
help_text = ('The role of subnetwork. This field is required when the '
'purpose is set to REGIONAL_MANAGED_PROXY or '
'INTERNAL_HTTPS_LOAD_BALANCER.')
parser.add_argument(
'--role',
choices={
'ACTIVE': 'The ACTIVE subnet that is currently used.',
'BACKUP': 'The BACKUP subnet that could be promoted to ACTIVE.'
},
type=lambda x: x.replace('-', '_').upper(),
help=help_text)
# Add private ipv6 google access enum based on api version.
messages = apis.GetMessagesModule('compute', api_version)
GetPrivateIpv6GoogleAccessTypeFlagMapper(messages).choice_arg.AddToParser(
parser)
parser.add_argument(
'--stack-type',
choices={
'IPV4_ONLY':
'New VMs in this subnet will only be assigned IPv4 addresses',
'IPV4_IPV6':
'New VMs in this subnet can have both IPv4 and IPv6 addresses'
},
type=arg_utils.ChoiceToEnumName,
help=('The stack type for this subnet. Determines if IPv6 is enabled '
'on the subnet. If not specified IPV4_ONLY will be used.'))
ipv6_access_type_choices = {
'EXTERNAL': 'VMs in this subnet can have external IPv6.',
'INTERNAL': 'VMs in this subnet can have internal IPv6.'
}
parser.add_argument(
'--ipv6-access-type',
choices=ipv6_access_type_choices,
type=arg_utils.ChoiceToEnumName,
help=('IPv6 access type can be specified only when the subnet is '
'created, or when the subnet is first updated to have a stack '
'type of IPV4_IPV6. Once set, the access type is immutable.'))
parser.display_info.AddCacheUpdater(network_flags.NetworksCompleter)
if include_l2:
l2_args = parser.add_group(help='L2 networking specifications.')
l2_args.add_argument(
'--enable-l2',
action='store_true',
required=True,
help="""\
If set to true, enables l2 networking capability on subnetwork.
""")
l2_args.add_argument(
'--vlan',
type=int,
metavar='VLAN',
help="""\
Specifies ID of the vlan to tag the subnetwork.
""")
if include_reserved_internal_range:
parser.add_argument(
'--reserved-internal-range',
help=("""
If set, the primary IP range of the subnetwork will be
associated with the given InternalRange resource.
If --range is set, the subnetwork will only use the given IP range.
It has to be contained by the IP range defined by the InternalRange resource.
For example,
--range=10.0.0.0/24
--reserved-internal-range //networkconnectivity.googleapis.com/projects/PROJECT/locations/global/internalRanges/RANGE
If --range is not set, the subnetwork will use the entire IP range
defined by the InternalRange resource.
For example, `--reserved-internal-range //networkconnectivity.googleapis.com/projects/PROJECT/locations/global/internalRanges/RANGE`
"""))
parser.add_argument(
'--secondary-range-with-reserved-internal-range',
type=arg_parsers.ArgDict(min_length=1),
action='append',
metavar='RANGE_NAME=INTERNAL_RANGE_URL',
help="""\
Adds secondary IP ranges that are associated with InternalRange
resources.
For example, `--secondary-range-with-reserved-internal-range
range1=//networkconnectivity.googleapis.com/projects/PROJECT/locations/global/internalRanges/RANGE`
adds a secondary range with the reserved internal range resource.
* `RANGE_NAME` - Name of the secondary range.
* `INTERNAL_RANGE_URL` - `URL of an InternalRange resource.`
""")
def _AddArgs(cls, parser, include_alpha=False):
"""Add subnetwork create arguments to parser."""
cls.SUBNETWORK_ARG = flags.SubnetworkArgument()
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'The network to which the subnetwork belongs.')
cls.SUBNETWORK_ARG.AddArgument(parser, operation_type='create')
cls.NETWORK_ARG.AddArgument(parser)
parser.add_argument('--description',
help='An optional description of this subnetwork.')
parser.add_argument(
'--range',
required=True,
help='The IP space allocated to this subnetwork in CIDR format.')
parser.add_argument(
'--enable-private-ip-google-access',
action='store_true',
default=False,
help=(
'Enable/disable access to Google Cloud APIs from this subnet for '
'instances without a public ip address.'))
parser.add_argument('--secondary-range',
type=arg_parsers.ArgDict(min_length=1),
action='append',
metavar='PROPERTY=VALUE',
help="""\
Adds a secondary IP range to the subnetwork for use in IP aliasing.
For example, `--secondary-range range1=192.168.64.0/24` adds
a secondary range 192.168.64.0/24 with name range1.
* `RANGE_NAME` - Name of the secondary range.
* `RANGE` - `IP range in CIDR format.`
""")
parser.add_argument(
'--enable-flow-logs',
action='store_true',
default=None,
help=(
'Enable/disable VPC flow logging for this subnet. More information '
'for VPC flow logs can be found at '
'https://cloud.google.com/vpc/docs/using-flow-logs.'))
if include_alpha:
parser.add_argument(
'--purpose',
choices={
'PRIVATE_RFC_1918':
'Regular user created or automatically created subnet.',
'INTERNAL_HTTPS_LOAD_BALANCER':
'Reserved for Internal HTTP(S) Load Balancing.'
},
type=lambda x: x.replace('-', '_').upper(),
help='The purpose of this subnetwork.')
parser.add_argument(
'--role',
choices={
'ACTIVE': 'The ACTIVE subnet that is currently used.',
'BACKUP': 'The BACKUP subnet that could be promoted to ACTIVE.'
},
type=lambda x: x.replace('-', '_').upper(),
help=
('The role of subnetwork. This field is only used when'
'purpose=INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to '
'ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently '
'being used for Internal HTTP(S) Load Balancing. A BACKUP '
'subnetwork is one that is ready to be promoted to ACTIVE or is '
'currently draining.'))
aggregation_interval_argument = base.ChoiceArgument(
'--aggregation-interval',
choices=[
'interval-5-sec', 'interval-30-sec', 'interval-1-min',
'interval-5-min', 'interval-10-min', 'interval-15-min'
],
help_str="""\
Can only be specified if VPC flow logging for this subnetwork is
enabled. Toggles the aggregation interval for collecting flow logs.
Increasing the interval time will reduce the amount of generated flow
logs for long lasting connections. Default is an interval of 5 seconds
per connection.
""")
aggregation_interval_argument.AddToParser(parser)
parser.add_argument('--flow-sampling',
type=arg_parsers.BoundedFloat(lower_bound=0.0,
upper_bound=1.0),
help="""\
Can only be specified if VPC flow logging for this subnetwork is
enabled. The value of the field must be in [0, 1]. Set the sampling rate
of VPC flow logs within the subnetwork where 1.0 means all collected
logs are reported and 0.0 means no logs are reported. Default is 0.5
which means half of all collected logs are reported.
""")
metadata_argument = base.ChoiceArgument(
'--metadata',
choices=['include-all-metadata', 'exclude-all-metadata'],
help_str="""\
Can only be specified if VPC flow logging for this subnetwork is
enabled. Configures whether metadata fields should be added to the
reported VPC flow logs. Default is to include all metadata.
""")
metadata_argument.AddToParser(parser)
# limitations under the License.
"""Command to create a new VPN gateway."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute.vpn_gateways import vpn_gateways_utils
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.networks import flags as network_flags
from googlecloudsdk.command_lib.compute.vpn_gateways import flags
_VPN_GATEWAY_ARG = flags.GetVpnGatewayArgument()
_NETWORK_ARG = network_flags.NetworkArgumentForOtherResource("""\
A reference to a network to which the VPN gateway is attached.
""")
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA)
class Create(base.CreateCommand):
"""Create a new Google Compute Engine High Available VPN gateway.
*{command}* creates a new High Available VPN gateway.
High Available VPN Gateway provides a means to create a VPN solution with a
higher availability SLA compared to Classic Target VPN Gateway.
High Available VPN gateways are referred to as simply VPN gateways in the
API documentation and gcloud commands.
A VPN Gateway can reference one or more VPN tunnels that connect it to
external VPN gateways or Cloud VPN Gateways.
def _AddArgs(cls, parser, include_beta=False, include_alpha=False):
"""Add subnetwork create arguments to parser."""
cls.SUBNETWORK_ARG = flags.SubnetworkArgument()
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'The network to which the subnetwork belongs.')
cls.SUBNETWORK_ARG.AddArgument(parser, operation_type='create')
cls.NETWORK_ARG.AddArgument(parser)
parser.add_argument('--description',
help='An optional description of this subnetwork.')
parser.add_argument(
'--range',
required=True,
help='The IP space allocated to this subnetwork in CIDR format.')
parser.add_argument(
'--enable-private-ip-google-access',
action='store_true',
default=False,
help=(
'Enable/disable access to Google Cloud APIs from this subnet for '
'instances without a public ip address.'))
parser.add_argument('--secondary-range',
type=arg_parsers.ArgDict(min_length=1),
action='append',
metavar='PROPERTY=VALUE',
help="""\
Adds a secondary IP range to the subnetwork for use in IP aliasing.
For example, `--secondary-range range1=192.168.64.0/24` adds
a secondary range 192.168.64.0/24 with name range1.
* `RANGE_NAME` - Name of the secondary range.
* `RANGE` - `IP range in CIDR format.`
""")
parser.add_argument(
'--enable-flow-logs',
action='store_true',
default=None,
help=(
'Enable/disable VPC flow logging for this subnet. More information '
'for VPC flow logs can be found at '
'https://cloud.google.com/vpc/docs/using-flow-logs.'))
if include_beta:
messages = apis.GetMessagesModule('compute',
compute_api.COMPUTE_BETA_API_VERSION)
flags.AddLoggingAggregationInterval(parser, messages)
parser.add_argument('--logging-flow-sampling',
type=arg_parsers.BoundedFloat(lower_bound=0.0,
upper_bound=1.0),
help="""\
Can only be specified if VPC flow logging for this subnetwork is
enabled. The value of the field must be in [0, 1]. Set the sampling rate
of VPC flow logs within the subnetwork where 1.0 means all collected
logs are reported and 0.0 means no logs are reported. Default is 0.5
which means half of all collected logs are reported.
""")
flags.AddLoggingMetadata(parser, messages)
if include_alpha:
messages = apis.GetMessagesModule(
'compute', compute_api.COMPUTE_ALPHA_API_VERSION)
parser.add_argument(
'--purpose',
choices={
'PRIVATE':
'Regular user created or automatically created subnet.',
'INTERNAL_HTTPS_LOAD_BALANCER':
'Reserved for Internal HTTP(S) Load Balancing.'
},
type=lambda x: x.replace('-', '_').upper(),
help='The purpose of this subnetwork.')
parser.add_argument(
'--role',
choices={
'ACTIVE': 'The ACTIVE subnet that is currently used.',
'BACKUP': 'The BACKUP subnet that could be promoted to ACTIVE.'
},
type=lambda x: x.replace('-', '_').upper(),
help=
('The role of subnetwork. This field is only used when'
'purpose=INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to '
'ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently '
'being used for Internal HTTP(S) Load Balancing. A BACKUP '
'subnetwork is one that is ready to be promoted to ACTIVE or is '
'currently draining.'))
flags.AddLoggingAggregationIntervalAlpha(parser, messages)
parser.add_argument('--flow-sampling',
type=arg_parsers.BoundedFloat(lower_bound=0.0,
upper_bound=1.0),
help="""\
Can only be specified if VPC flow logging for this subnetwork is
enabled. The value of the field must be in [0, 1]. Set the sampling rate
of VPC flow logs within the subnetwork where 1.0 means all collected
logs are reported and 0.0 means no logs are reported. Default is 0.5
which means half of all collected logs are reported.
""")
flags.AddLoggingMetadataAlpha(parser, messages)
parser.add_argument(
'--enable-private-ipv6-access',
action='store_true',
default=None,
help=('Enable/disable private IPv6 access for the subnet.'))
GetPrivateIpv6GoogleAccessTypeFlagMapper(
messages).choice_arg.AddToParser(parser)
def _AddArgs(cls, parser, include_alpha=False):
"""Add subnetwork create arguments to parser."""
cls.SUBNETWORK_ARG = flags.SubnetworkArgument()
cls.NETWORK_ARG = network_flags.NetworkArgumentForOtherResource(
'The network to which the subnetwork belongs.')
cls.SUBNETWORK_ARG.AddArgument(parser, operation_type='create')
cls.NETWORK_ARG.AddArgument(parser)
parser.add_argument('--description',
help='An optional description of this subnetwork.')
parser.add_argument(
'--range',
required=True,
help='The IP space allocated to this subnetwork in CIDR format.')
parser.add_argument(
'--enable-private-ip-google-access',
action='store_true',
default=False,
help=(
'Enable/disable access to Google Cloud APIs from this subnet for '
'instances without a public ip address.'))
parser.add_argument('--secondary-range',
type=arg_parsers.ArgDict(min_length=1),
action='append',
metavar='PROPERTY=VALUE',
help="""\
Adds a secondary IP range to the subnetwork for use in IP aliasing.
For example, `--secondary-range range1=192.168.64.0/24` adds
a secondary range 192.168.64.0/24 with name range1.
* `RANGE_NAME` - Name of the secondary range.
* `RANGE` - `IP range in CIDR format.`
""")
parser.add_argument(
'--enable-flow-logs',
action='store_true',
default=None,
help=(
'Enable/disable VPC flow logging for this subnet. More information '
'for VPC flow logs can be found at '
'https://cloud.google.com/vpc/docs/using-flow-logs.'))
if include_alpha:
parser.add_argument(
'--purpose',
choices={
'PRIVATE_RFC_1918':
'Regular user created or automatically created subnet.',
'INTERNAL_HTTPS_LOAD_BALANCER':
'Reserved for Internal HTTP(S) Load Balancing.'
},
type=lambda x: x.replace('-', '_').upper(),
help='The purpose of this subnetwork.')
parser.add_argument(
'--role',
choices={
'ACTIVE': 'The ACTIVE subnet that is currently used.',
'BACKUP': 'The BACKUP subnet that could be promoted to ACTIVE.'
},
type=lambda x: x.replace('-', '_').upper(),
help=
('The role of subnetwork. This field is only used when'
'purpose=INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to '
'ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently '
'being used for Internal HTTP(S) Load Balancing. A BACKUP '
'subnetwork is one that is ready to be promoted to ACTIVE or is '
'currently draining.'))
def _AddArgs(parser, include_alpha_logging, include_l7_internal_load_balancing,
include_private_ipv6_access, include_aggregate_purpose):
"""Add subnetwork create arguments to parser."""
parser.display_info.AddFormat(flags.DEFAULT_LIST_FORMAT)
flags.SubnetworkArgument().AddArgument(parser, operation_type='create')
network_flags.NetworkArgumentForOtherResource(
'The network to which the subnetwork belongs.').AddArgument(parser)
messages = apis.GetMessagesModule('compute',
compute_api.COMPUTE_GA_API_VERSION)
parser.add_argument(
'--description', help='An optional description of this subnetwork.')
parser.add_argument(
'--range',
required=True,
help='The IP space allocated to this subnetwork in CIDR format.')
parser.add_argument(
'--enable-private-ip-google-access',
action='store_true',
default=False,
help=('Enable/disable access to Google Cloud APIs from this subnet for '
'instances without a public ip address.'))
parser.add_argument(
'--secondary-range',
type=arg_parsers.ArgDict(min_length=1),
action='append',
metavar='PROPERTY=VALUE',
help="""\
Adds a secondary IP range to the subnetwork for use in IP aliasing.
For example, `--secondary-range range1=192.168.64.0/24` adds
a secondary range 192.168.64.0/24 with name range1.
* `RANGE_NAME` - Name of the secondary range.
* `RANGE` - `IP range in CIDR format.`
""")
parser.add_argument(
'--enable-flow-logs',
action='store_true',
default=None,
help=('Enable/disable VPC flow logging for this subnet. More information '
'for VPC flow logs can be found at '
'https://cloud.google.com/vpc/docs/using-flow-logs.'))
flags.AddLoggingAggregationInterval(parser, messages)
parser.add_argument(
'--logging-flow-sampling',
type=arg_parsers.BoundedFloat(lower_bound=0.0, upper_bound=1.0),
help="""\
Can only be specified if VPC flow logging for this subnetwork is
enabled. The value of the field must be in [0, 1]. Set the sampling rate
of VPC flow logs within the subnetwork where 1.0 means all collected
logs are reported and 0.0 means no logs are reported. Default is 0.5
which means half of all collected logs are reported.
""")
if include_alpha_logging:
messages = apis.GetMessagesModule('compute',
compute_api.COMPUTE_ALPHA_API_VERSION)
flags.AddLoggingAggregationIntervalDeprecated(parser, messages)
parser.add_argument(
'--flow-sampling',
type=arg_parsers.BoundedFloat(lower_bound=0.0, upper_bound=1.0),
help="""\
Can only be specified if VPC flow logging for this subnetwork is
enabled. The value of the field must be in [0, 1]. Set the sampling rate
of VPC flow logs within the subnetwork where 1.0 means all collected
logs are reported and 0.0 means no logs are reported. Default is 0.5
which means half of all collected logs are reported.
""")
flags.AddLoggingMetadataDeprecated(parser, messages)
parser.add_argument(
'--logging-filter-expr',
help="""\
Can only be specified if VPC flow logs for this subnetwork is enabled.
Export filter used to define which VPC flow logs should be logged.
""")
flags.AddLoggingMetadataAlpha(parser, messages)
parser.add_argument(
'--logging-metadata-fields',
type=arg_parsers.ArgList(),
metavar='METADATA_FIELD',
default=None,
help="""\
Can only be specified if VPC flow logs for this subnetwork is enabled
and "metadata" is set to CUSTOM_METADATA. The custom list of metadata
fields that should be added to reported VPC flow logs.
""")
else:
flags.AddLoggingMetadata(parser, messages)
purpose_choices = {
'PRIVATE':
'Regular user created or automatically created subnet.',
'INTERNAL_HTTPS_LOAD_BALANCER':
'Reserved for Internal HTTP(S) Load Balancing.',
}
if include_aggregate_purpose:
purpose_choices['AGGREGATE'] = (
'Reserved for Aggregate Ranges used for aggregating '
'private subnetworks.')
# Subnetwork purpose is introduced with L7ILB feature. Aggregate purpose
# will have to be enabled for a given release track only after L7ILB feature
# is enabled for that release track. Hence if include_aggregate_purpose
# true, this code assumes that L7ILB purpose is enabled.
if include_l7_internal_load_balancing:
parser.add_argument(
'--purpose',
choices=purpose_choices,
type=arg_utils.ChoiceToEnumName,
help='The purpose of this subnetwork.')
if include_l7_internal_load_balancing:
parser.add_argument(
'--role',
choices={
'ACTIVE': 'The ACTIVE subnet that is currently used.',
'BACKUP': 'The BACKUP subnet that could be promoted to ACTIVE.'
},
type=lambda x: x.replace('-', '_').upper(),
help=('The role of subnetwork. This field is only used when'
'purpose=INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to '
'ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently '
'being used for Internal HTTP(S) Load Balancing. A BACKUP '
'subnetwork is one that is ready to be promoted to ACTIVE or is '
'currently draining.'))
if include_private_ipv6_access:
parser.add_argument(
'--enable-private-ipv6-access',
action='store_true',
default=None,
help=('Enable/disable private IPv6 access for the subnet.'))
GetPrivateIpv6GoogleAccessTypeFlagMapper(messages).choice_arg.AddToParser(
parser)
parser.add_argument(
'--private-ipv6-google-access-service-accounts',
default=None,
metavar='EMAIL',
type=arg_parsers.ArgList(min_length=1),
help="""\
The service accounts can be used to selectively turn on Private IPv6
Google Access only on the VMs primary service account matching the
value.
""")
parser.display_info.AddCacheUpdater(network_flags.NetworksCompleter)
