Exemplo n.º 1
0
    def Run(self, args):
        """Deletes a whole policy or removes rules containing the specified condition from the policy.

    If --condition is not specified, then the policy is deleted using
    DeletePolicy.

    If --condition is specified, then the policy is fetched using GetPolicy. It
    then searches for and removes the rules that contain the specified condition
    from the policy. If the policy is empty after this operation and
    inheritFromParent is False, the policy is deleted using DeletePolicy. If
    not, the policy is updated using UpdatePolicy.

    Args:
      args: argparse.Namespace, An object that contains the values for the
        arguments specified in the Args method.

    Returns:
       If the policy is deleted, then messages.GoogleProtobufEmpty. If only
       a partial delete is issued, then the updated policy.
    """
        policy_service = org_policy_service.PolicyService()
        org_policy_messages = org_policy_service.OrgPolicyMessages()

        policy_name = utils.GetPolicyNameFromArgs(args)

        if args.IsSpecified('condition') and args.IsSpecified('label_parent'):
            utils.TransformLabelDisplayNameConditionToLabelNameCondition(args)

        if args.condition is not None:
            get_request = org_policy_messages.OrgpolicyPoliciesGetRequest(
                name=policy_name)
            policy = policy_service.Get(get_request)

            new_policy = copy.deepcopy(policy)
            new_policy.spec.rules = org_policy_utils.GetNonMatchingRulesFromPolicy(
                policy, args.condition)

            if policy == new_policy:
                return policy

            if new_policy.spec.rules or new_policy.spec.inheritFromParent:
                update_request = org_policy_messages.OrgpolicyPoliciesPatchRequest(
                    name=policy_name,
                    forceUnconditionalWrite=False,
                    googleCloudOrgpolicyV2alpha1Policy=new_policy)
                update_response = policy_service.Patch(update_request)
                log.UpdatedResource(policy_name, 'policy')
                return update_response

        delete_request = org_policy_messages.OrgpolicyPoliciesDeleteRequest(
            name=policy_name)
        delete_response = policy_service.Delete(delete_request)
        log.DeletedResource(policy_name, 'policy')
        return delete_response
Exemplo n.º 2
0
    def Run(self, args):
        """Extends the superclass method to process label aliasing.

    Args:
      args: argparse.Namespace, An object that contains the values for the
        arguments specified in the Args method.
    """

        if args.IsSpecified('condition') and args.IsSpecified('label_parent'):
            utils.TransformLabelDisplayNameConditionToLabelNameCondition(args)

        return super(EnableEnforce, self).Run(args)
Exemplo n.º 3
0
    def Run(self, args):
        """Extends the superclass method to do validation and disable creation of a new policy if --remove is specified.

    Args:
      args: argparse.Namespace, An object that contains the values for the
        arguments specified in the Args method.
    """
        if not args.value and args.remove:
            raise exceptions.InvalidInputError(
                'One or more values need to be specified if --remove is specified.'
            )

        if args.remove:
            self.disable_create = True

        if args.IsSpecified('condition') and args.IsSpecified('label_parent'):
            utils.TransformLabelDisplayNameConditionToLabelNameCondition(args)

        return super(Allow, self).Run(args)