def Run(self, args): """Roll back to the previous server CA cert for a Cloud SQL instance. Args: args: argparse.Namespace, The arguments that this command was invoked with. Returns: The Server CA Cert that was rolled back to, if the operation was successful. """ client = api_util.SqlClient(api_util.API_VERSION_DEFAULT) sql_client = client.sql_client sql_messages = client.sql_messages validate.ValidateInstanceName(args.instance) instance_ref = client.resource_parser.Parse( args.instance, params={'project': properties.VALUES.core.project.GetOrFail}, collection='sql.instances') previous_server_ca = server_ca_certs.GetPreviousServerCa( sql_client, sql_messages, instance_ref) if not previous_server_ca: raise exceptions.ResourceNotFoundError( 'No previous Server CA Certificate exists.') result_operation = sql_client.instances.RotateServerCa( sql_messages.SqlInstancesRotateServerCaRequest( project=instance_ref.project, instance=instance_ref.instance, instancesRotateServerCaRequest=sql_messages. InstancesRotateServerCaRequest( rotateServerCaContext=sql_messages.RotateServerCaContext( nextVersion=previous_server_ca.sha1Fingerprint)))) operation_ref = client.resource_parser.Create( 'sql.operations', operation=result_operation.name, project=instance_ref.project) operations.OperationsV1Beta4.WaitForOperation( sql_client, operation_ref, 'Rolling back to previous Server CA Certificate') return previous_server_ca
def Run(self, args): """Displays configuration and metadata about a Cloud SQL instance. Information such as instance name, IP address, region, the CA certificate and configuration settings will be displayed. Args: args: argparse.Namespace, The arguments that this command was invoked with. Returns: A dict object representing the instance resource if fetching the instance was successful. Raises: HttpException: A http error response was received while executing api request. ResourceNotFoundError: The SQL instance was not found. """ client = api_util.SqlClient(api_util.API_VERSION_DEFAULT) sql_client = client.sql_client sql_messages = client.sql_messages validate.ValidateInstanceName(args.instance) instance_ref = client.resource_parser.Parse( args.instance, params={'project': properties.VALUES.core.project.GetOrFail}, collection='sql.instances') try: instance = sql_client.instances.Get( sql_messages.SqlInstancesGetRequest( project=instance_ref.project, instance=instance_ref.instance)) instance.state = instance_api_util.GetInstanceState(instance) # TODO(b/122660263): Remove when V1 instances are no longer supported. if instance_api_util.IsInstanceV1(instance): instance_command_util.ShowV1DeprecationWarning() return instance except apitools_exceptions.HttpError as error: if error.status_code == six.moves.http_client.FORBIDDEN: raise exceptions.ResourceNotFoundError( 'There was no instance found at {} or you are not authorized to ' 'access it.'.format(instance_ref.RelativeName())) raise calliope_exceptions.HttpException(error)
def _AllowlistClientIP(instance_ref, sql_client, sql_messages, resources, minutes=5): """Add CLIENT_IP to the authorized networks list. Makes an API call to add CLIENT_IP to the authorized networks list. The server knows to interpret the string CLIENT_IP as the address with which the client reaches the server. This IP will be allowlisted for 1 minute. Args: instance_ref: resources.Resource, The instance we're connecting to. sql_client: apitools.BaseApiClient, A working client for the sql version to be used. sql_messages: module, The module that defines the messages for the sql version to be used. resources: resources.Registry, The registry that can create resource refs for the sql version to be used. minutes: How long the client IP will be allowlisted for, in minutes. Returns: string, The name of the authorized network rule. Callers can use this name to find out the IP the client reached the server with. Raises: HttpException: An http error response was received while executing api request. ResourceNotFoundError: The SQL instance was not found. """ time_of_connection = network.GetCurrentTime() acl_name = 'sql connect at time {0}'.format(time_of_connection) user_acl = sql_messages.AclEntry( kind='sql#aclEntry', name=acl_name, expirationTime=iso_duration.Duration( minutes=minutes).GetRelativeDateTime(time_of_connection) # TODO(b/122989827): Remove this once the datetime parsing is fixed. # Setting the microseconds component to 10 milliseconds. This complies # with backend formatting restrictions, since backend requires a microsecs # component and anything less than 1 milli will get truncated. .replace(microsecond=10000).isoformat(), value='CLIENT_IP') try: original = sql_client.instances.Get( sql_messages.SqlInstancesGetRequest( project=instance_ref.project, instance=instance_ref.instance)) except apitools_exceptions.HttpError as error: if error.status_code == six.moves.http_client.FORBIDDEN: raise exceptions.ResourceNotFoundError( 'There was no instance found at {} or you are not authorized to ' 'connect to it.'.format(instance_ref.RelativeName())) raise calliope_exceptions.HttpException(error) # TODO(b/122989827): Remove this once the datetime parsing is fixed. original.serverCaCert = None original.settings.ipConfiguration.authorizedNetworks.append(user_acl) try: patch_request = sql_messages.SqlInstancesPatchRequest( databaseInstance=original, project=instance_ref.project, instance=instance_ref.instance) result = sql_client.instances.Patch(patch_request) except apitools_exceptions.HttpError as error: raise calliope_exceptions.HttpException(error) operation_ref = resources.Create('sql.operations', operation=result.name, project=instance_ref.project) message = ('Allowlisting your IP for incoming connection for ' '{0} {1}'.format(minutes, text.Pluralize(minutes, 'minute'))) operations.OperationsV1Beta4.WaitForOperation(sql_client, operation_ref, message) return acl_name
def Run(self, args): """Delete a client certificate for a Cloud SQL instance. Args: args: argparse.Namespace, The arguments that this command was invoked with. Returns: A dict object representing the operations resource describing the delete operation if the api request was successful. Raises: ResourceNotFoundError: The ssl cert could not be found for the instance. """ client = api_util.SqlClient(api_util.API_VERSION_DEFAULT) sql_client = client.sql_client sql_messages = client.sql_messages validate.ValidateInstanceName(args.instance) instance_ref = client.resource_parser.Parse( args.instance, params={'project': properties.VALUES.core.project.GetOrFail}, collection='sql.instances') # TODO(b/36050482): figure out how to rectify the common_name and the # sha1fingerprint, so that things can work with the resource parser. console_io.PromptContinue( message='{0} will be deleted. New connections can no longer be made ' 'using this certificate. Existing connections are not affected.'. format(args.common_name), default=True, cancel_on_no=True) cert_ref = cert.GetCertRefFromName(sql_client, sql_messages, client.resource_parser, instance_ref, args.common_name) if not cert_ref: raise exceptions.ResourceNotFoundError( 'no ssl cert named [{name}] for instance [{instance}]'.format( name=args.common_name, instance=instance_ref)) result = sql_client.sslCerts.Delete( sql_messages.SqlSslCertsDeleteRequest( project=cert_ref.project, instance=cert_ref.instance, sha1Fingerprint=cert_ref.sha1Fingerprint)) operation_ref = client.resource_parser.Create('sql.operations', operation=result.name, project=cert_ref.project) if args. async: return sql_client.operations.Get( sql_messages.SqlOperationsGetRequest( project=operation_ref.project, instance=operation_ref.instance, operation=operation_ref.operation)) operations.OperationsV1Beta4.WaitForOperation(sql_client, operation_ref, 'Deleting sslCert') log.DeletedResource(cert_ref)