def _CreatePolicy(self, args):
"""Create the policy on the service if needed.
Args:
args: argparse.Namespace, An object that contains the values for the
arguments specified in the Args method.
Returns:
The created policy.
"""
name = utils.GetPolicyNameFromArgs(args)
constraint = utils.GetConstraintFromArgs(args)
parent = utils.GetResourceFromArgs(args)
empty_policy = self.org_policy_messages.GoogleCloudOrgpolicyV2alpha1Policy(
name=name,
spec=self.org_policy_messages.
GoogleCloudOrgpolicyV2alpha1PolicySpec())
new_policy = self.UpdatePolicy(empty_policy, args)
if not new_policy.spec.rules and not new_policy.spec.inheritFromParent and not new_policy.spec.reset:
# Return the response received after a successful DeletePolicy.
return self.org_policy_messages.GoogleProtobufEmpty()
create_request = self.org_policy_messages.OrgpolicyPoliciesCreateRequest(
constraint=constraint,
parent=parent,
googleCloudOrgpolicyV2alpha1Policy=new_policy)
create_response = self.policy_service.Create(create_request)
log.CreatedResource(name, 'policy')
return create_response
def _UpdateOrDeletePolicy(self, policy, args):
"""Update or delete the policy on the service as needed.
Args:
policy: messages.GoogleCloudOrgpolicyV2alpha1Policy, The policy object to
be updatedmen.
args: argparse.Namespace, An object that contains the values for the
arguments specified in the Args method.
Returns:
If the policy is deleted, then messages.GoogleProtobufEmpty. If the policy
is updated, then the updated policy.
"""
updated_policy = self.UpdatePolicy(policy, args)
if updated_policy == policy:
return policy
policy_name = utils.GetPolicyNameFromArgs(args)
if not updated_policy.spec.rules and not updated_policy.spec.inheritFromParent and not updated_policy.spec.reset:
delete_request = self.org_policy_messages.OrgpolicyPoliciesDeleteRequest(
name=policy_name)
delete_response = self.policy_service.Delete(delete_request)
log.DeletedResource(policy_name, 'policy')
return delete_response
update_request = self.org_policy_messages.OrgpolicyPoliciesPatchRequest(
name=policy_name,
forceUnconditionalWrite=False,
googleCloudOrgpolicyV2alpha1Policy=updated_policy)
update_response = self.policy_service.Patch(update_request)
log.UpdatedResource(policy_name, 'policy')
return update_response
def Run(self, args):
"""Gets the (effective) organization policy.
If --effective is not specified, then the policy is retrieved using
GetPolicy.
If --effective is specified, then the effective policy is retrieved using
GetEffectivePolicy.
Args:
args: argparse.Namespace, An object that contains the values for the
arguments specified in the Args method.
Returns:
The retrieved policy.
"""
policy_service = org_policy_service.PolicyService()
org_policy_messages = org_policy_service.OrgPolicyMessages()
policy_name = utils.GetPolicyNameFromArgs(args)
if args.effective:
get_request = org_policy_messages.OrgpolicyPoliciesGetEffectivePolicyRequest(
name=policy_name)
return policy_service.GetEffectivePolicy(get_request)
get_request = org_policy_messages.OrgpolicyPoliciesGetRequest(
name=policy_name)
return policy_service.Get(get_request)
def _UpdateOrDeletePolicyAlpha(self, policy, args):
"""Update or delete the policy on the service as needed.
Args:
policy: messages.GoogleCloudOrgpolicy{api_version}Policy, The policy
object to be updated.
args: argparse.Namespace, An object that contains the values for the
arguments specified in the Args method.
Returns:
If the policy is deleted, then messages.GoogleProtobufEmpty. If the policy
is updated, then the updated policy.
"""
policy_copy = copy.deepcopy(policy)
policy_copy.spec.reset = None
updated_policy = self.UpdatePolicy(policy_copy, args)
if updated_policy == policy:
return policy
policy_name = utils.GetPolicyNameFromArgs(args)
if not updated_policy.spec.rules and not updated_policy.spec.inheritFromParent and not updated_policy.spec.reset:
delete_response = self.org_policy_api.DeletePolicy(policy_name)
log.DeletedResource(policy_name, 'policy')
return delete_response
update_response = self.org_policy_api.UpdatePolicy(updated_policy)
log.UpdatedResource(policy_name, 'policy')
return update_response
def testGetPolicyNameFromArgs_ConstraintPrefixPresent_ReturnsName(self):
args = self.parser.parse_args([
self.CONSTRAINT_WITH_PREFIX, self.RESOURCE_FLAG, self.RESOURCE_ID
])
name = utils.GetPolicyNameFromArgs(args)
self.assertEqual(name, self.POLICY_NAME)
def Run(self, args):
"""Deletes a whole policy or removes rules containing the specified condition from the policy.
If --condition is not specified, then the policy is deleted using
DeletePolicy.
If --condition is specified, then the policy is fetched using GetPolicy. It
then searches for and removes the rules that contain the specified condition
from the policy. If the policy is empty after this operation and
inheritFromParent is False, the policy is deleted using DeletePolicy. If
not, the policy is updated using UpdatePolicy.
Args:
args: argparse.Namespace, An object that contains the values for the
arguments specified in the Args method.
Returns:
If the policy is deleted, then messages.GoogleProtobufEmpty. If only
a partial delete is issued, then the updated policy.
"""
policy_service = org_policy_service.PolicyService()
org_policy_messages = org_policy_service.OrgPolicyMessages()
policy_name = utils.GetPolicyNameFromArgs(args)
if args.IsSpecified('condition') and args.IsSpecified('label_parent'):
utils.TransformLabelDisplayNameConditionToLabelNameCondition(args)
if args.condition is not None:
get_request = org_policy_messages.OrgpolicyPoliciesGetRequest(
name=policy_name)
policy = policy_service.Get(get_request)
new_policy = copy.deepcopy(policy)
new_policy.spec.rules = org_policy_utils.GetNonMatchingRulesFromPolicy(
policy, args.condition)
if policy == new_policy:
return policy
if new_policy.spec.rules or new_policy.spec.inheritFromParent:
update_request = org_policy_messages.OrgpolicyPoliciesPatchRequest(
name=policy_name,
forceUnconditionalWrite=False,
googleCloudOrgpolicyV2alpha1Policy=new_policy)
update_response = policy_service.Patch(update_request)
log.UpdatedResource(policy_name, 'policy')
return update_response
delete_request = org_policy_messages.OrgpolicyPoliciesDeleteRequest(
name=policy_name)
delete_response = policy_service.Delete(delete_request)
log.DeletedResource(policy_name, 'policy')
return delete_response
def _GetPolicy(self, args):
"""Get the policy from the service.
Args:
args: argparse.Namespace, An object that contains the values for the
arguments specified in the Args method.
Returns:
The retrieved policy, or None if not found.
"""
name = utils.GetPolicyNameFromArgs(args)
try:
return self.org_policy_api.GetPolicy(name)
except api_exceptions.HttpNotFoundError as e:
if self.disable_create:
raise e
def Run(self, args):
"""Deletes an organization policy.
The policy is deleted using DeletePolicy.
Args:
args: argparse.Namespace, An object that contains the values for the
arguments specified in the Args method.
Returns:
If the policy is deleted, then messages.GoogleProtobufEmpty.
"""
org_policy_api = org_policy_service.OrgPolicyApi(self.ReleaseTrack())
policy_name = utils.GetPolicyNameFromArgs(args)
delete_response = org_policy_api.DeletePolicy(policy_name)
log.DeletedResource(policy_name, 'policy')
return delete_response
def _UpdateOrDeletePolicy(self, policy, args):
"""Update or delete the policy on the service as needed.
Only updates the live spec if needed. The dryrun spec if exists, will remain
unchanged.
Args:
policy: messages.GoogleCloudOrgpolicy{api_version}Policy, The policy
object to be updated.
args: argparse.Namespace, An object that contains the values for the
arguments specified in the Args method.
Returns:
If the policy is deleted, then messages.GoogleProtobufEmpty. If the policy
is updated, then the updated policy.
"""
policy_copy = copy.deepcopy(policy)
if not policy_copy.spec:
policy_copy.spec = self.org_policy_api.CreateEmptyPolicySpec()
policy_copy.spec.reset = None
updated_policy = self.UpdatePolicy(policy_copy, args)
if updated_policy == policy:
return policy
policy_name = utils.GetPolicyNameFromArgs(args)
if (not updated_policy.spec.rules
and not updated_policy.spec.inheritFromParent
and not updated_policy.spec.reset
and not updated_policy.dryRunSpec):
delete_response = self.org_policy_api.DeletePolicy(policy_name)
log.DeletedResource(policy_name, 'policy')
return delete_response
update_response = None
if updated_policy.dryRunSpec:
update_response = self.org_policy_api.UpdatePolicy(
updated_policy, update_mask='policy.spec')
else:
update_response = self.org_policy_api.UpdatePolicy(updated_policy)
log.UpdatedResource(policy_name, 'policy')
return update_response
def _CreatePolicy(self, args):
"""Create the policy on the service if needed.
Args:
args: argparse.Namespace, An object that contains the values for the
arguments specified in the Args method.
Returns:
The created policy.
"""
name = utils.GetPolicyNameFromArgs(args)
empty_policy = self.org_policy_api.BuildPolicy(name)
new_policy = self.UpdatePolicy(empty_policy, args)
if not new_policy.spec.rules and not new_policy.spec.inheritFromParent and not new_policy.spec.reset:
return self.org_policy_api.messages.GoogleProtobufEmpty()
create_response = self.org_policy_api.CreatePolicy(new_policy)
log.CreatedResource(name, 'policy')
return create_response
def Run(self, args):
"""Gets the (effective) organization policy.
If --effective is not specified, then the policy is retrieved using
GetPolicy.
If --effective is specified, then the effective policy is retrieved using
GetEffectivePolicy.
Args:
args: argparse.Namespace, An object that contains the values for the
arguments specified in the Args method.
Returns:
The retrieved policy.
"""
org_policy_api = org_policy_service.OrgPolicyApi(self.ReleaseTrack())
policy_name = utils.GetPolicyNameFromArgs(args)
if args.effective:
return org_policy_api.GetEffectivePolicy(policy_name)
return org_policy_api.GetPolicy(policy_name)
