def Patch(self, policy_ref, title=None): """Patch an access policy. Args: policy_ref: resources.Resource, reference to the policy to patch title: str, title of the policy or None if not updating Returns: AccessPolicy, the updated access policy """ policy = self.messages.AccessPolicy() update_mask = [] if title is not None: update_mask.append('title') policy.title = title update_mask.sort() # For ease-of-testing m = self.messages request_type = m.AccesscontextmanagerAccessPoliciesPatchRequest request = request_type( accessPolicy=policy, name=policy_ref.RelativeName(), updateMask=','.join(update_mask), ) operation = self.client.accessPolicies.Patch(request) poller = waiter.CloudOperationPoller(self.client.accessPolicies, self.client.operations) poller = util.OperationPoller(self.client.accessPolicies, self.client.operations, policy_ref) operation_ref = resources.REGISTRY.Parse( operation.name, collection='accesscontextmanager.operations') return waiter.WaitFor( poller, operation_ref, 'Waiting for PATCH operation [{}]'.format(operation_ref.Name()))
def Patch(self, level_ref, description=None, title=None, combine_function=None, basic_level_conditions=None): """Patch an access level. Args: level_ref: resources.Resource, reference to the level to patch description: str, description of the level or None if not updating title: str, title of the level or None if not updating combine_function: ZoneTypeValueValuesEnum, combine function enum value of the level or None if not updating basic_level_conditions: list of Condition, the conditions for a basic level or None if not updating Returns: AccessLevel, the updated access level """ level = self.messages.AccessLevel() update_mask = [] if description is not None: update_mask.append('description') level.description = description if title is not None: update_mask.append('title') level.title = title if combine_function is not None: update_mask.append('basic.combiningFunction') level.basic = level.basic or self.messages.BasicLevel() level.basic.combiningFunction = combine_function if basic_level_conditions is not None: update_mask.append('basic.conditions') level.basic = level.basic or self.messages.BasicLevel() level.basic.conditions = basic_level_conditions update_mask.sort() # For ease-of-testing m = self.messages request_type = m.AccesscontextmanagerAccessPoliciesAccessLevelsPatchRequest request = request_type( accessLevel=level, name=level_ref.RelativeName(), updateMask=','.join(update_mask), ) operation = self.client.accessPolicies_accessLevels.Patch(request) poller = util.OperationPoller(self.client.accessPolicies_accessLevels, self.client.operations, level_ref) operation_ref = resources.REGISTRY.Parse( operation.name, collection='accesscontextmanager.operations') return waiter.WaitFor( poller, operation_ref, 'Waiting for PATCH operation [{}]'.format(operation_ref.Name()))
def _ApplyPatch(self, perimeter_ref, perimeter, update_mask): """Applies a PATCH to the provided Service Perimeter.""" m = self.messages update_mask = sorted(update_mask) # For ease-of-testing request_type = ( m.AccesscontextmanagerAccessPoliciesServicePerimetersPatchRequest) request = request_type( servicePerimeter=perimeter, name=perimeter_ref.RelativeName(), updateMask=','.join(update_mask), ) operation = self.client.accessPolicies_servicePerimeters.Patch(request) poller = util.OperationPoller(self.client.accessPolicies_servicePerimeters, self.client.operations, perimeter_ref) operation_ref = core_resources.REGISTRY.Parse( operation.name, collection='accesscontextmanager.operations') return waiter.WaitFor( poller, operation_ref, 'Waiting for PATCH operation [{}]'.format(operation_ref.Name()))
def Patch(self, perimeter_ref, description=None, title=None, perimeter_type=None, resources=None, restricted_services=None, unrestricted_services=None, levels=None, ingress_allowed_services=None, vpc_allowed_services=None, bridge_allowed_services=None, enable_ingress_service_restriction=None, enable_vpc_service_restriction=None, enable_bridge_service_restriction=None): """Patch a service perimeter. Any non-None fields will be included in the update mask. Args: perimeter_ref: resources.Resource, reference to the perimeter to patch description: str, description of the zone or None if not updating title: str, title of the zone or None if not updating perimeter_type: PerimeterTypeValueValuesEnum type enum value for the level or None if not updating resources: list of str, the names of resources (for now, just 'projects/...') in the zone or None if not updating. restricted_services: list of str, the names of services ('example.googleapis.com') that *are* restricted by the access zone or None if not updating. unrestricted_services: list of str, the names of services ('example.googleapis.com') that *are not* restricted by the access zone or None if not updating. levels: list of Resource, the access levels (in the same policy) that must be satisfied for calls into this zone or None if not updating. ingress_allowed_services: list of str, the names of services ('example.googleapis.com') that *are* allowed to use Access Levels to make a cross access zone boundary call, or None if not updating. vpc_allowed_services: list of str, the names of services ('example.googleapis.com') that *are* allowed to be made within the access zone, or None if not updating. bridge_allowed_services: list of str, the names of services ('example.googleapis.com') that *are* allowed to use the bridge access zone, or None if not updating. enable_ingress_service_restriction: bool, whether to restrict the set of APIs callable outside the access zone via Access Levels, or None if not updating. enable_vpc_service_restriction: bool, whether to restrict the set of APIs callable within the access zone, or None if not updating. enable_bridge_service_restriction: bool, whether to restrict the set of APIs callable using the bridge access zone, or None if not updating. Returns: AccessZone, the updated access zone """ m = self.messages perimeter = m.ServicePerimeter() update_mask = [] if description is not None: update_mask.append('description') perimeter.description = description if title is not None: update_mask.append('title') perimeter.title = title if perimeter_type is not None: update_mask.append('perimeterType') perimeter.perimeterType = perimeter_type status = m.ServicePerimeterConfig() status_mutated = False if resources is not None: update_mask.append('status.resources') status.resources = resources status_mutated = True if self.include_unrestricted_services and unrestricted_services is not None: update_mask.append('status.unrestrictedServices') status.unrestrictedServices = unrestricted_services status_mutated = True if restricted_services is not None: update_mask.append('status.restrictedServices') status.restrictedServices = restricted_services status_mutated = True if levels is not None: update_mask.append('status.accessLevels') status.accessLevels = [l.RelativeName() for l in levels] status_mutated = True def AddServiceRestrictionFields(allowed_services, enable_restriction, restriction_type): """Utility function for adding service restriction fields.""" if allowed_services is None and enable_restriction is None: return False full_restriction_name = restriction_type + 'ServiceRestriction' # Set empty message if absent. if getattr(status, full_restriction_name) is None: restriction_message = getattr( m, restriction_type.capitalize() + 'ServiceRestriction')() setattr(status, full_restriction_name, restriction_message) if allowed_services is not None: update_mask.append('status.' + full_restriction_name + '.allowedServices') restriction_message = getattr(status, full_restriction_name) restriction_message.allowedServices = allowed_services if enable_restriction is not None: update_mask.append('status.' + full_restriction_name + '.enableRestriction') restriction_message = getattr(status, full_restriction_name) restriction_message.enableRestriction = enable_restriction return True status_mutated |= AddServiceRestrictionFields( allowed_services=ingress_allowed_services, enable_restriction=enable_ingress_service_restriction, restriction_type='ingress') status_mutated |= AddServiceRestrictionFields( allowed_services=vpc_allowed_services, enable_restriction=enable_vpc_service_restriction, restriction_type='vpc') status_mutated |= AddServiceRestrictionFields( allowed_services=bridge_allowed_services, enable_restriction=enable_bridge_service_restriction, restriction_type='bridge') if status_mutated: perimeter.status = status update_mask.sort() # For ease-of-testing # No update mask implies no fields were actually edited, so this is a no-op. if not update_mask: log.warning( 'The update specified results in an identical resource. Skipping request.' ) return perimeter request_type = ( m.AccesscontextmanagerAccessPoliciesServicePerimetersPatchRequest) request = request_type( servicePerimeter=perimeter, name=perimeter_ref.RelativeName(), updateMask=','.join(update_mask), ) operation = self.client.accessPolicies_servicePerimeters.Patch(request) poller = util.OperationPoller( self.client.accessPolicies_servicePerimeters, self.client.operations, perimeter_ref) operation_ref = core_resources.REGISTRY.Parse( operation.name, collection='accesscontextmanager.operations') return waiter.WaitFor( poller, operation_ref, 'Waiting for PATCH operation [{}]'.format(operation_ref.Name()))
def Patch(self, perimeter_ref, description=None, title=None, perimeter_type=None, resources=None, restricted_services=None, unrestricted_services=None, levels=None, vpc_allowed_services=None, enable_vpc_accessible_services=None, apply_to_dry_run_config=False, clear_dry_run=False): """Patch a service perimeter. Args: perimeter_ref: resources.Resource, reference to the perimeter to patch description: str, description of the zone or None if not updating title: str, title of the zone or None if not updating perimeter_type: PerimeterTypeValueValuesEnum type enum value for the level or None if not updating resources: list of str, the names of resources (for now, just 'projects/...') in the zone or None if not updating. restricted_services: list of str, the names of services ('example.googleapis.com') that *are* restricted by the access zone or None if not updating. unrestricted_services: list of str, the names of services ('example.googleapis.com') that *are not* restricted by the access zone or None if not updating. levels: list of Resource, the access levels (in the same policy) that must be satisfied for calls into this zone or None if not updating. vpc_allowed_services: list of str, the names of services ('example.googleapis.com') that *are* allowed to be made within the access zone, or None if not updating. enable_vpc_accessible_services: bool, whether to restrict the set of APIs callable within the access zone, or None if not updating. apply_to_dry_run_config: When true, the configuration will be place in the 'spec' field instead of the 'status' field of the Service Perimeter. clear_dry_run: When true, the ServicePerimeterConfig field for dry-run (i.e. 'spec') will be cleared and dryRun will be set to False. Returns: ServicePerimeter, the updated Service Perimeter. """ m = self.messages perimeter = m.ServicePerimeter() update_mask = [] if description is not None: update_mask.append('description') perimeter.description = description if title is not None: update_mask.append('title') perimeter.title = title if perimeter_type is not None: update_mask.append('perimeterType') perimeter.perimeterType = perimeter_type if not clear_dry_run: mask_prefix = 'status' if not apply_to_dry_run_config else 'spec' config, config_mask_additions = _CreateServicePerimeterConfig( m, mask_prefix, self.include_unrestricted_services, resources, restricted_services, unrestricted_services, levels, vpc_allowed_services, enable_vpc_accessible_services) if not apply_to_dry_run_config: perimeter.status = config else: perimeter.useExplicitDryRunSpec = True perimeter.spec = config update_mask += config_mask_additions if apply_to_dry_run_config and config_mask_additions: update_mask.append('useExplicitDryRunSpec') else: update_mask.append('spec') update_mask.append('useExplicitDryRunSpec') perimeter.spec = None perimeter.useExplicitDryRunSpec = False update_mask.sort() # For ease-of-testing # No update mask implies no fields were actually edited, so this is a no-op. if not update_mask: log.warning( 'The update specified results in an identical resource. Skipping request.' ) return perimeter request_type = ( m.AccesscontextmanagerAccessPoliciesServicePerimetersPatchRequest) request = request_type( servicePerimeter=perimeter, name=perimeter_ref.RelativeName(), updateMask=','.join(update_mask), ) operation = self.client.accessPolicies_servicePerimeters.Patch(request) poller = util.OperationPoller( self.client.accessPolicies_servicePerimeters, self.client.operations, perimeter_ref) operation_ref = core_resources.REGISTRY.Parse( operation.name, collection='accesscontextmanager.operations') return waiter.WaitFor( poller, operation_ref, 'Waiting for PATCH operation [{}]'.format(operation_ref.Name()))
def Patch(self, perimeter_ref, description=None, title=None, perimeter_type=None, resources=None, restricted_services=None, unrestricted_services=None, levels=None): """Patch a service perimeter. Any non-None fields will be included in the update mask. Args: perimeter_ref: resources.Resource, reference to the perimeter to patch description: str, description of the zone or None if not updating title: str, title of the zone or None if not updating perimeter_type: PerimeterTypeValueValuesEnum type enum value for the level or None if not updating resources: list of str, the names of resources (for now, just 'projects/...') in the zone or None if not updating. restricted_services: list of str, the names of services ('example.googleapis.com') that *are* restricted by the access zone or None if not updating. unrestricted_services: list of str, the names of services ('example.googleapis.com') that *are not* restricted by the access zone or None if not updating. levels: list of Resource, the access levels (in the same policy) that must be satisfied for calls into this zone or None if not updating. Returns: AccessZone, the updated access zone """ m = self.messages perimeter = m.ServicePerimeter() update_mask = [] if description is not None: update_mask.append('description') perimeter.description = description if title is not None: update_mask.append('title') perimeter.title = title if perimeter_type is not None: update_mask.append('perimeterType') perimeter.perimeterType = perimeter_type status = m.ServicePerimeterConfig() status_mutated = False if resources is not None: update_mask.append('status.resources') status.resources = resources status_mutated = True if self.include_unrestricted_services and unrestricted_services is not None: update_mask.append('status.unrestrictedServices') status.unrestrictedServices = unrestricted_services status_mutated = True if restricted_services is not None: update_mask.append('status.restrictedServices') status.restrictedServices = restricted_services status_mutated = True if levels is not None: update_mask.append('status.accessLevels') status.accessLevels = [l.RelativeName() for l in levels] status_mutated = True if status_mutated: perimeter.status = status update_mask.sort() # For ease-of-testing request_type = ( m.AccesscontextmanagerAccessPoliciesServicePerimetersPatchRequest) request = request_type( servicePerimeter=perimeter, name=perimeter_ref.RelativeName(), updateMask=','.join(update_mask), ) operation = self.client.accessPolicies_servicePerimeters.Patch(request) poller = util.OperationPoller(self.client.accessPolicies_servicePerimeters, self.client.operations, perimeter_ref) operation_ref = core_resources.REGISTRY.Parse( operation.name, collection='accesscontextmanager.operations') return waiter.WaitFor( poller, operation_ref, 'Waiting for PATCH operation [{}]'.format(operation_ref.Name()))
def Patch(self, zone_ref, description=None, title=None, zone_type=None, resources=None, restricted_services=None, unrestricted_services=None, levels=None): """Patch an access zone. Any non-None fields will be included in the update mask. Args: zone_ref: resources.Resource, reference to the zone to patch description: str, description of the zone or None if not updating title: str, title of the zone or None if not updating zone_type: ZoneTypeValueValuesEnum, zone type enum value for the level or None if not updating resources: list of str, the names of resources (for now, just 'projects/...') in the zone or None if not updating. restricted_services: list of str, the names of services ('example.googleapis.com') that *are* restricted by the access zone or None if not updating. unrestricted_services: list of str, the names of services ('example.googleapis.com') that *are not* restricted by the access zone or None if not updating. levels: list of Resource, the access levels (in the same policy) that must be satisfied for calls into this zone or None if not updating. Returns: AccessZone, the updated access zone """ zone = self.messages.AccessZone() update_mask = [] if description is not None: update_mask.append('description') zone.description = description if title is not None: update_mask.append('title') zone.title = title if zone_type is not None: update_mask.append('zoneType') zone.zoneType = zone_type if resources is not None: update_mask.append('resources') zone.resources = resources if unrestricted_services is not None: update_mask.append('unrestrictedServices') zone.unrestrictedServices = unrestricted_services if restricted_services is not None: update_mask.append('restrictedServices') zone.restrictedServices = restricted_services if levels is not None: update_mask.append('accessLevels') zone.accessLevels = [l.RelativeName() for l in levels] update_mask.sort() # For ease-of-testing m = self.messages request_type = m.AccesscontextmanagerAccessPoliciesAccessZonesPatchRequest request = request_type( accessZone=zone, name=zone_ref.RelativeName(), updateMask=','.join(update_mask), ) operation = self.client.accessPolicies_accessZones.Patch(request) poller = util.OperationPoller(self.client.accessPolicies_accessZones, self.client.operations, zone_ref) operation_ref = core_resources.REGISTRY.Parse( operation.name, collection='accesscontextmanager.operations') return waiter.WaitFor( poller, operation_ref, 'Waiting for PATCH operation [{}]'.format(operation_ref.Name()))