def Run(self, args): client = zones_api.Client(version=self._API_VERSION) perimeter_ref = args.CONCEPTS.perimeter.Parse() policies.ValidateAccessPolicyArg(perimeter_ref, args) perimeter = client.Get(perimeter_ref) print(perimeters.GenerateDryRunConfigDiff(perimeter, self._API_VERSION))
def Run(self, args): client = zones_api.Client(version=self._API_VERSION) messages = util.GetMessages(version=self._API_VERSION) perimeter_ref = args.CONCEPTS.perimeter.Parse() policies.ValidateAccessPolicyArg(perimeter_ref, args) original_perimeter = client.Get(perimeter_ref) base_config = _GetBaseConfig(original_perimeter) updated_resources = repeated.ParsePrimitiveArgs( args, 'resources', lambda: base_config.resources or []) updated_restricted_services = repeated.ParsePrimitiveArgs( args, 'restricted-services', lambda: base_config.restrictedServices or []) updated_access_levels = repeated.ParsePrimitiveArgs( args, 'access-levels', lambda: base_config.accessLevels or []) base_vpc_config = base_config.vpcAccessibleServices if base_vpc_config is None: base_vpc_config = messages.VpcAccessibleServices() updated_vpc_services = repeated.ParsePrimitiveArgs( args, 'vpc-allowed-services', lambda: base_vpc_config.allowedServices or []) if args.IsSpecified('enable_vpc_accessible_services'): updated_vpc_enabled = args.enable_vpc_accessible_services elif base_config.vpcAccessibleServices is not None: updated_vpc_enabled = base_vpc_config.enableRestriction else: updated_vpc_enabled = None return client.PatchDryRunConfig( perimeter_ref, resources=updated_resources, levels=updated_access_levels, restricted_services=updated_restricted_services, vpc_allowed_services=updated_vpc_services, enable_vpc_accessible_services=updated_vpc_enabled)
def Run(self, args): client = zones_api.Client(version=self._API_VERSION) perimeter_ref = args.CONCEPTS.perimeter.Parse() result = repeated.CachedResult.FromFunc(client.Get, perimeter_ref) policies.ValidateAccessPolicyArg(perimeter_ref, args) return self.Patch( client=client, args=args, result=result, perimeter_ref=perimeter_ref, description=args.description, title=args.title, perimeter_type=perimeters.GetTypeEnumMapper( version=self._API_VERSION).GetEnumForChoice(args.type), resources=perimeters.ParseResources(args, result), restricted_services=perimeters.ParseRestrictedServices( args, result), levels=perimeters.ParseLevels(args, result, perimeter_ref.accessPoliciesId), vpc_allowed_services=perimeters.ParseVpcRestriction( args, result, self._API_VERSION), enable_vpc_accessible_services=args.enable_vpc_accessible_services, ingress_policies=perimeters.ParseUpdateDirectionalPoliciesArgs( args, self._release_track, 'ingress-policies'), egress_policies=perimeters.ParseUpdateDirectionalPoliciesArgs( args, self._release_track, 'egress-policies'))
def Run(self, args): client = zones_api.Client(version=self._API_VERSION) policy_id = policies.GetDefaultPolicy() if args.IsSpecified('policy'): policy_id = args.policy policy_ref = resources.REGISTRY.Parse( policy_id, collection='accesscontextmanager.accessPolicies') perimeters_to_display = [p for p in client.List(policy_ref)] for p in perimeters_to_display: # When a Service Perimeter has use_explicit_dry_run_spec set to false, the # dry-run spec is implicitly the same as the status. In order to clearly # show the user what exactly is being used as the dry-run spec, we set # status to None (this list command is only for the dry-run config) and # copy over the status to the spec when the spec is absent. We also append # an asterisk to the name to signify that these perimeters are not # actually identical to what the API returns. if not p.useExplicitDryRunSpec: p.spec = p.status p.name += '*' p.status = None print( 'Note: Perimeters marked with \'*\' do not have an explicit `spec`. ' 'Instead, their `status` also acts as the `spec`.') return perimeters_to_display
def Run(self, args): client = zones_api.Client(version=self._API_VERSION) messages = util.GetMessages(version=self._API_VERSION) perimeter_ref = args.CONCEPTS.perimeter.Parse() policies.ValidateAccessPolicyArg(perimeter_ref, args) original_perimeter = client.Get(perimeter_ref) base_config = _GetBaseConfig(original_perimeter) if _IsFieldSpecified('resources', args): updated_resources = _GetRepeatedFieldValue( args, 'resources', base_config.resources, original_perimeter.useExplicitDryRunSpec) else: updated_resources = base_config.resources if _IsFieldSpecified('restricted_services', args): updated_restricted_services = _GetRepeatedFieldValue( args, 'restricted_services', base_config.restrictedServices, original_perimeter.useExplicitDryRunSpec) else: updated_restricted_services = base_config.restrictedServices if _IsFieldSpecified('access_levels', args): updated_access_levels = _GetRepeatedFieldValue( args, 'access_levels', base_config.accessLevels, original_perimeter.useExplicitDryRunSpec) else: updated_access_levels = base_config.accessLevels base_vpc_config = base_config.vpcAccessibleServices if base_vpc_config is None: base_vpc_config = messages.VpcAccessibleServices() if _IsFieldSpecified('vpc_allowed_services', args): updated_vpc_services = _GetRepeatedFieldValue( args, 'vpc-allowed-services', base_vpc_config.allowedServices, original_perimeter.useExplicitDryRunSpec) elif base_config.vpcAccessibleServices is not None: updated_vpc_services = base_vpc_config.allowedServices else: updated_vpc_services = None if args.IsSpecified('enable_vpc_accessible_services'): updated_vpc_enabled = args.enable_vpc_accessible_services elif base_config.vpcAccessibleServices is not None: updated_vpc_enabled = base_vpc_config.enableRestriction else: updated_vpc_enabled = None # Vpc allowed services list should only be populated if enable restrictions # is set to true. if updated_vpc_enabled is None: updated_vpc_services = None elif not updated_vpc_enabled: updated_vpc_services = [] return client.PatchDryRunConfig( perimeter_ref, resources=updated_resources, levels=updated_access_levels, restricted_services=updated_restricted_services, vpc_allowed_services=updated_vpc_services, enable_vpc_accessible_services=updated_vpc_enabled, ingress_policies=perimeters.ParseUpdateDirectionalPoliciesArgs( args, 'ingress-policies'), egress_policies=perimeters.ParseUpdateDirectionalPoliciesArgs( args, 'egress-policies'))
def Run(self, args): client = zones_api.Client(version=self._API_VERSION) perimeter_ref = args.CONCEPTS.perimeter.Parse() result = repeated.CachedResult.FromFunc(client.Get, perimeter_ref) policies.ValidateAccessPolicyArg(perimeter_ref, args) return self.Patch(client=client, args=args, result=result, perimeter_ref=perimeter_ref)
def testUnsetSpec_unsetUseExplictDryRunSpecFlag(self): self.SetUpForAPI(self.api_version) client = zones.Client(self.client) perimeter_update = self.messages.ServicePerimeter( useExplicitDryRunSpec=False, spec=None) perimeter_ref = FakePerimeterRef() self._ExpectPatch(perimeter_ref, perimeter_update, 'spec,useExplicitDryRunSpec') client.UnsetSpec(perimeter_ref, False)
def Run(self, args): client = zones_api.Client(version=self._API_VERSION) perimeter_ref = args.CONCEPTS.perimeter.Parse() perimeter_type = perimeters.GetPerimeterTypeEnumForShortName( args.perimeter_type, self._API_VERSION) # Extract the arguments that reside in a ServicePerimeterConfig. resources = _ParseArgWithShortName(args, 'resources') levels = _ParseArgWithShortName(args, 'access_levels') levels = perimeters.ExpandLevelNamesIfNecessary( levels, perimeter_ref.accessPoliciesId) restricted_services = _ParseArgWithShortName(args, 'restricted_services') vpc_allowed_services = _ParseArgWithShortName(args, 'vpc_allowed_services') ingress_policies, egress_policies = _ParseDirectionalPolicies( args, self._release_track) if (args.enable_vpc_accessible_services is None and args.perimeter_enable_vpc_accessible_services is None): enable_vpc_accessible_services = None else: enable_vpc_accessible_services = ( args.enable_vpc_accessible_services or args.perimeter_enable_vpc_accessible_services) result = repeated.CachedResult.FromFunc(client.Get, perimeter_ref) try: result.Get() # Check if the perimeter was actually obtained. except apitools_exceptions.HttpNotFoundError: if args.perimeter_title is None or perimeter_type is None: raise exceptions.RequiredArgumentException( 'perimeter-title', ('Since this Service Perimeter does not exist, perimeter-title ' 'and perimeter-type must be supplied.')) else: if args.perimeter_title is not None or perimeter_type is not None: raise exceptions.InvalidArgumentException( 'perimeter-title', ('A Service Perimeter with the given name already exists. The ' 'title and the type fields cannot be updated in the dry-run mode.' )) policies.ValidateAccessPolicyArg(perimeter_ref, args) return client.PatchDryRunConfig( perimeter_ref, title=args.perimeter_title, description=args.perimeter_description, perimeter_type=perimeter_type, resources=resources, levels=levels, restricted_services=restricted_services, vpc_allowed_services=vpc_allowed_services, enable_vpc_accessible_services=enable_vpc_accessible_services, ingress_policies=ingress_policies, egress_policies=egress_policies)
def Run(self, args): client = zones_api.Client(version=self._API_VERSION) policy_id = policies.GetDefaultPolicy() if args.IsSpecified('policy'): policy_id = args.policy policy_ref = resources.REGISTRY.Parse( policy_id, collection='accesscontextmanager.accessPolicies') return client.Commit(policy_ref, args.etag)
def Run(self, args): client = zones_api.Client() zone_ref = args.CONCEPTS.zone.Parse() result = repeated.CachedResult.FromFunc(client.Get, zone_ref) return client.Patch( zone_ref, description=args.description, title=args.title, zone_type=zones.GetTypeEnumMapper().GetEnumForChoice(args.type), resources=zones.ParseResources(args, result), restricted_services=zones.ParseRestrictedServices(args, result), unrestricted_services=zones.ParseUnrestrictedServices(args, result), levels=zones.ParseLevels(args, result, zone_ref.accessPoliciesId))
def Run(self, args): client = zones_api.Client(version=self._API_VERSION) perimeter_ref = args.CONCEPTS.perimeter.Parse() result = repeated.CachedResult.FromFunc(client.Get, perimeter_ref) return client.Patch( perimeter_ref, description=args.description, title=args.title, perimeter_type=perimeters.GetTypeEnumMapper( version=self._API_VERSION).GetEnumForChoice(args.type), resources=perimeters.ParseResources(args, result), restricted_services=perimeters.ParseRestrictedServices(args, result), levels=perimeters.ParseLevels(args, result, perimeter_ref.accessPoliciesId))
def testPatchDryRunConfig(self): self.SetUpForAPI(self.api_version) client = zones.Client(self.client) perimeter_update = self.messages.ServicePerimeter( useExplicitDryRunSpec=True, spec=self.messages.ServicePerimeterConfig( resources=['projects/123', 'projects/456'], restrictedServices=['bigquery.googleapis.com'])) perimeter_ref = FakePerimeterRef() self._ExpectPatch( perimeter_ref, perimeter_update, 'spec.resources,spec.restrictedServices,useExplicitDryRunSpec') client.PatchDryRunConfig( perimeter_ref, resources=['projects/123', 'projects/456'], restricted_services=['bigquery.googleapis.com'])
def testEnforceDryRunConfig(self): self.SetUpForAPI(self.api_version) client = zones.Client(self.client) perimeter_before = self.messages.ServicePerimeter( status=None, useExplicitDryRunSpec=True, spec=self.messages.ServicePerimeterConfig( resources=['projects/123'])) perimeter_update = self.messages.ServicePerimeter( useExplicitDryRunSpec=False, spec=None, status=self.messages.ServicePerimeterConfig( resources=['projects/123'])) perimeter_ref = FakePerimeterRef() self._ExpectGet(perimeter_ref.RelativeName(), perimeter_before) self._ExpectPatch(perimeter_ref, perimeter_update, 'spec,status,useExplicitDryRunSpec') client.EnforceDryRunConfig(perimeter_ref)
def Run(self, args): client = zones_api.Client(version=self._API_VERSION) perimeter_ref = args.CONCEPTS.perimeter.Parse() policies.ValidateAccessPolicyArg(perimeter_ref, args) return client.UnsetSpec(perimeter_ref, use_explicit_dry_run_spec=True)
def Run(self, args): client = zones_api.Client(version=self._API_VERSION) perimeter_ref = args.CONCEPTS.perimeter.Parse() policies.ValidateAccessPolicyArg(perimeter_ref, args) return client.EnforceDryRunConfig(perimeter_ref)