def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.NETWORK_FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources)
network_firewall_policy_rule_client = client.NetworkFirewallPolicyRule(
ref=ref, compute_client=holder.client)
if hasattr(ref, 'region'):
network_firewall_policy_rule_client = region_client.RegionNetworkFirewallPolicyRule(
ref, compute_client=holder.client)
return network_firewall_policy_rule_client.Delete(
priority=rule_utils.ConvertPriorityToInt(args.priority),
firewall_policy=args.firewall_policy,
only_generate_request=False)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(args,
holder.resources,
with_project=False)
firewall_policy_rule_client = client.OrgFirewallPolicyRule(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId(
firewall_policy_rule_client,
args.firewall_policy,
organization=args.organization)
return firewall_policy_rule_client.Delete(
priority=rule_utils.ConvertPriorityToInt(ref.Name()),
firewall_policy_id=firewall_policy_id,
only_generate_request=False)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.NETWORK_FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources)
network_firewall_policy_rule_client = client.NetworkFirewallPolicyRule(
ref=ref, compute_client=holder.client)
if hasattr(ref, 'region'):
network_firewall_policy_rule_client = (
region_client.RegionNetworkFirewallPolicyRule(
ref, compute_client=holder.client))
priority = rule_utils.ConvertPriorityToInt(args.priority)
src_ip_ranges = []
dest_ip_ranges = []
layer4_config_list = []
target_service_accounts = []
enable_logging = False
disabled = False
should_setup_match = False
traffic_direct = None
matcher = None
src_secure_tags = []
target_secure_tags = []
src_address_groups = []
dest_address_groups = []
src_fqdns = []
dest_fqdns = []
src_region_codes = []
dest_region_codes = []
src_threat_intelligence = []
dest_threat_intelligence = []
if args.IsSpecified('src_ip_ranges'):
src_ip_ranges = args.src_ip_ranges
should_setup_match = True
if args.IsSpecified('dest_ip_ranges'):
dest_ip_ranges = args.dest_ip_ranges
should_setup_match = True
if args.IsSpecified('layer4_configs'):
should_setup_match = True
layer4_config_list = rule_utils.ParseLayer4Configs(
args.layer4_configs, holder.client.messages)
if args.IsSpecified('target_service_accounts'):
target_service_accounts = args.target_service_accounts
if args.IsSpecified('enable_logging'):
enable_logging = args.enable_logging
if args.IsSpecified('disabled'):
disabled = args.disabled
if args.IsSpecified('new_priority'):
new_priority = rule_utils.ConvertPriorityToInt(args.new_priority)
else:
new_priority = priority
if args.IsSpecified('src_secure_tags'):
src_secure_tags = secure_tags_utils.TranslateSecureTagsForFirewallPolicy(
holder.client, args.src_secure_tags)
if args.IsSpecified('target_secure_tags'):
target_secure_tags = secure_tags_utils.TranslateSecureTagsForFirewallPolicy(
holder.client, args.target_secure_tags)
if args.IsSpecified('src_address_groups'):
src_address_groups = args.src_address_groups
should_setup_match = True
if args.IsSpecified('dest_address_groups'):
dest_address_groups = args.dest_address_groups
should_setup_match = True
if self.ReleaseTrack() == base.ReleaseTrack.ALPHA:
if args.IsSpecified('src_fqdns'):
src_fqdns = args.src_fqdns
should_setup_match = True
if args.IsSpecified('dest_fqdns'):
dest_fqdns = args.dest_fqdns
should_setup_match = True
if args.IsSpecified('src_region_codes'):
src_region_codes = args.src_region_codes
should_setup_match = True
if args.IsSpecified('dest_region_codes'):
dest_region_codes = args.dest_region_codes
should_setup_match = True
if args.IsSpecified('src_threat_intelligence'):
src_threat_intelligence = args.src_threat_intelligence
should_setup_match = True
if args.IsSpecified('dest_threat_intelligence'):
dest_threat_intelligence = args.dest_threat_intelligence
should_setup_match = True
# If need to construct a new matcher.
if should_setup_match:
if self.ReleaseTrack() == base.ReleaseTrack.ALPHA:
matcher = holder.client.messages.FirewallPolicyRuleMatcher(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
layer4Configs=layer4_config_list,
srcSecureTags=src_secure_tags,
srcAddressGroups=src_address_groups,
destAddressGroups=dest_address_groups,
srcFqdns=src_fqdns,
destFqdns=dest_fqdns,
srcRegionCodes=src_region_codes,
destRegionCodes=dest_region_codes,
srcThreatIntelligences=src_threat_intelligence,
destThreatIntelligences=dest_threat_intelligence)
else:
matcher = holder.client.messages.FirewallPolicyRuleMatcher(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
layer4Configs=layer4_config_list,
srcSecureTags=src_secure_tags,
srcAddressGroups=src_address_groups,
destAddressGroups=dest_address_groups)
if args.IsSpecified('direction'):
if args.direction == 'INGRESS':
traffic_direct = (holder.client.messages.FirewallPolicyRule.
DirectionValueValuesEnum.INGRESS)
else:
traffic_direct = (holder.client.messages.FirewallPolicyRule.
DirectionValueValuesEnum.EGRESS)
firewall_policy_rule = holder.client.messages.FirewallPolicyRule(
priority=new_priority,
action=args.action,
match=matcher,
direction=traffic_direct,
targetServiceAccounts=target_service_accounts,
description=args.description,
enableLogging=enable_logging,
disabled=disabled,
targetSecureTags=target_secure_tags)
return network_firewall_policy_rule_client.Update(
priority=priority,
firewall_policy=args.firewall_policy,
firewall_policy_rule=firewall_policy_rule,
only_generate_request=False)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(args,
holder.resources,
with_project=False)
firewall_policy_rule_client = client.OrgFirewallPolicyRule(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
priority = rule_utils.ConvertPriorityToInt(ref.Name())
src_ip_ranges = []
dest_ip_ranges = []
layer4_config_list = []
target_resources = []
target_service_accounts = []
enable_logging = False
disabled = False
should_setup_match = False
traffic_direct = None
matcher = None
if args.IsSpecified('src_ip_ranges'):
src_ip_ranges = args.src_ip_ranges
should_setup_match = True
if args.IsSpecified('dest_ip_ranges'):
dest_ip_ranges = args.dest_ip_ranges
should_setup_match = True
if args.IsSpecified('layer4_configs'):
should_setup_match = True
layer4_config_list = rule_utils.ParseLayer4Configs(
args.layer4_configs, holder.client.messages)
if args.IsSpecified('target_resources'):
target_resources = args.target_resources
if args.IsSpecified('target_service_accounts'):
target_service_accounts = args.target_service_accounts
if args.IsSpecified('enable_logging'):
enable_logging = args.enable_logging
if args.IsSpecified('disabled'):
disabled = args.disabled
if args.IsSpecified('new_priority'):
new_priority = rule_utils.ConvertPriorityToInt(args.new_priority)
else:
new_priority = priority
# If need to construct a new matcher.
if should_setup_match:
matcher = holder.client.messages.FirewallPolicyRuleMatcher(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
layer4Configs=layer4_config_list)
if args.IsSpecified('direction'):
if args.direction == 'INGRESS':
traffic_direct = holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.INGRESS
else:
traffic_direct = holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.EGRESS
firewall_policy_rule = holder.client.messages.FirewallPolicyRule(
priority=new_priority,
action=args.action,
match=matcher,
direction=traffic_direct,
targetResources=target_resources,
targetServiceAccounts=target_service_accounts,
description=args.description,
enableLogging=enable_logging,
disabled=disabled)
firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId(
firewall_policy_rule_client,
args.firewall_policy,
organization=args.organization)
return firewall_policy_rule_client.Update(
priority=priority,
firewall_policy=firewall_policy_id,
firewall_policy_rule=firewall_policy_rule)
def Run(self, args):
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(args,
holder.resources,
with_project=False)
firewall_policy_rule_client = client.OrgFirewallPolicyRule(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower())
src_ip_ranges = []
dest_ip_ranges = []
layer4_configs = []
target_resources = []
target_service_accounts = []
src_fqdns = []
dest_fqdns = []
src_region_codes = []
dest_region_codes = []
src_threat_intelligence = []
dest_threat_intelligence = []
enable_logging = False
disabled = False
if args.IsSpecified('src_ip_ranges'):
src_ip_ranges = args.src_ip_ranges
if args.IsSpecified('dest_ip_ranges'):
dest_ip_ranges = args.dest_ip_ranges
if args.IsSpecified('layer4_configs'):
layer4_configs = args.layer4_configs
if args.IsSpecified('target_resources'):
target_resources = args.target_resources
if args.IsSpecified('target_service_accounts'):
target_service_accounts = args.target_service_accounts
if self.ReleaseTrack() == base.ReleaseTrack.ALPHA:
if args.IsSpecified('src_fqdns'):
src_fqdns = args.src_fqdns
if args.IsSpecified('dest_fqdns'):
dest_fqdns = args.dest_fqdns
if args.IsSpecified('src_region_codes'):
src_region_codes = args.src_region_codes
if args.IsSpecified('dest_region_codes'):
dest_region_codes = args.dest_region_codes
if args.IsSpecified('src_threat_intelligence'):
src_threat_intelligence = args.src_threat_intelligence
if args.IsSpecified('dest_threat_intelligence'):
dest_threat_intelligence = args.dest_threat_intelligence
if args.IsSpecified('enable_logging'):
enable_logging = args.enable_logging
if args.IsSpecified('disabled'):
disabled = args.disabled
layer4_config_list = rule_utils.ParseLayer4Configs(
layer4_configs, holder.client.messages)
if self.ReleaseTrack() == base.ReleaseTrack.ALPHA:
matcher = holder.client.messages.FirewallPolicyRuleMatcher(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
layer4Configs=layer4_config_list,
srcFqdns=src_fqdns,
destFqdns=dest_fqdns,
srcRegionCodes=src_region_codes,
destRegionCodes=dest_region_codes,
srcThreatIntelligences=src_threat_intelligence,
destThreatIntelligences=dest_threat_intelligence)
else:
matcher = holder.client.messages.FirewallPolicyRuleMatcher(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
layer4Configs=layer4_config_list)
traffic_direct = holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.INGRESS
if args.IsSpecified('direction'):
if args.direction == 'INGRESS':
traffic_direct = holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.INGRESS
else:
traffic_direct = holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.EGRESS
firewall_policy_rule = holder.client.messages.FirewallPolicyRule(
priority=rule_utils.ConvertPriorityToInt(ref.Name()),
action=args.action,
match=matcher,
direction=traffic_direct,
targetResources=target_resources,
targetServiceAccounts=target_service_accounts,
description=args.description,
enableLogging=enable_logging,
disabled=disabled)
firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId(
firewall_policy_rule_client,
args.firewall_policy,
organization=args.organization)
return firewall_policy_rule_client.Create(
firewall_policy=firewall_policy_id,
firewall_policy_rule=firewall_policy_rule)