def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources, with_project=False) security_policy_rule_client = client.OrgSecurityPolicyRule( ref=ref, compute_client=holder.client) priority = rule_utils.ConvertPriorityToInt(ref.Name()) src_ip_ranges = [] dest_ip_ranges = [] dest_ports = [] target_resources = [] enable_logging = False if args.IsSpecified('src_ip_ranges'): src_ip_ranges = args.src_ip_ranges if args.IsSpecified('dest_ip_ranges'): dest_ip_ranges = args.dest_ip_ranges if args.IsSpecified('dest_ports'): dest_ports = args.dest_ports if args.IsSpecified('target_resources'): target_resources = args.target_resources if args.IsSpecified('enable_logging'): enable_logging = True if args.IsSpecified('new_priority'): new_priority = rule_utils.ConvertPriorityToInt(args.new_priority) else: new_priority = priority dest_port_list = rule_utils.ParseDestPorts(dest_ports, holder.client.messages) matcher = holder.client.messages.SecurityPolicyRuleMatcher( versionedExpr=holder.client.messages.SecurityPolicyRuleMatcher. VersionedExprValueValuesEnum.FIREWALL, config=holder.client.messages.SecurityPolicyRuleMatcherConfig( srcIpRanges=src_ip_ranges, destIpRanges=dest_ip_ranges, destPorts=dest_port_list)) traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.INGRESS if args.IsSpecified('direction'): if args.direction == 'INGRESS': traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.INGRESS else: traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.EGRESS security_policy_rule = holder.client.messages.SecurityPolicyRule( priority=new_priority, action=args.action, match=matcher, direction=traffic_direct, targetResources=target_resources, description=args.description, enableLogging=enable_logging) return security_policy_rule_client.Update( priority=priority, security_policy=args.security_policy, security_policy_rule=security_policy_rule)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources, with_project=False) security_policy_rule_client = client.OrgSecurityPolicyRule( ref=ref, compute_client=holder.client) return security_policy_rule_client.Delete( priority=rule_utils.ConvertPriorityToInt(ref.Name()), security_policy_id=args.security_policy, only_generate_request=False)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources, with_project=False) security_policy_rule_client = client.OrgSecurityPolicyRule( ref=ref, compute_client=holder.client, resources=holder.resources, version=six.text_type(self.ReleaseTrack()).lower()) security_policy_id = org_security_policies_utils.GetSecurityPolicyId( security_policy_rule_client, args.security_policy, organization=args.organization) return security_policy_rule_client.Describe( priority=rule_utils.ConvertPriorityToInt(ref.Name()), security_policy_id=security_policy_id, only_generate_request=False)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources, with_project=False) security_policy_rule_client = client.OrgSecurityPolicyRule( ref=ref, compute_client=holder.client) src_ip_ranges = [] dest_ip_ranges = [] dest_ports = [] layer4_configs = [] target_resources = [] target_service_accounts = [] enable_logging = False if args.IsSpecified('src_ip_ranges'): src_ip_ranges = args.src_ip_ranges if args.IsSpecified('dest_ip_ranges'): dest_ip_ranges = args.dest_ip_ranges if args.IsSpecified('dest_ports'): dest_ports = args.dest_ports if args.IsSpecified('layer4_configs'): layer4_configs = args.layer4_configs if args.IsSpecified('target_resources'): target_resources = args.target_resources if args.IsSpecified('target_service_accounts'): target_service_accounts = args.target_service_accounts if args.IsSpecified('enable_logging'): enable_logging = True dest_ports_list = rule_utils.ParseDestPorts(dest_ports, holder.client.messages) layer4_config_list = rule_utils.ParseLayer4Configs(layer4_configs, holder.client.messages) matcher = holder.client.messages.SecurityPolicyRuleMatcher( versionedExpr=holder.client.messages.SecurityPolicyRuleMatcher .VersionedExprValueValuesEnum.FIREWALL, config=holder.client.messages.SecurityPolicyRuleMatcherConfig( srcIpRanges=src_ip_ranges, destIpRanges=dest_ip_ranges, destPorts=dest_ports_list, layer4Configs=layer4_config_list)) traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.INGRESS if args.IsSpecified('direction'): if args.direction == 'INGRESS': traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.INGRESS else: traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.EGRESS security_policy_rule = holder.client.messages.SecurityPolicyRule( priority=rule_utils.ConvertPriorityToInt(ref.Name()), action=args.action, match=matcher, direction=traffic_direct, targetResources=target_resources, targetServiceAccounts=target_service_accounts, description=args.description, enableLogging=enable_logging) org_security_policy = client.OrgSecurityPolicy( ref=ref, compute_client=holder.client) security_policy_id = org_security_policies_utils.GetSecurityPolicyId( org_security_policy, args.security_policy, organization=args.organization) return security_policy_rule_client.Create( security_policy=security_policy_id, security_policy_rule=security_policy_rule)
def Run(self, args): holder = base_classes.ComputeApiHolder(self.ReleaseTrack()) ref = self.ORG_SECURITY_POLICY_ARG.ResolveAsResource( args, holder.resources, with_project=False) security_policy_rule_client = client.OrgSecurityPolicyRule( ref=ref, compute_client=holder.client, resources=holder.resources, version=six.text_type(self.ReleaseTrack()).lower()) priority = rule_utils.ConvertPriorityToInt(ref.Name()) src_ip_ranges = [] dest_ip_ranges = [] dest_ports_list = [] layer4_config_list = [] target_resources = [] target_service_accounts = [] enable_logging = False should_setup_match = False traffic_direct = None matcher = None if args.IsSpecified('src_ip_ranges'): src_ip_ranges = args.src_ip_ranges should_setup_match = True if args.IsSpecified('dest_ip_ranges'): dest_ip_ranges = args.dest_ip_ranges should_setup_match = True if self.ReleaseTrack() == base.ReleaseTrack.ALPHA and args.IsSpecified( 'dest_ports'): should_setup_match = True dest_ports_list = rule_utils.ParseDestPorts( args.dest_ports, holder.client.messages) if args.IsSpecified('layer4_configs'): should_setup_match = True layer4_config_list = rule_utils.ParseLayer4Configs( args.layer4_configs, holder.client.messages) if args.IsSpecified('target_resources'): target_resources = args.target_resources if args.IsSpecified('target_service_accounts'): target_service_accounts = args.target_service_accounts if args.IsSpecified('enable_logging'): enable_logging = True if args.IsSpecified('new_priority'): new_priority = rule_utils.ConvertPriorityToInt(args.new_priority) else: new_priority = priority # If need to construct a new matcher. if should_setup_match: if self.ReleaseTrack() == base.ReleaseTrack.ALPHA: matcher = holder.client.messages.SecurityPolicyRuleMatcher( versionedExpr=holder.client.messages. SecurityPolicyRuleMatcher.VersionedExprValueValuesEnum. FIREWALL, config=holder.client.messages. SecurityPolicyRuleMatcherConfig( srcIpRanges=src_ip_ranges, destIpRanges=dest_ip_ranges, destPorts=dest_ports_list, layer4Configs=layer4_config_list)) else: matcher = holder.client.messages.SecurityPolicyRuleMatcher( versionedExpr=holder.client.messages. SecurityPolicyRuleMatcher.VersionedExprValueValuesEnum. FIREWALL, config=holder.client.messages. SecurityPolicyRuleMatcherConfig( srcIpRanges=src_ip_ranges, destIpRanges=dest_ip_ranges, layer4Configs=layer4_config_list)) if args.IsSpecified('direction'): if args.direction == 'INGRESS': traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.INGRESS else: traffic_direct = holder.client.messages.SecurityPolicyRule.DirectionValueValuesEnum.EGRESS security_policy_rule = holder.client.messages.SecurityPolicyRule( priority=new_priority, action=args.action, match=matcher, direction=traffic_direct, targetResources=target_resources, targetServiceAccounts=target_service_accounts, description=args.description, enableLogging=enable_logging) security_policy_id = org_security_policies_utils.GetSecurityPolicyId( security_policy_rule_client, args.security_policy, organization=args.organization) return security_policy_rule_client.Update( priority=priority, security_policy=security_policy_id, security_policy_rule=security_policy_rule)