def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
policies.ValidateAccessPolicyArg(perimeter_ref, args)
perimeter = client.Get(perimeter_ref)
print(perimeters.GenerateDryRunConfigDiff(perimeter,
self._API_VERSION))
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
result = repeated.CachedResult.FromFunc(client.Get, perimeter_ref)
policies.ValidateAccessPolicyArg(perimeter_ref, args)
return self.Patch(
client=client,
args=args,
result=result,
perimeter_ref=perimeter_ref,
description=args.description,
title=args.title,
perimeter_type=perimeters.GetTypeEnumMapper(
version=self._API_VERSION).GetEnumForChoice(args.type),
resources=perimeters.ParseResources(args, result),
restricted_services=perimeters.ParseRestrictedServices(
args, result),
levels=perimeters.ParseLevels(args, result,
perimeter_ref.accessPoliciesId),
vpc_allowed_services=perimeters.ParseVpcRestriction(
args, result, self._API_VERSION),
enable_vpc_accessible_services=args.enable_vpc_accessible_services,
ingress_policies=perimeters.ParseUpdateDirectionalPoliciesArgs(
args, self._release_track, 'ingress-policies'),
egress_policies=perimeters.ParseUpdateDirectionalPoliciesArgs(
args, self._release_track, 'egress-policies'))
def Run(self, args):
client = levels_api.Client(version=self._API_VERSION)
level_ref = args.CONCEPTS.level.Parse()
policies.ValidateAccessPolicyArg(level_ref, args)
basic_level_combine_function = None
if args.IsSpecified('combine_function'):
mapper = levels.GetCombineFunctionEnumMapper(
api_version=self._API_VERSION)
basic_level_combine_function = mapper.GetEnumForChoice(
args.combine_function)
custom_level_expr = None
if (self._FEATURE_MASK.get('custom_levels', False)
and args.IsSpecified('custom_level_spec')):
custom_level_expr = args.custom_level_spec
return client.Patch(
level_ref,
description=args.description,
title=args.title,
basic_level_combine_function=basic_level_combine_function,
basic_level_conditions=args.basic_level_spec,
custom_level_expr=custom_level_expr)
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
messages = util.GetMessages(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
policies.ValidateAccessPolicyArg(perimeter_ref, args)
original_perimeter = client.Get(perimeter_ref)
base_config = _GetBaseConfig(original_perimeter)
updated_resources = repeated.ParsePrimitiveArgs(
args, 'resources', lambda: base_config.resources or [])
updated_restricted_services = repeated.ParsePrimitiveArgs(
args, 'restricted-services',
lambda: base_config.restrictedServices or [])
updated_access_levels = repeated.ParsePrimitiveArgs(
args, 'access-levels', lambda: base_config.accessLevels or [])
base_vpc_config = base_config.vpcAccessibleServices
if base_vpc_config is None:
base_vpc_config = messages.VpcAccessibleServices()
updated_vpc_services = repeated.ParsePrimitiveArgs(
args, 'vpc-allowed-services',
lambda: base_vpc_config.allowedServices or [])
if args.IsSpecified('enable_vpc_accessible_services'):
updated_vpc_enabled = args.enable_vpc_accessible_services
elif base_config.vpcAccessibleServices is not None:
updated_vpc_enabled = base_vpc_config.enableRestriction
else:
updated_vpc_enabled = None
return client.PatchDryRunConfig(
perimeter_ref,
resources=updated_resources,
levels=updated_access_levels,
restricted_services=updated_restricted_services,
vpc_allowed_services=updated_vpc_services,
enable_vpc_accessible_services=updated_vpc_enabled)
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
messages = util.GetMessages(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
policies.ValidateAccessPolicyArg(perimeter_ref, args)
original_perimeter = client.Get(perimeter_ref)
base_config = _GetBaseConfig(original_perimeter)
if _IsFieldSpecified('resources', args):
updated_resources = _GetRepeatedFieldValue(
args, 'resources', base_config.resources,
original_perimeter.useExplicitDryRunSpec)
else:
updated_resources = base_config.resources
if _IsFieldSpecified('restricted_services', args):
updated_restricted_services = _GetRepeatedFieldValue(
args, 'restricted_services', base_config.restrictedServices,
original_perimeter.useExplicitDryRunSpec)
else:
updated_restricted_services = base_config.restrictedServices
if _IsFieldSpecified('access_levels', args):
updated_access_levels = _GetRepeatedFieldValue(
args, 'access_levels', base_config.accessLevels,
original_perimeter.useExplicitDryRunSpec)
else:
updated_access_levels = base_config.accessLevels
base_vpc_config = base_config.vpcAccessibleServices
if base_vpc_config is None:
base_vpc_config = messages.VpcAccessibleServices()
if _IsFieldSpecified('vpc_allowed_services', args):
updated_vpc_services = _GetRepeatedFieldValue(
args, 'vpc-allowed-services', base_vpc_config.allowedServices,
original_perimeter.useExplicitDryRunSpec)
elif base_config.vpcAccessibleServices is not None:
updated_vpc_services = base_vpc_config.allowedServices
else:
updated_vpc_services = None
if args.IsSpecified('enable_vpc_accessible_services'):
updated_vpc_enabled = args.enable_vpc_accessible_services
elif base_config.vpcAccessibleServices is not None:
updated_vpc_enabled = base_vpc_config.enableRestriction
else:
updated_vpc_enabled = None
# Vpc allowed services list should only be populated if enable restrictions
# is set to true.
if updated_vpc_enabled is None:
updated_vpc_services = None
elif not updated_vpc_enabled:
updated_vpc_services = []
return client.PatchDryRunConfig(
perimeter_ref,
resources=updated_resources,
levels=updated_access_levels,
restricted_services=updated_restricted_services,
vpc_allowed_services=updated_vpc_services,
enable_vpc_accessible_services=updated_vpc_enabled,
ingress_policies=perimeters.ParseUpdateDirectionalPoliciesArgs(
args, 'ingress-policies'),
egress_policies=perimeters.ParseUpdateDirectionalPoliciesArgs(
args, 'egress-policies'))
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
result = repeated.CachedResult.FromFunc(client.Get, perimeter_ref)
policies.ValidateAccessPolicyArg(perimeter_ref, args)
return self.Patch(client=client,
args=args,
result=result,
perimeter_ref=perimeter_ref)
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
perimeter_type = perimeters.GetPerimeterTypeEnumForShortName(
args.perimeter_type, self._API_VERSION)
# Extract the arguments that reside in a ServicePerimeterConfig.
resources = _ParseArgWithShortName(args, 'resources')
levels = _ParseArgWithShortName(args, 'access_levels')
levels = perimeters.ExpandLevelNamesIfNecessary(
levels, perimeter_ref.accessPoliciesId)
restricted_services = _ParseArgWithShortName(args,
'restricted_services')
vpc_allowed_services = _ParseArgWithShortName(args,
'vpc_allowed_services')
ingress_policies, egress_policies = _ParseDirectionalPolicies(
args, self._release_track)
if (args.enable_vpc_accessible_services is None
and args.perimeter_enable_vpc_accessible_services is None):
enable_vpc_accessible_services = None
else:
enable_vpc_accessible_services = (
args.enable_vpc_accessible_services
or args.perimeter_enable_vpc_accessible_services)
result = repeated.CachedResult.FromFunc(client.Get, perimeter_ref)
try:
result.Get() # Check if the perimeter was actually obtained.
except apitools_exceptions.HttpNotFoundError:
if args.perimeter_title is None or perimeter_type is None:
raise exceptions.RequiredArgumentException(
'perimeter-title',
('Since this Service Perimeter does not exist, perimeter-title '
'and perimeter-type must be supplied.'))
else:
if args.perimeter_title is not None or perimeter_type is not None:
raise exceptions.InvalidArgumentException(
'perimeter-title',
('A Service Perimeter with the given name already exists. The '
'title and the type fields cannot be updated in the dry-run mode.'
))
policies.ValidateAccessPolicyArg(perimeter_ref, args)
return client.PatchDryRunConfig(
perimeter_ref,
title=args.perimeter_title,
description=args.perimeter_description,
perimeter_type=perimeter_type,
resources=resources,
levels=levels,
restricted_services=restricted_services,
vpc_allowed_services=vpc_allowed_services,
enable_vpc_accessible_services=enable_vpc_accessible_services,
ingress_policies=ingress_policies,
egress_policies=egress_policies)
def Run(self, args):
client = levels_api.Client(version=self._API_VERSION)
level_ref = args.CONCEPTS.level.Parse()
policies.ValidateAccessPolicyArg(level_ref, args)
mapper = levels.GetCombineFunctionEnumMapper(version=self._API_VERSION)
combine_function = mapper.GetEnumForChoice(args.combine_function)
return client.Patch(level_ref,
description=args.description,
title=args.title,
combine_function=combine_function,
basic_level_conditions=args.basic_level_spec)
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
result = repeated.CachedResult.FromFunc(client.Get, perimeter_ref)
policies.ValidateAccessPolicyArg(perimeter_ref, args)
return self.Patch(
client=client,
args=args,
result=result,
perimeter_ref=perimeter_ref,
description=args.description,
title=args.title,
perimeter_type=perimeters.GetTypeEnumMapper(
version=self._API_VERSION).GetEnumForChoice(args.type),
resources=perimeters.ParseResources(args, result),
restricted_services=perimeters.ParseRestrictedServices(args, result),
levels=perimeters.ParseLevels(args, result,
perimeter_ref.accessPoliciesId),
)
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
policies.ValidateAccessPolicyArg(perimeter_ref, args)
return client.UnsetSpec(perimeter_ref, use_explicit_dry_run_spec=True)
def Run(self, args):
client = zones_api.Client(version=self._API_VERSION)
perimeter_ref = args.CONCEPTS.perimeter.Parse()
policies.ValidateAccessPolicyArg(perimeter_ref, args)
return client.EnforceDryRunConfig(perimeter_ref)
