def _CreatePolicy(self, args):
"""Create the policy on the service if needed.
Args:
args: argparse.Namespace, An object that contains the values for the
arguments specified in the Args method.
Returns:
The created policy.
"""
name = utils.GetPolicyNameFromArgs(args)
constraint = utils.GetConstraintFromArgs(args)
parent = utils.GetResourceFromArgs(args)
empty_policy = self.org_policy_messages.GoogleCloudOrgpolicyV2alpha1Policy(
name=name,
spec=self.org_policy_messages.
GoogleCloudOrgpolicyV2alpha1PolicySpec())
new_policy = self.UpdatePolicy(empty_policy, args)
if not new_policy.spec.rules and not new_policy.spec.inheritFromParent and not new_policy.spec.reset:
# Return the response received after a successful DeletePolicy.
return self.org_policy_messages.GoogleProtobufEmpty()
create_request = self.org_policy_messages.OrgpolicyPoliciesCreateRequest(
constraint=constraint,
parent=parent,
googleCloudOrgpolicyV2alpha1Policy=new_policy)
create_response = self.policy_service.Create(create_request)
log.CreatedResource(name, 'policy')
return create_response
def Run(self, args):
org_policy_api = org_policy_service.OrgPolicyApi(self.ReleaseTrack())
parent = utils.GetResourceFromArgs(args)
output = []
policies = org_policy_api.ListPolicies(parent).policies
for policy in policies:
spec = policy.spec
list_policy_set = HasListPolicy(spec)
boolean_policy_set = HasBooleanPolicy(spec)
output.append({
'constraint': policy.name.split('/')[-1],
'listPolicy': 'SET' if list_policy_set else '-',
'booleanPolicy': 'SET' if boolean_policy_set else '-',
'etag': spec.etag
})
if args.show_unset:
constraints = org_policy_api.ListConstraints(parent).constraints
existing_policy_names = {row['constraint'] for row in output}
for constraint in constraints:
constraint_name = constraint.name.split('/')[-1]
if constraint_name not in existing_policy_names:
output.append({
'constraint': constraint_name,
'listPolicy': '-',
'booleanPolicy': '-'
})
return output
def testGetResourceFromArgs_FolderResourceSpecified_ReturnsResource(self):
args = self.parser.parse_args(
[self.CONSTRAINT_A, self.FOLDER_FLAG, self.FOLDER_ID])
resource = utils.GetResourceFromArgs(args)
self.assertEqual(resource, self.FOLDER_RESOURCE)
def testGetResourceFromArgs_ProjectResourceSpecified_ReturnsResource(self):
args = self.parser.parse_args(
[self.CONSTRAINT_A, self.PROJECT_FLAG, self.PROJECT_ID])
resource = utils.GetResourceFromArgs(args)
self.assertEqual(resource, self.PROJECT_RESOURCE)
def Run(self, args):
policy_service = org_policy_service.PolicyService()
constraint_service = org_policy_service.ConstraintService()
org_policy_messages = org_policy_service.OrgPolicyMessages()
parent = utils.GetResourceFromArgs(args)
list_policies_request = org_policy_messages.OrgpolicyPoliciesListRequest(
parent=parent)
list_policies_response = policy_service.List(list_policies_request)
policies = list_policies_response.policies
if args.show_unset:
list_constraints_request = org_policy_messages.OrgpolicyConstraintsListRequest(
parent=parent)
list_constraints_response = constraint_service.List(
list_constraints_request)
constraints = list_constraints_response.constraints
existing_policy_names = {policy.spec.name for policy in policies}
for constraint in constraints:
policy_name = org_policy_utils.GetPolicyNameFromConstraintName(
constraint.name)
if policy_name not in existing_policy_names:
stubbed_policy = org_policy_messages.GoogleCloudOrgpolicyV2alpha1Policy(
spec=org_policy_messages.GoogleCloudOrgpolicyV2alpha1PolicySpec(
name=policy_name))
policies.append(stubbed_policy)
return policies
def testGetResourceFromArgs_OrganizationResourceSpecified_ReturnsResource(
self):
args = self.parser.parse_args(
[self.CONSTRAINT_A, self.ORGANIZATION_FLAG, self.ORGANIZATION_ID])
resource = utils.GetResourceFromArgs(args)
self.assertEqual(resource, self.ORGANIZATION_RESOURCE)
def Run(self, args):
org_policy_client = org_policy_service.OrgPolicyClient(
self.ReleaseTrack())
messages = org_policy_service.OrgPolicyMessages(self.ReleaseTrack())
parent = utils.GetResourceFromArgs(args)
request = messages.OrgpolicyOrganizationsCustomConstraintsListRequest(
parent=parent)
return list_pager.YieldFromList(
org_policy_client.organizations_customConstraints,
request,
field='customConstraints',
limit=args.limit,
batch_size_attribute='pageSize',
batch_size=args.page_size)
def Run(self, args):
policy_service = org_policy_service.PolicyService()
constraint_service = org_policy_service.ConstraintService()
org_policy_messages = org_policy_service.OrgPolicyMessages()
output = []
parent = utils.GetResourceFromArgs(args)
list_policies_request = org_policy_messages.OrgpolicyPoliciesListRequest(
parent=parent)
list_policies_response = policy_service.List(list_policies_request)
policies = list_policies_response.policies
for policy in policies:
spec = policy.spec
list_policy_set = HasListPolicy(spec)
boolean_policy_set = HasBooleanPolicy(spec)
output.append({
'constraint': policy.name.split('/')[-1],
'listPolicy': 'SET' if list_policy_set else '',
'booleanPolicy': 'SET' if boolean_policy_set else '',
'etag': spec.etag
})
if args.show_unset:
list_constraints_request = org_policy_messages.OrgpolicyConstraintsListRequest(
parent=parent)
list_constraints_response = constraint_service.List(
list_constraints_request)
constraints = list_constraints_response.constraints
existing_policy_names = {row['constraint'] for row in output}
for constraint in constraints:
constraint_name = constraint.name.split('/')[-1]
if constraint_name not in existing_policy_names:
output.append({'constraint': constraint_name})
return output