`8dZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l m Zdd lZd Z dd ZGd deZy )z8API library for VPC Service Controls Service Perimeters.)absolute_import)division)unicode_literals) list_pager)util)waiter)log) resourcesNcF|t||||j|yy)aSets specified field to the provided value and adds it to update mask. Args: field_name: The name of the field to set the value of. field_value: The value to set the field to. If it is None, the field will NOT be set. obj: The object on which the value is to be set. update_mask: The update mask to add this field to. Returns: True if the field was set and False otherwise. TF)setattrappend) field_name field_valueobj update_masks 8lib/googlecloudsdk/api_lib/accesscontextmanager/zones.py _SetIfNotNoners* C[)z"  c |j} g} td|| | td|| | td| | | td| | | |l| jdg} |D]T}t|tj r| j|n| j|j | | _V|r| jd|| _n[||W|j}g}td|||td ||||| _| j|Dcgc]}d |z c}| sdgfS| | Dcgc]}d j||c}fScc}wcc}w) z5Returns a ServicePerimeterConfig and its update mask.r restrictedServicesingressPoliciesegressPoliciesN accessLevelsvpcAccessibleServicesallowedServicesenableRestrictionzvpcAccessibleServices.z{}.{}) ServicePerimeterConfigrr isinstancesix string_types RelativeNamerrVpcAccessibleServicesextendformat)messages mask_prefixr restricted_serviceslevelsvpc_allowed_servicesenable_vpc_accessible_servicesvpc_yaml_flag_usedvpc_accessible_services_configingress_policiesegress_policiesconfigmask level_nameslservice_filterservice_filter_maskmitems r_CreateServicePerimeterConfigr72s|  * * ,& $ Y5$&964H!#3VTB /64@ KKK  As'' (1 1>>+,'fKK'(#AF $0  )335N#%9>%'%'E "57#1F KK7JK7J!)A-7JKL 8O E'..d3E EE L Fs  E:EceZdZdZd dZdZd dZdZdZ ddZ dd Z d Z d Z y)ClientzBHigh-level API client for VPC Service Controls Service Perimeters.Nc|xstj||_|xs|jj|_y)N)version)r GetClientclientMESSAGES_MODULEr%)selfr=r%r;s r__init__zClient.__init__ks-;DNN7;DK; ; ;DMrc|jjj|jj |j S)N)name)r= accessPolicies_servicePerimetersGetr%=AccesscontextmanagerAccessPoliciesServicePerimetersGetRequestr!)r?zone_refs rrDz Client.GetosC ;; 7 7 ; ; F F&&( G * ++rc|jj|j}tj|j j ||dddS)N)parentpageSizeservicePerimeters)limitbatch_size_attribute batch_sizefield)r%>AccesscontextmanagerAccessPoliciesServicePerimetersListRequestr!r YieldFromListr=rC)r? policy_refrKreqs rListz Client.ListusW -- V V&&( W *C  # # 44 '!  ##rc|jj|}|jj|j|}|jj j |}tj|jj}tjj|jd}tj||dj|j!S)N)etag)rHcommitServicePerimetersRequestaccesscontextmanager.operations collectionz!Waiting for COMMIT operation [{}])r%CommitServicePerimetersRequest@AccesscontextmanagerAccessPoliciesServicePerimetersCommitRequestr!r=rCCommitrCloudOperationPollerNoResources operationscore_resourcesREGISTRYParserBWaitForr$Name)r?rQrU commit_reqrR operationpoller operation_refs rr\z Client.Commits==4=HJ -- X X&&('1 Y 3C <<CCCHI  3 3DKK4J4J KF"++11#D2FM >> +22=3E3E3GH JJrc|j}t|}|j}|||jdj |}|j j j|}tj|j j |j j|}tjj|jd} tj || dj#| j%S)z2Applies a PATCH to the provided Service Perimeter.,)servicePerimeterrB updateMaskrWrXz Waiting for PATCH operation [{}])r%sorted?AccesscontextmanagerAccessPoliciesServicePerimetersPatchRequestr!joinr=rCPatchrOperationPollerr^r_r`rarBrrbr$rc) r? perimeter_ref perimeterrr5 request_typerequestrerfrgs r _ApplyPatchzClient._ApplyPatchs A%K II"  ' ' )88K(G  <<BB7KI  ! !$++"N"N"&++"8"8-IF"++11#D2FM >> *11-2D2D2FG IIrc h|j}|j}g}td|||td|||td|||td|||t|d||||| | | | |  \}}||_|j ||st jd|S|j|||S)agPatch a service perimeter. Args: perimeter_ref: resources.Resource, reference to the perimeter to patch description: str, description of the zone or None if not updating title: str, title of the zone or None if not updating perimeter_type: PerimeterTypeValueValuesEnum type enum value for the level or None if not updating resources: list of str, the names of resources (for now, just 'projects/...') in the zone or None if not updating. restricted_services: list of str, the names of services ('example.googleapis.com') that *are* restricted by the access zone or None if not updating. levels: list of Resource, the access levels (in the same policy) that must be satisfied for calls into this zone or None if not updating. vpc_allowed_services: list of str, the names of services ('example.googleapis.com') that *are* allowed to be made within the access zone, or None if not updating. enable_vpc_accessible_services: bool, whether to restrict the set of APIs callable within the access zone, or None if not updating. vpc_yaml_flag_used: bool, whether the vpc yaml flag was used. vpc_accessible_services_config: VpcAccessibleServices, or None if not updating. ingress_policies: list of IngressPolicy, or None if not updating. egress_policies: list of EgressPolicy, or None if not updating. etag: str, the optional etag for the version of the Perimeter that this operation is to be performed on. Returns: ServicePerimeter, the updated Service Perimeter. title description perimeterTyperUstatus r%r&r r'r(r)r*r+r,r-r.zHThe update specified results in an identical resource. Skipping request.) r%ServicePerimeterrr7rzr#r warningrur?rqrxrwperimeter_typer r'r(r)r*r+r,r-r.rUr5rrrr/config_mask_additionss rroz Client.Patchs` A""$IK'5)[9-iE/>9kJ&$ ;7$A/1'E-'E)' %)!F !I,-  kk T   M9k BBrc |j}|j}g}td|||r&|j|_|j dtd|||td|||td|||t |d||||| | | | |  \}}||_|j|d|_ |j d |j|||S) aPatch the dry-run config (spec) for a Service Perimeter. Args: perimeter_ref: resources.Resource, reference to the perimeter to patch description: str, description of the zone or None if not updating title: str, title of the zone or None if not updating perimeter_type: PerimeterTypeValueValuesEnum type enum value for the level or None if not updating resources: list of str, the names of resources (for now, just 'projects/...') in the zone or None if not updating. restricted_services: list of str, the names of services ('example.googleapis.com') that *are* restricted by the access zone or None if not updating. levels: list of Resource, the access levels (in the same policy) that must be satisfied for calls into this zone or None if not updating. vpc_allowed_services: list of str, the names of services ('example.googleapis.com') that *are* allowed to be made within the access zone, or None if not updating. enable_vpc_accessible_services: bool, whether to restrict the set of APIs callable within the access zone, or None if not updating. vpc_yaml_flag_used: bool, whether the vpc yaml flag was used. vpc_accessible_services_config: VpcAccessibleServices, or None if not updating. ingress_policies: list of IngressPolicy, or None if not updating. egress_policies: list of EgressPolicy, or None if not updating. etag: str, the optional etag for the version of the Perimeter that this operation is to be performed on. Returns: ServicePerimeter, the updated Service Perimeter. rwrBrxryrUspecr{TuseExplicitDryRunSpec) r%r|rr!rBr r7rr#rrur~s rPatchDryRunConfigzClient.PatchDryRunConfigs` A""$IKWeY <$113in -iE/>9kJ&$ ;7$A/1'E-'E)' %)!F !IN,-&*I#./   M9k BBrc|j|}|j}|j}gd}|j|_d|_d|_|j |||S)zPromotes a Service Perimeter's dry-run config to enforcement config. Args: perimeter_ref: resources.Resource, reference to the perimeter to patch Returns: ServicePerimeter, the updated Service Perimeter. )rzrrNF)rDr%r|rrzrru)r?rqoriginal_perimeterr5rrrs rEnforceDryRunConfigzClient.EnforceDryRunConfig@sa-0 A""$I=K)..IIN&+I#   M9k BBrc|jj}||_d|_ddg}|j |||S)a/Unsets the spec for a Service Perimeter. Args: perimeter_ref: resources.Resource, reference to the perimeter to patch. use_explicit_dry_run_spec: The value to use for the perimeter field of the same name. Returns: ServicePerimeter, the updated Service Perimeter. Nrr)r%r|rrru)r?rquse_explicit_dry_run_specrrrs r UnsetSpeczClient.UnsetSpecRsE ..0I&?I#IN23K   M9k BBr)NNv1)N) NNNNNNNNFNNNN) __name__ __module__ __qualname____doc__r@rDrSr\rurorrrrrr9r9hsJ<+ # JI.  %)%) OCh  %)%) LC\C$Crr9)NNN)r __future__rrrapitools.base.pyr+googlecloudsdk.api_lib.accesscontextmanagerrgooglecloudsdk.api_lib.utilrgooglecloudsdk.corer r r_rrr7objectr9rrrrsP?&'(<.#; 8BF37263FlyCVyCr