GddZddlmZddlmZddlmZddlmZGddeZ Gdd eZ y ) zSecurity policy.)absolute_import)division)unicode_literals) exceptionscteZdZdZddZedZedZdZdZ dZ dd Z dd Z dd Z dd Z dd Zy)SecurityPolicyz"Abstracts SecurityPolicy resource.Nc ||_||_yNref_compute_clientselfr compute_clients >lib/googlecloudsdk/api_lib/compute/security_policies/client.py__init__zSecurityPolicy.__init__DH)Dc.|jjSr r apitools_clientrs r_clientzSecurityPolicy._client    / //rc.|jjSr r messagesrs r _messageszSecurityPolicy._messages#    ( ((rct|jdd}|a|jjd|jj |jj ||jjfS|jjd|jj|jj |jjfS)NregionDeleteprojectr!securityPolicyr$r%) getattrr rregionSecurityPoliciesr*ComputeRegionSecurityPoliciesDeleteRequestr$NamesecurityPolicies$ComputeSecurityPoliciesDeleteRequestrr!s r_MakeDeleteRequestTuplez&SecurityPolicy._MakeDeleteRequestTuple's TXXx .F ll118nnGG((**!%H233 LL ) )8 NN ? ?(( @ J KKrct|jdd}|a|jjd|jj |jj ||jjfS|jjd|jj|jj |jjfS)Nr!Getr#r&) r'r rr(r'ComputeRegionSecurityPoliciesGetRequestr$r*r+!ComputeSecurityPoliciesGetRequestr-s r_MakeDescribeRequestTuplez(SecurityPolicy._MakeDescribeRequestTuple3s TXXx .F ll115nnDD((**!%E233 LL ) )5 NN < <(( = J KKrcVt|jdd}|I|jjd|jj |jj ||fS|jjd|jj|jj |fS)Nr!Insertr#r&) r'r rr(r*ComputeRegionSecurityPoliciesInsertRequestr$r+$ComputeSecurityPoliciesInsertRequest)rsecurity_policyr!s r_MakeCreateRequestTuplez&SecurityPolicy._MakeCreateRequestTuple?s TXXx .F ll118nnGG((**!0H233 LL ) )8 NN ? ?(( @ J KKrc t|jdd}||rc|jjd|jj |jj ||jj||fS|jjd|jj |jj ||jj|fS|jjd|jj|jj |jj|fS)zGenerates a SecurityPolicies Patch request. Args: security_policy: The updated security policy update_mask: Field mask for clearing fields Returns: A tuple containing the resource collection, verb, and request. r!NPatch)r$r!r%securityPolicyResource updateMask)r$r!r%r<)r$r%r<) r'r rr(r)ComputeRegionSecurityPoliciesPatchRequestr$r*r+#ComputeSecurityPoliciesPatchRequest)rr8 update_maskr!s r_MakePatchRequestTuplez%SecurityPolicy._MakePatchRequestTupleKsTXXx .F   LL / /  NN D D((#xx}}'6& E   ll117nnFF((**!%)8 G:;; LL ) )7 NN > >((#xx}}'6 ? 8 99rcb|jg}|s|jj|S|Sr r.r MakeRequestsronly_generate_requestrequestss rr"zSecurityPolicy.Deletep2,,./H  ! ! . .x 88 Orcb|jg}|s|jj|S|Sr r3r rDrEs rDescribezSecurityPolicy.Describev2..01H  ! ! . .x 88 Orcd|j|g}|s|jj|S|Sr r9r rD)rr8rFrGs rCreatezSecurityPolicy.Create|s4,,_=>H  ! ! . .x 88 Orcf|j||g}|s|jj|S|Sr rAr rD)rr8 field_maskrFrGs rr;zSecurityPolicy.Patchs8++OZHIH  ! ! . .x 88 Orr F)NF)NNF)__name__ __module__ __qualname____doc__rpropertyrrr.r3r9rAr"rKrOr;rrrrse** 0 0 ) ) K K K#9J  JOrrceZdZdZddZedZedZdZdZ dZ d Z d Z d Z d Zdd ZddZ ddZ ddZy)SecurityPolicyRulez&Abstracts SecurityPolicyRule resource.Nc ||_||_yr r rs rrzSecurityPolicyRule.__init__rrc.|jjSr rrs rrzSecurityPolicyRule._clientrrc.|jjSr rrs rrzSecurityPolicyRule._messagesrrc t|}|dkrtjdd|S#t$rtjddwxYw)Npriorityz.priority must be a valid non-negative integer.r)int ValueErrorcalliope_exceptionsInvalidArgumentException)rr` int_prioritys r_ConvertPriorityToIntz(SecurityPolicyRule._ConvertPriorityToIntsjH]la  8 8 F HH  H  8 8 F HHHs * A c2ddddddj||S)Nz deny(403)z deny(404)z deny(502)redirect_to_recaptcharate_based_ban)zdeny-403zdeny-404zdeny-502zredirect-to-recaptchazrate-based-ban)get)ractions r_ConvertActionz!SecurityPolicyRule._ConvertActions)!8*    c&& rc jt|jdd|jjd|jj |jj |j|jj|jj|jjfS|jjd|jj|jj |j|jj|jjfS)Nr! RemoveRuler$r`r!r%r$r`r%) r'r rr(r.ComputeRegionSecurityPoliciesRemoveRuleRequestr$rfr*r!r%r+(ComputeSecurityPoliciesRemoveRuleRequestrs rr.z*SecurityPolicyRule._MakeDeleteRequestTuplestxx4(4ll11<nnKK((**55dhhmmoF!%!8!8 L:;; LL ) )< NN C C((33DHHMMOD#xx66 D 8 99rc jt|jdd|jjd|jj |jj |j|jj|jj|jjfS|jjd|jj|jj |j|jj|jjfS)Nr!GetRulerorp) r'r rr(r+ComputeRegionSecurityPoliciesGetRuleRequestr$rfr*r!r%r+%ComputeSecurityPoliciesGetRuleRequestrs rr3z,SecurityPolicyRule._MakeDescribeRequestTuplestxx4(4ll119nnHH((**55dhhmmoF!%!8!8 I:;; LL ) )9 NN @ @((33DHHMMOD#xx66 A 8 99rc |rW|jj|j|jj ||j |||} n|r[|jj |jj jd|jj|} n:|J|jj |jj|} |r|| _ |jj|j|jj ||j || |} ||| _ | |j| | _ | | | _t|jd dr|j j"d |jj%|jj&| |jj(|jj* fS|j j,d |jj/|jj&| |jj* fS) a5Generates a SecurityPolicies AddRule request. Args: src_ip_ranges: The list of IP ranges to match. expression: The CEVAL expression to match. expression_options: The configuration options when specifying a CEVAL expression. network_matcher: Net LB fields to match. action: The action to enforce on match. description: The description of the rule. preview: If true, the action will not be enforced. redirect_options: Parameters defining the redirect action, such as redirect type and redirect target. rate_limit_options: The rate limiting behavior for this rule. request_headers_to_add: A list of headers to add to requests that match this rule. Returns: A tuple containing the resource collection, verb, and request. r` descriptionrk networkMatchpreview SRC_IPS_V1 srcIpRanges versionedExprconfigN expressionexprr`ryrkmatchr{r!AddRule)r$securityPolicyRuler!r%)r$rr%)rr[rfr r*rlSecurityPolicyRuleMatcherVersionedExprValueValuesEnumSecurityPolicyRuleMatcherConfigExpr exprOptionsredirectOptions_ConvertRequestHeadersToAdd headerActionrateLimitOptionsr'rr(+ComputeRegionSecurityPoliciesAddRuleRequestr$r!r%r+%ComputeSecurityPoliciesAddRuleRequest) r src_ip_rangesrexpression_optionsnetwork_matcherrkryr{redirect_optionsrate_limit_optionsrequest_headers_to_addsecurity_policy_rulematchers rr9z*SecurityPolicyRule._MakeCreateRequestTuples4B!^^>>--dhhmmo>!$$V,& ? ..::..BB__>>AA)B ; %%%..::$$ $;;  0!^^>>--dhhmmo>!$$V, ?#-=*)*.*J*J +"'%.@+txx4(4ll119nnHH((**%9!%!8!8 I:;; LL ) )9 NN @ @((#7#xx66 A 8 99rc |rX|jj|j|jj ||j |||} nd}|r[|jj |jj jd|jj|}n8|r6|jj |jj|}|r#||jj }||_ |jj|j|jj ||j |||} ||| _ | |j| | _ | | | _| | | _t!|jd d|j"j$d |jj'|jj(|j|jj | |jj*|jj,| fS|j"j.d |jj1|jj(|j|jj | |jj,| fS) aGenerates a SecurityPolicies PatchRule request. Args: src_ip_ranges: The list of IP ranges to match. expression: The CEVAL expression to match. expression_options: The configuration options when specifying a CEVAL expression. network_matcher: Net LB fields to match. action: The action to enforce on match. description: The description of the rule. preview: If true, the action will not be enforced. redirect_options: Parameters defining the redirect action, such as redirect type and redirect target. rate_limit_options: The rate limiting behavior for this rule. request_headers_to_add: A list of headers to add to requests that match this rule. preconfig_waf_config: preconfigured WAF configuration to be applied for this rule. update_mask: Field mask for clearing fields Returns: A tuple containing the resource collection, verb, and request. rxNr|r}rrrrr! PatchRule)r$r`rr!r%r=)r$r`rr%r=)rr[rfr r*rlrrrrrrrrrpreconfiguredWafConfigr'rr(-ComputeRegionSecurityPoliciesPatchRuleRequestr$r!r%r+'ComputeSecurityPoliciesPatchRuleRequest)rrrrrrkryr{rrrpreconfig_waf_configr@rrs rrAz)SecurityPolicyRule._MakePatchRequestTuple"sL!^^>>--dhhmmo>!$$V,& ?g ..::..BB__>>AA)B ;  ..::$$ $;;   ?NN<<>'0!^^>>--dhhmmo>!$$V, ?#-=*)*.*J*J +"'%.@+'4H1txx4(4 ,, - -  .. F Fhh&&11$((--/B!5XX__!XX44$ G    LL ) ); NN B B((33DHHMMOD#7#xx66& C ( ))rc(|jj}|jD]d\}}|jj}|j |_|j |_|jj|f|S)aTConverts a request-headers-to-add string list into an HttpHeaderAction. Args: request_headers_to_add: A dict of headers to add to requests that match this rule. Leading whitespace in each header name and value is stripped. Returns: An HttpHeaderAction object with a populated request_headers_to_add field. ) r"SecurityPolicyRuleHttpHeaderActionitems2SecurityPolicyRuleHttpHeaderActionHttpHeaderOptionstrip headerNamelstrip headerValuerequestHeadersToAddsappend)rr header_actionhdr_namehdr_val header_to_adds rrz.SecurityPolicyRule._ConvertRequestHeadersToAdds}NNEEGM399;' .. K K M!)!1m").."2m((// > < rcb|jg}|s|jj|S|Sr rCrEs rr"zSecurityPolicyRule.DeleterHrcb|jg}|s|jj|S|Sr rJrEs rrKzSecurityPolicyRule.DescriberLrc v|j||||||||| | g} | s|jj| S| S)zDMake and optionally send a request to Create a security policy rule.rN) rrrrrrkryr{rrrrFrGs rrOzSecurityPolicyRule.CreatesX $$          "  H !  ! ! . .x 88 Orcz|j||||||||| | | | g}| s|jj|S|S)zCMake and optionally send a request to Patch a security policy rule.rQ)rrrrrrkryr{rrrrr@rFrGs rr;zSecurityPolicyRule.Patchs^$ ##          "  H !  ! ! . .x 88 Orr rS) NNNNNNFNNNF) NNNNNNNNNNNNF)rTrUrVrWrrXrrrfrlr.r3r9rArr"rKrOr;rYrrr[r[s.* 0 0 ) )  9 9V9pg)R&  !!F !!#rr[N) rW __future__rrrgooglecloudsdk.callioperrcobjectrr[rYrrrs3&'EpVpfccr