C.ldZddlmZddlmZddlmZddlmZGddejZ GddejZ Gd d ejZ dd Zdd ZddZddZddZd d ej&j(dfdZddZddZddZddZdZd dZddZddZddZddZddZ y)!z=Flags and helpers for the compute security policies commands.) arg_parsers) completers)flagsceZdZfdZxZS)GlobalSecurityPoliciesCompleterc 2tt| dddd|y)Ncompute.securityPoliciesz$compute security-policies list --uri collection list_command)superr__init__selfkwargs __class__s Alib/googlecloudsdk/command_lib/compute/security_policies/flags.pyrz(GlobalSecurityPoliciesCompleter.__init__s( )49-; __name__ __module__ __qualname__r __classcell__rs@rrrs rrceZdZfdZxZS)!RegionalSecurityPoliciesCompleterc 2tt| dddd|y)Ncompute.regionSecurityPoliciesz6compute security-policies list --filter=region:* --urir r )rrrrs rrz*RegionalSecurityPoliciesCompleter.__init__#s* +T;30  rrrs@rrr s rrceZdZfdZxZS)SecurityPoliciesCompleterc Dtt| ddttgi|y)Nrr )rr!rrrrs rrz"SecurityPoliciesCompleter.__init__-s- #T3 +-N   rrrs@rr!r!+s rr!Fc@tjdt|d|dS)Nsecurity policysecurity policiesr ) resource_name completerplural custom_pluralrequiredglobal_collection compute_flagsResourceArgumentr!r*r(s rSecurityPolicyArgumentr05s'  ' '%) '2  44rc@tjdt|d|dS)Nr$r%r)r&r'r(r)r*regional_collectionr,r/s rSecurityPolicyRegionalArgumentr3?s'  ' '%) ':  <r*rDrEshort_help_texts r1SecurityPolicyMultiScopeArgumentForTargetResourcerGnsK  ' '% ) 2:!  E E F8 ) ++rc `tjddtd|ddj|S)Nr$z--edge-security-policyFr z}The edge security policy that will be set for this {0}. To remove the policy from this {0} set the policy to an empty string.r8r;r=s r+EdgeSecurityPolicyArgumentForTargetResourcerIs7  ' '% #) 2 I F8   rc Btjddtd|ddS)Nr$r7Fr .The security policy that this rule belongs to.r8r,r*s rSecurityPolicyArgumentForRulesrMs,  ' '% ) 2A CCrc xtjddtd|dddtjjd S) Nr$r7Fr rTrK) r&r9r'r(r*r+r2rDrEr:)r-r.r!ScopeFlagsUsageUSE_EXISTING_SCOPE_FLAGSrLs r(SecurityPolicyMultiScopeArgumentForRulesrQsA  ' '% ) 2:%55NNA C Crcd|jddd|d|jdddgd |d d y) zCAdds the cloud armor adaptive protection arguments to the argparse.z--enable-layer7-ddos-defense store_trueNzGWhether to enable Cloud Armor Layer 7 DDoS Defense Adaptive Protection.)actiondefaultr*helpz%--layer7-ddos-defense-rule-visibilitySTANDARDPREMIUMc"|jSNupperxs rz1AddCloudArmorAdaptiveProtection.. QWWYrVISIBILITY_TYPEzJThe visibility type indicates whether the rules are opaque or transparent.)choicestyper*metavarrV add_argumentparserr*s rAddCloudArmorAdaptiveProtectionrisT$    -9%   rc|jdtd|jdtd|jdtd|jdtd y ) zQAdds the cloud armor adaptive protection's auto-deploy arguments to the argparse.z0--layer7-ddos-defense-auto-deploy-load-thresholdzJLoad threshold above which Adaptive Protection's auto-deploy takes actions)rcrVz6--layer7-ddos-defense-auto-deploy-confidence-thresholdzPConfidence threshold above which Adaptive Protection's auto-deploy takes actionsz=--layer7-ddos-defense-auto-deploy-impacted-baseline-thresholdzWImpacted baseline threshold below which Adaptive Protection's auto-deploy takes actionsz0--layer7-ddos-defense-auto-deploy-expiration-seczDDuration over which Adaptive Protection's auto-deployed actions lastN)rffloatint)rhs r)AddCloudArmorAdaptiveProtectionAutoDeployrmsx8  V   >  \   E  c   8  P  rc:|jdgdd|d|jdtjdd |jd d d gd |d|r|jdgdd|d|jdtjdd y)z@Adds the cloud armor advanced options arguments to the argparse.z--json-parsing)DISABLEDrWSTANDARD_WITH_GRAPHQLc"|jSrZr[r]s rr_z$AddAdvancedOptions..r`rzzThe JSON parsing behavior for this rule. Must be one of the following values: [DISABLED, STANDARD, STANDARD_WITH_GRAPHQL].rbrcr*rVz--json-custom-content-types CONTENT_TYPEae A comma-separated list of custom Content-Type header values to apply JSON parsing for preconfigured WAF rules. Only applicable when JSON parsing is enabled, like ``--json-parsing=STANDARD''. When configuring a Content-Type header value, only the type/subtype needs to be specified, and the parameters should be excluded. )rcrdrVz --log-levelNORMALVERBOSEc"|jSrZr[r]s rr_z$AddAdvancedOptions..r`rz/The level of detail to display for WAF logging.z--request-body-inspection-size)8KB16KB32KB48KB64KBc"|jSrZr[r]s rr_z$AddAdvancedOptions..s qwwyrz%Maximum request body inspection size.z--user-ip-request-headersUSER_IP_REQUEST_HEADERzt A comma-separated list of request header names to use for resolving the caller's user IP address. N)rfrArgList)rhr*enable_large_body_sizes rAddAdvancedOptionsrs?  ; = #        #  < > (7  4  !    &  rc6|jdgdd|dy)FAdds the cloud armor DDoS protection config arguments to the argparse.z--network-ddos-protectionrWADVANCEDADVANCED_PREVIEWc"|jSrZr[r]s rr_z.r`rTThe DDoS protection level for network load balancing and instances with external IPsrrNrergs r*AddDdosProtectionConfigWithAdvancedPreviewr s&!:    rc6|jdgdd|dy)rz--ddos-protectionrc"|jSrZr[r]s rr_z,AddDdosProtectionConfigOld.. r`rrrrNrergs rAddDdosProtectionConfigOldrs&:    rc6|jdgdd|dy)z@Adds the Cloud Armor Network DDoS adaptive protection arguments.z"--network-ddos-adaptive-protection)roENABLEDPREVIEWc"|jSrZr[r]s rr_z2AddNetworkDdosAdaptiveProtection...r`rz]The DDoS adaptive protection level for network load balancing and instances with external IPsrrNrergs r AddNetworkDdosAdaptiveProtectionr)s&*0  )  rc6|jdt|dy)zGAdds the Cloud Armor Network DDoS impacted baseline threshold argument.z*--network-ddos-impacted-baseline-thresholdzTThreshold below which rules with collateral damage below this value will be deployed)rcr*rVN)rfrkrgs r'AddNetworkDdosImpactedBaselineThresholdr7s#2  $ rc,|jd|dy)zAAdds the cloud armor reCAPTCHA options arguments to the argparse.z--recaptcha-redirect-site-keyz The reCAPTCHA site key to be used for rules using the ``redirect'' action and the ``google-recaptcha'' redirect type under the security policy. )r*rVNrergs rAddRecaptchaOptionsrDs %  r)TF)F)FF)!__doc__googlecloudsdk.callioper"googlecloudsdk.command_lib.computercompute_completersrr-googlecloudsdk.command_lib.utilListCommandCompleterrrMultiResourceCompleterr!r0r3r5r?rBrOGENERATE_DEDICATED_SCOPE_FLAGSrGrIrMrQrirmrrrrrrr rrrsD/OE6&8&M&M(:(O(O A A4<<   #33## +0 C C& 8. b     r