)dZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l m Z dd lmZd Zd Zd ZdZe j(e j*e j,j.e j,j0Gdde j2Ze j*e j,j6GddeZddddZee_ee_y)zB`gcloud access-context-manager perimeters dry-run update` command.)absolute_import)division)unicode_literals)util)zones)base) perimeters)policies)repeatedcJ|jr |jS|jS)z8Returns the base config to use for the update operation.)useExplicitDryRunSpecspecstatus) perimeters ?lib/surface/access_context_manager/perimeters/dry_run/update.py_GetBaseConfigrs!$$ >>   cHtj||fd}|s|s}|S)zAReturns the repeated field value to use for the update operation.cxsgSN)base_config_valuesrz(_GetRepeatedFieldValue..'s7H7NB7Nr)r ParsePrimitiveArgs)args field_namerhas_specrepeated_fields ` r_GetRepeatedFieldValuer$s-..tZ/NP. .&N rcbgd}|Dcgc]}||z }}tfd|DScc}w)N)remove_add_clear_c3@K|]}j|ywr) IsSpecified).0argrs r z$_IsFieldSpecified..8s 8isT  c "is)any)rrlist_command_prefixescommand list_argss ` r_IsFieldSpecifiedr-4s;73HI3Hw#3H)I 8i 8 88Js ,c>tj||}|s||}|S)zGReturns the ingress/egress field value to use for the update operation.)r "ParseUpdateDirectionalPoliciesArgs)rrrringress_egress_fields r_GetIngressEgressFieldValuer1;s1#FF J *2, rc<eZdZdZdZedZeddZdZy)UpdatePerimeterDryRun?Updates the dry-run mode configuration for a Service Perimeter.v1c2tj|dy)Nr5versionr3 ArgsVersionedparsers rArgszUpdatePerimeterDryRun.ArgsRs'''=rctj|dtj||tj|t j |ddddt j |ddddt j |dd d d|d k7r@|j d }|jd ddt j |ddddntj|||jdddy)Nz to updatezService Perimeter resources ResourcesF) include_setzrestricted-serviceszRestricted Servicesz access-levelsz Access Levelv1alphaz>Arguments for configuring VPC accessible service restrictions.z --enable-vpc-accessible-services store_truezWhen specified restrict API calls within the Service Perimeter to the set of vpc allowed services. To disable use '--no-enable-vpc-accessible-services'.)actionhelpvpc-allowed-serviceszVPC Allowed Servicesz--asyncz^Return immediately, without waiting for the operation in progress to complete.) r AddResourceArg%AddUpdateDirectionalPoliciesGroupArgs AddEtagArgr AddPrimitiveArgsadd_argument_group add_argument'AddUpdateVpcAccessibleServicesGroupArgs)r<r8 vpc_groups rr:z#UpdatePerimeterDryRun.ArgsVersionedVsfk244VWE&!         )++ JLi ,45     88 ' )*rc tj|j}tj|j}|j j j}tj|||j|}t|}td|r#t|d|j|j}n |j}td|r#t|d|j |j}n |j }td|r#t|d|j"|j} n |j"} |j$} | |j'} td|r#t|d| j(|j} n|j$ | j(} nd} |j+dr |j,} n|j$ | j.} nd} d} d}|jd k(rt1j2|d \} }| d} n| sg} t5|d |j6|j}t5|d |j8|j}|j;||| || | || |||j< S)Nr7r?restricted_services access_levelsvpc_allowed_servicesrFenable_vpc_accessible_servicesFrBzvpc-accessible-serviceszingress-policieszegress-policies) r?levelsrPrRrSvpc_yaml_flag_usedvpc_accessible_services_configingress_policiesegress_policiesetag) zones_apiClient _API_VERSIONr GetMessagesCONCEPTSrParser ValidateAccessPolicyArgGetrr-rr?r restrictedServices accessLevelsvpcAccessibleServicesVpcAccessibleServicesallowedServicesr%rSenableRestrictionr $ParseUpdateVpcAccessibleServicesArgsr1ingressPoliciesegressPoliciesPatchDryRunConfigrY)selfrclientmessages perimeter_reforiginal_perimeter base_configupdated_resourcesupdated_restricted_servicesupdated_access_levelsbase_vpc_configupdated_vpc_servicesupdated_vpc_enabledrVrUupdated_ingressupdated_egresss rRunzUpdatePerimeterDryRun.Runs   d&7&7 8F(9(9:HMM++113M $$]D9M2 !34Kd+0  [22  2 24&//.5$: %{'E'E  2 2%4!%0$B$B!$/4 !9!9  2 24*66!77O 668o/63 &(G(G  2 24  * * 6,<<! 89 ??  * * 6+== %)" I%  9 9- 9$&8"! 1 ##00 O 1 ""00 N  # ##$71':-'E(& YY $  rN)r5) __name__ __module__ __qualname____doc__r\ staticmethodr=r:rzrrrr3r3Ls:H,>>-*-*^Srr3c$eZdZdZdZedZy)UpdatePerimeterDryRunAlphar4rBc2tj|dy)NrBr7r9r;s rr=zUpdatePerimeterDryRunAlpha.Argss'' 'BrN)r{r|r}r~r\rr=rrrrrsG,CCrrz>Update the dry-run mode configuration for a Service Perimeter.a`This command updates the dry-run mode configuration (`spec`) for a Service Perimeter. For Service Perimeters with an explicitly defined dry-run mode configuration (i.e. an explicit `spec`), this operation updates that configuration directly, ignoring enforcement mode configuration. Service Perimeters that do not have explict dry-run mode configuration will inherit the enforcement mode configuration in the dry-run mode. Therefore, this command effectively clones the enforcement mode configuration, then applies the update on that configuration, and uses that as the explicit dry-run mode configuration.a;To update the dry-run mode configuration for a Service Perimeter: $ {command} my-perimeter --add-resources="projects/123,projects/456" --remove-restricted-services="storage.googleapis.com" --add-access-levels="accessPolicies/123/accessLevels/a_level" --enable-vpc-accessible-services --clear-vpc-allowed-services)brief DESCRIPTIONEXAMPLESN)r~ __future__rrr+googlecloudsdk.api_lib.accesscontextmanagerrrrZgooglecloudsdk.callioper/googlecloudsdk.command_lib.accesscontextmanagerr r $googlecloudsdk.command_lib.util.argsr rrr-r1UniverseCompatible ReleaseTracks ReleaseTrackBETAGA UpdateCommandr3ALPHAr detailed_helprrrrsI&'<J(FD9  9"D%%**D,=,=,@,@AKD..KBK\D%%++,C!6C-C I ' ( 0,9(&3#r