dZddlmZddlmZddlmZddlmZddlmZddlmZddl m Z dd l m Z dd l mZdd l mZdd lmZdd lZdZdZe j*Gdde j,e j.Zddde_y )z@Command for listing the rules of organization firewall policies.)absolute_import)division)unicode_literals) base_classes)firewalls_utils)lister)client)base)firewall_policies_utils)flags)logNzTo show all fields of the firewall, please show in JSON format: --format=json To show more fields in table format, please see the examples in --help. z table( priority, direction, action, match.srcIpRanges.list():label=SRC_RANGES, match.destIpRanges.list():label=DEST_RANGES, match.layer4Configs.map().org_firewall_rule().list():label=PORT_RANGES )c0eZdZdZdZedZdZdZy) ListRuleszList the rules of a Compute Engine organization firewall policy. *{command}* is used to list the rules of an organization firewall policy. Nctjdd|_|jj|d|j dd|j j ttj|y) NTzlist rules for)required operationget)operation_typez--organizationzmOrganization which the organization firewall policy belongs to. Must be set if FIREWALL_POLICY is short name.)help) r FirewallPolicyArgumentFIREWALL_POLICY_ARG AddArgument add_argument display_info AddFormatDEFAULT_LIST_FORMATrAddBaseListerArgs)clsparsers 3lib/surface/compute/firewall_policies/list_rules.pyArgszListRules.Args:su#::!13C''u'E >@ !!"56 V$c 6tj|j}|jj ||j d}t j||j |j tj|jj}tj||j|j}|j|d}|syt!j"|j |dj$S)NF) with_project)refcompute_client resourcesversion) organization)fp_idonly_generate_requestr)rComputeApiHolder ReleaseTrackrResolveAsResourcer'r OrgFirewallPolicysix text_typelowerr GetFirewallPolicyIdNamer)DescriberSortFirewallPolicyRulesrules)selfargsholderr%org_firewall_policyr*responses r Runz ListRules.RunFs  * *4+<+<+> ?F  " " 4 4 fU 5 4C 22 }}"" d//1288: < $ 7 7SXXZd6G6G IE"++5,2H    2 26==3;A;3D3D FFr"cR~tjjdtzy)N )r statusPrint LIST_NOTICE)r8resources_were_displayeds r EpilogzListRules.EpilogXs JJTK'(r") __name__ __module__ __qualname____doc__r classmethodr!r=rDr"r rr/s,  % %F$)r"ra To list the rules of an organization firewall policy with ID ``123456789", run: $ {command} 123456789 To list all the fields of the rules of an organization firewall policy with ID ``123456789", run: $ {command} 123456789 --format="table( priority, action, direction, match.srcIpRanges.list():label=SRC_RANGES, match.destIpRanges.list():label=DEST_RANGES, match.layer4Configs.map().org_firewall_rule().list():label=PORT_RANGES, targetServiceAccounts.list():label=TARGET_SVC_ACCT, targetResources:label=TARGET_RESOURCES, ruleTupleCount, enableLogging, description)" a To list rules of a firewall policy, the user must have the following permission: *`compute.firewallPolicies.get`. To find predefined roles that contain those permissions, see the [Compute Engine IAM roles](https://cloud.google.com/compute/docs/access/iam). )EXAMPLESzIAM PERMISSIONS)rH __future__rrrgooglecloudsdk.api_lib.computerrr0googlecloudsdk.api_lib.compute.firewall_policiesr googlecloudsdk.callioper 4googlecloudsdk.command_lib.compute.firewall_policiesr r googlecloudsdk.corer r0rBrDefaultUniverseOnlyDescribeCommand ListCommandr detailed_helprJr"r rVsG&'7:1C(XF#  ()$$d&6&6()()Z ,1 r"