2dZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l m Z dd lmZdd lmZdd lmZdd lZe j(Gdde j*Zddie_y )z8Command for creating organization firewall policy rules.)absolute_import)division)unicode_literals) base_classes)firewall_policy_rule_utils)client)base) exceptions)firewall_policies_utils)flags)secure_tags_utilsNc*eZdZdZdZedZdZy)CreatezvCreates a Compute Engine firewall policy rule. *{command}* is used to create organization firewall policy rules. Nc|jtjjk(xs+|jtjjk(}t j dd|_|j j|dt j|t j|dt j|t j|t j|dt j|t j|t j|t j |t j"|t j$|t j&|t j(||t j*||t j,||t j.||t j0|t j2|t j4|t j6|t j8|t j:|t j<|t j>|d|jtjjk(s+|jtjjk(rit j@|t jB|t jD|t jF|t jH||jJjMtjNy) NTcreate)required operation)operation_typeinserted)r)rF)( ReleaseTrackr ALPHABETAr FirewallPolicyRuleArgumentFIREWALL_POLICY_ARG AddArgument AddActionAddFirewallPolicyIdAddSrcIpRangesAddDestIpRangesAddLayer4Configs AddDirectionAddEnableLogging AddDisabledAddTargetResourcesAddTargetServiceAccountsAddSrcSecureTagsAddTargetSecureTagsAddSrcThreatIntelligenceAddDestThreatIntelligenceAddSrcRegionCodesAddDestRegionCodes AddSrcFqdns AddDestFqdnsAddSrcAddressGroupsAddDestAddressGroupsAddSecurityProfileGroup AddTlsInspectAddDescriptionAddOrganizationAddSrcNetworkScopeAddSrcNetworksAddDestNetworkScopeAddSrcNetworkTypeAddDestNetworkType display_infoAddCacheUpdaterFirewallPoliciesCompleter)clsparsersupport_network_scopess 5lib/surface/compute/firewall_policies/rules/create.pyArgsz Create.Args)sw d//555 8    !2!2!7!7 7$>>C''x'H OOF f ;   &! 6D1 v 6" f V$ ""6* 6" f% ""6+AB ##F,BC F$:; V%;< f v f% v& !!&)    &51 d//555    !2!2!7!7 7 v& 6" ' f% v& ''(G(GHctj|j}|jj ||j d}t j||j |j tj|jj}t j||j |j tj|jj}g}g}g}g} g} g} g} g} g}g}g}g}g}g}g}d}d}d}d}d}g}d}|jdr |j}|jdr |j}|jdr |j}|jdr |j } |jdr |j"} |jd r*t%j&|j |j(} |jd r*t%j&|j |j*} |jd r |j,}|jd r |j.}|jd r |j0}|jdr |j2}|jdrC|j4Dcgc].}t7j8||j:||j<0} }|jdrC|j>Dcgc].}t7j8||j:||j<0}}|jdr |j@}|jdr |jB}|jdr7t7jD|jF|j:||j<}|jdr |jH}|jdr |jJ}|jdr |jL}|jtNjjPk(s,|jtNjjRk(r|jdr&|jdrtUjVd|jdr&|jdrtUjVd|jdrz|jXs5|j jZj\j^j`}n9|j jZj\j_|jX}|jdr |jb}|jdrz|jds5|j jZj\jfj`}n9|j jZj\jg|jd}|jdrz|jhs5|j jZj\j^j`}n9|j jZj\j_|jh}|jdrz|jjs5|j jZj\jfj`}n9|j jZj\jg|jj}tmjn||j jZ}|jtNjjPk(s+|jtNjjRk(r5|j jZj]|||| || |||||||||}n1|j jZj]|||| || |||||| }|j jZjpjrjt}|jd!rx|jvd"k(r5|j jZjpjrjt}n4|j jZjpjrjx}|j jZjqtmjz|j}|j~||| | | |||j||# } t7j||j<|j:$}!|j|!| %Scc}wcc}w)&NF) with_project)refcompute_client resourcesversion src_ip_rangesdest_ip_rangeslayer4_configstarget_resourcestarget_service_accountssrc_secure_tagstarget_secure_tagssrc_threat_intelligencedest_threat_intelligencesrc_region_codesdest_region_codessrc_address_groupsdest_address_groups src_fqdns dest_fqdnssecurity_profile_group)rWoptional_organizationfirewall_policy_clientfirewall_policy_id tls_inspectenable_loggingdisabledsrc_network_scopesrc_network_typezGAt most one of src_network_scope and src_network_type can be specified.dest_network_scopedest_network_typezIAt most one of dest_network_scope and dest_network_type can be specified. src_networks) srcIpRanges destIpRanges layer4ConfigssrcAddressGroupsdestAddressGroups srcSecureTagssrcFqdns destFqdnssrcRegionCodesdestRegionCodessrcThreatIntelligencesdestThreatIntelligencessrcNetworkScope srcNetworksdestNetworkScope) rcrdrerfrgrhrirjrkrlrmrn directionINGRESS) priorityactionmatchrrtargetResourcestargetServiceAccountstargetSecureTagssecurityProfileGroup tlsInspect description enableLoggingr]) organization)firewall_policyfirewall_policy_rule)CrComputeApiHolderrrResolveAsResourcerFrOrgFirewallPolicysix text_typelowerOrgFirewallPolicyRule IsSpecifiedrHrIrJrKrLr $TranslateSecureTagsForFirewallPolicyrMrNrOrPrQrRrSr BuildAddressGroupUrlr~rrTrUrVBuildSecurityProfileGroupUrlrWr[r\r]r rrr ToolExceptionr^messagesFirewallPolicyRuleMatcherSrcNetworkScopeValueValuesEnum UNSPECIFIEDrbr`DestNetworkScopeValueValuesEnumr_ra rule_utilsParseLayer4ConfigsFirewallPolicyRuleDirectionValueValuesEnumrsrrEGRESSConvertPriorityToIntNamerur|GetFirewallPolicyId CreateRule)"selfargsholderrDorg_firewall_policyfirewall_policy_rule_clientrHrIrJrKrLrMrNrSrTrUrVrQrRrOrPrWr[r\r]r^rbr`xlayer4_config_listmatchertraffic_directrrZs" r?Runz Create.RunWs  * *4+<+<+> ?F  " " 4 4 fU 5 C!22 }}"" d//1288:  #)">"> }}"" d//1288: # MNN OIJ !!KNHL (((m ()**n ()**n *+.. 12 $ < < )*)NN ----o ,-  @ @mmT44   12 $ < < 23!%!>!> *+.. +,00 ,- ** +a " 6 6""$79M9M +   -. ++ ,a " 6 6""$79M9M ,    $..i  %??j 01 ! > >%)%@%@$($5$5%8!%!5!5    &$$k ()**n  #h t00666    $"3"3"8"8 8  - .43C3C 4&&      . /D4D4D 5&&     - .%%mm$$>>]]ii %mm44NNmm$$    . )((  . /&&mm$$>>^^jj  &}}55OOoo%%    , -$$mm$$>>]]ii %mm44NNmm##    - .%%mm$$>>^^jj  &}}55OOoo$$ $66 .. t00666    $"3"3"8"8 8 &&@@#%*-/')+!8":+"-Ag$ &&@@#%*-/')+!8":A g  11JJRR  $ 9 $ MM " " 5 5 N N V V  MM " " 5 5 N N U U "==11DD00<{{ (5+3$$$E 1DD# && ' 1 1*1 2 Ss 3f3f)__name__ __module__ __qualname____doc__r classmethodr@rrAr?rr s* +I+IZqrArEXAMPLESz To create a rule with priority ``10" in an organization firewall policy with ID ``123456789", run: $ {command} 10 --firewall-policy=123456789 --action=allow --description=example-rule )r __future__rrrgooglecloudsdk.api_lib.computerrr0googlecloudsdk.api_lib.compute.firewall_policiesrgooglecloudsdk.callioper r 4googlecloudsdk.command_lib.compute.firewall_policiesr r rsm?&'7SC(.XFZ gT  ggV rA