E$,dZddlmZddlmZddlmZddlmZddlmZddlmZ ddl m Z dd l m Z dd l mZdd lmZdd lmZdd lmZdd lmZddlZe j0e j2j4e j6Gdde j8Ze j0e j2j<GddeZe j0e j2j@GddeZ!dddde_"y)z$Command for creating firewall rules.)absolute_import)division)unicode_literals) base_classes)firewalls_utils)utils)apis)base) exceptions)resource_manager_tags_utils)flagsprogress_trackerNc:eZdZdZdZdZedZdZdZ dZ y)Create&Create a Compute Engine firewall rule.NcJtjdtj}|jj t jt j|_ |jj|dtjdd|_ tj|dddtj |d t j"|t j$|||jj't j(y Ncomputecreate)operation_typez+The network to which this rule is attached.F)requiredT) for_updatewith_egress_supportwith_service_account)r)r GetMessagesModule compute_apiCOMPUTE_GA_API_VERSION display_info AddFormatr DEFAULT_LIST_FORMATFirewallRuleArgumentFIREWALL_RULE_ARG AddArgument network_flagsNetworkArgumentForOtherResource NETWORK_ARGr AddCommonArgsAddArgsForServiceAccountAddEnableLoggingAddLoggingMetadataAddCacheUpdaterFirewallsCompleterclsparsermessagess ,lib/surface/compute/firewall_rules/create.pyArgsz Create.Args*s%%i&1&H&HJH !!%";";<!668C%%fX%F#CC5GCO!! ! # ,,VF 6" VX. ''(@(@Ac |j}|jr!|jrtjdt |j t |jz rtjdtj|j|jtjj}|jj||j}|jj||j}|jj||j!|j"|j%|j&|j(|j*}|j,|j,|_d|_|j.r>|j.dvr0|jjj0j2|_n/|jjj0j4|_|j6|_|j8|_g}g}|j sDtj|j|jtjj}n|j dk(rDtj|j|jtjj}nR|j dk(rCtj|j|jtjj<}||_||_ |jB|_"|jF|_$|jKdr"|jLstOjPdd |jKd r{|jjS|jL } |jKdr=tUjV|jjY|jZ| _.| |_/|jKd r+|ja|j|jb|_2||jffS) Nz8Can NOT specify --rules and --allow in the same request.z#Must specify --rules with --action.)allowedname descriptionnetwork sourceRanges sourceTags targetTags)EGRESSOUTALLOWDENYlogging_metadataz--logging-metadataz9cannot toggle logging metadata if logging is not enabled.enable_logging)enableresource_manager_tags)4clientrulesallowrArgumentValidationErrorboolaction ParseRulesr1 ActionTyper?r'ResolveAsResource resourcesr#FirewallNamer8SelfLink source_ranges source_tags target_tagsdisabled directionDirectionValueValuesEnumr=INGRESSprioritydestination_rangesdestinationRangesr@r6deniedsource_service_accountssourceServiceAccountstarget_service_accountstargetServiceAccounts IsSpecifiedrBr InvalidArgumentExceptionFirewallLogConfigr GetLoggingMetadataArgGetEnumForChoicerAmetadata logConfig_CreateFirewallParamsrDparamsproject) selfholderargsrEr6 network_ref firewall_reffirewallr\ log_configs r2_CreateFirewallzCreate._CreateFirewall=s ]]F zzdjj  3 3 D FF DKK4 ++  3 3 / 11((V__)8)C)C)I)IKG""44T6;K;KLK));; f L''    $$$$&''####(%H }} --hH ~~$..,== // " " ; ; B B // " " ; ; C C H!%!8!8HG F ;;** **foo'A'A'G'GIg  ** **foo'A'A'G'GIg  )) **foo'A'A'F'FHfHHO%)%A%AH"%)%A%AH" *+D4G4G  / /  E   ()??44D ?F ]]F,,VT:Hgoo;;7<,G  ) )    6#9#9#C#CX#*#,"-?F!H    s 9+B..B7) __name__ __module__ __qualname____doc__r#r' classmethodr3rrrhrr4r2rr"s8/+BB$O*b" Hr4rc eZdZdZedZy) BetaCreaterctjdtj}|jj t jt j|_ |jj|dtjdd|_ tj|dddtj |d t j"|t j$||yr)r rrCOMPUTE_BETA_API_VERSIONrr r r!r"r#r$r%r&r'rr(r)r*r+r.s r2r3zBetaCreate.Argss%%i&1&J&JLH !!%";";<!668C%%fX%F#CC5GCO!! ! # ,,VF 6" VX.r4Nrrrrrr3rr4r2rr.//r4rc eZdZdZedZy) AlphaCreaterctjdtj}|jj t jt j|_ |jj|dtjdd|_ tj|dddtj |d t j"|t j$||yr)r rrCOMPUTE_ALPHA_API_VERSIONrr r r!r"r#r$r%r&r'rr(r)r*r+r.s r2r3zAlphaCreate.Argss%%i&1&K&KMH !!%";";<!668C%%fX%F#CC5GCO!! ! # ,,VF 6" VX.r4Nrrr4r2rrrr4rrzW *{command}* is used to create firewall rules to allow/deny incoming/outgoing traffic. a To create a firewall rule allowing incoming TCP traffic on port 8080, run: $ {command} example-service --allow=tcp:8080 --description="Allow incoming traffic on TCP port 8080" --direction=INGRESS To create a firewall rule that allows TCP traffic through port 80 and determines a list of specific IP address blocks that are allowed to make inbound connections, run: $ {command} tcp-rule --allow=tcp:80 --source-ranges="10.0.0.0/22,10.0.0.0/14" --description="Narrowing TCP traffic" To list existing firewall rules, run: $ gcloud compute firewall-rules list For more detailed examples see [](https://cloud.google.com/vpc/docs/using-firewalls) )brief DESCRIPTIONEXAMPLES)#r __future__rrrgooglecloudsdk.api_lib.computerrrrgooglecloudsdk.api_lib.utilr googlecloudsdk.callioper r "googlecloudsdk.command_lib.computer 1googlecloudsdk.command_lib.compute.firewall_rulesr +googlecloudsdk.command_lib.compute.networksr%googlecloudsdk.core.consolerr{ ReleaseTracksrGAUniverseCompatible CreateCommandrBETArALPHAr detailed_helprr4r2rs+&'7:?,(.JCN8 D%%(()HHT  HH*HHVD%%**+//,/,D%%++,/*/-/.6 r4