0dZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l m Z dd l mZdd lmZdd lmZe j$e j&e j(j*Gd de j,Ze j&e j(j0GddeZe j&e j(j4GddeZddie_y)z3Command for creating network firewall policy rules.)absolute_import)division)unicode_literals) base_classes)firewall_policy_rule_utils)client) region_client)base) exceptions)flags)secure_tags_utilsc2eZdZdZdZdZdZedZdZ y)CreateyCreates a Compute Engine network firewall policy rule. *{command}* is used to create network firewall policy rules. NFc<tjdd|_|jj|dtj|tj |dtj |tj|tj|dtj|tj|tj|tj|tj|tj|d|j tj |tj"|tj$|tj&|tj(|tj*||j tj,||j tj.||j tj0||j tj2|tj4||jritj6|tj8|tj:|tj<|tj>||j@r*tjB|tjD||jFjItjJy) NTcreate)required operation)operation_typeinserted)r)rF)rsupport_network_scopes)r)&r !NetworkFirewallPolicyRuleArgumentNETWORK_FIREWALL_POLICY_ARG AddArgument AddActionAddRulePriorityAddSrcIpRangesAddDestIpRangesAddLayer4Configs AddDirectionAddEnableLogging AddDisabledAddTargetServiceAccountsAddDescriptionAddSrcSecureTagsrAddTargetSecureTagsAddSrcAddressGroupsAddDestAddressGroups AddSrcFqdns AddDestFqdnsAddSrcRegionCodesAddDestRegionCodesAddSrcThreatIntelligenceAddDestThreatIntelligenceAddSecurityProfileGroup AddTlsInspectAddSrcNetworkScopeAddSrcNetworksAddDestNetworkScopeAddSrcNetworkTypeAddDestNetworkTypesupport_target_type AddTargetTypeAddTargetForwardingRules display_infoAddCacheUpdater NetworkFirewallPoliciesCompleter)clsparsers =lib/surface/compute/network_firewall_policies/rules/create.pyArgsz Create.Args+s>&+&M&M'C###//x/P OOF &J7   &! 6D1 v 6" f ""6*   "99  f% f% v& f v s'A'A s'A'A ""s'A'A ##s'A'A !!&)  !! v& 6" ' f% v&  &! $$V, ''(N(NOc xtj|j}|jj ||j }t j||j }t|dr!tj||j }g}g}g}g}d} d} d} d} g} g}d}g}d}d}g}|jdr |j}|jdr |j}|jdr |j}|jdr |j}|jd r |j } |jd r |j"} |jd r*t%j&|j |j(} |jd r*t%j&|j |j*}|jd r |j,} |jdr |j.} |j0r|jdr&|jdrt3j4d|jdr&|jdrt3j4d|jdrz|j6s5|j j8j:j<j>}n9|j j8j:j=|j6}|jdr |j@}|jdrz|jBs5|j j8j:jDj>}n9|j j8j:jE|jB}|jdrz|jFs5|j j8j:j<j>}n9|j j8j:j=|jF}|jdrz|jHs5|j j8j:jDj>}n9|j j8j:jE|jH}tKjL||j j8}|j0r-|j j8j;|||| |||}n)|j j8j;|||| }|jdr|jN|_(|jdr|jR|_*|jdr|jV|_,|jdr|jZ|_.|jdr|j^|_0|jdr|jb|_2|jdr|jf|_4|jdr|jj|_6|j j8jnjpjr}|jd rx|jtd!k(r5|j j8jnjpjr}n4|j j8jnjpjv}|jxrg|jd"r9|j j8jnj{|j|}|jd#r |j~}|j j8jotKj|j|j||||j| | || | $ }|jxr||_D||_E|j|j|%S)&N)refcompute_clientregion)rCF src_ip_rangesdest_ip_rangeslayer4_configstarget_service_accountsenable_loggingdisabledsrc_secure_tagstarget_secure_tagssecurity_profile_group tls_inspectsrc_network_scopesrc_network_typezGAt most one of src_network_scope and src_network_type can be specified.dest_network_scopedest_network_typezIAt most one of dest_network_scope and dest_network_type can be specified. src_networks) srcIpRanges destIpRanges layer4Configs srcSecureTagssrcNetworkScope srcNetworksdestNetworkScope)rTrUrVrWsrc_address_groupsdest_address_groups src_fqdns dest_fqdnssrc_region_codesdest_region_codessrc_threat_intelligencedest_threat_intelligence directionINGRESS target_typetarget_forwarding_rules) priorityactionmatchrctargetServiceAccounts description enableLoggingrJtargetSecureTagssecurityProfileGroup tlsInspect)firewall_policyfirewall_policy_rule)HrComputeApiHolder ReleaseTrackrResolveAsResource resourcesrNetworkFirewallPolicyRulehasattrr RegionNetworkFirewallPolicyRule IsSpecifiedrErFrGrHrIrJr $TranslateSecureTagsForFirewallPolicyrKrLrMrNrr ToolExceptionrOmessagesFirewallPolicyRuleMatcherSrcNetworkScopeValueValuesEnum UNSPECIFIEDrSrQDestNetworkScopeValueValuesEnumrPrR rule_utilsParseLayer4Configsr[srcAddressGroupsr\destAddressGroupsr]srcFqdnsr^ destFqdnsr_srcRegionCodesr`destRegionCodesrasrcThreatIntelligencesrbdestThreatIntelligencesFirewallPolicyRuleDirectionValueValuesEnumrdrcEGRESSr6TargetTypeValueValuesEnumrerfConvertPriorityToIntrgrhrk targetTypetargetForwardingRules CreateRulerp)selfargsholderrB#network_firewall_policy_rule_clientrErFrGrHrMrNrIrJrKrLrOrSrQrerflayer4_config_listmatchertraffic_directrqs r>Runz Create.Run_sA  * *4+<+<+> ?F  * * < < f C+1*J*J  +'sH  7 7&-- * MNN !KNHOLK  (((m ()**n ()**n 12 $ < < ()**n  #h )*)NN ----o ,-  @ @mmT44   01#::  &$$k ""  - .43C3C 4&&      . /D4D4D 5&&      - .%%mm$$>>]]ii %mm44NNmm$$    . )((  . /&&mm$$>>^^jj  &}}55OOoo%%    , -$$mm$$>>]]ii %mm44NNmm##    - .%%mm$$>>^^jj  &}}55OOoo$$ $66 .. "" &&@@#%*'+"-Ag &&@@#%*' Ag ,-!%!8!8g -."&":":g  $g  %//g *+#44g +, $ 6 6g 12'+'C'Cg$ 23(,(E(Eg% 11JJRR  $ 9 $ MM " " 5 5 N N V V  MM " " 5 5 N N U U    - ( MM " " 5 5 O O       3 4"&">">!==11DD00?{{ 5$$$+3E  (3%3J0 . 9 9,,1 : r@) __name__ __module__ __qualname____doc__rrr6 classmethodr?rr@r>rrs6 !% 1P1PfCr@rceZdZdZdZdZy) CreateBetarTFNrrrrrr6rr@r>rr%s  r@rceZdZdZdZdZy) CreateAlpharTNrrr@r>rr0s  r@rEXAMPLESa% To create a rule with priority ``10'' in a global network firewall policy with name ``my-policy'' and description ``example rule'', run: $ {command} 10 --firewall-policy=my-policy --action=allow --description="example rule" --global-firewall-policy To create a rule with priority ``10'' in a regional network firewall policy with name ``my-region-policy'' and description ``example rule'', in region ``region-a'', run: $ {command} 10 --firewall-policy=my-policy --action=allow --description="example rule" N)r __future__rrrgooglecloudsdk.api_lib.computerrr8googlecloudsdk.api_lib.compute.network_firewall_policiesrr googlecloudsdk.callioper r rs:&'7SKR(.NZD%%(()AT  A*AHD%%**+,D%%++,&-  r@