!dZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l mZdd l mZdd lmZdd lZe j&e j(e j*j,Gd d e j.Ze j&e j(e j*j2GddeZddie_y )z-Command for creating security policies rules.)absolute_import)division)unicode_literals) base_classes)org_security_policy_rule_utils)client)base)flags)org_security_policies_utilsNc*eZdZdZdZedZdZy)CreatezCreate a Compute Engine organizationsecurity policy rule. *{command}* is used to create organization security policy rules. Nctjdd|_|jj|dtj|tj |dtj |tj|tj|tj|tj|tj|tj|tj|dtj|dtj ||j#d d dd |j$j'tj(y NTcreate)required operation)operation_typeinserted)rF)rz --cloud-armor store_truez-Specified for Hierarchical Cloud Armor rules.)actiondefaulthelp)r OrgSecurityPolicyRuleArgumentORG_SECURITY_POLICY_ARG AddArgument AddActionAddSecurityPolicyIdAddDestIpRangesAddLayer4Configs AddDirectionAddEnableLoggingAddTargetResourcesAddTargetServiceAccountsAddDescriptionAddOrganization rule_flags AddMatcher AddPreview add_argument display_infoAddCacheUpdaterOrgSecurityPoliciesCompleterclsparsers 9lib/surface/compute/org_security_policies/rules/create.pyArgsz Create.Args)s"'"E"E#+C++F8+L OOF f ; &! 6" v 6" V$ ""6*   &51&51&!  <   ''(J(JKc B tj|j}|jj ||j d}t j||j |j tj|jj}g}g}g}g}g} g} d} d} |jdr |j}|jdr |j}|jtjjk(r|jdr |j }|jdr |j"}|jdr |j$} |jd r |j&} |jd rd } |jd rd } t)j*||j j,} t)j.||j j,}d}|jd r|jdrV|j j,j1|j j,j3|j4}ng|j j,j1|j j,j0j6j8|j j,j;|}n|jtjjk(r|j j,j1|j j,j0j6j<|j j,j;||| |}n|j j,j1|j j,j0j6j<|j j,j;|||}|j j,j>j@jB}|jdrx|jDdk(r5|j j,j>j@jB}n4|j j,j>j@jF}|j j,j?t)jH|jKt)jL|jN||| | |jP| |  }tSjT||jV|jX}|j[||S)NF) with_project)refcompute_client resourcesversion src_ip_rangesdest_ip_ranges dest_portslayer4_configstarget_resourcestarget_service_accountsenable_loggingTpreview cloud_armor expression)rB)expr) srcIpRanges) versionedExprconfig)rD destIpRanges destPorts layer4Configs)rDrGrI directionINGRESS) priorityrmatchrJtargetResourcestargetServiceAccounts description enableLoggingr@) organization)security_policysecurity_policy_rule).rComputeApiHolder ReleaseTrackrResolveAsResourcer7rOrgSecurityPolicyRulesix text_typelower IsSpecifiedr9r:r ALPHAr;r<r=r> rule_utilsParseDestPortsmessagesParseLayer4ConfigsSecurityPolicyRuleMatcherExprrBVersionedExprValueValuesEnum SRC_IPS_V1SecurityPolicyRuleMatcherConfigFIREWALLSecurityPolicyRuleDirectionValueValuesEnumrKrJEGRESSConvertPriorityToIntName ConvertActionrrPr GetSecurityPolicyIdrSrRr )selfargsholderr5security_policy_rule_clientr9r:r;r<r=r>r?r@dest_ports_listlayer4_config_listtraffic_directmatcherrTsecurity_policy_ids r0Runz Create.RunBs  * *4+<+<+> ?F  & & 8 8 fU 9 4C"(">"> }}"" d//1288: #< MNJN NG (((m ()**n d//555$:J:J;??j ()**n *+.. 12 $ < < ()n  "g // 06 0F0FHO#66~7=}}7M7MON  &  , '--((BB'',,,HC --((BB --00JJggrr==))II)JC      1 1 7 7 7--((BB --00JJggpp==))II)+)0 JC --((BB --00JJggpp==))II)+0JC  -- 3 3 L L T T   + & >>Y &mm$$77PPXX  mm$$77PPWW "==11DD00<'' 4 (5$$$E 5HH# &&( ' - -*1 . 33r2)__name__ __module__ __qualname____doc__r classmethodr1rxr2r0r r s) !LL0f3r2r c$eZdZdZdZedZy) CreateAlphazuCreate a Compute Engine security policy rule. *{command}* is used to create organization security policy rules. Nc tjdd|_|jj|dtj|tj |dtj |tj|tj|tj|tj|tj|tj|tj|tj|dtj |dtj"||j%d d dd |j&j)tj*yr)r rrrrrr AddDestPortsrr r!r"r#r$r%r&r'r(r)r*r+r,r-s r0r1zCreateAlpha.Argss("'"E"E#+C++F8+L OOF f ; &! v 6" v 6" V$ ""6*   &51&51&!  <   ''(J(JKr2)ryrzr{r|rr}r1r~r2r0rrs# !LLr2rEXAMPLESz To create a rule with priority ``10'' in an organization security policy with ID ``123456789'', run: $ {command} 10 --security-policy=123456789 --action=allow --description=example-rule --cloud-armor )r| __future__rrrgooglecloudsdk.api_lib.computerrr^4googlecloudsdk.api_lib.compute.org_security_policiesrgooglecloudsdk.callioper 8googlecloudsdk.command_lib.compute.org_security_policiesr r :googlecloudsdk.command_lib.compute.security_policies.rulesr&rYUniverseCompatible ReleaseTracksrVBETA CreateCommandr r]r detailed_helpr~r2r0rs4&'7WG(J`Z D%%**+G3T  G3,G3TD%%++, L& L- LHr2