h$dZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l mZdd l mZdd lmZdd lZe j&e j(e j*j,Gd d e j.Ze j&e j(e j*j2GddeZddie_y )z-Command for updating security policies rules.)absolute_import)division)unicode_literals) base_classes)org_security_policy_rule_utils)client)base)flags)org_security_policies_utilsNc6eZdZdZdZedZdZdZdZ y)UpdateuUpdate a Compute Engine security policy rule. *{command}* is used to update organization security policy rules. Nctjdd|_|jj|tj|dtj |dtj |tj|tj|tj|tj|tj|tj|tj|dtj|dtj |dtj"|d|j%d d dd y NTupdate)required operationF)rupdated)r) for_updatez --cloud-armor store_truez-Specified for Hierarchical Cloud Armor rules.)actiondefaulthelp)r OrgSecurityPolicyRuleArgumentORG_SECURITY_POLICY_ARG AddArgument AddActionAddSecurityPolicyIdAddDestIpRangesAddLayer4Configs AddDirectionAddEnableLoggingAddTargetResourcesAddTargetServiceAccountsAddDescriptionAddNewPriorityAddOrganization rule_flags AddMatcher AddPreview add_argumentclsparsers 9lib/surface/compute/org_security_policies/rules/update.pyArgsz Update.Args)s "'"E"E#+C++F3 OOFU+ f : &! 6" v 6" V$ ""6*   84 &51&51&T2  < c|jdrJ|jjj|jjj |S|jjj|jjjj j |jjj|S)N expression)r3)expr) srcIpRanges versionedExprconfig) IsSpecifiedrmessagesSecurityPolicyRuleMatcherExprVersionedExprValueValuesEnum SRC_IPS_V1SecurityPolicyRuleMatcherConfig)selfargsholderr3 src_ip_rangess r/_SetupCloudArmorMatchzUpdate._SetupCloudArmorMatchBs  % ]] # # = =}}%%**j*A>]] # # = = ..HHeepp''GG'H >r1c V|jtjjk(r|jjj |jjj j j|jjj||||S|jjj |jjj j j|jjj|||S)N)r5 destIpRanges destPorts layer4Configsr6)r5rFrH) ReleaseTrackr ALPHArr:r;r=FIREWALLr?)r@rBrCdest_ip_rangesdest_ports_listlayer4_config_lists r/_SetupFirewallMatchzUpdate._SetupFirewallMatchOs d//555 ]] # # = = ..HHeenn''GG')'. H >]] # # = = ..HHeenn''GG').H >r1c tj|j}|jj ||j d}t j||j |j tj|jj}tj|j}d}g}g}g} g} g} g} d} d}d}d}d}|jdr|j}d}|jdr|j }d}|jdr|j"}d}|jt$jj&k(rG|jdr6d}tj(|j*|j j,} |jd r6d}tj.|j0|j j,} |jd r |j2} |jd r |j4} |jd rd} |jd r |j6}|jdr tj|j8}n|}|r;|jdr|j;||||}n|j=|||| | }|jdrx|j>dk(r5|j j,j@jBjD}n4|j j,j@jBjF}|j j,jA|tjH|jJ||| | |jL| | }tOjP||jR|jT}|jW|||S)NF) with_project)refcompute_client resourcesversionr3TrCrL dest_portslayer4_configstarget_resourcestarget_service_accountsenable_loggingpreview new_priority cloud_armor directionINGRESS) priorityrmatchr^targetResourcestargetServiceAccounts description enableLoggingr[) organization)r`security_policysecurity_policy_rule),rComputeApiHolderrIrResolveAsResourcerTrOrgSecurityPolicyRulesix text_typelower rule_utilsConvertPriorityToIntNamer9r3rCrLr rJParseDestPortsrVr:ParseLayer4ConfigsrWrXrYr[r\rDrOr^SecurityPolicyRuleDirectionValueValuesEnumr_EGRESS ConvertActionrrdr GetSecurityPolicyIdrgrfr )r@rArBrRsecurity_policy_rule_clientr`r3rCrLrMrNrXrYrZr[should_setup_matchtraffic_directmatcherr\rhsecurity_policy_ids r/Runz Update.Runks  * *4+<+<+> ?F  & & 8 8 fU 9 4C"(">"> }}"" d//1288: #< ..sxxz:HJMNO NGNG  %??j (((m ()**n d//555$:J:J;"11$//28--2H2HJo ()%88   v}}557 *+.. 12 $ < < ()n  " g '44T5F5FGll  - (,, &*m **         $ 9 $ MM " " 5 5 N N V V  MM " " 5 5 N N U U "==11DD'' 4 (5$$$E 5HH# &&( ' - -*1 . 33r1) __name__ __module__ __qualname____doc__r classmethodr0rDrOr~r1r/r r s1 !0 8a3r1r c$eZdZdZdZedZy) UpdateAlpharNctjdd|_|jj|tj|dtj |dtj |tj|tj|tj|tj|tj|tj|tj|tj|dtj|dt!j"|dt!j$|d|j'd d dd yr)r rrrrrr AddDestPortsr r!r"r#r$r%r&r'r(r)r*r+r,s r/r0zUpdateAlpha.Argss"'"E"E#+C++F3 OOFU+ f : &! v 6" v 6" V$ ""6*   84 &51&51&T2  < r1)rrrrrrr0rr1r/rrs! !r1rEXAMPLESa% To update a rule with priority ``10'' in an organization security policy with ID ``123456789'' to change the action to ``allow'' and description to ``new-example-rule'', run: $ {command} 10 --security-policy=123456789 --action=allow --description=new-example-rule )r __future__rrrgooglecloudsdk.api_lib.computerrro4googlecloudsdk.api_lib.compute.org_security_policiesrgooglecloudsdk.callioper 8googlecloudsdk.command_lib.compute.org_security_policiesr r :googlecloudsdk.command_lib.compute.security_policies.rulesr(rlUniverseCompatible ReleaseTracksrIBETA UpdateCommandr rJr detailed_helprr1r/rs4&'7WG(J`Z D%%**+k3T  k3,k3\D%%++, & - H  r1