UdZddlmZddlmZddlmZddlZddlZddlmZddl m Z ddl m Z dd l m Z dd l mZdd lmZdd lmZdd lmZdd lmZdd lmZdd lmZdd lmZddlZd Zej<dZej@Z!GddejDZ#dZ$e jJe jLjNe jPGdde jRZ*e jJe jLjVGdde*Z,e jJe jLjZGdde,Z.y)z!Command for creating VPN tunnels.)absolute_import)division)unicode_literalsN) base_classes)vpn_tunnels_utils) arg_parsers)base) exceptions)flags)resource_manager_tags_utilsz[ -~]+FrequiredceZdZfdZxZS)DeprecatedArgumentExceptioncLtt| dj||y)Nz{0} is deprecated. {1})superr__init__format)selfargmsg __class__s )lib/surface/compute/vpn_tunnels/create.pyrz$DeprecatedArgumentException.__init__/s# %t5 ''S13)__name__ __module__ __qualname__r __classcell__)rs@rrr-s 33rrc|stjdtjt|r|Stjd)aOValidateSimpleSharedSecret checks its argument is a vpn shared secret. ValidateSimpleSharedSecret(v) returns v iff v matches [ -~]+. Args: possible_secret: str, The data to validate as a shared secret. Returns: The argument, if valid. Raises: ArgumentTypeError: The argument is not a valid vpn shared secret. z.--shared-secret requires a non-empty argument.zQThe argument to --shared-secret is not valid it contains non-printable charcters.)argparseArgumentTypeErrorrematch_PRINTABLE_CHARS_PATTERN)possible_secrets rValidateSimpleSharedSecretr&4sL   $ $8 ::XX&8 ""! ""rc eZdZdZej dZejdZ e jdZ ejdZdZdZedZedZedZdZd Zd Zd Zd Zd ZdZy)CreateGAMCreate a VPN tunnel. *{command}* is used to create a Classic VPN tunnel between a target VPN gateway in Google Cloud Platform and a peer address; or create Highly Available VPN tunnel between HA VPN gateway and another HA VPN gateway, or Highly Available VPN tunnel between HA VPN gateway and an external VPN gateway. Fr Tctj||jdd|jdddgtd|jd td d t z |jd t jdd dy)Nz --descriptionz4An optional, textual description for the VPN tunnel.)helpz --ike-versionz=? , ,(00A><>  8(00A>>@  ((00A>=? - ,(00A>=? , ,(00A><>  ,(00A>KMrc|jjtjtj |d|j d}|jj ||jj ||j d}|jj ||jj ||jddd|j||jd tjd d d |jdtjd d d|jddd gtdd|jdgdtdd|j r|j#||j$r'|jdtj&dd|jj)tj*y)z&Adds arguments to the supplied parser.create)operation_typeTr --peer-addressFzValid IPV4 address representing the remote tunnel endpoint, the peer address must be specified when creating Classic VPN tunnels from Classic Target VPN gateway)rr+--local-traffic-selectorr,r1CIDRa Traffic selector is an agreement between IKE peers to permit traffic through a tunnel if the traffic matches a specified pair of local and remote addresses. --local-traffic-selector allows to configure the local addresses that are permitted. The value should be a comma separated list of CIDR formatted strings. Example: 192.168.0.0/16,10.0.0.0/24. Local traffic selector must be specified only for VPN tunnels that do not use dynamic routing with a Cloud Router. Omit this flag when creating a tunnel using dynamic routing, including a tunnel for a Highly Available VPN gateway.)r/r?r+--remote-traffic-selectora Traffic selector is an agreement between IKE peers to permit traffic through a tunnel if the traffic matches a specified pair of local and remote addresses. --remote-traffic-selector allows to configure the remote addresses that are permitted. The value should be a comma separated list of CIDR formatted strings. Example: 192.168.0.0/16,10.0.0.0/24. Remote traffic selector must be specified for VPN tunnels that do not use dynamic routing with a Cloud Router. Omit this flag when creating a tunnel using dynamic routing, including a tunnel for a Highly Available VPN gateway. --interfacerao Numeric interface ID of the VPN gateway with which this VPN tunnel is associated. This flag is required if the tunnel is being attached to a Highly Available VPN gateway. This option is only available for use with Highly Available VPN gateway and must be omitted if the tunnel is going to be connected to a Classic VPN gateway.)r.r/rr+!--peer-external-gateway-interface)rr,r-z Interface ID of the external VPN gateway to which this VPN tunnel is connected to. This flag is required if the tunnel is being created from a Highly Available VPN gateway to an External Vpn Gateway.z--resource-manager-tagsz KEY=VALUEz` A comma-separated list of Resource Manager tags to apply to the VPN tunnel. N) display_info AddFormatr HA_VPN_LIST_FORMAT_VPN_TUNNEL_ARGr5add_mutually_exclusive_group_TARGET_VPN_GATEWAY_ARG_VPN_GATEWAY_ARG_EXTERNAL_VPN_GATEWAY_ARG_PEER_GCP_GATEWAY_ARGr6r<rr8r7_support_cipher_suiterA_support_tagging_at_creationArgDictAddCacheUpdaterVpnTunnelsCompleter)r:r;vpn_gateway_group_parserpeer_vpn_gateway_group_parsers rArgsz CreateGA.Argss !!%":":;x@%BB C ++,DE$$%=>$*$G$G%H%!!!--.KL))*GH!..2/3 "  A . ) +$ #  A . ) +$ A E  F + F  G    v& ''  #""$  ''(A(ABrc|jdr4|jdstjdd|jdstjdd|jds'|jd stjd d |jd r'|jd stjd d|jdrtjdd|jdrtjdd|jdrtjddyy)N vpn_gateway interfacerIzsWhen creating Highly Available VPN tunnels, the VPN gateway interface must be specified using the --interface flag.router--routerzeWhen creating Highly Available VPN tunnels, a Cloud Router must be specified using the --router flag.peer_gcp_gatewaypeer_external_gatewayz--peer-gcp-gatewayzsWhen creating Highly Available VPN tunnels, either --peer-gcp-gateway or --peer-external-gateway must be specified.peer_external_gateway_interfacerJz`The flag --peer-external-gateway-interface must be specified along with --peer-external-gateway.local_traffic_selectorrFzHCannot specify local traffic selector with Highly Available VPN tunnels.remote_traffic_selectorrHzICannot specify remote traffic selector with Highly Available VPN tunnels. peer_addressrEzGCannot specify the flag peer address with Highly Available VPN tunnels. IsSpecifiedr InvalidArgumentExceptionrargss r _ValidateHighAvailabilityVpnArgsz)CreateGA._ValidateHighAvailabilityVpnArgs sp  &   k *11  FG G  h '11  9: :  0 1$:J:J !;#11  OP P   1 24;K;K +<-11 / -. .   2 311 &     3 411 '     . )11    *C'rc|jdrO|jdstjdd|jdrtjddyy)Ntarget_vpn_gatewayrgrEzFWhen creating Classic VPN tunnels, the peer address must be specified.r`raz/Cannot specify router with Classic VPN tunnels.rhrks r_ValidateClassicVpnArgsz CreateGA._ValidateClassicVpnArgs2sm ,-   n -11  !" "   ( #11  =   $ .rc~|jdr,|jj||j}|Sy)Nrb)rirTResolveAsResourceSelfLink)rapi_resource_registryrlrbs r_GetPeerGcpGatewayzCreateGA._GetPeerGcpGateway?s@ *+33EE %''/xz  rc~|jdr,|jj||j}|Sy)Nrc)rirSrrrs)rrtrlrcs r_GetPeerExternalGatewayz CreateGA._GetPeerExternalGatewayFs@ /0"<<NN %''/xz "" rc tj|j}|j}t j |}|j tddtj||jtj|}d}|jdrA|j|_t j||j}|j#}d} d} d} d} d} d}d}|r|jdr|j%||j|_|j(j||jj#} |j*} |j-|j|} |j.} |j1|j|}nV|j3||j|_|j6j||jj#} |j8r2|j:&|j=|j>|j:}| r|j@r'|jC|jD|jF|jH|jJ}|jM|jN|jP|jR}|j>jU}|r||_+|r||_,|jVs|jXsd}|j[|j]|j^|j`|jb|jd| |jf|jh|||j8 }n|jk|j]|j^|j`|jb|jd| |jf|jh||j8 }n|j@r|jC|jD|jF|jH|jJ}|jM|jN|jP|jR}|j>jU}|r||_+|r||_,|jVs|jXsd}|jm|j]|j^|j`|jb|jd| | || | ||||j8 }n^|jo|j]|j^|j`|jb|jd| | || | |||j8 }|jq||}|js||d S) Nr0z0It has been renamed to --local-traffic-selector.) scope_listerr`r^)phase1_encryptionphase1_integrity phase1_dh phase1_prf)phase2_encryptionphase2_integrity phase2_pfs) name description ike_versionpeer_ip shared_secretrorerf cipher_suiteparamssupport_tagging_at_creation) rrrrrrorerfrr)rrrrrr^vpn_gateway_interfacer`rcrdrbrrr) rrrrrr^rr`rcrdrbrrzCreating VPN tunnel):rComputeApiHolder ReleaseTrackclientrVpnTunnelHelper ike_networksrrOrr resources compute_flagsGetDefaultScopeListerriregion router_regionr4rsrmvpn_gateway_regionrRr_rwrdrurptarget_vpn_gateway_regionrQrVresource_manager_tags_CreateVpnTunnelParamsmessagesrUGetVpnTunnelPhase1Algorithmsrzr{r|r}GetVpnTunnelPhase2Algorithmsr~rrVpnTunnelCipherSuitephase1phase2+GetClassicVpnTunnelForInsertWithCipherSuiteNamerrrgrrerfGetClassicVpnTunnelForInsert4GetHighAvailabilityVpnTunnelForInsertWithCipherSuite%GetHighAvailabilityVpnTunnelForInsertCreateWaitForOperation)rrlis_vpn_gateway_supportedholderrhelpervpn_tunnel_ref router_link router_refror^rrcrdrbr phase1_algo phase2_algorvpn_tunnel_to_insert operation_refs r_Runz CreateGA._RunMsV  * *4+<+<+> ?F ]]F  . .v 6F $ '  < >>%66 "88@7BN K !)00d00v7G7GHj'')kK  &*# D$4$4]$C ++D1 . 5 5d));;    #nn"::   D)-(L(L%001A1A4H ""4('5'<'+>,  > >#((* ,, ,,))"00#5'+'B'B(,(D(D),,0,M,M ?   &BB$$&((((%%,,1#'#>#>$($@$@((,(I(I C   # #99"44!22nn : 99"44!22: ;;=  +,   +, ""<+>+>,  G G#((* ,, ,,))"00'&;"&;0O!1),,0,M,M H  & &KK$$&((((%%,,#"7"7,K-((,(I(I! L &MM.2FGM  " ">=#8 ::rc(|j|dS)z-Issues API requests to construct VPN Tunnels.T)r)rrks rRunz CreateGA.Runs 99TD9 99rctj|}|j}tt j |Dcgc]"\}}|j j||$}}}||j |Scc}}w)N)keyvalue)additionalProperties)resourceManagerTags)r GetResourceManagerTagsVpnTunnelParamssortedsix iteritemsResourceManagerTagsValueAdditionalProperty)rrrresource_manager_tags_maprrradditional_propertiess rrzCreateGA._CreateVpnTunnelParamss#:: !   % %F!/H!IJJJC ''::s%:PJ ";;!6<   s'BN)rrr__doc__target_vpn_gateway_flags$TargetVpnGatewayArgumentForVpnTunnelrQvpn_gateway_flags%GetVpnGatewayArgumentForOtherResourcerRexternal_vpn_gateway_flags&ExternalVpnGatewayArgumentForVpnTunnelrS)GetPeerVpnGatewayArgumentForOtherResourcerTrUrV classmethodr<rAr\rmrprurwrrrrrr(r(OsDCC>==uMH GG BAA!&//6MM<`C`CD&P  c:J:rr(ceZdZdZdZdZy) CreateBetar)TFNrrrrrUrVrrrrrs!&rrceZdZdZdZdZy) CreateAlphar)TNrrrrrrs!%rr)/r __future__rrrr r"googlecloudsdk.api_lib.computer*googlecloudsdk.api_lib.compute.vpn_tunnelsrgooglecloudsdk.callioperr r "googlecloudsdk.command_lib.computer rr 8googlecloudsdk.command_lib.compute.external_vpn_gatewaysr*googlecloudsdk.command_lib.compute.routers router_flags6googlecloudsdk.command_lib.compute.target_vpn_gatewaysr/googlecloudsdk.command_lib.compute.vpn_gatewaysr.googlecloudsdk.command_lib.compute.vpn_tunnelsrr$RouterArgumentForVpnTunnelr4VpnTunnelArgumentrO ToolExceptionrr& ReleaseTracksrGAUniverseCompatible CreateCommandr(BETArALPHArrrrrs5(&' 7H/(.EJhLdV@ %5l55uE )%))+3*":":3"6D%%(()tt!!t*tn D%%**+ ' ', 'D%%++, &* &- &r