File: //snap/google-cloud-cli/394/lib/surface/compute/firewall_policies/mirroring_rules/update.py
# -*- coding: utf-8 -*- #
# Copyright 2024 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Command for updating organization firewall policy packet mirroring rules."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.compute import base_classes
from googlecloudsdk.api_lib.compute import firewall_policy_rule_utils as rule_utils
from googlecloudsdk.api_lib.compute.firewall_policies import client
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.compute.firewall_policies import firewall_policies_utils
from googlecloudsdk.command_lib.compute.firewall_policies import flags
import six
@base.UniverseCompatible
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA)
class Update(base.UpdateCommand):
r"""Updates a Compute Engine firewall policy packet mirroring rule.
*{command}* is used to update organization firewall policy packet mirroring
rules.
"""
FIREWALL_POLICY_ARG = None
@classmethod
def Args(cls, parser):
cls.FIREWALL_POLICY_ARG = flags.FirewallPolicyRuleArgument(
required=True, operation='update'
)
cls.FIREWALL_POLICY_ARG.AddArgument(parser)
flags.AddPacketMirroringAction(parser, required=False)
flags.AddFirewallPolicyId(parser, operation='updated')
flags.AddSrcIpRanges(parser)
flags.AddDestIpRanges(parser)
flags.AddLayer4Configs(parser)
flags.AddDirection(parser)
flags.AddDisabled(parser)
flags.AddTargetResources(parser)
flags.AddMirroringSecurityProfileGroup(parser)
flags.AddDescription(parser)
flags.AddNewPriority(parser, operation='update')
flags.AddOrganization(parser, required=False)
def Run(self, args):
clearable_arg_name_to_field_name = {
'src_ip_ranges': 'match.srcIpRanges',
'dest_ip_ranges': 'match.destIpRanges',
'security_profile_group': 'securityProfileGroup',
'target_resources': 'targetResources',
}
holder = base_classes.ComputeApiHolder(self.ReleaseTrack())
ref = self.FIREWALL_POLICY_ARG.ResolveAsResource(
args, holder.resources, with_project=False
)
org_firewall_policy = client.OrgFirewallPolicy(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower(),
)
firewall_policy_rule_client = client.OrgFirewallPolicyPacketMirroringRule(
ref=ref,
compute_client=holder.client,
resources=holder.resources,
version=six.text_type(self.ReleaseTrack()).lower(),
)
cleared_fields = []
priority = rule_utils.ConvertPriorityToInt(ref.Name())
src_ip_ranges = []
dest_ip_ranges = []
layer4_config_list = []
target_resources = []
disabled = None
should_setup_match = False
traffic_direct = None
matcher = None
security_profile_group = None
for arg in clearable_arg_name_to_field_name:
if args.IsKnownAndSpecified(arg) and not args.GetValue(arg):
cleared_fields.append(clearable_arg_name_to_field_name[arg])
if args.IsSpecified('src_ip_ranges'):
src_ip_ranges = args.src_ip_ranges
should_setup_match = True
if args.IsSpecified('dest_ip_ranges'):
dest_ip_ranges = args.dest_ip_ranges
should_setup_match = True
if args.IsSpecified('layer4_configs'):
should_setup_match = True
layer4_config_list = rule_utils.ParseLayer4Configs(
args.layer4_configs, holder.client.messages
)
if args.IsSpecified('target_resources'):
target_resources = args.target_resources
if args.IsSpecified('security_profile_group'):
security_profile_group = (
firewall_policies_utils.BuildSecurityProfileGroupUrl(
security_profile_group=args.security_profile_group,
optional_organization=args.organization,
firewall_policy_client=org_firewall_policy,
firewall_policy_id=args.firewall_policy,
)
)
elif (
args.IsSpecified('action')
and args.action != 'apply_security_profile_group'
):
cleared_fields.append('securityProfileGroup')
if args.IsSpecified('disabled'):
disabled = args.disabled
if args.IsSpecified('new_priority'):
new_priority = rule_utils.ConvertPriorityToInt(args.new_priority)
else:
new_priority = priority
# If need to construct a new matcher.
if should_setup_match:
matcher = holder.client.messages.FirewallPolicyRuleMatcher(
srcIpRanges=src_ip_ranges,
destIpRanges=dest_ip_ranges,
layer4Configs=layer4_config_list,
)
if args.IsSpecified('direction'):
if args.direction == 'INGRESS':
traffic_direct = (
holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.INGRESS
)
else:
traffic_direct = (
holder.client.messages.FirewallPolicyRule.DirectionValueValuesEnum.EGRESS
)
firewall_policy_rule = holder.client.messages.FirewallPolicyRule(
priority=new_priority,
action=args.action,
match=matcher,
direction=traffic_direct,
targetResources=target_resources,
description=args.description,
disabled=disabled,
securityProfileGroup=security_profile_group,
)
firewall_policy_id = firewall_policies_utils.GetFirewallPolicyId(
firewall_policy_rule_client,
args.firewall_policy,
organization=args.organization,
)
with holder.client.apitools_client.IncludeFields(cleared_fields):
return firewall_policy_rule_client.UpdateRule(
priority=priority,
firewall_policy=firewall_policy_id,
firewall_policy_rule=firewall_policy_rule,
)
Update.detailed_help = {
'EXAMPLES': """\
To update a rule with priority ``10" in an organization firewall policy
with ID ``123456789" to change the action to ``allow" and description to
``new-example-rule", run:
$ {command} 10 --firewall-policy=123456789 --action=do_not_mirror
--description=new-example-rule
""",
}