File: //snap/google-cloud-cli/current/lib/googlecloudsdk/api_lib/orgpolicy/service.py
# -*- coding: utf-8 -*- #
# Copyright 2019 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Utilities for the Org Policy service."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
import abc
from googlecloudsdk.api_lib.orgpolicy import utils
from googlecloudsdk.api_lib.util import apis
from googlecloudsdk.calliope import base
from googlecloudsdk.generated_clients.apis.orgpolicy.v2 import orgpolicy_v2_messages
ORG_POLICY_API_NAME = 'orgpolicy'
VERSION_MAP = {base.ReleaseTrack.GA: 'v2'}
def GetApiVersion(release_track):
"""Returns the api version of the Org Policy service."""
return VERSION_MAP.get(release_track)
def OrgPolicyClient(release_track):
"""Returns a client instance of the Org Policy service."""
api_version = GetApiVersion(release_track)
return apis.GetClientInstance(ORG_POLICY_API_NAME, api_version)
def OrgPolicyMessages(release_track):
"""Returns the messages module for the Org Policy service."""
api_version = GetApiVersion(release_track)
return apis.GetMessagesModule(ORG_POLICY_API_NAME, api_version)
def PolicyService(release_track):
"""Returns the service class for the Policy resource."""
client = OrgPolicyClient(release_track)
return client.policies
def ConstraintService(release_track):
"""Returns the service class for the Constraint resource."""
client = OrgPolicyClient(release_track)
return client.constraints
class OrgPolicyApi(object):
"""Base class for Org Policy API."""
def __new__(cls, release_track):
if release_track == base.ReleaseTrack.GA:
return super(OrgPolicyApi, cls).__new__(OrgPolicyApiGA)
def __init__(self, release_track):
api_version = GetApiVersion(release_track)
self.client = apis.GetClientInstance(ORG_POLICY_API_NAME, api_version)
self.messages = apis.GetMessagesModule(ORG_POLICY_API_NAME, api_version)
@abc.abstractmethod
def GetPolicy(self, name):
pass
@abc.abstractmethod
def GetEffectivePolicy(self, name):
pass
@abc.abstractmethod
def DeletePolicy(
self, name, etag=None
) -> orgpolicy_v2_messages.GoogleProtobufEmpty:
pass
@abc.abstractmethod
def ListPolicies(self, parent):
pass
@abc.abstractmethod
def ListConstraints(self, parent):
pass
@abc.abstractmethod
def CreatePolicy(self, policy):
pass
@abc.abstractmethod
def UpdatePolicy(self, policy, update_mask=None):
pass
@abc.abstractmethod
def CreateCustomConstraint(self, custom_constraint):
pass
@abc.abstractmethod
def UpdateCustomConstraint(self, custom_constraint):
pass
@abc.abstractmethod
def GetCustomConstraint(self, name):
pass
@abc.abstractmethod
def DeleteCustomConstraint(self, name):
pass
@abc.abstractmethod
def CreateEmptyPolicySpec(self):
pass
@abc.abstractmethod
def BuildPolicy(self, name):
pass
@abc.abstractmethod
def BuildEmptyPolicy(self, name, has_spec=False, has_dry_run_spec=False):
pass
@abc.abstractmethod
def BuildPolicySpecPolicyRule(self,
condition=None,
allow_all=None,
deny_all=None,
enforce=None,
values=None):
pass
@abc.abstractmethod
def BuildPolicySpecPolicyRuleStringValues(self,
allowed_values=(),
denied_values=()):
pass
class OrgPolicyApiGA(OrgPolicyApi):
"""Base class for all Org Policy V2GA API."""
def GetPolicy(self, name):
if name.startswith('organizations/'):
request = self.messages.OrgpolicyOrganizationsPoliciesGetRequest(
name=name)
return self.client.organizations_policies.Get(request)
elif name.startswith('folders/'):
request = self.messages.OrgpolicyFoldersPoliciesGetRequest(name=name)
return self.client.folders_policies.Get(request)
else:
request = self.messages.OrgpolicyProjectsPoliciesGetRequest(name=name)
return self.client.projects_policies.Get(request)
def GetEffectivePolicy(self, name):
if name.startswith('organizations/'):
request = self.messages.OrgpolicyOrganizationsPoliciesGetEffectivePolicyRequest(
name=name)
return self.client.organizations_policies.GetEffectivePolicy(request)
elif name.startswith('folders/'):
request = self.messages.OrgpolicyFoldersPoliciesGetEffectivePolicyRequest(
name=name)
return self.client.folders_policies.GetEffectivePolicy(request)
else:
request = self.messages.OrgpolicyProjectsPoliciesGetEffectivePolicyRequest(
name=name)
return self.client.projects_policies.GetEffectivePolicy(request)
def DeletePolicy(
self, name: str, etag=None
) -> orgpolicy_v2_messages.GoogleProtobufEmpty:
if name.startswith('organizations/'):
request = self.messages.OrgpolicyOrganizationsPoliciesDeleteRequest(
name=name, etag=etag
)
return self.client.organizations_policies.Delete(request)
elif name.startswith('folders/'):
request = self.messages.OrgpolicyFoldersPoliciesDeleteRequest(
name=name, etag=etag
)
return self.client.folders_policies.Delete(request)
else:
request = self.messages.OrgpolicyProjectsPoliciesDeleteRequest(
name=name, etag=etag
)
return self.client.projects_policies.Delete(request)
def ListPolicies(self, parent):
if parent.startswith('organizations/'):
request = self.messages.OrgpolicyOrganizationsPoliciesListRequest(
parent=parent)
return self.client.organizations_policies.List(request)
elif parent.startswith('folders/'):
request = self.messages.OrgpolicyFoldersPoliciesListRequest(parent=parent)
return self.client.folders_policies.List(request)
else:
request = self.messages.OrgpolicyProjectsPoliciesListRequest(
parent=parent)
return self.client.projects_policies.List(request)
def ListConstraints(self, parent):
if parent.startswith('organizations/'):
request = self.messages.OrgpolicyOrganizationsConstraintsListRequest(
parent=parent)
return self.client.organizations_constraints.List(request)
elif parent.startswith('folders/'):
request = self.messages.OrgpolicyFoldersConstraintsListRequest(
parent=parent)
return self.client.folders_constraints.List(request)
else:
request = self.messages.OrgpolicyProjectsConstraintsListRequest(
parent=parent)
return self.client.projects_constraints.List(request)
def CreatePolicy(self, policy):
parent = utils.GetResourceFromPolicyName(policy.name)
if parent.startswith('organizations/'):
request = self.messages.OrgpolicyOrganizationsPoliciesCreateRequest(
parent=parent, googleCloudOrgpolicyV2Policy=policy)
return self.client.organizations_policies.Create(request=request)
elif parent.startswith('folders/'):
request = self.messages.OrgpolicyFoldersPoliciesCreateRequest(
parent=parent, googleCloudOrgpolicyV2Policy=policy)
return self.client.folders_policies.Create(request=request)
else:
request = self.messages.OrgpolicyProjectsPoliciesCreateRequest(
parent=parent, googleCloudOrgpolicyV2Policy=policy)
return self.client.projects_policies.Create(request=request)
def UpdatePolicy(self, policy, update_mask=None):
if policy.name.startswith('organizations/'):
request = self.messages.OrgpolicyOrganizationsPoliciesPatchRequest(
name=policy.name,
googleCloudOrgpolicyV2Policy=policy,
updateMask=update_mask)
return self.client.organizations_policies.Patch(request)
elif policy.name.startswith('folders/'):
request = self.messages.OrgpolicyFoldersPoliciesPatchRequest(
name=policy.name,
googleCloudOrgpolicyV2Policy=policy,
updateMask=update_mask)
return self.client.folders_policies.Patch(request)
else:
request = self.messages.OrgpolicyProjectsPoliciesPatchRequest(
name=policy.name,
googleCloudOrgpolicyV2Policy=policy,
updateMask=update_mask)
return self.client.projects_policies.Patch(request)
def CreateCustomConstraint(self, custom_constraint):
parent = utils.GetResourceFromPolicyName(custom_constraint.name)
request = self.messages.OrgpolicyOrganizationsCustomConstraintsCreateRequest(
parent=parent, googleCloudOrgpolicyV2CustomConstraint=custom_constraint)
return self.client.organizations_customConstraints.Create(request=request)
def UpdateCustomConstraint(self, custom_constraint):
request = self.messages.OrgpolicyOrganizationsCustomConstraintsPatchRequest(
googleCloudOrgpolicyV2CustomConstraint=custom_constraint,
name=custom_constraint.name)
return self.client.organizations_customConstraints.Patch(request)
def GetCustomConstraint(self, name):
request = self.messages.OrgpolicyOrganizationsCustomConstraintsGetRequest(
name=name)
return self.client.organizations_customConstraints.Get(request)
def DeleteCustomConstraint(self, name):
request = self.messages.OrgpolicyOrganizationsCustomConstraintsDeleteRequest(
name=name)
return self.client.organizations_customConstraints.Delete(request)
def CreateEmptyPolicySpec(self):
return self.messages.GoogleCloudOrgpolicyV2PolicySpec()
def BuildPolicy(self, name):
spec = self.messages.GoogleCloudOrgpolicyV2PolicySpec()
return self.messages.GoogleCloudOrgpolicyV2Policy(name=name, spec=spec)
def BuildEmptyPolicy(self, name, has_spec=False, has_dry_run_spec=False):
spec = None
dry_run_spec = None
if has_spec:
spec = self.messages.GoogleCloudOrgpolicyV2PolicySpec()
if has_dry_run_spec:
dry_run_spec = self.messages.GoogleCloudOrgpolicyV2PolicySpec()
return self.messages.GoogleCloudOrgpolicyV2Policy(
name=name, spec=spec, dryRunSpec=dry_run_spec
)
def BuildPolicySpecPolicyRule(self,
condition=None,
allow_all=None,
deny_all=None,
enforce=None,
values=None):
return self.messages.GoogleCloudOrgpolicyV2PolicySpecPolicyRule(
condition=condition,
allowAll=allow_all,
denyAll=deny_all,
enforce=enforce,
values=values)
def BuildPolicySpecPolicyRuleStringValues(self,
allowed_values=(),
denied_values=()):
return self.messages.GoogleCloudOrgpolicyV2PolicySpecPolicyRuleStringValues(
allowedValues=allowed_values, deniedValues=denied_values)