File: //snap/google-cloud-cli/current/lib/googlecloudsdk/command_lib/assured/flags.py
# -*- coding: utf-8 -*- #
# Copyright 2020 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Flags and helpers for the Assured related commands."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.assured import message_util
from googlecloudsdk.calliope import arg_parsers
from googlecloudsdk.calliope import base as calliope_base
from googlecloudsdk.command_lib.assured import resource_args
from googlecloudsdk.command_lib.util.apis import arg_utils
from googlecloudsdk.command_lib.util.concepts import concept_parsers
def AddListWorkloadsFlags(parser):
parser.add_argument(
'--location',
required=True,
help=(
'The location of the Assured Workloads environments. For a '
'current list of supported LOCATION values, see '
'[Assured Workloads locations]'
'(https://cloud.google.com/assured-workloads/docs/locations).'
),
)
parser.add_argument(
'--organization',
required=True,
help=(
'The parent organization of the Assured Workloads environments, '
'provided as an organization ID.'
),
)
def AddListOperationsFlags(parser):
parser.add_argument(
'--location',
required=True,
help=(
'The location of the Assured Workloads operations. For a '
'current list of supported LOCATION values, see '
'[Assured Workloads locations]'
'(https://cloud.google.com/assured-workloads/docs/locations).'
),
)
parser.add_argument(
'--organization',
required=True,
help=(
'The parent organization of the Assured Workloads operations, '
'provided as an organization ID.'
),
)
def AddCreateWorkloadFlags(parser, release_track):
"""Adds required flags to the assured workloads create command.
Args:
parser: Parser, Parser used to construct the command flags.
release_track: ReleaseTrack, Release track of the command being called.
Returns:
None.
"""
parser.add_argument(
'--location',
required=True,
help=(
'The location of the new Assured Workloads environment. For a '
'current list of supported LOCATION values, see '
'[Assured Workloads locations]'
'(https://cloud.google.com/assured-workloads/docs/locations).'
),
)
parser.add_argument(
'--organization',
required=True,
help=(
'The parent organization of the new Assured Workloads environment, '
'provided as an organization ID'
),
)
parser.add_argument(
'--external-identifier',
help='The external identifier of the new Assured Workloads environment',
)
parser.add_argument(
'--display-name',
required=True,
help='The display name of the new Assured Workloads environment',
)
arg_utils.ChoiceEnumMapper(
'--compliance-regime',
message_util.GetComplianceRegimesEnum(release_track),
include_filter=lambda regime: regime != 'COMPLIANCE_REGIME_UNSPECIFIED',
required=True,
help_str='The compliance regime of the new Assured Workloads environment',
).choice_arg.AddToParser(parser)
arg_utils.ChoiceEnumMapper(
'--partner',
message_util.GetPartnersEnum(release_track),
include_filter=lambda regime: regime != 'PARTNER_UNSPECIFIED',
help_str=(
'The partner choice when creating a workload managed by local trusted'
' partners.'
),
).choice_arg.AddToParser(parser)
parser.add_argument(
'--partner-permissions',
type=arg_parsers.ArgDict(
spec={
'data-logs-viewer': bool,
}
),
metavar='KEY=VALUE',
help=(
'The partner permissions for the partner regime, for example,'
' data-logs-viewer=true/false'
),
)
parser.add_argument(
'--partner-services-billing-account',
required=False,
help=(
'Billing account necessary for purchasing services from Sovereign'
' Partners. This field is required for creating SIA/PSN/CNTXT'
' partner workloads. The caller should have'
" 'billing.resourceAssociations.create' IAM permission on this"
' billing-account. The format of this string is'
' billingAccounts/AAAAAA-BBBBBB-CCCCCC'
),
)
parser.add_argument(
'--billing-account',
required=True,
help=(
'The billing account of the new Assured Workloads environment, for '
'example, billingAccounts/0000AA-AAA00A-A0A0A0'
),
)
parser.add_argument(
'--next-rotation-time',
help=(
'The next rotation time of the KMS settings of new Assured '
'Workloads environment, for example, 2020-12-30T10:15:30.00Z'
),
)
parser.add_argument(
'--rotation-period',
help=(
'The rotation period of the KMS settings of the new Assured '
'Workloads environment, for example, 172800s'
),
)
parser.add_argument(
'--labels',
type=arg_parsers.ArgDict(),
metavar='KEY=VALUE',
help=(
'The labels of the new Assured Workloads environment, for example, '
'LabelKey1=LabelValue1,LabelKey2=LabelValue2'
),
)
parser.add_argument(
'--provisioned-resources-parent',
help=(
'The parent of the provisioned projects, for example, '
'folders/{FOLDER_ID}'
),
)
parser.add_argument(
'--enable-sovereign-controls',
type=bool,
default=False,
help=(
'If true, enable sovereign controls for the new Assured Workloads '
'environment, currently only supported by EU_REGIONS_AND_SUPPORT'
),
)
_AddResourceSettingsFlag(parser, release_track)
def _AddResourceSettingsFlag(parser, release_track):
"""Adds the resource settings flag to the assured workloads create command.
Args:
parser: Parser, Parser used to construct the command flags.
release_track: ReleaseTrack, Release track of the command being called.
Returns:
None.
"""
if release_track == calliope_base.ReleaseTrack.GA:
parser.add_argument(
'--resource-settings',
type=arg_parsers.ArgDict(
spec={
'consumer-project-id': str,
'consumer-project-name': str,
'encryption-keys-project-id': str,
'encryption-keys-project-name': str,
'keyring-id': str,
}
),
metavar='KEY=VALUE',
help=(
'A comma-separated, key=value map of custom resource settings such'
' as custom project ids, for example:'
' consumer-project-id={CONSUMER_PROJECT_ID} Note: Currently only'
' consumer-project-id, consumer-project-name,'
' encryption-keys-project-id, encryption-keys-project-name and'
' keyring-id are supported. The encryption-keys-project-id,'
' encryption-keys-project-name and keyring-id settings can be'
' specified only if KMS settings are provided'
),
)
else:
parser.add_argument(
'--resource-settings',
type=arg_parsers.ArgDict(
spec={
'encryption-keys-project-id': str,
'encryption-keys-project-name': str,
'keyring-id': str,
}
),
metavar='KEY=VALUE',
help=(
'A comma-separated, key=value map of custom resource settings such'
' as custom project ids, for example:'
' consumer-project-id={CONSUMER_PROJECT_ID} Note: Currently only'
' encryption-keys-project-id, encryption-keys-project-name and'
' keyring-id are supported. The encryption-keys-project-id,'
' encryption-keys-project-name and keyring-id settings can be'
' specified only if KMS settings are provided'
),
)
def AddDeleteWorkloadFlags(parser):
AddWorkloadResourceArgToParser(parser, verb='delete')
parser.add_argument(
'--etag',
help=(
'The etag acquired by reading the Assured Workloads environment or '
'AW "resource".'
),
)
def AddDescribeWorkloadFlags(parser):
AddWorkloadResourceArgToParser(parser, verb='describe')
def AddDescribeViolationFlags(parser):
AddViolationResourceArgToParser(parser, verb='describe')
def AddEnableResourceMonitoringFlags(parser):
AddWorkloadResourceArgToParser(parser, verb='enable-resource-monitoring')
def AddUpdateWorkloadFlags(parser):
"""Method to add update workload flags."""
AddWorkloadResourceArgToParser(parser, verb='update')
parser.add_argument(
'--etag',
help=(
'The etag acquired by reading the Assured Workloads environment '
'before updating.'
),
)
updatable_fields = parser.add_group(
required=True,
help='Settings that can be updated on the Assured Workloads environment.',
)
updatable_fields.add_argument(
'--display-name',
help='The new display name of the Assured Workloads environment.',
)
updatable_fields.add_argument(
'--violation-notifications-enabled',
help='The notification setting of the Assured Workloads environment.',
)
updatable_fields.add_argument(
'--labels',
metavar='KEY=VALUE',
type=arg_parsers.ArgDict(),
help=(
'The new labels of the Assured Workloads environment, for example, '
'LabelKey1=LabelValue1,LabelKey2=LabelValue2'
),
)
def AddDescribeOperationFlags(parser):
concept_parsers.ConceptParser.ForResource(
'operation',
resource_args.GetOperationResourceSpec(),
'The Assured Workloads operation resource to describe.',
required=True,
).AddToParser(parser)
def AddWorkloadResourceArgToParser(parser, verb):
concept_parsers.ConceptParser.ForResource(
'workload',
resource_args.GetWorkloadResourceSpec(),
'The Assured Workloads environment resource to {}.'.format(verb),
required=True,
).AddToParser(parser)
def AddViolationResourceArgToParser(parser, verb):
concept_parsers.ConceptParser.ForResource(
'violation',
resource_args.GetViolationResourceSpec(),
'The Assured Workloads violation resource to {}.'.format(verb),
required=True,
).AddToParser(parser)
def AddListViolationsFlags(parser):
"""Method to add list violations flags."""
AddListWorkloadsFlags(parser)
parser.add_argument(
'--workload',
required=True,
help=(
'The parent workload of the Assured Workloads violations, '
'provided as workload ID.'
),
)
def AddAcknowledgeViolationsFlags(parser):
"""Method to add acknowledge violations flags."""
AddViolationResourceArgToParser(parser, verb='acknowledge')
parser.add_argument(
'--comment',
required=True,
help='Business justification used added to acknowledge a violation.',
)
parser.add_argument(
'--acknowledge-type',
help="""the acknowledge type for specified violation, which is one of:
SINGLE_VIOLATION - to acknowledge specified violation,
EXISTING_CHILD_RESOURCE_VIOLATIONS - to acknowledge specified org policy
violation and all associated child resource violations.""",
)