SrSSKJr SSKJr SSKJr SSKJr SSKJr SSK J r Sr S r S r S r"S S \R5rg)z,Troubleshoot VPC setting for ssh connection.)absolute_import)division)unicode_literals)apis)ssh_troubleshooter)logcomputev1a:There is an issue with your IAP configuration Check the following items: - The IAP firewall rule is valid. - IAP tunneling is enabled. - You are connecting using an IAP token. - You have the IAM role of Project Owner, IAP-Secured Tunnel User, or iap.tunnelInstances.accessViaIAP (preferred) - Your organization hasn't blocked access to external IP addresses. IAP changes the source traffic to 35.235.240.0/20 and the tunnel to https://tunnel.cloudproxy.app. - If your organization blocks access to public IP addresses, try connecting through a bastion server. Help for IAP port forwarding: https://cloud.google.com/iap/docs/using-tcp-forwarding https://cloud.google.com/iap/docs/faq#what_domain_does_for_tcp_use Help for bastion server: https://cloud.google.com/compute/docs/instances/connecting-advanced#bastion_host a8No ingress firewall rule allowing SSH found. If the project uses the default ingress firewall rule for SSH, connections to all VMs are allowed on TCP port 22. If the VPC network that the VM's network interface is in has a custom firewall rule, make sure that custom rule allows ingress traffic on the VM's SSH TCP port (usually, this is TCP port 22). Help for default firewall rule: https://cloud.google.com/vpc/docs/vpc#default-network Help for custom firewall rule: https://cloud.google.com/network-connectivity/docs/vpn/how-to/configuring-firewall-rules If you need to investigate further, enable the VM's serial console. Then connect through the VM serial port, find the SSH server's listen port, and make sure the port number in the VM's firewall rules matches the SSH server's listen port. Help for serial console: https://cloud.google.com/compute/docs/instances/interacting-with-serial-console Help for serial port: https://cloud.google.com/compute/docs/instances/interacting-with-serial-console Help for firewall rules: https://cloud.google.com/vpc/docs/using-firewalls c^\rSrSrSrSrSrSrSrSr Sr Sr Sr Sr S rS rS rS rS rg)VPCTroubleshooterIzCheck VPC setting.NcXlX lX0lX@l[R "[ [5Ul[R"[ [5Ul 0Ul gN) projectzoneinstanceiap_tunnel_argsrGetClientInstance_API_COMPUTE_CLIENT_NAME_API_CLIENT_VERSION_V1compute_clientGetMessagesModulecompute_messageissues)selfrrrrs 779M! * *8 4 4"%DKKrcUR5nUHnURU5(dM g [URS'g)Ndefault_ssh_port)r6_HasSSHProtocalAndPortDEFAULT_SSH_PORT_MESSAGErr9s rr,&VPCTroubleshooter._CheckDefaultSSHPortts?779M! $ $X . ."'?DKK"#rcURRURRSURRUR S9nUR RRU5R$)Nnic0)rnetworkInterfacerr) r,ComputeInstancesGetEffectiveFirewallsRequestrnamerrr instancesGetEffectiveFirewalls firewalls)rreqs rr60VPCTroubleshooter._ListInstanceEffectiveFirewall{sg    K K## !! YY L C    ( ( > >s C M MMrcURURRRR:wag[ SUR 55(agURU5(dgg)NFc3*# UH oS:gv M g7f)z35.235.240.0/20Nr!).0ranges r AVPCTroubleshooter._HasValidateIAPTunnelingRule..s I3H%% %3HT) directionrFirewallDirectionValueValuesEnumINGRESSall sourceRangesr?)rr;s rr7.VPCTroubleshooter._HasValidateIAPTunnelingRules\T11::SS[[[  I83H3H III   & &x 0 0  rcURH8nURS:XdM[SUR55(dM8 g g)Ntcpc3*# UH oS:Hv M g7f)22Nr!)rNports rrP;VPCTroubleshooter._HasSSHProtocalAndPort..s05#34$,#3rRTF)allowed IPProtocolanyports)rr; allow_rules rr?(VPCTroubleshooter._HasSSHProtocalAndPortsG&&   % 'C05#-#3#305-5-5' r)rrrrrrr)__name__ __module__ __qualname____firstlineno____doc__rrrrrr#r'r2r-r,r6r7r?__static_attributes__r!rrr r IsG ' $ (/     %?Nrr N)rj __future__rrrgooglecloudsdk.api_lib.utilr"googlecloudsdk.command_lib.computergooglecloudsdk.corerrrr8r@SshTroubleshooterr r!rrrqsS3&',A#$Y 0S,H*<<Hr