;nSrSSKJr SSKJr SSKJr SSKJr SSKJr SSKJ r Sr "S S \ R5rS&S jrS&S jrS'SjrS&SjrSrSrSrSrSrS(SjrS)SjrS*SjrS)SjrS(SjrS(SjrS(SjrS(SjrS(Sjr S(Sjr!S+Sjr"S(S jr#S(S!jr$S(S"jr%S#r&S$r'S%r(g ),zJFlags and helpers for the compute organization security policies commands.)absolute_import)division)unicode_literals) arg_parsers) completers)flagsz[ table( name:label=ID, displayName, shortName, description )c(^\rSrSrU4SjrSrU=r$)OrgSecurityPoliciesCompleter#c 4>[[U] "SSSS.UD6 g)N$compute.organizationSecurityPoliciesz-beta compute org-security-policies list --uri) collection list_command)superr __init__)selfkwargs __class__s Elib/googlecloudsdk/command_lib/compute/org_security_policies/flags.pyr%OrgSecurityPoliciesCompleter.__init__%s( &69D r)__name__ __module__ __qualname____firstlineno__r__static_attributes__ __classcell__)rs@rr r #s rr Nc ^[R"SS[UUSSRU5SS9$)NSECURITY_POLICYsecurity policysecurity policiesz)Short name of the security policy to {0}.r name resource_name completerpluralrequired custom_plural short_helpglobal_collection compute_flagsResourceArgumentr formatr(r' operations r!OrgSecurityPolicyRuleListArgumentr2-s:  ' ' %, '<CCIN>  rc ^[R"SS[UUSSRU5SS9$)Nr r!r"z/Short name or ID of the security policy to {0}.r r#r,r0s rOrgSecurityPolicyArgumentr4<s=  ' ' %, 'BII ?  rc <[R"SS[UUSS9$)Nr$ associationr )r$r%r&r'r(r+)r-r.r )r(r's r%OrgSecurityPolicyAssociationsArgumentr7Ks)  ' ' !, >  @@rc \[R"SS[UUSSRU5S9$)Npriorityzsecurity policy ruler z+Priority of the security policy rule to {}.)r$r%r&r'r(r+r*r,r0s rOrgSecurityPolicyRuleArgumentr:Us:  ' ' *, >>EE  rcVURSSS9 URSSS9 URSSS9nURSSS9 URS S S9 URS S S9 URSS S9nURSSS/SSSS9 URSSS9 URSSS/SS9 g)z/Adds the argument for security policy creation.z--display-namez&A textual name of the security policy.helpz --short-nameTr(mutex--organizationzHOrganization in which the organization security policy is to be created.--folderzBFolder in which the organization security policy is to be created. --descriptionFAn optional, textual description for the organization security policy.zCreation options.)r?r=z--type CLOUD_ARMORFIREWALLcBUR5RSS5$)N-_)upperreplacexs r"AddArgSpCreation..sQWWY&&sC0rSECURITY_POLICY_TYPEzHThe type indicates the intended use of the organization security policy.)choicestypemetavarr=z --file-namezWThe name of the JSON or YAML file to create a organization security policy config from.z --file-formatjsonyamlzThe format of the file to create the organization security policy config from. Specify either yaml or json. Defaults to yaml if not specified. Will be ignored if --file-name is not specified.)rPr=N) add_argument add_group)parsergroupcreation_optionss rAddArgSpCreationrZes'E C   D  5% !#      %%D7J%Kj) 0$    )  v H rcFURSSSS9 URSSS9 g) z1Adds the argument for security policy copy rules.z--source-security-policyTz=The URL of the source security policy to copy the rules from.r(r=r@z~Organization in which the organization security policy to copy the rules to. Must be set if security-policy is the short name.r<NrUrWs rAddArgsCopyRulesr_s=  KN   IrcdURSSS9nURSSS9 URSSS9 g) z+Adds the argument for security policy list.Tr>r@z2Organization in which security policies are listedr<rAz,Folder in which security policies are listedNrVrUrWrXs r AddArgsListSprcsM   D  5% @CFIrcDURSSS9 URSSS9 g)z+Adds the argument for security policy move.r@zxOrganization in which the organization security policy is to be moved. Must be set if SECURITY_POLICY is the short name.r<rAz@Folder to which the organization security policy is to be moved.Nr]r^s r AddArgsMoveres; F  rcDURSSS9 URSSS9 g)z-Adds the argument for security policy update.r@zzOrganization in which the organization security policy is to be updated. Must be set if SECURITY_POLICY is the short name.r<rBrCNr]r^s rAddArgsUpdateSprgs; H  rc URSU(aSOS-SU(aSOS[SRU(aSOSU5S9 g) z+Adds the priority argument to the argparse.r$sPRIORITY*NzPriority of the rule{0} to {1}. Rules are evaluated in order from highest priority to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.)rRnargsr&r=)rUr r/)rWr1 is_plurals r AddPriorityrosF yb)C$, >>Df b)?57rc <URSSSSSSSSS .S US S 9 g )z)Adds the action argument to the argparse.z--actionz/Allows the request from HTTP(S) Load Balancing.z7Defers enforcement to the next policy in the hierarchy.z2(DEPRECATED) Only used for Hierarchical Firewalls.zYDenies the request from HTTP(S) Load Balancing, with an HTTP response status code of 403.zYDenies the request from HTTP(S) Load Balancing, with an HTTP response status code of 404.zYDenies the request from HTTP(S) Load Balancing, with an HTTP response status code of 502.zMRedirects the request from HTTP(S) Load Balancing, based on redirect options.)allowz goto-nextdenyzdeny-403zdeny-404zdeny-502redirectc"UR5$N)lowerrKs rrMAddAction..s QWWYrz:Action to take if the request matches the match condition.)rPrQr(r=Nr]rWr(s r AddActionrysEDGF---"'.  G7rcDURSUSRU5S9 g)z5Adds the security policy ID argument to the argparse.--security-policyzCshort name of the security policy into which the rule should be {}.r\NrUr/)rWr(r1s rAddSecurityPolicyIdr} s* 6)$ rc&URSUSS9 g)Nr@zmOrganization which the organization security policy belongs to. Must be set if SECURITY_POLICY is short name.r\r]rxs rAddOrganizationrs  : rcPURS[R"5USSS9 g)zAdds the source IP ranges.z--src-ip-ranges SRC_IP_RANGEzWSource IP ranges to match for this rule. Can only be specified if DIRECTION is ingress.rQr(rRr=NrUrArgListrxs rAddSrcIpRangesr s/     = ?rcPURS[R"5USSS9 g)zAdds the destination IP ranges.z--dest-ip-ranges DEST_IP_RANGEz[Destination IP ranges to match for this rule. Can only be specified if DIRECTION is egress.rNrrxs rAddDestIpRangesr+s/     < >rcPURS[R"5USSS9 g)zAdds the destination ports.z --dest-ports DEST_PORTSPA list of destination protocols and ports to which the firewall rule will apply.rNrrxs r AddDestPortsr6s/      !rcPURS[R"5USSS9 g)zAdds the layer4 configs.z--layer4-configs LAYER4_CONFIGrrNrrxs rAddLayer4ConfigsrAs/      !rc,URSUSS/SS9 g)z?Adds the direction of the traffic to which the rule is applied.z --directionINGRESSEGRESSzZDirection of the traffic the rule is applied. The default is to apply on incoming traffic.)r(rPr=Nr]rxs r AddDirectionrLs((# ' rcDURSU[RSS9 g)z"Adds the option to enable logging.z--enable-loggingzSUse this flag to enable logging of connections that allowed or denied by this rule.)r(actionr=N)rUrStoreTrueFalseActionrxs rAddEnableLoggingrYs)  - - # %rcBURSSRU5S9 g)z;Adds the new security policy rule priority to the argparse.z--new-priorityz6New priority for the rule to {}. Valid in [0, 65535]. r<Nr|)rWr1s rAddNewPriorityrcs) D K K  rcPURS[R"5SUSS9 g)z1Adds the target resources the rule is applied to.z--target-resourcesTARGET_RESOURCESz>List of URLs of target resources to which the rule is applied.rQrRr(r=Nrrxs rAddTargetResourcesrks.      L OrcPURS[R"5SUSS9 g)z.Adds the target service accounts for the rule.z--target-service-accountsTARGET_SERVICE_ACCOUNTSz-List of target service accounts for the rule.rNrrxs rAddTargetServiceAccountsrus-!    ' ; >rc&URSUSS9 g)z"Adds the description of this rule.rBz.An optional, textual description for the rule.r\Nr]rxs rAddDescriptionrs <?rcURSSSS9 URSSS9 URSSS 9nURS S S9 URS S S9 URSSSSSS9 URSSS9 URS[R"5SSSS9 URS[R"5SSSS9 g)z+Adds the arguments of association creation.r{Tz&Security policy ID of the association.r\r@zkID of the organization to associate the security policy with. Must be set if SECURITY_POLICY is short name.r<Fr>rAz7ID of the folder to associate the security policy with.z--project-numberz5Project number to associate the security policy with.z--replace-association-on-target store_trueaBy default, if you attempt to insert an association to an organization or folder resource that is already associated with a security policy the method will fail. If this is set, the existing association will be deleted at the same time that the new association is created.)rdefaultr(r=z--namezName to identify this association. If unspecified, the name will be set to "organization-{ORGANIZATION_ID}" or "folder-{FOLDER_ID}".z--excluded-projectsEXCLUDED_PROJECTSzList of projects to exclude from the application of this security policy. Projects should be specified in the form "projects/123".rz--excluded-foldersEXCLUDED_FOLDERSzList of folders to exclude from the application of this security policy. Folders should be specified in the form "folders/123".N)rUrVrrrbs rAddArgsCreateAssociationrs) 47  6   E  6%P B  '  $  &  ')      ! N         L  rcFURSSSS9 URSSS9 g) z+Adds the arguments of association deletion.r{Tz>short name or ID of the security policy ID of the association.r\r@ztID of the organization in which the security policy is to be detached. Must be set if SECURITY_POLICY is short name.r<Nr]r^s rAddArgsDeleteAssociationrs< K   ErcdURSSS9nURSSS9 URSSS9 g) z'Adds the arguments of association list.Tr>r@zrsQ&'/OE #5#J#J05-204  @   8v  I   7B ?>!! %O>?=@" Gr