;5SrSSKJr SSKJr SSKJr SSKJr SSKJ r SSK J r SSK J r SSK Jr SS KJr SS KJr SS KJr SS jrSS jrSrSr\ R.\ R0"\ R2R4\ R2R65"SS\ R8555r\ R0"\ R2R<5"SS\55rSSSS.r \ \l \ \l g)zB`gcloud access-context-manager perimeters dry-run create` command.)absolute_import)division)unicode_literals) exceptions)zones) arg_parsers)base) perimeters)policies)repeatedcUR5nURSRU5SSSS9 URSRU5S[R"5SSS9 g) Nz"--{}enable-vpc-accessible-services store_truezmWhether to restrict API calls within the perimeter to those in the `vpc-allowed-services` list.)actiondefaulthelpz--{}vpc-allowed-servicesvpc_allowed_serviceszComma-separated list of APIs accessible from within the Service Perimeter. In order to include all restricted services, use reference "RESTRICTED-SERVICES". Requires vpc-accessible-services be enabled.metavartyperr)add_argument_group add_argumentformatrArgList)parserprefix vpc_groups ?lib/surface/access_context_manager/perimeters/dry_run/create.py,_AddLegacyVpcAccessibleServicesArgsForCreatersv'')) *11&9  .   ''/$       cURSRU5S[R"5SSS9 URSRU5S[R"5SSS9 URS RU5S [R"5SS S9 US :wa [ XS 9 ONUR 5nURSRU5S[ R"U5SS9 [ X1S 9 URSRU5S[ R"U5SSS9 URSRU5S[ R"U5SSS9 g)zAdds arguments common to the two dry-run create modes. Args: parser: The argparse parser to add the arguments to. prefix: Optional prefix, e.g. 'perimeter-' to use for the argument names. version: Api version. e.g. v1alpha, v1beta, v1. z --{}resources resourcesNzComma-separated list of resources (currently only projects, in the form `projects/`) in this perimeter.rz--{}restricted-servicesrestricted_serviceszComma-separated list of services to which the perimeter boundary *does* apply (for example, `storage.googleapis.com`).z--{}access-levels access_levelszComma-separated list of IDs for access levels (in the same policy) that an intra-perimeter request must satisfy to be allowed.v1alpha)rz--{}vpc-accessible-services!VPC_ACCESSIBLE_SERVICES_YAML_FILEz>Path to a YAML file containing a VpcAccessibleServices object.)rrrz--{}ingress-policies YAML_FILEa7Path to a file containing a list of Ingress Policies. This file contains a list of YAML-compliant objects representing Ingress Policies described in the API reference. For more information about the alpha version, see: https://cloud.google.com/access-context-manager/docs/reference/rest/v1alpha/accessPolicies.servicePerimeters For more information about non-alpha versions, see: https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimetersz--{}egress-policiesa5Path to a file containing a list of Egress Policies. This file contains a list of YAML-compliant objects representing Egress Policies described in the API reference. For more information about the alpha version, see: https://cloud.google.com/access-context-manager/docs/reference/rest/v1alpha/accessPolicies.servicePerimeters For more information about non-alpha versions, see: https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters) rrrrradd_mutually_exclusive_groupr ParseVpcAccessibleServicesParseIngressPoliciesParseEgressPolicies)rrversionvpc_config_groups r_AddCommonArgsForDryRunCreater-4s V$     E F &&v.#     G H   (     M N 0G::<!!%,,V43  2 27 ; M "1 ##F+  * *7 3 y   ""6*  ) )' 2 y  rcSU-nURU5(a [XS5$URU5(a [XS5$g)a Returns the argument value for given short_name or None if not specified. Args: args: The argument object obtained by parsing the command-line arguments using argparse. short_name: The regular name for the argument to be fetched, such as `access_levels`. perimeter_N) IsSpecifiedgetattr)args short_namealt_names r_ParseArgWithShortNamer5sMJ &( j!! 4T ** !! 44 (( rc8[US5n[US5nX4$)Ningress_policiesegress_policies)r5)r2r7r8s r_ParseDirectionalPoliciesr9s&+D2DE*41BC/  **rcF\rSrSrSrSr\S5r\S Sj5rSr Sr g) CreatePerimeterDryRun?Creates a dry-run spec for a new or existing Service Perimeter.v1c,[RUSS9 g)Nr>r+r; ArgsVersionedrs rArgsCreatePerimeterDryRun.Argss'''=rcHURSSSS9 [R"US5 URSS9nUR S5n[ X1S 9 UR S 5n[ US US 9 URS SSSS9 URSSSS9 URSSSSS9 g)Nz--asyncrz^Return immediately, without waiting for the operation in progress to complete.)rrz to updateT)requiredzJArguments for creating dry-run spec for an **existing** Service Perimeter.r@zBArguments for creating a dry-run spec for a new Service Perimeter.z perimeter-)rr+z--perimeter-titlez5Short human-readable title for the Service Perimeter.)rGrrz--perimeter-descriptionz+Long-form description of Service Perimeter.)rrz--perimeter-typeaType of the perimeter. A *regular* perimeter allows resources within this service perimeter to import and export data amongst themselves. A project may belong to at most one regular service perimeter. A *bridge* perimeter allows resources in different regular service perimeters to import and export data between each other. A project may belong to multiple bridge service perimeters (only if it also belongs to a regular service perimeter). Both restricted and unrestricted service lists, as well as access level lists, must be empty.)rr AddResourceArgr'rr-)rr+top_level_groupexisting_perimeter_groupnew_perimeter_groups rrB#CreatePerimeterDryRun.ArgsVersioneds )* fk29949HO.AA  "":L)<<LN!L'C$$ H %J $$! >%@$$  %rc [R"URS9nURRR 5n[ R"URUR5n[US5n[US5n[ R"XcR5n[US5nSnURS:Xa [US5n[US5n [U5upURcURcSn OUR=(d URn [R R#UR$U5n U R%5 UR&cUb[(R*"SS 5e[2R4"X15 UR7UUR&UR8UUUUU U USLUU U S 9 $![,R.a* UR&bUc[(R0"SS 5eNf=f) Nr@r!r#r"r$vpc_accessible_servicesrzperimeter-titlez|A Service Perimeter with the given name already exists. The title and the type fields cannot be updated in the dry-run mode.zaSince this Service Perimeter does not exist, perimeter-title and perimeter-type must be supplied.) title descriptionperimeter_typer!levelsr"renable_vpc_accessible_servicesvpc_yaml_flag_usedvpc_accessible_services_configr7r8) zones_apiClient _API_VERSIONCONCEPTS perimeterParser GetPerimeterTypeEnumForShortNamerQr5ExpandLevelNamesIfNecessaryaccessPoliciesIdr9rS(perimeter_enable_vpc_accessible_servicesr CachedResultFromFuncGetperimeter_titlerInvalidArgumentExceptionapitools_exceptionsHttpNotFoundErrorRequiredArgumentExceptionr ValidateAccessPolicyArgPatchDryRunConfigperimeter_description)selfr2client perimeter_refrQr!rRr"rUrr7r8rSresults rRunCreatePerimeterDryRun.Runs    d&7&7 8FMM++113M@@ T..0N't[9I #D/ :F  3 3..0F07LM%)" I%(> )($2$8NO(A$(G% ++3 55='+$  - - 8  7 7% " " + +FJJ FF Q jjl    )^-G112C OQ Q.H $$]9  # #""..%/1'E9E'E)' $   0 06   %)?22 46 6*@6sG;H  H N)r>) __name__ __module__ __qualname____firstlineno____doc__rX staticmethodrDrBro__static_attributes__rqrrr;r;s9H,>>((T=rr;c,\rSrSrSrSr\S5rSrg)CreatePerimeterDryRunAlphai r=r$c,[RUSS9 g)Nr$r@rArCs rrDCreatePerimeterDryRunAlpha.Argss'' 'BrrqN) rrrsrtrurvrXrwrDrxrqrrrzrz sG,CCrrzzTCreate a dry-run mode configuration for a new or existing Service Perimeter.aWhen a Service Perimeter with the specified name does not exist, a new Service Perimeter will be created. In this case, the newly created Service Perimeter will not have any enforcement mode configuration, and, therefore, all policy violations will be logged. When a perimeter with the specified name does exist, a dry-run mode configuration will be created for it. The behavior of the enforcement mode configuration, if present, will not be impacted in this case. Requests that violate the existing enforcement mode configuration of the Service Perimeter will continue being denied. Requests that only violate the policy in the dry-run mode configuration will be logged but will not be denied.ajTo create a dry-run configuration for an existing Service Perimeter: $ {command} my-perimeter --resources="projects/0123456789" --access-levels="accessPolicies/a_policy/accessLevels/a_level" --restricted-services="storage.googleapis.com" To create a dry-run configuration for a new Service Perimeter: $ {command} my-perimeter --perimeter-title="My New Perimeter" --perimeter-description="Perimeter description" --perimeter-type="regular" --perimeter-resources="projects/0123456789" --perimeter-access-levels="accessPolicies/a_policy/accessLevels/a_level" --perimeter-restricted-services="storage.googleapis.com")brief DESCRIPTIONEXAMPLESN))rr>)!rv __future__rrrapitools.base.pyrre+googlecloudsdk.api_lib.accesscontextmanagerrrVgooglecloudsdk.callioperr /googlecloudsdk.command_lib.accesscontextmanagerr r $googlecloudsdk.command_lib.util.argsr rr-r5r9UniverseCompatible ReleaseTracks ReleaseTrackBETAGA UpdateCommandr;ALPHArz detailed_helprqrrrsI&'>J/(.FD9*IX"+ D%%**D,=,=,@,@ApD..pBpfD%%++,C!6C-C  ? D# >,9(&3#r