>SrSSKJr SSKJr SSKJr SSKJr SSKJr SSK J r SSK J r SS K J r SS KJr SS KJr SS KJr SS KJr SS KJr "SS\5r\ R4"\ R6R85"SS\ R:55r\ R4"\ R6R>5"SS\55r \ R4"\ R6RB5"SS\ 55r"g)z]Command for adding exclusions for preconfigured WAF rule evaluation to security policy rules.)absolute_import)division)unicode_literals)encoding) base_classes)client)base) exceptions)scope)flags) properties) resourcesc\rSrSrSr\S5r\S Sj5r\S5r\S5r \SSj5r \SS j5r \S 5r \S 5r S rg)AddPreconfigWafExclusionHelper"uAdd an exclusion configuration for preconfigured WAF evaluation into a security policy rule. *{command}* is used to add an exclusion configuration for preconfigured WAF evaluation into a security policy rule. Note that request field exclusions are associated with a target, which can be a single rule set, or a rule set plus a list of rule IDs under the rule set. ## EXAMPLES To add specific request field exclusions that are associated with the target of 'sqli-stable': ['owasp-crs-v030001-id942110-sqli', 'owasp-crs-v030001-id942120-sqli'], run: $ {command} 1000 \ --security-policy=my-policy \ --target-rule-set=sqli-stable \ --target-rule-ids=owasp-crs-v030001-id942110-sqli,owasp-crs-v030001-id942120-sqli \ --request-header-to-exclude=op=EQUALS,val=abc \ --request-header-to-exclude=op=STARTS_WITH,val=xyz \ --request-uri-to-exclude=op=EQUALS_ANY To add specific request field exclusions that are associated with the target of 'sqli-stable': [], run: $ {command} 1000 \ --security-policy=my-policy \ --target-rule-set=sqli-stable \ --request-cookie-to-exclude=op=EQUALS_ANY c[R"S5UlURRUSSS9 [R"US5 [ R "5UlURRU5 [R"USS9 [R"USS9 [R"USS9 [R"USS9 [R"USS9 [R"USS9 g)z>Generates the flagset for an AddPreconfigWafExclusion command.z@add the exclusion configuration for preconfigured WAF evaluationPRIORITY)operation_type cust_metavarT)parseris_addN)r PriorityArgumentNAME_ARG AddArgument AddRegionFlagsecurity_policy_flags(SecurityPolicyMultiScopeArgumentForRulesSECURITY_POLICY_ARGAddTargetRuleSetAddTargetRuleIdsAddRequestHeaderAddRequestCookieAddRequestQueryParam AddRequestUriclsrs Jlib/surface/compute/security_policies/rules/add_preconfig_waf_exclusion.pyArgs#AddPreconfigWafExclusionHelper.ArgsCs))JCLLL N  JL FFH''/ &6 &6 &6 &6 fT: vd3NcnX!R:H=(a! [U5[UR5:H$N) targetRuleSetset targetRuleIds)r'existing_exclusiontarget_rule_settarget_rule_idss r(_IsIdenticalTarget1AddPreconfigWafExclusionHelper._IsIdenticalTarget]s= >> > B3D 2 @ @ADBBr+cURR5nURS5=(d SnU(a*URRRU5UlURS5=(d SnU(aXSlU$)zConverts RequestFieldToAdd.opval)messagesexisting_request_fieldsr?new_request_fieldexisting_request_fields r(_AddRequestField/AddPreconfigWafExclusionHelper._AddRequestFieldys@55n6JL"9  4#:""#45r+c|U=(d /H nURUURU5 M" U=(d /H nURUURU5 M" U=(d /H n URUURU 5 M" U=(d /H n URUURU 5 M" g)zUpdates Exclusion.N)rHrequestHeadersToExcluderequestCookiesToExcluderequestQueryParamsToExcluderequestUrisToExclude) r'r>r1request_headersrequest_cookiesrequest_query_params request_urisrequest_headerrequest_cookierequest_query_param request_uris r(_UpdateExclusion/AddPreconfigWafExclusionHelper._UpdateExclusions*/R/ >-EE)+0*/R/ >-EE)+0 49r9 >-II.0 :$)r)  >-BBKQ*r+cURR5nX(lU=(d /Hn URR U 5 M UR XUXVU5 U$)zCreates Exclusion.)r:1SecurityPolicyRulePreconfiguredWafConfigExclusionr.r0rDrW) r'r>r2r3rOrPrQrR new_exclusiontarget_rule_ids r(_CreateExclusion/AddPreconfigWafExclusionHelper._CreateExclusionsg  : : <#2)/R/!!((80( N r+c UR(a![R"UR5nOURR 5nUR HxnUR XSRUR=(d /5(dM9URXURURURUR5 Us $ URXRURURURURUR5nUR RU5 U$)zUpdates Preconfig WafConfig.)preconfiguredWafConfigrCopyProtoMessager:(SecurityPolicyRulePreconfiguredWafConfig exclusionsr4r2r3rWrequest_header_to_excluderequest_cookie_to_excluderequest_query_param_to_excluderequest_uri_to_excluder]rD)r'r> existing_ruleargsnew_preconfig_waf_config exclusionr[s r(_UpdatePreconfigWafConfig8AddPreconfigWafExclusionHelper._UpdatePreconfigWafConfigs++!)!:!:  . ."0  ! ! J J L.88   +?+? $ 4 4 : < < ^!;;!;;!@@!88  : ('9((9M9M)-)=)=)-)G)G)-)G)G)-)L)L)-)D)D FM ''..}= ##r+c URS5(d]URS5(dGURS5(d1URS5(d/SQn[R"US5eUR=(d /UR=(d /UR =(d /UR =(d /4HJnUHAnURS5=(d SnU(aUS ;dM,[R"SS 5e ML [R"U5nURnS n UR(GaURRUUR[ R"R$S 9n ['U S S 5bjURR)UR*S[,R.R0R2R4U R6URS.S9n OURR)UR*S[,R.R0R2R4URS.S9n O`URR)UR*S[,R.R0R2R4['US S 5S.S9n [R<"XS9n U R?5Sn URAXU5n U RCU S9$![R8[R:4aV URR)UR*SS[,R.R0R2R40S9n Nf=f)z7Validates arguments and patches a security policy rule.rdrerfrg)z--request-header-to-excludez--request-cookie-to-excludez --request-query-param-to-excludez--request-uri-to-excludez-At least one request field must be specified.r7r8)EQUALS STARTS_WITH ENDS_WITHCONTAINS EQUALS_ANYz_A request field operator must be one of [EQUALS, STARTS_WITH, ENDS_WITH, CONTAINS, EQUALS_ANY].N) default_scoperegionz!compute.regionSecurityPolicyRules)projectrusecurityPolicy) collectionparamszcompute.securityPolicyRules)rvrw)rvrurv)r>r)preconfig_waf_config)" IsSpecifiedr MinimumArgumentExceptionrdrerfrgr<InvalidArgumentExceptionrComputeApiHolderrsecurity_policyrResolveAsResourcer compute_scope ScopeEnumGLOBALgetattrParsenamer VALUEScorerv GetOrFailruRequiredFieldOmittedException WrongResourceCollectionExceptionSecurityPolicyRuleDescriberlPatch)r' release_trackrirequest_field_namesrequest_fieldsr@r7holderr>refsecurity_policy_refsecurity_policy_rulerhrjs r(Run"AddPreconfigWafExclusionHelper.Runs@   8 9 9   8 9 9   = > >   5 6 6  / / N PP &&,"d.L.L/  D / / 52 ##)r *-   t $ *R  3323 3 *  * *= 9F]]N C 33EE    %//66F8 $h 5 A$$ II:%,,1199CC-44"&"6"6%$$ II4%,,1199CC"&"6"6%  $$ II:%,,1199CC!$$7% &"44 ,(113A6M"<<t -  % %5 & 77!  1 1  4 4  $$ II4:,,1199CC%   sALA7N?Nr-)NNNN)NNNNN)__name__ __module__ __qualname____firstlineno____doc__ classmethodr)r4rArHrWr]rlr__static_attributes__rr+r(rr"s@442*.BB&66(,'+,0$( QQ0(,'+'+,0$(&$$8R7R7r+rc2\rSrSrSrSr\S5rSrSr g)AddPreconfigWafExclusionGAi$rNc.[RU5 gr-)rr)r&s r(r)AddPreconfigWafExclusionGA.ArgsHs"''r+cJ[RUR5U5$r-)rr ReleaseTrack)selfris r(rAddPreconfigWafExclusionGA.RunNs$ ) - -   r+r) rrrrrrrr)rrrr+r(rr$s&@( r+rc\rSrSrSrSrg)AddPreconfigWafExclusionBetaiUrrNrrrrrrrr+r(rrUr+rc\rSrSrSrSrg)AddPreconfigWafExclusionAlphaixrrNrrr+r(rrxrr+rN)#r __future__rrrapitools.base.pyrgooglecloudsdk.api_lib.computer0googlecloudsdk.api_lib.compute.security_policiesrgooglecloudsdk.callioper r "googlecloudsdk.command_lib.computer r4googlecloudsdk.command_lib.compute.security_policiesr r:googlecloudsdk.command_lib.compute.security_policies.rulesgooglecloudsdk.corer robjectr ReleaseTracksrGA UpdateCommandrBETArALPHArrr+r(rsd&'%7C(.E_L*)7V7DD%%(()-!3!3-*-`D%%**+#=,DD%%++,$@-r+