tdSrSSKJr SSKJr SSKJr SSKJr SSKJr SSKJ r SSK J r SS K J r SS KJr SS KJr S r\S -r\ R("\ R*R,\ R*R.\ R*R05"SS\ R255rSrg)z:services vpc-peerings enable-vpc-service-controls command.)absolute_import)division)unicode_literals) projects_api)peering) services_util)base)util)log) propertiesz(gcloud services vpc-peerings operations zwait {0}c8\rSrSrSrSSS.r\S5rSrSr g ) EnableVpcServiceControls!z7Enable VPC Service Controls for the peering connection.aN This command configures IPv4 routes and DNS zones applicable to a service producer VPC network (for example, servicenetworking). The route and DNS configuration match those recommended for using the restricted.googleapis.com VIP: When enabled, Google Cloud makes the following route configuration changes in the service producer VPC network: Google Cloud removes the IPv4 default route (destination 0.0.0.0/0, next hop default internet gateway). Google Cloud then creates an IPv4 route for destination 199.36.153.4/30 using the default internet gateway next hop. When enabled, Google Cloud also creates Cloud DNS managed private zones and authorizes those zones for the service producer VPC network. The zones include googleapis.com, pkg.dev, gcr.io, and other necessary domains or host names for Google APIs and services that are compatible with VPC Service Controls. Record data in the zones resolves all host names to 199.36.153.4, 199.36.153.5, 199.36.153.6, and 199.36.153.7. When disabled, Google Cloud makes the following route configuration changes in the service producer VPC network: Google Cloud restores a default route (destination 0.0.0.0/0, next hop default internet gateway). Google Cloud also deletes the Cloud DNS managed private zones that provided the host name overrides. While enabled, the service producer VPC network can still import static and dynamic routes from the peered customer network if you enable custom route export. These custom routes can include a default route. For this reason, this command is not to be used solely as a means for preventing access to the internet. a To enable VPC Service Controls for a connection peering a network called `my-network` on the current project to a service called `your-service`, run: $ {command} --network=my-network --service=your-service To run the same command asynchronously (non-blocking), run: $ {command} --network=my-network --service=your-service --async ) DESCRIPTIONEXAMPLEScURSSSSS9 URSSSS S 9 [RRU5 g ) zArgs is called by calliope to gather arguments for this command. Args: parser: An argparse parser that can be used to add arguments that go on the command line after this command. Positional arguments are allowed. z --networkNETWORKTzCThe network in the current project that is peered with the service.)metavarrequiredhelpz --serviceSERVICEz servicenetworking.googleapis.comz/The service to enable VPC service controls for.)rdefaultrN) add_argumentr ASYNC_FLAG AddToParser)parsers @lib/surface/services/vpc_peerings/enable_vpc_service_controls.pyArgsEnableVpcServiceControls.ArgsXsY  R   2 > @  OO'c[RRRR SS9n[ U5n[ R"X1RUR5nUR(aN[RUR5n[RR!SRU55 g["R$"UR[ R&5n["R("U5 g)zRun 'services vpc-peerings enable-vpc-service-controls'. Args: args: argparse.Namespace, The arguments that this command was invoked with. T)rzcAsynchronous operation is in progress... Use the following command to wait for its completion: {0}N)r VALUEScoreprojectGet_GetProjectNumberrrservicenetworkasync_ OP_WAIT_CMDformatnamer statusPrintr WaitOperation GetOperationPrintOperation)selfargsr$project_numberopcmds rRunEnableVpcServiceControls.Runms$$,,00$0?G&w/N  ) ).,,*.,, 8B {{   rww 'c jj++16#;8  $ $RWWg.B.B CB  $r N) __name__ __module__ __qualname____firstlineno____doc__ detailed_help staticmethodrr7__static_attributes__r9r rrr!s5 @ @ E--^(((%r rcj[R"[R"U55R$)N)rr% projects_util ParseProject projectNumber) project_ids rr&r&s$   -44Z@ A O OOr N)r> __future__rrr+googlecloudsdk.api_lib.cloudresourcemanagerrgooglecloudsdk.api_lib.servicesrrgooglecloudsdk.callioper #googlecloudsdk.command_lib.projectsr rCgooglecloudsdk.corer r OP_BASE_CMDr* ReleaseTracks ReleaseTrackALPHABETAGA SilentCommandrr&r9r rrTsA&'D39(E#*8 J&  Y%t11Y%  Y%xPr