1# -*- coding: utf-8 -*- # 2# Copyright 2017 Google LLC. All Rights Reserved. 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15"""Command to add denied values to an Organization Policy list policy.""" 16 17from __future__ import absolute_import 18from __future__ import division 19from __future__ import unicode_literals 20 21from googlecloudsdk.api_lib.resource_manager import exceptions 22from googlecloudsdk.api_lib.resource_manager import org_policies 23from googlecloudsdk.calliope import base 24from googlecloudsdk.command_lib.resource_manager import org_policies_base 25from googlecloudsdk.command_lib.resource_manager import org_policies_flags as flags 26import six 27 28 29@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA, 30 base.ReleaseTrack.GA) 31class Deny(base.Command): 32 r"""Add values to an Organization Policy denied_values list policy. 33 34 Adds one or more values to the specified Organization Policy denied_values 35 list policy associated with the specified resource. 36 37 ## EXAMPLES 38 39 The following command adds `devEnv` and `prodEnv` to an Organization Policy 40 denied_values list policy for constraint `serviceuser.services` 41 on project `foo-project`: 42 43 $ {command} serviceuser.services --project=foo-project devEnv prodEnv 44 """ 45 46 @staticmethod 47 def Args(parser): 48 flags.AddIdArgToParser(parser) 49 flags.AddParentResourceFlagsToParser(parser) 50 base.Argument( 51 'denied_value', 52 metavar='DENIED_VALUE', 53 nargs='+', 54 help='The values to add to the denied_values list policy.', 55 ).AddToParser(parser) 56 57 # TODO(b/73831954):consider refactoring 58 def Run(self, args): 59 messages = org_policies.OrgPoliciesMessages() 60 service = org_policies_base.OrgPoliciesService(args) 61 62 policy = service.GetOrgPolicy(org_policies_base.GetOrgPolicyRequest(args)) 63 64 if policy.booleanPolicy or (policy.listPolicy and 65 policy.listPolicy.allowedValues): 66 raise exceptions.ResourceManagerError( 67 'Cannot add values to a non-denied_values list policy.') 68 69 if policy.listPolicy and policy.listPolicy.allValues: 70 raise exceptions.ResourceManagerError( 71 'Cannot add values if all_values is already specified.') 72 73 if policy.listPolicy and policy.listPolicy.deniedValues: 74 for value in args.denied_value: 75 policy.listPolicy.deniedValues.append(six.text_type(value)) 76 else: 77 policy.listPolicy = messages.ListPolicy(deniedValues=args.denied_value) 78 79 if policy.restoreDefault: 80 policy.restoreDefault = None 81 82 return service.SetOrgPolicy( 83 org_policies_base.SetOrgPolicyRequest(args, policy)) 84