diff --git a/cloudshell/cp/gcp/actions/firewall_policy_actions.py b/cloudshell/cp/gcp/actions/firewall_policy_actions.py index 406dc5f..4d18250 100644 --- a/cloudshell/cp/gcp/actions/firewall_policy_actions.py +++ b/cloudshell/cp/gcp/actions/firewall_policy_actions.py @@ -1,10 +1,15 @@ +from __future__ import annotations + from functools import cached_property -from typing import List +from logging import Logger + +from attr import define -from cloudshell.cp.gcp.handlers.firewall_policy import FirewallPolicyHandler from cloudshell.cp.gcp.handlers.firewall_rule import FirewallRuleHandler +from cloudshell.cp.gcp.resource_conf import GCPResourceConfig +@define class FirewallPolicyActions: NSG_RULE_NAME_TPL = "allow-sandbox-traffic-to-{subnet_cidr}" NSG_DENY_RULE_NAME_TPL = "deny-traffic-from-other-sandboxes" @@ -20,40 +25,15 @@ class FirewallPolicyActions: NSG_ADD_MGMT_RULE_NAME_TPL = "allow-{mgmt_network}-to-{sandbox_cidr}" NSG_DENY_OTHER_SB_RULE_PRIORITY = 4090 - def __init__( - self, - resource_config, - firewall_policy_name, - reservation_info, - logger, - ): - """Init command. - - :param resource_config: - :param reservation_info: - :param cancellation_manager: - :param logger: - """ - self.logger = logger - self.config = resource_config - self.firewall_policy_name = firewall_policy_name - self._reservation_info = reservation_info - self._2k_priority = self.NSG_DENY_PRV_RULE_PRIORITY - self._4k_priority = self.NSG_ADD_MGMT_RULE_PRIORITY - # self._cancellation_manager = cancellation_manager - # self._rollback_manager = RollbackCommandsManager(logger=self._logger) - # self._tags_manager = AzureTagsManager( - # reservation_info=self._reservation_info, resource_config=resource_config - # ) + logger: Logger + config: GCPResourceConfig + _lower_priority: int = NSG_DENY_PRV_RULE_PRIORITY + _higher_priority: int = NSG_ADD_MGMT_RULE_PRIORITY @cached_property def fr_handler(self): return FirewallRuleHandler(self.config.credentials) - @cached_property - def fp_handler(self): - return FirewallPolicyHandler(self.config.credentials) - def create_firewall_rules(self, request_actions, network_name): """Create all required Firewalls rules. @@ -101,8 +81,8 @@ def _create_nsg_allow_sandbox_traffic_to_subnet_rules( """ result = [] for action in request_actions.prepare_subnets: - self._2k_priority += 1 - self._2k_priority = self.fr_handler.get_or_create_ingress_firewall_rule( + self._lower_priority += 1 + self._lower_priority = self.fr_handler.get_or_create_ingress_firewall_rule( rule_name=self.NSG_RULE_NAME_TPL.format( subnet_cidr=action.get_cidr().replace("/", "--").replace(".", "-") ), @@ -110,7 +90,7 @@ def _create_nsg_allow_sandbox_traffic_to_subnet_rules( src_cidr=request_actions.sandbox_cidr, dst_cidr=action.get_cidr(), protocol="all", - priority=self._2k_priority, + priority=self._lower_priority, ) return result @@ -128,9 +108,9 @@ def _create_nsg_deny_access_to_private_subnet_rules( :return: """ for action in request_actions.prepare_private_subnets: - self._2k_priority += 1 + self._lower_priority += 1 subnet_cidr = action.get_cidr() - self._2k_priority = self.fr_handler.get_or_create_ingress_firewall_rule( + self._lower_priority = self.fr_handler.get_or_create_ingress_firewall_rule( rule_name=self.NSG_DENY_PRV_RULE_NAME_TPL.format( subnet_cidr=subnet_cidr ).replace("/", "--").replace(".", "-"), @@ -139,7 +119,7 @@ def _create_nsg_deny_access_to_private_subnet_rules( src_cidr=request_actions.sapndbox_cidr, dst_cidr=subnet_cidr, allowed=False, - priority=self._2k_priority, + priority=self._lower_priority, ) def _create_nsg_additional_mgmt_networks_rules( @@ -155,8 +135,8 @@ def _create_nsg_additional_mgmt_networks_rules( :return: """ for mgmt_network in self.config.additional_mgmt_networks: - self._4k_priority += 1 - self._4k_priority = self.fr_handler.get_or_create_ingress_firewall_rule( + self._higher_priority += 1 + self._higher_priority = self.fr_handler.get_or_create_ingress_firewall_rule( rule_name=self.NSG_ADD_MGMT_RULE_NAME_TPL.format( mgmt_network=mgmt_network, sandbox_cidr=request_actions.sandbox_cidr ).replace("/", "--").replace(".", "-"), @@ -164,7 +144,7 @@ def _create_nsg_additional_mgmt_networks_rules( protocol="all", src_cidr=mgmt_network, dst_cidr=request_actions.sandbox_cidr, - priority=self._4k_priority + priority=self._higher_priority ) def _create_nsg_deny_traffic_from_other_sandboxes_rule( diff --git a/cloudshell/cp/gcp/actions/vm_details_actions.py b/cloudshell/cp/gcp/actions/vm_details_actions.py index c0cf413..8ea424e 100644 --- a/cloudshell/cp/gcp/actions/vm_details_actions.py +++ b/cloudshell/cp/gcp/actions/vm_details_actions.py @@ -1,5 +1,6 @@ import re import typing +from logging import Logger from attr import define from cloudshell.cp.core.request_actions.models import ( @@ -10,9 +11,11 @@ if typing.TYPE_CHECKING: from cloudshell.cp.gcp.resource_conf import GCPResourceConfig + @define class VMDetailsActions: config: GCPResourceConfig + logger: Logger @staticmethod def _parse_image_name(resource_id): @@ -46,9 +49,9 @@ def _parse_resource_group_name(resource_id): def _prepare_common_vm_instance_data(virtual_machine, resource_group_name: str): """Prepare common VM instance data.""" os_disk = virtual_machine.storage_profile.os_disk - os_disk_type = convert_azure_to_cs_disk_type( - azure_disk_type=os_disk.managed_disk.storage_account_type - ) + # os_disk_type = convert_azure_to_cs_disk_type( + # azure_disk_type=os_disk.managed_disk.storage_account_type + # ) if isinstance(virtual_machine.storage_profile.os_disk.os_type, str): os_name = virtual_machine.storage_profile.os_disk.os_type else: diff --git a/cloudshell/cp/gcp/flows/prepare_infra_flow.py b/cloudshell/cp/gcp/flows/prepare_infra_flow.py index 43740af..ccaeef8 100644 --- a/cloudshell/cp/gcp/flows/prepare_infra_flow.py +++ b/cloudshell/cp/gcp/flows/prepare_infra_flow.py @@ -85,10 +85,10 @@ def _create_firewall_rules(self, request_actions, network_name): :return: """ fp_actions = FirewallPolicyActions( - resource_config=self.config, - firewall_policy_name=f"quali-" - f"{self.config.reservation_info.reservation_id}", - reservation_info=self.config.reservation_info, + config=self.config, + # firewall_policy_name=f"quali-" + # f"{self.config.reservation_info.reservation_id}", + # reservation_info=self.config.reservation_info, # cancellation_manager=None, logger=self.logger, ) diff --git a/cloudshell/cp/gcp/flows/vm_details_flow.py b/cloudshell/cp/gcp/flows/vm_details_flow.py index a2c22ec..c65715a 100644 --- a/cloudshell/cp/gcp/flows/vm_details_flow.py +++ b/cloudshell/cp/gcp/flows/vm_details_flow.py @@ -1,40 +1,43 @@ +from __future__ import annotations + from typing import TYPE_CHECKING +from attr import define from cloudshell.cp.core.flows.vm_details import AbstractVMDetailsFlow + +from cloudshell.cp.gcp.actions.vm_details_actions import VMDetailsActions +from cloudshell.cp.gcp.handlers.instance import InstanceHandler +from cloudshell.cp.gcp.models.deployed_app import BaseGCPDeployApp + if TYPE_CHECKING: from logging import Logger from cloudshell.cp.gcp.resource_conf import GCPResourceConfig -class GCPGetVMDetails(AbstractVMDetailsFlow): +@define +class GCPGetVMDetailsFlow(AbstractVMDetailsFlow): logger: Logger config: GCPResourceConfig - def __attrs_pre_init__(self): - super().__init__(self.logger) - def _get_vm_details(self, deployed_app): """Get VM Details. :param deployed_app: :return: """ - sandbox_resource_group_name = self._reservation_info.get_resource_group_name() - vm_resource_group_name = ( - deployed_app.resource_group_name or sandbox_resource_group_name - ) + sandbox_id = self.config.reservation_info.reservation_id - vm_actions = VMActions(azure_client=self._azure_client, logger=self._logger) + vm_actions = InstanceHandler(azure_client=self._azure_client, logger=self._logger) vm_details_actions = VMDetailsActions( - azure_client=self._azure_client, logger=self._logger + config=self.config, logger=self._logger ) - with self._cancellation_manager: - vm = vm_actions.get_vm( - vm_name=deployed_app.name, resource_group_name=vm_resource_group_name - ) + # with self._cancellation_manager: + vm = vm_actions.get_vm_by_name( + vm_name=deployed_app.name, + ) - if isinstance(deployed_app, AzureVMFromMarketplaceDeployedApp): + if isinstance(deployed_app, BaseGCPDeployApp): return vm_details_actions.prepare_marketplace_vm_details( virtual_machine=vm, resource_group_name=vm_resource_group_name ) diff --git a/cloudshell/cp/gcp/handlers/firewall_policy.py b/cloudshell/cp/gcp/handlers/firewall_policy.py deleted file mode 100644 index acb74cb..0000000 --- a/cloudshell/cp/gcp/handlers/firewall_policy.py +++ /dev/null @@ -1,61 +0,0 @@ -import logging -from functools import cached_property - -from google.cloud import compute_v1 - -from cloudshell.cp.gcp.handlers.base import BaseGCPHandler - -logger = logging.getLogger(__name__) - - -class FirewallPolicyHandler(BaseGCPHandler): - @cached_property - def firewall_policy_client(self): - return compute_v1.FirewallPoliciesClient(credentials=self.credentials) - - def create_firewall_policy(self, policy_name: str, description: str) -> str: - """Create a new firewall policy.""" - firewall_policy = compute_v1.FirewallPolicy( - name=policy_name, - description=description - ) - - operation = self.firewall_policy_client.insert( - project=self.credentials.project_id, firewall_policy_resource=firewall_policy - ) - - self.wait_for_operation(name=operation.name) - - logger.info(f"Firewall policy '{policy_name}' created successfully.") - return self.get_firewall_policy_by_name(policy_name).id - - def add_rule_to_firewall_policy(self, policy_id: str, rule: dict) -> None: - """Add a new rule to an existing firewall policy.""" - firewall_rule = compute_v1.FirewallPolicyRule( - priority=rule['priority'], - action=rule['action'], - match=compute_v1.FirewallPolicyRuleMatcher( - layer4_configs=[ - compute_v1.FirewallPolicyRuleMatcherLayer4Config( - ip_protocol=rule['ip_protocol'], - ports=rule['ports'] - ) - ] - ), - direction=rule['direction'] - ) - - operation = self.firewall_policy_client.add_rule( - firewall_policy=policy_id, - firewall_policy_rule_resource=firewall_rule - ) - - self.wait_for_operation(name=operation.name) - - logger.info(f"Rule added to firewall policy '{policy_id}'.") - - def get_firewall_policy_by_name(self, policy_name: str) -> compute_v1.FirewallPolicy: - """Get firewall policy instance by its name.""" - return self.firewall_policy_client.get( - project=self.credentials.project_id, firewall_policy=policy_name - ) diff --git a/cloudshell/cp/gcp/handlers/rule/__init__.py b/cloudshell/cp/gcp/handlers/rule/__init__.py deleted file mode 100644 index e69de29..0000000 diff --git a/cloudshell/cp/gcp/handlers/ssh_keys.py b/cloudshell/cp/gcp/handlers/ssh_keys.py index 786f3ee..54c1615 100644 --- a/cloudshell/cp/gcp/handlers/ssh_keys.py +++ b/cloudshell/cp/gcp/handlers/ssh_keys.py @@ -3,9 +3,6 @@ import logging from contextlib import suppress from functools import cached_property -from io import BytesIO, StringIO - -from google.api_core.exceptions import NotFound from google.cloud import storage from cloudshell.cp.gcp.handlers.base import BaseGCPHandler diff --git a/cloudshell/cp/gcp/handlers/subnet.py b/cloudshell/cp/gcp/handlers/subnet.py index 6a90871..428b0cf 100644 --- a/cloudshell/cp/gcp/handlers/subnet.py +++ b/cloudshell/cp/gcp/handlers/subnet.py @@ -5,15 +5,13 @@ from functools import cached_property from typing import TYPE_CHECKING -import google from attrs import define from google.api_core.exceptions import NotFound from google.cloud import compute_v1 from cloudshell.cp.gcp.handlers.base import BaseGCPHandler -if TYPE_CHECKING: - from google.cloud.compute_v1.types import compute, __all__ +# if TYPE_CHECKING: logger = logging.getLogger(__name__)