73SrSSKJr SSKJr SSKJr SSKJr "SS\R5r "SS\R5r "S S \R5r SS jrSS jrSSjrSSjrSSjrS S \R&R(S4SjrSSjrSSjrSSjrSSjrSrS SjrSSjrSSjrSSjrSSjrSSjr g)!z=Flags and helpers for the compute security policies commands.) arg_parsers) completers)flagsc(^\rSrSrU4SjrSrU=r$)GlobalSecurityPoliciesCompleterc 4>[[U] "SSSS.UD6 g)Ncompute.securityPoliciesz$compute security-policies list --uri collection list_command)superr__init__selfkwargs __class__s Alib/googlecloudsdk/command_lib/compute/security_policies/flags.pyr(GlobalSecurityPoliciesCompleter.__init__s( )49-; r__name__ __module__ __qualname____firstlineno__r__static_attributes__ __classcell__rs@rrrs rrc(^\rSrSrU4SjrSrU=r$)!RegionalSecurityPoliciesCompleter c 4>[[U] "SSSS.UD6 g)Ncompute.regionSecurityPoliciesz6compute security-policies list --filter=region:* --urir r)rr!rrs rr*RegionalSecurityPoliciesCompleter.__init__#s* +T;30  rrrrs@rr!r! s rr!c(^\rSrSrU4SjrSrU=r$)SecurityPoliciesCompleter+c F>[[U] "SS[[/0UD6 g)Nrr)rr'rrr!rs rr"SecurityPoliciesCompleter.__init__-s- #T3 +-N   rrrrs@rr'r'+s rr'Fc <[R"S[USUSS9$)Nsecurity policysecurity policiesr ) resource_name completerplural custom_pluralrequiredglobal_collection compute_flagsResourceArgumentr'r2r0s rSecurityPolicyArgumentr85s'  ' '%) '2  44rc <[R"S[USUSS9$)Nr,r-r$)r.r/r0r1r2regional_collectionr4r7s rSecurityPolicyRegionalArgumentr;?s'  ' '%) ':  <[R"S[USUSSS9$)Nr,r-r r$)r.r/r0r1r2r3r:r4r7s r SecurityPolicyMultiScopeArgumentr=Is*  ' '%) '2: <[R"SS[SUSSS9$)Nr,r?Fr .The security policy that this rule belongs to.r@r4r2s rSecurityPolicyArgumentForRulesrUs,  ' '% ) 2A CCrc t[R"SS[SUSSS[RRSS9 $) Nr,r?Fr r$TrS) r.rAr/r0r2r3r:rLrMrB)r5r6r'ScopeFlagsUsageUSE_EXISTING_SCOPE_FLAGSrTs r(SecurityPolicyMultiScopeArgumentForRulesrYsA  ' '% ) 2:%55NNA C Crc XURSSSUSS9 URSSS/S US S S 9 g) zCAdds the cloud armor adaptive protection arguments to the argparse.z--enable-layer7-ddos-defense store_trueNzGWhether to enable Cloud Armor Layer 7 DDoS Defense Adaptive Protection.)actiondefaultr2helpz%--layer7-ddos-defense-rule-visibilitySTANDARDPREMIUMc"UR5$Nupperxs r1AddCloudArmorAdaptiveProtection.. QWWYrVISIBILITY_TYPEzJThe visibility type indicates whether the rules are opaque or transparent.)choicestyper2metavarr^ add_argumentparserr2s rAddCloudArmorAdaptiveProtectionrrsT$    -9%   rcURS[SS9 URS[SS9 URS[SS9 URS[S S9 g ) zQAdds the cloud armor adaptive protection's auto-deploy arguments to the argparse.z0--layer7-ddos-defense-auto-deploy-load-thresholdzJLoad threshold above which Adaptive Protection's auto-deploy takes actionsrlr^z6--layer7-ddos-defense-auto-deploy-confidence-thresholdzPConfidence threshold above which Adaptive Protection's auto-deploy takes actionsz=--layer7-ddos-defense-auto-deploy-impacted-baseline-thresholdzWImpacted baseline threshold below which Adaptive Protection's auto-deploy takes actionsz0--layer7-ddos-defense-auto-deploy-expiration-seczDDuration over which Adaptive Protection's auto-deployed actions lastN)rofloatint)rqs r)AddCloudArmorAdaptiveProtectionAutoDeployrwsx8  V   >  \   E  c   8  P  rc*URS/SQSUSS9 URS[R"5SSS 9 URS S S /S USS9 U(aURS/SQSUSS9 URS[R"5SSS 9 g)z@Adds the cloud armor advanced options arguments to the argparse.z--json-parsing)DISABLEDr_STANDARD_WITH_GRAPHQLc"UR5$rbrcres rrg$AddAdvancedOptions..rirzzThe JSON parsing behavior for this rule. Must be one of the following values: [DISABLED, STANDARD, STANDARD_WITH_GRAPHQL].rkrlr2r^z--json-custom-content-types CONTENT_TYPEae A comma-separated list of custom Content-Type header values to apply JSON parsing for preconfigured WAF rules. Only applicable when JSON parsing is enabled, like ``--json-parsing=STANDARD''. When configuring a Content-Type header value, only the type/subtype needs to be specified, and the parameters should be excluded. )rlrmr^z --log-levelNORMALVERBOSEc"UR5$rbrcres rrgr|rirz/The level of detail to display for WAF logging.z--request-body-inspection-size)8KB16KB32KB48KB64KBc"UR5$rbrcres rrgr|s qwwyrz%Maximum request body inspection size.z--user-ip-request-headersUSER_IP_REQUEST_HEADERzt A comma-separated list of request header names to use for resolving the caller's user IP address. N)rorArgList)rqr2enable_large_body_sizes rAddAdvancedOptionsrs?  ; = #        #  < > (7  4  !    &  rc0URS/SQSUSS9 g)FAdds the cloud armor DDoS protection config arguments to the argparse.z--network-ddos-protectionr_ADVANCEDADVANCED_PREVIEWc"UR5$rbrcres rrg.rirTThe DDoS protection level for network load balancing and instances with external IPsr}Nrnrps r*AddDdosProtectionConfigWithAdvancedPreviewr s&!:    rc0URS/SQSUSS9 g)rz--ddos-protectionrc"UR5$rbrcres rrg,AddDdosProtectionConfigOld.. rirrr}Nrnrps rAddDdosProtectionConfigOldrs&:    rc0URS/SQSUSS9 g)z@Adds the Cloud Armor Network DDoS adaptive protection arguments.z"--network-ddos-adaptive-protection)ryENABLEDPREVIEWc"UR5$rbrcres rrg2AddNetworkDdosAdaptiveProtection...rirz]The DDoS adaptive protection level for network load balancing and instances with external IPsr}Nrnrps r AddNetworkDdosAdaptiveProtectionr)s&*0  )  rcnURUS9nURS[SS9 URSSSS9 g ) zGAdds the Cloud Armor Network DDoS impacted baseline threshold argument.rTz*--network-ddos-impacted-baseline-thresholda DDoS Protection for Network Load Balancers (and VMs with public IPs) builds DDoS mitigations that minimize collateral damage. It quantifies this as the fraction of a non-abuse baseline that's inadvertently blocked. Rules whose collateral damage exceeds ddosImpactedBaselineThreshold will not be deployed. Using a lower value will prioritize keeping collateral damage low, possibly at the cost of its effectiveness in rate limiting some or all of the attack. It should typically be unset, so Advanced DDoS (and Adaptive Protection) uses the best mitigation it can find. Setting the threshold is advised if there are logs for false positive detections with high collateral damage, and will cause Advanced DDoS to attempt to find a less aggressive rule that satisfies the constraint. If a suitable rule cannot be found, the system falls back to either no mitigation for smaller attacks or broader network throttles for larger ones. rtz0--clear-network-ddos-impacted-baseline-thresholdr[zZIf provided, clears the Network DDoS impacted baseline threshold from the security policy.)r\r^N)add_mutually_exclusive_grouproru)rqr2!impacted_baseline_threshold_groups r'AddNetworkDdosImpactedBaselineThresholdr7s\&,&I&I'J'#$002  1&$008  (1rc&URSUSS9 g)zAAdds the cloud armor reCAPTCHA options arguments to the argparse.z--recaptcha-redirect-site-keyz The reCAPTCHA site key to be used for rules using the ``redirect'' action and the ``google-recaptcha'' redirect type under the security policy. )r2r^Nrnrps rAddRecaptchaOptionsrWs %  r)TF)F)FF)!__doc__googlecloudsdk.callioper"googlecloudsdk.command_lib.computercompute_completersrr5googlecloudsdk.command_lib.utilListCommandCompleterrr!MultiResourceCompleterr'r8r;r=rGrJrWGENERATE_DEDICATED_SCOPE_FLAGSrOrQrUrYrrrwrrrrrrrrrrsD/OE6&8&M&M(:(O(O A A4<<   #33## +0 C C& 8. b   @ r