How to use the capirca.lib.gce.GceFirewallError function in capirca
To help you get started, we’ve selected a few capirca examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
google / capirca / capirca / lib / gce.py View on Github 
if not self.term.source_address and not self.term.source_tag:
raise GceFirewallError(
'Ingress rule missing required field oneof "sourceRanges" or '
'"sourceTags".')
if self.term.destination_address:
raise GceFirewallError('Ingress rules cannot include '
'"destinationRanges.')
elif self.term.direction == 'EGRESS':
if self.term.source_address:
raise GceFirewallError(
'Egress rules cannot include "sourceRanges".')
if not self.term.destination_address:
raise GceFirewallError(
'Egress rule missing required field "destinationRanges".')
if self.term.destination_tag:
raise GceFirewallError(
'GCE Egress rule cannot have destination tag.')dest_addr_chunks = [
daddrs[x:x+self._TERM_ADDRESS_LIMIT] for x in range(
0, len(daddrs), self._TERM_ADDRESS_LIMIT)]
for i, chunk in enumerate(dest_addr_chunks):
rule = copy.deepcopy(proto_dict)
if len(dest_addr_chunks) > 1:
rule['name'] = '%s-%d' % (rule['name'], i+1)
rule['destinationRanges'] = [str(daddr) for daddr in chunk]
rules.append(rule)
else:
rules.append(proto_dict)
# Sanity checking term name lengths.
long_rules = [rule['name'] for rule in rules if len(rule['name']) > 63]
if long_rules:
raise GceFirewallError(
'GCE firewall name ended up being too long: %s' % long_rules)
return rulesdef _validateDirection(self):
if self.term.direction == 'INGRESS':
if not self.term.source_address and not self.term.source_tag:
raise GceFirewallError(
'Ingress rule missing required field oneof "sourceRanges" or '
'"sourceTags".')
if self.term.destination_address:
raise GceFirewallError('Ingress rules cannot include '
'"destinationRanges.')
elif self.term.direction == 'EGRESS':
if self.term.source_address:
raise GceFirewallError(
'Egress rules cannot include "sourceRanges".')
if not self.term.destination_address:
raise GceFirewallError(
'Egress rule missing required field "destinationRanges".')def __init__(self, term):
super(Term, self).__init__(term)
self.term = term
self._validateDirection()
if self.term.source_address_exclude and not self.term.source_address:
raise GceFirewallError(
'GCE firewall does not support address exclusions without a source '
'address list.')
if (not self.term.source_address and
not self.term.source_tag) and self.term.direction == 'INGRESS':
raise GceFirewallError(
'GCE firewall needs either to specify source address or source tags.')
if self.term.source_port:
raise GceFirewallError(
'GCE firewall does not support source port restrictions.')
if (self.term.source_address_exclude and self.term.source_address or
self.term.destination_address_exclude and
self.term.destination_address):
self.term.FlattenAll()
if not self.term.source_address and self.term.direction == 'INGRESS':
raise GceFirewallError(
'GCE firewall rule no longer contains any source addresses after '
'the prefixes in source_address_exclude were removed.')
if not self.term.destination_address and self.term.direction == 'EGRESS':
raise GceFirewallError(
'GCE firewall rule no longer contains any destination addresses '
'after the prefixes in destination_address_exclude were removed.')def _validateDirection(self):
if self.term.direction == 'INGRESS':
if not self.term.source_address and not self.term.source_tag:
raise GceFirewallError(
'Ingress rule missing required field oneof "sourceRanges" or '
'"sourceTags".')
if self.term.destination_address:
raise GceFirewallError('Ingress rules cannot include '
'"destinationRanges.')
elif self.term.direction == 'EGRESS':
if self.term.source_address:
raise GceFirewallError(
'Egress rules cannot include "sourceRanges".')
if not self.term.destination_address:
raise GceFirewallError(
'Egress rule missing required field "destinationRanges".')
if self.term.destination_tag:
raise GceFirewallError(
'GCE Egress rule cannot have destination tag.')def _validateDirection(self):
if self.term.direction == 'INGRESS':
if not self.term.source_address and not self.term.source_tag:
raise GceFirewallError(
'Ingress rule missing required field oneof "sourceRanges" or '
'"sourceTags".')
if self.term.destination_address:
raise GceFirewallError('Ingress rules cannot include '
'"destinationRanges.')
elif self.term.direction == 'EGRESS':
if self.term.source_address:
raise GceFirewallError(
'Egress rules cannot include "sourceRanges".')
if not self.term.destination_address:
raise GceFirewallError(
'Egress rule missing required field "destinationRanges".')
if self.term.destination_tag:
raise GceFirewallError(
'GCE Egress rule cannot have destination tag.')if self.term.destination_address:
raise GceFirewallError('Ingress rules cannot include '
'"destinationRanges.')
elif self.term.direction == 'EGRESS':
if self.term.source_address:
raise GceFirewallError(
'Egress rules cannot include "sourceRanges".')
if not self.term.destination_address:
raise GceFirewallError(
'Egress rule missing required field "destinationRanges".')
if self.term.destination_tag:
raise GceFirewallError(
'GCE Egress rule cannot have destination tag.')term.name = self.FixTermLength(term.name)
if term.name in term_names:
raise GceFirewallError('Duplicate term name')
term_names.add(term.name)
term.direction = direction
if term.expiration:
if term.expiration <= exp_info_date:
logging.info('INFO: Term %s in policy %s expires '
'in less than two weeks.', term.name, filter_name)
if term.expiration <= current_date:
logging.warn('WARNING: Term %s in policy %s is expired and '
'will not be rendered.', term.name, filter_name)
continue
if term.option:
raise GceFirewallError(
'GCE firewall does not support term options.')
self.gce_policies.append(Term(term))dest_addr_chunks = [
daddrs[x:x+self._TERM_ADDRESS_LIMIT] for x in range(
0, len(daddrs), self._TERM_ADDRESS_LIMIT)]
for i, chunk in enumerate(dest_addr_chunks):
rule = copy.deepcopy(proto_dict)
if len(dest_addr_chunks) > 1:
rule['name'] = '%s-%d' % (rule['name'], i+1)
rule['destinationRanges'] = [str(daddr) for daddr in chunk]
rules.append(rule)
else:
rules.append(proto_dict)
# Sanity checking term name lengths.
long_rules = [rule['name'] for rule in rules if len(rule['name']) > 63]
if long_rules:
raise GceFirewallError(
'GCE firewall name ended up being too long: %s' % long_rules)
return rulesdef __init__(self, term):
super(Term, self).__init__(term)
self.term = term
self._validateDirection()
if self.term.source_address_exclude and not self.term.source_address:
raise GceFirewallError(
'GCE firewall does not support address exclusions without a source '
'address list.')
if (not self.term.source_address and
not self.term.source_tag) and self.term.direction == 'INGRESS':
raise GceFirewallError(
'GCE firewall needs either to specify source address or source tags.')
if self.term.source_port:
raise GceFirewallError(
'GCE firewall does not support source port restrictions.')
if (self.term.source_address_exclude and self.term.source_address or
self.term.destination_address_exclude and
self.term.destination_address):
self.term.FlattenAll()
if not self.term.source_address and self.term.direction == 'INGRESS':
raise GceFirewallError(
'GCE firewall rule no longer contains any source addresses after '
Popular capirca functions
- capirca.lib.aclgenerator
- capirca.lib.aclgenerator.ACLGenerator
- capirca.lib.aclgenerator.AddRepositoryTags
- capirca.lib.aclgenerator.Term
- capirca.lib.aclgenerator.UnsupportedFilterError
- capirca.lib.aclgenerator.WrapWords
- capirca.lib.gce.GceFirewallError
- capirca.lib.iptables.Error
- capirca.lib.juniper.Error
- capirca.lib.nacaddr
- capirca.lib.nacaddr.CollapseAddrList
- capirca.lib.nacaddr.ExcludeAddrs
- capirca.lib.nacaddr.IP
- capirca.lib.nacaddr.IPv4
- capirca.lib.nacaddr.IPv6
- capirca.lib.nacaddr.SortAddrList
- capirca.lib.policy.Error
- capirca.lib.policy.VarType
- capirca.lib.policy_simple.Field
- capirca.lib.summarizer.Summarize