Adding firewall samples and tests (GoogleCloudPlatform#1538)

Adding firewall samples with tests.

Includes: refactored wait_for_operation.php to support Zone, Region and Global operations.

Co-authored-by: Maciej Strzelczyk 
Co-authored-by: Remigiusz Samborski 

Author: 3 people

compute/cloud-client/instances/src/create_firewall_rule.php

@@ -0,0 +1,92 @@
+
+/**
+ * Copyright 2021 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/compute/cloud-client/README.md
+ */
+
+namespace Google\Cloud\Samples\Compute;
+
+include_once 'wait_for_operation.php';
+
+# [START compute_firewall_create]
+use Google\Cloud\Compute\V1\FirewallsClient;
+use Google\Cloud\Compute\V1\Allowed;
+use Google\Cloud\Compute\V1\Firewall;
+use Google\Cloud\Compute\V1\Firewall\Direction;
+
+/**
+ * Creates a simple firewall rule allowing for incoming HTTP and HTTPS access from the entire Internet.
+ *
+ * Example:
+ * ```
+ * create_firewall_rule($projectId, $firewallRuleName, $network);
+ * ```
+ *
+ * @param string $projectId Project ID or project number of the Cloud project you want to create a rule for.
+ * @param string $firewallRuleName Name of the rule that is created.
+ * @param string $network Name of the network the rule will be applied to. Available name formats:
+ *                        https://www.googleapis.com/compute/v1/projects/{project_id}/global/networks/{network}
+ *                        projects/{project_id}/global/networks/{network}
+ *                        global/networks/{network}
+ *
+ * @throws \Google\ApiCore\ApiException if the remote call fails.
+ */
+
+function create_firewall_rule(string $projectId, string $firewallRuleName, string $network = 'global/networks/default')
+{
+    $firewallsClient = new FirewallsClient();
+    $allowedPorts = (new Allowed())
+      ->setIPProtocol('tcp')
+      ->setPorts(['80', '443']);
+    $firewallResource = (new Firewall())
+      ->setName($firewallRuleName)
+      ->setDirection(Direction::INGRESS)
+      ->setAllowed([$allowedPorts])
+      ->setSourceRanges(['0.0.0.0/0'])
+      ->setTargetTags(['web'])
+      ->setNetwork($network)
+      ->setDescription('Allowing TCP traffic on ports 80 and 443 from Internet.');
+
+    /**
+    * Note that the default value of priority for the firewall API is 1000.
+    * If you check the value of its priority at this point it will be
+    * equal to 0, however it is not treated as "set" by the library and thus
+    * the default will be applied to the new rule. If you want to create a rule
+    * that has priority == 0, you need to explicitly set it so:
+    *
+    *   $firewallResource->setPriority(0);
+    */
+
+    //Create the firewall rule using Firewalls Client.
+    $operation = $firewallsClient->insert($firewallResource, $projectId);
+
+    // Wait for the create operation to complete using a custom helper function.
+    // @see src/wait_for_operation.php
+    $operation = wait_for_operation($operation, $projectId);
+    if (empty($operation->getError())) {
+        printf('Created rule %s.' . PHP_EOL, $firewallRuleName);
+    } else {
+        printf('Firewall rule creation failed!' . PHP_EOL);
+    }
+}
+# [END compute_firewall_create]
+
+require_once __DIR__ . '/../../../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);

compute/cloud-client/instances/src/create_instance.php

@@ -85,7 +85,7 @@ function create_instance(
 
     // Wait for the create operation to complete using a custom helper function.
     // @see src/wait_for_operation.php
-    $operation = wait_for_operation($operation, $projectId, $zone);
+    $operation = wait_for_operation($operation, $projectId);
     if (empty($operation->getError())) {
         printf('Created instance %s' . PHP_EOL, $instanceName);
     } else {

compute/cloud-client/instances/src/delete_firewall_rule.php

@@ -0,0 +1,63 @@
+
+/**
+ * Copyright 2021 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/compute/cloud-client/README.md
+ */
+
+namespace Google\Cloud\Samples\Compute;
+
+include_once 'wait_for_operation.php';
+
+# [START compute_firewall_delete]
+use Google\Cloud\Compute\V1\FirewallsClient;
+
+/**
+ * Delete a firewall rule from the specified project.
+ *
+ * Example:
+ * ```
+ * delete_firewall_rule($projectId, $firewallRuleName);
+ * ```
+ *
+ * @param string $projectId Project ID or project number of the Cloud project you want to delete a rule for.
+ * @param string $firewallRuleName Name of the rule that is deleted.
+ *
+ * @throws \Google\ApiCore\ApiException if the remote call fails.
+ */
+function delete_firewall_rule(string $projectId, string $firewallRuleName)
+{
+    $firewallsClient = new FirewallsClient();
+
+    // Delete the firewall rule using Firewalls Client.
+    $operation = $firewallsClient->delete($firewallRuleName, $projectId);
+
+    // Wait for the create operation to complete using a custom helper function.
+    // @see src/wait_for_operation.php
+    $operation = wait_for_operation($operation, $projectId);
+    if (empty($operation->getError())) {
+        printf('Rule %s deleted successfully!' . PHP_EOL, $firewallRuleName);
+    } else {
+        print('Deletion failed!' . PHP_EOL);
+    }
+}
+# [END compute_firewall_delete]
+
+require_once __DIR__ . '/../../../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);

compute/cloud-client/instances/src/delete_instance.php

@@ -52,7 +52,7 @@ function delete_instance(
 
     // Wait for the create operation to complete using a custom helper function.
     // @see src/wait_for_operation.php
-    $operation = wait_for_operation($operation, $projectId, $zone);
+    $operation = wait_for_operation($operation, $projectId);
     if (empty($operation->getError())) {
         printf('Deleted instance %s' . PHP_EOL, $instanceName);
     } else {

compute/cloud-client/instances/src/list_firewall_rules.php

@@ -0,0 +1,55 @@
+
+/**
+ * Copyright 2021 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/compute/cloud-client/README.md
+ */
+
+namespace Google\Cloud\Samples\Compute;
+
+# [START compute_firewall_list]
+use Google\Cloud\Compute\V1\FirewallsClient;
+
+/**
+ * Return a list of all the firewall rules in specified project. Also prints the
+ * list of firewall names and their descriptions.
+ * Example:
+ * ```
+ * list_firewall_rules($projectId);
+ * ```
+ *
+ * @param string $projectId Project ID or project number of the Cloud project you want to list rules from.
+ *
+ * @throws \Google\ApiCore\ApiException if the remote call fails.
+ */
+function list_firewall_rules(string $projectId)
+{
+    // List all firewall rules defined for the project using Firewalls Client.
+    $firewallClient = new FirewallsClient();
+    $firewallList = $firewallClient->list($projectId);
+
+    print('--- Firewall Rules ---' . PHP_EOL);
+    foreach ($firewallList->iterateAllElements() as $firewall) {
+        printf(' -  %s : %s : %s' . PHP_EOL, $firewall->getName(), $firewall->getDescription(), $firewall->getNetwork());
+    }
+}
+# [END compute_firewall_list]
+
+require_once __DIR__ . '/../../../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);

compute/cloud-client/instances/src/patch_firewall_priority.php

@@ -0,0 +1,67 @@
+
+/**
+ * Copyright 2021 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/compute/cloud-client/README.md
+ */
+
+namespace Google\Cloud\Samples\Compute;
+
+include_once 'wait_for_operation.php';
+
+# [START compute_firewall_patch]
+use Google\Cloud\Compute\V1\FirewallsClient;
+use Google\Cloud\Compute\V1\Firewall;
+
+/**
+ * Modifies the priority of a given firewall rule.
+ *
+ * Example:
+ * ```
+ * patch_firewall_priority($projectId, $firewallRuleName, $priority);
+ * ```
+ *
+ * @param string $projectId Project ID or project number of the Cloud project you want to patch a rule from.
+ * @param string $firewallRuleName Name of the rule that you want to modify.
+ * @param int $priority The new priority to be set for the rule.
+ *
+ * @throws \Google\ApiCore\ApiException if the remote call fails.
+ */
+function patch_firewall_priority(string $projectId, string $firewallRuleName, int $priority)
+{
+    $firewallsClient = new FirewallsClient();
+    $firewallResource = (new Firewall())->setPriority($priority);
+
+    // The patch operation doesn't require the full definition of a Firewall object. It will only update
+    // the values that were set in it, in this case it will only change the priority.
+    $operation = $firewallsClient->patch($firewallRuleName, $firewallResource, $projectId);
+
+    // Wait for the create operation to complete using a custom helper function.
+    // @see src/wait_for_operation.php
+    $operation = wait_for_operation($operation, $projectId);
+    if (empty($operation->getError())) {
+        printf('Patched %s priority to %d.' . PHP_EOL, $firewallRuleName, $priority);
+    } else {
+        print('Patching failed!' . PHP_EOL);
+    }
+}
+# [END compute_firewall_patch]
+
+require_once __DIR__ . '/../../../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);

compute/cloud-client/instances/src/print_firewall_rule.php

@@ -0,0 +1,76 @@
+
+/**
+ * Copyright 2021 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/compute/cloud-client/README.md
+ */
+
+namespace Google\Cloud\Samples\Compute;
+
+use Google\Cloud\Compute\V1\FirewallsClient;
+use Google\Cloud\Compute\V1\Firewall\Direction;
+
+/**
+ * Prints details about a particular firewall rule in the specified project
+ *
+ * Example:
+ * ```
+ * print_firewall_rule($projectId, $firewallRuleName);
+ * ```
+ *
+ * @param string $projectId Project ID or project number of the Cloud project you want to print a rule from.
+ * @param string $firewallRuleName Unique name for the firewall rule.
+ *
+ * @throws \Google\ApiCore\ApiException if the remote call fails.
+ */
+function print_firewall_rule(string $projectId, string $firewallRuleName)
+{
+    // Get details of a firewall rule defined for the project using Firewalls Client.
+    $firewallClient = new FirewallsClient();
+    $response = $firewallClient->get($firewallRuleName, $projectId);
+    $direction = $response->getDirection();
+    printf('ID: %s' . PHP_EOL, $response->getID());
+    printf('Kind: %s' . PHP_EOL, $response->getKind());
+    printf('Name: %s' . PHP_EOL, $response->getName());
+    printf('Creation Time: %s' . PHP_EOL, $response->getCreationTimestamp());
+    if ($direction = Direction::INGRESS) {
+        print('Direction: INGRESS' . PHP_EOL);
+    } else {
+        print('Direction: EGRESS' . PHP_EOL);
+    }
+    printf('Network: %s' . PHP_EOL, $response->getNetwork());
+    printf('Disabled: %s' . PHP_EOL, var_export($response->getDisabled(), true));
+    printf('Priority: %s' . PHP_EOL, $response->getPriority());
+    printf('Self Link: %s' . PHP_EOL, $response->getSelfLink());
+    printf('Logging Enabled: %s' . PHP_EOL, var_export($response->getLogConfig()->getEnable(), true));
+    print('--Allowed--' . PHP_EOL);
+    foreach ($response->getAllowed() as $item) {
+        printf('Protocol: %s' . PHP_EOL, $item->getIPProtocol());
+        foreach ($item->getPorts()as $ports) {
+            printf(' - Ports: %s' . PHP_EOL, $ports);
+        }
+    }
+    print('--Source Ranges--' . PHP_EOL);
+    foreach ($response->getSourceRanges()as $ranges) {
+        printf(' - Range: %s' . PHP_EOL, $ranges);
+    }
+}
+
+require_once __DIR__ . '/../../../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);