יצירת כלל לחומת האש עבור מארח ההפעלה של Windows

import (
	"context"
	"fmt"
	"io"

	compute "cloud.google.com/go/compute/apiv1"
	computepb "cloud.google.com/go/compute/apiv1/computepb"
	"google.golang.org/protobuf/proto"
)

// createFirewallRuleForWindowsActivationHost creates an egress firewall rule with
// the highest priority for host kms.windows.googlecloud.com (35.190.247.13)
// for Windows activation.
func createFirewallRuleForWindowsActivationHost(
	w io.Writer,
	projectID, firewallRuleName, networkName string,
) error {
	// projectID := "your_project_id"
	// firewallRuleName := "your_firewall_rule_name"
	// networkName := "global/networks/default"

	ctx := context.Background()
	firewallsClient, err := compute.NewFirewallsRESTClient(ctx)
	if err != nil {
		return fmt.Errorf("NewFirewallsRESTClient: %w", err)
	}
	defer firewallsClient.Close()

	req := &computepb.InsertFirewallRequest{
		Project: projectID,
		FirewallResource: &computepb.Firewall{
			Name: proto.String(firewallRuleName),
			Allowed: []*computepb.Allowed{
				{
					IPProtocol: proto.String("tcp"),
					Ports:      []string{"1688"},
				},
			},
			Direction:         proto.String("EGRESS"),
			Network:           proto.String(networkName),
			DestinationRanges: []string{"35.190.247.13/32"},
			Priority:          proto.Int32(0),
		},
	}

	op, err := firewallsClient.Insert(ctx, req)
	if err != nil {
		return fmt.Errorf("unable to create firewall rule: %w", err)
	}

	if err = op.Wait(ctx); err != nil {
		return fmt.Errorf("unable to wait for the operation: %w", err)
	}

	fmt.Fprintf(w, "Firewall rule created\n")

	return nil
}

import com.google.cloud.compute.v1.Allowed;
import com.google.cloud.compute.v1.Firewall;
import com.google.cloud.compute.v1.FirewallsClient;
import com.google.cloud.compute.v1.InsertFirewallRequest;
import com.google.cloud.compute.v1.Operation;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;

public class CreateFirewallRuleForWindowsActivationHost {

  public static void main(String[] args)
      throws IOException, ExecutionException, InterruptedException, TimeoutException {
    // TODO(developer): Replace these variables before running the sample.
    // projectId - ID or number of the project you want to use.
    String projectId = "your-google-cloud-project-id";

    // firewallRuleName - Name of the firewall rule you want to create.
    String firewallRuleName = "firewall-rule-name";

    // networkName - Name of the network you want the new instance to use.
    //  *   For example: "global/networks/default" represents the network
    //  *   named "default", which is created automatically for each project.
    String networkName = "global/networks/default";

    createFirewallRuleForWindowsActivationHost(projectId, firewallRuleName, networkName);
  }

  // Creates a new allow egress firewall rule with the highest priority for host
  // kms.windows.googlecloud.com (35.190.247.13) for Windows activation.
  public static void createFirewallRuleForWindowsActivationHost(String projectId,
      String firewallRuleName, String networkName)
      throws IOException, ExecutionException, InterruptedException, TimeoutException {
    // Instantiates a client.
    try (FirewallsClient firewallsClient = FirewallsClient.create()) {

      Firewall firewall = Firewall.newBuilder()
          .setName(firewallRuleName)
          // These are the default values for kms.windows.googlecloud.com
          // See, https://cloud.google.com/compute/docs/instances/windows/creating-managing-windows-instances#firewall_rule_requirements
          .addAllowed(Allowed.newBuilder()
              .setIPProtocol("tcp")
              .addPorts("1688")
              .build())
          .setDirection("EGRESS")
          .setNetwork(networkName)
          .addDestinationRanges("35.190.247.13/32")
          .setPriority(0)
          .build();

      InsertFirewallRequest request = InsertFirewallRequest.newBuilder()
          .setProject(projectId)
          .setFirewallResource(firewall)
          .build();

      // Wait for the operation to complete.
      Operation operation = firewallsClient.insertAsync(request).get(3, TimeUnit.MINUTES);

      if (operation.hasError()) {
        System.out.println("Firewall rule creation failed ! ! " + operation.getError());
        return;
      }

      System.out.printf("Firewall rule created %s", firewallRuleName);
    }
  }
}

from __future__ import annotations

import sys
from typing import Any

from google.api_core.extended_operation import ExtendedOperation
from google.cloud import compute_v1


def wait_for_extended_operation(
    operation: ExtendedOperation, verbose_name: str = "operation", timeout: int = 300
) -> Any:
    """
    Waits for the extended (long-running) operation to complete.

    If the operation is successful, it will return its result.
    If the operation ends with an error, an exception will be raised.
    If there were any warnings during the execution of the operation
    they will be printed to sys.stderr.

    Args:
        operation: a long-running operation you want to wait on.
        verbose_name: (optional) a more verbose name of the operation,
            used only during error and warning reporting.
        timeout: how long (in seconds) to wait for operation to finish.
            If None, wait indefinitely.

    Returns:
        Whatever the operation.result() returns.

    Raises:
        This method will raise the exception received from `operation.exception()`
        or RuntimeError if there is no exception set, but there is an `error_code`
        set for the `operation`.

        In case of an operation taking longer than `timeout` seconds to complete,
        a `concurrent.futures.TimeoutError` will be raised.
    """
    result = operation.result(timeout=timeout)

    if operation.error_code:
        print(
            f"Error during {verbose_name}: [Code: {operation.error_code}]: {operation.error_message}",
            file=sys.stderr,
            flush=True,
        )
        print(f"Operation ID: {operation.name}", file=sys.stderr, flush=True)
        raise operation.exception() or RuntimeError(operation.error_message)

    if operation.warnings:
        print(f"Warnings during {verbose_name}:\n", file=sys.stderr, flush=True)
        for warning in operation.warnings:
            print(f" - {warning.code}: {warning.message}", file=sys.stderr, flush=True)

    return result


def create_firewall_rule_for_windows_activation_host(
    project_id: str, firewall_rule_name: str, network: str = "global/networks/default"
) -> compute_v1.Firewall:
    """
    Creates an egress firewall rule with the highest priority for host
    kms.windows.googlecloud.com (35.190.247.13) for Windows activation.

    Args:
        project_id: project ID or project number of the Cloud project you want to use.
        firewall_rule_name: name of the rule that is created.
        network: name of the network the rule will be applied to. Available name formats:
            * https://www.googleapis.com/compute/v1/projects/{project_id}/global/networks/{network}
            * projects/{project_id}/global/networks/{network}
            * global/networks/{network}

    Returns:
        A Firewall object.
    """
    firewall_rule = compute_v1.Firewall()
    firewall_rule.name = firewall_rule_name
    firewall_rule.network = network

    allowed = compute_v1.Allowed()
    allowed.ports = ["1688"]
    allowed.I_p_protocol = "tcp"

    firewall_rule.allowed = [allowed]
    firewall_rule.destination_ranges = ["35.190.247.13/32"]
    firewall_rule.direction = compute_v1.Firewall.Direction.EGRESS.name
    firewall_rule.priority = 0

    firewall_client = compute_v1.FirewallsClient()
    operation = firewall_client.insert(
        project=project_id, firewall_resource=firewall_rule
    )

    wait_for_extended_operation(operation, "windows KSM firewall rule creation")

    return firewall_client.get(project=project_id, firewall=firewall_rule_name)