This sample creates an egress firewall rule with the highest priority for host kms.windows.googlecloud.com for Windows activation.
Code sample
Go
Before trying this sample, follow the Go setup instructions in the Compute Engine quickstart using client libraries . For more information, see the Compute Engine Go API reference documentation .
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
import
(
"context"
"fmt"
"io"
compute
"cloud.google.com/go/compute/apiv1"
computepb
"cloud.google.com/go/compute/apiv1/computepb"
"google.golang.org/protobuf/proto"
)
// createFirewallRuleForWindowsActivationHost creates an egress firewall rule with
// the highest priority for host kms.windows.googlecloud.com (35.190.247.13)
// for Windows activation.
func
createFirewallRuleForWindowsActivationHost
(
w
io
.
Writer
,
projectID
,
firewallRuleName
,
networkName
string
,
)
error
{
// projectID := "your_project_id"
// firewallRuleName := "your_firewall_rule_name"
// networkName := "global/networks/default"
ctx
:=
context
.
Background
()
firewallsClient
,
err
:=
compute
.
NewFirewallsRESTClient
(
ctx
)
if
err
!=
nil
{
return
fmt
.
Errorf
(
"NewFirewallsRESTClient: %w"
,
err
)
}
defer
firewallsClient
.
Close
()
req
:=
& computepb
.
InsertFirewallRequest
{
Project
:
projectID
,
FirewallResource
:
& computepb
.
Firewall
{
Name
:
proto
.
String
(
firewallRuleName
),
Allowed
:
[]
*
computepb
.
Allowed
{
{
IPProtocol
:
proto
.
String
(
"tcp"
),
Ports
:
[]
string
{
"1688"
},
},
},
Direction
:
proto
.
String
(
"EGRESS"
),
Network
:
proto
.
String
(
networkName
),
DestinationRanges
:
[]
string
{
"35.190.247.13/32"
},
Priority
:
proto
.
Int32
(
0
),
},
}
op
,
err
:=
firewallsClient
.
Insert
(
ctx
,
req
)
if
err
!=
nil
{
return
fmt
.
Errorf
(
"unable to create firewall rule: %w"
,
err
)
}
if
err
=
op
.
Wait
(
ctx
);
err
!=
nil
{
return
fmt
.
Errorf
(
"unable to wait for the operation: %w"
,
err
)
}
fmt
.
Fprintf
(
w
,
"Firewall rule created\n"
)
return
nil
}
Java
Before trying this sample, follow the Java setup instructions in the Compute Engine quickstart using client libraries . For more information, see the Compute Engine Java API reference documentation .
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
import
com.google.cloud.compute.v1. Allowed
;
import
com.google.cloud.compute.v1. Firewall
;
import
com.google.cloud.compute.v1. FirewallsClient
;
import
com.google.cloud.compute.v1. InsertFirewallRequest
;
import
com.google.cloud.compute.v1. Operation
;
import
java.io.IOException
;
import
java.util.concurrent.ExecutionException
;
import
java.util.concurrent.TimeUnit
;
import
java.util.concurrent.TimeoutException
;
public
class
CreateFirewallRuleForWindowsActivationHost
{
public
static
void
main
(
String
[]
args
)
throws
IOException
,
ExecutionException
,
InterruptedException
,
TimeoutException
{
// TODO(developer): Replace these variables before running the sample.
// projectId - ID or number of the project you want to use.
String
projectId
=
"your-google-cloud-project-id"
;
// firewallRuleName - Name of the firewall rule you want to create.
String
firewallRuleName
=
"firewall-rule-name"
;
// networkName - Name of the network you want the new instance to use.
// * For example: "global/networks/default" represents the network
// * named "default", which is created automatically for each project.
String
networkName
=
"global/networks/default"
;
createFirewallRuleForWindowsActivationHost
(
projectId
,
firewallRuleName
,
networkName
);
}
// Creates a new allow egress firewall rule with the highest priority for host
// kms.windows.googlecloud.com (35.190.247.13) for Windows activation.
public
static
void
createFirewallRuleForWindowsActivationHost
(
String
projectId
,
String
firewallRuleName
,
String
networkName
)
throws
IOException
,
ExecutionException
,
InterruptedException
,
TimeoutException
{
// Instantiates a client.
try
(
FirewallsClient
firewallsClient
=
FirewallsClient
.
create
())
{
Firewall
firewall
=
Firewall
.
newBuilder
()
.
setName
(
firewallRuleName
)
// These are the default values for kms.windows.googlecloud.com
// See, https://cloud.google.com/compute/docs/instances/windows/creating-managing-windows-instances#firewall_rule_requirements
.
addAllowed
(
Allowed
.
newBuilder
()
.
setIPProtocol
(
"tcp"
)
.
addPorts
(
"1688"
)
.
build
())
.
setDirection
(
"EGRESS"
)
.
setNetwork
(
networkName
)
.
addDestinationRanges
(
"35.190.247.13/32"
)
.
setPriority
(
0
)
.
build
();
InsertFirewallRequest
request
=
InsertFirewallRequest
.
newBuilder
()
.
setProject
(
projectId
)
.
setFirewallResource
(
firewall
)
.
build
();
// Wait for the operation to complete.
Operation
operation
=
firewallsClient
.
insertAsync
(
request
).
get
(
3
,
TimeUnit
.
MINUTES
);
if
(
operation
.
hasError
())
{
System
.
out
.
println
(
"Firewall rule creation failed ! ! "
+
operation
.
getError
());
return
;
}
System
.
out
.
printf
(
"Firewall rule created %s"
,
firewallRuleName
);
}
}
}
Python
Before trying this sample, follow the Python setup instructions in the Compute Engine quickstart using client libraries . For more information, see the Compute Engine Python API reference documentation .
To authenticate to Compute Engine, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
from
__future__
import
annotations
import
sys
from
typing
import
Any
from
google.api_core.extended_operation
import
ExtendedOperation
from
google.cloud
import
compute_v1
def
wait_for_extended_operation
(
operation
:
ExtendedOperation
,
verbose_name
:
str
=
"operation"
,
timeout
:
int
=
300
)
-
> Any
:
"""
Waits for the extended (long-running) operation to complete.
If the operation is successful, it will return its result.
If the operation ends with an error, an exception will be raised.
If there were any warnings during the execution of the operation
they will be printed to sys.stderr.
Args:
operation: a long-running operation you want to wait on.
verbose_name: (optional) a more verbose name of the operation,
used only during error and warning reporting.
timeout: how long (in seconds) to wait for operation to finish.
If None, wait indefinitely.
Returns:
Whatever the operation.result() returns.
Raises:
This method will raise the exception received from `operation.exception()`
or RuntimeError if there is no exception set, but there is an `error_code`
set for the `operation`.
In case of an operation taking longer than `timeout` seconds to complete,
a `concurrent.futures.TimeoutError` will be raised.
"""
result
=
operation
.
result
(
timeout
=
timeout
)
if
operation
.
error_code
:
print
(
f
"Error during
{
verbose_name
}
: [Code:
{
operation
.
error_code
}
]:
{
operation
.
error_message
}
"
,
file
=
sys
.
stderr
,
flush
=
True
,
)
print
(
f
"Operation ID:
{
operation
.
name
}
"
,
file
=
sys
.
stderr
,
flush
=
True
)
raise
operation
.
exception
()
or
RuntimeError
(
operation
.
error_message
)
if
operation
.
warnings
:
print
(
f
"Warnings during
{
verbose_name
}
:
\n
"
,
file
=
sys
.
stderr
,
flush
=
True
)
for
warning
in
operation
.
warnings
:
print
(
f
" -
{
warning
.
code
}
:
{
warning
.
message
}
"
,
file
=
sys
.
stderr
,
flush
=
True
)
return
result
def
create_firewall_rule_for_windows_activation_host
(
project_id
:
str
,
firewall_rule_name
:
str
,
network
:
str
=
"global/networks/default"
)
-
> compute_v1
.
Firewall
:
"""
Creates an egress firewall rule with the highest priority for host
kms.windows.googlecloud.com (35.190.247.13) for Windows activation.
Args:
project_id: project ID or project number of the Cloud project you want to use.
firewall_rule_name: name of the rule that is created.
network: name of the network the rule will be applied to. Available name formats:
* https://www.googleapis.com/compute/v1/projects/{project_id}/global/networks/{network}
* projects/{project_id}/global/networks/{network}
* global/networks/{network}
Returns:
A Firewall object.
"""
firewall_rule
=
compute_v1
.
Firewall
()
firewall_rule
.
name
=
firewall_rule_name
firewall_rule
.
network
=
network
allowed
=
compute_v1
.
Allowed
()
allowed
.
ports
=
[
"1688"
]
allowed
.
I_p_protocol
=
"tcp"
firewall_rule
.
allowed
=
[
allowed
]
firewall_rule
.
destination_ranges
=
[
"35.190.247.13/32"
]
firewall_rule
.
direction
=
compute_v1
.
Firewall
.
Direction
.
EGRESS
.
name
firewall_rule
.
priority
=
0
firewall_client
=
compute_v1
.
FirewallsClient
()
operation
=
firewall_client
.
insert
(
project
=
project_id
,
firewall_resource
=
firewall_rule
)
wait_for_extended_operation
(
operation
,
"windows KSM firewall rule creation"
)
return
firewall_client
.
get
(
project
=
project_id
,
firewall
=
firewall_rule_name
)
What's next
To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser .
