GCP MCP

Instructions

Implementation Reference

• src/gcp_mcp/gcp_modules/networking/tools.py:179-276 (handler)

  The handler function decorated with @mcp.tool() that implements the logic to create a GCP firewall rule using the Compute Engine FirewallsClient. Includes type hints and docstring defining the input schema.
  @mcp.tool() def create_firewall_rule(project_id: str, name: str, network: str, direction: str, priority: int, source_ranges: Optional[List[str]] = None, destination_ranges: Optional[List[str]] = None, allowed_protocols: Optional[List[Dict[str, Any]]] = None, denied_protocols: Optional[List[Dict[str, Any]]] = None, target_tags: Optional[List[str]] = None, source_tags: Optional[List[str]] = None, description: Optional[str] = None) -> str: """ Create a firewall rule in a GCP project. Args: project_id: The ID of the GCP project name: The name of the firewall rule network: The name of the network to create the firewall rule for direction: The direction of traffic to match ('INGRESS' or 'EGRESS') priority: The priority of the rule (lower number = higher priority, 0-65535) source_ranges: Optional list of source IP ranges (for INGRESS) destination_ranges: Optional list of destination IP ranges (for EGRESS) allowed_protocols: Optional list of allowed protocols, e.g. [{"IPProtocol": "tcp", "ports": ["80", "443"]}] denied_protocols: Optional list of denied protocols, e.g. [{"IPProtocol": "tcp", "ports": ["22"]}] target_tags: Optional list of target instance tags source_tags: Optional list of source instance tags (for INGRESS) description: Optional description for the firewall rule Returns: Result of the firewall rule creation """ try: from google.cloud import compute_v1 # Initialize the Compute Engine client for firewall client = compute_v1.FirewallsClient() # Create the firewall resource firewall = compute_v1.Firewall() firewall.name = name firewall.network = f"projects/{project_id}/global/networks/{network}" firewall.direction = direction firewall.priority = priority if description: firewall.description = description # Set source/destination ranges based on direction if direction == "INGRESS" and source_ranges: firewall.source_ranges = source_ranges elif direction == "EGRESS" and destination_ranges: firewall.destination_ranges = destination_ranges # Set allowed protocols if allowed_protocols: firewall.allowed = [] for protocol in allowed_protocols: allowed = compute_v1.Allowed() allowed.I_p_protocol = protocol["IPProtocol"] if "ports" in protocol: allowed.ports = protocol["ports"] firewall.allowed.append(allowed) # Set denied protocols if denied_protocols: firewall.denied = [] for protocol in denied_protocols: denied = compute_v1.Denied() denied.I_p_protocol = protocol["IPProtocol"] if "ports" in protocol: denied.ports = protocol["ports"] firewall.denied.append(denied) # Set target tags if target_tags: firewall.target_tags = target_tags # Set source tags if source_tags and direction == "INGRESS": firewall.source_tags = source_tags # Create the firewall rule operation = client.insert(project=project_id, firewall_resource=firewall) return f""" Firewall rule creation initiated: - Name: {name} - Network: {network} - Direction: {direction} - Priority: {priority} - Description: {description or 'None'} - Source Ranges: {source_ranges or 'None'} - Destination Ranges: {destination_ranges or 'None'} - Allowed Protocols: {allowed_protocols or 'None'} - Denied Protocols: {denied_protocols or 'None'} - Target Tags: {target_tags or 'None'} - Source Tags: {source_tags or 'None'} Operation ID: {operation.id} Status: {operation.status} """ except Exception as e: return f"Error creating firewall rule: {str(e)}"
• src/gcp_mcp/server.py:48-48 (registration)

  The call to register_tools on the networking tools module, which executes the @mcp.tool() decorators to register the create_firewall_rule tool with the MCP server.
  networking_tools.register_tools(mcp)