ansible-collections/google.cloud
1
0
Fork 0
mirror of https://github.com/ansible-collections/google.cloud.git synced 2025-04-06 19:00:27 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

added support for shielded nodes in container (#3639) (#252)

Browse source 
Signed-off-by: Modular Magician <magic-modules@google.com>
This commit is contained in:
The Magician 2020-07-07 08:34:51 -07:00 committed by GitHub
parent 72ff8360fd
commit 19c74666d6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 188 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
plugins/modules/gcp_container_cluster.py
View file

@ -232,6 +232,30 @@ options:
"NO_EXECUTE"'
required: false
type: str
shielded_instance_config:
description:
- Shielded Instance options.
required: false
type: dict
version_added: '2.10'
suboptions:
enable_secure_boot:
description:
- Defines whether the instance has Secure Boot enabled.
- Secure Boot helps ensure that the system only runs authentic software
by verifying the digital signature of all boot components, and halting
the boot process if signature verification fails.
required: false
type: bool
enable_integrity_monitoring:
description:
- Defines whether the instance has integrity monitoring enabled.
- Enables monitoring and attestation of the boot integrity of the instance.
- The attestation is performed against the integrity policy baseline.
This baseline is initially derived from the implicitly trusted boot
image when the instance is created.
required: false
type: bool
master_auth:
description:
- The authentication information for accessing the master endpoint.
@ -827,6 +851,29 @@ nodeConfig:
- Effect for taint.
returned: success
type: str
shieldedInstanceConfig:
description:
- Shielded Instance options.
returned: success
type: complex
contains:
enableSecureBoot:
description:
- Defines whether the instance has Secure Boot enabled.
- Secure Boot helps ensure that the system only runs authentic software
by verifying the digital signature of all boot components, and halting
the boot process if signature verification fails.
returned: success
type: bool
enableIntegrityMonitoring:
description:
- Defines whether the instance has integrity monitoring enabled.
- Enables monitoring and attestation of the boot integrity of the instance.
- The attestation is performed against the integrity policy baseline. This
baseline is initially derived from the implicitly trusted boot image when
the instance is created.
returned: success
type: bool
masterAuth:
description:
- The authentication information for accessing the master endpoint.
@ -1335,6 +1382,9 @@ def main():
disk_type=dict(type='str'),
min_cpu_platform=dict(type='str'),
taints=dict(type='list', elements='dict', options=dict(key=dict(type='str'), value=dict(type='str'), effect=dict(type='str'))),
shielded_instance_config=dict(
type='dict', options=dict(enable_secure_boot=dict(type='bool'), enable_integrity_monitoring=dict(type='bool'))
),
),
),
master_auth=dict(
@ -1732,6 +1782,7 @@ class ClusterNodeconfig(object):
u'diskType': self.request.get('disk_type'),
u'minCpuPlatform': self.request.get('min_cpu_platform'),
u'taints': ClusterTaintsArray(self.request.get('taints', []), self.module).to_request(),
u'shieldedInstanceConfig': ClusterShieldedinstanceconfig(self.request.get('shielded_instance_config', {}), self.module).to_request(),
}
)
@ -1752,6 +1803,7 @@ class ClusterNodeconfig(object):
u'diskType': self.request.get(u'diskType'),
u'minCpuPlatform': self.request.get(u'minCpuPlatform'),
u'taints': ClusterTaintsArray(self.request.get(u'taints', []), self.module).from_response(),
u'shieldedInstanceConfig': ClusterShieldedinstanceconfig(self.request.get(u'shieldedInstanceConfig', {}), self.module).from_response(),
}
)
@ -1810,6 +1862,25 @@ class ClusterTaintsArray(object):
return remove_nones_from_dict({u'key': item.get(u'key'), u'value': item.get(u'value'), u'effect': item.get(u'effect')})
class ClusterShieldedinstanceconfig(object):
def __init__(self, request, module):
self.module = module
if request:
self.request = request
else:
self.request = {}
def to_request(self):
return remove_nones_from_dict(
{u'enableSecureBoot': self.request.get('enable_secure_boot'), u'enableIntegrityMonitoring': self.request.get('enable_integrity_monitoring')}
)
def from_response(self):
return remove_nones_from_dict(
{u'enableSecureBoot': self.request.get(u'enableSecureBoot'), u'enableIntegrityMonitoring': self.request.get(u'enableIntegrityMonitoring')}
)
class ClusterMasterauth(object):
def __init__(self, request, module):
self.module = module

23
plugins/modules/gcp_container_cluster_info.py
View file

@ -288,6 +288,29 @@ resources:
- Effect for taint.
returned: success
type: str
shieldedInstanceConfig:
description:
- Shielded Instance options.
returned: success
type: complex
contains:
enableSecureBoot:
description:
- Defines whether the instance has Secure Boot enabled.
- Secure Boot helps ensure that the system only runs authentic software
by verifying the digital signature of all boot components, and halting
the boot process if signature verification fails.
returned: success
type: bool
enableIntegrityMonitoring:
description:
- Defines whether the instance has integrity monitoring enabled.
- Enables monitoring and attestation of the boot integrity of the instance.
- The attestation is performed against the integrity policy baseline.
This baseline is initially derived from the implicitly trusted boot
image when the instance is created.
returned: success
type: bool
masterAuth:
description:
- The authentication information for accessing the master endpoint.

71
plugins/modules/gcp_container_node_pool.py
View file

@ -207,6 +207,30 @@ options:
- Effect for taint.
required: false
type: str
shielded_instance_config:
description:
- Shielded Instance options.
required: false
type: dict
version_added: '2.10'
suboptions:
enable_secure_boot:
description:
- Defines whether the instance has Secure Boot enabled.
- Secure Boot helps ensure that the system only runs authentic software
by verifying the digital signature of all boot components, and halting
the boot process if signature verification fails.
required: false
type: bool
enable_integrity_monitoring:
description:
- Defines whether the instance has integrity monitoring enabled.
- Enables monitoring and attestation of the boot integrity of the instance.
- The attestation is performed against the integrity policy baseline.
This baseline is initially derived from the implicitly trusted boot
image when the instance is created.
required: false
type: bool
initial_node_count:
description:
- The initial node count for the pool. You must ensure that your Compute Engine
@ -528,6 +552,29 @@ config:
- Effect for taint.
returned: success
type: str
shieldedInstanceConfig:
description:
- Shielded Instance options.
returned: success
type: complex
contains:
enableSecureBoot:
description:
- Defines whether the instance has Secure Boot enabled.
- Secure Boot helps ensure that the system only runs authentic software
by verifying the digital signature of all boot components, and halting
the boot process if signature verification fails.
returned: success
type: bool
enableIntegrityMonitoring:
description:
- Defines whether the instance has integrity monitoring enabled.
- Enables monitoring and attestation of the boot integrity of the instance.
- The attestation is performed against the integrity policy baseline. This
baseline is initially derived from the implicitly trusted boot image when
the instance is created.
returned: success
type: bool
initialNodeCount:
description:
- The initial node count for the pool. You must ensure that your Compute Engine
@ -695,6 +742,9 @@ def main():
disk_type=dict(type='str'),
min_cpu_platform=dict(type='str'),
taints=dict(type='list', elements='dict', options=dict(key=dict(type='str'), value=dict(type='str'), effect=dict(type='str'))),
shielded_instance_config=dict(
type='dict', options=dict(enable_secure_boot=dict(type='bool'), enable_integrity_monitoring=dict(type='bool'))
),
),
),
initial_node_count=dict(required=True, type='int'),
@ -926,6 +976,7 @@ class NodePoolConfig(object):
u'diskType': self.request.get('disk_type'),
u'minCpuPlatform': self.request.get('min_cpu_platform'),
u'taints': NodePoolTaintsArray(self.request.get('taints', []), self.module).to_request(),
u'shieldedInstanceConfig': NodePoolShieldedinstanceconfig(self.request.get('shielded_instance_config', {}), self.module).to_request(),
}
)
@ -946,6 +997,7 @@ class NodePoolConfig(object):
u'diskType': self.request.get(u'diskType'),
u'minCpuPlatform': self.request.get(u'minCpuPlatform'),
u'taints': NodePoolTaintsArray(self.request.get(u'taints', []), self.module).from_response(),
u'shieldedInstanceConfig': NodePoolShieldedinstanceconfig(self.request.get(u'shieldedInstanceConfig', {}), self.module).from_response(),
}
)
@ -1004,6 +1056,25 @@ class NodePoolTaintsArray(object):
return remove_nones_from_dict({u'key': item.get(u'key'), u'value': item.get(u'value'), u'effect': item.get(u'effect')})
class NodePoolShieldedinstanceconfig(object):
def __init__(self, request, module):
self.module = module
if request:
self.request = request
else:
self.request = {}
def to_request(self):
return remove_nones_from_dict(
{u'enableSecureBoot': self.request.get('enable_secure_boot'), u'enableIntegrityMonitoring': self.request.get('enable_integrity_monitoring')}
)
def from_response(self):
return remove_nones_from_dict(
{u'enableSecureBoot': self.request.get(u'enableSecureBoot'), u'enableIntegrityMonitoring': self.request.get(u'enableIntegrityMonitoring')}
)
class NodePoolAutoscaling(object):
def __init__(self, request, module):
self.module = module

23
plugins/modules/gcp_container_node_pool_info.py
View file

@ -272,6 +272,29 @@ resources:
- Effect for taint.
returned: success
type: str
shieldedInstanceConfig:
description:
- Shielded Instance options.
returned: success
type: complex
contains:
enableSecureBoot:
description:
- Defines whether the instance has Secure Boot enabled.
- Secure Boot helps ensure that the system only runs authentic software
by verifying the digital signature of all boot components, and halting
the boot process if signature verification fails.
returned: success
type: bool
enableIntegrityMonitoring:
description:
- Defines whether the instance has integrity monitoring enabled.
- Enables monitoring and attestation of the boot integrity of the instance.
- The attestation is performed against the integrity policy baseline.
This baseline is initially derived from the implicitly trusted boot
image when the instance is created.
returned: success
type: bool
initialNodeCount:
description:
- The initial node count for the pool. You must ensure that your Compute Engine