added support for shielded nodes in container (#3639) (#252)

Signed-off-by: Modular Magician <magic-modules@google.com>

plugins/modules/gcp_container_cluster.py

@@ -232,6 +232,30 @@ options:
               "NO_EXECUTE"'
             required: false
             type: str
+      shielded_instance_config:
+        description:
+        - Shielded Instance options.
+        required: false
+        type: dict
+        version_added: '2.10'
+        suboptions:
+          enable_secure_boot:
+            description:
+            - Defines whether the instance has Secure Boot enabled.
+            - Secure Boot helps ensure that the system only runs authentic software
+              by verifying the digital signature of all boot components, and halting
+              the boot process if signature verification fails.
+            required: false
+            type: bool
+          enable_integrity_monitoring:
+            description:
+            - Defines whether the instance has integrity monitoring enabled.
+            - Enables monitoring and attestation of the boot integrity of the instance.
+            - The attestation is performed against the integrity policy baseline.
+              This baseline is initially derived from the implicitly trusted boot
+              image when the instance is created.
+            required: false
+            type: bool
   master_auth:
     description:
     - The authentication information for accessing the master endpoint.
@@ -827,6 +851,29 @@ nodeConfig:
           - Effect for taint.
           returned: success
           type: str
+    shieldedInstanceConfig:
+      description:
+      - Shielded Instance options.
+      returned: success
+      type: complex
+      contains:
+        enableSecureBoot:
+          description:
+          - Defines whether the instance has Secure Boot enabled.
+          - Secure Boot helps ensure that the system only runs authentic software
+            by verifying the digital signature of all boot components, and halting
+            the boot process if signature verification fails.
+          returned: success
+          type: bool
+        enableIntegrityMonitoring:
+          description:
+          - Defines whether the instance has integrity monitoring enabled.
+          - Enables monitoring and attestation of the boot integrity of the instance.
+          - The attestation is performed against the integrity policy baseline. This
+            baseline is initially derived from the implicitly trusted boot image when
+            the instance is created.
+          returned: success
+          type: bool
 masterAuth:
   description:
   - The authentication information for accessing the master endpoint.
@@ -1335,6 +1382,9 @@ def main():
                     disk_type=dict(type='str'),
                     min_cpu_platform=dict(type='str'),
                     taints=dict(type='list', elements='dict', options=dict(key=dict(type='str'), value=dict(type='str'), effect=dict(type='str'))),
+                    shielded_instance_config=dict(
+                        type='dict', options=dict(enable_secure_boot=dict(type='bool'), enable_integrity_monitoring=dict(type='bool'))
+                    ),
                 ),
             ),
             master_auth=dict(
@@ -1732,6 +1782,7 @@ class ClusterNodeconfig(object):
                 u'diskType': self.request.get('disk_type'),
                 u'minCpuPlatform': self.request.get('min_cpu_platform'),
                 u'taints': ClusterTaintsArray(self.request.get('taints', []), self.module).to_request(),
+                u'shieldedInstanceConfig': ClusterShieldedinstanceconfig(self.request.get('shielded_instance_config', {}), self.module).to_request(),
             }
         )
 
@@ -1752,6 +1803,7 @@ class ClusterNodeconfig(object):
                 u'diskType': self.request.get(u'diskType'),
                 u'minCpuPlatform': self.request.get(u'minCpuPlatform'),
                 u'taints': ClusterTaintsArray(self.request.get(u'taints', []), self.module).from_response(),
+                u'shieldedInstanceConfig': ClusterShieldedinstanceconfig(self.request.get(u'shieldedInstanceConfig', {}), self.module).from_response(),
             }
         )
 
@@ -1810,6 +1862,25 @@ class ClusterTaintsArray(object):
         return remove_nones_from_dict({u'key': item.get(u'key'), u'value': item.get(u'value'), u'effect': item.get(u'effect')})
 
 
+class ClusterShieldedinstanceconfig(object):
+    def __init__(self, request, module):
+        self.module = module
+        if request:
+            self.request = request
+        else:
+            self.request = {}
+
+    def to_request(self):
+        return remove_nones_from_dict(
+            {u'enableSecureBoot': self.request.get('enable_secure_boot'), u'enableIntegrityMonitoring': self.request.get('enable_integrity_monitoring')}
+        )
+
+    def from_response(self):
+        return remove_nones_from_dict(
+            {u'enableSecureBoot': self.request.get(u'enableSecureBoot'), u'enableIntegrityMonitoring': self.request.get(u'enableIntegrityMonitoring')}
+        )
+
+
 class ClusterMasterauth(object):
     def __init__(self, request, module):
         self.module = module

plugins/modules/gcp_container_cluster_info.py

@@ -288,6 +288,29 @@ resources:
               - Effect for taint.
               returned: success
               type: str
+        shieldedInstanceConfig:
+          description:
+          - Shielded Instance options.
+          returned: success
+          type: complex
+          contains:
+            enableSecureBoot:
+              description:
+              - Defines whether the instance has Secure Boot enabled.
+              - Secure Boot helps ensure that the system only runs authentic software
+                by verifying the digital signature of all boot components, and halting
+                the boot process if signature verification fails.
+              returned: success
+              type: bool
+            enableIntegrityMonitoring:
+              description:
+              - Defines whether the instance has integrity monitoring enabled.
+              - Enables monitoring and attestation of the boot integrity of the instance.
+              - The attestation is performed against the integrity policy baseline.
+                This baseline is initially derived from the implicitly trusted boot
+                image when the instance is created.
+              returned: success
+              type: bool
     masterAuth:
       description:
       - The authentication information for accessing the master endpoint.

plugins/modules/gcp_container_node_pool.py

@@ -207,6 +207,30 @@ options:
             - Effect for taint.
             required: false
             type: str
+      shielded_instance_config:
+        description:
+        - Shielded Instance options.
+        required: false
+        type: dict
+        version_added: '2.10'
+        suboptions:
+          enable_secure_boot:
+            description:
+            - Defines whether the instance has Secure Boot enabled.
+            - Secure Boot helps ensure that the system only runs authentic software
+              by verifying the digital signature of all boot components, and halting
+              the boot process if signature verification fails.
+            required: false
+            type: bool
+          enable_integrity_monitoring:
+            description:
+            - Defines whether the instance has integrity monitoring enabled.
+            - Enables monitoring and attestation of the boot integrity of the instance.
+            - The attestation is performed against the integrity policy baseline.
+              This baseline is initially derived from the implicitly trusted boot
+              image when the instance is created.
+            required: false
+            type: bool
   initial_node_count:
     description:
     - The initial node count for the pool. You must ensure that your Compute Engine
@@ -528,6 +552,29 @@ config:
           - Effect for taint.
           returned: success
           type: str
+    shieldedInstanceConfig:
+      description:
+      - Shielded Instance options.
+      returned: success
+      type: complex
+      contains:
+        enableSecureBoot:
+          description:
+          - Defines whether the instance has Secure Boot enabled.
+          - Secure Boot helps ensure that the system only runs authentic software
+            by verifying the digital signature of all boot components, and halting
+            the boot process if signature verification fails.
+          returned: success
+          type: bool
+        enableIntegrityMonitoring:
+          description:
+          - Defines whether the instance has integrity monitoring enabled.
+          - Enables monitoring and attestation of the boot integrity of the instance.
+          - The attestation is performed against the integrity policy baseline. This
+            baseline is initially derived from the implicitly trusted boot image when
+            the instance is created.
+          returned: success
+          type: bool
 initialNodeCount:
   description:
   - The initial node count for the pool. You must ensure that your Compute Engine
@@ -695,6 +742,9 @@ def main():
                     disk_type=dict(type='str'),
                     min_cpu_platform=dict(type='str'),
                     taints=dict(type='list', elements='dict', options=dict(key=dict(type='str'), value=dict(type='str'), effect=dict(type='str'))),
+                    shielded_instance_config=dict(
+                        type='dict', options=dict(enable_secure_boot=dict(type='bool'), enable_integrity_monitoring=dict(type='bool'))
+                    ),
                 ),
             ),
             initial_node_count=dict(required=True, type='int'),
@@ -926,6 +976,7 @@ class NodePoolConfig(object):
                 u'diskType': self.request.get('disk_type'),
                 u'minCpuPlatform': self.request.get('min_cpu_platform'),
                 u'taints': NodePoolTaintsArray(self.request.get('taints', []), self.module).to_request(),
+                u'shieldedInstanceConfig': NodePoolShieldedinstanceconfig(self.request.get('shielded_instance_config', {}), self.module).to_request(),
             }
         )
 
@@ -946,6 +997,7 @@ class NodePoolConfig(object):
                 u'diskType': self.request.get(u'diskType'),
                 u'minCpuPlatform': self.request.get(u'minCpuPlatform'),
                 u'taints': NodePoolTaintsArray(self.request.get(u'taints', []), self.module).from_response(),
+                u'shieldedInstanceConfig': NodePoolShieldedinstanceconfig(self.request.get(u'shieldedInstanceConfig', {}), self.module).from_response(),
             }
         )
 
@@ -1004,6 +1056,25 @@ class NodePoolTaintsArray(object):
         return remove_nones_from_dict({u'key': item.get(u'key'), u'value': item.get(u'value'), u'effect': item.get(u'effect')})
 
 
+class NodePoolShieldedinstanceconfig(object):
+    def __init__(self, request, module):
+        self.module = module
+        if request:
+            self.request = request
+        else:
+            self.request = {}
+
+    def to_request(self):
+        return remove_nones_from_dict(
+            {u'enableSecureBoot': self.request.get('enable_secure_boot'), u'enableIntegrityMonitoring': self.request.get('enable_integrity_monitoring')}
+        )
+
+    def from_response(self):
+        return remove_nones_from_dict(
+            {u'enableSecureBoot': self.request.get(u'enableSecureBoot'), u'enableIntegrityMonitoring': self.request.get(u'enableIntegrityMonitoring')}
+        )
+
+
 class NodePoolAutoscaling(object):
     def __init__(self, request, module):
         self.module = module

plugins/modules/gcp_container_node_pool_info.py

@@ -272,6 +272,29 @@ resources:
               - Effect for taint.
               returned: success
               type: str
+        shieldedInstanceConfig:
+          description:
+          - Shielded Instance options.
+          returned: success
+          type: complex
+          contains:
+            enableSecureBoot:
+              description:
+              - Defines whether the instance has Secure Boot enabled.
+              - Secure Boot helps ensure that the system only runs authentic software
+                by verifying the digital signature of all boot components, and halting
+                the boot process if signature verification fails.
+              returned: success
+              type: bool
+            enableIntegrityMonitoring:
+              description:
+              - Defines whether the instance has integrity monitoring enabled.
+              - Enables monitoring and attestation of the boot integrity of the instance.
+              - The attestation is performed against the integrity policy baseline.
+                This baseline is initially derived from the implicitly trusted boot
+                image when the instance is created.
+              returned: success
+              type: bool
     initialNodeCount:
       description:
       - The initial node count for the pool. You must ensure that your Compute Engine