Partial updates (#63)

2025-07-24 13:50:30 -07:00 · 2018-08-20 11:25:12 -07:00 · 2018-08-20 11:25:12 -07:00 · 2837b2f836
commit 2837b2f836
parent 3382f7f7b2
13 changed files with 1165 additions and 877 deletions
--- a/plugins/modules/gcp_compute_disk.py
+++ b/plugins/modules/gcp_compute_disk.py
@ -204,6 +204,12 @@ EXAMPLES = '''
 '''
 RETURN = '''
    label_fingerprint:
        description:
            - The fingerprint used for optimistic locking of this resource.  Used internally during
              updates.
        returned: success
        type: str
    creation_timestamp:
        description:
            - Creation timestamp in RFC3339 text format.
@ -430,8 +436,7 @@ def main():
    if fetch:
        if state == 'present':
            if is_different(module, fetch):
-                update(module, self_link(module), kind, fetch)
+                fetch = update(module, self_link(module), kind, fetch)
                fetch = fetch_resource(module, self_link(module), kind)
                changed = True
        else:
            delete(module, self_link(module), kind)
@ -455,7 +460,8 @@ def create(module, link, kind):
 def update(module, link, kind, fetch):
-    update_fields(module, resource_to_request(module), response_to_hash(module, fetch))
+    update_fields(module, resource_to_request(module),
                  response_to_hash(module, fetch))
    return fetch_resource(module, self_link(module), kind)
@ -469,16 +475,27 @@ def update_fields(module, request, response):
 def label_fingerprint_update(module, request, response):
    auth = GcpSession(module, 'compute')
    auth.post(
-        ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/zones/{zone}/disks/{name}/setLabels"]).format(**module.params),
+        ''.join([
-        {u'labelFingerprint': response.get('labelFingerprint'), u'labels': module.params.get('labels')},
+            "https://www.googleapis.com/compute/v1/",
            "projects/{project}/zones/{zone}/disks/{name}/setLabels"
        ]).format(**module.params),
        {
            u'labelFingerprint': response.get('labelFingerprint'),
            u'labels': module.params.get('labels')
        }
    )
 def size_gb_update(module, request, response):
    auth = GcpSession(module, 'compute')
    auth.post(
-        ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/zones/{zone}/disks/{name}/resize"]).format(**module.params),
+        ''.join([
-        {u'sizeGb': module.params.get('size_gb')},
+            "https://www.googleapis.com/compute/v1/",
            "projects/{project}/zones/{zone}/disks/{name}/resize"
        ]).format(**module.params),
        {
            u'sizeGb': module.params.get('size_gb')
        }
    )
--- a/plugins/modules/gcp_compute_disk_facts.py
+++ b/plugins/modules/gcp_compute_disk_facts.py
@ -53,7 +53,7 @@ extends_documentation_fragment: gcp
 '''
 EXAMPLES = '''
- name:  a disk facts
+- name: " a disk facts"
  gcp_compute_disk_facts:
    zone: us-central1-a
    filters:
@ -61,6 +61,7 @@ EXAMPLES = '''
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: facts
 '''
 RETURN = '''
@ -69,13 +70,13 @@ items:
    returned: always
    type: complex
    contains:
-    labelFingerprint:
+        label_fingerprint:
            description:
-      - The fingerprint used for optimistic locking of this resource. Used internally
+                - The fingerprint used for optimistic locking of this resource.  Used internally during
-        during updates.
+                  updates.
            returned: success
            type: str
-    creationTimestamp:
+        creation_timestamp:
            description:
                - Creation timestamp in RFC3339 text format.
            returned: success
@ -91,12 +92,12 @@ items:
                - The unique identifier for the resource.
            returned: success
            type: int
-    lastAttachTimestamp:
+        last_attach_timestamp:
            description:
                - Last attach timestamp in RFC3339 text format.
            returned: success
            type: str
-    lastDetachTimestamp:
+        last_detach_timestamp:
            description:
                - Last dettach timestamp in RFC3339 text format.
            returned: success
@ -113,22 +114,21 @@ items:
            type: list
        name:
            description:
-      - Name of the resource. Provided by the client when the resource is created.
+                - Name of the resource. Provided by the client when the resource is created. The name
-        The name must be 1-63 characters long, and comply with RFC1035. Specifically,
+                  must be 1-63 characters long, and comply with RFC1035. Specifically, the name must
-        the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
+                  be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
-        which means the first character must be a lowercase letter, and all following
+                  which means the first character must be a lowercase letter, and all following characters
-        characters must be a dash, lowercase letter, or digit, except the last character,
+                  must be a dash, lowercase letter, or digit, except the last character, which cannot
-        which cannot be a dash.
+                  be a dash.
            returned: success
            type: str
-    sizeGb:
+        size_gb:
            description:
-      - Size of the persistent disk, specified in GB. You can specify this field when
+                - Size of the persistent disk, specified in GB. You can specify this field when creating
-        creating a persistent disk using the sourceImage or sourceSnapshot parameter,
+                  a persistent disk using the sourceImage or sourceSnapshot parameter, or specify
-        or specify it alone to create an empty persistent disk.
+                  it alone to create an empty persistent disk.
-      - If you specify this field along with sourceImage or sourceSnapshot, the value
+                - If you specify this field along with sourceImage or sourceSnapshot, the value of
-        of sizeGb must not be less than the size of the sourceImage or the size of
+                  sizeGb must not be less than the size of the sourceImage or the size of the snapshot.
        the snapshot.
            returned: success
            type: int
        users:
@ -139,23 +139,22 @@ items:
            type: list
        type:
            description:
-      - URL of the disk type resource describing which disk type to use to create
+                - URL of the disk type resource describing which disk type to use to create the disk.
-        the disk. Provide this when creating the disk.
+                  Provide this when creating the disk.
            returned: success
            type: str
-    sourceImage:
+        source_image:
            description:
-      - The source image used to create this disk. If the source image is deleted,
+                - The source image used to create this disk. If the source image is deleted, this
-        this field will not be set.
+                  field will not be set.
-      - 'To create a disk with one of the public operating system images, specify
+                - 'To create a disk with one of the public operating system images, specify the image
-        the image by its family name. For example, specify family/debian-8 to use
+                  by its family name. For example, specify family/debian-8 to use the latest Debian
-        the latest Debian 8 image: projects/debian-cloud/global/images/family/debian-8
+                  8 image:  projects/debian-cloud/global/images/family/debian-8  Alternatively, use
-        Alternatively, use a specific version of a public operating system image:
+                  a specific version of a public operating system image:  projects/debian-cloud/global/images/debian-8-jessie-vYYYYMMDD  To
-        projects/debian-cloud/global/images/debian-8-jessie-vYYYYMMDD To create a
+                  create a disk with a private image that you created, specify the image name in the
        disk with a private image that you created, specify the image name in the
                  following format:  global/images/my-private-image  You can also specify a private
-        image by its image family, which returns the latest version of the image in
+                  image by its image family, which returns the latest version of the image in that
-        that family. Replace the image name with family/family-name: global/images/family/my-private-family
+                  family. Replace the image name with family/family-name:  global/images/family/my-private-family
                  .'
            returned: success
            type: str
@ -164,107 +163,93 @@ items:
                - A reference to the zone where the disk resides.
            returned: success
            type: str
-    sourceImageEncryptionKey:
+        source_image_encryption_key:
            description:
-      - The customer-supplied encryption key of the source image. Required if the
+                - The customer-supplied encryption key of the source image. Required if the source
-        source image is protected by a customer-supplied encryption key.
+                  image is protected by a customer-supplied encryption key.
            returned: success
            type: complex
            contains:
-        rawKey:
+                raw_key:
                    description:
-          - Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648
+                        - Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64
-            base64 to either encrypt or decrypt this resource.
+                          to either encrypt or decrypt this resource.
                    returned: success
                    type: str
                sha256:
                    description:
-          - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption
+                        - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key
-            key that protects this resource.
+                          that protects this resource.
                    returned: success
                    type: str
-        kmsKeyName:
+        source_image_id:
            description:
-          - The name of the encryption key that is stored in Google Cloud KMS.
+                - The ID value of the image used to create this disk. This value identifies the exact
                  image that was used to create this persistent disk. For example, if you created
                  the persistent disk from an image that was later deleted and recreated under the
                  same name, the source image ID would identify the exact version of the image that
                  was used.
            returned: success
            type: str
-    sourceImageId:
+        disk_encryption_key:
      description:
      - The ID value of the image used to create this disk. This value identifies
        the exact image that was used to create this persistent disk. For example,
        if you created the persistent disk from an image that was later deleted and
        recreated under the same name, the source image ID would identify the exact
        version of the image that was used.
      returned: success
      type: str
    diskEncryptionKey:
            description:
                - Encrypts the disk using a customer-supplied encryption key.
-      - After you encrypt a disk with a customer-supplied key, you must provide the
+                - After you encrypt a disk with a customer-supplied key, you must provide the same
-        same key if you use the disk later (e.g. to create a disk snapshot or an image,
+                  key if you use the disk later (e.g. to create a disk snapshot or an image, or to
-        or to attach the disk to a virtual machine).
+                  attach the disk to a virtual machine).
-      - Customer-supplied encryption keys do not protect access to metadata of the
+                - Customer-supplied encryption keys do not protect access to metadata of the disk.
-        disk.
+                - If you do not provide an encryption key when creating the disk, then the disk will
-      - If you do not provide an encryption key when creating the disk, then the disk
+                  be encrypted using an automatically generated key and you do not need to provide
-        will be encrypted using an automatically generated key and you do not need
+                  a key to use the disk later.
        to provide a key to use the disk later.
            returned: success
            type: complex
            contains:
-        rawKey:
+                raw_key:
                    description:
-          - Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648
+                        - Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64
-            base64 to either encrypt or decrypt this resource.
+                          to either encrypt or decrypt this resource.
                    returned: success
                    type: str
                sha256:
                    description:
-          - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption
+                        - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key
-            key that protects this resource.
+                          that protects this resource.
                    returned: success
                    type: str
-        kmsKeyName:
+        source_snapshot:
            description:
-          - The name of the encryption key that is stored in Google Cloud KMS.
+                - 'The source snapshot used to create this disk. You can provide this as a partial
                  or full URL to the resource. For example, the following are valid values: *
                  `U(https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot`)
                  * `projects/project/global/snapshots/snapshot` * `global/snapshots/snapshot` .'
            returned: success
-          type: str
+            type: dict
-    sourceSnapshot:
+        source_snapshot_encryption_key:
            description:
-      - The source snapshot used to create this disk. You can provide this as a partial
+                - The customer-supplied encryption key of the source snapshot. Required if the source
-        or full URL to the resource.
+                  snapshot is protected by a customer-supplied encryption key.
      returned: success
      type: str
    sourceSnapshotEncryptionKey:
      description:
      - The customer-supplied encryption key of the source snapshot. Required if the
        source snapshot is protected by a customer-supplied encryption key.
            returned: success
            type: complex
            contains:
-        rawKey:
+                raw_key:
                    description:
-          - Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648
+                        - Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64
-            base64 to either encrypt or decrypt this resource.
+                          to either encrypt or decrypt this resource.
          returned: success
          type: str
        kmsKeyName:
          description:
          - The name of the encryption key that is stored in Google Cloud KMS.
                    returned: success
                    type: str
                sha256:
                    description:
-          - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption
+                        - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key
-            key that protects this resource.
+                          that protects this resource.
                    returned: success
                    type: str
-    sourceSnapshotId:
+        source_snapshot_id:
            description:
-      - The unique ID of the snapshot used to create this disk. This value identifies
+                - The unique ID of the snapshot used to create this disk. This value identifies the
-        the exact snapshot that was used to create this persistent disk. For example,
+                  exact snapshot that was used to create this persistent disk. For example, if you
-        if you created the persistent disk from a snapshot that was later deleted
+                  created the persistent disk from a snapshot that was later deleted and recreated
-        and recreated under the same name, the source snapshot ID would identify the
+                  under the same name, the source snapshot ID would identify the exact version of
-        exact version of the snapshot that was used.
+                  the snapshot that was used.
            returned: success
            type: str
 '''
@ -291,7 +276,7 @@ def main():
        items = items.get('items')
    else:
        items = []
-    return_value = {'items': items}
+    return_value = {'resources': items}
    module.exit_json(**return_value)
--- a/plugins/modules/gcp_compute_forwarding_rule.py
+++ b/plugins/modules/gcp_compute_forwarding_rule.py
@ -91,19 +91,17 @@ options:
    - ICMP
  backend_service:
    description:
-    - A reference to a BackendService to receive the matched traffic.
+    - A BackendService to receive the matched traffic. This is used only for INTERNAL
-    - This is used for internal load balancing.
+      load balancing.
    - "(not used for external load balancing) ."
    - 'This field represents a link to a BackendService resource in GCP. It can be
-      specified in two ways. First, you can place in the selfLink of the resource
+      specified in two ways. First, you can place a dictionary with key ''selfLink''
-      here as a string Alternatively, you can add `register: name-of-resource` to
+      and value of your resource''s selfLink Alternatively, you can add `register:
-      a gcp_compute_backend_service task and then set this backend_service field to
+      name-of-resource` to a gcp_compute_backend_service task and then set this backend_service
-      "{{ name-of-resource }}"'
+      field to "{{ name-of-resource }}"'
    required: false
  ip_version:
    description:
-    - The IP Version that will be used by this forwarding rule. Valid options are
+    - ipVersion is not a valid field for regional forwarding rules.
      IPV4 or IPV6. This can only be specified for a global forwarding rule.
    required: false
    choices:
    - IPV4
@ -133,11 +131,12 @@ options:
    - For internal load balancing, this field identifies the network that the load
      balanced IP should belong to for this Forwarding Rule. If this field is not
      specified, the default network will be used.
-    - This field is not used for external load balancing.
+    - This field is only used for INTERNAL load balancing.
    - 'This field represents a link to a Network resource in GCP. It can be specified
-      in two ways. First, you can place in the selfLink of the resource here as a
+      in two ways. First, you can place a dictionary with key ''selfLink'' and value
-      string Alternatively, you can add `register: name-of-resource` to a gcp_compute_network
+      of your resource''s selfLink Alternatively, you can add `register: name-of-resource`
-      task and then set this network field to "{{ name-of-resource }}"'
+      to a gcp_compute_network task and then set this network field to "{{ name-of-resource
      }}"'
    required: false
  port_range:
    description:
@ -163,31 +162,38 @@ options:
    required: false
  subnetwork:
    description:
-    - A reference to a subnetwork.
+    - The subnetwork that the load balanced IP should belong to for this Forwarding
-    - For internal load balancing, this field identifies the subnetwork that the load
+      Rule. This field is only used for INTERNAL load balancing.
      balanced IP should belong to for this Forwarding Rule.
    - If the network specified is in auto subnet mode, this field is optional. However,
      if the network is in custom subnet mode, a subnetwork must be specified.
    - This field is not used for external load balancing.
    - 'This field represents a link to a Subnetwork resource in GCP. It can be specified
-      in two ways. First, you can place in the selfLink of the resource here as a
+      in two ways. First, you can place a dictionary with key ''selfLink'' and value
-      string Alternatively, you can add `register: name-of-resource` to a gcp_compute_subnetwork
+      of your resource''s selfLink Alternatively, you can add `register: name-of-resource`
-      task and then set this subnetwork field to "{{ name-of-resource }}"'
+      to a gcp_compute_subnetwork task and then set this subnetwork field to "{{ name-of-resource
      }}"'
    required: false
  target:
    description:
    - This field is only used for EXTERNAL load balancing.
    - A reference to a TargetPool resource to receive the matched traffic.
-    - For regional forwarding rules, this target must live in the same region as the
+    - This target must live in the same region as the forwarding rule.
-      forwarding rule. For global forwarding rules, this target must be a global load
+    - The forwarded traffic must be of a type appropriate to the target object.
      balancing resource. The forwarded traffic must be of a type appropriate to the
      target object.
    - This field is not used for internal load balancing.
    - 'This field represents a link to a TargetPool resource in GCP. It can be specified
-      in two ways. First, you can place in the selfLink of the resource here as a
+      in two ways. First, you can place a dictionary with key ''selfLink'' and value
-      string Alternatively, you can add `register: name-of-resource` to a gcp_compute_target_pool
+      of your resource''s selfLink Alternatively, you can add `register: name-of-resource`
-      task and then set this target field to "{{ name-of-resource }}"'
+      to a gcp_compute_target_pool task and then set this target field to "{{ name-of-resource
      }}"'
    required: false
    version_added: 2.7
  all_ports:
    description:
    - For internal TCP/UDP load balancing (i.e. load balancing scheme is INTERNAL
      and protocol is TCP/UDP), set this to true to allow packets addressed to any
      ports to be forwarded to the backends configured with this forwarding rule.
      Used with backend service. Cannot be set if port or portRange are set.
    required: false
    type: bool
    version_added: 2.8
  network_tier:
    description:
    - 'The networking tier used for configuring this address. This field can take
@ -198,6 +204,18 @@ options:
    choices:
    - PREMIUM
    - STANDARD
  service_label:
    description:
    - An optional prefix to the service name for this Forwarding Rule.
    - If specified, will be the first label of the fully qualified service name.
    - The label must be 1-63 characters long, and comply with RFC1035.
    - Specifically, the label must be 1-63 characters long and match the regular expression
      `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase
      letter, and all following characters must be a dash, lowercase letter, or digit,
      except the last character, which cannot be a dash.
    - This field is only used for INTERNAL load balancing.
    required: false
    version_added: 2.8
  region:
    description:
    - A reference to the region where the regional forwarding rule resides.
@ -205,14 +223,14 @@ options:
    required: true
 extends_documentation_fragment: gcp
 notes:
- 'API Reference: U(https://cloud.google.com/compute/docs/reference/latest/forwardingRule)'
+- 'API Reference: U(https://cloud.google.com/compute/docs/reference/v1/forwardingRule)'
 - 'Official Documentation: U(https://cloud.google.com/compute/docs/load-balancing/network/forwarding-rules)'
 '''
 EXAMPLES = '''
 - name: create a address
  gcp_compute_address:
-      name: "address-forwardingrule"
+    name: address-forwardingrule
    region: us-west1
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
@ -222,7 +240,7 @@ EXAMPLES = '''
 - name: create a target pool
  gcp_compute_target_pool:
-      name: "targetpool-forwardingrule"
+    name: targetpool-forwardingrule
    region: us-west1
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
@ -232,20 +250,20 @@ EXAMPLES = '''
 - name: create a forwarding rule
  gcp_compute_forwarding_rule:
-      name: "test_object"
+    name: test_object
    region: us-west1
    target: "{{ targetpool }}"
    ip_protocol: TCP
    port_range: 80-80
    ip_address: "{{ address.address }}"
-      project: "test_project"
+    project: test_project
-      auth_kind: "serviceaccount"
+    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present
 '''
 RETURN = '''
-creationTimestamp:
+    creation_timestamp:
        description:
            - Creation timestamp in RFC3339 text format.
        returned: success
@ -261,96 +279,95 @@ id:
            - The unique identifier for the resource.
        returned: success
        type: int
-IPAddress:
+    ip_address:
        description:
            - The IP address that this forwarding rule is serving on behalf of.
-  - Addresses are restricted based on the forwarding rule's load balancing scheme
+            - Addresses are restricted based on the forwarding rule's load balancing scheme (EXTERNAL
-    (EXTERNAL or INTERNAL) and scope (global or regional).
+              or INTERNAL) and scope (global or regional).
            - When the load balancing scheme is EXTERNAL, for global forwarding rules, the address
-    must be a global IP, and for regional forwarding rules, the address must live
+              must be a global IP, and for regional forwarding rules, the address must live in
-    in the same region as the forwarding rule. If this field is empty, an ephemeral
+              the same region as the forwarding rule. If this field is empty, an ephemeral IPv4
-    IPv4 address from the same scope (global or regional) will be assigned. A regional
+              address from the same scope (global or regional) will be assigned. A regional forwarding
-    forwarding rule supports IPv4 only. A global forwarding rule supports either IPv4
+              rule supports IPv4 only. A global forwarding rule supports either IPv4 or IPv6.
    or IPv6.
            - When the load balancing scheme is INTERNAL, this can only be an RFC 1918 IP address
              belonging to the network/subnet configured for the forwarding rule. By default,
-    if this field is empty, an ephemeral internal IP address will be automatically
+              if this field is empty, an ephemeral internal IP address will be automatically allocated
-    allocated from the IP range of the subnet or network configured for this forwarding
+              from the IP range of the subnet or network configured for this forwarding rule.
-    rule.
+            - 'An address can be specified either by a literal IP address or a URL reference to
-  - 'An address can be specified either by a literal IP address or a URL reference
+              an existing Address resource. The following examples are all valid:  * 100.1.2.3
    to an existing Address resource. The following examples are all valid: * 100.1.2.3
              * U(https://www.googleapis.com/compute/v1/projects/project/regions/region/addresses/address)
              * projects/project/regions/region/addresses/address * regions/region/addresses/address
              * global/addresses/address * address .'
        returned: success
        type: str
-IPProtocol:
+    ip_protocol:
        description:
            - The IP protocol to which this rule applies. Valid options are TCP, UDP, ESP, AH,
              SCTP or ICMP.
            - When the load balancing scheme is INTERNAL, only TCP and UDP are valid.
        returned: success
        type: str
-backendService:
+    backend_service:
        description:
            - A reference to a BackendService to receive the matched traffic.
            - This is used for internal load balancing.
            - "(not used for external load balancing) ."
        returned: success
-  type: str
+        type: dict
-ipVersion:
+    ip_version:
        description:
            - The IP Version that will be used by this forwarding rule. Valid options are IPV4
              or IPV6. This can only be specified for a global forwarding rule.
        returned: success
        type: str
-loadBalancingScheme:
+    load_balancing_scheme:
        description:
-  - 'This signifies what the ForwardingRule will be used for and can only take the
+            - 'This signifies what the ForwardingRule will be used for and can only take the following
-    following values: INTERNAL, EXTERNAL The value of INTERNAL means that this will
+              values: INTERNAL, EXTERNAL The value of INTERNAL means that this will be used for
-    be used for Internal Network Load Balancing (TCP, UDP). The value of EXTERNAL
+              Internal Network Load Balancing (TCP, UDP). The value of EXTERNAL means that this
-    means that this will be used for External Load Balancing (HTTP(S) LB, External
+              will be used for External Load Balancing (HTTP(S) LB, External TCP/UDP LB, SSL Proxy)
-    TCP/UDP LB, SSL Proxy) .'
+              .'
        returned: success
        type: str
    name:
        description:
-  - Name of the resource; provided by the client when the resource is created. The
+            - Name of the resource; provided by the client when the resource is created. The name
-    name must be 1-63 characters long, and comply with RFC1035. Specifically, the
+              must be 1-63 characters long, and comply with RFC1035. Specifically, the name must
-    name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
+              be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
-    which means the first character must be a lowercase letter, and all following
+              which means the first character must be a lowercase letter, and all following characters
-    characters must be a dash, lowercase letter, or digit, except the last character,
+              must be a dash, lowercase letter, or digit, except the last character, which cannot
-    which cannot be a dash.
+              be a dash.
        returned: success
        type: str
    network:
        description:
            - For internal load balancing, this field identifies the network that the load balanced
-    IP should belong to for this Forwarding Rule. If this field is not specified,
+              IP should belong to for this Forwarding Rule. If this field is not specified, the
-    the default network will be used.
+              default network will be used.
            - This field is not used for external load balancing.
        returned: success
-  type: str
+        type: dict
-portRange:
+    port_range:
        description:
            - This field is used along with the target field for TargetHttpProxy, TargetHttpsProxy,
              TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance.
            - Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets addressed to
              ports in the specified range will be forwarded to target.
-  - Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint
+            - Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint port
-    port ranges.
+              ranges.
            - 'Some types of forwarding target have constraints on the acceptable ports:  * TargetHttpProxy:
-    80, 8080 * TargetHttpsProxy: 443 * TargetTcpProxy: 25, 43, 110, 143, 195, 443,
+              80, 8080 * TargetHttpsProxy: 443 * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465,
-    465, 587, 700, 993, 995, 1883, 5222 * TargetSslProxy: 25, 43, 110, 143, 195, 443,
+              587, 700, 993, 995,                   1883, 5222 * TargetSslProxy: 25, 43, 110,
-    465, 587, 700, 993, 995, 1883, 5222 * TargetVpnGateway: 500, 4500 .'
+              143, 195, 443, 465, 587, 700, 993, 995,                   1883, 5222 * TargetVpnGateway:
              500, 4500 .'
        returned: success
        type: str
    ports:
        description:
            - This field is used along with the backend_service field for internal load balancing.
-  - When the load balancing scheme is INTERNAL, a single port or a comma separated
+            - When the load balancing scheme is INTERNAL, a single port or a comma separated list
-    list of ports can be configured. Only packets addressed to these ports will be
+              of ports can be configured. Only packets addressed to these ports will be forwarded
-    forwarded to the backends configured with this forwarding rule.
+              to the backends configured with this forwarding rule.
            - You may specify a maximum of up to 5 ports.
        returned: success
        type: list
@ -363,22 +380,20 @@ subnetwork:
              if the network is in custom subnet mode, a subnetwork must be specified.
            - This field is not used for external load balancing.
        returned: success
-  type: str
+        type: dict
    target:
        description:
            - A reference to a TargetPool resource to receive the matched traffic.
-  - For regional forwarding rules, this target must live in the same region as the
+            - For regional forwarding rules, this target must live in the same region as the forwarding
-    forwarding rule. For global forwarding rules, this target must be a global load
+              rule. For global forwarding rules, this target must be a global load balancing resource.
-    balancing resource. The forwarded traffic must be of a type appropriate to the
+              The forwarded traffic must be of a type appropriate to the target object.
    target object.
            - This field is not used for internal load balancing.
        returned: success
-  type: str
+        type: dict
-networkTier:
+    label_fingerprint:
        description:
-  - 'The networking tier used for configuring this address. This field can take the
+            - The fingerprint used for optimistic locking of this resource.  Used internally during
-    following values: PREMIUM or STANDARD. If this field is not specified, it is assumed
+              updates.
    to be PREMIUM.'
        returned: success
        type: str
    region:
@ -411,16 +426,18 @@ def main():
            description=dict(type='str'),
            ip_address=dict(type='str'),
            ip_protocol=dict(type='str', choices=['TCP', 'UDP', 'ESP', 'AH', 'SCTP', 'ICMP']),
-            backend_service=dict(),
+            backend_service=dict(type='dict'),
            ip_version=dict(type='str', choices=['IPV4', 'IPV6']),
            load_balancing_scheme=dict(type='str', choices=['INTERNAL', 'EXTERNAL']),
            name=dict(required=True, type='str'),
-            network=dict(),
+            network=dict(type='dict'),
            port_range=dict(type='str'),
            ports=dict(type='list', elements='str'),
-            subnetwork=dict(),
+            subnetwork=dict(type='dict'),
-            target=dict(),
+            target=dict(type='dict'),
            all_ports=dict(type='bool'),
            network_tier=dict(type='str', choices=['PREMIUM', 'STANDARD']),
            service_label=dict(type='str'),
            region=dict(required=True, type='str'),
        )
    )
@ -437,7 +454,7 @@ def main():
    if fetch:
        if state == 'present':
            if is_different(module, fetch):
-                fetch = update(module, self_link(module), kind)
+                fetch = update(module, self_link(module), kind, fetch)
                changed = True
        else:
            delete(module, self_link(module), kind)
@ -460,8 +477,41 @@ def create(module, link, kind):
    return wait_for_operation(module, auth.post(link, resource_to_request(module)))
-def update(module, link, kind):
+def update(module, link, kind, fetch):
-    module.fail_json(msg="ForwardingRule cannot be edited")
+    update_fields(module, resource_to_request(module),
                  response_to_hash(module, fetch))
    return fetch_resource(module, self_link(module), kind)
 def update_fields(module, request, response):
    if response.get('target') != request.get('target'):
        target_update(module, request, response)
 def target_update(module, request, response):
    auth = GcpSession(module, 'compute')
    auth.post(
        ''.join([
            "https://www.googleapis.com/compute/v1/",
            "projects/{project}/regions/{region}/forwardingRules/{name}/setTarget"
        ]).format(**module.params),
        {
            u'target': replace_resource_dict(module.params.get(u'target', {}), 'selfLink')
        }
    )
 def label_fingerprint_update(module, request, response):
    auth = GcpSession(module, 'compute')
    auth.post(
        ''.join([
            "https://www.googleapis.com/compute/v1/",
            "projects/{project}/regions/{region}/forwardingRules/{name}/setLabels"
        ]).format(**module.params),
        {
            u'labelFingerprint': response.get('labelFingerprint')
        }
    )
 def delete(module, link, kind):
@ -484,7 +534,9 @@ def resource_to_request(module):
        u'ports': module.params.get('ports'),
        u'subnetwork': replace_resource_dict(module.params.get(u'subnetwork', {}), 'selfLink'),
        u'target': replace_resource_dict(module.params.get(u'target', {}), 'selfLink'),
        u'allPorts': module.params.get('all_ports'),
        u'networkTier': module.params.get('network_tier'),
        u'serviceLabel': module.params.get('service_label'),
    }
    return_vals = {}
    for k, v in request.items():
@ -564,7 +616,7 @@ def response_to_hash(module, response):
        u'ports': response.get(u'ports'),
        u'subnetwork': response.get(u'subnetwork'),
        u'target': response.get(u'target'),
-        u'networkTier': module.params.get('network_tier'),
+        u'labelFingerprint': response.get(u'labelFingerprint')
    }
--- a/plugins/modules/gcp_compute_forwarding_rule_facts.py
+++ b/plugins/modules/gcp_compute_forwarding_rule_facts.py
@ -54,7 +54,7 @@ extends_documentation_fragment: gcp
 '''
 EXAMPLES = '''
- name:  a forwarding rule facts
+- name: " a forwarding rule facts"
  gcp_compute_forwarding_rule_facts:
    region: us-west1
    filters:
@ -62,6 +62,7 @@ EXAMPLES = '''
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: facts
 '''
 RETURN = '''
@ -70,7 +71,7 @@ items:
    returned: always
    type: complex
    contains:
-    creationTimestamp:
+        creation_timestamp:
            description:
                - Creation timestamp in RFC3339 text format.
            returned: success
@ -86,126 +87,121 @@ items:
                - The unique identifier for the resource.
            returned: success
            type: int
-    IPAddress:
+        ip_address:
            description:
                - The IP address that this forwarding rule is serving on behalf of.
-      - Addresses are restricted based on the forwarding rule's load balancing scheme
+                - Addresses are restricted based on the forwarding rule's load balancing scheme (EXTERNAL
-        (EXTERNAL or INTERNAL) and scope (global or regional).
+                  or INTERNAL) and scope (global or regional).
-      - When the load balancing scheme is EXTERNAL, for global forwarding rules, the
+                - When the load balancing scheme is EXTERNAL, for global forwarding rules, the address
-        address must be a global IP, and for regional forwarding rules, the address
+                  must be a global IP, and for regional forwarding rules, the address must live in
-        must live in the same region as the forwarding rule. If this field is empty,
+                  the same region as the forwarding rule. If this field is empty, an ephemeral IPv4
-        an ephemeral IPv4 address from the same scope (global or regional) will be
+                  address from the same scope (global or regional) will be assigned. A regional forwarding
-        assigned. A regional forwarding rule supports IPv4 only. A global forwarding
+                  rule supports IPv4 only. A global forwarding rule supports either IPv4 or IPv6.
-        rule supports either IPv4 or IPv6.
+                - When the load balancing scheme is INTERNAL, this can only be an RFC 1918 IP address
-      - When the load balancing scheme is INTERNAL, this can only be an RFC 1918 IP
+                  belonging to the network/subnet configured for the forwarding rule. By default,
-        address belonging to the network/subnet configured for the forwarding rule.
+                  if this field is empty, an ephemeral internal IP address will be automatically allocated
-        By default, if this field is empty, an ephemeral internal IP address will
+                  from the IP range of the subnet or network configured for this forwarding rule.
-        be automatically allocated from the IP range of the subnet or network configured
+                - 'An address can be specified either by a literal IP address or a URL reference to
-        for this forwarding rule.
+                  an existing Address resource. The following examples are all valid:  * 100.1.2.3
      - 'An address can be specified either by a literal IP address or a URL reference
        to an existing Address resource. The following examples are all valid: * 100.1.2.3
                  * U(https://www.googleapis.com/compute/v1/projects/project/regions/region/addresses/address)
                  * projects/project/regions/region/addresses/address * regions/region/addresses/address
                  * global/addresses/address * address .'
            returned: success
            type: str
-    IPProtocol:
+        ip_protocol:
            description:
-      - The IP protocol to which this rule applies. Valid options are TCP, UDP, ESP,
+                - The IP protocol to which this rule applies. Valid options are TCP, UDP, ESP, AH,
-        AH, SCTP or ICMP.
+                  SCTP or ICMP.
                - When the load balancing scheme is INTERNAL, only TCP and UDP are valid.
            returned: success
            type: str
-    backendService:
+        backend_service:
            description:
                - A reference to a BackendService to receive the matched traffic.
                - This is used for internal load balancing.
                - "(not used for external load balancing) ."
            returned: success
-      type: str
+            type: dict
-    ipVersion:
+        ip_version:
            description:
-      - The IP Version that will be used by this forwarding rule. Valid options are
+                - The IP Version that will be used by this forwarding rule. Valid options are IPV4
-        IPV4 or IPV6. This can only be specified for a global forwarding rule.
+                  or IPV6. This can only be specified for a global forwarding rule.
            returned: success
            type: str
-    loadBalancingScheme:
+        load_balancing_scheme:
            description:
-      - 'This signifies what the ForwardingRule will be used for and can only take
+                - 'This signifies what the ForwardingRule will be used for and can only take the following
-        the following values: INTERNAL, EXTERNAL The value of INTERNAL means that
+                  values: INTERNAL, EXTERNAL The value of INTERNAL means that this will be used for
-        this will be used for Internal Network Load Balancing (TCP, UDP). The value
+                  Internal Network Load Balancing (TCP, UDP). The value of EXTERNAL means that this
-        of EXTERNAL means that this will be used for External Load Balancing (HTTP(S)
+                  will be used for External Load Balancing (HTTP(S) LB, External TCP/UDP LB, SSL Proxy)
-        LB, External TCP/UDP LB, SSL Proxy) .'
+                  .'
            returned: success
            type: str
        name:
            description:
-      - Name of the resource; provided by the client when the resource is created.
+                - Name of the resource; provided by the client when the resource is created. The name
-        The name must be 1-63 characters long, and comply with RFC1035. Specifically,
+                  must be 1-63 characters long, and comply with RFC1035. Specifically, the name must
-        the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
+                  be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
-        which means the first character must be a lowercase letter, and all following
+                  which means the first character must be a lowercase letter, and all following characters
-        characters must be a dash, lowercase letter, or digit, except the last character,
+                  must be a dash, lowercase letter, or digit, except the last character, which cannot
-        which cannot be a dash.
+                  be a dash.
            returned: success
            type: str
        network:
            description:
-      - For internal load balancing, this field identifies the network that the load
+                - For internal load balancing, this field identifies the network that the load balanced
-        balanced IP should belong to for this Forwarding Rule. If this field is not
+                  IP should belong to for this Forwarding Rule. If this field is not specified, the
-        specified, the default network will be used.
+                  default network will be used.
                - This field is not used for external load balancing.
            returned: success
-      type: str
+            type: dict
-    portRange:
+        port_range:
            description:
                - This field is used along with the target field for TargetHttpProxy, TargetHttpsProxy,
                  TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance.
-      - Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets addressed
+                - Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets addressed to
-        to ports in the specified range will be forwarded to target.
+                  ports in the specified range will be forwarded to target.
-      - Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint
+                - Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint port
-        port ranges.
+                  ranges.
-      - 'Some types of forwarding target have constraints on the acceptable ports:
+                - 'Some types of forwarding target have constraints on the acceptable ports:  * TargetHttpProxy:
-        * TargetHttpProxy: 80, 8080 * TargetHttpsProxy: 443 * TargetTcpProxy: 25,
+                  80, 8080 * TargetHttpsProxy: 443 * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465,
-        43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 * TargetSslProxy:
+                  587, 700, 993, 995,                   1883, 5222 * TargetSslProxy: 25, 43, 110,
-        25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 * TargetVpnGateway:
+                  143, 195, 443, 465, 587, 700, 993, 995,                   1883, 5222 * TargetVpnGateway:
                  500, 4500 .'
            returned: success
            type: str
        ports:
            description:
-      - This field is used along with the backend_service field for internal load
+                - This field is used along with the backend_service field for internal load balancing.
-        balancing.
+                - When the load balancing scheme is INTERNAL, a single port or a comma separated list
-      - When the load balancing scheme is INTERNAL, a single port or a comma separated
+                  of ports can be configured. Only packets addressed to these ports will be forwarded
-        list of ports can be configured. Only packets addressed to these ports will
+                  to the backends configured with this forwarding rule.
        be forwarded to the backends configured with this forwarding rule.
                - You may specify a maximum of up to 5 ports.
            returned: success
            type: list
        subnetwork:
            description:
                - A reference to a subnetwork.
-      - For internal load balancing, this field identifies the subnetwork that the
+                - For internal load balancing, this field identifies the subnetwork that the load
-        load balanced IP should belong to for this Forwarding Rule.
+                  balanced IP should belong to for this Forwarding Rule.
                - If the network specified is in auto subnet mode, this field is optional. However,
                  if the network is in custom subnet mode, a subnetwork must be specified.
                - This field is not used for external load balancing.
            returned: success
-      type: str
+            type: dict
        target:
            description:
                - A reference to a TargetPool resource to receive the matched traffic.
-      - For regional forwarding rules, this target must live in the same region as
+                - For regional forwarding rules, this target must live in the same region as the forwarding
-        the forwarding rule. For global forwarding rules, this target must be a global
+                  rule. For global forwarding rules, this target must be a global load balancing resource.
-        load balancing resource. The forwarded traffic must be of a type appropriate
+                  The forwarded traffic must be of a type appropriate to the target object.
        to the target object.
                - This field is not used for internal load balancing.
            returned: success
-      type: str
+            type: dict
-    networkTier:
+        label_fingerprint:
            description:
-      - 'The networking tier used for configuring this address. This field can take
+                - The fingerprint used for optimistic locking of this resource.  Used internally during
-        the following values: PREMIUM or STANDARD. If this field is not specified,
+                  updates.
        it is assumed to be PREMIUM.'
            returned: success
            type: str
        region:
@ -238,7 +234,7 @@ def main():
        items = items.get('items')
    else:
        items = []
-    return_value = {'items': items}
+    return_value = {'resources': items}
    module.exit_json(**return_value)
--- a/plugins/modules/gcp_compute_global_address.py
+++ b/plugins/modules/gcp_compute_global_address.py
@ -107,7 +107,7 @@ address:
            - The static external IP address represented by this resource.
        returned: success
        type: str
-creationTimestamp:
+    creation_timestamp:
        description:
            - Creation timestamp in RFC3339 text format.
        returned: success
@ -115,6 +115,7 @@ creationTimestamp:
    description:
        description:
            - An optional description of this resource.
            - Provide this property when you create the resource.
        returned: success
        type: str
    id:
@ -124,18 +125,24 @@ id:
        type: int
    name:
        description:
-  - Name of the resource. Provided by the client when the resource is created. The
+            - Name of the resource. Provided by the client when the resource is created. The name
-    name must be 1-63 characters long, and comply with RFC1035. Specifically, the
+              must be 1-63 characters long, and comply with RFC1035.  Specifically, the name must
-    name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
+              be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
-    which means the first character must be a lowercase letter, and all following
+              which means the first character must be a lowercase letter, and all following characters
-    characters must be a dash, lowercase letter, or digit, except the last character,
+              must be a dash, lowercase letter, or digit, except the last character, which cannot
-    which cannot be a dash.
+              be a dash.
        returned: success
        type: str
-ipVersion:
+    label_fingerprint:
        description:
-  - The IP Version that will be used by this address. Valid options are `IPV4` or
+            - The fingerprint used for optimistic locking of this resource.  Used internally during
-    `IPV6`. The default value is `IPV4`.
+              updates.
        returned: success
        type: str
    ip_version:
        description:
            - The IP Version that will be used by this address. Valid options are IPV4 or IPV6.
              The default value is IPV4.
        returned: success
        type: str
    region:
@ -143,13 +150,6 @@ region:
            - A reference to the region where the regional address resides.
        returned: success
        type: str
 addressType:
  description:
  - The type of the address to reserve, default is EXTERNAL.
  - "* EXTERNAL indicates public/external single IP address."
  - "* INTERNAL indicates internal IP ranges belonging to some network."
  returned: success
  type: str
 '''
 ################################################################################
@ -192,8 +192,7 @@ def main():
    if fetch:
        if state == 'present':
            if is_different(module, fetch):
-                update(module, self_link(module), kind)
+                fetch = update(module, self_link(module), kind, fetch)
                fetch = fetch_resource(module, self_link(module), kind)
                changed = True
        else:
            delete(module, self_link(module), kind)
@ -216,8 +215,27 @@ def create(module, link, kind):
    return wait_for_operation(module, auth.post(link, resource_to_request(module)))
-def update(module, link, kind):
+def update(module, link, kind, fetch):
-    module.fail_json(msg="GlobalAddress cannot be edited")
+    update_fields(module, resource_to_request(module),
                  response_to_hash(module, fetch))
    return fetch_resource(module, self_link(module), kind)
 def update_fields(module, request, response):
    pass
 def label_fingerprint_update(module, request, response):
    auth = GcpSession(module, 'compute')
    auth.post(
        ''.join([
            "https://www.googleapis.com/compute/v1/",
            "projects/{project}/global/addresses/{name}/setLabels"
        ]).format(**module.params),
        {
            u'labelFingerprint': response.get('labelFingerprint')
        }
    )
 def delete(module, link, kind):
@ -303,6 +321,7 @@ def response_to_hash(module, response):
        u'description': response.get(u'description'),
        u'id': response.get(u'id'),
        u'name': response.get(u'name'),
        u'labelFingerprint': response.get(u'labelFingerprint'),
        u'ipVersion': response.get(u'ipVersion'),
        u'region': response.get(u'region'),
        u'addressType': response.get(u'addressType'),
--- a/plugins/modules/gcp_compute_global_address_facts.py
+++ b/plugins/modules/gcp_compute_global_address_facts.py
@ -49,13 +49,14 @@ extends_documentation_fragment: gcp
 '''
 EXAMPLES = '''
- name:  a global address facts
+- name: " a global address facts"
  gcp_compute_global_address_facts:
    filters:
    - name = test_object
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: facts
 '''
 RETURN = '''
@ -69,7 +70,7 @@ items:
                - The static external IP address represented by this resource.
            returned: success
            type: str
-    creationTimestamp:
+        creation_timestamp:
            description:
                - Creation timestamp in RFC3339 text format.
            returned: success
@ -82,24 +83,29 @@ items:
            type: str
        id:
            description:
-      - The unique identifier for the resource. This identifier is defined by the
+                - The unique identifier for the resource. This identifier is defined by the server.
        server.
            returned: success
            type: int
        name:
            description:
-      - Name of the resource. Provided by the client when the resource is created.
+                - Name of the resource. Provided by the client when the resource is created. The name
-        The name must be 1-63 characters long, and comply with RFC1035. Specifically,
+                  must be 1-63 characters long, and comply with RFC1035.  Specifically, the name must
-        the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
+                  be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
-        which means the first character must be a lowercase letter, and all following
+                  which means the first character must be a lowercase letter, and all following characters
-        characters must be a dash, lowercase letter, or digit, except the last character,
+                  must be a dash, lowercase letter, or digit, except the last character, which cannot
-        which cannot be a dash.
+                  be a dash.
            returned: success
            type: str
-    ipVersion:
+        label_fingerprint:
            description:
-      - The IP Version that will be used by this address. Valid options are IPV4 or
+                - The fingerprint used for optimistic locking of this resource.  Used internally during
-        IPV6. The default value is IPV4.
+                  updates.
            returned: success
            type: str
        ip_version:
            description:
                - The IP Version that will be used by this address. Valid options are IPV4 or IPV6.
                  The default value is IPV4.
            returned: success
            type: str
        region:
@ -107,13 +113,6 @@ items:
                - A reference to the region where the regional address resides.
            returned: success
            type: str
    addressType:
      description:
      - The type of the address to reserve, default is EXTERNAL.
      - "* EXTERNAL indicates public/external single IP address."
      - "* INTERNAL indicates internal IP ranges belonging to some network."
      returned: success
      type: str
 '''
 ################################################################################
@ -138,7 +137,7 @@ def main():
        items = items.get('items')
    else:
        items = []
-    return_value = {'items': items}
+    return_value = {'resources': items}
    module.exit_json(**return_value)
--- a/plugins/modules/gcp_compute_subnetwork.py
+++ b/plugins/modules/gcp_compute_subnetwork.py
@ -298,8 +298,7 @@ def main():
    if fetch:
        if state == 'present':
            if is_different(module, fetch):
-                update(module, self_link(module), kind, fetch)
+                fetch = update(module, self_link(module), kind, fetch)
                fetch = fetch_resource(module, self_link(module), kind)
                changed = True
        else:
            delete(module, self_link(module), kind)
@ -322,8 +321,43 @@ def create(module, link, kind):
    return wait_for_operation(module, auth.post(link, resource_to_request(module)))
-def update(module, link, kind):
+def update(module, link, kind, fetch):
-    module.fail_json(msg="Subnetwork cannot be edited")
+    update_fields(module, resource_to_request(module),
                  response_to_hash(module, fetch))
    return fetch_resource(module, self_link(module), kind)
 def update_fields(module, request, response):
    if response.get('ipCidrRange') != request.get('ipCidrRange'):
        ip_cidr_range_update(module, request, response)
    if response.get('privateIpGoogleAccess') != request.get('privateIpGoogleAccess'):
        private_ip_google_access_update(module, request, response)
 def ip_cidr_range_update(module, request, response):
    auth = GcpSession(module, 'compute')
    auth.post(
        ''.join([
            "https://www.googleapis.com/compute/v1/",
            "projects/{project}/regions/{region}/subnetworks/{name}/expandIpCidrRange"
        ]).format(**module.params),
        {
            u'ipCidrRange': module.params.get('ip_cidr_range')
        }
    )
 def private_ip_google_access_update(module, request, response):
    auth = GcpSession(module, 'compute')
    auth.post(
        ''.join([
            "https://www.googleapis.com/compute/v1/",
            "projects/{project}/regions/{region}/subnetworks/{name}/setPrivateIpGoogleAccess"
        ]).format(**module.params),
        {
            u'privateIpGoogleAccess': module.params.get('private_ip_google_access')
        }
    )
 def delete(module, link, kind):
--- a/plugins/modules/gcp_compute_target_http_proxy.py
+++ b/plugins/modules/gcp_compute_target_http_proxy.py
@ -204,8 +204,7 @@ def main():
    if fetch:
        if state == 'present':
            if is_different(module, fetch):
-                update(module, self_link(module), kind, fetch)
+                fetch = update(module, self_link(module), kind, fetch)
                fetch = fetch_resource(module, self_link(module), kind)
                changed = True
        else:
            delete(module, self_link(module), kind)
@ -228,8 +227,28 @@ def create(module, link, kind):
    return wait_for_operation(module, auth.post(link, resource_to_request(module)))
-def update(module, link, kind):
+def update(module, link, kind, fetch):
-    module.fail_json(msg="TargetHttpProxy cannot be edited")
+    update_fields(module, resource_to_request(module),
                  response_to_hash(module, fetch))
    return fetch_resource(module, self_link(module), kind)
 def update_fields(module, request, response):
    if response.get('urlMap') != request.get('urlMap'):
        url_map_update(module, request, response)
 def url_map_update(module, request, response):
    auth = GcpSession(module, 'compute')
    auth.post(
        ''.join([
            "https://www.googleapis.com/compute/v1/",
            "projects/{project}/targetHttpProxies/{name}/setUrlMap"
        ]).format(**module.params),
        {
            u'urlMap': replace_resource_dict(module.params.get(u'url_map', {}), 'selfLink')
        }
    )
 def delete(module, link, kind):
--- a/plugins/modules/gcp_compute_target_https_proxy.py
+++ b/plugins/modules/gcp_compute_target_https_proxy.py
@ -295,8 +295,7 @@ def main():
    if fetch:
        if state == 'present':
            if is_different(module, fetch):
-                update(module, self_link(module), kind, fetch)
+                fetch = update(module, self_link(module), kind, fetch)
                fetch = fetch_resource(module, self_link(module), kind)
                changed = True
        else:
            delete(module, self_link(module), kind)
@ -319,8 +318,58 @@ def create(module, link, kind):
    return wait_for_operation(module, auth.post(link, resource_to_request(module)))
-def update(module, link, kind):
+def update(module, link, kind, fetch):
-    module.fail_json(msg="TargetHttpsProxy cannot be edited")
+    update_fields(module, resource_to_request(module),
                  response_to_hash(module, fetch))
    return fetch_resource(module, self_link(module), kind)
 def update_fields(module, request, response):
    if response.get('quicOverride') != request.get('quicOverride'):
        quic_override_update(module, request, response)
    if response.get('sslCertificates') != request.get('sslCertificates'):
        ssl_certificates_update(module, request, response)
    if response.get('urlMap') != request.get('urlMap'):
        url_map_update(module, request, response)
 def quic_override_update(module, request, response):
    auth = GcpSession(module, 'compute')
    auth.post(
        ''.join([
            "https://www.googleapis.com/compute/v1/",
            "projects/{project}/global/targetHttpsProxies/{name}/setQuicOverride"
        ]).format(**module.params),
        {
            u'quicOverride': module.params.get('quic_override')
        }
    )
 def ssl_certificates_update(module, request, response):
    auth = GcpSession(module, 'compute')
    auth.post(
        ''.join([
            "https://www.googleapis.com/compute/v1/",
            "projects/{project}/targetHttpsProxies/{name}/setSslCertificates"
        ]).format(**module.params),
        {
            u'sslCertificates': replace_resource_dict(module.params.get('ssl_certificates', []), 'selfLink')
        }
    )
 def url_map_update(module, request, response):
    auth = GcpSession(module, 'compute')
    auth.post(
        ''.join([
            "https://www.googleapis.com/compute/v1/",
            "projects/{project}/targetHttpsProxies/{name}/setUrlMap"
        ]).format(**module.params),
        {
            u'urlMap': replace_resource_dict(module.params.get(u'url_map', {}), 'selfLink')
        }
    )
 def delete(module, link, kind):
--- a/plugins/modules/gcp_compute_target_ssl_proxy.py
+++ b/plugins/modules/gcp_compute_target_ssl_proxy.py
@ -281,8 +281,7 @@ def main():
    if fetch:
        if state == 'present':
            if is_different(module, fetch):
-                update(module, self_link(module), kind, fetch)
+                fetch = update(module, self_link(module), kind, fetch)
                fetch = fetch_resource(module, self_link(module), kind)
                changed = True
        else:
            delete(module, self_link(module), kind)
@ -305,8 +304,58 @@ def create(module, link, kind):
    return wait_for_operation(module, auth.post(link, resource_to_request(module)))
-def update(module, link, kind):
+def update(module, link, kind, fetch):
-    module.fail_json(msg="TargetSslProxy cannot be edited")
+    update_fields(module, resource_to_request(module),
                  response_to_hash(module, fetch))
    return fetch_resource(module, self_link(module), kind)
 def update_fields(module, request, response):
    if response.get('proxyHeader') != request.get('proxyHeader'):
        proxy_header_update(module, request, response)
    if response.get('service') != request.get('service'):
        service_update(module, request, response)
    if response.get('sslCertificates') != request.get('sslCertificates'):
        ssl_certificates_update(module, request, response)
 def proxy_header_update(module, request, response):
    auth = GcpSession(module, 'compute')
    auth.post(
        ''.join([
            "https://www.googleapis.com/compute/v1/",
            "projects/{project}/global/targetSslProxies/{name}/setProxyHeader"
        ]).format(**module.params),
        {
            u'proxyHeader': module.params.get('proxy_header')
        }
    )
 def service_update(module, request, response):
    auth = GcpSession(module, 'compute')
    auth.post(
        ''.join([
            "https://www.googleapis.com/compute/v1/",
            "projects/{project}/global/targetSslProxies/{name}/setBackendService"
        ]).format(**module.params),
        {
            u'service': replace_resource_dict(module.params.get(u'service', {}), 'selfLink')
        }
    )
 def ssl_certificates_update(module, request, response):
    auth = GcpSession(module, 'compute')
    auth.post(
        ''.join([
            "https://www.googleapis.com/compute/v1/",
            "projects/{project}/global/targetSslProxies/{name}/setSslCertificates"
        ]).format(**module.params),
        {
            u'sslCertificates': replace_resource_dict(module.params.get('ssl_certificates', []), 'selfLink')
        }
    )
 def delete(module, link, kind):
--- a/plugins/modules/gcp_compute_target_tcp_proxy.py
+++ b/plugins/modules/gcp_compute_target_tcp_proxy.py
@ -214,7 +214,7 @@ def main():
    if fetch:
        if state == 'present':
            if is_different(module, fetch):
-                fetch = update(module, self_link(module), kind)
+                fetch = update(module, self_link(module), kind, fetch)
                changed = True
        else:
            delete(module, self_link(module), kind)
@ -237,8 +237,43 @@ def create(module, link, kind):
    return wait_for_operation(module, auth.post(link, resource_to_request(module)))
-def update(module, link, kind):
+def update(module, link, kind, fetch):
-    module.fail_json(msg="TargetTcpProxy cannot be edited")
+    update_fields(module, resource_to_request(module),
                  response_to_hash(module, fetch))
    return fetch_resource(module, self_link(module), kind)
 def update_fields(module, request, response):
    if response.get('proxyHeader') != request.get('proxyHeader'):
        proxy_header_update(module, request, response)
    if response.get('service') != request.get('service'):
        service_update(module, request, response)
 def proxy_header_update(module, request, response):
    auth = GcpSession(module, 'compute')
    auth.post(
        ''.join([
            "https://www.googleapis.com/compute/v1/",
            "projects/{project}/global/targetTcpProxies/{name}/setProxyHeader"
        ]).format(**module.params),
        {
            u'proxyHeader': module.params.get('proxy_header')
        }
    )
 def service_update(module, request, response):
    auth = GcpSession(module, 'compute')
    auth.post(
        ''.join([
            "https://www.googleapis.com/compute/v1/",
            "projects/{project}/global/targetTcpProxies/{name}/setBackendService"
        ]).format(**module.params),
        {
            u'service': replace_resource_dict(module.params.get(u'service', {}), 'selfLink')
        }
    )
 def delete(module, link, kind):
--- a/plugins/modules/gcp_compute_vpn_tunnel.py
+++ b/plugins/modules/gcp_compute_vpn_tunnel.py
@ -171,7 +171,7 @@ EXAMPLES = '''
 '''
 RETURN = '''
-creationTimestamp:
+    creation_timestamp:
        description:
            - Creation timestamp in RFC3339 text format.
        returned: success
@ -190,7 +190,7 @@ description:
            - An optional description of this resource.
        returned: success
        type: str
-targetVpnGateway:
+    target_vpn_gateway:
        description:
            - URL of the Target VPN gateway with which this VPN tunnel is associated.
        returned: success
@ -199,45 +199,56 @@ router:
        description:
            - URL of router resource to be used for dynamic routing.
        returned: success
-  type: dict
+        type: str
-peerIp:
+    peer_ip:
        description:
            - IP address of the peer VPN gateway. Only IPv4 is supported.
        returned: success
        type: str
-sharedSecret:
+    shared_secret:
        description:
-  - Shared secret used to set the secure session between the Cloud VPN gateway and
+            - Shared secret used to set the secure session between the Cloud VPN gateway and the
-    the peer VPN gateway.
+              peer VPN gateway.
        returned: success
        type: str
-sharedSecretHash:
+    shared_secret_hash:
        description:
            - Hash of the shared secret.
        returned: success
        type: str
-ikeVersion:
+    ike_version:
        description:
            - IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway.
            - Acceptable IKE versions are 1 or 2. Default version is 2.
        returned: success
        type: int
-localTrafficSelector:
+    local_traffic_selector:
        description:
            - Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway.
-    The value should be a CIDR formatted string, for example `192.168.0.0/16`. The
+              The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges
-    ranges should be disjoint.
+              should be disjoint.
            - Only IPv4 is supported.
        returned: success
        type: list
-remoteTrafficSelector:
+    remote_traffic_selector:
        description:
-  - Remote traffic selector to use when establishing the VPN tunnel with peer VPN
+            - Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway.
-    gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`.
+              The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges
-    The ranges should be disjoint.
+              should be disjoint.
            - Only IPv4 is supported.
        returned: success
        type: list
    labels:
        description:
            - Labels to apply to this VpnTunnel.
        returned: success
        type: dict
    label_fingerprint:
        description:
            - The fingerprint used for optimistic locking of this resource.  Used internally during
              updates.
        returned: success
        type: str
    region:
        description:
            - The region where the tunnel is located.
@ -289,8 +300,7 @@ def main():
    if fetch:
        if state == 'present':
            if is_different(module, fetch):
-                update(module, self_link(module), kind)
+                fetch = update(module, self_link(module), kind, fetch)
                fetch = fetch_resource(module, self_link(module), kind)
                changed = True
        else:
            delete(module, self_link(module), kind)
@ -299,6 +309,7 @@ def main():
    else:
        if state == 'present':
            fetch = create(module, collection(module), kind)
            labels_update(module, module.params, fetch)
            changed = True
        else:
            fetch = {}
@ -313,8 +324,29 @@ def create(module, link, kind):
    return wait_for_operation(module, auth.post(link, resource_to_request(module)))
-def update(module, link, kind):
+def update(module, link, kind, fetch):
-    module.fail_json(msg="VpnTunnel cannot be edited")
+    update_fields(module, resource_to_request(module),
                  response_to_hash(module, fetch))
    return fetch_resource(module, self_link(module), kind)
 def update_fields(module, request, response):
    if response.get('labels') != request.get('labels'):
        labels_update(module, request, response)
 def labels_update(module, request, response):
    auth = GcpSession(module, 'compute')
    auth.post(
        ''.join([
            "https://www.googleapis.com/compute/v1/",
            "projects/{project}/regions/{region}/vpnTunnels/{name}/setLabels"
        ]).format(**module.params),
        {
            u'labels': module.params.get('labels'),
            u'labelFingerprint': response.get('labelFingerprint')
        }
    )
 def delete(module, link, kind):
@ -410,6 +442,8 @@ def response_to_hash(module, response):
        u'ikeVersion': response.get(u'ikeVersion'),
        u'localTrafficSelector': response.get(u'localTrafficSelector'),
        u'remoteTrafficSelector': response.get(u'remoteTrafficSelector'),
        u'labels': response.get(u'labels'),
        u'labelFingerprint': response.get(u'labelFingerprint')
    }
--- a/plugins/modules/gcp_compute_vpn_tunnel_facts.py
+++ b/plugins/modules/gcp_compute_vpn_tunnel_facts.py
@ -53,7 +53,7 @@ extends_documentation_fragment: gcp
 '''
 EXAMPLES = '''
- name:  a vpn tunnel facts
+- name: " a vpn tunnel facts"
  gcp_compute_vpn_tunnel_facts:
    region: us-west1
    filters:
@ -61,6 +61,7 @@ EXAMPLES = '''
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: facts
 '''
 RETURN = '''
@ -69,18 +70,18 @@ items:
    returned: always
    type: complex
    contains:
-    creationTimestamp:
+        creation_timestamp:
            description:
                - Creation timestamp in RFC3339 text format.
            returned: success
            type: str
        name:
            description:
-      - Name of the resource. The name must be 1-63 characters long, and comply with
+                - Name of the resource. The name must be 1-63 characters long, and comply with RFC1035.
-        RFC1035. Specifically, the name must be 1-63 characters long and match the
+                  Specifically, the name must be 1-63 characters long and match the regular expression
-        regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character
+                  `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase
-        must be a lowercase letter, and all following characters must be a dash, lowercase
+                  letter, and all following characters must be a dash, lowercase letter, or digit,
-        letter, or digit, except the last character, which cannot be a dash.
+                  except the last character, which cannot be a dash.
            returned: success
            type: str
        description:
@ -88,52 +89,51 @@ items:
                - An optional description of this resource.
            returned: success
            type: str
-    targetVpnGateway:
+        target_vpn_gateway:
            description:
                - URL of the Target VPN gateway with which this VPN tunnel is associated.
            returned: success
-      type: str
+            type: dict
        router:
            description:
                - URL of router resource to be used for dynamic routing.
            returned: success
            type: str
-    peerIp:
+        peer_ip:
            description:
                - IP address of the peer VPN gateway. Only IPv4 is supported.
            returned: success
            type: str
-    sharedSecret:
+        shared_secret:
            description:
-      - Shared secret used to set the secure session between the Cloud VPN gateway
+                - Shared secret used to set the secure session between the Cloud VPN gateway and the
-        and the peer VPN gateway.
+                  peer VPN gateway.
            returned: success
            type: str
-    sharedSecretHash:
+        shared_secret_hash:
            description:
                - Hash of the shared secret.
            returned: success
            type: str
-    ikeVersion:
+        ike_version:
            description:
-      - IKE protocol version to use when establishing the VPN tunnel with peer VPN
+                - IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway.
        gateway.
                - Acceptable IKE versions are 1 or 2. Default version is 2.
            returned: success
            type: int
-    localTrafficSelector:
+        local_traffic_selector:
            description:
-      - Local traffic selector to use when establishing the VPN tunnel with peer VPN
+                - Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway.
-        gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`.
+                  The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges
-        The ranges should be disjoint.
+                  should be disjoint.
                - Only IPv4 is supported.
            returned: success
            type: list
-    remoteTrafficSelector:
+        remote_traffic_selector:
            description:
-      - Remote traffic selector to use when establishing the VPN tunnel with peer
+                - Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway.
-        VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`.
+                  The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges
-        The ranges should be disjoint.
+                  should be disjoint.
                - Only IPv4 is supported.
            returned: success
            type: list
@ -142,10 +142,10 @@ items:
                - Labels to apply to this VpnTunnel.
            returned: success
            type: dict
-    labelFingerprint:
+        label_fingerprint:
            description:
-      - The fingerprint used for optimistic locking of this resource. Used internally
+                - The fingerprint used for optimistic locking of this resource.  Used internally during
-        during updates.
+                  updates.
            returned: success
            type: str
        region: