mirror of
				https://github.com/ansible-collections/google.cloud.git
				synced 2025-10-25 21:44:08 -07:00 
			
		
		
		
	Adding support for GCP Compute Target Https Proxys (#38908)
This commit is contained in:
		
					parent
					
						
							
								c0dbbbe97e
							
						
					
				
			
			
				commit
				
					
						31f47e50af
					
				
			
		
					 5 changed files with 706 additions and 0 deletions
				
			
		
							
								
								
									
										404
									
								
								plugins/modules/gcp_compute_target_https_proxy.py
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										404
									
								
								plugins/modules/gcp_compute_target_https_proxy.py
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,404 @@ | |||
| #!/usr/bin/python | ||||
| # -*- coding: utf-8 -*- | ||||
| # | ||||
| # Copyright (C) 2017 Google | ||||
| # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) | ||||
| # ---------------------------------------------------------------------------- | ||||
| # | ||||
| #     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     *** | ||||
| # | ||||
| # ---------------------------------------------------------------------------- | ||||
| # | ||||
| #     This file is automatically generated by Magic Modules and manual | ||||
| #     changes will be clobbered when the file is regenerated. | ||||
| # | ||||
| #     Please read more about how to change this file at | ||||
| #     https://www.github.com/GoogleCloudPlatform/magic-modules | ||||
| # | ||||
| # ---------------------------------------------------------------------------- | ||||
| 
 | ||||
| from __future__ import absolute_import, division, print_function | ||||
| __metaclass__ = type | ||||
| 
 | ||||
| ################################################################################ | ||||
| # Documentation | ||||
| ################################################################################ | ||||
| 
 | ||||
| ANSIBLE_METADATA = {'metadata_version': '1.1', | ||||
|                     'status': ["preview"], | ||||
|                     'supported_by': 'community'} | ||||
| 
 | ||||
| DOCUMENTATION = ''' | ||||
| --- | ||||
| module: gcp_compute_target_https_proxy | ||||
| description: | ||||
|     - Represents a TargetHttpsProxy resource, which is used by one or more global forwarding | ||||
|       rule to route incoming HTTPS requests to a URL map. | ||||
| short_description: Creates a GCP TargetHttpsProxy | ||||
| version_added: 2.6 | ||||
| author: Google Inc. (@googlecloudplatform) | ||||
| requirements: | ||||
|     - python >= 2.6 | ||||
|     - requests >= 2.18.4 | ||||
|     - google-auth >= 1.3.0 | ||||
| options: | ||||
|     state: | ||||
|         description: | ||||
|             - Whether the given object should exist in GCP | ||||
|         choices: ['present', 'absent'] | ||||
|         default: 'present' | ||||
|     description: | ||||
|         description: | ||||
|             - An optional description of this resource. | ||||
|         required: false | ||||
|     name: | ||||
|         description: | ||||
|             - Name of the resource. Provided by the client when the resource is created. The name | ||||
|               must be 1-63 characters long, and comply with RFC1035. Specifically, the name must | ||||
|               be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` | ||||
|               which means the first character must be a lowercase letter, and all following characters | ||||
|               must be a dash, lowercase letter, or digit, except the last character, which cannot | ||||
|               be a dash. | ||||
|         required: true | ||||
|     ssl_certificates: | ||||
|         description: | ||||
|             - A list of SslCertificate resources that are used to authenticate connections between | ||||
|               users and the load balancer. Currently, exactly one SSL certificate must be specified. | ||||
|         required: true | ||||
|     url_map: | ||||
|         description: | ||||
|             - A reference to UrlMap resource. | ||||
|         required: true | ||||
| extends_documentation_fragment: gcp | ||||
| ''' | ||||
| 
 | ||||
| EXAMPLES = ''' | ||||
| - name: create a instance group | ||||
|   gcp_compute_instance_group: | ||||
|       name: 'instancegroup-targethttpsproxy' | ||||
|       zone: 'us-central1-a' | ||||
|       project: "{{ gcp_project }}" | ||||
|       auth_kind: "{{ gcp_cred_kind }}" | ||||
|       service_account_file: "{{ gcp_cred_file }}" | ||||
|       scopes: | ||||
|         - https://www.googleapis.com/auth/compute | ||||
|       state: present | ||||
|   register: instancegroup | ||||
| - name: create a http health check | ||||
|   gcp_compute_http_health_check: | ||||
|       name: 'httphealthcheck-targethttpsproxy' | ||||
|       healthy_threshold: 10 | ||||
|       port: 8080 | ||||
|       timeout_sec: 2 | ||||
|       unhealthy_threshold: 5 | ||||
|       project: "{{ gcp_project }}" | ||||
|       auth_kind: "{{ gcp_cred_kind }}" | ||||
|       service_account_file: "{{ gcp_cred_file }}" | ||||
|       scopes: | ||||
|         - https://www.googleapis.com/auth/compute | ||||
|       state: present | ||||
|   register: healthcheck | ||||
| - name: create a backend service | ||||
|   gcp_compute_backend_service: | ||||
|       name: 'backendservice-targethttpsproxy' | ||||
|       backends: | ||||
|         - group: "{{ instancegroup }}" | ||||
|       health_checks: | ||||
|         - "{{ healthcheck.selfLink }}" | ||||
|       enable_cdn: true | ||||
|       project: "{{ gcp_project }}" | ||||
|       auth_kind: "{{ gcp_cred_kind }}" | ||||
|       service_account_file: "{{ gcp_cred_file }}" | ||||
|       scopes: | ||||
|         - https://www.googleapis.com/auth/compute | ||||
|       state: present | ||||
|   register: backendservice | ||||
| - name: create a url map | ||||
|   gcp_compute_url_map: | ||||
|       name: 'urlmap-targethttpsproxy' | ||||
|       default_service: "{{ backendservice }}" | ||||
|       project: "{{ gcp_project }}" | ||||
|       auth_kind: "{{ gcp_cred_kind }}" | ||||
|       service_account_file: "{{ gcp_cred_file }}" | ||||
|       scopes: | ||||
|         - https://www.googleapis.com/auth/compute | ||||
|       state: present | ||||
|   register: urlmap | ||||
| - name: create a ssl certificate | ||||
|   gcp_compute_ssl_certificate: | ||||
|       name: 'sslcert-targethttpsproxy' | ||||
|       description: | | ||||
|         "A certificate for testing. Do not use this certificate in production" | ||||
|       certificate: | | ||||
|         -----BEGIN CERTIFICATE----- | ||||
|         MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG | ||||
|         EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxFTAT | ||||
|         BgNVBAoMDEdvb2dsZSwgSW5jLjEeMBwGA1UECwwVR29vZ2xlIENsb3VkIFBsYXRm | ||||
|         b3JtMR8wHQYDVQQDDBZ3d3cubXktc2VjdXJlLXNpdGUuY29tMSEwHwYJKoZIhvcN | ||||
|         AQkBFhJuZWxzb25hQGdvb2dsZS5jb20wHhcNMTcwNjI4MDQ1NjI2WhcNMjcwNjI2 | ||||
|         MDQ1NjI2WjCBsDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xETAP | ||||
|         BgNVBAcMCEtpcmtsYW5kMRUwEwYDVQQKDAxHb29nbGUsIEluYy4xHjAcBgNVBAsM | ||||
|         FUdvb2dsZSBDbG91ZCBQbGF0Zm9ybTEfMB0GA1UEAwwWd3d3Lm15LXNlY3VyZS1z | ||||
|         aXRlLmNvbTEhMB8GCSqGSIb3DQEJARYSbmVsc29uYUBnb29nbGUuY29tMFkwEwYH | ||||
|         KoZIzj0CAQYIKoZIzj0DAQcDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ | ||||
|         4mzkzTv0dXyB750fOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwaNQME4wHQYDVR0O | ||||
|         BBYEFKIQC3A2SDpxcdfn0YLKineDNq/BMB8GA1UdIwQYMBaAFKIQC3A2SDpxcdfn | ||||
|         0YLKineDNq/BMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhALs4vy+O | ||||
|         M3jcqgA4fSW/oKw6UJxp+M6a+nGMX+UJR3YgAiEAvvl39QRVAiv84hdoCuyON0lJ | ||||
|         zqGNhIPGq2ULqXKK8BY= | ||||
|         -----END CERTIFICATE----- | ||||
|       private_key: | | ||||
|         -----BEGIN EC PRIVATE KEY----- | ||||
|         MHcCAQEEIObtRo8tkUqoMjeHhsOh2ouPpXCgBcP+EDxZCB/tws15oAoGCCqGSM49 | ||||
|         AwEHoUQDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ4mzkzTv0dXyB750f | ||||
|         OGN02HtkpBOZzzvUARTR10JQoSe2/5PIwQ== | ||||
|         -----END EC PRIVATE KEY----- | ||||
|       project: "{{ gcp_project }}" | ||||
|       auth_kind: "{{ gcp_cred_kind }}" | ||||
|       service_account_file: "{{ gcp_cred_file }}" | ||||
|       scopes: | ||||
|         - https://www.googleapis.com/auth/compute | ||||
|       state: present | ||||
|   register: sslcert | ||||
| - name: create a target https proxy | ||||
|   gcp_compute_target_https_proxy: | ||||
|       name: testObject | ||||
|       ssl_certificates: | ||||
|         - "{{ sslcert }}" | ||||
|       url_map: "{{ urlmap }}" | ||||
|       project: testProject | ||||
|       auth_kind: service_account | ||||
|       service_account_file: /tmp/auth.pem | ||||
|       scopes: | ||||
|         - https://www.googleapis.com/auth/compute | ||||
|       state: present | ||||
| ''' | ||||
| 
 | ||||
| RETURN = ''' | ||||
|     creation_timestamp: | ||||
|         description: | ||||
|             - Creation timestamp in RFC3339 text format. | ||||
|         returned: success | ||||
|         type: str | ||||
|     description: | ||||
|         description: | ||||
|             - An optional description of this resource. | ||||
|         returned: success | ||||
|         type: str | ||||
|     id: | ||||
|         description: | ||||
|             - The unique identifier for the resource. | ||||
|         returned: success | ||||
|         type: int | ||||
|     name: | ||||
|         description: | ||||
|             - Name of the resource. Provided by the client when the resource is created. The name | ||||
|               must be 1-63 characters long, and comply with RFC1035. Specifically, the name must | ||||
|               be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` | ||||
|               which means the first character must be a lowercase letter, and all following characters | ||||
|               must be a dash, lowercase letter, or digit, except the last character, which cannot | ||||
|               be a dash. | ||||
|         returned: success | ||||
|         type: str | ||||
|     ssl_certificates: | ||||
|         description: | ||||
|             - A list of SslCertificate resources that are used to authenticate connections between | ||||
|               users and the load balancer. Currently, exactly one SSL certificate must be specified. | ||||
|         returned: success | ||||
|         type: list | ||||
|     url_map: | ||||
|         description: | ||||
|             - A reference to UrlMap resource. | ||||
|         returned: success | ||||
|         type: dict | ||||
| ''' | ||||
| 
 | ||||
| ################################################################################ | ||||
| # Imports | ||||
| ################################################################################ | ||||
| 
 | ||||
| from ansible.module_utils.gcp_utils import navigate_hash, GcpSession, GcpModule, GcpRequest, replace_resource_dict | ||||
| import json | ||||
| import time | ||||
| 
 | ||||
| ################################################################################ | ||||
| # Main | ||||
| ################################################################################ | ||||
| 
 | ||||
| 
 | ||||
| def main(): | ||||
|     """Main function""" | ||||
| 
 | ||||
|     module = GcpModule( | ||||
|         argument_spec=dict( | ||||
|             state=dict(default='present', choices=['present', 'absent'], type='str'), | ||||
|             description=dict(type='str'), | ||||
|             name=dict(required=True, type='str'), | ||||
|             ssl_certificates=dict(required=True, type='list', elements='dict'), | ||||
|             url_map=dict(required=True, type='dict') | ||||
|         ) | ||||
|     ) | ||||
| 
 | ||||
|     state = module.params['state'] | ||||
|     kind = 'compute#targetHttpsProxy' | ||||
| 
 | ||||
|     fetch = fetch_resource(module, self_link(module), kind) | ||||
|     changed = False | ||||
| 
 | ||||
|     if fetch: | ||||
|         if state == 'present': | ||||
|             if is_different(module, fetch): | ||||
|                 fetch = update(module, self_link(module), kind) | ||||
|                 changed = True | ||||
|         else: | ||||
|             delete(module, self_link(module), kind) | ||||
|             fetch = {} | ||||
|             changed = True | ||||
|     else: | ||||
|         if state == 'present': | ||||
|             fetch = create(module, collection(module), kind) | ||||
|             changed = True | ||||
|         else: | ||||
|             fetch = {} | ||||
| 
 | ||||
|     fetch.update({'changed': changed}) | ||||
| 
 | ||||
|     module.exit_json(**fetch) | ||||
| 
 | ||||
| 
 | ||||
| def create(module, link, kind): | ||||
|     auth = GcpSession(module, 'compute') | ||||
|     return wait_for_operation(module, auth.post(link, resource_to_request(module))) | ||||
| 
 | ||||
| 
 | ||||
| def update(module, link, kind): | ||||
|     auth = GcpSession(module, 'compute') | ||||
|     return wait_for_operation(module, auth.put(link, resource_to_request(module))) | ||||
| 
 | ||||
| 
 | ||||
| def delete(module, link, kind): | ||||
|     auth = GcpSession(module, 'compute') | ||||
|     return wait_for_operation(module, auth.delete(link)) | ||||
| 
 | ||||
| 
 | ||||
| def resource_to_request(module): | ||||
|     request = { | ||||
|         u'kind': 'compute#targetHttpsProxy', | ||||
|         u'description': module.params.get('description'), | ||||
|         u'name': module.params.get('name'), | ||||
|         u'sslCertificates': replace_resource_dict(module.params.get('ssl_certificates', []), 'selfLink'), | ||||
|         u'urlMap': replace_resource_dict(module.params.get(u'url_map', {}), 'selfLink') | ||||
|     } | ||||
|     return_vals = {} | ||||
|     for k, v in request.items(): | ||||
|         if v: | ||||
|             return_vals[k] = v | ||||
| 
 | ||||
|     return return_vals | ||||
| 
 | ||||
| 
 | ||||
| def fetch_resource(module, link, kind): | ||||
|     auth = GcpSession(module, 'compute') | ||||
|     return return_if_object(module, auth.get(link), kind) | ||||
| 
 | ||||
| 
 | ||||
| def self_link(module): | ||||
|     return "https://www.googleapis.com/compute/v1/projects/{project}/global/targetHttpsProxies/{name}".format(**module.params) | ||||
| 
 | ||||
| 
 | ||||
| def collection(module): | ||||
|     return "https://www.googleapis.com/compute/v1/projects/{project}/global/targetHttpsProxies".format(**module.params) | ||||
| 
 | ||||
| 
 | ||||
| def return_if_object(module, response, kind): | ||||
|     # If not found, return nothing. | ||||
|     if response.status_code == 404: | ||||
|         return None | ||||
| 
 | ||||
|     # If no content, return nothing. | ||||
|     if response.status_code == 204: | ||||
|         return None | ||||
| 
 | ||||
|     try: | ||||
|         module.raise_for_status(response) | ||||
|         result = response.json() | ||||
|     except getattr(json.decoder, 'JSONDecodeError', ValueError) as inst: | ||||
|         module.fail_json(msg="Invalid JSON response with error: %s" % inst) | ||||
| 
 | ||||
|     if navigate_hash(result, ['error', 'errors']): | ||||
|         module.fail_json(msg=navigate_hash(result, ['error', 'errors'])) | ||||
|     if result['kind'] != kind: | ||||
|         module.fail_json(msg="Incorrect result: {kind}".format(**result)) | ||||
| 
 | ||||
|     return result | ||||
| 
 | ||||
| 
 | ||||
| def is_different(module, response): | ||||
|     request = resource_to_request(module) | ||||
|     response = response_to_hash(module, response) | ||||
| 
 | ||||
|     # Remove all output-only from response. | ||||
|     response_vals = {} | ||||
|     for k, v in response.items(): | ||||
|         if k in request: | ||||
|             response_vals[k] = v | ||||
| 
 | ||||
|     request_vals = {} | ||||
|     for k, v in request.items(): | ||||
|         if k in response: | ||||
|             request_vals[k] = v | ||||
| 
 | ||||
|     return GcpRequest(request_vals) != GcpRequest(response_vals) | ||||
| 
 | ||||
| 
 | ||||
| # Remove unnecessary properties from the response. | ||||
| # This is for doing comparisons with Ansible's current parameters. | ||||
| def response_to_hash(module, response): | ||||
|     return { | ||||
|         u'creationTimestamp': response.get(u'creationTimestamp'), | ||||
|         u'description': response.get(u'description'), | ||||
|         u'id': response.get(u'id'), | ||||
|         u'name': response.get(u'name'), | ||||
|         u'sslCertificates': response.get(u'sslCertificates'), | ||||
|         u'urlMap': response.get(u'urlMap') | ||||
|     } | ||||
| 
 | ||||
| 
 | ||||
| def async_op_url(module, extra_data=None): | ||||
|     if extra_data is None: | ||||
|         extra_data = {} | ||||
|     url = "https://www.googleapis.com/compute/v1/projects/{project}/global/operations/{op_id}" | ||||
|     combined = extra_data.copy() | ||||
|     combined.update(module.params) | ||||
|     return url.format(**combined) | ||||
| 
 | ||||
| 
 | ||||
| def wait_for_operation(module, response): | ||||
|     op_result = return_if_object(module, response, 'compute#operation') | ||||
|     if op_result is None: | ||||
|         return None | ||||
|     status = navigate_hash(op_result, ['status']) | ||||
|     wait_done = wait_for_completion(status, op_result, module) | ||||
|     return fetch_resource(module, navigate_hash(wait_done, ['targetLink']), 'compute#targetHttpsProxy') | ||||
| 
 | ||||
| 
 | ||||
| def wait_for_completion(status, op_result, module): | ||||
|     op_id = navigate_hash(op_result, ['name']) | ||||
|     op_uri = async_op_url(module, {'op_id': op_id}) | ||||
|     while status != 'DONE': | ||||
|         raise_if_errors(op_result, ['error', 'errors'], 'message') | ||||
|         time.sleep(1.0) | ||||
|         if status not in ['PENDING', 'RUNNING', 'DONE']: | ||||
|             module.fail_json(msg="Invalid result %s" % status) | ||||
|         op_result = fetch_resource(module, op_uri, 'compute#operation') | ||||
|         status = navigate_hash(op_result, ['status']) | ||||
|     return op_result | ||||
| 
 | ||||
| 
 | ||||
| def raise_if_errors(response, err_path, module): | ||||
|     errors = navigate_hash(response, err_path) | ||||
|     if errors is not None: | ||||
|         module.fail_json(msg=errors) | ||||
| 
 | ||||
| if __name__ == '__main__': | ||||
|     main() | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue