diff --git a/plugins/modules/gcp_container_cluster.py b/plugins/modules/gcp_container_cluster.py index ee65a85..1962220 100644 --- a/plugins/modules/gcp_container_cluster.py +++ b/plugins/modules/gcp_container_cluster.py @@ -306,6 +306,25 @@ options: If left unspecified, the default network will be used. required: false type: str + database_encryption: + description: + - Configuration of etcd encryption. + required: false + type: dict + suboptions: + state: + description: + - Denotes the state of etcd encryption. + - 'Some valid choices include: "ENCRYPTED", "DECRYPTED"' + required: false + type: str + key_name: + description: + - Name of CloudKMS key to use for the encryption of secrets in etcd. Ex. + - "`projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key` + ." + required: false + type: str private_cluster_config: description: - Configuration for a private cluster. @@ -577,6 +596,43 @@ options: - If enabled, all container images will be validated by Binary Authorization. required: false type: bool + shielded_nodes: + description: + - Shielded Nodes configuration. + required: false + type: dict + suboptions: + enabled: + description: + - Whether Shielded Nodes features are enabled on all nodes in this cluster. + required: false + type: bool + network_config: + description: + - ReleaseChannel indicates which release channel a cluster is subscribed to. + - Release channels are arranged in order of risk and frequency of updates. + required: false + type: dict + suboptions: + enable_intra_node_visibility: + description: + - Whether Intra-node visibility is enabled for this cluster. This makes same + node pod to pod traffic visible for VPC network. + required: false + type: bool + default_snat_status: + description: + - Whether the cluster disables default in-node sNAT rules. In-node sNAT rules + will be disabled when defaultSnatStatus is disabled. + required: false + type: bool + enable_kubernetes_alpha: + description: + - Kubernetes alpha features are enabled on this cluster. This includes alpha API + groups (e.g. v1alpha1) and features that may not be production ready in the + kubernetes version of the master and nodes. + required: false + type: bool location: description: - The location where the cluster is deployed. @@ -923,6 +979,24 @@ network: If left unspecified, the default network will be used. returned: success type: str +databaseEncryption: + description: + - Configuration of etcd encryption. + returned: success + type: complex + contains: + state: + description: + - Denotes the state of etcd encryption. + returned: success + type: str + keyName: + description: + - Name of CloudKMS key to use for the encryption of secrets in etcd. Ex. + - "`projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key` + ." + returned: success + type: str privateClusterConfig: description: - Configuration for a private cluster. @@ -1294,6 +1368,57 @@ binaryAuthorization: - If enabled, all container images will be validated by Binary Authorization. returned: success type: bool +shieldedNodes: + description: + - Shielded Nodes configuration. + returned: success + type: complex + contains: + enabled: + description: + - Whether Shielded Nodes features are enabled on all nodes in this cluster. + returned: success + type: bool +networkConfig: + description: + - ReleaseChannel indicates which release channel a cluster is subscribed to. + - Release channels are arranged in order of risk and frequency of updates. + returned: success + type: complex + contains: + enableIntraNodeVisibility: + description: + - Whether Intra-node visibility is enabled for this cluster. This makes same + node pod to pod traffic visible for VPC network. + returned: success + type: bool + network: + description: + - The relative name of the Google Compute Engine network to which the cluster + is connected. + - 'Example: projects/my-project/global/networks/my-network .' + returned: success + type: str + subnetwork: + description: + - The relative name of the Google Compute Engine subnetwork to which the cluster + is connected. + - 'Example: projects/my-project/regions/us-central1/subnetworks/my-subnet .' + returned: success + type: str + defaultSnatStatus: + description: + - Whether the cluster disables default in-node sNAT rules. In-node sNAT rules + will be disabled when defaultSnatStatus is disabled. + returned: success + type: bool +enableKubernetesAlpha: + description: + - Kubernetes alpha features are enabled on this cluster. This includes alpha API + groups (e.g. v1alpha1) and features that may not be production ready in the kubernetes + version of the master and nodes. + returned: success + type: bool location: description: - The location where the cluster is deployed. @@ -1377,6 +1502,7 @@ def main(): logging_service=dict(type='str'), monitoring_service=dict(type='str'), network=dict(type='str'), + database_encryption=dict(type='dict', options=dict(state=dict(type='str'), key_name=dict(type='str'))), private_cluster_config=dict( type='dict', options=dict(enable_private_nodes=dict(type='bool'), enable_private_endpoint=dict(type='bool'), master_ipv4_cidr_block=dict(type='str')), @@ -1420,6 +1546,9 @@ def main(): ), ), binary_authorization=dict(type='dict', options=dict(enabled=dict(type='bool'))), + shielded_nodes=dict(type='dict', options=dict(enabled=dict(type='bool'))), + network_config=dict(type='dict', options=dict(enable_intra_node_visibility=dict(type='bool'), default_snat_status=dict(type='bool'))), + enable_kubernetes_alpha=dict(type='bool'), location=dict(required=True, type='str', aliases=['zone']), kubectl_path=dict(type='str'), kubectl_context=dict(type='str'), @@ -1484,6 +1613,7 @@ def resource_to_request(module): u'loggingService': module.params.get('logging_service'), u'monitoringService': module.params.get('monitoring_service'), u'network': module.params.get('network'), + u'databaseEncryption': ClusterDatabaseencryption(module.params.get('database_encryption', {}), module).to_request(), u'privateClusterConfig': ClusterPrivateclusterconfig(module.params.get('private_cluster_config', {}), module).to_request(), u'clusterIpv4Cidr': module.params.get('cluster_ipv4_cidr'), u'enableTpu': module.params.get('enable_tpu'), @@ -1500,6 +1630,9 @@ def resource_to_request(module): module.params.get('master_authorized_networks_config', {}), module ).to_request(), u'binaryAuthorization': ClusterBinaryauthorization(module.params.get('binary_authorization', {}), module).to_request(), + u'shieldedNodes': ClusterShieldednodes(module.params.get('shielded_nodes', {}), module).to_request(), + u'networkConfig': ClusterNetworkconfig(module.params.get('network_config', {}), module).to_request(), + u'enableKubernetesAlpha': module.params.get('enable_kubernetes_alpha'), } request = encode_request(request, module) return_vals = {} @@ -1574,6 +1707,7 @@ def response_to_hash(module, response): u'loggingService': response.get(u'loggingService'), u'monitoringService': response.get(u'monitoringService'), u'network': response.get(u'network'), + u'databaseEncryption': ClusterDatabaseencryption(response.get(u'databaseEncryption', {}), module).from_response(), u'privateClusterConfig': ClusterPrivateclusterconfig(response.get(u'privateClusterConfig', {}), module).from_response(), u'clusterIpv4Cidr': response.get(u'clusterIpv4Cidr'), u'enableTpu': response.get(u'enableTpu'), @@ -1602,6 +1736,9 @@ def response_to_hash(module, response): u'masterAuthorizedNetworksConfig': ClusterMasterauthorizednetworksconfig(response.get(u'masterAuthorizedNetworksConfig', {}), module).from_response(), u'nodePools': ClusterNodepoolsArray(response.get(u'nodePools', []), module).from_response(), u'binaryAuthorization': ClusterBinaryauthorization(response.get(u'binaryAuthorization', {}), module).from_response(), + u'shieldedNodes': ClusterShieldednodes(response.get(u'shieldedNodes', {}), module).from_response(), + u'networkConfig': ClusterNetworkconfig(response.get(u'networkConfig', {}), module).from_response(), + u'enableKubernetesAlpha': response.get(u'enableKubernetesAlpha'), } @@ -1900,6 +2037,21 @@ class ClusterClientcertificateconfig(object): return remove_nones_from_dict({u'issueClientCertificate': self.request.get(u'issueClientCertificate')}) +class ClusterDatabaseencryption(object): + def __init__(self, request, module): + self.module = module + if request: + self.request = request + else: + self.request = {} + + def to_request(self): + return remove_nones_from_dict({u'state': self.request.get('state'), u'keyName': self.request.get('key_name')}) + + def from_response(self): + return remove_nones_from_dict({u'state': self.request.get(u'state'), u'keyName': self.request.get(u'keyName')}) + + class ClusterPrivateclusterconfig(object): def __init__(self, request, module): self.module = module @@ -2198,5 +2350,39 @@ class ClusterBinaryauthorization(object): return remove_nones_from_dict({u'enabled': self.request.get(u'enabled')}) +class ClusterShieldednodes(object): + def __init__(self, request, module): + self.module = module + if request: + self.request = request + else: + self.request = {} + + def to_request(self): + return remove_nones_from_dict({u'enabled': self.request.get('enabled')}) + + def from_response(self): + return remove_nones_from_dict({u'enabled': self.request.get(u'enabled')}) + + +class ClusterNetworkconfig(object): + def __init__(self, request, module): + self.module = module + if request: + self.request = request + else: + self.request = {} + + def to_request(self): + return remove_nones_from_dict( + {u'enableIntraNodeVisibility': self.request.get('enable_intra_node_visibility'), u'defaultSnatStatus': self.request.get('default_snat_status')} + ) + + def from_response(self): + return remove_nones_from_dict( + {u'enableIntraNodeVisibility': self.request.get(u'enableIntraNodeVisibility'), u'defaultSnatStatus': self.request.get(u'defaultSnatStatus')} + ) + + if __name__ == '__main__': main() diff --git a/plugins/modules/gcp_container_cluster_info.py b/plugins/modules/gcp_container_cluster_info.py index b906f19..484871d 100644 --- a/plugins/modules/gcp_container_cluster_info.py +++ b/plugins/modules/gcp_container_cluster_info.py @@ -381,6 +381,24 @@ resources: If left unspecified, the default network will be used. returned: success type: str + databaseEncryption: + description: + - Configuration of etcd encryption. + returned: success + type: complex + contains: + state: + description: + - Denotes the state of etcd encryption. + returned: success + type: str + keyName: + description: + - Name of CloudKMS key to use for the encryption of secrets in etcd. Ex. + - "`projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key` + ." + returned: success + type: str privateClusterConfig: description: - Configuration for a private cluster. @@ -752,6 +770,58 @@ resources: - If enabled, all container images will be validated by Binary Authorization. returned: success type: bool + shieldedNodes: + description: + - Shielded Nodes configuration. + returned: success + type: complex + contains: + enabled: + description: + - Whether Shielded Nodes features are enabled on all nodes in this cluster. + returned: success + type: bool + networkConfig: + description: + - ReleaseChannel indicates which release channel a cluster is subscribed to. + - Release channels are arranged in order of risk and frequency of updates. + returned: success + type: complex + contains: + enableIntraNodeVisibility: + description: + - Whether Intra-node visibility is enabled for this cluster. This makes + same node pod to pod traffic visible for VPC network. + returned: success + type: bool + network: + description: + - The relative name of the Google Compute Engine network to which the cluster + is connected. + - 'Example: projects/my-project/global/networks/my-network .' + returned: success + type: str + subnetwork: + description: + - The relative name of the Google Compute Engine subnetwork to which the + cluster is connected. + - 'Example: projects/my-project/regions/us-central1/subnetworks/my-subnet + .' + returned: success + type: str + defaultSnatStatus: + description: + - Whether the cluster disables default in-node sNAT rules. In-node sNAT + rules will be disabled when defaultSnatStatus is disabled. + returned: success + type: bool + enableKubernetesAlpha: + description: + - Kubernetes alpha features are enabled on this cluster. This includes alpha + API groups (e.g. v1alpha1) and features that may not be production ready in + the kubernetes version of the master and nodes. + returned: success + type: bool location: description: - The location where the cluster is deployed. diff --git a/plugins/modules/gcp_container_node_pool.py b/plugins/modules/gcp_container_node_pool.py index 351428e..318711b 100644 --- a/plugins/modules/gcp_container_node_pool.py +++ b/plugins/modules/gcp_container_node_pool.py @@ -225,6 +225,20 @@ options: image when the instance is created. required: false type: bool + workload_meta_config: + description: + - WorkloadMetadataConfig defines the metadata configuration to expose to workloads + on the node pool. + required: false + type: dict + suboptions: + mode: + description: + - Mode is the configuration for how to expose metadata to workloads running + on the node pool. + - 'Some valid choices include: "GCE_METADATA", "GKE_METADATA"' + required: false + type: str initial_node_count: description: - The initial node count for the pool. You must ensure that your Compute Engine @@ -566,6 +580,19 @@ config: the instance is created. returned: success type: bool + workloadMetaConfig: + description: + - WorkloadMetadataConfig defines the metadata configuration to expose to workloads + on the node pool. + returned: success + type: complex + contains: + mode: + description: + - Mode is the configuration for how to expose metadata to workloads running + on the node pool. + returned: success + type: str initialNodeCount: description: - The initial node count for the pool. You must ensure that your Compute Engine @@ -736,6 +763,7 @@ def main(): shielded_instance_config=dict( type='dict', options=dict(enable_secure_boot=dict(type='bool'), enable_integrity_monitoring=dict(type='bool')) ), + workload_meta_config=dict(type='dict', options=dict(mode=dict(type='str'))), ), ), initial_node_count=dict(required=True, type='int'), @@ -968,6 +996,7 @@ class NodePoolConfig(object): u'minCpuPlatform': self.request.get('min_cpu_platform'), u'taints': NodePoolTaintsArray(self.request.get('taints', []), self.module).to_request(), u'shieldedInstanceConfig': NodePoolShieldedinstanceconfig(self.request.get('shielded_instance_config', {}), self.module).to_request(), + u'workloadMetaConfig': NodePoolWorkloadmetaconfig(self.request.get('workload_meta_config', {}), self.module).to_request(), } ) @@ -989,6 +1018,7 @@ class NodePoolConfig(object): u'minCpuPlatform': self.request.get(u'minCpuPlatform'), u'taints': NodePoolTaintsArray(self.request.get(u'taints', []), self.module).from_response(), u'shieldedInstanceConfig': NodePoolShieldedinstanceconfig(self.request.get(u'shieldedInstanceConfig', {}), self.module).from_response(), + u'workloadMetaConfig': NodePoolWorkloadmetaconfig(self.request.get(u'workloadMetaConfig', {}), self.module).from_response(), } ) @@ -1066,6 +1096,21 @@ class NodePoolShieldedinstanceconfig(object): ) +class NodePoolWorkloadmetaconfig(object): + def __init__(self, request, module): + self.module = module + if request: + self.request = request + else: + self.request = {} + + def to_request(self): + return remove_nones_from_dict({u'mode': self.request.get('mode')}) + + def from_response(self): + return remove_nones_from_dict({u'mode': self.request.get(u'mode')}) + + class NodePoolAutoscaling(object): def __init__(self, request, module): self.module = module diff --git a/plugins/modules/gcp_container_node_pool_info.py b/plugins/modules/gcp_container_node_pool_info.py index e2bceab..1b4dfbf 100644 --- a/plugins/modules/gcp_container_node_pool_info.py +++ b/plugins/modules/gcp_container_node_pool_info.py @@ -294,6 +294,19 @@ resources: image when the instance is created. returned: success type: bool + workloadMetaConfig: + description: + - WorkloadMetadataConfig defines the metadata configuration to expose to + workloads on the node pool. + returned: success + type: complex + contains: + mode: + description: + - Mode is the configuration for how to expose metadata to workloads + running on the node pool. + returned: success + type: str initialNodeCount: description: - The initial node count for the pool. You must ensure that your Compute Engine