ansible-collections/google.cloud
1
0
Fork 0
mirror of https://github.com/ansible-collections/google.cloud.git synced 2025-04-06 19:00:27 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

app engine firewall rules (#266)

Browse source 
Signed-off-by: Modular Magician <magic-modules@google.com>
This commit is contained in:
The Magician 2019-06-27 15:16:14 -07:00 committed by Alex Stephen
parent a5b60f5f5f
commit 45ae0a3a8e
6 changed files with 532 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

274
plugins/modules/gcp_appengine_firewall_rule.py Normal file
View file

@ -0,0 +1,274 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright (C) 2017 Google
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file at
# https://www.github.com/GoogleCloudPlatform/magic-modules
#
# ----------------------------------------------------------------------------
from __future__ import absolute_import, division, print_function
__metaclass__ = type
################################################################################
# Documentation
################################################################################
ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ["preview"], 'supported_by': 'community'}
DOCUMENTATION = '''
---
module: gcp_appengine_firewall_rule
description:
- A single firewall rule that is evaluated against incoming traffic and provides an
action to take on matched requests.
short_description: Creates a GCP FirewallRule
version_added: 2.9
author: Google Inc. (@googlecloudplatform)
requirements:
- python >= 2.6
- requests >= 2.18.4
- google-auth >= 1.3.0
options:
state:
description:
- Whether the given object should exist in GCP
choices:
- present
- absent
default: present
description:
description:
- An optional string description of this rule.
required: false
source_range:
description:
- IP address or range, defined using CIDR notation, of requests that this rule
applies to.
required: true
action:
description:
- The action to take if this rule matches.
- 'Some valid choices include: "UNSPECIFIED_ACTION", "ALLOW", "DENY"'
required: true
priority:
description:
- A positive integer that defines the order of rule evaluation.
- Rules with the lowest priority are evaluated first.
- A default rule at priority Int32.MaxValue matches all IPv4 and IPv6 traffic
when no previous rule matches. Only the action of this rule can be modified
by the user.
required: false
extends_documentation_fragment: gcp
notes:
- 'API Reference: U(https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.firewall.ingressRules)'
- 'Official Documentation: U(https://cloud.google.com/appengine/docs/standard/python/creating-firewalls#creating_firewall_rules)'
'''
EXAMPLES = '''
- name: create a firewall rule
gcp_appengine_firewall_rule:
priority: 1000
source_range: 10.0.0.0
action: ALLOW
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
'''
RETURN = '''
description:
description:
- An optional string description of this rule.
returned: success
type: str
sourceRange:
description:
- IP address or range, defined using CIDR notation, of requests that this rule applies
to.
returned: success
type: str
action:
description:
- The action to take if this rule matches.
returned: success
type: str
priority:
description:
- A positive integer that defines the order of rule evaluation.
- Rules with the lowest priority are evaluated first.
- A default rule at priority Int32.MaxValue matches all IPv4 and IPv6 traffic when
no previous rule matches. Only the action of this rule can be modified by the
user.
returned: success
type: int
'''
################################################################################
# Imports
################################################################################
from ansible.module_utils.gcp_utils import navigate_hash, GcpSession, GcpModule, GcpRequest, replace_resource_dict
import json
################################################################################
# Main
################################################################################
def main():
"""Main function"""
module = GcpModule(
argument_spec=dict(
state=dict(default='present', choices=['present', 'absent'], type='str'),
description=dict(type='str'),
source_range=dict(required=True, type='str'),
action=dict(required=True, type='str'),
priority=dict(type='int'),
)
)
if not module.params['scopes']:
module.params['scopes'] = ['https://www.googleapis.com/auth/cloud-platform']
state = module.params['state']
fetch = fetch_resource(module, self_link(module))
changed = False
if fetch:
if state == 'present':
if is_different(module, fetch):
update(module, self_link(module), fetch)
fetch = fetch_resource(module, self_link(module))
changed = True
else:
delete(module, self_link(module))
fetch = {}
changed = True
else:
if state == 'present':
fetch = create(module, collection(module))
changed = True
else:
fetch = {}
fetch.update({'changed': changed})
module.exit_json(**fetch)
def create(module, link):
auth = GcpSession(module, 'appengine')
return return_if_object(module, auth.post(link, resource_to_request(module)))
def update(module, link, fetch):
auth = GcpSession(module, 'appengine')
params = {'updateMask': updateMask(resource_to_request(module), response_to_hash(module, fetch))}
request = resource_to_request(module)
del request['name']
return return_if_object(module, auth.patch(link, request, params=params))
def updateMask(request, response):
update_mask = []
if request.get('description') != response.get('description'):
update_mask.append('description')
if request.get('sourceRange') != response.get('sourceRange'):
update_mask.append('sourceRange')
if request.get('action') != response.get('action'):
update_mask.append('action')
if request.get('priority') != response.get('priority'):
update_mask.append('priority')
return ','.join(update_mask)
def delete(module, link):
auth = GcpSession(module, 'appengine')
return return_if_object(module, auth.delete(link))
def resource_to_request(module):
request = {u'description': module.params.get('description'), u'sourceRange': module.params.get('source_range'), u'action': module.params.get('action')}
return_vals = {}
for k, v in request.items():
if v or v is False:
return_vals[k] = v
return return_vals
def fetch_resource(module, link, allow_not_found=True):
auth = GcpSession(module, 'appengine')
return return_if_object(module, auth.get(link), allow_not_found)
def self_link(module):
return "https://appengine.googleapis.com/v1/apps/{project}/firewall/ingressRules/{priority}".format(**module.params)
def collection(module):
return "https://appengine.googleapis.com/v1/apps/{project}/firewall/ingressRules".format(**module.params)
def return_if_object(module, response, allow_not_found=False):
# If not found, return nothing.
if allow_not_found and response.status_code == 404:
return None
# If no content, return nothing.
if response.status_code == 204:
return None
try:
module.raise_for_status(response)
result = response.json()
except getattr(json.decoder, 'JSONDecodeError', ValueError):
module.fail_json(msg="Invalid JSON response with error: %s" % response.text)
if navigate_hash(result, ['error', 'errors']):
module.fail_json(msg=navigate_hash(result, ['error', 'errors']))
return result
def is_different(module, response):
request = resource_to_request(module)
response = response_to_hash(module, response)
# Remove all output-only from response.
response_vals = {}
for k, v in response.items():
if k in request:
response_vals[k] = v
request_vals = {}
for k, v in request.items():
if k in response:
request_vals[k] = v
return GcpRequest(request_vals) != GcpRequest(response_vals)
# Remove unnecessary properties from the response.
# This is for doing comparisons with Ansible's current parameters.
def response_to_hash(module, response):
return {u'description': response.get(u'description'), u'sourceRange': response.get(u'sourceRange'), u'action': response.get(u'action')}
if __name__ == '__main__':
main()

146
plugins/modules/gcp_appengine_firewall_rule_facts.py Normal file
View file

@ -0,0 +1,146 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright (C) 2017 Google
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file at
# https://www.github.com/GoogleCloudPlatform/magic-modules
#
# ----------------------------------------------------------------------------
from __future__ import absolute_import, division, print_function
__metaclass__ = type
################################################################################
# Documentation
################################################################################
ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ["preview"], 'supported_by': 'community'}
DOCUMENTATION = '''
---
module: gcp_appengine_firewall_rule_facts
description:
- Gather facts for GCP FirewallRule
short_description: Gather facts for GCP FirewallRule
version_added: 2.9
author: Google Inc. (@googlecloudplatform)
requirements:
- python >= 2.6
- requests >= 2.18.4
- google-auth >= 1.3.0
options: {}
extends_documentation_fragment: gcp
'''
EXAMPLES = '''
- name: " a firewall rule facts"
gcp_appengine_firewall_rule_facts:
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: facts
'''
RETURN = '''
resources:
description: List of resources
returned: always
type: complex
contains:
description:
description:
- An optional string description of this rule.
returned: success
type: str
sourceRange:
description:
- IP address or range, defined using CIDR notation, of requests that this rule
applies to.
returned: success
type: str
action:
description:
- The action to take if this rule matches.
returned: success
type: str
priority:
description:
- A positive integer that defines the order of rule evaluation.
- Rules with the lowest priority are evaluated first.
- A default rule at priority Int32.MaxValue matches all IPv4 and IPv6 traffic
when no previous rule matches. Only the action of this rule can be modified
by the user.
returned: success
type: int
'''
################################################################################
# Imports
################################################################################
from ansible.module_utils.gcp_utils import navigate_hash, GcpSession, GcpModule, GcpRequest
import json
################################################################################
# Main
################################################################################
def main():
module = GcpModule(argument_spec=dict())
if not module.params['scopes']:
module.params['scopes'] = ['https://www.googleapis.com/auth/cloud-platform']
items = fetch_list(module, collection(module))
if items.get('ingressRules'):
items = items.get('ingressRules')
else:
items = []
return_value = {'resources': items}
module.exit_json(**return_value)
def collection(module):
return "https://appengine.googleapis.com/v1/apps/{project}/firewall/ingressRules".format(**module.params)
def fetch_list(module, link):
auth = GcpSession(module, 'appengine')
response = auth.get(link)
return return_if_object(module, response)
def return_if_object(module, response):
# If not found, return nothing.
if response.status_code == 404:
return None
# If no content, return nothing.
if response.status_code == 204:
return None
try:
module.raise_for_status(response)
result = response.json()
except getattr(json.decoder, 'JSONDecodeError', ValueError) as inst:
module.fail_json(msg="Invalid JSON response with error: %s" % inst)
if navigate_hash(result, ['error', 'errors']):
module.fail_json(msg=navigate_hash(result, ['error', 'errors']))
return result
if __name__ == "__main__":
main()

2
tests/integration/gcp_appengine_firewall_rule/aliases Normal file
View file

@ -0,0 +1,2 @@
cloud/gcp
unsupported

2
tests/integration/gcp_appengine_firewall_rule/defaults/main.yml Normal file
View file

@ -0,0 +1,2 @@
---
resource_name: "{{ resource_prefix }}"

0
tests/integration/gcp_appengine_firewall_rule/meta/main.yml Normal file
View file

108
tests/integration/gcp_appengine_firewall_rule/tasks/main.yml Normal file
View file

@ -0,0 +1,108 @@
---
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file at
# https://www.github.com/GoogleCloudPlatform/magic-modules
#
# ----------------------------------------------------------------------------
# Pre-test setup
- name: delete a firewall rule
gcp_appengine_firewall_rule:
priority: 1000
source_range: 10.0.0.0
action: ALLOW
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: absent
#----------------------------------------------------------
- name: create a firewall rule
gcp_appengine_firewall_rule:
priority: 1000
source_range: 10.0.0.0
action: ALLOW
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: result
- name: assert changed is true
assert:
that:
- result.changed == true
- name: verify that firewall_rule was created
gcp_appengine_firewall_rule_facts:
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/cloud-platform
register: results
- name: verify that command succeeded
assert:
that:
- results['resources'] | length >= 1
# ----------------------------------------------------------------------------
- name: create a firewall rule that already exists
gcp_appengine_firewall_rule:
priority: 1000
source_range: 10.0.0.0
action: ALLOW
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: result
- name: assert changed is false
assert:
that:
- result.changed == false
#----------------------------------------------------------
- name: delete a firewall rule
gcp_appengine_firewall_rule:
priority: 1000
source_range: 10.0.0.0
action: ALLOW
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: absent
register: result
- name: assert changed is true
assert:
that:
- result.changed == true
- name: verify that firewall_rule was deleted
gcp_appengine_firewall_rule_facts:
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/cloud-platform
register: results
- name: verify that command succeeded
assert:
that:
- results['resources'] | length == 0
# ----------------------------------------------------------------------------
- name: delete a firewall rule that does not exist
gcp_appengine_firewall_rule:
priority: 1000
source_range: 10.0.0.0
action: ALLOW
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: absent
register: result
- name: assert changed is false
assert:
that:
- result.changed == false