From 18b7e91e05036de7de9f090197dbae3bcfc418a5 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 18 Nov 2022 08:53:31 +0100 Subject: [PATCH] Enhance missing suboptions for disk_encryption_key and source_snapshot_encryption_key of module gcp_compute_region_disk.py --- plugins/modules/gcp_compute_region_disk.py | 88 ++++++++++++++++++++-- 1 file changed, 82 insertions(+), 6 deletions(-) diff --git a/plugins/modules/gcp_compute_region_disk.py b/plugins/modules/gcp_compute_region_disk.py index 17d1285..62d489b 100644 --- a/plugins/modules/gcp_compute_region_disk.py +++ b/plugins/modules/gcp_compute_region_disk.py @@ -139,6 +139,19 @@ options: base64 to either encrypt or decrypt this resource. required: false type: str + kms_key_name: + description: + - The name of the encryption key that is stored in Google Cloud KMS. + - Your project's Compute Engine System service account (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) + must have `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. + required: false + type: str + kms_key_service_account: + description: + - The service account used for the encryption request for the given KMS key. + - If absent, the Compute Engine Service Agent service account is used. + required: false + type: str source_snapshot: description: - The source snapshot used to create this disk. You can provide this as a partial @@ -163,6 +176,17 @@ options: base64 to either encrypt or decrypt this resource. required: false type: str + kms_key_name: + description: + - The name of the encryption key that is stored in Google Cloud KMS. + required: false + type: str + kms_key_service_account: + description: + - The service account used for the encryption request for the given KMS key. + - If absent, the Compute Engine Service Agent service account is used. + required: false + type: str project: description: - The Google Cloud Platform project to use. @@ -352,6 +376,19 @@ diskEncryptionKey: key that protects this resource. returned: success type: str + kmsKeyName: + description: + - The name of the encryption key that is stored in Google Cloud KMS. + - Your project's Compute Engine System service account (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) + must have `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. + returned: success + type: str + kmsKeyServiceAccount: + description: + - The service account used for the encryption request for the given KMS key. + - If absent, the Compute Engine Service Agent service account is used. + returned: success + type: str sourceSnapshot: description: - The source snapshot used to create this disk. You can provide this as a partial @@ -377,6 +414,17 @@ sourceSnapshotEncryptionKey: key that protects this resource. returned: success type: str + kmsKeyName: + description: + - The name of the encryption key that is stored in Google Cloud KMS. + returned: success + type: str + kmsKeyServiceAccount: + description: + - The service account used for the encryption request for the given KMS key. + - If absent, the Compute Engine Service Agent service account is used. + returned: success + type: str sourceSnapshotId: description: - The unique ID of the snapshot used to create this disk. This value identifies @@ -424,9 +472,13 @@ def main(): replica_zones=dict(required=True, type='list', elements='str'), type=dict(type='str'), region=dict(required=True, type='str'), - disk_encryption_key=dict(type='dict', no_log=True, options=dict(raw_key=dict(type='str'))), + disk_encryption_key=dict( + type='dict', no_log=True, options=dict(raw_key=dict(type='str'), kms_key_name=dict(type='str'), kms_key_service_account=dict(type='str')) + ), source_snapshot=dict(type='dict'), - source_snapshot_encryption_key=dict(type='dict', no_log=True, options=dict(raw_key=dict(type='str'))), + source_snapshot_encryption_key=dict( + type='dict', no_log=True, options=dict(raw_key=dict(type='str'), kms_key_name=dict(type='str'), kms_key_service_account=dict(type='str')) + ), ) ) @@ -656,10 +708,22 @@ class RegionDiskDiskencryptionkey(object): self.request = {} def to_request(self): - return remove_nones_from_dict({u'rawKey': self.request.get('raw_key')}) + return remove_nones_from_dict( + { + u'rawKey': self.request.get('raw_key'), + u'kmsKeyName': self.request.get('kms_key_name'), + u'kmsKeyServiceAccount': self.request.get('kms_key_service_account'), + } + ) def from_response(self): - return remove_nones_from_dict({u'rawKey': self.request.get(u'rawKey')}) + return remove_nones_from_dict( + { + u'rawKey': self.request.get(u'rawKey'), + u'kmsKeyName': self.request.get(u'kmsKeyName'), + u'kmsKeyServiceAccount': self.request.get(u'kmsKeyServiceAccount'), + } + ) class RegionDiskSourcesnapshotencryptionkey(object): @@ -671,10 +735,22 @@ class RegionDiskSourcesnapshotencryptionkey(object): self.request = {} def to_request(self): - return remove_nones_from_dict({u'rawKey': self.request.get('raw_key')}) + return remove_nones_from_dict( + { + u'rawKey': self.request.get('raw_key'), + u'kmsKeyName': self.request.get('kms_key_name'), + u'kmsKeyServiceAccount': self.request.get('kms_key_service_account'), + } + ) def from_response(self): - return remove_nones_from_dict({u'rawKey': self.request.get(u'rawKey')}) + return remove_nones_from_dict( + { + u'rawKey': self.request.get(u'rawKey'), + u'kmsKeyName': self.request.get(u'kmsKeyName'), + u'kmsKeyServiceAccount': self.request.get(u'kmsKeyServiceAccount'), + } + ) if __name__ == '__main__':