From 71a05be3af6497e6a26554b18d66c2495b7f462b Mon Sep 17 00:00:00 2001
From: The Magician <magic-modules@google.com>
Date: Tue, 15 Jun 2021 11:31:26 -0700
Subject: [PATCH] Allow redisVersion to change, promoted some fields to GA
 (#4838) (#431)

* Allow redisVersion to change, promoted some fields to GA

* allow updating properties if update method is defined at the field level

* upgrade post url

* fix current resources to not reference url

* add support for forceNew if version is shrinking

* don't send request if not updating anything.. request fails if update mask is empty.. also add more tests

* fix spelling mistake

* fix rake issues

* remove transcription mode... forces new on change

Signed-off-by: Modular Magician <magic-modules@google.com>
---
 .../modules/gcp_compute_backend_service.py    | 18 +---
 plugins/modules/gcp_redis_instance.py         | 92 ++++++++++++++++++-
 plugins/modules/gcp_redis_instance_info.py    | 39 ++++++++
 3 files changed, 131 insertions(+), 18 deletions(-)

diff --git a/plugins/modules/gcp_compute_backend_service.py b/plugins/modules/gcp_compute_backend_service.py
index e534ab8..c09dd08 100644
--- a/plugins/modules/gcp_compute_backend_service.py
+++ b/plugins/modules/gcp_compute_backend_service.py
@@ -1416,7 +1416,7 @@ def main():
     if fetch:
         if state == 'present':
             if is_different(module, fetch):
-                update(module, self_link(module), kind, fetch)
+                update(module, self_link(module), kind)
                 fetch = fetch_resource(module, self_link(module), kind)
                 changed = True
         else:
@@ -1440,25 +1440,11 @@ def create(module, link, kind):
     return wait_for_operation(module, auth.post(link, resource_to_request(module)))
 
 
-def update(module, link, kind, fetch):
-    update_fields(module, resource_to_request(module), response_to_hash(module, fetch))
+def update(module, link, kind):
     auth = GcpSession(module, 'compute')
     return wait_for_operation(module, auth.put(link, resource_to_request(module)))
 
 
-def update_fields(module, request, response):
-    if response.get('securityPolicy') != request.get('securityPolicy'):
-        security_policy_update(module, request, response)
-
-
-def security_policy_update(module, request, response):
-    auth = GcpSession(module, 'compute')
-    auth.post(
-        ''.join(["https://compute.googleapis.com/compute/v1/", "projects/{project}/global/backendServices/{name}/setSecurityPolicy"]).format(**module.params),
-        {u'securityPolicy': module.params.get('security_policy')},
-    )
-
-
 def delete(module, link, kind):
     auth = GcpSession(module, 'compute')
     return wait_for_operation(module, auth.delete(link))
diff --git a/plugins/modules/gcp_redis_instance.py b/plugins/modules/gcp_redis_instance.py
index ae2ca88..3a400b1 100644
--- a/plugins/modules/gcp_redis_instance.py
+++ b/plugins/modules/gcp_redis_instance.py
@@ -135,6 +135,16 @@ options:
     required: false
     default: BASIC
     type: str
+  transit_encryption_mode:
+    description:
+    - The TLS mode of the Redis instance, If not provided, TLS is disabled for the
+      instance.
+    - "- SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server
+      authentcation ."
+    - 'Some valid choices include: "SERVER_AUTHENTICATION", "DISABLED"'
+    required: false
+    default: DISABLED
+    type: str
   region:
     description:
     - The name of the Redis region of the instance.
@@ -338,6 +348,44 @@ tier:
     instance - STANDARD_HA: highly available primary/replica instances .'
   returned: success
   type: str
+transitEncryptionMode:
+  description:
+  - The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance.
+  - "- SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server
+    authentcation ."
+  returned: success
+  type: str
+serverCaCerts:
+  description:
+  - List of server CA certificates for the instance.
+  returned: success
+  type: complex
+  contains:
+    serialNumber:
+      description:
+      - Serial number, as extracted from the certificate.
+      returned: success
+      type: str
+    cert:
+      description:
+      - Serial number, as extracted from the certificate.
+      returned: success
+      type: str
+    createTime:
+      description:
+      - The time when the certificate was created.
+      returned: success
+      type: str
+    expireTime:
+      description:
+      - The time when the certificate expires.
+      returned: success
+      type: str
+    sha1Fingerprint:
+      description:
+      - Sha1 Fingerprint of the certificate.
+      returned: success
+      type: str
 region:
   description:
   - The name of the Redis region of the instance.
@@ -349,7 +397,14 @@ region:
 # Imports
 ################################################################################
 
-from ansible_collections.google.cloud.plugins.module_utils.gcp_utils import navigate_hash, GcpSession, GcpModule, GcpRequest, replace_resource_dict
+from ansible_collections.google.cloud.plugins.module_utils.gcp_utils import (
+    navigate_hash,
+    GcpSession,
+    GcpModule,
+    GcpRequest,
+    remove_nones_from_dict,
+    replace_resource_dict,
+)
 import json
 import time
 
@@ -377,6 +432,7 @@ def main():
             redis_version=dict(type='str'),
             reserved_ip_range=dict(type='str'),
             tier=dict(default='BASIC', type='str'),
+            transit_encryption_mode=dict(default='DISABLED', type='str'),
             region=dict(required=True, type='str'),
         )
     )
@@ -436,6 +492,8 @@ def updateMask(request, response):
         update_mask.append('redisConfigs')
     if request.get('memorySizeGb') != response.get('memorySizeGb'):
         update_mask.append('memorySizeGb')
+    if request.get('redisVersion') != response.get('redisVersion'):
+        update_mask.append('redisVersion')
     return ','.join(update_mask)
 
 
@@ -459,6 +517,7 @@ def resource_to_request(module):
         u'redisVersion': module.params.get('redis_version'),
         u'reservedIpRange': module.params.get('reserved_ip_range'),
         u'tier': module.params.get('tier'),
+        u'transitEncryptionMode': module.params.get('transit_encryption_mode'),
     }
     return_vals = {}
     for k, v in request.items():
@@ -543,9 +602,11 @@ def response_to_hash(module, response):
         u'memorySizeGb': response.get(u'memorySizeGb'),
         u'port': response.get(u'port'),
         u'persistenceIamIdentity': response.get(u'persistenceIamIdentity'),
-        u'redisVersion': module.params.get('redis_version'),
+        u'redisVersion': response.get(u'redisVersion'),
         u'reservedIpRange': module.params.get('reserved_ip_range'),
         u'tier': module.params.get('tier'),
+        u'transitEncryptionMode': module.params.get('transit_encryption_mode'),
+        u'serverCaCerts': InstanceServercacertsArray(response.get(u'serverCaCerts', []), module).from_response(),
     }
 
 
@@ -585,5 +646,32 @@ def raise_if_errors(response, err_path, module):
         module.fail_json(msg=errors)
 
 
+class InstanceServercacertsArray(object):
+    def __init__(self, request, module):
+        self.module = module
+        if request:
+            self.request = request
+        else:
+            self.request = []
+
+    def to_request(self):
+        items = []
+        for item in self.request:
+            items.append(self._request_for_item(item))
+        return items
+
+    def from_response(self):
+        items = []
+        for item in self.request:
+            items.append(self._response_from_item(item))
+        return items
+
+    def _request_for_item(self, item):
+        return remove_nones_from_dict({})
+
+    def _response_from_item(self, item):
+        return remove_nones_from_dict({})
+
+
 if __name__ == '__main__':
     main()
diff --git a/plugins/modules/gcp_redis_instance_info.py b/plugins/modules/gcp_redis_instance_info.py
index 5c3f4b4..c080cf2 100644
--- a/plugins/modules/gcp_redis_instance_info.py
+++ b/plugins/modules/gcp_redis_instance_info.py
@@ -227,6 +227,45 @@ resources:
         instance - STANDARD_HA: highly available primary/replica instances .'
       returned: success
       type: str
+    transitEncryptionMode:
+      description:
+      - The TLS mode of the Redis instance, If not provided, TLS is disabled for the
+        instance.
+      - "- SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with
+        server authentcation ."
+      returned: success
+      type: str
+    serverCaCerts:
+      description:
+      - List of server CA certificates for the instance.
+      returned: success
+      type: complex
+      contains:
+        serialNumber:
+          description:
+          - Serial number, as extracted from the certificate.
+          returned: success
+          type: str
+        cert:
+          description:
+          - Serial number, as extracted from the certificate.
+          returned: success
+          type: str
+        createTime:
+          description:
+          - The time when the certificate was created.
+          returned: success
+          type: str
+        expireTime:
+          description:
+          - The time when the certificate expires.
+          returned: success
+          type: str
+        sha1Fingerprint:
+          description:
+          - Sha1 Fingerprint of the certificate.
+          returned: success
+          type: str
     region:
       description:
       - The name of the Redis region of the instance.