IPsec-encrypted Interconnect GA (#4813) (#424)

* Move ipsec interconnect to ga

* Remove beta only docs note

Signed-off-by: Modular Magician <magic-modules@google.com>

plugins/modules/gcp_compute_address.py

@@ -92,9 +92,9 @@ options:
     - "* SHARED_LOADBALANCER_VIP for an address that can be used by multiple internal
       load balancers."
     - "* VPC_PEERING for addresses that are reserved for VPC peer networks."
-    - "* IPSEC_INTERCONNECT (Beta only) for addresses created from a private IP range
+    - "* IPSEC_INTERCONNECT for addresses created from a private IP range that are
-      that are reserved for a VLAN attachment in an IPsec-encrypted Cloud Interconnect
+      reserved for a VLAN attachment in an IPsec-encrypted Cloud Interconnect configuration.
-      configuration. These addresses are regional resources."
+      These addresses are regional resources."
     - This should only be set when using an Internal address.
     required: false
     type: str
@@ -118,6 +118,22 @@ options:
       }}"'
     required: false
     type: dict
+  network:
+    description:
+    - The URL of the network in which to reserve the address. This field can only
+      be used with INTERNAL type with the VPC_PEERING and IPSEC_INTERCONNECT purposes.
+    - 'This field represents a link to a Network resource in GCP. It can be specified
+      in two ways. First, you can place a dictionary with key ''selfLink'' and value
+      of your resource''s selfLink Alternatively, you can add `register: name-of-resource`
+      to a gcp_compute_network task and then set this network field to "{{ name-of-resource
+      }}"'
+    required: false
+    type: dict
+  prefix_length:
+    description:
+    - The prefix length if the resource represents an IP range.
+    required: false
+    type: int
   region:
     description:
     - URL of the region where the regional address resides.
@@ -234,9 +250,9 @@ purpose:
   - "* SHARED_LOADBALANCER_VIP for an address that can be used by multiple internal
     load balancers."
   - "* VPC_PEERING for addresses that are reserved for VPC peer networks."
-  - "* IPSEC_INTERCONNECT (Beta only) for addresses created from a private IP range
+  - "* IPSEC_INTERCONNECT for addresses created from a private IP range that are reserved
-    that are reserved for a VLAN attachment in an IPsec-encrypted Cloud Interconnect
+    for a VLAN attachment in an IPsec-encrypted Cloud Interconnect configuration.
-    configuration. These addresses are regional resources."
+    These addresses are regional resources."
   - This should only be set when using an Internal address.
   returned: success
   type: str
@@ -267,6 +283,17 @@ status:
     is currently being used by another resource and is not available.
   returned: success
   type: str
+network:
+  description:
+  - The URL of the network in which to reserve the address. This field can only be
+    used with INTERNAL type with the VPC_PEERING and IPSEC_INTERCONNECT purposes.
+  returned: success
+  type: dict
+prefixLength:
+  description:
+  - The prefix length if the resource represents an IP range.
+  returned: success
+  type: int
 region:
   description:
   - URL of the region where the regional address resides.
@@ -301,6 +328,8 @@ def main():
             purpose=dict(type='str'),
             network_tier=dict(type='str'),
             subnetwork=dict(type='dict'),
+            network=dict(type='dict'),
+            prefix_length=dict(type='int'),
             region=dict(required=True, type='str'),
         )
     )
@@ -361,6 +390,8 @@ def resource_to_request(module):
         u'purpose': module.params.get('purpose'),
         u'networkTier': module.params.get('network_tier'),
         u'subnetwork': replace_resource_dict(module.params.get(u'subnetwork', {}), 'selfLink'),
+        u'network': replace_resource_dict(module.params.get(u'network', {}), 'selfLink'),
+        u'prefixLength': module.params.get('prefix_length'),
     }
     return_vals = {}
     for k, v in request.items():
@@ -437,6 +468,8 @@ def response_to_hash(module, response):
         u'subnetwork': response.get(u'subnetwork'),
         u'users': response.get(u'users'),
         u'status': response.get(u'status'),
+        u'network': response.get(u'network'),
+        u'prefixLength': response.get(u'prefixLength'),
     }
 
 

plugins/modules/gcp_compute_address_info.py

@@ -164,9 +164,9 @@ resources:
       - "* SHARED_LOADBALANCER_VIP for an address that can be used by multiple internal
         load balancers."
       - "* VPC_PEERING for addresses that are reserved for VPC peer networks."
-      - "* IPSEC_INTERCONNECT (Beta only) for addresses created from a private IP
+      - "* IPSEC_INTERCONNECT for addresses created from a private IP range that are
-        range that are reserved for a VLAN attachment in an IPsec-encrypted Cloud
+        reserved for a VLAN attachment in an IPsec-encrypted Cloud Interconnect configuration.
-        Interconnect configuration. These addresses are regional resources."
+        These addresses are regional resources."
       - This should only be set when using an Internal address.
       returned: success
       type: str
@@ -197,6 +197,17 @@ resources:
         is currently being used by another resource and is not available.
       returned: success
       type: str
+    network:
+      description:
+      - The URL of the network in which to reserve the address. This field can only
+        be used with INTERNAL type with the VPC_PEERING and IPSEC_INTERCONNECT purposes.
+      returned: success
+      type: dict
+    prefixLength:
+      description:
+      - The prefix length if the resource represents an IP range.
+      returned: success
+      type: int
     region:
       description:
       - URL of the region where the regional address resides.

plugins/modules/gcp_compute_interconnect_attachment.py

@@ -144,6 +144,38 @@ options:
       PARTNER type this will be managed upstream.
     required: false
     type: int
+  ipsec_internal_addresses:
+    description:
+    - URL of addresses that have been reserved for the interconnect attachment, Used
+      only for interconnect attachment that has the encryption option as IPSEC.
+    - The addresses must be RFC 1918 IP address ranges. When creating HA VPN gateway
+      over the interconnect attachment, if the attachment is configured to use an
+      RFC 1918 IP address, then the VPN gateway's IP address will be allocated from
+      the IP address range specified here.
+    - For example, if the HA VPN gateway's interface 0 is paired to this interconnect
+      attachment, then an RFC 1918 IP address for the VPN gateway interface 0 will
+      be allocated from the IP address specified for this interconnect attachment.
+    - If this field is not specified for interconnect attachment that has encryption
+      option as IPSEC, later on when creating HA VPN gateway on this interconnect
+      attachment, the HA VPN gateway's IP address will be allocated from regional
+      external IP address pool.
+    elements: dict
+    required: false
+    type: list
+  encryption:
+    description:
+    - 'Indicates the user-supplied encryption option of this interconnect attachment:
+      NONE is the default value, which means that the attachment carries unencrypted
+      traffic. VMs can send traffic to, or receive traffic from, this type of attachment.'
+    - IPSEC indicates that the attachment carries only traffic encrypted by an IPsec
+      device such as an HA VPN gateway. VMs cannot directly send traffic to, or receive
+      traffic from, such an attachment. To use IPsec-encrypted Cloud Interconnect
+      create the attachment using this option.
+    - Not currently available publicly.
+    - 'Some valid choices include: "NONE", "IPSEC"'
+    required: false
+    default: NONE
+    type: str
   region:
     description:
     - Region where the regional interconnect attachment resides.
@@ -348,6 +380,35 @@ vlanTag8021q:
     PARTNER type this will be managed upstream.
   returned: success
   type: int
+ipsecInternalAddresses:
+  description:
+  - URL of addresses that have been reserved for the interconnect attachment, Used
+    only for interconnect attachment that has the encryption option as IPSEC.
+  - The addresses must be RFC 1918 IP address ranges. When creating HA VPN gateway
+    over the interconnect attachment, if the attachment is configured to use an RFC
+    1918 IP address, then the VPN gateway's IP address will be allocated from the
+    IP address range specified here.
+  - For example, if the HA VPN gateway's interface 0 is paired to this interconnect
+    attachment, then an RFC 1918 IP address for the VPN gateway interface 0 will be
+    allocated from the IP address specified for this interconnect attachment.
+  - If this field is not specified for interconnect attachment that has encryption
+    option as IPSEC, later on when creating HA VPN gateway on this interconnect attachment,
+    the HA VPN gateway's IP address will be allocated from regional external IP address
+    pool.
+  returned: success
+  type: list
+encryption:
+  description:
+  - 'Indicates the user-supplied encryption option of this interconnect attachment:
+    NONE is the default value, which means that the attachment carries unencrypted
+    traffic. VMs can send traffic to, or receive traffic from, this type of attachment.'
+  - IPSEC indicates that the attachment carries only traffic encrypted by an IPsec
+    device such as an HA VPN gateway. VMs cannot directly send traffic to, or receive
+    traffic from, such an attachment. To use IPsec-encrypted Cloud Interconnect create
+    the attachment using this option.
+  - Not currently available publicly.
+  returned: success
+  type: str
 region:
   description:
   - Region where the regional interconnect attachment resides.
@@ -393,6 +454,8 @@ def main():
             name=dict(required=True, type='str'),
             candidate_subnets=dict(type='list', elements='str'),
             vlan_tag8021q=dict(type='int'),
+            ipsec_internal_addresses=dict(type='list', elements='dict'),
+            encryption=dict(default='NONE', type='str'),
             region=dict(required=True, type='str'),
         )
     )
@@ -457,6 +520,8 @@ def resource_to_request(module):
         u'name': module.params.get('name'),
         u'candidateSubnets': module.params.get('candidate_subnets'),
         u'vlanTag8021q': module.params.get('vlan_tag8021q'),
+        u'ipsecInternalAddresses': replace_resource_dict(module.params.get('ipsec_internal_addresses', []), 'selfLink'),
+        u'encryption': module.params.get('encryption'),
     }
     return_vals = {}
     for k, v in request.items():
@@ -542,6 +607,8 @@ def response_to_hash(module, response):
         u'name': module.params.get('name'),
         u'candidateSubnets': module.params.get('candidate_subnets'),
         u'vlanTag8021q': module.params.get('vlan_tag8021q'),
+        u'ipsecInternalAddresses': replace_resource_dict(module.params.get('ipsec_internal_addresses', []), 'selfLink'),
+        u'encryption': module.params.get('encryption'),
     }
 
 

plugins/modules/gcp_compute_interconnect_attachment_info.py

@@ -265,6 +265,35 @@ resources:
         PARTNER type this will be managed upstream.
       returned: success
       type: int
+    ipsecInternalAddresses:
+      description:
+      - URL of addresses that have been reserved for the interconnect attachment,
+        Used only for interconnect attachment that has the encryption option as IPSEC.
+      - The addresses must be RFC 1918 IP address ranges. When creating HA VPN gateway
+        over the interconnect attachment, if the attachment is configured to use an
+        RFC 1918 IP address, then the VPN gateway's IP address will be allocated from
+        the IP address range specified here.
+      - For example, if the HA VPN gateway's interface 0 is paired to this interconnect
+        attachment, then an RFC 1918 IP address for the VPN gateway interface 0 will
+        be allocated from the IP address specified for this interconnect attachment.
+      - If this field is not specified for interconnect attachment that has encryption
+        option as IPSEC, later on when creating HA VPN gateway on this interconnect
+        attachment, the HA VPN gateway's IP address will be allocated from regional
+        external IP address pool.
+      returned: success
+      type: list
+    encryption:
+      description:
+      - 'Indicates the user-supplied encryption option of this interconnect attachment:
+        NONE is the default value, which means that the attachment carries unencrypted
+        traffic. VMs can send traffic to, or receive traffic from, this type of attachment.'
+      - IPSEC indicates that the attachment carries only traffic encrypted by an IPsec
+        device such as an HA VPN gateway. VMs cannot directly send traffic to, or
+        receive traffic from, such an attachment. To use IPsec-encrypted Cloud Interconnect
+        create the attachment using this option.
+      - Not currently available publicly.
+      returned: success
+      type: str
     region:
       description:
       - Region where the regional interconnect attachment resides.