From 7c4d1c582b202c6b53c65c5c429c50029a305eb7 Mon Sep 17 00:00:00 2001 From: The Magician Date: Wed, 15 Aug 2018 13:39:22 -0700 Subject: [PATCH] Object.input should == noneditable (#62) /cc @rambleraptor --- plugins/modules/gcp_compute_address.py | 23 +-- .../modules/gcp_compute_forwarding_rule.py | 6 +- plugins/modules/gcp_compute_global_address.py | 22 ++- .../modules/gcp_compute_instance_template.py | 144 ++++++++---------- plugins/modules/gcp_compute_route.py | 3 +- plugins/modules/gcp_compute_subnetwork.py | 44 +----- .../modules/gcp_compute_target_http_proxy.py | 18 +-- .../modules/gcp_compute_target_https_proxy.py | 48 +----- .../modules/gcp_compute_target_ssl_proxy.py | 48 +----- .../modules/gcp_compute_target_tcp_proxy.py | 6 +- .../modules/gcp_compute_target_vpn_gateway.py | 47 +++--- plugins/modules/gcp_compute_vpn_tunnel.py | 135 +++++++--------- 12 files changed, 169 insertions(+), 375 deletions(-) diff --git a/plugins/modules/gcp_compute_address.py b/plugins/modules/gcp_compute_address.py index 6e2a6f1..df536ed 100644 --- a/plugins/modules/gcp_compute_address.py +++ b/plugins/modules/gcp_compute_address.py @@ -101,9 +101,10 @@ options: - This field can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER purposes. - 'This field represents a link to a Subnetwork resource in GCP. It can be specified - in two ways. First, you can place in the selfLink of the resource here as a - string Alternatively, you can add `register: name-of-resource` to a gcp_compute_subnetwork - task and then set this subnetwork field to "{{ name-of-resource }}"' + in two ways. First, you can place a dictionary with key ''selfLink'' and value + of your resource''s selfLink Alternatively, you can add `register: name-of-resource` + to a gcp_compute_subnetwork task and then set this subnetwork field to "{{ name-of-resource + }}"' required: false version_added: 2.7 region: @@ -121,12 +122,12 @@ notes: EXAMPLES = ''' - name: create a address gcp_compute_address: - name: test-address1 - region: us-west1 - project: "test_project" - auth_kind: "serviceaccount" - service_account_file: "/tmp/auth.pem" - state: present + name: test-address1 + region: us-west1 + project: test_project + auth_kind: serviceaccount + service_account_file: "/tmp/auth.pem" + state: present ''' RETURN = ''' @@ -181,7 +182,7 @@ subnetwork: - This field can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER purposes. returned: success - type: str + type: dict users: description: - The URLs of the resources that are using this address. @@ -219,7 +220,7 @@ def main(): description=dict(type='str'), name=dict(required=True, type='str'), network_tier=dict(type='str', choices=['PREMIUM', 'STANDARD']), - subnetwork=dict(), + subnetwork=dict(type='dict'), region=dict(required=True, type='str'), ) ) diff --git a/plugins/modules/gcp_compute_forwarding_rule.py b/plugins/modules/gcp_compute_forwarding_rule.py index 50c697b..0c1e625 100644 --- a/plugins/modules/gcp_compute_forwarding_rule.py +++ b/plugins/modules/gcp_compute_forwarding_rule.py @@ -461,11 +461,7 @@ def create(module, link, kind): def update(module, link, kind): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/regions/{region}/forwardingRules/{name}/setTarget"]).format(**module.params), - {u'target': replace_resource_dict(module.params.get(u'target', {}), 'selfLink')}, - ) + module.fail_json(msg="ForwardingRule cannot be edited") def delete(module, link, kind): diff --git a/plugins/modules/gcp_compute_global_address.py b/plugins/modules/gcp_compute_global_address.py index f597b11..00bc1af 100644 --- a/plugins/modules/gcp_compute_global_address.py +++ b/plugins/modules/gcp_compute_global_address.py @@ -56,7 +56,6 @@ options: description: description: - An optional description of this resource. - - Provide this property when you create the resource. required: false name: description: @@ -69,8 +68,8 @@ options: required: true ip_version: description: - - The IP Version that will be used by this address. Valid options are IPV4 or - IPV6. The default value is IPV4. + - The IP Version that will be used by this address. Valid options are `IPV4` or + `IPV6`. The default value is `IPV4`. required: false choices: - IPV4 @@ -88,18 +87,18 @@ options: - INTERNAL extends_documentation_fragment: gcp notes: -- 'API Reference: U(https://cloud.google.com/compute/docs/reference/latest/globalAddresses)' +- 'API Reference: U(https://cloud.google.com/compute/docs/reference/v1/globalAddresses)' - 'Reserving a Static External IP Address: U(https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address)' ''' EXAMPLES = ''' - name: create a global address gcp_compute_global_address: - name: "test_object" - project: "test_project" - auth_kind: "serviceaccount" - service_account_file: "/tmp/auth.pem" - state: present + name: test_object + project: test_project + auth_kind: serviceaccount + service_account_file: "/tmp/auth.pem" + state: present ''' RETURN = ''' @@ -116,7 +115,6 @@ creationTimestamp: description: description: - An optional description of this resource. - - Provide this property when you create the resource. returned: success type: str id: @@ -136,8 +134,8 @@ name: type: str ipVersion: description: - - The IP Version that will be used by this address. Valid options are IPV4 or IPV6. - The default value is IPV4. + - The IP Version that will be used by this address. Valid options are `IPV4` or + `IPV6`. The default value is `IPV4`. returned: success type: str region: diff --git a/plugins/modules/gcp_compute_instance_template.py b/plugins/modules/gcp_compute_instance_template.py index 44ec013..566efea 100644 --- a/plugins/modules/gcp_compute_instance_template.py +++ b/plugins/modules/gcp_compute_instance_template.py @@ -123,11 +123,6 @@ options: - Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. required: false - sha256: - description: - - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - required: false index: description: - Assigns a zero-based index to this disk, where 0 is reserved for the @@ -179,11 +174,6 @@ options: - Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. required: false - sha256: - description: - - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - required: false interface: description: - Specifies the disk interface to use for attaching this disk, which is @@ -211,10 +201,10 @@ options: - Note that for InstanceTemplate, specify the disk name, not the URL for the disk. - 'This field represents a link to a Disk resource in GCP. It can be specified - in two ways. First, you can place in the name of the resource here as - a string Alternatively, you can add `register: name-of-resource` to - a gcp_compute_disk task and then set this source field to "{{ name-of-resource - }}"' + in two ways. First, you can place a dictionary with key ''name'' and + value of your resource''s name Alternatively, you can add `register: + name-of-resource` to a gcp_compute_disk task and then set this source + field to "{{ name-of-resource }}"' required: false type: description: @@ -283,10 +273,10 @@ options: IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. - 'This field represents a link to a Address resource in GCP. It can - be specified in two ways. First, you can place in the address of - the resource here as a string Alternatively, you can add `register: - name-of-resource` to a gcp_compute_address task and then set this - nat_ip field to "{{ name-of-resource }}"' + be specified in two ways. First, you can place a dictionary with + key ''address'' and value of your resource''s address Alternatively, + you can add `register: name-of-resource` to a gcp_compute_address + task and then set this nat_ip field to "{{ name-of-resource }}"' required: false type: description: @@ -315,11 +305,6 @@ options: range. If left unspecified, the primary range of the subnetwork will be used. required: false - name: - description: - - The name of the network interface, generated by the server. For network - devices, these are eth0, eth1, etc . - required: false network: description: - Specifies the title of an existing network. When creating an instance, @@ -327,10 +312,10 @@ options: network global/networks/default is used; if the network is not specified but the subnetwork is specified, the network is inferred. - 'This field represents a link to a Network resource in GCP. It can be - specified in two ways. First, you can place in the selfLink of the resource - here as a string Alternatively, you can add `register: name-of-resource` - to a gcp_compute_network task and then set this network field to "{{ - name-of-resource }}"' + specified in two ways. First, you can place a dictionary with key ''selfLink'' + and value of your resource''s selfLink Alternatively, you can add `register: + name-of-resource` to a gcp_compute_network task and then set this network + field to "{{ name-of-resource }}"' required: false network_ip: description: @@ -345,10 +330,10 @@ options: If the network is in auto subnet mode, providing the subnetwork is optional. If the network is in custom subnet mode, then this field should be specified. - 'This field represents a link to a Subnetwork resource in GCP. It can - be specified in two ways. First, you can place in the selfLink of the - resource here as a string Alternatively, you can add `register: name-of-resource` - to a gcp_compute_subnetwork task and then set this subnetwork field - to "{{ name-of-resource }}"' + be specified in two ways. First, you can place a dictionary with key + ''selfLink'' and value of your resource''s selfLink Alternatively, you + can add `register: name-of-resource` to a gcp_compute_subnetwork task + and then set this subnetwork field to "{{ name-of-resource }}"' required: false scheduling: description: @@ -418,43 +403,43 @@ extends_documentation_fragment: gcp EXAMPLES = ''' - name: create a network gcp_compute_network: - name: "network-instancetemplate" - project: "{{ gcp_project }}" - auth_kind: "{{ gcp_cred_kind }}" - service_account_file: "{{ gcp_cred_file }}" - state: present + name: network-instancetemplate + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present register: network - name: create a address gcp_compute_address: - name: "address-instancetemplate" - region: us-west1 - project: "{{ gcp_project }}" - auth_kind: "{{ gcp_cred_kind }}" - service_account_file: "{{ gcp_cred_file }}" - state: present + name: address-instancetemplate + region: us-west1 + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present register: address - name: create a instance template gcp_compute_instance_template: - name: "test_object" - properties: - disks: - - auto_delete: true - boot: true - initialize_params: - source_image: projects/ubuntu-os-cloud/global/images/family/ubuntu-1604-lts - machine_type: n1-standard-1 - network_interfaces: - - network: "{{ network }}" - access_configs: - - name: test-config - type: ONE_TO_ONE_NAT - nat_ip: "{{ address }}" - project: "test_project" - auth_kind: "serviceaccount" - service_account_file: "/tmp/auth.pem" - state: present + name: test_object + properties: + disks: + - auto_delete: 'true' + boot: 'true' + initialize_params: + source_image: projects/ubuntu-os-cloud/global/images/family/ubuntu-1604-lts + machine_type: n1-standard-1 + network_interfaces: + - network: "{{ network }}" + access_configs: + - name: test-config + type: ONE_TO_ONE_NAT + nat_ip: "{{ address }}" + project: test_project + auth_kind: serviceaccount + service_account_file: "/tmp/auth.pem" + state: present ''' RETURN = ''' @@ -641,7 +626,7 @@ properties: - Note that for InstanceTemplate, specify the disk name, not the URL for the disk. returned: success - type: str + type: dict type: description: - Specifies the type of the disk, either SCRATCH or PERSISTENT. If not specified, @@ -714,7 +699,7 @@ properties: IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance. returned: success - type: str + type: dict type: description: - The type of configuration. The default and only option is ONE_TO_ONE_NAT. @@ -756,7 +741,7 @@ properties: global/networks/default is used; if the network is not specified but the subnetwork is specified, the network is inferred. returned: success - type: str + type: dict networkIP: description: - An IPv4 internal network address to assign to the instance for this network @@ -771,7 +756,7 @@ properties: If the network is in auto subnet mode, providing the subnetwork is optional. If the network is in custom subnet mode, then this field should be specified. returned: success - type: str + type: dict scheduling: description: - Sets the scheduling options for this instance. @@ -878,9 +863,7 @@ def main(): auto_delete=dict(type='bool'), boot=dict(type='bool'), device_name=dict(type='str'), - disk_encryption_key=dict( - type='dict', options=dict(raw_key=dict(type='str'), rsa_encrypted_key=dict(type='str'), sha256=dict(type='str')) - ), + disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), rsa_encrypted_key=dict(type='str'))), index=dict(type='int'), initialize_params=dict( type='dict', @@ -889,12 +872,12 @@ def main(): disk_size_gb=dict(type='int'), disk_type=dict(type='str'), source_image=dict(type='str'), - source_image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), sha256=dict(type='str'))), + source_image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'))), ), ), interface=dict(type='str', choices=['SCSI', 'NVME']), mode=dict(type='str', choices=['READ_WRITE', 'READ_ONLY']), - source=dict(), + source=dict(type='dict'), type=dict(type='str', choices=['SCRATCH', 'PERSISTENT']), ), ), @@ -910,16 +893,17 @@ def main(): type='list', elements='dict', options=dict( - name=dict(required=True, type='str'), nat_ip=dict(), type=dict(required=True, type='str', choices=['ONE_TO_ONE_NAT']) + name=dict(required=True, type='str'), + nat_ip=dict(type='dict'), + type=dict(required=True, type='str', choices=['ONE_TO_ONE_NAT']), ), ), alias_ip_ranges=dict( type='list', elements='dict', options=dict(ip_cidr_range=dict(type='str'), subnetwork_range_name=dict(type='str')) ), - name=dict(type='str'), - network=dict(), + network=dict(type='dict'), network_ip=dict(type='str'), - subnetwork=dict(), + subnetwork=dict(type='dict'), ), ), scheduling=dict( @@ -1255,14 +1239,10 @@ class InstanceTemplateDiskencryptionkey(object): self.request = {} def to_request(self): - return remove_nones_from_dict( - {u'rawKey': self.request.get('raw_key'), u'rsaEncryptedKey': self.request.get('rsa_encrypted_key'), u'sha256': self.request.get('sha256')} - ) + return remove_nones_from_dict({u'rawKey': self.request.get('raw_key'), u'rsaEncryptedKey': self.request.get('rsa_encrypted_key')}) def from_response(self): - return remove_nones_from_dict( - {u'rawKey': self.request.get(u'rawKey'), u'rsaEncryptedKey': self.request.get(u'rsaEncryptedKey'), u'sha256': self.request.get(u'sha256')} - ) + return remove_nones_from_dict({u'rawKey': self.request.get(u'rawKey'), u'rsaEncryptedKey': self.request.get(u'rsaEncryptedKey')}) class InstanceTemplateInitializeparams(object): @@ -1309,10 +1289,10 @@ class InstanceTemplateSourceimageencryptionkey(object): self.request = {} def to_request(self): - return remove_nones_from_dict({u'rawKey': self.request.get('raw_key'), u'sha256': self.request.get('sha256')}) + return remove_nones_from_dict({u'rawKey': self.request.get('raw_key')}) def from_response(self): - return remove_nones_from_dict({u'rawKey': self.request.get(u'rawKey'), u'sha256': self.request.get(u'sha256')}) + return remove_nones_from_dict({u'rawKey': self.request.get(u'rawKey')}) class InstanceTemplateGuestacceleratorsArray(object): @@ -1367,7 +1347,6 @@ class InstanceTemplateNetworkinterfacesArray(object): { u'accessConfigs': InstanceTemplateAccessconfigsArray(item.get('access_configs', []), self.module).to_request(), u'aliasIpRanges': InstanceTemplateAliasiprangesArray(item.get('alias_ip_ranges', []), self.module).to_request(), - u'name': item.get('name'), u'network': replace_resource_dict(item.get(u'network', {}), 'selfLink'), u'networkIP': item.get('network_ip'), u'subnetwork': replace_resource_dict(item.get(u'subnetwork', {}), 'selfLink'), @@ -1379,7 +1358,6 @@ class InstanceTemplateNetworkinterfacesArray(object): { u'accessConfigs': InstanceTemplateAccessconfigsArray(item.get(u'accessConfigs', []), self.module).from_response(), u'aliasIpRanges': InstanceTemplateAliasiprangesArray(item.get(u'aliasIpRanges', []), self.module).from_response(), - u'name': item.get(u'name'), u'network': item.get(u'network'), u'networkIP': item.get(u'networkIP'), u'subnetwork': item.get(u'subnetwork'), diff --git a/plugins/modules/gcp_compute_route.py b/plugins/modules/gcp_compute_route.py index f15b990..74a5486 100644 --- a/plugins/modules/gcp_compute_route.py +++ b/plugins/modules/gcp_compute_route.py @@ -311,8 +311,7 @@ def create(module, link, kind): def update(module, link, kind): - auth = GcpSession(module, 'compute') - return wait_for_operation(module, auth.put(link, resource_to_request(module))) + module.fail_json(msg="Route cannot be edited") def delete(module, link, kind): diff --git a/plugins/modules/gcp_compute_subnetwork.py b/plugins/modules/gcp_compute_subnetwork.py index f33349d..b2607ea 100644 --- a/plugins/modules/gcp_compute_subnetwork.py +++ b/plugins/modules/gcp_compute_subnetwork.py @@ -322,48 +322,8 @@ def create(module, link, kind): return wait_for_operation(module, auth.post(link, resource_to_request(module))) -def update(module, link, kind, fetch): - update_fields(module, resource_to_request(module), response_to_hash(module, fetch)) - return fetch_resource(module, self_link(module), kind) - - -def update_fields(module, request, response): - if response.get('ipCidrRange') != request.get('ipCidrRange'): - ip_cidr_range_update(module, request, response) - if response.get('enableFlowLogs') != request.get('enableFlowLogs') or response.get('secondaryIpRanges') != request.get('secondaryIpRanges'): - enable_flow_logs_update(module, request, response) - if response.get('privateIpGoogleAccess') != request.get('privateIpGoogleAccess'): - private_ip_google_access_update(module, request, response) - - -def ip_cidr_range_update(module, request, response): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/regions/{region}/subnetworks/{name}/expandIpCidrRange"]).format(**module.params), - {u'ipCidrRange': module.params.get('ip_cidr_range')}, - ) - - -def enable_flow_logs_update(module, request, response): - auth = GcpSession(module, 'compute') - auth.patch( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/regions/{region}/subnetworks/{name}"]).format(**module.params), - { - u'enableFlowLogs': module.params.get('enable_flow_logs'), - u'fingerprint': response.get('fingerprint'), - u'secondaryIpRanges': SubnetworkSecondaryiprangesArray(module.params.get('secondary_ip_ranges', []), module).to_request(), - }, - ) - - -def private_ip_google_access_update(module, request, response): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/regions/{region}/subnetworks/{name}/setPrivateIpGoogleAccess"]).format( - **module.params - ), - {u'privateIpGoogleAccess': module.params.get('private_ip_google_access')}, - ) +def update(module, link, kind): + module.fail_json(msg="Subnetwork cannot be edited") def delete(module, link, kind): diff --git a/plugins/modules/gcp_compute_target_http_proxy.py b/plugins/modules/gcp_compute_target_http_proxy.py index ec150e1..2ed0ffe 100644 --- a/plugins/modules/gcp_compute_target_http_proxy.py +++ b/plugins/modules/gcp_compute_target_http_proxy.py @@ -228,22 +228,8 @@ def create(module, link, kind): return wait_for_operation(module, auth.post(link, resource_to_request(module))) -def update(module, link, kind, fetch): - update_fields(module, resource_to_request(module), response_to_hash(module, fetch)) - return fetch_resource(module, self_link(module), kind) - - -def update_fields(module, request, response): - if response.get('urlMap') != request.get('urlMap'): - url_map_update(module, request, response) - - -def url_map_update(module, request, response): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/targetHttpProxies/{name}/setUrlMap"]).format(**module.params), - {u'urlMap': replace_resource_dict(module.params.get(u'url_map', {}), 'selfLink')}, - ) +def update(module, link, kind): + module.fail_json(msg="TargetHttpProxy cannot be edited") def delete(module, link, kind): diff --git a/plugins/modules/gcp_compute_target_https_proxy.py b/plugins/modules/gcp_compute_target_https_proxy.py index 229d81a..2a71ad4 100644 --- a/plugins/modules/gcp_compute_target_https_proxy.py +++ b/plugins/modules/gcp_compute_target_https_proxy.py @@ -319,52 +319,8 @@ def create(module, link, kind): return wait_for_operation(module, auth.post(link, resource_to_request(module))) -def update(module, link, kind, fetch): - update_fields(module, resource_to_request(module), response_to_hash(module, fetch)) - return fetch_resource(module, self_link(module), kind) - - -def update_fields(module, request, response): - if response.get('quicOverride') != request.get('quicOverride'): - quic_override_update(module, request, response) - if response.get('sslCertificates') != request.get('sslCertificates'): - ssl_certificates_update(module, request, response) - if response.get('sslPolicy') != request.get('sslPolicy'): - ssl_policy_update(module, request, response) - if response.get('urlMap') != request.get('urlMap'): - url_map_update(module, request, response) - - -def quic_override_update(module, request, response): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/global/targetHttpsProxies/{name}/setQuicOverride"]).format(**module.params), - {u'quicOverride': module.params.get('quic_override')}, - ) - - -def ssl_certificates_update(module, request, response): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/targetHttpsProxies/{name}/setSslCertificates"]).format(**module.params), - {u'sslCertificates': replace_resource_dict(module.params.get('ssl_certificates', []), 'selfLink')}, - ) - - -def ssl_policy_update(module, request, response): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/global/targetHttpsProxies/{name}/setSslPolicy"]).format(**module.params), - {u'sslPolicy': replace_resource_dict(module.params.get(u'ssl_policy', {}), 'selfLink')}, - ) - - -def url_map_update(module, request, response): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/targetHttpsProxies/{name}/setUrlMap"]).format(**module.params), - {u'urlMap': replace_resource_dict(module.params.get(u'url_map', {}), 'selfLink')}, - ) +def update(module, link, kind): + module.fail_json(msg="TargetHttpsProxy cannot be edited") def delete(module, link, kind): diff --git a/plugins/modules/gcp_compute_target_ssl_proxy.py b/plugins/modules/gcp_compute_target_ssl_proxy.py index 0e00b0b..97baec6 100644 --- a/plugins/modules/gcp_compute_target_ssl_proxy.py +++ b/plugins/modules/gcp_compute_target_ssl_proxy.py @@ -305,52 +305,8 @@ def create(module, link, kind): return wait_for_operation(module, auth.post(link, resource_to_request(module))) -def update(module, link, kind, fetch): - update_fields(module, resource_to_request(module), response_to_hash(module, fetch)) - return fetch_resource(module, self_link(module), kind) - - -def update_fields(module, request, response): - if response.get('proxyHeader') != request.get('proxyHeader'): - proxy_header_update(module, request, response) - if response.get('service') != request.get('service'): - service_update(module, request, response) - if response.get('sslCertificates') != request.get('sslCertificates'): - ssl_certificates_update(module, request, response) - if response.get('sslPolicy') != request.get('sslPolicy'): - ssl_policy_update(module, request, response) - - -def proxy_header_update(module, request, response): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/global/targetSslProxies/{name}/setProxyHeader"]).format(**module.params), - {u'proxyHeader': module.params.get('proxy_header')}, - ) - - -def service_update(module, request, response): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/global/targetSslProxies/{name}/setBackendService"]).format(**module.params), - {u'service': replace_resource_dict(module.params.get(u'service', {}), 'selfLink')}, - ) - - -def ssl_certificates_update(module, request, response): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/global/targetSslProxies/{name}/setSslCertificates"]).format(**module.params), - {u'sslCertificates': replace_resource_dict(module.params.get('ssl_certificates', []), 'selfLink')}, - ) - - -def ssl_policy_update(module, request, response): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/global/targetSslProxies/{name}/setSslPolicy"]).format(**module.params), - {u'sslPolicy': replace_resource_dict(module.params.get(u'ssl_policy', {}), 'selfLink')}, - ) +def update(module, link, kind): + module.fail_json(msg="TargetSslProxy cannot be edited") def delete(module, link, kind): diff --git a/plugins/modules/gcp_compute_target_tcp_proxy.py b/plugins/modules/gcp_compute_target_tcp_proxy.py index 4efc30b..ec07c70 100644 --- a/plugins/modules/gcp_compute_target_tcp_proxy.py +++ b/plugins/modules/gcp_compute_target_tcp_proxy.py @@ -238,11 +238,7 @@ def create(module, link, kind): def update(module, link, kind): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/global/targetTcpProxies/{name}/setBackendService"]).format(**module.params), - {u'service': replace_resource_dict(module.params.get(u'service', {}), 'selfLink')}, - ) + module.fail_json(msg="TargetTcpProxy cannot be edited") def delete(module, link, kind): diff --git a/plugins/modules/gcp_compute_target_vpn_gateway.py b/plugins/modules/gcp_compute_target_vpn_gateway.py index 2ab6321..3e26ef4 100644 --- a/plugins/modules/gcp_compute_target_vpn_gateway.py +++ b/plugins/modules/gcp_compute_target_vpn_gateway.py @@ -65,9 +65,10 @@ options: description: - The network this VPN gateway is accepting traffic for. - 'This field represents a link to a Network resource in GCP. It can be specified - in two ways. First, you can place in the selfLink of the resource here as a - string Alternatively, you can add `register: name-of-resource` to a gcp_compute_network - task and then set this network field to "{{ name-of-resource }}"' + in two ways. First, you can place a dictionary with key ''selfLink'' and value + of your resource''s selfLink Alternatively, you can add `register: name-of-resource` + to a gcp_compute_network task and then set this network field to "{{ name-of-resource + }}"' required: true region: description: @@ -81,32 +82,32 @@ notes: EXAMPLES = ''' - name: create a address gcp_compute_address: - name: "address-vpngateway" - region: us-west1 - project: "{{ gcp_project }}" - auth_kind: "{{ gcp_cred_kind }}" - service_account_file: "{{ gcp_cred_file }}" - state: present + name: address-vpngateway + region: us-west1 + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present register: address - name: create a network gcp_compute_network: - name: "network-vpngateway" - project: "{{ gcp_project }}" - auth_kind: "{{ gcp_cred_kind }}" - service_account_file: "{{ gcp_cred_file }}" - state: present + name: network-vpngateway + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present register: network - name: create a target vpn gateway gcp_compute_target_vpn_gateway: - name: "test_object" - region: us-west1 - network: "{{ network }}" - project: "test_project" - auth_kind: "serviceaccount" - service_account_file: "/tmp/auth.pem" - state: present + name: test_object + region: us-west1 + network: "{{ network }}" + project: test_project + auth_kind: serviceaccount + service_account_file: "/tmp/auth.pem" + state: present ''' RETURN = ''' @@ -139,7 +140,7 @@ network: description: - The network this VPN gateway is accepting traffic for. returned: success - type: str + type: dict tunnels: description: - A list of references to VpnTunnel resources associated with this VPN gateway. @@ -179,7 +180,7 @@ def main(): state=dict(default='present', choices=['present', 'absent'], type='str'), description=dict(type='str'), name=dict(required=True, type='str'), - network=dict(required=True), + network=dict(required=True, type='dict'), region=dict(required=True, type='str'), ) ) diff --git a/plugins/modules/gcp_compute_vpn_tunnel.py b/plugins/modules/gcp_compute_vpn_tunnel.py index b01e884..ec7be3d 100644 --- a/plugins/modules/gcp_compute_vpn_tunnel.py +++ b/plugins/modules/gcp_compute_vpn_tunnel.py @@ -63,18 +63,19 @@ options: description: - URL of the Target VPN gateway with which this VPN tunnel is associated. - 'This field represents a link to a TargetVpnGateway resource in GCP. It can - be specified in two ways. First, you can place in the selfLink of the resource - here as a string Alternatively, you can add `register: name-of-resource` to - a gcp_compute_target_vpn_gateway task and then set this target_vpn_gateway field - to "{{ name-of-resource }}"' + be specified in two ways. First, you can place a dictionary with key ''selfLink'' + and value of your resource''s selfLink Alternatively, you can add `register: + name-of-resource` to a gcp_compute_target_vpn_gateway task and then set this + target_vpn_gateway field to "{{ name-of-resource }}"' required: true router: description: - URL of router resource to be used for dynamic routing. - 'This field represents a link to a Router resource in GCP. It can be specified - in two ways. First, you can place in the selfLink of the resource here as a - string Alternatively, you can add `register: name-of-resource` to a gcp_compute_router - task and then set this router field to "{{ name-of-resource }}"' + in two ways. First, you can place a dictionary with key ''selfLink'' and value + of your resource''s selfLink Alternatively, you can add `register: name-of-resource` + to a gcp_compute_router task and then set this router field to "{{ name-of-resource + }}"' required: false peer_ip: description: @@ -105,10 +106,6 @@ options: The ranges should be disjoint. - Only IPv4 is supported. required: false - labels: - description: - - Labels to apply to this VpnTunnel. - required: false region: description: - The region where the tunnel is located. @@ -123,54 +120,54 @@ notes: EXAMPLES = ''' - name: create a network gcp_compute_network: - name: "network-vpn-tunnel" - project: "{{ gcp_project }}" - auth_kind: "{{ gcp_cred_kind }}" - service_account_file: "{{ gcp_cred_file }}" - state: present + name: network-vpn-tunnel + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present register: network - name: create a router gcp_compute_router: - name: "router-vpn-tunnel" - network: "{{ network }}" - bgp: - asn: 64514 - advertise_mode: CUSTOM - advertised_groups: - - ALL_SUBNETS - advertised_ip_ranges: - - range: 1.2.3.4 - - range: 6.7.0.0/16 - region: us-central1 - project: "{{ gcp_project }}" - auth_kind: "{{ gcp_cred_kind }}" - service_account_file: "{{ gcp_cred_file }}" - state: present + name: router-vpn-tunnel + network: "{{ network }}" + bgp: + asn: 64514 + advertise_mode: CUSTOM + advertised_groups: + - ALL_SUBNETS + advertised_ip_ranges: + - range: 1.2.3.4 + - range: 6.7.0.0/16 + region: us-central1 + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present register: router - name: create a target vpn gateway gcp_compute_target_vpn_gateway: - name: "gateway-vpn-tunnel" - region: us-west1 - network: "{{ network }}" - project: "{{ gcp_project }}" - auth_kind: "{{ gcp_cred_kind }}" - service_account_file: "{{ gcp_cred_file }}" - state: present + name: gateway-vpn-tunnel + region: us-west1 + network: "{{ network }}" + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present register: gateway - name: create a vpn tunnel gcp_compute_vpn_tunnel: - name: "test_object" - region: us-west1 - target_vpn_gateway: "{{ gateway }}" - router: "{{ router }}" - shared_secret: super secret - project: "test_project" - auth_kind: "serviceaccount" - service_account_file: "/tmp/auth.pem" - state: present + name: test_object + region: us-west1 + target_vpn_gateway: "{{ gateway }}" + router: "{{ router }}" + shared_secret: super secret + project: test_project + auth_kind: serviceaccount + service_account_file: "/tmp/auth.pem" + state: present ''' RETURN = ''' @@ -197,12 +194,12 @@ targetVpnGateway: description: - URL of the Target VPN gateway with which this VPN tunnel is associated. returned: success - type: str + type: dict router: description: - URL of router resource to be used for dynamic routing. returned: success - type: str + type: dict peerIp: description: - IP address of the peer VPN gateway. Only IPv4 is supported. @@ -241,17 +238,6 @@ remoteTrafficSelector: - Only IPv4 is supported. returned: success type: list -labels: - description: - - Labels to apply to this VpnTunnel. - returned: success - type: dict -labelFingerprint: - description: - - The fingerprint used for optimistic locking of this resource. Used internally - during updates. - returned: success - type: str region: description: - The region where the tunnel is located. @@ -280,14 +266,13 @@ def main(): state=dict(default='present', choices=['present', 'absent'], type='str'), name=dict(required=True, type='str'), description=dict(type='str'), - target_vpn_gateway=dict(required=True), - router=dict(), + target_vpn_gateway=dict(required=True, type='dict'), + router=dict(type='dict'), peer_ip=dict(required=True, type='str'), shared_secret=dict(required=True, type='str'), ike_version=dict(default=2, type='int'), local_traffic_selector=dict(type='list', elements='str'), remote_traffic_selector=dict(type='list', elements='str'), - labels=dict(type='dict'), region=dict(required=True, type='str'), ) ) @@ -304,7 +289,7 @@ def main(): if fetch: if state == 'present': if is_different(module, fetch): - update(module, self_link(module), kind, fetch) + update(module, self_link(module), kind) fetch = fetch_resource(module, self_link(module), kind) changed = True else: @@ -314,7 +299,6 @@ def main(): else: if state == 'present': fetch = create(module, collection(module), kind) - labels_update(module, module.params, fetch) changed = True else: fetch = {} @@ -329,22 +313,8 @@ def create(module, link, kind): return wait_for_operation(module, auth.post(link, resource_to_request(module))) -def update(module, link, kind, fetch): - update_fields(module, resource_to_request(module), response_to_hash(module, fetch)) - return fetch_resource(module, self_link(module), kind) - - -def update_fields(module, request, response): - if response.get('labels') != request.get('labels'): - labels_update(module, request, response) - - -def labels_update(module, request, response): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/regions/{region}/vpnTunnels/{name}/setLabels"]).format(**module.params), - {u'labels': module.params.get('labels'), u'labelFingerprint': response.get('labelFingerprint')}, - ) +def update(module, link, kind): + module.fail_json(msg="VpnTunnel cannot be edited") def delete(module, link, kind): @@ -364,7 +334,6 @@ def resource_to_request(module): u'ikeVersion': module.params.get('ike_version'), u'localTrafficSelector': module.params.get('local_traffic_selector'), u'remoteTrafficSelector': module.params.get('remote_traffic_selector'), - u'labels': module.params.get('labels'), } return_vals = {} for k, v in request.items(): @@ -441,8 +410,6 @@ def response_to_hash(module, response): u'ikeVersion': response.get(u'ikeVersion'), u'localTrafficSelector': response.get(u'localTrafficSelector'), u'remoteTrafficSelector': response.get(u'remoteTrafficSelector'), - u'labels': response.get(u'labels'), - u'labelFingerprint': response.get(u'labelFingerprint'), }