mirror of
				https://github.com/ansible-collections/google.cloud.git
				synced 2025-10-25 05:24:05 -07:00 
			
		
		
		
	Bug fixes for gcp_compute_firewall (#42807)
This commit is contained in:
		
					parent
					
						
							
								35bb587b7b
							
						
					
				
			
			
				commit
				
					
						d3ab5ba142
					
				
			
		
					 2 changed files with 88 additions and 89 deletions
				
			
		|  | @ -88,11 +88,10 @@ options: | ||||||
|         required: false |         required: false | ||||||
|     network: |     network: | ||||||
|         description: |         description: | ||||||
|             - 'URL of the network resource for this firewall rule. If not |             - 'URL of the network resource for this firewall rule. If not specified when creating | ||||||
|               specified when creating a firewall rule, the default network is |               a firewall rule, the default network is used: global/networks/default If you choose to | ||||||
|               used: global/networks/default If you choose to specify this |               specify this property, you can specify the network as a full or partial URL. For | ||||||
|               property, you can specify the network as a full or partial URL. |               example, the following are all valid URLs: | ||||||
|               For example, the following are all valid URLs: |  | ||||||
|               U(https://www.googleapis.com/compute/v1/projects/myproject/global/) |               U(https://www.googleapis.com/compute/v1/projects/myproject/global/) | ||||||
|               networks/my-network projects/myproject/global/networks/my-network |               networks/my-network projects/myproject/global/networks/my-network | ||||||
|               global/networks/default .' |               global/networks/default .' | ||||||
|  | @ -130,21 +129,19 @@ extends_documentation_fragment: gcp | ||||||
| EXAMPLES = ''' | EXAMPLES = ''' | ||||||
| - name: create a firewall | - name: create a firewall | ||||||
|   gcp_compute_firewall: |   gcp_compute_firewall: | ||||||
|       name: testObject |       name: "test_object" | ||||||
|       allowed: |       allowed: | ||||||
|         - ip_protocol: 'tcp' |       - ip_protocol: tcp | ||||||
|           ports: |         ports: | ||||||
|             - "22" |         - '22' | ||||||
|       target_tags: |       target_tags: | ||||||
|         - test-ssh-server |       - test-ssh-server | ||||||
|         - staging-ssh-server |       - staging-ssh-server | ||||||
|       source_tags: |       source_tags: | ||||||
|         - test-ssh-clients |       - test-ssh-clients | ||||||
|       project: testProject |       project: "test_project" | ||||||
|       auth_kind: service_account |       auth_kind: "service_account" | ||||||
|       service_account_file: /tmp/auth.pem |       service_account_file: "/tmp/auth.pem" | ||||||
|       scopes: |  | ||||||
|         - https://www.googleapis.com/auth/compute |  | ||||||
|       state: present |       state: present | ||||||
| ''' | ''' | ||||||
| 
 | 
 | ||||||
|  | @ -199,11 +196,10 @@ RETURN = ''' | ||||||
|         type: str |         type: str | ||||||
|     network: |     network: | ||||||
|         description: |         description: | ||||||
|             - 'URL of the network resource for this firewall rule. If not |             - 'URL of the network resource for this firewall rule. If not specified when creating | ||||||
|               specified when creating a firewall rule, the default network is |               a firewall rule, the default network is used: global/networks/default If you choose to | ||||||
|               used: global/networks/default If you choose to specify this |               specify this property, you can specify the network as a full or partial URL. For | ||||||
|               property, you can specify the network as a full or partial URL. |               example, the following are all valid URLs: | ||||||
|               For example, the following are all valid URLs: |  | ||||||
|               U(https://www.googleapis.com/compute/v1/projects/myproject/global/) |               U(https://www.googleapis.com/compute/v1/projects/myproject/global/) | ||||||
|               networks/my-network projects/myproject/global/networks/my-network |               networks/my-network projects/myproject/global/networks/my-network | ||||||
|               global/networks/default .' |               global/networks/default .' | ||||||
|  | @ -273,6 +269,9 @@ def main(): | ||||||
|         ) |         ) | ||||||
|     ) |     ) | ||||||
| 
 | 
 | ||||||
|  |     if not module.params['scopes']: | ||||||
|  |         module.params['scopes'] = ['https://www.googleapis.com/auth/compute'] | ||||||
|  | 
 | ||||||
|     state = module.params['state'] |     state = module.params['state'] | ||||||
|     kind = 'compute#firewall' |     kind = 'compute#firewall' | ||||||
| 
 | 
 | ||||||
|  | @ -416,7 +415,7 @@ def async_op_url(module, extra_data=None): | ||||||
| def wait_for_operation(module, response): | def wait_for_operation(module, response): | ||||||
|     op_result = return_if_object(module, response, 'compute#operation') |     op_result = return_if_object(module, response, 'compute#operation') | ||||||
|     if op_result is None: |     if op_result is None: | ||||||
|         return None |         return {} | ||||||
|     status = navigate_hash(op_result, ['status']) |     status = navigate_hash(op_result, ['status']) | ||||||
|     wait_done = wait_for_completion(status, op_result, module) |     wait_done = wait_for_completion(status, op_result, module) | ||||||
|     return fetch_resource(module, navigate_hash(wait_done, ['targetLink']), 'compute#firewall') |     return fetch_resource(module, navigate_hash(wait_done, ['targetLink']), 'compute#firewall') | ||||||
|  |  | ||||||
|  | @ -17,38 +17,34 @@ | ||||||
|   gcp_compute_firewall: |   gcp_compute_firewall: | ||||||
|       name: "{{ resource_name }}" |       name: "{{ resource_name }}" | ||||||
|       allowed: |       allowed: | ||||||
|         - ip_protocol: 'tcp' |       - ip_protocol: tcp | ||||||
|           ports: |         ports: | ||||||
|             - "22" |         - '22' | ||||||
|       target_tags: |       target_tags: | ||||||
|         - test-ssh-server |       - test-ssh-server | ||||||
|         - staging-ssh-server |       - staging-ssh-server | ||||||
|       source_tags: |       source_tags: | ||||||
|         - test-ssh-clients |       - test-ssh-clients | ||||||
|       project: "{{ gcp_project }}" |       project: "{{ gcp_project }}" | ||||||
|       auth_kind: "{{ gcp_cred_kind }}" |       auth_kind: "{{ gcp_cred_kind }}" | ||||||
|       service_account_file: "{{ gcp_cred_file }}" |       service_account_file: "{{ gcp_cred_file }}" | ||||||
|       scopes: |  | ||||||
|         - https://www.googleapis.com/auth/compute |  | ||||||
|       state: absent |       state: absent | ||||||
| #---------------------------------------------------------- | #---------------------------------------------------------- | ||||||
| - name: create a firewall | - name: create a firewall | ||||||
|   gcp_compute_firewall: |   gcp_compute_firewall: | ||||||
|       name: "{{ resource_name }}" |       name: "{{ resource_name }}" | ||||||
|       allowed: |       allowed: | ||||||
|         - ip_protocol: 'tcp' |       - ip_protocol: tcp | ||||||
|           ports: |         ports: | ||||||
|             - "22" |         - '22' | ||||||
|       target_tags: |       target_tags: | ||||||
|         - test-ssh-server |       - test-ssh-server | ||||||
|         - staging-ssh-server |       - staging-ssh-server | ||||||
|       source_tags: |       source_tags: | ||||||
|         - test-ssh-clients |       - test-ssh-clients | ||||||
|       project: "{{ gcp_project }}" |       project: "{{ gcp_project }}" | ||||||
|       auth_kind: "{{ gcp_cred_kind }}" |       auth_kind: "{{ gcp_cred_kind }}" | ||||||
|       service_account_file: "{{ gcp_cred_file }}" |       service_account_file: "{{ gcp_cred_file }}" | ||||||
|       scopes: |  | ||||||
|         - https://www.googleapis.com/auth/compute |  | ||||||
|       state: present |       state: present | ||||||
|   register: result |   register: result | ||||||
| - name: assert changed is true | - name: assert changed is true | ||||||
|  | @ -57,31 +53,35 @@ | ||||||
|       - result.changed == true |       - result.changed == true | ||||||
|       - "result.kind == 'compute#firewall'" |       - "result.kind == 'compute#firewall'" | ||||||
| - name: verify that firewall was created | - name: verify that firewall was created | ||||||
|   shell: | |   gcp_compute_firewall_facts: | ||||||
|     gcloud compute firewall-rules describe  --project="{{ gcp_project}}"  "{{ resource_name }}" |       filters: | ||||||
|   register: results |          - name = {{ resource_name }} | ||||||
| - name: verify that command succeeded |  | ||||||
|   assert: |  | ||||||
|     that: |  | ||||||
|       - results.rc == 0 |  | ||||||
| # ---------------------------------------------------------------------------- |  | ||||||
| - name: create a firewall that already exists |  | ||||||
|   gcp_compute_firewall: |  | ||||||
|       name: "{{ resource_name }}" |  | ||||||
|       allowed: |  | ||||||
|         - ip_protocol: 'tcp' |  | ||||||
|           ports: |  | ||||||
|             - "22" |  | ||||||
|       target_tags: |  | ||||||
|         - test-ssh-server |  | ||||||
|         - staging-ssh-server |  | ||||||
|       source_tags: |  | ||||||
|         - test-ssh-clients |  | ||||||
|       project: "{{ gcp_project }}" |       project: "{{ gcp_project }}" | ||||||
|       auth_kind: "{{ gcp_cred_kind }}" |       auth_kind: "{{ gcp_cred_kind }}" | ||||||
|       service_account_file: "{{ gcp_cred_file }}" |       service_account_file: "{{ gcp_cred_file }}" | ||||||
|       scopes: |       scopes: | ||||||
|         - https://www.googleapis.com/auth/compute |         - https://www.googleapis.com/auth/compute | ||||||
|  |   register: results | ||||||
|  | - name: verify that command succeeded | ||||||
|  |   assert: | ||||||
|  |     that: | ||||||
|  |       - results['items'] | length == 1 | ||||||
|  | # ---------------------------------------------------------------------------- | ||||||
|  | - name: create a firewall that already exists | ||||||
|  |   gcp_compute_firewall: | ||||||
|  |       name: "{{ resource_name }}" | ||||||
|  |       allowed: | ||||||
|  |       - ip_protocol: tcp | ||||||
|  |         ports: | ||||||
|  |         - '22' | ||||||
|  |       target_tags: | ||||||
|  |       - test-ssh-server | ||||||
|  |       - staging-ssh-server | ||||||
|  |       source_tags: | ||||||
|  |       - test-ssh-clients | ||||||
|  |       project: "{{ gcp_project }}" | ||||||
|  |       auth_kind: "{{ gcp_cred_kind }}" | ||||||
|  |       service_account_file: "{{ gcp_cred_file }}" | ||||||
|       state: present |       state: present | ||||||
|   register: result |   register: result | ||||||
| - name: assert changed is false | - name: assert changed is false | ||||||
|  | @ -94,19 +94,17 @@ | ||||||
|   gcp_compute_firewall: |   gcp_compute_firewall: | ||||||
|       name: "{{ resource_name }}" |       name: "{{ resource_name }}" | ||||||
|       allowed: |       allowed: | ||||||
|         - ip_protocol: 'tcp' |       - ip_protocol: tcp | ||||||
|           ports: |         ports: | ||||||
|             - "22" |         - '22' | ||||||
|       target_tags: |       target_tags: | ||||||
|         - test-ssh-server |       - test-ssh-server | ||||||
|         - staging-ssh-server |       - staging-ssh-server | ||||||
|       source_tags: |       source_tags: | ||||||
|         - test-ssh-clients |       - test-ssh-clients | ||||||
|       project: "{{ gcp_project }}" |       project: "{{ gcp_project }}" | ||||||
|       auth_kind: "{{ gcp_cred_kind }}" |       auth_kind: "{{ gcp_cred_kind }}" | ||||||
|       service_account_file: "{{ gcp_cred_file }}" |       service_account_file: "{{ gcp_cred_file }}" | ||||||
|       scopes: |  | ||||||
|         - https://www.googleapis.com/auth/compute |  | ||||||
|       state: absent |       state: absent | ||||||
|   register: result |   register: result | ||||||
| - name: assert changed is true | - name: assert changed is true | ||||||
|  | @ -115,33 +113,35 @@ | ||||||
|       - result.changed == true |       - result.changed == true | ||||||
|       - result.has_key('kind') == False |       - result.has_key('kind') == False | ||||||
| - name: verify that firewall was deleted | - name: verify that firewall was deleted | ||||||
|   shell: | |   gcp_compute_firewall_facts: | ||||||
|     gcloud compute firewall-rules describe  --project="{{ gcp_project}}"  "{{ resource_name }}" |       filters: | ||||||
|   register: results |          - name = {{ resource_name }} | ||||||
|   failed_when: results.rc == 0 |  | ||||||
| - name: verify that command succeeded |  | ||||||
|   assert: |  | ||||||
|     that: |  | ||||||
|       - results.rc == 1 |  | ||||||
|       - "\"'projects/{{ gcp_project }}/global/firewalls/{{ resource_name }}' was not found\" in results.stderr" |  | ||||||
| # ---------------------------------------------------------------------------- |  | ||||||
| - name: delete a firewall that does not exist |  | ||||||
|   gcp_compute_firewall: |  | ||||||
|       name: "{{ resource_name }}" |  | ||||||
|       allowed: |  | ||||||
|         - ip_protocol: 'tcp' |  | ||||||
|           ports: |  | ||||||
|             - "22" |  | ||||||
|       target_tags: |  | ||||||
|         - test-ssh-server |  | ||||||
|         - staging-ssh-server |  | ||||||
|       source_tags: |  | ||||||
|         - test-ssh-clients |  | ||||||
|       project: "{{ gcp_project }}" |       project: "{{ gcp_project }}" | ||||||
|       auth_kind: "{{ gcp_cred_kind }}" |       auth_kind: "{{ gcp_cred_kind }}" | ||||||
|       service_account_file: "{{ gcp_cred_file }}" |       service_account_file: "{{ gcp_cred_file }}" | ||||||
|       scopes: |       scopes: | ||||||
|         - https://www.googleapis.com/auth/compute |         - https://www.googleapis.com/auth/compute | ||||||
|  |   register: results | ||||||
|  | - name: verify that command succeeded | ||||||
|  |   assert: | ||||||
|  |     that: | ||||||
|  |       - results['items'] | length == 0 | ||||||
|  | # ---------------------------------------------------------------------------- | ||||||
|  | - name: delete a firewall that does not exist | ||||||
|  |   gcp_compute_firewall: | ||||||
|  |       name: "{{ resource_name }}" | ||||||
|  |       allowed: | ||||||
|  |       - ip_protocol: tcp | ||||||
|  |         ports: | ||||||
|  |         - '22' | ||||||
|  |       target_tags: | ||||||
|  |       - test-ssh-server | ||||||
|  |       - staging-ssh-server | ||||||
|  |       source_tags: | ||||||
|  |       - test-ssh-clients | ||||||
|  |       project: "{{ gcp_project }}" | ||||||
|  |       auth_kind: "{{ gcp_cred_kind }}" | ||||||
|  |       service_account_file: "{{ gcp_cred_file }}" | ||||||
|       state: absent |       state: absent | ||||||
|   register: result |   register: result | ||||||
| - name: assert changed is false | - name: assert changed is false | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue