tests: fix gcp_compute_vpn_tunnel

- vpn_gateway required minimal changes (stop using legacy load balancers) - compute_vpn_tunnel requires a valid vpn configuration (several dependent forwarding rules and configuration to set up a proper tunnel).
2025-04-05 10:20:26 -07:00 · 2022-11-19 20:05:46 +00:00 · 2022-11-19 20:05:46 +00:00 · ebf095d22d
commit ebf095d22d
parent 54c14b66f6
6 changed files with 229 additions and 14 deletions
--- a/plugins/modules/gcp_compute_vpn_tunnel.py
+++ b/plugins/modules/gcp_compute_vpn_tunnel.py
@ -527,15 +527,22 @@ def return_if_object(module, response, kind, allow_not_found=False):
 def is_different(module, response):
    request = resource_to_request(module)
    response = response_to_hash(module, response)
+    # shared_secret is returned with stars instead of the
+    # actual secret
+    keys_to_ignore = ("sharedSecret")

    # Remove all output-only from response.
    response_vals = {}
    for k, v in response.items():
+        if k in keys_to_ignore:
+          continue
        if k in request:
            response_vals[k] = v

    request_vals = {}
    for k, v in request.items():
+        if k in keys_to_ignore:
+          continue
        if k in response:
            request_vals[k] = v

--- a/scripts/cleanup-project.sh
+++ b/scripts/cleanup-project.sh
@ -14,10 +14,16 @@ ZONE="us-central1-a"
 main() {
    # note: the ordering here is deliberate, to start with
    # leaf resources and work upwards to parent resources.
+    cleanup_resource_per_region "compute vpn-tunnels"
    cleanup_resource "compute instances" "" "--zone=$ZONE"
+    cleanup_resource_per_region "compute addresses"
    cleanup_resource "compute target-http-proxies" "" "--global"
-    cleanup_resource "compute forwarding-rules" "" "--global"
-    cleanup_resource "compute url-maps" "" "--global"
+    cleanup_resource "compute forwarding-rules" "--global" "--global"
+    cleanup_resource "compute forwarding-rules" \
+        "--regions=us-central1" "--region=us-central1"
+    cleanup_resource "compute url-maps" "--global" "--global"
+    cleanup_resource "compute url-maps" \
+        "--regions=us-central1" "--region=us-central1"
    cleanup_resource "compute backend-services" "--global" "--global"
    cleanup_resource "compute backend-services" \
        "--regions=us-central1" "--region=us-central1"
@ -33,4 +39,12 @@ cleanup_resource() {
    done
 }

+cleanup_resource_per_region() {
+    resource_group="$1"
+    for resource_and_region in $(gcloud $resource_group list --project="${PROJECT_ID}" --format="csv[no-heading](name,region)"); do
+        read -r resource region < <(echo "$resource_and_region" | tr "," " ")
+        gcloud $resource_group delete "${resource}" --project="${PROJECT_ID}" -q --region="${region}"
+    done
+}
+
 main
--- a/tests/integration/targets/gcp_compute_target_vpn_gateway/aliases
+++ b/tests/integration/targets/gcp_compute_target_vpn_gateway/aliases
@ -1,2 +1 @@
-cloud/gcp
-unsupported
+cloud/gcp
--- a/tests/integration/targets/gcp_compute_target_vpn_gateway/tasks/autogen.yml
+++ b/tests/integration/targets/gcp_compute_target_vpn_gateway/tasks/autogen.yml
@ -28,6 +28,7 @@
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file }}"
+    auto_create_subnetworks: true
    state: present
  register: network
 - name: delete a target vpn gateway
@ -138,6 +139,7 @@
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file }}"
+    auto_create_subnetworks: true
    state: absent
  register: network
  ignore_errors: true
--- a/tests/integration/targets/gcp_compute_vpn_tunnel/aliases
+++ b/tests/integration/targets/gcp_compute_vpn_tunnel/aliases
@ -1,2 +1 @@
 cloud/gcp
-unsupported
--- a/tests/integration/targets/gcp_compute_vpn_tunnel/tasks/autogen.yml
+++ b/tests/integration/targets/gcp_compute_vpn_tunnel/tasks/autogen.yml
@ -13,14 +13,73 @@
 #
 # ----------------------------------------------------------------------------
 # Pre-test setup
+- name: create a address
+  google.cloud.gcp_compute_address:
+    name: address
+    region: us-central1
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: present
+  register: address
+- name: create a forward address
+  google.cloud.gcp_compute_address:
+    name: address-forwardingrule
+    region: us-central1
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: present
+  register: address_forwardingrule
 - name: create a network
  google.cloud.gcp_compute_network:
    name: network-vpn-tunnel
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file }}"
+    auto_create_subnetworks: true
    state: present
  register: network
+- name: create a disk
+  google.cloud.gcp_compute_disk:
+    name: "{{ resource_prefix }}"
+    size_gb: 50
+    source_image: projects/ubuntu-os-cloud/global/images/family/ubuntu-minimal-2204-lts
+    zone: us-central1-a
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: present
+  register: disk
+- name: create a instance
+  google.cloud.gcp_compute_instance:
+    name: "{{ resource_name }}"
+    machine_type: n1-standard-1
+    disks:
+    - auto_delete: 'true'
+      boot: 'true'
+      source: "{{ disk }}"
+    - auto_delete: 'true'
+      interface: NVME
+      type: SCRATCH
+      initialize_params:
+        disk_type: local-ssd
+    metadata:
+      cost-center: '12345'
+    labels:
+      environment: production
+    network_interfaces:
+    - network: "{{ network }}"
+      access_configs:
+      - name: External NAT
+        nat_ip: "{{ address }}"
+        type: ONE_TO_ONE_NAT
+    zone: us-central1-a
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: present
+  register: result
 - name: create a router
  google.cloud.gcp_compute_router:
    name: router-vpn-tunnel
@ -42,35 +101,75 @@
 - name: create a target vpn gateway
  google.cloud.gcp_compute_target_vpn_gateway:
    name: gateway-vpn-tunnel
-    region: us-west1
+    region: us-central1
    network: "{{ network }}"
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file }}"
    state: present
  register: gateway
+- name: create a forwarding rule
+  google.cloud.gcp_compute_forwarding_rule:
+    name: "{{ resource_name }}"
+    region: us-central1
+    target: "{{ gateway.selfLink }}"
+    ip_protocol: ESP
+    ip_address: "{{ address_forwardingrule.address }}"
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: present
+  register: result
+- name: create a UDP-500 forwarding rule
+  google.cloud.gcp_compute_forwarding_rule:
+    name: "{{ resource_name }}-udp"
+    region: us-central1
+    target: "{{ gateway.selfLink }}"
+    ip_protocol: UDP
+    port_range: 500-500
+    ip_address: "{{ address_forwardingrule.address }}"
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: present
+  register: result
+- name: create a UDP-4500 forwarding rule
+  google.cloud.gcp_compute_forwarding_rule:
+    name: "{{ resource_name }}-udp-4500"
+    region: us-central1
+    target: "{{ gateway.selfLink }}"
+    ip_protocol: UDP
+    port_range: 4500-4500
+    ip_address: "{{ address_forwardingrule.address }}"
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: present
+  register: result
 - name: delete a vpn tunnel
  google.cloud.gcp_compute_vpn_tunnel:
    name: "{{ resource_name }}"
-    region: us-west1
+    region: us-central1
    target_vpn_gateway: "{{ gateway }}"
    router: "{{ router }}"
    shared_secret: super secret
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file }}"
+    peer_ip: "{{address.address}}"
    state: absent
 #----------------------------------------------------------
 - name: create a vpn tunnel
  google.cloud.gcp_compute_vpn_tunnel:
    name: "{{ resource_name }}"
-    region: us-west1
+    region: us-central1
    target_vpn_gateway: "{{ gateway }}"
    router: "{{ router }}"
    shared_secret: super secret
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file }}"
+    peer_ip: "{{address.address}}"
    state: present
  register: result
 - name: assert changed is true
@ -81,7 +180,7 @@
  google.cloud.gcp_compute_vpn_tunnel_info:
      filters:
         - name = {{ resource_name }}
-      region: us-west1
+      region: us-central1
      project: "{{ gcp_project }}"
      auth_kind: "{{ gcp_cred_kind }}"
      service_account_file: "{{ gcp_cred_file }}"
@ -96,9 +195,10 @@
 - name: create a vpn tunnel that already exists
  google.cloud.gcp_compute_vpn_tunnel:
    name: "{{ resource_name }}"
-    region: us-west1
+    region: us-central1
    target_vpn_gateway: "{{ gateway }}"
    router: "{{ router }}"
+    peer_ip: "{{address.address}}"
    shared_secret: super secret
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
@ -113,9 +213,10 @@
 - name: delete a vpn tunnel
  google.cloud.gcp_compute_vpn_tunnel:
    name: "{{ resource_name }}"
-    region: us-west1
+    region: us-central1
    target_vpn_gateway: "{{ gateway }}"
    router: "{{ router }}"
+    peer_ip: "{{address.address}}"
    shared_secret: super secret
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
@ -130,7 +231,7 @@
  google.cloud.gcp_compute_vpn_tunnel_info:
      filters:
         - name = {{ resource_name }}
-      region: us-west1
+      region: us-central1
      project: "{{ gcp_project }}"
      auth_kind: "{{ gcp_cred_kind }}"
      service_account_file: "{{ gcp_cred_file }}"
@ -145,9 +246,10 @@
 - name: delete a vpn tunnel that does not exist
  google.cloud.gcp_compute_vpn_tunnel:
    name: "{{ resource_name }}"
-    region: us-west1
+    region: us-central1
    target_vpn_gateway: "{{ gateway }}"
    router: "{{ router }}"
+    peer_ip: "{{address.address}}"
    shared_secret: super secret
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
@ -160,11 +262,52 @@
      - result.changed == false
 #---------------------------------------------------------
 # Post-test teardown
+- name: delete a UDP-4500 forwarding rule
+  google.cloud.gcp_compute_forwarding_rule:
+    name: "{{ resource_name }}-udp-4500"
+    region: us-central1
+    target: "{{ gateway.selfLink }}"
+    ip_protocol: UDP
+    port_range: 4500-4500
+    ip_address: "{{ address.address }}"
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: absent
+  ignore_errors: true
+  register: result
+- name: delete a UDP forwarding rule
+  google.cloud.gcp_compute_forwarding_rule:
+    name: "{{ resource_name }}-udp"
+    region: us-central1
+    target: "{{ gateway.selfLink }}"
+    ip_protocol: UDP
+    port_range: 500-500
+    ip_address: "{{ address.address }}"
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: absent
+  ignore_errors: true
+  register: result
+- name: delete a forwarding rule
+  google.cloud.gcp_compute_forwarding_rule:
+    name: "{{ resource_name }}"
+    region: us-central1
+    target: "{{ gateway.selfLink }}"
+    ip_protocol: ESP
+    ip_address: "104.197.5.203"
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: absent
+  ignore_errors: true
+  register: result
 # If errors happen, don't crash the playbook!
 - name: delete a target vpn gateway
  google.cloud.gcp_compute_target_vpn_gateway:
    name: gateway-vpn-tunnel
-    region: us-west1
+    region: us-central1
    network: "{{ network }}"
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
@ -191,12 +334,63 @@
    state: absent
  register: router
  ignore_errors: true
+- name: delete a instance
+  google.cloud.gcp_compute_instance:
+    name: "{{ resource_name }}"
+    machine_type: n1-standard-1
+    disks:
+    - auto_delete: 'true'
+      boot: 'true'
+      source: "{{ disk }}"
+    - auto_delete: 'true'
+      interface: NVME
+      type: SCRATCH
+      initialize_params:
+        disk_type: local-ssd
+    metadata:
+      cost-center: '12345'
+    labels:
+      environment: production
+    network_interfaces:
+    - network: "{{ network }}"
+      access_configs:
+      - name: External NAT
+        nat_ip: "{{ address }}"
+        type: ONE_TO_ONE_NAT
+    zone: us-central1-a
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: absent
+- name: delete a disk
+  google.cloud.gcp_compute_disk:
+    name: "{{ resource_prefix }}"
+    size_gb: 50
+    source_image: projects/ubuntu-os-cloud/global/images/family/ubuntu-1604-lts
+    zone: us-central1-a
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: absent
+  register: disk
+  ignore_errors: true
 - name: delete a network
  google.cloud.gcp_compute_network:
    name: network-vpn-tunnel
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file }}"
+    auto_create_subnetworks: true
    state: absent
  register: network
  ignore_errors: true
+- name: delete a address
+  google.cloud.gcp_compute_address:
+    name: address
+    region: us-central1
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: absent
+  register: address
+  ignore_errors: true