diff --git a/plugins/modules/gcp_compute_vpn_tunnel.py b/plugins/modules/gcp_compute_vpn_tunnel.py index d54d081..d91717c 100644 --- a/plugins/modules/gcp_compute_vpn_tunnel.py +++ b/plugins/modules/gcp_compute_vpn_tunnel.py @@ -527,15 +527,22 @@ def return_if_object(module, response, kind, allow_not_found=False): def is_different(module, response): request = resource_to_request(module) response = response_to_hash(module, response) + # shared_secret is returned with stars instead of the + # actual secret + keys_to_ignore = ("sharedSecret") # Remove all output-only from response. response_vals = {} for k, v in response.items(): + if k in keys_to_ignore: + continue if k in request: response_vals[k] = v request_vals = {} for k, v in request.items(): + if k in keys_to_ignore: + continue if k in response: request_vals[k] = v diff --git a/scripts/cleanup-project.sh b/scripts/cleanup-project.sh index 15f2d38..1394b42 100755 --- a/scripts/cleanup-project.sh +++ b/scripts/cleanup-project.sh @@ -14,10 +14,16 @@ ZONE="us-central1-a" main() { # note: the ordering here is deliberate, to start with # leaf resources and work upwards to parent resources. + cleanup_resource_per_region "compute vpn-tunnels" cleanup_resource "compute instances" "" "--zone=$ZONE" + cleanup_resource_per_region "compute addresses" cleanup_resource "compute target-http-proxies" "" "--global" - cleanup_resource "compute forwarding-rules" "" "--global" - cleanup_resource "compute url-maps" "" "--global" + cleanup_resource "compute forwarding-rules" "--global" "--global" + cleanup_resource "compute forwarding-rules" \ + "--regions=us-central1" "--region=us-central1" + cleanup_resource "compute url-maps" "--global" "--global" + cleanup_resource "compute url-maps" \ + "--regions=us-central1" "--region=us-central1" cleanup_resource "compute backend-services" "--global" "--global" cleanup_resource "compute backend-services" \ "--regions=us-central1" "--region=us-central1" @@ -33,4 +39,12 @@ cleanup_resource() { done } +cleanup_resource_per_region() { + resource_group="$1" + for resource_and_region in $(gcloud $resource_group list --project="${PROJECT_ID}" --format="csv[no-heading](name,region)"); do + read -r resource region < <(echo "$resource_and_region" | tr "," " ") + gcloud $resource_group delete "${resource}" --project="${PROJECT_ID}" -q --region="${region}" + done +} + main \ No newline at end of file diff --git a/tests/integration/targets/gcp_compute_target_vpn_gateway/aliases b/tests/integration/targets/gcp_compute_target_vpn_gateway/aliases index 9812f01..0e4419e 100644 --- a/tests/integration/targets/gcp_compute_target_vpn_gateway/aliases +++ b/tests/integration/targets/gcp_compute_target_vpn_gateway/aliases @@ -1,2 +1 @@ -cloud/gcp -unsupported +cloud/gcp \ No newline at end of file diff --git a/tests/integration/targets/gcp_compute_target_vpn_gateway/tasks/autogen.yml b/tests/integration/targets/gcp_compute_target_vpn_gateway/tasks/autogen.yml index c5f9cb3..818f885 100644 --- a/tests/integration/targets/gcp_compute_target_vpn_gateway/tasks/autogen.yml +++ b/tests/integration/targets/gcp_compute_target_vpn_gateway/tasks/autogen.yml @@ -28,6 +28,7 @@ project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" + auto_create_subnetworks: true state: present register: network - name: delete a target vpn gateway @@ -138,6 +139,7 @@ project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" + auto_create_subnetworks: true state: absent register: network ignore_errors: true diff --git a/tests/integration/targets/gcp_compute_vpn_tunnel/aliases b/tests/integration/targets/gcp_compute_vpn_tunnel/aliases index 9812f01..26507c2 100644 --- a/tests/integration/targets/gcp_compute_vpn_tunnel/aliases +++ b/tests/integration/targets/gcp_compute_vpn_tunnel/aliases @@ -1,2 +1 @@ cloud/gcp -unsupported diff --git a/tests/integration/targets/gcp_compute_vpn_tunnel/tasks/autogen.yml b/tests/integration/targets/gcp_compute_vpn_tunnel/tasks/autogen.yml index 1c9ef37..21c4c69 100644 --- a/tests/integration/targets/gcp_compute_vpn_tunnel/tasks/autogen.yml +++ b/tests/integration/targets/gcp_compute_vpn_tunnel/tasks/autogen.yml @@ -13,14 +13,73 @@ # # ---------------------------------------------------------------------------- # Pre-test setup +- name: create a address + google.cloud.gcp_compute_address: + name: address + region: us-central1 + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present + register: address +- name: create a forward address + google.cloud.gcp_compute_address: + name: address-forwardingrule + region: us-central1 + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present + register: address_forwardingrule - name: create a network google.cloud.gcp_compute_network: name: network-vpn-tunnel project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" + auto_create_subnetworks: true state: present register: network +- name: create a disk + google.cloud.gcp_compute_disk: + name: "{{ resource_prefix }}" + size_gb: 50 + source_image: projects/ubuntu-os-cloud/global/images/family/ubuntu-minimal-2204-lts + zone: us-central1-a + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present + register: disk +- name: create a instance + google.cloud.gcp_compute_instance: + name: "{{ resource_name }}" + machine_type: n1-standard-1 + disks: + - auto_delete: 'true' + boot: 'true' + source: "{{ disk }}" + - auto_delete: 'true' + interface: NVME + type: SCRATCH + initialize_params: + disk_type: local-ssd + metadata: + cost-center: '12345' + labels: + environment: production + network_interfaces: + - network: "{{ network }}" + access_configs: + - name: External NAT + nat_ip: "{{ address }}" + type: ONE_TO_ONE_NAT + zone: us-central1-a + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present + register: result - name: create a router google.cloud.gcp_compute_router: name: router-vpn-tunnel @@ -42,35 +101,75 @@ - name: create a target vpn gateway google.cloud.gcp_compute_target_vpn_gateway: name: gateway-vpn-tunnel - region: us-west1 + region: us-central1 network: "{{ network }}" project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" state: present register: gateway +- name: create a forwarding rule + google.cloud.gcp_compute_forwarding_rule: + name: "{{ resource_name }}" + region: us-central1 + target: "{{ gateway.selfLink }}" + ip_protocol: ESP + ip_address: "{{ address_forwardingrule.address }}" + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present + register: result +- name: create a UDP-500 forwarding rule + google.cloud.gcp_compute_forwarding_rule: + name: "{{ resource_name }}-udp" + region: us-central1 + target: "{{ gateway.selfLink }}" + ip_protocol: UDP + port_range: 500-500 + ip_address: "{{ address_forwardingrule.address }}" + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present + register: result +- name: create a UDP-4500 forwarding rule + google.cloud.gcp_compute_forwarding_rule: + name: "{{ resource_name }}-udp-4500" + region: us-central1 + target: "{{ gateway.selfLink }}" + ip_protocol: UDP + port_range: 4500-4500 + ip_address: "{{ address_forwardingrule.address }}" + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present + register: result - name: delete a vpn tunnel google.cloud.gcp_compute_vpn_tunnel: name: "{{ resource_name }}" - region: us-west1 + region: us-central1 target_vpn_gateway: "{{ gateway }}" router: "{{ router }}" shared_secret: super secret project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" + peer_ip: "{{address.address}}" state: absent #---------------------------------------------------------- - name: create a vpn tunnel google.cloud.gcp_compute_vpn_tunnel: name: "{{ resource_name }}" - region: us-west1 + region: us-central1 target_vpn_gateway: "{{ gateway }}" router: "{{ router }}" shared_secret: super secret project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" + peer_ip: "{{address.address}}" state: present register: result - name: assert changed is true @@ -81,7 +180,7 @@ google.cloud.gcp_compute_vpn_tunnel_info: filters: - name = {{ resource_name }} - region: us-west1 + region: us-central1 project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" @@ -96,9 +195,10 @@ - name: create a vpn tunnel that already exists google.cloud.gcp_compute_vpn_tunnel: name: "{{ resource_name }}" - region: us-west1 + region: us-central1 target_vpn_gateway: "{{ gateway }}" router: "{{ router }}" + peer_ip: "{{address.address}}" shared_secret: super secret project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" @@ -113,9 +213,10 @@ - name: delete a vpn tunnel google.cloud.gcp_compute_vpn_tunnel: name: "{{ resource_name }}" - region: us-west1 + region: us-central1 target_vpn_gateway: "{{ gateway }}" router: "{{ router }}" + peer_ip: "{{address.address}}" shared_secret: super secret project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" @@ -130,7 +231,7 @@ google.cloud.gcp_compute_vpn_tunnel_info: filters: - name = {{ resource_name }} - region: us-west1 + region: us-central1 project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" @@ -145,9 +246,10 @@ - name: delete a vpn tunnel that does not exist google.cloud.gcp_compute_vpn_tunnel: name: "{{ resource_name }}" - region: us-west1 + region: us-central1 target_vpn_gateway: "{{ gateway }}" router: "{{ router }}" + peer_ip: "{{address.address}}" shared_secret: super secret project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" @@ -160,11 +262,52 @@ - result.changed == false #--------------------------------------------------------- # Post-test teardown +- name: delete a UDP-4500 forwarding rule + google.cloud.gcp_compute_forwarding_rule: + name: "{{ resource_name }}-udp-4500" + region: us-central1 + target: "{{ gateway.selfLink }}" + ip_protocol: UDP + port_range: 4500-4500 + ip_address: "{{ address.address }}" + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: absent + ignore_errors: true + register: result +- name: delete a UDP forwarding rule + google.cloud.gcp_compute_forwarding_rule: + name: "{{ resource_name }}-udp" + region: us-central1 + target: "{{ gateway.selfLink }}" + ip_protocol: UDP + port_range: 500-500 + ip_address: "{{ address.address }}" + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: absent + ignore_errors: true + register: result +- name: delete a forwarding rule + google.cloud.gcp_compute_forwarding_rule: + name: "{{ resource_name }}" + region: us-central1 + target: "{{ gateway.selfLink }}" + ip_protocol: ESP + ip_address: "104.197.5.203" + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: absent + ignore_errors: true + register: result # If errors happen, don't crash the playbook! - name: delete a target vpn gateway google.cloud.gcp_compute_target_vpn_gateway: name: gateway-vpn-tunnel - region: us-west1 + region: us-central1 network: "{{ network }}" project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" @@ -191,12 +334,63 @@ state: absent register: router ignore_errors: true +- name: delete a instance + google.cloud.gcp_compute_instance: + name: "{{ resource_name }}" + machine_type: n1-standard-1 + disks: + - auto_delete: 'true' + boot: 'true' + source: "{{ disk }}" + - auto_delete: 'true' + interface: NVME + type: SCRATCH + initialize_params: + disk_type: local-ssd + metadata: + cost-center: '12345' + labels: + environment: production + network_interfaces: + - network: "{{ network }}" + access_configs: + - name: External NAT + nat_ip: "{{ address }}" + type: ONE_TO_ONE_NAT + zone: us-central1-a + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: absent +- name: delete a disk + google.cloud.gcp_compute_disk: + name: "{{ resource_prefix }}" + size_gb: 50 + source_image: projects/ubuntu-os-cloud/global/images/family/ubuntu-1604-lts + zone: us-central1-a + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: absent + register: disk + ignore_errors: true - name: delete a network google.cloud.gcp_compute_network: name: network-vpn-tunnel project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" + auto_create_subnetworks: true state: absent register: network ignore_errors: true +- name: delete a address + google.cloud.gcp_compute_address: + name: address + region: us-central1 + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: absent + register: address + ignore_errors: true \ No newline at end of file