tests: fix gcp_compute_vpn_tunnel

- vpn_gateway required minimal changes (stop using legacy load
  balancers)
- compute_vpn_tunnel requires a valid vpn configuration
  (several dependent forwarding rules and configuration to set up a
  proper tunnel).

plugins/modules/gcp_compute_vpn_tunnel.py

@@ -527,15 +527,22 @@ def return_if_object(module, response, kind, allow_not_found=False):
 def is_different(module, response):
     request = resource_to_request(module)
     response = response_to_hash(module, response)
+    # shared_secret is returned with stars instead of the
+    # actual secret
+    keys_to_ignore = ("sharedSecret")
 
     # Remove all output-only from response.
     response_vals = {}
     for k, v in response.items():
+        if k in keys_to_ignore:
+          continue
         if k in request:
             response_vals[k] = v
 
     request_vals = {}
     for k, v in request.items():
+        if k in keys_to_ignore:
+          continue
         if k in response:
             request_vals[k] = v
 

scripts/cleanup-project.sh

@@ -14,10 +14,16 @@ ZONE="us-central1-a"
 main() {
     # note: the ordering here is deliberate, to start with
     # leaf resources and work upwards to parent resources.
+    cleanup_resource_per_region "compute vpn-tunnels"
     cleanup_resource "compute instances" "" "--zone=$ZONE"
+    cleanup_resource_per_region "compute addresses"
     cleanup_resource "compute target-http-proxies" "" "--global"
-    cleanup_resource "compute forwarding-rules" "" "--global"
+    cleanup_resource "compute forwarding-rules" "--global" "--global"
-    cleanup_resource "compute url-maps" "" "--global"
+    cleanup_resource "compute forwarding-rules" \
+        "--regions=us-central1" "--region=us-central1"
+    cleanup_resource "compute url-maps" "--global" "--global"
+    cleanup_resource "compute url-maps" \
+        "--regions=us-central1" "--region=us-central1"
     cleanup_resource "compute backend-services" "--global" "--global"
     cleanup_resource "compute backend-services" \
         "--regions=us-central1" "--region=us-central1"
@@ -33,4 +39,12 @@ cleanup_resource() {
     done
 }
 
+cleanup_resource_per_region() {
+    resource_group="$1"
+    for resource_and_region in $(gcloud $resource_group list --project="${PROJECT_ID}" --format="csv[no-heading](name,region)"); do
+        read -r resource region < <(echo "$resource_and_region" | tr "," " ")
+        gcloud $resource_group delete "${resource}" --project="${PROJECT_ID}" -q --region="${region}"
+    done
+}
+
 main

tests/integration/targets/gcp_compute_target_vpn_gateway/aliases

@@ -1,2 +1 @@
-cloud/gcp
+cloud/gcp
-unsupported

tests/integration/targets/gcp_compute_target_vpn_gateway/tasks/autogen.yml

@@ -28,6 +28,7 @@
     project: "{{ gcp_project }}"
     auth_kind: "{{ gcp_cred_kind }}"
     service_account_file: "{{ gcp_cred_file }}"
+    auto_create_subnetworks: true
     state: present
   register: network
 - name: delete a target vpn gateway
@@ -138,6 +139,7 @@
     project: "{{ gcp_project }}"
     auth_kind: "{{ gcp_cred_kind }}"
     service_account_file: "{{ gcp_cred_file }}"
+    auto_create_subnetworks: true
     state: absent
   register: network
   ignore_errors: true

tests/integration/targets/gcp_compute_vpn_tunnel/aliases

@@ -1,2 +1 @@
 cloud/gcp
-unsupported

tests/integration/targets/gcp_compute_vpn_tunnel/tasks/autogen.yml

@@ -13,14 +13,73 @@
 #
 # ----------------------------------------------------------------------------
 # Pre-test setup
+- name: create a address
+  google.cloud.gcp_compute_address:
+    name: address
+    region: us-central1
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: present
+  register: address
+- name: create a forward address
+  google.cloud.gcp_compute_address:
+    name: address-forwardingrule
+    region: us-central1
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: present
+  register: address_forwardingrule
 - name: create a network
   google.cloud.gcp_compute_network:
     name: network-vpn-tunnel
     project: "{{ gcp_project }}"
     auth_kind: "{{ gcp_cred_kind }}"
     service_account_file: "{{ gcp_cred_file }}"
+    auto_create_subnetworks: true
     state: present
   register: network
+- name: create a disk
+  google.cloud.gcp_compute_disk:
+    name: "{{ resource_prefix }}"
+    size_gb: 50
+    source_image: projects/ubuntu-os-cloud/global/images/family/ubuntu-minimal-2204-lts
+    zone: us-central1-a
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: present
+  register: disk
+- name: create a instance
+  google.cloud.gcp_compute_instance:
+    name: "{{ resource_name }}"
+    machine_type: n1-standard-1
+    disks:
+    - auto_delete: 'true'
+      boot: 'true'
+      source: "{{ disk }}"
+    - auto_delete: 'true'
+      interface: NVME
+      type: SCRATCH
+      initialize_params:
+        disk_type: local-ssd
+    metadata:
+      cost-center: '12345'
+    labels:
+      environment: production
+    network_interfaces:
+    - network: "{{ network }}"
+      access_configs:
+      - name: External NAT
+        nat_ip: "{{ address }}"
+        type: ONE_TO_ONE_NAT
+    zone: us-central1-a
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: present
+  register: result
 - name: create a router
   google.cloud.gcp_compute_router:
     name: router-vpn-tunnel
@@ -42,35 +101,75 @@
 - name: create a target vpn gateway
   google.cloud.gcp_compute_target_vpn_gateway:
     name: gateway-vpn-tunnel
-    region: us-west1
+    region: us-central1
     network: "{{ network }}"
     project: "{{ gcp_project }}"
     auth_kind: "{{ gcp_cred_kind }}"
     service_account_file: "{{ gcp_cred_file }}"
     state: present
   register: gateway
+- name: create a forwarding rule
+  google.cloud.gcp_compute_forwarding_rule:
+    name: "{{ resource_name }}"
+    region: us-central1
+    target: "{{ gateway.selfLink }}"
+    ip_protocol: ESP
+    ip_address: "{{ address_forwardingrule.address }}"
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: present
+  register: result
+- name: create a UDP-500 forwarding rule
+  google.cloud.gcp_compute_forwarding_rule:
+    name: "{{ resource_name }}-udp"
+    region: us-central1
+    target: "{{ gateway.selfLink }}"
+    ip_protocol: UDP
+    port_range: 500-500
+    ip_address: "{{ address_forwardingrule.address }}"
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: present
+  register: result
+- name: create a UDP-4500 forwarding rule
+  google.cloud.gcp_compute_forwarding_rule:
+    name: "{{ resource_name }}-udp-4500"
+    region: us-central1
+    target: "{{ gateway.selfLink }}"
+    ip_protocol: UDP
+    port_range: 4500-4500
+    ip_address: "{{ address_forwardingrule.address }}"
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: present
+  register: result
 - name: delete a vpn tunnel
   google.cloud.gcp_compute_vpn_tunnel:
     name: "{{ resource_name }}"
-    region: us-west1
+    region: us-central1
     target_vpn_gateway: "{{ gateway }}"
     router: "{{ router }}"
     shared_secret: super secret
     project: "{{ gcp_project }}"
     auth_kind: "{{ gcp_cred_kind }}"
     service_account_file: "{{ gcp_cred_file }}"
+    peer_ip: "{{address.address}}"
     state: absent
 #----------------------------------------------------------
 - name: create a vpn tunnel
   google.cloud.gcp_compute_vpn_tunnel:
     name: "{{ resource_name }}"
-    region: us-west1
+    region: us-central1
     target_vpn_gateway: "{{ gateway }}"
     router: "{{ router }}"
     shared_secret: super secret
     project: "{{ gcp_project }}"
     auth_kind: "{{ gcp_cred_kind }}"
     service_account_file: "{{ gcp_cred_file }}"
+    peer_ip: "{{address.address}}"
     state: present
   register: result
 - name: assert changed is true
@@ -81,7 +180,7 @@
   google.cloud.gcp_compute_vpn_tunnel_info:
       filters:
          - name = {{ resource_name }}
-      region: us-west1
+      region: us-central1
       project: "{{ gcp_project }}"
       auth_kind: "{{ gcp_cred_kind }}"
       service_account_file: "{{ gcp_cred_file }}"
@@ -96,9 +195,10 @@
 - name: create a vpn tunnel that already exists
   google.cloud.gcp_compute_vpn_tunnel:
     name: "{{ resource_name }}"
-    region: us-west1
+    region: us-central1
     target_vpn_gateway: "{{ gateway }}"
     router: "{{ router }}"
+    peer_ip: "{{address.address}}"
     shared_secret: super secret
     project: "{{ gcp_project }}"
     auth_kind: "{{ gcp_cred_kind }}"
@@ -113,9 +213,10 @@
 - name: delete a vpn tunnel
   google.cloud.gcp_compute_vpn_tunnel:
     name: "{{ resource_name }}"
-    region: us-west1
+    region: us-central1
     target_vpn_gateway: "{{ gateway }}"
     router: "{{ router }}"
+    peer_ip: "{{address.address}}"
     shared_secret: super secret
     project: "{{ gcp_project }}"
     auth_kind: "{{ gcp_cred_kind }}"
@@ -130,7 +231,7 @@
   google.cloud.gcp_compute_vpn_tunnel_info:
       filters:
          - name = {{ resource_name }}
-      region: us-west1
+      region: us-central1
       project: "{{ gcp_project }}"
       auth_kind: "{{ gcp_cred_kind }}"
       service_account_file: "{{ gcp_cred_file }}"
@@ -145,9 +246,10 @@
 - name: delete a vpn tunnel that does not exist
   google.cloud.gcp_compute_vpn_tunnel:
     name: "{{ resource_name }}"
-    region: us-west1
+    region: us-central1
     target_vpn_gateway: "{{ gateway }}"
     router: "{{ router }}"
+    peer_ip: "{{address.address}}"
     shared_secret: super secret
     project: "{{ gcp_project }}"
     auth_kind: "{{ gcp_cred_kind }}"
@@ -160,11 +262,52 @@
       - result.changed == false
 #---------------------------------------------------------
 # Post-test teardown
+- name: delete a UDP-4500 forwarding rule
+  google.cloud.gcp_compute_forwarding_rule:
+    name: "{{ resource_name }}-udp-4500"
+    region: us-central1
+    target: "{{ gateway.selfLink }}"
+    ip_protocol: UDP
+    port_range: 4500-4500
+    ip_address: "{{ address.address }}"
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: absent
+  ignore_errors: true
+  register: result
+- name: delete a UDP forwarding rule
+  google.cloud.gcp_compute_forwarding_rule:
+    name: "{{ resource_name }}-udp"
+    region: us-central1
+    target: "{{ gateway.selfLink }}"
+    ip_protocol: UDP
+    port_range: 500-500
+    ip_address: "{{ address.address }}"
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: absent
+  ignore_errors: true
+  register: result
+- name: delete a forwarding rule
+  google.cloud.gcp_compute_forwarding_rule:
+    name: "{{ resource_name }}"
+    region: us-central1
+    target: "{{ gateway.selfLink }}"
+    ip_protocol: ESP
+    ip_address: "104.197.5.203"
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: absent
+  ignore_errors: true
+  register: result
 # If errors happen, don't crash the playbook!
 - name: delete a target vpn gateway
   google.cloud.gcp_compute_target_vpn_gateway:
     name: gateway-vpn-tunnel
-    region: us-west1
+    region: us-central1
     network: "{{ network }}"
     project: "{{ gcp_project }}"
     auth_kind: "{{ gcp_cred_kind }}"
@@ -191,12 +334,63 @@
     state: absent
   register: router
   ignore_errors: true
+- name: delete a instance
+  google.cloud.gcp_compute_instance:
+    name: "{{ resource_name }}"
+    machine_type: n1-standard-1
+    disks:
+    - auto_delete: 'true'
+      boot: 'true'
+      source: "{{ disk }}"
+    - auto_delete: 'true'
+      interface: NVME
+      type: SCRATCH
+      initialize_params:
+        disk_type: local-ssd
+    metadata:
+      cost-center: '12345'
+    labels:
+      environment: production
+    network_interfaces:
+    - network: "{{ network }}"
+      access_configs:
+      - name: External NAT
+        nat_ip: "{{ address }}"
+        type: ONE_TO_ONE_NAT
+    zone: us-central1-a
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: absent
+- name: delete a disk
+  google.cloud.gcp_compute_disk:
+    name: "{{ resource_prefix }}"
+    size_gb: 50
+    source_image: projects/ubuntu-os-cloud/global/images/family/ubuntu-1604-lts
+    zone: us-central1-a
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: absent
+  register: disk
+  ignore_errors: true
 - name: delete a network
   google.cloud.gcp_compute_network:
     name: network-vpn-tunnel
     project: "{{ gcp_project }}"
     auth_kind: "{{ gcp_cred_kind }}"
     service_account_file: "{{ gcp_cred_file }}"
+    auto_create_subnetworks: true
     state: absent
   register: network
   ignore_errors: true
+- name: delete a address
+  google.cloud.gcp_compute_address:
+    name: address
+    region: us-central1
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: absent
+  register: address
+  ignore_errors: true