Skip to content
This repository has been archived by the owner on Nov 14, 2024. It is now read-only.

Commit

Permalink
Add fingerprint, securityPolicy to BackendService (#222)
Browse files Browse the repository at this point in the history 
+ increase validation

Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
@modular-magician @rileykarson
modular-magician authored and rileykarson committed Apr 2, 2019
1 parent e7b1ec4 commit b5d8af0
Show file tree
Hide file tree
Showing 2 changed files with 69 additions and 47 deletions.
97 changes: 57 additions & 40 deletions lib/ansible/modules/cloud/google/gcp_compute_backend_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@
Valid values are UTILIZATION, RATE (for HTTP(S)) and CONNECTION (for TCP/SSL).
- This cannot be used for internal load balancing.
required: false
default: UTILIZATION
choices:
- UTILIZATION
- RATE
Expand All @@ -81,6 +82,7 @@
[0.0,1.0].
- This cannot be used for internal load balancing.
required: false
default: '1.0'
description:
description:
- An optional description of this resource.
Expand Down Expand Up @@ -140,6 +142,7 @@
target for the group. The default is 0.8. Valid range is [0.0, 1.0].
- This cannot be used for internal load balancing.
required: false
default: '0.8'
cdn_policy:
description:
- Cloud CDN configuration for this BackendService.
Expand Down Expand Up @@ -196,14 +199,15 @@
version_added: 2.8
connection_draining:
description:
- Settings for connection draining.
- Settings for connection draining .
required: false
suboptions:
draining_timeout_sec:
description:
- Time for which instance will be drained (not accept new connections, but
still work to finish started).
required: false
default: '300'
description:
description:
- An optional description of this resource.
Expand All @@ -221,7 +225,7 @@
and a health check is required.
- For internal load balancing, a URL to a HealthCheck resource must be specified
instead.
required: false
required: true
iap:
description:
- Settings for enabling Cloud Identity Aware Proxy.
Expand All @@ -235,12 +239,12 @@
type: bool
oauth2_client_id:
description:
- OAuth2 Client ID for IAP.
required: false
- OAuth2 Client ID for IAP .
required: true
oauth2_client_secret:
description:
- OAuth2 Client Secret for IAP.
required: false
- OAuth2 Client Secret for IAP .
required: true
load_balancing_scheme:
description:
- Indicates whether the backend service will be used with internal or external
Expand All @@ -259,7 +263,7 @@
which means the first character must be a lowercase letter, and all following
characters must be a dash, lowercase letter, or digit, except the last character,
which cannot be a dash.
required: false
required: true
port_name:
description:
- Name of backend port. The same name should appear in the instance groups referenced
Expand All @@ -278,11 +282,11 @@
- HTTPS
- TCP
- SSL
region:
security_policy:
description:
- The region where the regional backend service resides.
- This field is not applicable to global backend services.
- The security policy associated with this backend service.
required: false
version_added: 2.8
session_affinity:
description:
- Type of session affinity to use. The default is NONE.
Expand Down Expand Up @@ -498,7 +502,7 @@
type: int
connectionDraining:
description:
- Settings for connection draining.
- Settings for connection draining .
returned: success
type: complex
contains:
Expand All @@ -513,6 +517,12 @@
- Creation timestamp in RFC3339 text format.
returned: success
type: str
fingerprint:
description:
- Fingerprint of this resource. A hash of the contents stored in this object. This
field is used in optimistic locking.
returned: success
type: str
description:
description:
- An optional description of this resource.
Expand Down Expand Up @@ -551,17 +561,17 @@
type: bool
oauth2ClientId:
description:
- OAuth2 Client ID for IAP.
- OAuth2 Client ID for IAP .
returned: success
type: str
oauth2ClientSecret:
description:
- OAuth2 Client Secret for IAP.
- OAuth2 Client Secret for IAP .
returned: success
type: str
oauth2ClientSecretSha256:
description:
- OAuth2 Client Secret SHA-256 for IAP.
- OAuth2 Client Secret SHA-256 for IAP .
returned: success
type: str
loadBalancingScheme:
Expand Down Expand Up @@ -596,10 +606,9 @@
is TCP.
returned: success
type: str
region:
securityPolicy:
description:
- The region where the regional backend service resides.
- This field is not applicable to global backend services.
- The security policy associated with this backend service.
returned: success
type: str
sessionAffinity:
Expand All @@ -625,7 +634,6 @@

from ansible.module_utils.gcp_utils import navigate_hash, GcpSession, GcpModule, GcpRequest, remove_nones_from_dict, replace_resource_dict
import json
import re
import time

################################################################################
Expand All @@ -644,15 +652,15 @@ def main():
type='list',
elements='dict',
options=dict(
balancing_mode=dict(type='str', choices=['UTILIZATION', 'RATE', 'CONNECTION']),
capacity_scaler=dict(type='str'),
balancing_mode=dict(default='UTILIZATION', type='str', choices=['UTILIZATION', 'RATE', 'CONNECTION']),
capacity_scaler=dict(default=1.0, type='str'),
description=dict(type='str'),
group=dict(),
max_connections=dict(type='int'),
max_connections_per_instance=dict(type='int'),
max_rate=dict(type='int'),
max_rate_per_instance=dict(type='str'),
max_utilization=dict(type='str'),
max_utilization=dict(default=0.8, type='str'),
),
),
cdn_policy=dict(
Expand All @@ -671,16 +679,19 @@ def main():
signed_url_cache_max_age_sec=dict(default=3600, type='int'),
),
),
connection_draining=dict(type='dict', options=dict(draining_timeout_sec=dict(type='int'))),
connection_draining=dict(type='dict', options=dict(draining_timeout_sec=dict(default=300, type='int'))),
description=dict(type='str'),
enable_cdn=dict(type='bool'),
health_checks=dict(type='list', elements='str'),
iap=dict(type='dict', options=dict(enabled=dict(type='bool'), oauth2_client_id=dict(type='str'), oauth2_client_secret=dict(type='str'))),
health_checks=dict(required=True, type='list', elements='str'),
iap=dict(
type='dict',
options=dict(enabled=dict(type='bool'), oauth2_client_id=dict(required=True, type='str'), oauth2_client_secret=dict(required=True, type='str')),
),
load_balancing_scheme=dict(type='str', choices=['INTERNAL', 'EXTERNAL']),
name=dict(type='str'),
name=dict(required=True, type='str'),
port_name=dict(type='str'),
protocol=dict(type='str', choices=['HTTP', 'HTTPS', 'TCP', 'SSL']),
region=dict(type='str'),
security_policy=dict(type='str'),
session_affinity=dict(type='str', choices=['NONE', 'CLIENT_IP', 'GENERATED_COOKIE', 'CLIENT_IP_PROTO', 'CLIENT_IP_PORT_PROTO']),
timeout_sec=dict(type='int', aliases=['timeout_seconds']),
)
Expand All @@ -698,7 +709,7 @@ def main():
if fetch:
if state == 'present':
if is_different(module, fetch):
update(module, self_link(module), kind)
update(module, self_link(module), kind, fetch)
fetch = fetch_resource(module, self_link(module), kind)
changed = True
else:
Expand All @@ -722,11 +733,25 @@ def create(module, link, kind):
return wait_for_operation(module, auth.post(link, resource_to_request(module)))


def update(module, link, kind):
def update(module, link, kind, fetch):
update_fields(module, resource_to_request(module), response_to_hash(module, fetch))
auth = GcpSession(module, 'compute')
return wait_for_operation(module, auth.put(link, resource_to_request(module)))


def update_fields(module, request, response):
if response.get('securityPolicy') != request.get('securityPolicy'):
security_policy_update(module, request, response)


def security_policy_update(module, request, response):
auth = GcpSession(module, 'compute')
auth.post(
''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/global/backendServices/{name}/setSecurityPolicy"]).format(**module.params),
{u'securityPolicy': module.params.get('security_policy')},
)


def delete(module, link, kind):
auth = GcpSession(module, 'compute')
return wait_for_operation(module, auth.delete(link))
Expand All @@ -747,7 +772,7 @@ def resource_to_request(module):
u'name': module.params.get('name'),
u'portName': module.params.get('port_name'),
u'protocol': module.params.get('protocol'),
u'region': region_selflink(module.params.get('region'), module.params),
u'securityPolicy': module.params.get('security_policy'),
u'sessionAffinity': module.params.get('session_affinity'),
u'timeoutSec': module.params.get('timeout_sec'),
}
Expand Down Expand Up @@ -820,30 +845,22 @@ def response_to_hash(module, response):
u'cdnPolicy': BackendServiceCdnpolicy(response.get(u'cdnPolicy', {}), module).from_response(),
u'connectionDraining': BackendServiceConnectiondraining(response.get(u'connectionDraining', {}), module).from_response(),
u'creationTimestamp': response.get(u'creationTimestamp'),
u'fingerprint': response.get(u'fingerprint'),
u'description': response.get(u'description'),
u'enableCDN': response.get(u'enableCDN'),
u'healthChecks': response.get(u'healthChecks'),
u'id': response.get(u'id'),
u'iap': BackendServiceIap(response.get(u'iap', {}), module).from_response(),
u'loadBalancingScheme': response.get(u'loadBalancingScheme'),
u'name': response.get(u'name'),
u'name': module.params.get('name'),
u'portName': response.get(u'portName'),
u'protocol': response.get(u'protocol'),
u'region': response.get(u'region'),
u'securityPolicy': response.get(u'securityPolicy'),
u'sessionAffinity': response.get(u'sessionAffinity'),
u'timeoutSec': response.get(u'timeoutSec'),
}


def region_selflink(name, params):
if name is None:
return
url = r"https://www.googleapis.com/compute/v1/projects/.*/regions/[a-z1-9\-]*"
if not re.match(url, name):
name = "https://www.googleapis.com/compute/v1/projects/{project}/regions/%s".format(**params) % name
return name


def async_op_url(module, extra_data=None):
if extra_data is None:
extra_data = {}
Expand Down
19 changes: 12 additions & 7 deletions lib/ansible/modules/cloud/google/gcp_compute_backend_service_facts.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,7 @@
type: int
connectionDraining:
description:
- Settings for connection draining.
- Settings for connection draining .
returned: success
type: complex
contains:
Expand All @@ -234,6 +234,12 @@
- Creation timestamp in RFC3339 text format.
returned: success
type: str
fingerprint:
description:
- Fingerprint of this resource. A hash of the contents stored in this object.
This field is used in optimistic locking.
returned: success
type: str
description:
description:
- An optional description of this resource.
Expand Down Expand Up @@ -272,17 +278,17 @@
type: bool
oauth2ClientId:
description:
- OAuth2 Client ID for IAP.
- OAuth2 Client ID for IAP .
returned: success
type: str
oauth2ClientSecret:
description:
- OAuth2 Client Secret for IAP.
- OAuth2 Client Secret for IAP .
returned: success
type: str
oauth2ClientSecretSha256:
description:
- OAuth2 Client Secret SHA-256 for IAP.
- OAuth2 Client Secret SHA-256 for IAP .
returned: success
type: str
loadBalancingScheme:
Expand Down Expand Up @@ -317,10 +323,9 @@
default is TCP.
returned: success
type: str
region:
securityPolicy:
description:
- The region where the regional backend service resides.
- This field is not applicable to global backend services.
- The security policy associated with this backend service.
returned: success
type: str
sessionAffinity:
Expand Down

0 comments on commit b5d8af0

Please sign in to comment.