From b5d8af07a32a64bcd1d4fe485335a3ff66e0f1d8 Mon Sep 17 00:00:00 2001 From: The Magician Date: Tue, 2 Apr 2019 14:32:02 -0700 Subject: [PATCH] Add fingerprint, securityPolicy to BackendService (#222) + increase validation Signed-off-by: Modular Magician --- .../google/gcp_compute_backend_service.py | 97 +++++++++++-------- .../gcp_compute_backend_service_facts.py | 19 ++-- 2 files changed, 69 insertions(+), 47 deletions(-) diff --git a/lib/ansible/modules/cloud/google/gcp_compute_backend_service.py b/lib/ansible/modules/cloud/google/gcp_compute_backend_service.py index f528e06882b9f5..b8a1b323b2af85 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_backend_service.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_backend_service.py @@ -67,6 +67,7 @@ Valid values are UTILIZATION, RATE (for HTTP(S)) and CONNECTION (for TCP/SSL). - This cannot be used for internal load balancing. required: false + default: UTILIZATION choices: - UTILIZATION - RATE @@ -81,6 +82,7 @@ [0.0,1.0]. - This cannot be used for internal load balancing. required: false + default: '1.0' description: description: - An optional description of this resource. @@ -140,6 +142,7 @@ target for the group. The default is 0.8. Valid range is [0.0, 1.0]. - This cannot be used for internal load balancing. required: false + default: '0.8' cdn_policy: description: - Cloud CDN configuration for this BackendService. @@ -196,7 +199,7 @@ version_added: 2.8 connection_draining: description: - - Settings for connection draining. + - Settings for connection draining . required: false suboptions: draining_timeout_sec: @@ -204,6 +207,7 @@ - Time for which instance will be drained (not accept new connections, but still work to finish started). required: false + default: '300' description: description: - An optional description of this resource. @@ -221,7 +225,7 @@ and a health check is required. - For internal load balancing, a URL to a HealthCheck resource must be specified instead. - required: false + required: true iap: description: - Settings for enabling Cloud Identity Aware Proxy. @@ -235,12 +239,12 @@ type: bool oauth2_client_id: description: - - OAuth2 Client ID for IAP. - required: false + - OAuth2 Client ID for IAP . + required: true oauth2_client_secret: description: - - OAuth2 Client Secret for IAP. - required: false + - OAuth2 Client Secret for IAP . + required: true load_balancing_scheme: description: - Indicates whether the backend service will be used with internal or external @@ -259,7 +263,7 @@ which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - required: false + required: true port_name: description: - Name of backend port. The same name should appear in the instance groups referenced @@ -278,11 +282,11 @@ - HTTPS - TCP - SSL - region: + security_policy: description: - - The region where the regional backend service resides. - - This field is not applicable to global backend services. + - The security policy associated with this backend service. required: false + version_added: 2.8 session_affinity: description: - Type of session affinity to use. The default is NONE. @@ -498,7 +502,7 @@ type: int connectionDraining: description: - - Settings for connection draining. + - Settings for connection draining . returned: success type: complex contains: @@ -513,6 +517,12 @@ - Creation timestamp in RFC3339 text format. returned: success type: str +fingerprint: + description: + - Fingerprint of this resource. A hash of the contents stored in this object. This + field is used in optimistic locking. + returned: success + type: str description: description: - An optional description of this resource. @@ -551,17 +561,17 @@ type: bool oauth2ClientId: description: - - OAuth2 Client ID for IAP. + - OAuth2 Client ID for IAP . returned: success type: str oauth2ClientSecret: description: - - OAuth2 Client Secret for IAP. + - OAuth2 Client Secret for IAP . returned: success type: str oauth2ClientSecretSha256: description: - - OAuth2 Client Secret SHA-256 for IAP. + - OAuth2 Client Secret SHA-256 for IAP . returned: success type: str loadBalancingScheme: @@ -596,10 +606,9 @@ is TCP. returned: success type: str -region: +securityPolicy: description: - - The region where the regional backend service resides. - - This field is not applicable to global backend services. + - The security policy associated with this backend service. returned: success type: str sessionAffinity: @@ -625,7 +634,6 @@ from ansible.module_utils.gcp_utils import navigate_hash, GcpSession, GcpModule, GcpRequest, remove_nones_from_dict, replace_resource_dict import json -import re import time ################################################################################ @@ -644,15 +652,15 @@ def main(): type='list', elements='dict', options=dict( - balancing_mode=dict(type='str', choices=['UTILIZATION', 'RATE', 'CONNECTION']), - capacity_scaler=dict(type='str'), + balancing_mode=dict(default='UTILIZATION', type='str', choices=['UTILIZATION', 'RATE', 'CONNECTION']), + capacity_scaler=dict(default=1.0, type='str'), description=dict(type='str'), group=dict(), max_connections=dict(type='int'), max_connections_per_instance=dict(type='int'), max_rate=dict(type='int'), max_rate_per_instance=dict(type='str'), - max_utilization=dict(type='str'), + max_utilization=dict(default=0.8, type='str'), ), ), cdn_policy=dict( @@ -671,16 +679,19 @@ def main(): signed_url_cache_max_age_sec=dict(default=3600, type='int'), ), ), - connection_draining=dict(type='dict', options=dict(draining_timeout_sec=dict(type='int'))), + connection_draining=dict(type='dict', options=dict(draining_timeout_sec=dict(default=300, type='int'))), description=dict(type='str'), enable_cdn=dict(type='bool'), - health_checks=dict(type='list', elements='str'), - iap=dict(type='dict', options=dict(enabled=dict(type='bool'), oauth2_client_id=dict(type='str'), oauth2_client_secret=dict(type='str'))), + health_checks=dict(required=True, type='list', elements='str'), + iap=dict( + type='dict', + options=dict(enabled=dict(type='bool'), oauth2_client_id=dict(required=True, type='str'), oauth2_client_secret=dict(required=True, type='str')), + ), load_balancing_scheme=dict(type='str', choices=['INTERNAL', 'EXTERNAL']), - name=dict(type='str'), + name=dict(required=True, type='str'), port_name=dict(type='str'), protocol=dict(type='str', choices=['HTTP', 'HTTPS', 'TCP', 'SSL']), - region=dict(type='str'), + security_policy=dict(type='str'), session_affinity=dict(type='str', choices=['NONE', 'CLIENT_IP', 'GENERATED_COOKIE', 'CLIENT_IP_PROTO', 'CLIENT_IP_PORT_PROTO']), timeout_sec=dict(type='int', aliases=['timeout_seconds']), ) @@ -698,7 +709,7 @@ def main(): if fetch: if state == 'present': if is_different(module, fetch): - update(module, self_link(module), kind) + update(module, self_link(module), kind, fetch) fetch = fetch_resource(module, self_link(module), kind) changed = True else: @@ -722,11 +733,25 @@ def create(module, link, kind): return wait_for_operation(module, auth.post(link, resource_to_request(module))) -def update(module, link, kind): +def update(module, link, kind, fetch): + update_fields(module, resource_to_request(module), response_to_hash(module, fetch)) auth = GcpSession(module, 'compute') return wait_for_operation(module, auth.put(link, resource_to_request(module))) +def update_fields(module, request, response): + if response.get('securityPolicy') != request.get('securityPolicy'): + security_policy_update(module, request, response) + + +def security_policy_update(module, request, response): + auth = GcpSession(module, 'compute') + auth.post( + ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/global/backendServices/{name}/setSecurityPolicy"]).format(**module.params), + {u'securityPolicy': module.params.get('security_policy')}, + ) + + def delete(module, link, kind): auth = GcpSession(module, 'compute') return wait_for_operation(module, auth.delete(link)) @@ -747,7 +772,7 @@ def resource_to_request(module): u'name': module.params.get('name'), u'portName': module.params.get('port_name'), u'protocol': module.params.get('protocol'), - u'region': region_selflink(module.params.get('region'), module.params), + u'securityPolicy': module.params.get('security_policy'), u'sessionAffinity': module.params.get('session_affinity'), u'timeoutSec': module.params.get('timeout_sec'), } @@ -820,30 +845,22 @@ def response_to_hash(module, response): u'cdnPolicy': BackendServiceCdnpolicy(response.get(u'cdnPolicy', {}), module).from_response(), u'connectionDraining': BackendServiceConnectiondraining(response.get(u'connectionDraining', {}), module).from_response(), u'creationTimestamp': response.get(u'creationTimestamp'), + u'fingerprint': response.get(u'fingerprint'), u'description': response.get(u'description'), u'enableCDN': response.get(u'enableCDN'), u'healthChecks': response.get(u'healthChecks'), u'id': response.get(u'id'), u'iap': BackendServiceIap(response.get(u'iap', {}), module).from_response(), u'loadBalancingScheme': response.get(u'loadBalancingScheme'), - u'name': response.get(u'name'), + u'name': module.params.get('name'), u'portName': response.get(u'portName'), u'protocol': response.get(u'protocol'), - u'region': response.get(u'region'), + u'securityPolicy': response.get(u'securityPolicy'), u'sessionAffinity': response.get(u'sessionAffinity'), u'timeoutSec': response.get(u'timeoutSec'), } -def region_selflink(name, params): - if name is None: - return - url = r"https://www.googleapis.com/compute/v1/projects/.*/regions/[a-z1-9\-]*" - if not re.match(url, name): - name = "https://www.googleapis.com/compute/v1/projects/{project}/regions/%s".format(**params) % name - return name - - def async_op_url(module, extra_data=None): if extra_data is None: extra_data = {} diff --git a/lib/ansible/modules/cloud/google/gcp_compute_backend_service_facts.py b/lib/ansible/modules/cloud/google/gcp_compute_backend_service_facts.py index e7339098bdfd37..3a23e0cff0ecf5 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_backend_service_facts.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_backend_service_facts.py @@ -219,7 +219,7 @@ type: int connectionDraining: description: - - Settings for connection draining. + - Settings for connection draining . returned: success type: complex contains: @@ -234,6 +234,12 @@ - Creation timestamp in RFC3339 text format. returned: success type: str + fingerprint: + description: + - Fingerprint of this resource. A hash of the contents stored in this object. + This field is used in optimistic locking. + returned: success + type: str description: description: - An optional description of this resource. @@ -272,17 +278,17 @@ type: bool oauth2ClientId: description: - - OAuth2 Client ID for IAP. + - OAuth2 Client ID for IAP . returned: success type: str oauth2ClientSecret: description: - - OAuth2 Client Secret for IAP. + - OAuth2 Client Secret for IAP . returned: success type: str oauth2ClientSecretSha256: description: - - OAuth2 Client Secret SHA-256 for IAP. + - OAuth2 Client Secret SHA-256 for IAP . returned: success type: str loadBalancingScheme: @@ -317,10 +323,9 @@ default is TCP. returned: success type: str - region: + securityPolicy: description: - - The region where the regional backend service resides. - - This field is not applicable to global backend services. + - The security policy associated with this backend service. returned: success type: str sessionAffinity: