From 569e094efde887eb9169bc91797f2566eb010945 Mon Sep 17 00:00:00 2001 From: Alex Stephen Date: Tue, 14 Aug 2018 06:52:57 -0700 Subject: [PATCH] Bug fixes for gcp_compute_target_ssl_proxy (#42826) --- .../google/gcp_compute_target_ssl_proxy.py | 59 +++++------ .../tasks/main.yml | 100 +++++++----------- 2 files changed, 68 insertions(+), 91 deletions(-) diff --git a/lib/ansible/modules/cloud/google/gcp_compute_target_ssl_proxy.py b/lib/ansible/modules/cloud/google/gcp_compute_target_ssl_proxy.py index 6103751ceff..6c3b0725f34 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_target_ssl_proxy.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_target_ssl_proxy.py @@ -68,7 +68,7 @@ options: choices: ['NONE', 'PROXY_V1'] service: description: - - A reference to BackendService resource. + - A reference to the BackendService resource. required: true ssl_certificates: description: @@ -76,24 +76,25 @@ options: users and the load balancer. Currently, exactly one SSL certificate must be specified. required: true extends_documentation_fragment: gcp +notes: + - "API Reference: U(https://cloud.google.com/compute/docs/reference/latest/targetSslProxies)" + - "Setting Up SSL proxy for Google Cloud Load Balancing: U(https://cloud.google.com/compute/docs/load-balancing/tcp-ssl/)" ''' EXAMPLES = ''' - name: create a instance group gcp_compute_instance_group: - name: 'instancegroup-targetsslproxy' - zone: 'us-central1-a' + name: "instancegroup-targetsslproxy" + zone: us-central1-a project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: present register: instancegroup - name: create a health check gcp_compute_health_check: - name: 'healthcheck-targetsslproxy' + name: "healthcheck-targetsslproxy" type: TCP tcp_health_check: port_name: service-health @@ -105,32 +106,27 @@ EXAMPLES = ''' project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: present register: healthcheck - name: create a backend service gcp_compute_backend_service: - name: 'backendservice-targetsslproxy' + name: "backendservice-targetsslproxy" backends: - - group: "{{ instancegroup }}" + - group: "{{ instancegroup }}" health_checks: - - "{{ healthcheck.selfLink }}" - protocol: 'SSL' + - "{{ healthcheck.selfLink }}" + protocol: SSL project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: present register: backendservice - name: create a ssl certificate gcp_compute_ssl_certificate: - name: 'sslcert-targetsslproxy' - description: | - "A certificate for testing. Do not use this certificate in production" + name: "sslcert-targetsslproxy" + description: A certificate for testing. Do not use this certificate in production certificate: | -----BEGIN CERTIFICATE----- MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG @@ -158,22 +154,18 @@ EXAMPLES = ''' project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: present register: sslcert - name: create a target ssl proxy gcp_compute_target_ssl_proxy: - name: testObject + name: "test_object" ssl_certificates: - - "{{ sslcert }}" + - "{{ sslcert }}" service: "{{ backendservice }}" - project: testProject - auth_kind: service_account - service_account_file: /tmp/auth.pem - scopes: - - https://www.googleapis.com/auth/compute + project: "test_project" + auth_kind: "service_account" + service_account_file: "/tmp/auth.pem" state: present ''' @@ -211,7 +203,7 @@ RETURN = ''' type: str service: description: - - A reference to BackendService resource. + - A reference to the BackendService resource. returned: success type: dict ssl_certificates: @@ -249,6 +241,9 @@ def main(): ) ) + if not module.params['scopes']: + module.params['scopes'] = ['https://www.googleapis.com/auth/compute'] + state = module.params['state'] kind = 'compute#targetSslProxy' @@ -258,10 +253,10 @@ def main(): if fetch: if state == 'present': if is_different(module, fetch): - fetch = update(module, self_link(module), kind, fetch) + fetch = update(module, self_link(module), kind) changed = True else: - delete(module, self_link(module), kind, fetch) + delete(module, self_link(module), kind) fetch = {} changed = True else: @@ -281,12 +276,12 @@ def create(module, link, kind): return wait_for_operation(module, auth.post(link, resource_to_request(module))) -def update(module, link, kind, fetch): +def update(module, link, kind): auth = GcpSession(module, 'compute') return wait_for_operation(module, auth.put(link, resource_to_request(module))) -def delete(module, link, kind, fetch): +def delete(module, link, kind): auth = GcpSession(module, 'compute') return wait_for_operation(module, auth.delete(link)) @@ -388,7 +383,7 @@ def async_op_url(module, extra_data=None): def wait_for_operation(module, response): op_result = return_if_object(module, response, 'compute#operation') if op_result is None: - return None + return {} status = navigate_hash(op_result, ['status']) wait_done = wait_for_completion(status, op_result, module) return fetch_resource(module, navigate_hash(wait_done, ['targetLink']), 'compute#targetSslProxy') diff --git a/test/integration/targets/gcp_compute_target_ssl_proxy/tasks/main.yml b/test/integration/targets/gcp_compute_target_ssl_proxy/tasks/main.yml index 0b57974b8c4..2b9f24154f5 100644 --- a/test/integration/targets/gcp_compute_target_ssl_proxy/tasks/main.yml +++ b/test/integration/targets/gcp_compute_target_ssl_proxy/tasks/main.yml @@ -15,18 +15,16 @@ # Pre-test setup - name: create a instance group gcp_compute_instance_group: - name: 'instancegroup-targetsslproxy' - zone: 'us-central1-a' + name: "instancegroup-targetsslproxy" + zone: us-central1-a project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: present register: instancegroup - name: create a health check gcp_compute_health_check: - name: 'healthcheck-targetsslproxy' + name: "healthcheck-targetsslproxy" type: TCP tcp_health_check: port_name: service-health @@ -38,30 +36,25 @@ project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: present register: healthcheck - name: create a backend service gcp_compute_backend_service: - name: 'backendservice-targetsslproxy' + name: "backendservice-targetsslproxy" backends: - - group: "{{ instancegroup }}" + - group: "{{ instancegroup }}" health_checks: - - "{{ healthcheck.selfLink }}" - protocol: 'SSL' + - "{{ healthcheck.selfLink }}" + protocol: SSL project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: present register: backendservice - name: create a ssl certificate gcp_compute_ssl_certificate: - name: 'sslcert-targetsslproxy' - description: | - "A certificate for testing. Do not use this certificate in production" + name: "sslcert-targetsslproxy" + description: A certificate for testing. Do not use this certificate in production certificate: | -----BEGIN CERTIFICATE----- MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG @@ -89,34 +82,28 @@ project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: present register: sslcert - name: delete a target ssl proxy gcp_compute_target_ssl_proxy: name: "{{ resource_name }}" ssl_certificates: - - "{{ sslcert }}" + - "{{ sslcert }}" service: "{{ backendservice }}" project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: absent #---------------------------------------------------------- - name: create a target ssl proxy gcp_compute_target_ssl_proxy: name: "{{ resource_name }}" ssl_certificates: - - "{{ sslcert }}" + - "{{ sslcert }}" service: "{{ backendservice }}" project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: present register: result - name: assert changed is true @@ -125,25 +112,29 @@ - result.changed == true - "result.kind == 'compute#targetSslProxy'" - name: verify that target_ssl_proxy was created - shell: | - gcloud compute target-ssl-proxies describe --project="{{ gcp_project}}" "{{ resource_name }}" + gcp_compute_target_ssl_proxy_facts: + filters: + - name = {{ resource_name }} + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + scopes: + - https://www.googleapis.com/auth/compute register: results - name: verify that command succeeded assert: that: - - results.rc == 0 + - results['items'] | length == 1 # ---------------------------------------------------------------------------- - name: create a target ssl proxy that already exists gcp_compute_target_ssl_proxy: name: "{{ resource_name }}" ssl_certificates: - - "{{ sslcert }}" + - "{{ sslcert }}" service: "{{ backendservice }}" project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: present register: result - name: assert changed is false @@ -156,13 +147,11 @@ gcp_compute_target_ssl_proxy: name: "{{ resource_name }}" ssl_certificates: - - "{{ sslcert }}" + - "{{ sslcert }}" service: "{{ backendservice }}" project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: absent register: result - name: assert changed is true @@ -171,27 +160,29 @@ - result.changed == true - result.has_key('kind') == False - name: verify that target_ssl_proxy was deleted - shell: | - gcloud compute target-ssl-proxies describe --project="{{ gcp_project}}" "{{ resource_name }}" + gcp_compute_target_ssl_proxy_facts: + filters: + - name = {{ resource_name }} + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + scopes: + - https://www.googleapis.com/auth/compute register: results - failed_when: results.rc == 0 - name: verify that command succeeded assert: that: - - results.rc == 1 - - "\"'projects/{{ gcp_project }}/global/targetSslProxies/{{ resource_name }}' was not found\" in results.stderr" + - results['items'] | length == 0 # ---------------------------------------------------------------------------- - name: delete a target ssl proxy that does not exist gcp_compute_target_ssl_proxy: name: "{{ resource_name }}" ssl_certificates: - - "{{ sslcert }}" + - "{{ sslcert }}" service: "{{ backendservice }}" project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: absent register: result - name: assert changed is false @@ -203,9 +194,8 @@ # Post-test teardown - name: delete a ssl certificate gcp_compute_ssl_certificate: - name: 'sslcert-targetsslproxy' - description: | - "A certificate for testing. Do not use this certificate in production" + name: "sslcert-targetsslproxy" + description: A certificate for testing. Do not use this certificate in production certificate: | -----BEGIN CERTIFICATE----- MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG @@ -233,28 +223,24 @@ project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: absent register: sslcert - name: delete a backend service gcp_compute_backend_service: - name: 'backendservice-targetsslproxy' + name: "backendservice-targetsslproxy" backends: - - group: "{{ instancegroup }}" + - group: "{{ instancegroup }}" health_checks: - - "{{ healthcheck.selfLink }}" - protocol: 'SSL' + - "{{ healthcheck.selfLink }}" + protocol: SSL project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: absent register: backendservice - name: delete a health check gcp_compute_health_check: - name: 'healthcheck-targetsslproxy' + name: "healthcheck-targetsslproxy" type: TCP tcp_health_check: port_name: service-health @@ -266,18 +252,14 @@ project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: absent register: healthcheck - name: delete a instance group gcp_compute_instance_group: - name: 'instancegroup-targetsslproxy' - zone: 'us-central1-a' + name: "instancegroup-targetsslproxy" + zone: us-central1-a project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: absent register: instancegroup