archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Bug fixes for gcp_compute_target_ssl_proxy (#42826)

Browse Source
pull/44122/head
Alex Stephen 6 years ago committed by Ryan Brown
parent b88442064f
commit 569e094efd
2 changed files with 68 additions and 91 deletions
Show Stats Download Patch File Download Diff File

59
lib/ansible/modules/cloud/google/gcp_compute_target_ssl_proxy.py
Unescape Escape View File

@ -68,7 +68,7 @@ options:
choices: ['NONE', 'PROXY_V1'] choices: ['NONE', 'PROXY_V1']
service: service:
description: description:
- A reference to BackendService resource. - A reference to the BackendService resource.
required: true required: true
ssl_certificates: ssl_certificates:
description: description:
@ -76,24 +76,25 @@ options:
users and the load balancer. Currently, exactly one SSL certificate must be specified. users and the load balancer. Currently, exactly one SSL certificate must be specified.
required: true required: true
extends_documentation_fragment: gcp extends_documentation_fragment: gcp
notes:
- "API Reference: U(https://cloud.google.com/compute/docs/reference/latest/targetSslProxies)"
- "Setting Up SSL proxy for Google Cloud Load Balancing: U(https://cloud.google.com/compute/docs/load-balancing/tcp-ssl/)"
''' '''
EXAMPLES = ''' EXAMPLES = '''
- name: create a instance group - name: create a instance group
gcp_compute_instance_group: gcp_compute_instance_group:
name: 'instancegroup-targetsslproxy' name: "instancegroup-targetsslproxy"
zone: 'us-central1-a' zone: us-central1-a
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: present state: present
register: instancegroup register: instancegroup
- name: create a health check - name: create a health check
gcp_compute_health_check: gcp_compute_health_check:
name: 'healthcheck-targetsslproxy' name: "healthcheck-targetsslproxy"
type: TCP type: TCP
tcp_health_check: tcp_health_check:
port_name: service-health port_name: service-health
@ -105,32 +106,27 @@ EXAMPLES = '''
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: present state: present
register: healthcheck register: healthcheck
- name: create a backend service - name: create a backend service
gcp_compute_backend_service: gcp_compute_backend_service:
name: 'backendservice-targetsslproxy' name: "backendservice-targetsslproxy"
backends: backends:
- group: "{{ instancegroup }}" - group: "{{ instancegroup }}"
health_checks: health_checks:
- "{{ healthcheck.selfLink }}" - "{{ healthcheck.selfLink }}"
protocol: 'SSL' protocol: SSL
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: present state: present
register: backendservice register: backendservice
- name: create a ssl certificate - name: create a ssl certificate
gcp_compute_ssl_certificate: gcp_compute_ssl_certificate:
name: 'sslcert-targetsslproxy' name: "sslcert-targetsslproxy"
description: | description: A certificate for testing. Do not use this certificate in production
"A certificate for testing. Do not use this certificate in production"
certificate: | certificate: |
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG
@ -158,22 +154,18 @@ EXAMPLES = '''
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: present state: present
register: sslcert register: sslcert
- name: create a target ssl proxy - name: create a target ssl proxy
gcp_compute_target_ssl_proxy: gcp_compute_target_ssl_proxy:
name: testObject name: "test_object"
ssl_certificates: ssl_certificates:
- "{{ sslcert }}" - "{{ sslcert }}"
service: "{{ backendservice }}" service: "{{ backendservice }}"
project: testProject project: "test_project"
auth_kind: service_account auth_kind: "service_account"
service_account_file: /tmp/auth.pem service_account_file: "/tmp/auth.pem"
scopes:
- https://www.googleapis.com/auth/compute
state: present state: present
''' '''
@ -211,7 +203,7 @@ RETURN = '''
type: str type: str
service: service:
description: description:
- A reference to BackendService resource. - A reference to the BackendService resource.
returned: success returned: success
type: dict type: dict
ssl_certificates: ssl_certificates:
@ -249,6 +241,9 @@ def main():
) )
) )
if not module.params['scopes']:
module.params['scopes'] = ['https://www.googleapis.com/auth/compute']
state = module.params['state'] state = module.params['state']
kind = 'compute#targetSslProxy' kind = 'compute#targetSslProxy'
@ -258,10 +253,10 @@ def main():
if fetch: if fetch:
if state == 'present': if state == 'present':
if is_different(module, fetch): if is_different(module, fetch):
fetch = update(module, self_link(module), kind, fetch) fetch = update(module, self_link(module), kind)
changed = True changed = True
else: else:
delete(module, self_link(module), kind, fetch) delete(module, self_link(module), kind)
fetch = {} fetch = {}
changed = True changed = True
else: else:
@ -281,12 +276,12 @@ def create(module, link, kind):
return wait_for_operation(module, auth.post(link, resource_to_request(module))) return wait_for_operation(module, auth.post(link, resource_to_request(module)))
def update(module, link, kind, fetch): def update(module, link, kind):
auth = GcpSession(module, 'compute') auth = GcpSession(module, 'compute')
return wait_for_operation(module, auth.put(link, resource_to_request(module))) return wait_for_operation(module, auth.put(link, resource_to_request(module)))
def delete(module, link, kind, fetch): def delete(module, link, kind):
auth = GcpSession(module, 'compute') auth = GcpSession(module, 'compute')
return wait_for_operation(module, auth.delete(link)) return wait_for_operation(module, auth.delete(link))
@ -388,7 +383,7 @@ def async_op_url(module, extra_data=None):
def wait_for_operation(module, response): def wait_for_operation(module, response):
op_result = return_if_object(module, response, 'compute#operation') op_result = return_if_object(module, response, 'compute#operation')
if op_result is None: if op_result is None:
return None return {}
status = navigate_hash(op_result, ['status']) status = navigate_hash(op_result, ['status'])
wait_done = wait_for_completion(status, op_result, module) wait_done = wait_for_completion(status, op_result, module)
return fetch_resource(module, navigate_hash(wait_done, ['targetLink']), 'compute#targetSslProxy') return fetch_resource(module, navigate_hash(wait_done, ['targetLink']), 'compute#targetSslProxy')

100
test/integration/targets/gcp_compute_target_ssl_proxy/tasks/main.yml
Unescape Escape View File

@ -15,18 +15,16 @@
# Pre-test setup # Pre-test setup
- name: create a instance group - name: create a instance group
gcp_compute_instance_group: gcp_compute_instance_group:
name: 'instancegroup-targetsslproxy' name: "instancegroup-targetsslproxy"
zone: 'us-central1-a' zone: us-central1-a
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: present state: present
register: instancegroup register: instancegroup
- name: create a health check - name: create a health check
gcp_compute_health_check: gcp_compute_health_check:
name: 'healthcheck-targetsslproxy' name: "healthcheck-targetsslproxy"
type: TCP type: TCP
tcp_health_check: tcp_health_check:
port_name: service-health port_name: service-health
@ -38,30 +36,25 @@
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: present state: present
register: healthcheck register: healthcheck
- name: create a backend service - name: create a backend service
gcp_compute_backend_service: gcp_compute_backend_service:
name: 'backendservice-targetsslproxy' name: "backendservice-targetsslproxy"
backends: backends:
- group: "{{ instancegroup }}" - group: "{{ instancegroup }}"
health_checks: health_checks:
- "{{ healthcheck.selfLink }}" - "{{ healthcheck.selfLink }}"
protocol: 'SSL' protocol: SSL
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: present state: present
register: backendservice register: backendservice
- name: create a ssl certificate - name: create a ssl certificate
gcp_compute_ssl_certificate: gcp_compute_ssl_certificate:
name: 'sslcert-targetsslproxy' name: "sslcert-targetsslproxy"
description: | description: A certificate for testing. Do not use this certificate in production
"A certificate for testing. Do not use this certificate in production"
certificate: | certificate: |
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG
@ -89,34 +82,28 @@
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: present state: present
register: sslcert register: sslcert
- name: delete a target ssl proxy - name: delete a target ssl proxy
gcp_compute_target_ssl_proxy: gcp_compute_target_ssl_proxy:
name: "{{ resource_name }}" name: "{{ resource_name }}"
ssl_certificates: ssl_certificates:
- "{{ sslcert }}" - "{{ sslcert }}"
service: "{{ backendservice }}" service: "{{ backendservice }}"
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: absent state: absent
#---------------------------------------------------------- #----------------------------------------------------------
- name: create a target ssl proxy - name: create a target ssl proxy
gcp_compute_target_ssl_proxy: gcp_compute_target_ssl_proxy:
name: "{{ resource_name }}" name: "{{ resource_name }}"
ssl_certificates: ssl_certificates:
- "{{ sslcert }}" - "{{ sslcert }}"
service: "{{ backendservice }}" service: "{{ backendservice }}"
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: present state: present
register: result register: result
- name: assert changed is true - name: assert changed is true
@ -125,25 +112,29 @@
- result.changed == true - result.changed == true
- "result.kind == 'compute#targetSslProxy'" - "result.kind == 'compute#targetSslProxy'"
- name: verify that target_ssl_proxy was created - name: verify that target_ssl_proxy was created
shell: | gcp_compute_target_ssl_proxy_facts:
gcloud compute target-ssl-proxies describe --project="{{ gcp_project}}" "{{ resource_name }}" filters:
- name = {{ resource_name }}
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
register: results register: results
- name: verify that command succeeded - name: verify that command succeeded
assert: assert:
that: that:
- results.rc == 0 - results['items'] | length == 1
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
- name: create a target ssl proxy that already exists - name: create a target ssl proxy that already exists
gcp_compute_target_ssl_proxy: gcp_compute_target_ssl_proxy:
name: "{{ resource_name }}" name: "{{ resource_name }}"
ssl_certificates: ssl_certificates:
- "{{ sslcert }}" - "{{ sslcert }}"
service: "{{ backendservice }}" service: "{{ backendservice }}"
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: present state: present
register: result register: result
- name: assert changed is false - name: assert changed is false
@ -156,13 +147,11 @@
gcp_compute_target_ssl_proxy: gcp_compute_target_ssl_proxy:
name: "{{ resource_name }}" name: "{{ resource_name }}"
ssl_certificates: ssl_certificates:
- "{{ sslcert }}" - "{{ sslcert }}"
service: "{{ backendservice }}" service: "{{ backendservice }}"
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: absent state: absent
register: result register: result
- name: assert changed is true - name: assert changed is true
@ -171,27 +160,29 @@
- result.changed == true - result.changed == true
- result.has_key('kind') == False - result.has_key('kind') == False
- name: verify that target_ssl_proxy was deleted - name: verify that target_ssl_proxy was deleted
shell: | gcp_compute_target_ssl_proxy_facts:
gcloud compute target-ssl-proxies describe --project="{{ gcp_project}}" "{{ resource_name }}" filters:
- name = {{ resource_name }}
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
register: results register: results
failed_when: results.rc == 0
- name: verify that command succeeded - name: verify that command succeeded
assert: assert:
that: that:
- results.rc == 1 - results['items'] | length == 0
- "\"'projects/{{ gcp_project }}/global/targetSslProxies/{{ resource_name }}' was not found\" in results.stderr"
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
- name: delete a target ssl proxy that does not exist - name: delete a target ssl proxy that does not exist
gcp_compute_target_ssl_proxy: gcp_compute_target_ssl_proxy:
name: "{{ resource_name }}" name: "{{ resource_name }}"
ssl_certificates: ssl_certificates:
- "{{ sslcert }}" - "{{ sslcert }}"
service: "{{ backendservice }}" service: "{{ backendservice }}"
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: absent state: absent
register: result register: result
- name: assert changed is false - name: assert changed is false
@ -203,9 +194,8 @@
# Post-test teardown # Post-test teardown
- name: delete a ssl certificate - name: delete a ssl certificate
gcp_compute_ssl_certificate: gcp_compute_ssl_certificate:
name: 'sslcert-targetsslproxy' name: "sslcert-targetsslproxy"
description: | description: A certificate for testing. Do not use this certificate in production
"A certificate for testing. Do not use this certificate in production"
certificate: | certificate: |
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG
@ -233,28 +223,24 @@
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: absent state: absent
register: sslcert register: sslcert
- name: delete a backend service - name: delete a backend service
gcp_compute_backend_service: gcp_compute_backend_service:
name: 'backendservice-targetsslproxy' name: "backendservice-targetsslproxy"
backends: backends:
- group: "{{ instancegroup }}" - group: "{{ instancegroup }}"
health_checks: health_checks:
- "{{ healthcheck.selfLink }}" - "{{ healthcheck.selfLink }}"
protocol: 'SSL' protocol: SSL
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: absent state: absent
register: backendservice register: backendservice
- name: delete a health check - name: delete a health check
gcp_compute_health_check: gcp_compute_health_check:
name: 'healthcheck-targetsslproxy' name: "healthcheck-targetsslproxy"
type: TCP type: TCP
tcp_health_check: tcp_health_check:
port_name: service-health port_name: service-health
@ -266,18 +252,14 @@
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: absent state: absent
register: healthcheck register: healthcheck
- name: delete a instance group - name: delete a instance group
gcp_compute_instance_group: gcp_compute_instance_group:
name: 'instancegroup-targetsslproxy' name: "instancegroup-targetsslproxy"
zone: 'us-central1-a' zone: us-central1-a
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
scopes:
- https://www.googleapis.com/auth/compute
state: absent state: absent
register: instancegroup register: instancegroup

Write Preview
Loading…
Cancel
Save