diff options
Diffstat (limited to 'lib/ansible/modules/cloud/google/gcp_compute_target_https_proxy.py')
-rw-r--r-- | lib/ansible/modules/cloud/google/gcp_compute_target_https_proxy.py | 547 |
1 files changed, 0 insertions, 547 deletions
diff --git a/lib/ansible/modules/cloud/google/gcp_compute_target_https_proxy.py b/lib/ansible/modules/cloud/google/gcp_compute_target_https_proxy.py deleted file mode 100644 index 514b581711..0000000000 --- a/lib/ansible/modules/cloud/google/gcp_compute_target_https_proxy.py +++ /dev/null @@ -1,547 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# -# Copyright (C) 2017 Google -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file at -# https://www.github.com/GoogleCloudPlatform/magic-modules -# -# ---------------------------------------------------------------------------- - -from __future__ import absolute_import, division, print_function - -__metaclass__ = type - -################################################################################ -# Documentation -################################################################################ - -ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ["preview"], 'supported_by': 'community'} - -DOCUMENTATION = ''' ---- -module: gcp_compute_target_https_proxy -description: -- Represents a TargetHttpsProxy resource, which is used by one or more global forwarding - rule to route incoming HTTPS requests to a URL map. -short_description: Creates a GCP TargetHttpsProxy -version_added: '2.6' -author: Google Inc. (@googlecloudplatform) -requirements: -- python >= 2.6 -- requests >= 2.18.4 -- google-auth >= 1.3.0 -options: - state: - description: - - Whether the given object should exist in GCP - choices: - - present - - absent - default: present - type: str - description: - description: - - An optional description of this resource. - required: false - type: str - name: - description: - - Name of the resource. Provided by the client when the resource is created. The - name must be 1-63 characters long, and comply with RFC1035. Specifically, the - name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` - which means the first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last character, - which cannot be a dash. - required: true - type: str - quic_override: - description: - - Specifies the QUIC override policy for this resource. This determines whether - the load balancer will attempt to negotiate QUIC with clients or not. Can specify - one of NONE, ENABLE, or DISABLE. If NONE is specified, uses the QUIC policy - with no user overrides, which is equivalent to DISABLE. Not specifying this - field is equivalent to specifying NONE. - - 'Some valid choices include: "NONE", "ENABLE", "DISABLE"' - required: false - type: str - version_added: '2.7' - ssl_certificates: - description: - - A list of SslCertificate resources that are used to authenticate connections - between users and the load balancer. At least one SSL certificate must be specified. - required: true - type: list - ssl_policy: - description: - - A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy - resource. If not set, the TargetHttpsProxy resource will not have any SSL policy - configured. - - 'This field represents a link to a SslPolicy resource in GCP. It can be specified - in two ways. First, you can place a dictionary with key ''selfLink'' and value - of your resource''s selfLink Alternatively, you can add `register: name-of-resource` - to a gcp_compute_ssl_policy task and then set this ssl_policy field to "{{ name-of-resource - }}"' - required: false - type: dict - version_added: '2.8' - url_map: - description: - - A reference to the UrlMap resource that defines the mapping from URL to the - BackendService. - - 'This field represents a link to a UrlMap resource in GCP. It can be specified - in two ways. First, you can place a dictionary with key ''selfLink'' and value - of your resource''s selfLink Alternatively, you can add `register: name-of-resource` - to a gcp_compute_url_map task and then set this url_map field to "{{ name-of-resource - }}"' - required: true - type: dict - project: - description: - - The Google Cloud Platform project to use. - type: str - auth_kind: - description: - - The type of credential used. - type: str - required: true - choices: - - application - - machineaccount - - serviceaccount - service_account_contents: - description: - - The contents of a Service Account JSON file, either in a dictionary or as a - JSON string that represents it. - type: jsonarg - service_account_file: - description: - - The path of a Service Account JSON file if serviceaccount is selected as type. - type: path - service_account_email: - description: - - An optional service account email address if machineaccount is selected and - the user does not wish to use the default email. - type: str - scopes: - description: - - Array of scopes to be used - type: list - env_type: - description: - - Specifies which Ansible environment you're running this module within. - - This should not be set unless you know what you're doing. - - This only alters the User Agent string for any API requests. - type: str -notes: -- 'API Reference: U(https://cloud.google.com/compute/docs/reference/v1/targetHttpsProxies)' -- 'Official Documentation: U(https://cloud.google.com/compute/docs/load-balancing/http/target-proxies)' -- for authentication, you can set service_account_file using the C(gcp_service_account_file) - env variable. -- for authentication, you can set service_account_contents using the C(GCP_SERVICE_ACCOUNT_CONTENTS) - env variable. -- For authentication, you can set service_account_email using the C(GCP_SERVICE_ACCOUNT_EMAIL) - env variable. -- For authentication, you can set auth_kind using the C(GCP_AUTH_KIND) env variable. -- For authentication, you can set scopes using the C(GCP_SCOPES) env variable. -- Environment variables values will only be used if the playbook values are not set. -- The I(service_account_email) and I(service_account_file) options are mutually exclusive. -''' - -EXAMPLES = ''' -- name: create a instance group - gcp_compute_instance_group: - name: instancegroup-targethttpsproxy - zone: us-central1-a - project: "{{ gcp_project }}" - auth_kind: "{{ gcp_cred_kind }}" - service_account_file: "{{ gcp_cred_file }}" - state: present - register: instancegroup - -- name: create a HTTP health check - gcp_compute_http_health_check: - name: httphealthcheck-targethttpsproxy - healthy_threshold: 10 - port: 8080 - timeout_sec: 2 - unhealthy_threshold: 5 - project: "{{ gcp_project }}" - auth_kind: "{{ gcp_cred_kind }}" - service_account_file: "{{ gcp_cred_file }}" - state: present - register: healthcheck - -- name: create a backend service - gcp_compute_backend_service: - name: backendservice-targethttpsproxy - backends: - - group: "{{ instancegroup.selfLink }}" - health_checks: - - "{{ healthcheck.selfLink }}" - enable_cdn: 'true' - project: "{{ gcp_project }}" - auth_kind: "{{ gcp_cred_kind }}" - service_account_file: "{{ gcp_cred_file }}" - state: present - register: backendservice - -- name: create a URL map - gcp_compute_url_map: - name: urlmap-targethttpsproxy - default_service: "{{ backendservice }}" - project: "{{ gcp_project }}" - auth_kind: "{{ gcp_cred_kind }}" - service_account_file: "{{ gcp_cred_file }}" - state: present - register: urlmap - -- name: create a SSL certificate - gcp_compute_ssl_certificate: - name: sslcert-targethttpsproxy - description: A certificate for testing. Do not use this certificate in production - certificate: |- - -----BEGIN CERTIFICATE----- - MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG - EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxFTAT - BgNVBAoMDEdvb2dsZSwgSW5jLjEeMBwGA1UECwwVR29vZ2xlIENsb3VkIFBsYXRm - b3JtMR8wHQYDVQQDDBZ3d3cubXktc2VjdXJlLXNpdGUuY29tMSEwHwYJKoZIhvcN - AQkBFhJuZWxzb25hQGdvb2dsZS5jb20wHhcNMTcwNjI4MDQ1NjI2WhcNMjcwNjI2 - MDQ1NjI2WjCBsDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xETAP - BgNVBAcMCEtpcmtsYW5kMRUwEwYDVQQKDAxHb29nbGUsIEluYy4xHjAcBgNVBAsM - FUdvb2dsZSBDbG91ZCBQbGF0Zm9ybTEfMB0GA1UEAwwWd3d3Lm15LXNlY3VyZS1z - aXRlLmNvbTEhMB8GCSqGSIb3DQEJARYSbmVsc29uYUBnb29nbGUuY29tMFkwEwYH - KoZIzj0CAQYIKoZIzj0DAQcDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ - 4mzkzTv0dXyB750fOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwaNQME4wHQYDVR0O - BBYEFKIQC3A2SDpxcdfn0YLKineDNq/BMB8GA1UdIwQYMBaAFKIQC3A2SDpxcdfn - 0YLKineDNq/BMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhALs4vy+O - M3jcqgA4fSW/oKw6UJxp+M6a+nGMX+UJR3YgAiEAvvl39QRVAiv84hdoCuyON0lJ - zqGNhIPGq2ULqXKK8BY= - -----END CERTIFICATE----- - private_key: |- - -----BEGIN EC PRIVATE KEY----- - MHcCAQEEIObtRo8tkUqoMjeHhsOh2ouPpXCgBcP+EDxZCB/tws15oAoGCCqGSM49 - AwEHoUQDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ4mzkzTv0dXyB750f - OGN02HtkpBOZzzvUARTR10JQoSe2/5PIwQ== - -----END EC PRIVATE KEY----- - project: "{{ gcp_project }}" - auth_kind: "{{ gcp_cred_kind }}" - service_account_file: "{{ gcp_cred_file }}" - state: present - register: sslcert - -- name: create a target HTTPS proxy - gcp_compute_target_https_proxy: - name: test_object - ssl_certificates: - - "{{ sslcert }}" - url_map: "{{ urlmap }}" - project: test_project - auth_kind: serviceaccount - service_account_file: "/tmp/auth.pem" - state: present -''' - -RETURN = ''' -creationTimestamp: - description: - - Creation timestamp in RFC3339 text format. - returned: success - type: str -description: - description: - - An optional description of this resource. - returned: success - type: str -id: - description: - - The unique identifier for the resource. - returned: success - type: int -name: - description: - - Name of the resource. Provided by the client when the resource is created. The - name must be 1-63 characters long, and comply with RFC1035. Specifically, the - name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` - which means the first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last character, - which cannot be a dash. - returned: success - type: str -quicOverride: - description: - - Specifies the QUIC override policy for this resource. This determines whether - the load balancer will attempt to negotiate QUIC with clients or not. Can specify - one of NONE, ENABLE, or DISABLE. If NONE is specified, uses the QUIC policy with - no user overrides, which is equivalent to DISABLE. Not specifying this field is - equivalent to specifying NONE. - returned: success - type: str -sslCertificates: - description: - - A list of SslCertificate resources that are used to authenticate connections between - users and the load balancer. At least one SSL certificate must be specified. - returned: success - type: list -sslPolicy: - description: - - A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy - resource. If not set, the TargetHttpsProxy resource will not have any SSL policy - configured. - returned: success - type: dict -urlMap: - description: - - A reference to the UrlMap resource that defines the mapping from URL to the BackendService. - returned: success - type: dict -''' - -################################################################################ -# Imports -################################################################################ - -from ansible.module_utils.gcp_utils import navigate_hash, GcpSession, GcpModule, GcpRequest, replace_resource_dict -import json -import time - -################################################################################ -# Main -################################################################################ - - -def main(): - """Main function""" - - module = GcpModule( - argument_spec=dict( - state=dict(default='present', choices=['present', 'absent'], type='str'), - description=dict(type='str'), - name=dict(required=True, type='str'), - quic_override=dict(type='str'), - ssl_certificates=dict(required=True, type='list', elements='dict'), - ssl_policy=dict(type='dict'), - url_map=dict(required=True, type='dict'), - ) - ) - - if not module.params['scopes']: - module.params['scopes'] = ['https://www.googleapis.com/auth/compute'] - - state = module.params['state'] - kind = 'compute#targetHttpsProxy' - - fetch = fetch_resource(module, self_link(module), kind) - changed = False - - if fetch: - if state == 'present': - if is_different(module, fetch): - update(module, self_link(module), kind, fetch) - fetch = fetch_resource(module, self_link(module), kind) - changed = True - else: - delete(module, self_link(module), kind) - fetch = {} - changed = True - else: - if state == 'present': - fetch = create(module, collection(module), kind) - changed = True - else: - fetch = {} - - fetch.update({'changed': changed}) - - module.exit_json(**fetch) - - -def create(module, link, kind): - auth = GcpSession(module, 'compute') - return wait_for_operation(module, auth.post(link, resource_to_request(module))) - - -def update(module, link, kind, fetch): - update_fields(module, resource_to_request(module), response_to_hash(module, fetch)) - return fetch_resource(module, self_link(module), kind) - - -def update_fields(module, request, response): - if response.get('quicOverride') != request.get('quicOverride'): - quic_override_update(module, request, response) - if response.get('sslCertificates') != request.get('sslCertificates'): - ssl_certificates_update(module, request, response) - if response.get('sslPolicy') != request.get('sslPolicy'): - ssl_policy_update(module, request, response) - if response.get('urlMap') != request.get('urlMap'): - url_map_update(module, request, response) - - -def quic_override_update(module, request, response): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/global/targetHttpsProxies/{name}/setQuicOverride"]).format(**module.params), - {u'quicOverride': module.params.get('quic_override')}, - ) - - -def ssl_certificates_update(module, request, response): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/targetHttpsProxies/{name}/setSslCertificates"]).format(**module.params), - {u'sslCertificates': replace_resource_dict(module.params.get('ssl_certificates', []), 'selfLink')}, - ) - - -def ssl_policy_update(module, request, response): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/global/targetHttpsProxies/{name}/setSslPolicy"]).format(**module.params), - {u'sslPolicy': replace_resource_dict(module.params.get(u'ssl_policy', {}), 'selfLink')}, - ) - - -def url_map_update(module, request, response): - auth = GcpSession(module, 'compute') - auth.post( - ''.join(["https://www.googleapis.com/compute/v1/", "projects/{project}/targetHttpsProxies/{name}/setUrlMap"]).format(**module.params), - {u'urlMap': replace_resource_dict(module.params.get(u'url_map', {}), 'selfLink')}, - ) - - -def delete(module, link, kind): - auth = GcpSession(module, 'compute') - return wait_for_operation(module, auth.delete(link)) - - -def resource_to_request(module): - request = { - u'kind': 'compute#targetHttpsProxy', - u'description': module.params.get('description'), - u'name': module.params.get('name'), - u'quicOverride': module.params.get('quic_override'), - u'sslCertificates': replace_resource_dict(module.params.get('ssl_certificates', []), 'selfLink'), - u'sslPolicy': replace_resource_dict(module.params.get(u'ssl_policy', {}), 'selfLink'), - u'urlMap': replace_resource_dict(module.params.get(u'url_map', {}), 'selfLink'), - } - return_vals = {} - for k, v in request.items(): - if v or v is False: - return_vals[k] = v - - return return_vals - - -def fetch_resource(module, link, kind, allow_not_found=True): - auth = GcpSession(module, 'compute') - return return_if_object(module, auth.get(link), kind, allow_not_found) - - -def self_link(module): - return "https://www.googleapis.com/compute/v1/projects/{project}/global/targetHttpsProxies/{name}".format(**module.params) - - -def collection(module): - return "https://www.googleapis.com/compute/v1/projects/{project}/global/targetHttpsProxies".format(**module.params) - - -def return_if_object(module, response, kind, allow_not_found=False): - # If not found, return nothing. - if allow_not_found and response.status_code == 404: - return None - - # If no content, return nothing. - if response.status_code == 204: - return None - - try: - module.raise_for_status(response) - result = response.json() - except getattr(json.decoder, 'JSONDecodeError', ValueError): - module.fail_json(msg="Invalid JSON response with error: %s" % response.text) - - if navigate_hash(result, ['error', 'errors']): - module.fail_json(msg=navigate_hash(result, ['error', 'errors'])) - - return result - - -def is_different(module, response): - request = resource_to_request(module) - response = response_to_hash(module, response) - - # Remove all output-only from response. - response_vals = {} - for k, v in response.items(): - if k in request: - response_vals[k] = v - - request_vals = {} - for k, v in request.items(): - if k in response: - request_vals[k] = v - - return GcpRequest(request_vals) != GcpRequest(response_vals) - - -# Remove unnecessary properties from the response. -# This is for doing comparisons with Ansible's current parameters. -def response_to_hash(module, response): - return { - u'creationTimestamp': response.get(u'creationTimestamp'), - u'description': module.params.get('description'), - u'id': response.get(u'id'), - u'name': module.params.get('name'), - u'quicOverride': response.get(u'quicOverride'), - u'sslCertificates': response.get(u'sslCertificates'), - u'sslPolicy': response.get(u'sslPolicy'), - u'urlMap': response.get(u'urlMap'), - } - - -def async_op_url(module, extra_data=None): - if extra_data is None: - extra_data = {} - url = "https://www.googleapis.com/compute/v1/projects/{project}/global/operations/{op_id}" - combined = extra_data.copy() - combined.update(module.params) - return url.format(**combined) - - -def wait_for_operation(module, response): - op_result = return_if_object(module, response, 'compute#operation') - if op_result is None: - return {} - status = navigate_hash(op_result, ['status']) - wait_done = wait_for_completion(status, op_result, module) - return fetch_resource(module, navigate_hash(wait_done, ['targetLink']), 'compute#targetHttpsProxy') - - -def wait_for_completion(status, op_result, module): - op_id = navigate_hash(op_result, ['name']) - op_uri = async_op_url(module, {'op_id': op_id}) - while status != 'DONE': - raise_if_errors(op_result, ['error', 'errors'], module) - time.sleep(1.0) - op_result = fetch_resource(module, op_uri, 'compute#operation', False) - status = navigate_hash(op_result, ['status']) - return op_result - - -def raise_if_errors(response, err_path, module): - errors = navigate_hash(response, err_path) - if errors is not None: - module.fail_json(msg=errors) - - -if __name__ == '__main__': - main() |