forked from ansible/ansible
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
New module: GCP Compute Ssl Certificates (ansible#38620)
- Loading branch information
1 parent
39100a2
commit 7925a6d
Showing
5 changed files
with
583 additions
and
0 deletions.
There are no files selected for viewing
342 changes: 342 additions & 0 deletions
342
lib/ansible/modules/cloud/google/gcp_compute_ssl_certificate.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,342 @@ | ||
#!/usr/bin/python | ||
# -*- coding: utf-8 -*- | ||
# | ||
# Copyright (C) 2017 Google | ||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) | ||
# ---------------------------------------------------------------------------- | ||
# | ||
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** | ||
# | ||
# ---------------------------------------------------------------------------- | ||
# | ||
# This file is automatically generated by Magic Modules and manual | ||
# changes will be clobbered when the file is regenerated. | ||
# | ||
# Please read more about how to change this file at | ||
# https://www.github.com/GoogleCloudPlatform/magic-modules | ||
# | ||
# ---------------------------------------------------------------------------- | ||
|
||
from __future__ import absolute_import, division, print_function | ||
__metaclass__ = type | ||
|
||
################################################################################ | ||
# Documentation | ||
################################################################################ | ||
|
||
ANSIBLE_METADATA = {'metadata_version': '1.1', | ||
'status': ["preview"], | ||
'supported_by': 'community'} | ||
|
||
DOCUMENTATION = ''' | ||
--- | ||
module: gcp_compute_ssl_certificate | ||
description: | ||
- An SslCertificate resource. This resource provides a mechanism to upload an SSL | ||
key and certificate to the load balancer to serve secure connections from the user. | ||
short_description: Creates a GCP SslCertificate | ||
version_added: 2.6 | ||
author: Google Inc. (@googlecloudplatform) | ||
requirements: | ||
- python >= 2.6 | ||
- requests >= 2.18.4 | ||
- google-auth >= 1.3.0 | ||
options: | ||
state: | ||
description: | ||
- Whether the given object should exist in GCP | ||
choices: ['present', 'absent'] | ||
default: 'present' | ||
certificate: | ||
description: | ||
- The certificate in PEM format. | ||
- The certificate chain must be no greater than 5 certs long. | ||
- The chain must include at least one intermediate cert. | ||
required: false | ||
description: | ||
description: | ||
- An optional description of this resource. | ||
required: false | ||
name: | ||
description: | ||
- Name of the resource. Provided by the client when the resource is created. The name | ||
must be 1-63 characters long, and comply with RFC1035. Specifically, the name must | ||
be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` | ||
which means the first character must be a lowercase letter, and all following characters | ||
must be a dash, lowercase letter, or digit, except the last character, which cannot | ||
be a dash. | ||
required: false | ||
private_key: | ||
description: | ||
- The private key in PEM format. | ||
required: false | ||
extends_documentation_fragment: gcp | ||
''' | ||
|
||
EXAMPLES = ''' | ||
- name: create a ssl certificate | ||
gcp_compute_ssl_certificate: | ||
name: testObject | ||
description: | | ||
"A certificate for testing. Do not use this certificate in production" | ||
certificate: | | ||
-----BEGIN CERTIFICATE----- | ||
MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG | ||
EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxFTAT | ||
BgNVBAoMDEdvb2dsZSwgSW5jLjEeMBwGA1UECwwVR29vZ2xlIENsb3VkIFBsYXRm | ||
b3JtMR8wHQYDVQQDDBZ3d3cubXktc2VjdXJlLXNpdGUuY29tMSEwHwYJKoZIhvcN | ||
AQkBFhJuZWxzb25hQGdvb2dsZS5jb20wHhcNMTcwNjI4MDQ1NjI2WhcNMjcwNjI2 | ||
MDQ1NjI2WjCBsDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xETAP | ||
BgNVBAcMCEtpcmtsYW5kMRUwEwYDVQQKDAxHb29nbGUsIEluYy4xHjAcBgNVBAsM | ||
FUdvb2dsZSBDbG91ZCBQbGF0Zm9ybTEfMB0GA1UEAwwWd3d3Lm15LXNlY3VyZS1z | ||
aXRlLmNvbTEhMB8GCSqGSIb3DQEJARYSbmVsc29uYUBnb29nbGUuY29tMFkwEwYH | ||
KoZIzj0CAQYIKoZIzj0DAQcDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ | ||
4mzkzTv0dXyB750fOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwaNQME4wHQYDVR0O | ||
BBYEFKIQC3A2SDpxcdfn0YLKineDNq/BMB8GA1UdIwQYMBaAFKIQC3A2SDpxcdfn | ||
0YLKineDNq/BMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhALs4vy+O | ||
M3jcqgA4fSW/oKw6UJxp+M6a+nGMX+UJR3YgAiEAvvl39QRVAiv84hdoCuyON0lJ | ||
zqGNhIPGq2ULqXKK8BY= | ||
-----END CERTIFICATE----- | ||
private_key: | | ||
-----BEGIN EC PRIVATE KEY----- | ||
MHcCAQEEIObtRo8tkUqoMjeHhsOh2ouPpXCgBcP+EDxZCB/tws15oAoGCCqGSM49 | ||
AwEHoUQDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ4mzkzTv0dXyB750f | ||
OGN02HtkpBOZzzvUARTR10JQoSe2/5PIwQ== | ||
-----END EC PRIVATE KEY----- | ||
project: testProject | ||
auth_kind: service_account | ||
service_account_file: /tmp/auth.pem | ||
scopes: | ||
- https://www.googleapis.com/auth/compute | ||
state: present | ||
''' | ||
|
||
RETURN = ''' | ||
certificate: | ||
description: | ||
- The certificate in PEM format. | ||
- The certificate chain must be no greater than 5 certs long. | ||
- The chain must include at least one intermediate cert. | ||
returned: success | ||
type: str | ||
creation_timestamp: | ||
description: | ||
- Creation timestamp in RFC3339 text format. | ||
returned: success | ||
type: str | ||
description: | ||
description: | ||
- An optional description of this resource. | ||
returned: success | ||
type: str | ||
id: | ||
description: | ||
- The unique identifier for the resource. | ||
returned: success | ||
type: int | ||
name: | ||
description: | ||
- Name of the resource. Provided by the client when the resource is created. The name | ||
must be 1-63 characters long, and comply with RFC1035. Specifically, the name must | ||
be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` | ||
which means the first character must be a lowercase letter, and all following characters | ||
must be a dash, lowercase letter, or digit, except the last character, which cannot | ||
be a dash. | ||
returned: success | ||
type: str | ||
private_key: | ||
description: | ||
- The private key in PEM format. | ||
returned: success | ||
type: str | ||
''' | ||
|
||
################################################################################ | ||
# Imports | ||
################################################################################ | ||
|
||
from ansible.module_utils.gcp_utils import navigate_hash, GcpSession, GcpModule, GcpRequest, replace_resource_dict | ||
import json | ||
import time | ||
|
||
################################################################################ | ||
# Main | ||
################################################################################ | ||
|
||
|
||
def main(): | ||
"""Main function""" | ||
|
||
module = GcpModule( | ||
argument_spec=dict( | ||
state=dict(default='present', choices=['present', 'absent'], type='str'), | ||
certificate=dict(type='str'), | ||
description=dict(type='str'), | ||
name=dict(type='str'), | ||
private_key=dict(type='str') | ||
) | ||
) | ||
|
||
state = module.params['state'] | ||
kind = 'compute#sslCertificate' | ||
|
||
fetch = fetch_resource(module, self_link(module), kind) | ||
changed = False | ||
|
||
if fetch: | ||
if state == 'present': | ||
if is_different(module, fetch): | ||
fetch = update(module, self_link(module), kind, fetch) | ||
changed = True | ||
else: | ||
delete(module, self_link(module), kind, fetch) | ||
fetch = {} | ||
changed = True | ||
else: | ||
if state == 'present': | ||
fetch = create(module, collection(module), kind) | ||
changed = True | ||
else: | ||
fetch = {} | ||
|
||
fetch.update({'changed': changed}) | ||
|
||
module.exit_json(**fetch) | ||
|
||
|
||
def create(module, link, kind): | ||
auth = GcpSession(module, 'compute') | ||
return wait_for_operation(module, auth.post(link, resource_to_request(module))) | ||
|
||
|
||
def update(module, link, kind, fetch): | ||
auth = GcpSession(module, 'compute') | ||
return wait_for_operation(module, auth.put(link, resource_to_request(module))) | ||
|
||
|
||
def delete(module, link, kind, fetch): | ||
auth = GcpSession(module, 'compute') | ||
return wait_for_operation(module, auth.delete(link)) | ||
|
||
|
||
def resource_to_request(module): | ||
request = { | ||
u'kind': 'compute#sslCertificate', | ||
u'certificate': module.params.get('certificate'), | ||
u'description': module.params.get('description'), | ||
u'name': module.params.get('name'), | ||
u'privateKey': module.params.get('private_key') | ||
} | ||
return_vals = {} | ||
for k, v in request.items(): | ||
if v: | ||
return_vals[k] = v | ||
|
||
return return_vals | ||
|
||
|
||
def fetch_resource(module, link, kind): | ||
auth = GcpSession(module, 'compute') | ||
return return_if_object(module, auth.get(link), kind) | ||
|
||
|
||
def self_link(module): | ||
return "https://www.googleapis.com/compute/v1/projects/{project}/global/sslCertificates/{name}".format(**module.params) | ||
|
||
|
||
def collection(module): | ||
return "https://www.googleapis.com/compute/v1/projects/{project}/global/sslCertificates".format(**module.params) | ||
|
||
|
||
def return_if_object(module, response, kind): | ||
# If not found, return nothing. | ||
if response.status_code == 404: | ||
return None | ||
|
||
# If no content, return nothing. | ||
if response.status_code == 204: | ||
return None | ||
|
||
try: | ||
module.raise_for_status(response) | ||
result = response.json() | ||
except getattr(json.decoder, 'JSONDecodeError', ValueError) as inst: | ||
module.fail_json(msg="Invalid JSON response with error: %s" % inst) | ||
|
||
if navigate_hash(result, ['error', 'errors']): | ||
module.fail_json(msg=navigate_hash(result, ['error', 'errors'])) | ||
if result['kind'] != kind: | ||
module.fail_json(msg="Incorrect result: {kind}".format(**result)) | ||
|
||
return result | ||
|
||
|
||
def is_different(module, response): | ||
request = resource_to_request(module) | ||
response = response_to_hash(module, response) | ||
|
||
# Remove all output-only from response. | ||
response_vals = {} | ||
for k, v in response.items(): | ||
if k in request: | ||
response_vals[k] = v | ||
|
||
request_vals = {} | ||
for k, v in request.items(): | ||
if k in response: | ||
request_vals[k] = v | ||
|
||
return GcpRequest(request_vals) != GcpRequest(response_vals) | ||
|
||
|
||
# Remove unnecessary properties from the response. | ||
# This is for doing comparisons with Ansible's current parameters. | ||
def response_to_hash(module, response): | ||
return { | ||
u'certificate': response.get(u'certificate'), | ||
u'creationTimestamp': response.get(u'creationTimestamp'), | ||
u'description': response.get(u'description'), | ||
u'id': response.get(u'id'), | ||
u'name': response.get(u'name'), | ||
u'privateKey': module.params.get('private_key') | ||
} | ||
|
||
|
||
def async_op_url(module, extra_data=None): | ||
if extra_data is None: | ||
extra_data = {} | ||
url = "https://www.googleapis.com/compute/v1/projects/{project}/global/operations/{op_id}" | ||
combined = extra_data.copy() | ||
combined.update(module.params) | ||
return url.format(**combined) | ||
|
||
|
||
def wait_for_operation(module, response): | ||
op_result = return_if_object(module, response, 'compute#operation') | ||
if op_result is None: | ||
return None | ||
status = navigate_hash(op_result, ['status']) | ||
wait_done = wait_for_completion(status, op_result, module) | ||
return fetch_resource(module, navigate_hash(wait_done, ['targetLink']), 'compute#sslCertificate') | ||
|
||
|
||
def wait_for_completion(status, op_result, module): | ||
op_id = navigate_hash(op_result, ['name']) | ||
op_uri = async_op_url(module, {'op_id': op_id}) | ||
while status != 'DONE': | ||
raise_if_errors(op_result, ['error', 'errors'], 'message') | ||
time.sleep(1.0) | ||
if status not in ['PENDING', 'RUNNING', 'DONE']: | ||
module.fail_json(msg="Invalid result %s" % status) | ||
op_result = fetch_resource(module, op_uri, 'compute#operation') | ||
status = navigate_hash(op_result, ['status']) | ||
return op_result | ||
|
||
|
||
def raise_if_errors(response, err_path, module): | ||
errors = navigate_hash(response, err_path) | ||
if errors is not None: | ||
module.fail_json(msg=errors) | ||
|
||
if __name__ == '__main__': | ||
main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
cloud/gcp | ||
unsupported |
3 changes: 3 additions & 0 deletions
3
test/integration/targets/gcp_compute_ssl_certificate/defaults/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
--- | ||
# defaults file | ||
resource_name: '{{resource_prefix}}' |
Empty file.
Oops, something went wrong.