Adding support for GCP Compute Ssl Certificates

lib/ansible/modules/cloud/google/gcp_compute_ssl_certificate.py

@@ -0,0 +1,342 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2017 Google
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file at
+#     https://www.github.com/GoogleCloudPlatform/magic-modules
+#
+# ----------------------------------------------------------------------------
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+################################################################################
+# Documentation
+################################################################################
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+                    'status': ["preview"],
+                    'supported_by': 'community'}
+
+DOCUMENTATION = '''
+---
+module: gcp_compute_ssl_certificate
+description:
+    - An SslCertificate resource. This resource provides a mechanism to upload an SSL
+      key and certificate to the load balancer to serve secure connections from the user.
+short_description: Creates a GCP SslCertificate
+version_added: 2.6
+author: Google Inc. (@googlecloudplatform)
+requirements:
+    - python >= 2.6
+    - requests >= 2.18.4
+    - google-auth >= 1.3.0
+options:
+    state:
+        description:
+            - Whether the given object should exist in GCP
+        choices: ['present', 'absent']
+        default: 'present'
+    certificate:
+        description:
+            - The certificate in PEM format.
+            - The certificate chain must be no greater than 5 certs long.
+            - The chain must include at least one intermediate cert.
+        required: false
+    description:
+        description:
+            - An optional description of this resource.
+        required: false
+    name:
+        description:
+            - Name of the resource. Provided by the client when the resource is created. The name
+              must be 1-63 characters long, and comply with RFC1035. Specifically, the name must
+              be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
+              which means the first character must be a lowercase letter, and all following characters
+              must be a dash, lowercase letter, or digit, except the last character, which cannot
+              be a dash.
+        required: false
+    private_key:
+        description:
+            - The private key in PEM format.
+        required: false
+extends_documentation_fragment: gcp
+'''
+
+EXAMPLES = '''
+- name: create a ssl certificate
+  gcp_compute_ssl_certificate:
+      name: testObject
+      description: |
+        "A certificate for testing. Do not use this certificate in production"
+      certificate: |
+        -----BEGIN CERTIFICATE-----
+        MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG
+        EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxFTAT
+        BgNVBAoMDEdvb2dsZSwgSW5jLjEeMBwGA1UECwwVR29vZ2xlIENsb3VkIFBsYXRm
+        b3JtMR8wHQYDVQQDDBZ3d3cubXktc2VjdXJlLXNpdGUuY29tMSEwHwYJKoZIhvcN
+        AQkBFhJuZWxzb25hQGdvb2dsZS5jb20wHhcNMTcwNjI4MDQ1NjI2WhcNMjcwNjI2
+        MDQ1NjI2WjCBsDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xETAP
+        BgNVBAcMCEtpcmtsYW5kMRUwEwYDVQQKDAxHb29nbGUsIEluYy4xHjAcBgNVBAsM
+        FUdvb2dsZSBDbG91ZCBQbGF0Zm9ybTEfMB0GA1UEAwwWd3d3Lm15LXNlY3VyZS1z
+        aXRlLmNvbTEhMB8GCSqGSIb3DQEJARYSbmVsc29uYUBnb29nbGUuY29tMFkwEwYH
+        KoZIzj0CAQYIKoZIzj0DAQcDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ
+        4mzkzTv0dXyB750fOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwaNQME4wHQYDVR0O
+        BBYEFKIQC3A2SDpxcdfn0YLKineDNq/BMB8GA1UdIwQYMBaAFKIQC3A2SDpxcdfn
+        0YLKineDNq/BMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhALs4vy+O
+        M3jcqgA4fSW/oKw6UJxp+M6a+nGMX+UJR3YgAiEAvvl39QRVAiv84hdoCuyON0lJ
+        zqGNhIPGq2ULqXKK8BY=
+        -----END CERTIFICATE-----
+      private_key: |
+        -----BEGIN EC PRIVATE KEY-----
+        MHcCAQEEIObtRo8tkUqoMjeHhsOh2ouPpXCgBcP+EDxZCB/tws15oAoGCCqGSM49
+        AwEHoUQDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ4mzkzTv0dXyB750f
+        OGN02HtkpBOZzzvUARTR10JQoSe2/5PIwQ==
+        -----END EC PRIVATE KEY-----
+      project: testProject
+      auth_kind: service_account
+      service_account_file: /tmp/auth.pem
+      scopes:
+        - https://www.googleapis.com/auth/compute
+      state: present
+'''
+
+RETURN = '''
+    certificate:
+        description:
+            - The certificate in PEM format.
+            - The certificate chain must be no greater than 5 certs long.
+            - The chain must include at least one intermediate cert.
+        returned: success
+        type: str
+    creation_timestamp:
+        description:
+            - Creation timestamp in RFC3339 text format.
+        returned: success
+        type: str
+    description:
+        description:
+            - An optional description of this resource.
+        returned: success
+        type: str
+    id:
+        description:
+            - The unique identifier for the resource.
+        returned: success
+        type: int
+    name:
+        description:
+            - Name of the resource. Provided by the client when the resource is created. The name
+              must be 1-63 characters long, and comply with RFC1035. Specifically, the name must
+              be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
+              which means the first character must be a lowercase letter, and all following characters
+              must be a dash, lowercase letter, or digit, except the last character, which cannot
+              be a dash.
+        returned: success
+        type: str
+    private_key:
+        description:
+            - The private key in PEM format.
+        returned: success
+        type: str
+'''
+
+################################################################################
+# Imports
+################################################################################
+
+from ansible.module_utils.gcp_utils import navigate_hash, GcpSession, GcpModule, GcpRequest, replace_resource_dict
+import json
+import time
+
+################################################################################
+# Main
+################################################################################
+
+
+def main():
+    """Main function"""
+
+    module = GcpModule(
+        argument_spec=dict(
+            state=dict(default='present', choices=['present', 'absent'], type='str'),
+            certificate=dict(type='str'),
+            description=dict(type='str'),
+            name=dict(type='str'),
+            private_key=dict(type='str')
+        )
+    )
+
+    state = module.params['state']
+    kind = 'compute#sslCertificate'
+
+    fetch = fetch_resource(module, self_link(module), kind)
+    changed = False
+
+    if fetch:
+        if state == 'present':
+            if is_different(module, fetch):
+                fetch = update(module, self_link(module), kind, fetch)
+                changed = True
+        else:
+            delete(module, self_link(module), kind, fetch)
+            fetch = {}
+            changed = True
+    else:
+        if state == 'present':
+            fetch = create(module, collection(module), kind)
+            changed = True
+        else:
+            fetch = {}
+
+    fetch.update({'changed': changed})
+
+    module.exit_json(**fetch)
+
+
+def create(module, link, kind):
+    auth = GcpSession(module, 'compute')
+    return wait_for_operation(module, auth.post(link, resource_to_request(module)))
+
+
+def update(module, link, kind, fetch):
+    auth = GcpSession(module, 'compute')
+    return wait_for_operation(module, auth.put(link, resource_to_request(module)))
+
+
+def delete(module, link, kind, fetch):
+    auth = GcpSession(module, 'compute')
+    return wait_for_operation(module, auth.delete(link))
+
+
+def resource_to_request(module):
+    request = {
+        u'kind': 'compute#sslCertificate',
+        u'certificate': module.params.get('certificate'),
+        u'description': module.params.get('description'),
+        u'name': module.params.get('name'),
+        u'privateKey': module.params.get('private_key')
+    }
+    return_vals = {}
+    for k, v in request.items():
+        if v:
+            return_vals[k] = v
+
+    return return_vals
+
+
+def fetch_resource(module, link, kind):
+    auth = GcpSession(module, 'compute')
+    return return_if_object(module, auth.get(link), kind)
+
+
+def self_link(module):
+    return "https://www.googleapis.com/compute/v1/projects/{project}/global/sslCertificates/{name}".format(**module.params)
+
+
+def collection(module):
+    return "https://www.googleapis.com/compute/v1/projects/{project}/global/sslCertificates".format(**module.params)
+
+
+def return_if_object(module, response, kind):
+    # If not found, return nothing.
+    if response.status_code == 404:
+        return None
+
+    # If no content, return nothing.
+    if response.status_code == 204:
+        return None
+
+    try:
+        module.raise_for_status(response)
+        result = response.json()
+    except getattr(json.decoder, 'JSONDecodeError', ValueError) as inst:
+        module.fail_json(msg="Invalid JSON response with error: %s" % inst)
+
+    if navigate_hash(result, ['error', 'errors']):
+        module.fail_json(msg=navigate_hash(result, ['error', 'errors']))
+    if result['kind'] != kind:
+        module.fail_json(msg="Incorrect result: {kind}".format(**result))
+
+    return result
+
+
+def is_different(module, response):
+    request = resource_to_request(module)
+    response = response_to_hash(module, response)
+
+    # Remove all output-only from response.
+    response_vals = {}
+    for k, v in response.items():
+        if k in request:
+            response_vals[k] = v
+
+    request_vals = {}
+    for k, v in request.items():
+        if k in response:
+            request_vals[k] = v
+
+    return GcpRequest(request_vals) != GcpRequest(response_vals)
+
+
+# Remove unnecessary properties from the response.
+# This is for doing comparisons with Ansible's current parameters.
+def response_to_hash(module, response):
+    return {
+        u'certificate': response.get(u'certificate'),
+        u'creationTimestamp': response.get(u'creationTimestamp'),
+        u'description': response.get(u'description'),
+        u'id': response.get(u'id'),
+        u'name': response.get(u'name'),
+        u'privateKey': module.params.get('private_key')
+    }
+
+
+def async_op_url(module, extra_data=None):
+    if extra_data is None:
+        extra_data = {}
+    url = "https://www.googleapis.com/compute/v1/projects/{project}/global/operations/{op_id}"
+    combined = extra_data.copy()
+    combined.update(module.params)
+    return url.format(**combined)
+
+
+def wait_for_operation(module, response):
+    op_result = return_if_object(module, response, 'compute#operation')
+    if op_result is None:
+        return None
+    status = navigate_hash(op_result, ['status'])
+    wait_done = wait_for_completion(status, op_result, module)
+    return fetch_resource(module, navigate_hash(wait_done, ['targetLink']), 'compute#sslCertificate')
+
+
+def wait_for_completion(status, op_result, module):
+    op_id = navigate_hash(op_result, ['name'])
+    op_uri = async_op_url(module, {'op_id': op_id})
+    while status != 'DONE':
+        raise_if_errors(op_result, ['error', 'errors'], 'message')
+        time.sleep(1.0)
+        if status not in ['PENDING', 'RUNNING', 'DONE']:
+            module.fail_json(msg="Invalid result %s" % status)
+        op_result = fetch_resource(module, op_uri, 'compute#operation')
+        status = navigate_hash(op_result, ['status'])
+    return op_result
+
+
+def raise_if_errors(response, err_path, module):
+    errors = navigate_hash(response, err_path)
+    if errors is not None:
+        module.fail_json(msg=errors)
+
+if __name__ == '__main__':
+    main()

test/integration/targets/gcp_compute_ssl_certificate/aliases

@@ -0,0 +1,2 @@
+cloud/gcp
+unsupported

test/integration/targets/gcp_compute_ssl_certificate/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+# defaults file
+resource_name: '{{resource_prefix}}'