Skip to content

Commit

Permalink
Fixes GoogleCloudPlatform#154: DM/target_proxy: refactoring
Browse files Browse the repository at this point in the history 
GoogleCloudPlatform#154

- Added version, links to docs
- Switched to using type provider
- Added support for cross-project resource creation
- Fixed resource names
- Upgraded compute api version
- Fixed fields descriptions, add checks to arrays and objects
- Added support for "sslCertificates"
  • Loading branch information
@nick4fake
nick4fake committed Jun 26, 2019
1 parent 43cd422 commit e412a8b
Show file tree
Hide file tree
Showing 3 changed files with 88 additions and 33 deletions.
71 changes: 42 additions & 29 deletions dm/templates/target_proxy/target_proxy.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ def set_optional_property(destination, source, prop_name):
destination[prop_name] = source[prop_name]


def get_certificate(properties, res_name):
def get_certificate(properties, project_id, res_name):
"""
Gets a link to an existing or newly created SSL Certificate
resource.
Expand All @@ -35,13 +35,15 @@ def get_certificate(properties, res_name):
if 'url' in properties:
return properties['url'], [], []

name = properties.get('name', '{}-ssl-cert'.format(res_name))
name = '{}-ssl-cert'.format(res_name)

resource = {
'name': name,
'type': 'ssl_certificate.py',
'properties': copy.copy(properties)
}
resource['properties']['name'] = properties.get('name', res_name)
resource['properties']['project'] = project_id

self_link = '$(ref.{}.selfLink)'.format(name)
outputs = [
Expand All @@ -58,18 +60,23 @@ def get_certificate(properties, res_name):
return self_link, [resource], outputs


def get_insecure_proxy(is_http, name, properties, optional_properties):
def get_insecure_proxy(is_http, res_name, project_id, properties, optional_properties):
""" Creates a TCP or HTTP Proxy resource. """

if is_http:
type_name = 'compute.v1.targetHttpProxy'
# https://cloud.google.com/compute/docs/reference/rest/v1/targetHttpProxies
type_name = 'gcp-types/compute-v1:targetHttpProxies'
target_prop = 'urlMap'
else:
type_name = 'compute.alpha.targetTcpProxy'
# https://cloud.google.com/compute/docs/reference/rest/v1/targetTcpProxies
type_name = 'gcp-types/compute-v1:targetTcpProxies'
target_prop = 'service'

resource_props = {}
resource = {'type': type_name, 'name': name, 'properties': resource_props}
resource_props = {
'name': properties.get('name', res_name),
'project': project_id,
}
resource = {'type': type_name, 'name': res_name, 'properties': resource_props}

resource_props[target_prop] = properties['target']

Expand All @@ -79,73 +86,79 @@ def get_insecure_proxy(is_http, name, properties, optional_properties):
return [resource], []


def get_secure_proxy(is_http, name, properties, optional_properties):
def get_secure_proxy(is_http, res_name, project_id, properties, optional_properties):
""" Creates an SSL or HTTPS Proxy resource. """

if is_http:
create_base_proxy = get_http_proxy
target_type = 'compute.v1.targetHttpsProxy'
# https://cloud.google.com/compute/docs/reference/rest/v1/targetHttpsProxies
target_type = 'gcp-types/compute-v1:targetHttpsProxies'
else:
create_base_proxy = get_tcp_proxy
target_type = 'compute.v1.targetSslProxy'
# https://cloud.google.com/compute/docs/reference/rest/v1/targetSslProxies
target_type = 'gcp-types/compute-v1:targetSslProxies'

# Base proxy settings:
resources, outputs = create_base_proxy(properties, name)
resources, outputs = create_base_proxy(properties, res_name, project_id)
resource = resources[0]
resource['type'] = target_type
resource_prop = resource['properties']
for prop in optional_properties:
set_optional_property(resource_prop, properties, prop)

# SSL settings:
ssl = properties['ssl']
url, ssl_resources, ssl_outputs = get_certificate(ssl['certificate'], name)
resource_prop['sslCertificates'] = [url]
set_optional_property(resource_prop, ssl, 'sslPolicy')
ssl_resources = []
ssl_outputs = []
if 'sslCertificates' not in resource_prop:
ssl = properties['ssl']
url, ssl_resources, ssl_outputs = get_certificate(ssl['certificate'], project_id, res_name)
resource_prop['sslCertificates'] = [url]
set_optional_property(resource_prop, ssl, 'sslPolicy')

return resources + ssl_resources, outputs + ssl_outputs


def get_http_proxy(properties, name):
def get_http_proxy(properties, res_name, project_id):
""" Creates the HTTP Proxy resource. """

return get_insecure_proxy(HTTP_BASE, name, properties, ['description'])
return get_insecure_proxy(HTTP_BASE, res_name, project_id, properties, ['description'])


def get_tcp_proxy(properties, name):
def get_tcp_proxy(properties, res_name, project_id):
""" Creates the TCP Proxy resource. """

optional_properties = ['description', 'proxyHeader']
return get_insecure_proxy(TCP_BASE, name, properties, optional_properties)
return get_insecure_proxy(TCP_BASE, res_name, project_id, properties, optional_properties)


def get_https_proxy(properties, name):
def get_https_proxy(properties, res_name, project_id):
""" Creates the HTTPS Proxy resource. """

return get_secure_proxy(HTTP_BASE, name, properties, ['quicOverride'])
return get_secure_proxy(HTTP_BASE, res_name, project_id, properties, ['quicOverride'])


def get_ssl_proxy(properties, name):
def get_ssl_proxy(properties, res_name, project_id):
""" Creates the SSL Proxy resource. """

return get_secure_proxy(TCP_BASE, name, properties, [])
return get_secure_proxy(TCP_BASE, res_name, project_id, properties, [])


def generate_config(context):
""" Entry point for the deployment resources. """

properties = context.properties
name = properties.get('name', context.env['name'])
project_id = properties.get('project', context.env['project'])
protocol = properties['protocol']

if protocol == 'SSL':
resources, outputs = get_ssl_proxy(properties, name)
resources, outputs = get_ssl_proxy(properties, context.env['name'], project_id)
elif protocol == 'TCP':
resources, outputs = get_tcp_proxy(properties, name)
resources, outputs = get_tcp_proxy(properties, context.env['name'], project_id)
elif protocol == 'HTTPS':
resources, outputs = get_https_proxy(properties, name)
resources, outputs = get_https_proxy(properties, context.env['name'], project_id)
else:
resources, outputs = get_http_proxy(properties, name)
resources, outputs = get_http_proxy(properties, context.env['name'], project_id)

return {
'resources':
Expand All @@ -158,11 +171,11 @@ def generate_config(context):
},
{
'name': 'selfLink',
'value': '$(ref.{}.selfLink)'.format(name)
'value': '$(ref.{}.selfLink)'.format(context.env['name'])
},
{
'name': 'kind',
'value': '$(ref.{}.kind)'.format(name)
'value': '$(ref.{}.kind)'.format(context.env['name'])
},
]
}
47 changes: 44 additions & 3 deletions dm/templates/target_proxy/target_proxy.py.schema
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
info:
title: Target Proxy
author: Sourced Group Inc.
version: 1.0.0
description: |
Depending on the configuration, supports creation of one of these proxy
resources:
Expand All @@ -23,6 +24,19 @@ info:
- targetTcpPProxy
- targetSslProxy

For more information on this resource:
https://cloud.google.com/load-balancing/docs/target-proxies

APIs endpoints used by this template:
- gcp-types/compute-v1:targetSslProxies =>
https://cloud.google.com/compute/docs/reference/rest/v1/targetSslProxies
- gcp-types/compute-v1:targetHttpProxies =>
https://cloud.google.com/compute/docs/reference/rest/v1/targetHttpProxies
- gcp-types/compute-v1:targetHttpsProxies =>
https://cloud.google.com/compute/docs/reference/rest/v1/targetHttpsProxies
- gcp-types/compute-v1:targetTcpProxies =>
https://cloud.google.com/compute/docs/reference/rest/v1/targetTcpProxies

imports:
- path: ../ssl_certificate/ssl_certificate.py
name: ssl_certificate.py
Expand All @@ -36,7 +50,17 @@ required:
properties:
name:
type: string
description: The resource name.
description: |
Must comply with RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter,
and all following characters must be a dash, lowercase letter, or digit, except the last character,
which cannot be a dash.
Resource name would be used if omitted.
project:
type: string
description: |
The project ID of the project containing resources. The
Google apps domain is prefixed if applicable.
description:
type: string
description: The resource description (optional).
Expand All @@ -59,9 +83,26 @@ properties:
description: |
Encryption settings for connections processed by the resource. Used for
HTTPS and SSL proxies only.
required:
- certificate
oneOf:
- required:
- sslCertificates
- required:
- certificate
properties:
sslCertificates:
type: array
uniqItems: true
description: |
URLs to SslCertificate resources that are used to authenticate connections to Backends.
At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates.

Authorization requires the following Google IAM permission on the specified resource sslCertificates:

compute.sslCertificates.get
minItems: 0
maxItems: 15
items:
type: string
certificate:
type: object
description: SSL certificate settings.
Expand Down
3 changes: 2 additions & 1 deletion dm/templates/target_proxy/tests/integration/target_proxy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,10 @@ imports:
name: target_proxy.py

resources:
- name: ${HTTPS_RES_NAME}
- name: test-proxy
type: target_proxy.py
properties:
name: ${HTTPS_RES_NAME}
protocol: HTTPS
target: $(ref.${URL_MAP_RES_NAME}.selfLink)
quicOverride: ${HTTPS_QUIC_OVERRIDE}
Expand Down

0 comments on commit e412a8b

Please sign in to comment.