Bug fixes for GCP modules (#65309)

2020-01-03 12:36:21 -08:00 · 2020-01-03 12:36:21 -08:00 · aa53eb0e71
commit aa53eb0e71
parent d37f00df9b
3 changed files with 60 additions and 0 deletions
--- a/lib/ansible/modules/cloud/google/gcp_compute_disk_info.py
+++ b/lib/ansible/modules/cloud/google/gcp_compute_disk_info.py
@ -284,6 +284,8 @@ resources:
        kmsKeyName:
          description:
          - The name of the encryption key that is stored in Google Cloud KMS.
+          - Your project's Compute Engine System service account (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`)
+            must have `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature.
          returned: success
          type: str
    sourceSnapshot:
--- a/lib/ansible/modules/cloud/google/gcp_compute_firewall.py
+++ b/lib/ansible/modules/cloud/google/gcp_compute_firewall.py
@ -136,6 +136,20 @@ options:
    required: false
    type: bool
    version_added: '2.8'
+  log_config:
+    description:
+    - This field denotes whether to enable logging for a particular firewall rule.
+      If logging is enabled, logs will be exported to Stackdriver.
+    required: false
+    type: dict
+    version_added: '2.10'
+    suboptions:
+      enable_logging:
+        description:
+        - This field denotes whether to enable logging for a particular firewall rule.
+          If logging is enabled, logs will be exported to Stackdriver.
+        required: false
+        type: bool
  name:
    description:
    - Name of the resource. Provided by the client when the resource is created. The
@ -380,6 +394,19 @@ disabled:
    rule will be enabled.
  returned: success
  type: bool
+logConfig:
+  description:
+  - This field denotes whether to enable logging for a particular firewall rule. If
+    logging is enabled, logs will be exported to Stackdriver.
+  returned: success
+  type: complex
+  contains:
+    enableLogging:
+      description:
+      - This field denotes whether to enable logging for a particular firewall rule.
+        If logging is enabled, logs will be exported to Stackdriver.
+      returned: success
+      type: bool
 id:
  description:
  - The unique identifier for the resource.
@ -495,6 +522,7 @@ def main():
            destination_ranges=dict(type='list', elements='str'),
            direction=dict(type='str'),
            disabled=dict(type='bool'),
+            log_config=dict(type='dict', options=dict(enable_logging=dict(type='bool'))),
            name=dict(required=True, type='str'),
            network=dict(default=dict(selfLink='global/networks/default'), type='dict'),
            priority=dict(default=1000, type='int'),
@ -569,6 +597,7 @@ def resource_to_request(module):
        u'destinationRanges': module.params.get('destination_ranges'),
        u'direction': module.params.get('direction'),
        u'disabled': module.params.get('disabled'),
+        u'logConfig': FirewallLogconfig(module.params.get('log_config', {}), module).to_request(),
        u'name': module.params.get('name'),
        u'network': replace_resource_dict(module.params.get(u'network', {}), 'selfLink'),
        u'priority': module.params.get('priority'),
@ -650,6 +679,7 @@ def response_to_hash(module, response):
        u'destinationRanges': response.get(u'destinationRanges'),
        u'direction': response.get(u'direction'),
        u'disabled': response.get(u'disabled'),
+        u'logConfig': FirewallLogconfig(response.get(u'logConfig', {}), module).from_response(),
        u'id': response.get(u'id'),
        u'name': module.params.get('name'),
        u'network': response.get(u'network'),
@ -761,5 +791,20 @@ class FirewallDeniedArray(object):
        return remove_nones_from_dict({u'IPProtocol': item.get(u'IPProtocol'), u'ports': item.get(u'ports')})


+class FirewallLogconfig(object):
+    def __init__(self, request, module):
+        self.module = module
+        if request:
+            self.request = request
+        else:
+            self.request = {}
+
+    def to_request(self):
+        return remove_nones_from_dict({u'enableLogging': self.request.get('enable_logging')})
+
+    def from_response(self):
+        return remove_nones_from_dict({u'enableLogging': self.request.get(u'enableLogging')})
+
+
 if __name__ == '__main__':
    main()
--- a/lib/ansible/modules/cloud/google/gcp_compute_firewall_info.py
+++ b/lib/ansible/modules/cloud/google/gcp_compute_firewall_info.py
@ -193,6 +193,19 @@ resources:
        firewall rule will be enabled.
      returned: success
      type: bool
+    logConfig:
+      description:
+      - This field denotes whether to enable logging for a particular firewall rule.
+        If logging is enabled, logs will be exported to Stackdriver.
+      returned: success
+      type: complex
+      contains:
+        enableLogging:
+          description:
+          - This field denotes whether to enable logging for a particular firewall
+            rule. If logging is enabled, logs will be exported to Stackdriver.
+          returned: success
+          type: bool
    id:
      description:
      - The unique identifier for the resource.