From aa53eb0e7196c6c920e6326f5d11accfd077d151 Mon Sep 17 00:00:00 2001 From: The Magician Date: Fri, 3 Jan 2020 12:36:21 -0800 Subject: [PATCH] Bug fixes for GCP modules (#65309) --- .../cloud/google/gcp_compute_disk_info.py | 2 + .../cloud/google/gcp_compute_firewall.py | 45 +++++++++++++++++++ .../cloud/google/gcp_compute_firewall_info.py | 13 ++++++ 3 files changed, 60 insertions(+) diff --git a/lib/ansible/modules/cloud/google/gcp_compute_disk_info.py b/lib/ansible/modules/cloud/google/gcp_compute_disk_info.py index 72b354ab9a9..07add3b2c81 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_disk_info.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_disk_info.py @@ -284,6 +284,8 @@ resources: kmsKeyName: description: - The name of the encryption key that is stored in Google Cloud KMS. + - Your project's Compute Engine System service account (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) + must have `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. returned: success type: str sourceSnapshot: diff --git a/lib/ansible/modules/cloud/google/gcp_compute_firewall.py b/lib/ansible/modules/cloud/google/gcp_compute_firewall.py index 7f41c8722db..bbd6cdd156b 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_firewall.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_firewall.py @@ -136,6 +136,20 @@ options: required: false type: bool version_added: '2.8' + log_config: + description: + - This field denotes whether to enable logging for a particular firewall rule. + If logging is enabled, logs will be exported to Stackdriver. + required: false + type: dict + version_added: '2.10' + suboptions: + enable_logging: + description: + - This field denotes whether to enable logging for a particular firewall rule. + If logging is enabled, logs will be exported to Stackdriver. + required: false + type: bool name: description: - Name of the resource. Provided by the client when the resource is created. The @@ -380,6 +394,19 @@ disabled: rule will be enabled. returned: success type: bool +logConfig: + description: + - This field denotes whether to enable logging for a particular firewall rule. If + logging is enabled, logs will be exported to Stackdriver. + returned: success + type: complex + contains: + enableLogging: + description: + - This field denotes whether to enable logging for a particular firewall rule. + If logging is enabled, logs will be exported to Stackdriver. + returned: success + type: bool id: description: - The unique identifier for the resource. @@ -495,6 +522,7 @@ def main(): destination_ranges=dict(type='list', elements='str'), direction=dict(type='str'), disabled=dict(type='bool'), + log_config=dict(type='dict', options=dict(enable_logging=dict(type='bool'))), name=dict(required=True, type='str'), network=dict(default=dict(selfLink='global/networks/default'), type='dict'), priority=dict(default=1000, type='int'), @@ -569,6 +597,7 @@ def resource_to_request(module): u'destinationRanges': module.params.get('destination_ranges'), u'direction': module.params.get('direction'), u'disabled': module.params.get('disabled'), + u'logConfig': FirewallLogconfig(module.params.get('log_config', {}), module).to_request(), u'name': module.params.get('name'), u'network': replace_resource_dict(module.params.get(u'network', {}), 'selfLink'), u'priority': module.params.get('priority'), @@ -650,6 +679,7 @@ def response_to_hash(module, response): u'destinationRanges': response.get(u'destinationRanges'), u'direction': response.get(u'direction'), u'disabled': response.get(u'disabled'), + u'logConfig': FirewallLogconfig(response.get(u'logConfig', {}), module).from_response(), u'id': response.get(u'id'), u'name': module.params.get('name'), u'network': response.get(u'network'), @@ -761,5 +791,20 @@ class FirewallDeniedArray(object): return remove_nones_from_dict({u'IPProtocol': item.get(u'IPProtocol'), u'ports': item.get(u'ports')}) +class FirewallLogconfig(object): + def __init__(self, request, module): + self.module = module + if request: + self.request = request + else: + self.request = {} + + def to_request(self): + return remove_nones_from_dict({u'enableLogging': self.request.get('enable_logging')}) + + def from_response(self): + return remove_nones_from_dict({u'enableLogging': self.request.get(u'enableLogging')}) + + if __name__ == '__main__': main() diff --git a/lib/ansible/modules/cloud/google/gcp_compute_firewall_info.py b/lib/ansible/modules/cloud/google/gcp_compute_firewall_info.py index 0f4a88c2301..cdd088f7441 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_firewall_info.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_firewall_info.py @@ -193,6 +193,19 @@ resources: firewall rule will be enabled. returned: success type: bool + logConfig: + description: + - This field denotes whether to enable logging for a particular firewall rule. + If logging is enabled, logs will be exported to Stackdriver. + returned: success + type: complex + contains: + enableLogging: + description: + - This field denotes whether to enable logging for a particular firewall + rule. If logging is enabled, logs will be exported to Stackdriver. + returned: success + type: bool id: description: - The unique identifier for the resource.