cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Bug fixes for GCP modules (#63882)

Browse source
This commit is contained in:
The Magician 2019-10-24 14:16:32 -07:00 committed by ansibot
parent 9fe524248c
commit ffce2d3d2a
2 changed files with 113 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

91
lib/ansible/modules/cloud/google/gcp_pubsub_subscription.py
View file

@ -78,6 +78,32 @@ options:
required: false
type: dict
suboptions:
oidc_token:
description:
- If specified, Pub/Sub will generate and attach an OIDC JWT token as an Authorization
header in the HTTP request for every pushed message.
required: false
type: dict
version_added: '2.10'
suboptions:
service_account_email:
description:
- Service account email to be used for generating the OIDC token.
- The caller (for subscriptions.create, subscriptions.patch, and subscriptions.modifyPushConfig
RPCs) must have the iam.serviceAccounts.actAs permission for the service
account.
required: true
type: str
audience:
description:
- 'Audience to be used when generating OIDC token. The audience claim
identifies the recipients that the JWT is intended for. The audience
value is a single case-sensitive string. Having multiple values (array)
for the audience field is not supported. More info about the OIDC JWT
token audience here: U(https://tools.ietf.org/html/rfc7519#section-4.1.3)
Note: if not specified, the Push endpoint URL will be used.'
required: false
type: str
push_endpoint:
description:
- A URL locating the endpoint to which messages should be pushed.
@ -262,6 +288,31 @@ pushConfig:
returned: success
type: complex
contains:
oidcToken:
description:
- If specified, Pub/Sub will generate and attach an OIDC JWT token as an Authorization
header in the HTTP request for every pushed message.
returned: success
type: complex
contains:
serviceAccountEmail:
description:
- Service account email to be used for generating the OIDC token.
- The caller (for subscriptions.create, subscriptions.patch, and subscriptions.modifyPushConfig
RPCs) must have the iam.serviceAccounts.actAs permission for the service
account.
returned: success
type: str
audience:
description:
- 'Audience to be used when generating OIDC token. The audience claim identifies
the recipients that the JWT is intended for. The audience value is a single
case-sensitive string. Having multiple values (array) for the audience
field is not supported. More info about the OIDC JWT token audience here:
U(https://tools.ietf.org/html/rfc7519#section-4.1.3) Note: if not specified,
the Push endpoint URL will be used.'
returned: success
type: str
pushEndpoint:
description:
- A URL locating the endpoint to which messages should be pushed.
@ -368,7 +419,14 @@ def main():
name=dict(required=True, type='str'),
topic=dict(required=True, type='dict'),
labels=dict(type='dict'),
push_config=dict(type='dict', options=dict(push_endpoint=dict(required=True, type='str'), attributes=dict(type='dict'))),
push_config=dict(
type='dict',
options=dict(
oidc_token=dict(type='dict', options=dict(service_account_email=dict(required=True, type='str'), audience=dict(type='str'))),
push_endpoint=dict(required=True, type='str'),
attributes=dict(type='dict'),
),
),
ack_deadline_seconds=dict(type='int'),
message_retention_duration=dict(default='604800s', type='str'),
retain_acked_messages=dict(type='bool'),
@ -561,10 +619,37 @@ class SubscriptionPushconfig(object):
self.request = {}
def to_request(self):
return remove_nones_from_dict({u'pushEndpoint': self.request.get('push_endpoint'), u'attributes': self.request.get('attributes')})
return remove_nones_from_dict(
{
u'oidcToken': SubscriptionOidctoken(self.request.get('oidc_token', {}), self.module).to_request(),
u'pushEndpoint': self.request.get('push_endpoint'),
u'attributes': self.request.get('attributes'),
}
)
def from_response(self):
return remove_nones_from_dict({u'pushEndpoint': self.request.get(u'pushEndpoint'), u'attributes': self.request.get(u'attributes')})
return remove_nones_from_dict(
{
u'oidcToken': SubscriptionOidctoken(self.request.get(u'oidcToken', {}), self.module).from_response(),
u'pushEndpoint': self.request.get(u'pushEndpoint'),
u'attributes': self.request.get(u'attributes'),
}
)
class SubscriptionOidctoken(object):
def __init__(self, request, module):
self.module = module
if request:
self.request = request
else:
self.request = {}
def to_request(self):
return remove_nones_from_dict({u'serviceAccountEmail': self.request.get('service_account_email'), u'audience': self.request.get('audience')})
def from_response(self):
return remove_nones_from_dict({u'serviceAccountEmail': self.request.get(u'serviceAccountEmail'), u'audience': self.request.get(u'audience')})
class SubscriptionExpirationpolicy(object):

25
lib/ansible/modules/cloud/google/gcp_pubsub_subscription_info.py
View file

@ -127,6 +127,31 @@ resources:
returned: success
type: complex
contains:
oidcToken:
description:
- If specified, Pub/Sub will generate and attach an OIDC JWT token as an
Authorization header in the HTTP request for every pushed message.
returned: success
type: complex
contains:
serviceAccountEmail:
description:
- Service account email to be used for generating the OIDC token.
- The caller (for subscriptions.create, subscriptions.patch, and subscriptions.modifyPushConfig
RPCs) must have the iam.serviceAccounts.actAs permission for the service
account.
returned: success
type: str
audience:
description:
- 'Audience to be used when generating OIDC token. The audience claim
identifies the recipients that the JWT is intended for. The audience
value is a single case-sensitive string. Having multiple values (array)
for the audience field is not supported. More info about the OIDC
JWT token audience here: U(https://tools.ietf.org/html/rfc7519#section-4.1.3)
Note: if not specified, the Push endpoint URL will be used.'
returned: success
type: str
pushEndpoint:
description:
- A URL locating the endpoint to which messages should be pushed.