From c8418a709b3603f82b9c4d53bb9c8f9ddd6b828b Mon Sep 17 00:00:00 2001 From: Alex Stephen Date: Mon, 13 Aug 2018 09:04:57 -0700 Subject: [PATCH] Bug fixes for gcp_compute_disk (#42806) --- .../modules/cloud/google/gcp_compute_disk.py | 225 ++++++++++-------- .../targets/gcp_compute_disk/tasks/main.yml | 58 ++--- 2 files changed, 158 insertions(+), 125 deletions(-) diff --git a/lib/ansible/modules/cloud/google/gcp_compute_disk.py b/lib/ansible/modules/cloud/google/gcp_compute_disk.py index 779e46e799..8dfc0d1ed1 100644 --- a/lib/ansible/modules/cloud/google/gcp_compute_disk.py +++ b/lib/ansible/modules/cloud/google/gcp_compute_disk.py @@ -61,6 +61,11 @@ options: - An optional description of this resource. Provide this property when you create the resource. required: false + labels: + description: + - Labels to apply to this disk. A list of key->value pairs. + required: false + version_added: 2.7 licenses: description: - Any applicable publicly visible licenses. @@ -73,7 +78,7 @@ options: which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - required: false + required: true size_gb: description: - Size of the persistent disk, specified in GB. You can specify this field when creating @@ -82,6 +87,12 @@ options: - If you specify this field along with sourceImage or sourceSnapshot, the value of sizeGb must not be less than the size of the sourceImage or the size of the snapshot. required: false + type: + description: + - URL of the disk type resource describing which disk type to use to create the disk. + Provide this when creating the disk. + required: false + version_added: 2.7 source_image: description: - The source image used to create this disk. If the source image is deleted, this @@ -98,8 +109,24 @@ options: required: false zone: description: - - A reference to Zone resource. + - A reference to the zone where the disk resides. required: true + source_image_encryption_key: + description: + - The customer-supplied encryption key of the source image. Required if the source + image is protected by a customer-supplied encryption key. + required: false + suboptions: + raw_key: + description: + - Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 + to either encrypt or decrypt this resource. + required: false + sha256: + description: + - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key + that protects this resource. + required: false disk_encryption_key: description: - Encrypts the disk using a customer-supplied encryption key. @@ -122,30 +149,12 @@ options: - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource. required: false - source_image_encryption_key: - description: - - The customer-supplied encryption key of the source image. Required if the source - image is protected by a customer-supplied encryption key. - required: false - suboptions: - raw_key: - description: - - Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 - to either encrypt or decrypt this resource. - required: false - sha256: - description: - - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key - that protects this resource. - required: false source_snapshot: description: - - 'The source snapshot used to create this disk. You can provide - this as a partial or full URL to the resource. For example, the - following are valid values: * - U(https://www.googleapis.com/compute/v1/projects/project/global/) - snapshots/snapshot * projects/project/global/snapshots/snapshot * - global/snapshots/snapshot .' + - 'The source snapshot used to create this disk. You can provide this as a partial or + full URL to the resource. For example, the following are valid values: * + `U(https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot`) + * `projects/project/global/snapshots/snapshot` * `global/snapshots/snapshot` .' required: false source_snapshot_encryption_key: description: @@ -164,21 +173,22 @@ options: that protects this resource. required: false extends_documentation_fragment: gcp +notes: + - "API Reference: U(https://cloud.google.com/compute/docs/reference/latest/disks)" + - "Adding a persistent disk: U(https://cloud.google.com/compute/docs/disks/add-persistent-disk)" ''' EXAMPLES = ''' - name: create a disk gcp_compute_disk: - name: testObject + name: "test_object" size_gb: 50 disk_encryption_key: - raw_key: 'SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=' - zone: 'us-central1-a' - project: testProject - auth_kind: service_account - service_account_file: /tmp/auth.pem - scopes: - - https://www.googleapis.com/auth/compute + raw_key: SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0= + zone: us-central1-a + project: "test_project" + auth_kind: "service_account" + service_account_file: "/tmp/auth.pem" state: present ''' @@ -209,6 +219,11 @@ RETURN = ''' - Last dettach timestamp in RFC3339 text format. returned: success type: str + labels: + description: + - Labels to apply to this disk. A list of key->value pairs. + returned: success + type: dict licenses: description: - Any applicable publicly visible licenses. @@ -233,6 +248,18 @@ RETURN = ''' sizeGb must not be less than the size of the sourceImage or the size of the snapshot. returned: success type: int + type: + description: + - URL of the disk type resource describing which disk type to use to create the disk. + Provide this when creating the disk. + returned: success + type: str + users: + description: + - 'Links to the users of the disk (attached instances) in form: project/zones/zone/instances/instance + .' + returned: success + type: list source_image: description: - The source image used to create this disk. If the source image is deleted, this @@ -248,48 +275,11 @@ RETURN = ''' .' returned: success type: str - type: - description: - - URL of the disk type resource describing which disk type to use to create the disk. - Provide this when creating the disk. - returned: success - type: str - users: - description: - - 'Links to the users of the disk (attached instances) in form: project/zones/zone/instances/instance - .' - returned: success - type: list zone: description: - - A reference to Zone resource. + - A reference to the zone where the disk resides. returned: success type: str - disk_encryption_key: - description: - - Encrypts the disk using a customer-supplied encryption key. - - After you encrypt a disk with a customer-supplied key, you must provide the same - key if you use the disk later (e.g. to create a disk snapshot or an image, or to - attach the disk to a virtual machine). - - Customer-supplied encryption keys do not protect access to metadata of the disk. - - If you do not provide an encryption key when creating the disk, then the disk will - be encrypted using an automatically generated key and you do not need to provide - a key to use the disk later. - returned: success - type: complex - contains: - raw_key: - description: - - Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 - to either encrypt or decrypt this resource. - returned: success - type: str - sha256: - description: - - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key - that protects this resource. - returned: success - type: str source_image_encryption_key: description: - The customer-supplied encryption key of the source image. Required if the source @@ -318,16 +308,39 @@ RETURN = ''' was used. returned: success type: str + disk_encryption_key: + description: + - Encrypts the disk using a customer-supplied encryption key. + - After you encrypt a disk with a customer-supplied key, you must provide the same + key if you use the disk later (e.g. to create a disk snapshot or an image, or to + attach the disk to a virtual machine). + - Customer-supplied encryption keys do not protect access to metadata of the disk. + - If you do not provide an encryption key when creating the disk, then the disk will + be encrypted using an automatically generated key and you do not need to provide + a key to use the disk later. + returned: success + type: complex + contains: + raw_key: + description: + - Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 + to either encrypt or decrypt this resource. + returned: success + type: str + sha256: + description: + - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key + that protects this resource. + returned: success + type: str source_snapshot: description: - - 'The source snapshot used to create this disk. You can provide - this as a partial or full URL to the resource. For example, the - following are valid values: * - U(https://www.googleapis.com/compute/v1/projects/project/global/) - snapshots/snapshot * projects/project/global/snapshots/snapshot * - global/snapshots/snapshot .' + - 'The source snapshot used to create this disk. You can provide this as a partial or + full URL to the resource. For example, the following are valid values: * + `U(https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot`) + * `projects/project/global/snapshots/snapshot` * `global/snapshots/snapshot` .' returned: success - type: str + type: dict source_snapshot_encryption_key: description: - The customer-supplied encryption key of the source snapshot. Required if the source @@ -364,6 +377,7 @@ RETURN = ''' from ansible.module_utils.gcp_utils import navigate_hash, GcpSession, GcpModule, GcpRequest, remove_nones_from_dict, replace_resource_dict import json +import re import time ################################################################################ @@ -378,20 +392,22 @@ def main(): argument_spec=dict( state=dict(default='present', choices=['present', 'absent'], type='str'), description=dict(type='str'), + labels=dict(type='dict'), licenses=dict(type='list', elements='str'), - name=dict(type='str'), + name=dict(required=True, type='str'), size_gb=dict(type='int'), + type=dict(type='str'), source_image=dict(type='str'), zone=dict(required=True, type='str'), - disk_encryption_key=dict(type='dict', options=dict( - raw_key=dict(type='str'), - sha256=dict(type='str') - )), source_image_encryption_key=dict(type='dict', options=dict( raw_key=dict(type='str'), sha256=dict(type='str') )), - source_snapshot=dict(type='str'), + disk_encryption_key=dict(type='dict', options=dict( + raw_key=dict(type='str'), + sha256=dict(type='str') + )), + source_snapshot=dict(type='dict'), source_snapshot_encryption_key=dict(type='dict', options=dict( raw_key=dict(type='str'), sha256=dict(type='str') @@ -399,6 +415,9 @@ def main(): ) ) + if not module.params['scopes']: + module.params['scopes'] = ['https://www.googleapis.com/auth/compute'] + state = module.params['state'] kind = 'compute#disk' @@ -408,10 +427,10 @@ def main(): if fetch: if state == 'present': if is_different(module, fetch): - fetch = update(module, self_link(module), kind, fetch) + fetch = update(module, self_link(module), kind) changed = True else: - delete(module, self_link(module), kind, fetch) + delete(module, self_link(module), kind) fetch = {} changed = True else: @@ -431,11 +450,11 @@ def create(module, link, kind): return wait_for_operation(module, auth.post(link, resource_to_request(module))) -def update(module, link, kind, fetch): +def update(module, link, kind): module.fail_json(msg="Disk cannot be edited") -def delete(module, link, kind, fetch): +def delete(module, link, kind): auth = GcpSession(module, 'compute') return wait_for_operation(module, auth.delete(link)) @@ -443,13 +462,15 @@ def delete(module, link, kind, fetch): def resource_to_request(module): request = { u'kind': 'compute#disk', - u'diskEncryptionKey': DiskDiskEncryKey(module.params.get('disk_encryption_key', {}), module).to_request(), - u'sourceImageEncryptionKey': DiskSourImagEncrKey(module.params.get('source_image_encryption_key', {}), module).to_request(), - u'sourceSnapshotEncryptionKey': DiskSourSnapEncrKey(module.params.get('source_snapshot_encryption_key', {}), module).to_request(), + u'sourceImageEncryptionKey': DiskSourceImageEncryptionKey(module.params.get('source_image_encryption_key', {}), module).to_request(), + u'diskEncryptionKey': DiskDiskEncryptionKey(module.params.get('disk_encryption_key', {}), module).to_request(), + u'sourceSnapshotEncryptionKey': DiskSourceSnapshotEncryptionKey(module.params.get('source_snapshot_encryption_key', {}), module).to_request(), u'description': module.params.get('description'), + u'labels': module.params.get('labels'), u'licenses': module.params.get('licenses'), u'name': module.params.get('name'), u'sizeGb': module.params.get('size_gb'), + u'type': disk_type_selflink(module.params.get('type'), module.params), u'sourceImage': module.params.get('source_image') } return_vals = {} @@ -523,15 +544,25 @@ def response_to_hash(module, response): u'id': response.get(u'id'), u'lastAttachTimestamp': response.get(u'lastAttachTimestamp'), u'lastDetachTimestamp': response.get(u'lastDetachTimestamp'), + u'labels': response.get(u'labels'), u'licenses': response.get(u'licenses'), - u'name': response.get(u'name'), + u'name': module.params.get('name'), u'sizeGb': response.get(u'sizeGb'), - u'sourceImage': module.params.get('source_image'), u'type': response.get(u'type'), - u'users': response.get(u'users') + u'users': response.get(u'users'), + u'sourceImage': module.params.get('source_image') } +def disk_type_selflink(name, params): + if name is None: + return + url = r"https://www.googleapis.com/compute/v1/projects/.*/zones/{zone}/diskTypes/[a-z1-9\-]*" + if not re.match(url, name): + name = "https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/diskTypes/%s".format(**params) % name + return name + + def async_op_url(module, extra_data=None): if extra_data is None: extra_data = {} @@ -544,7 +575,7 @@ def async_op_url(module, extra_data=None): def wait_for_operation(module, response): op_result = return_if_object(module, response, 'compute#operation') if op_result is None: - return None + return {} status = navigate_hash(op_result, ['status']) wait_done = wait_for_completion(status, op_result, module) return fetch_resource(module, navigate_hash(wait_done, ['targetLink']), 'compute#disk') @@ -569,7 +600,7 @@ def raise_if_errors(response, err_path, module): module.fail_json(msg=errors) -class DiskDiskEncryKey(object): +class DiskSourceImageEncryptionKey(object): def __init__(self, request, module): self.module = module if request: @@ -590,7 +621,7 @@ class DiskDiskEncryKey(object): }) -class DiskSourImagEncrKey(object): +class DiskDiskEncryptionKey(object): def __init__(self, request, module): self.module = module if request: @@ -611,7 +642,7 @@ class DiskSourImagEncrKey(object): }) -class DiskSourSnapEncrKey(object): +class DiskSourceSnapshotEncryptionKey(object): def __init__(self, request, module): self.module = module if request: diff --git a/test/integration/targets/gcp_compute_disk/tasks/main.yml b/test/integration/targets/gcp_compute_disk/tasks/main.yml index 720e04386e..572d567372 100644 --- a/test/integration/targets/gcp_compute_disk/tasks/main.yml +++ b/test/integration/targets/gcp_compute_disk/tasks/main.yml @@ -18,13 +18,11 @@ name: "{{ resource_name }}" size_gb: 50 disk_encryption_key: - raw_key: 'SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=' - zone: 'us-central1-a' + raw_key: SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0= + zone: us-central1-a project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: absent #---------------------------------------------------------- - name: create a disk @@ -32,13 +30,11 @@ name: "{{ resource_name }}" size_gb: 50 disk_encryption_key: - raw_key: 'SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=' - zone: 'us-central1-a' + raw_key: SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0= + zone: us-central1-a project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: present register: result - name: assert changed is true @@ -47,26 +43,31 @@ - result.changed == true - "result.kind == 'compute#disk'" - name: verify that disk was created - shell: | - gcloud compute disks describe --project="{{ gcp_project}}" --zone="us-central1-a" "{{ resource_name }}" + gcp_compute_disk_facts: + filters: + - name = {{ resource_name }} + zone: us-central1-a + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + scopes: + - https://www.googleapis.com/auth/compute register: results - name: verify that command succeeded assert: that: - - results.rc == 0 + - results['items'] | length == 1 # ---------------------------------------------------------------------------- - name: create a disk that already exists gcp_compute_disk: name: "{{ resource_name }}" size_gb: 50 disk_encryption_key: - raw_key: 'SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=' - zone: 'us-central1-a' + raw_key: SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0= + zone: us-central1-a project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: present register: result - name: assert changed is false @@ -80,13 +81,11 @@ name: "{{ resource_name }}" size_gb: 50 disk_encryption_key: - raw_key: 'SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=' - zone: 'us-central1-a' + raw_key: SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0= + zone: us-central1-a project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: absent register: result - name: assert changed is true @@ -95,28 +94,31 @@ - result.changed == true - result.has_key('kind') == False - name: verify that disk was deleted - shell: | - gcloud compute disks describe --project="{{ gcp_project}}" --zone="us-central1-a" "{{ resource_name }}" + gcp_compute_disk_facts: + filters: + - name = {{ resource_name }} + zone: us-central1-a + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + scopes: + - https://www.googleapis.com/auth/compute register: results - failed_when: results.rc == 0 - name: verify that command succeeded assert: that: - - results.rc == 1 - - "\"'projects/{{ gcp_project }}/zones/us-central1-a/disks/{{ resource_name }}' was not found\" in results.stderr" + - results['items'] | length == 0 # ---------------------------------------------------------------------------- - name: delete a disk that does not exist gcp_compute_disk: name: "{{ resource_name }}" size_gb: 50 disk_encryption_key: - raw_key: 'SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=' - zone: 'us-central1-a' + raw_key: SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0= + zone: us-central1-a project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/compute state: absent register: result - name: assert changed is false