From 7f80bc2eab2b7a6145c8ea6f966c4ba594c4a1eb Mon Sep 17 00:00:00 2001 From: Modular Magician Date: Thu, 3 Jun 2021 00:03:44 +0000 Subject: [PATCH] IPsec-encrypted Interconnect GA (#4813) * Move ipsec interconnect to ga * Remove beta only docs note Signed-off-by: Modular Magician --- plugins/modules/gcp_compute_address.py | 45 +++++++++++-- plugins/modules/gcp_compute_address_info.py | 17 ++++- .../gcp_compute_interconnect_attachment.py | 67 +++++++++++++++++++ ...cp_compute_interconnect_attachment_info.py | 29 ++++++++ 4 files changed, 149 insertions(+), 9 deletions(-) diff --git a/plugins/modules/gcp_compute_address.py b/plugins/modules/gcp_compute_address.py index 1fbee3858..f8257380a 100644 --- a/plugins/modules/gcp_compute_address.py +++ b/plugins/modules/gcp_compute_address.py @@ -92,9 +92,9 @@ - "* SHARED_LOADBALANCER_VIP for an address that can be used by multiple internal load balancers." - "* VPC_PEERING for addresses that are reserved for VPC peer networks." - - "* IPSEC_INTERCONNECT (Beta only) for addresses created from a private IP range - that are reserved for a VLAN attachment in an IPsec-encrypted Cloud Interconnect - configuration. These addresses are regional resources." + - "* IPSEC_INTERCONNECT for addresses created from a private IP range that are + reserved for a VLAN attachment in an IPsec-encrypted Cloud Interconnect configuration. + These addresses are regional resources." - This should only be set when using an Internal address. required: false type: str @@ -118,6 +118,22 @@ }}"' required: false type: dict + network: + description: + - The URL of the network in which to reserve the address. This field can only + be used with INTERNAL type with the VPC_PEERING and IPSEC_INTERCONNECT purposes. + - 'This field represents a link to a Network resource in GCP. It can be specified + in two ways. First, you can place a dictionary with key ''selfLink'' and value + of your resource''s selfLink Alternatively, you can add `register: name-of-resource` + to a gcp_compute_network task and then set this network field to "{{ name-of-resource + }}"' + required: false + type: dict + prefix_length: + description: + - The prefix length if the resource represents an IP range. + required: false + type: int region: description: - URL of the region where the regional address resides. @@ -234,9 +250,9 @@ - "* SHARED_LOADBALANCER_VIP for an address that can be used by multiple internal load balancers." - "* VPC_PEERING for addresses that are reserved for VPC peer networks." - - "* IPSEC_INTERCONNECT (Beta only) for addresses created from a private IP range - that are reserved for a VLAN attachment in an IPsec-encrypted Cloud Interconnect - configuration. These addresses are regional resources." + - "* IPSEC_INTERCONNECT for addresses created from a private IP range that are reserved + for a VLAN attachment in an IPsec-encrypted Cloud Interconnect configuration. + These addresses are regional resources." - This should only be set when using an Internal address. returned: success type: str @@ -267,6 +283,17 @@ is currently being used by another resource and is not available. returned: success type: str +network: + description: + - The URL of the network in which to reserve the address. This field can only be + used with INTERNAL type with the VPC_PEERING and IPSEC_INTERCONNECT purposes. + returned: success + type: dict +prefixLength: + description: + - The prefix length if the resource represents an IP range. + returned: success + type: int region: description: - URL of the region where the regional address resides. @@ -301,6 +328,8 @@ def main(): purpose=dict(type='str'), network_tier=dict(type='str'), subnetwork=dict(type='dict'), + network=dict(type='dict'), + prefix_length=dict(type='int'), region=dict(required=True, type='str'), ) ) @@ -361,6 +390,8 @@ def resource_to_request(module): u'purpose': module.params.get('purpose'), u'networkTier': module.params.get('network_tier'), u'subnetwork': replace_resource_dict(module.params.get(u'subnetwork', {}), 'selfLink'), + u'network': replace_resource_dict(module.params.get(u'network', {}), 'selfLink'), + u'prefixLength': module.params.get('prefix_length'), } return_vals = {} for k, v in request.items(): @@ -437,6 +468,8 @@ def response_to_hash(module, response): u'subnetwork': response.get(u'subnetwork'), u'users': response.get(u'users'), u'status': response.get(u'status'), + u'network': response.get(u'network'), + u'prefixLength': response.get(u'prefixLength'), } diff --git a/plugins/modules/gcp_compute_address_info.py b/plugins/modules/gcp_compute_address_info.py index 2d093e525..0d5f785b7 100644 --- a/plugins/modules/gcp_compute_address_info.py +++ b/plugins/modules/gcp_compute_address_info.py @@ -164,9 +164,9 @@ - "* SHARED_LOADBALANCER_VIP for an address that can be used by multiple internal load balancers." - "* VPC_PEERING for addresses that are reserved for VPC peer networks." - - "* IPSEC_INTERCONNECT (Beta only) for addresses created from a private IP - range that are reserved for a VLAN attachment in an IPsec-encrypted Cloud - Interconnect configuration. These addresses are regional resources." + - "* IPSEC_INTERCONNECT for addresses created from a private IP range that are + reserved for a VLAN attachment in an IPsec-encrypted Cloud Interconnect configuration. + These addresses are regional resources." - This should only be set when using an Internal address. returned: success type: str @@ -197,6 +197,17 @@ is currently being used by another resource and is not available. returned: success type: str + network: + description: + - The URL of the network in which to reserve the address. This field can only + be used with INTERNAL type with the VPC_PEERING and IPSEC_INTERCONNECT purposes. + returned: success + type: dict + prefixLength: + description: + - The prefix length if the resource represents an IP range. + returned: success + type: int region: description: - URL of the region where the regional address resides. diff --git a/plugins/modules/gcp_compute_interconnect_attachment.py b/plugins/modules/gcp_compute_interconnect_attachment.py index 704b7fe54..075fb0e70 100644 --- a/plugins/modules/gcp_compute_interconnect_attachment.py +++ b/plugins/modules/gcp_compute_interconnect_attachment.py @@ -144,6 +144,38 @@ PARTNER type this will be managed upstream. required: false type: int + ipsec_internal_addresses: + description: + - URL of addresses that have been reserved for the interconnect attachment, Used + only for interconnect attachment that has the encryption option as IPSEC. + - The addresses must be RFC 1918 IP address ranges. When creating HA VPN gateway + over the interconnect attachment, if the attachment is configured to use an + RFC 1918 IP address, then the VPN gateway's IP address will be allocated from + the IP address range specified here. + - For example, if the HA VPN gateway's interface 0 is paired to this interconnect + attachment, then an RFC 1918 IP address for the VPN gateway interface 0 will + be allocated from the IP address specified for this interconnect attachment. + - If this field is not specified for interconnect attachment that has encryption + option as IPSEC, later on when creating HA VPN gateway on this interconnect + attachment, the HA VPN gateway's IP address will be allocated from regional + external IP address pool. + elements: dict + required: false + type: list + encryption: + description: + - 'Indicates the user-supplied encryption option of this interconnect attachment: + NONE is the default value, which means that the attachment carries unencrypted + traffic. VMs can send traffic to, or receive traffic from, this type of attachment.' + - IPSEC indicates that the attachment carries only traffic encrypted by an IPsec + device such as an HA VPN gateway. VMs cannot directly send traffic to, or receive + traffic from, such an attachment. To use IPsec-encrypted Cloud Interconnect + create the attachment using this option. + - Not currently available publicly. + - 'Some valid choices include: "NONE", "IPSEC"' + required: false + default: NONE + type: str region: description: - Region where the regional interconnect attachment resides. @@ -348,6 +380,35 @@ PARTNER type this will be managed upstream. returned: success type: int +ipsecInternalAddresses: + description: + - URL of addresses that have been reserved for the interconnect attachment, Used + only for interconnect attachment that has the encryption option as IPSEC. + - The addresses must be RFC 1918 IP address ranges. When creating HA VPN gateway + over the interconnect attachment, if the attachment is configured to use an RFC + 1918 IP address, then the VPN gateway's IP address will be allocated from the + IP address range specified here. + - For example, if the HA VPN gateway's interface 0 is paired to this interconnect + attachment, then an RFC 1918 IP address for the VPN gateway interface 0 will be + allocated from the IP address specified for this interconnect attachment. + - If this field is not specified for interconnect attachment that has encryption + option as IPSEC, later on when creating HA VPN gateway on this interconnect attachment, + the HA VPN gateway's IP address will be allocated from regional external IP address + pool. + returned: success + type: list +encryption: + description: + - 'Indicates the user-supplied encryption option of this interconnect attachment: + NONE is the default value, which means that the attachment carries unencrypted + traffic. VMs can send traffic to, or receive traffic from, this type of attachment.' + - IPSEC indicates that the attachment carries only traffic encrypted by an IPsec + device such as an HA VPN gateway. VMs cannot directly send traffic to, or receive + traffic from, such an attachment. To use IPsec-encrypted Cloud Interconnect create + the attachment using this option. + - Not currently available publicly. + returned: success + type: str region: description: - Region where the regional interconnect attachment resides. @@ -393,6 +454,8 @@ def main(): name=dict(required=True, type='str'), candidate_subnets=dict(type='list', elements='str'), vlan_tag8021q=dict(type='int'), + ipsec_internal_addresses=dict(type='list', elements='dict'), + encryption=dict(default='NONE', type='str'), region=dict(required=True, type='str'), ) ) @@ -457,6 +520,8 @@ def resource_to_request(module): u'name': module.params.get('name'), u'candidateSubnets': module.params.get('candidate_subnets'), u'vlanTag8021q': module.params.get('vlan_tag8021q'), + u'ipsecInternalAddresses': replace_resource_dict(module.params.get('ipsec_internal_addresses', []), 'selfLink'), + u'encryption': module.params.get('encryption'), } return_vals = {} for k, v in request.items(): @@ -542,6 +607,8 @@ def response_to_hash(module, response): u'name': module.params.get('name'), u'candidateSubnets': module.params.get('candidate_subnets'), u'vlanTag8021q': module.params.get('vlan_tag8021q'), + u'ipsecInternalAddresses': replace_resource_dict(module.params.get('ipsec_internal_addresses', []), 'selfLink'), + u'encryption': module.params.get('encryption'), } diff --git a/plugins/modules/gcp_compute_interconnect_attachment_info.py b/plugins/modules/gcp_compute_interconnect_attachment_info.py index cd122b2b3..41795d702 100644 --- a/plugins/modules/gcp_compute_interconnect_attachment_info.py +++ b/plugins/modules/gcp_compute_interconnect_attachment_info.py @@ -265,6 +265,35 @@ PARTNER type this will be managed upstream. returned: success type: int + ipsecInternalAddresses: + description: + - URL of addresses that have been reserved for the interconnect attachment, + Used only for interconnect attachment that has the encryption option as IPSEC. + - The addresses must be RFC 1918 IP address ranges. When creating HA VPN gateway + over the interconnect attachment, if the attachment is configured to use an + RFC 1918 IP address, then the VPN gateway's IP address will be allocated from + the IP address range specified here. + - For example, if the HA VPN gateway's interface 0 is paired to this interconnect + attachment, then an RFC 1918 IP address for the VPN gateway interface 0 will + be allocated from the IP address specified for this interconnect attachment. + - If this field is not specified for interconnect attachment that has encryption + option as IPSEC, later on when creating HA VPN gateway on this interconnect + attachment, the HA VPN gateway's IP address will be allocated from regional + external IP address pool. + returned: success + type: list + encryption: + description: + - 'Indicates the user-supplied encryption option of this interconnect attachment: + NONE is the default value, which means that the attachment carries unencrypted + traffic. VMs can send traffic to, or receive traffic from, this type of attachment.' + - IPSEC indicates that the attachment carries only traffic encrypted by an IPsec + device such as an HA VPN gateway. VMs cannot directly send traffic to, or + receive traffic from, such an attachment. To use IPsec-encrypted Cloud Interconnect + create the attachment using this option. + - Not currently available publicly. + returned: success + type: str region: description: - Region where the regional interconnect attachment resides.