Try Spottercreate/destroy GCE networks and firewall rules
Authors: Eric Johnson (@erjohnso) <erjohnso@google.com>, Tom Melendez (@supertom) <supertom@google.com>
Install with ansible-galaxy collection install community.general:==1.3.14
collections:
- name: community.general
version: 1.3.14This module can create and destroy Google Compute Engine networks and firewall rules U(https://cloud.google.com/compute/docs/networking). The I(name) parameter is reserved for referencing a network while the I(fwname) parameter is used to reference firewall rules. IPv4 Address ranges must be specified using the CIDR U(http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) format. Full install/configuration instructions for the gce* modules can be found in the comments of ansible/test/gce_tests.py.
# Create a 'legacy' Network
- name: Create Legacy Network
community.general.gce_net:
name: legacynet
ipv4_range: '10.24.17.0/24'
mode: legacy
state: present
# Create an 'auto' Network
- name: Create Auto Network
community.general.gce_net:
name: autonet
mode: auto
state: present
# Create a 'custom' Network
- name: Create Custom Network
community.general.gce_net:
name: customnet
mode: custom
subnet_name: "customsubnet"
subnet_region: us-east1
ipv4_range: '10.240.16.0/24'
state: "present"
# Create Firewall Rule with Source Tags
- name: Create Firewall Rule w/Source Tags
community.general.gce_net:
name: default
fwname: "my-firewall-rule"
allowed: tcp:80
state: "present"
src_tags: "foo,bar"
# Create Firewall Rule with Source Range
- name: Create Firewall Rule w/Source Range
community.general.gce_net:
name: default
fwname: "my-firewall-rule"
allowed: tcp:80
state: "present"
src_range: ['10.1.1.1/32']
# Create Custom Subnetwork
- name: Create Custom Subnetwork
community.general.gce_net:
name: privatenet
mode: custom
subnet_name: subnet_example
subnet_region: us-central1
ipv4_range: '10.0.0.0/16'
mode:
choices:
- legacy
- auto
- custom
default: legacy
description:
- network mode for Google Cloud C(legacy) indicates a network with an IP address range;
C(auto) automatically generates subnetworks in different regions; C(custom) uses
networks to group subnets of user specified IP address ranges https://cloud.google.com/compute/docs/networking#network_types
type: str
name:
description:
- name of the network
type: str
state:
default: present
description:
- desired state of the network or firewall
- 'Available choices are: C(active), C(present), C(absent), C(deleted).'
type: str
fwname:
description:
- name of the firewall rule
type: str
allowed:
description:
- the protocol:ports to allow (I(tcp:80) or I(tcp:80,443) or I(tcp:80-800;udp:1-25))
this parameter is mandatory when creating or updating a firewall rule
type: str
pem_file:
description:
- path to the pem file associated with the service account email This option is deprecated.
Use C(credentials_file).
type: path
src_tags:
default: []
description:
- the source instance tags for creating a firewall rule
type: list
src_range:
default: []
description:
- the source IPv4 address range in CIDR notation
type: list
ipv4_range:
description:
- the IPv4 address range in CIDR notation for the network this parameter is not mandatory
when you specified existing network in name parameter, but when you create new network,
this parameter is mandatory
type: str
project_id:
description:
- your GCE project ID
type: str
subnet_desc:
description:
- description of subnet to create
type: str
subnet_name:
description:
- name of subnet to create
type: str
target_tags:
default: []
description:
- the target instance tags for creating a firewall rule
type: list
subnet_region:
description:
- region of subnet to create
type: str
credentials_file:
description:
- path to the JSON file associated with the service account email
type: path
service_account_email:
description:
- service account email
type: str
allowed: description: Rules (ports and protocols) specified by this firewall rule. returned: When specified sample: tcp:80;icmp type: str fwname: description: Name of the firewall rule. returned: When specified sample: my-fwname type: str ipv4_range: description: IPv4 range of the specified network or subnetwork. returned: when specified or when a subnetwork is created sample: 10.0.0.0/16 type: str name: description: Name of the network. returned: always sample: my-network type: str src_range: description: IP address blocks a firewall rule applies to. returned: when specified sample: - 10.1.1.12/8 type: list src_tags: description: Instance Tags firewall rule applies to. returned: when specified while creating a firewall rule sample: - foo - bar type: list state: description: State of the item operated on. returned: always sample: present type: str subnet_name: description: Name of the subnetwork. returned: when specified or when a subnetwork is created sample: my-subnetwork type: str subnet_region: description: Region of the specified subnet. returned: when specified or when a subnetwork is created sample: us-east1 type: str target_tags: description: Instance Tags with these tags receive traffic allowed by firewall rule. returned: when specified while creating a firewall rule sample: - foo - bar type: list