Try SpotterCreates a GCP ForwardingRule
Authors: Google Inc. (@googlecloudplatform)
preview | supported by community
Install with ansible-galaxy collection install delowan.googlecloud:==1.0.2
collections:
- name: delowan.googlecloud
version: 1.0.2A ForwardingRule resource. A ForwardingRule resource specifies which pool of target virtual machines to forward a packet to if it matches the given [IPAddress, IPProtocol, portRange] tuple.
- name: create a address
google.cloud.gcp_compute_address:
name: address-forwardingrule
region: us-west1
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: address
- name: create a target pool
google.cloud.gcp_compute_target_pool:
name: targetpool-forwardingrule
region: us-west1
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: targetpool
- name: create a forwarding rule
google.cloud.gcp_compute_forwarding_rule:
name: test_object
region: us-west1
target: "{{ targetpool }}"
ip_protocol: TCP
port_range: 80-80
ip_address: "{{ address.address }}"
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
name:
description:
- Name of the resource; provided by the client when the resource is created. The name
must be 1-63 characters long, and comply with RFC1035. Specifically, the name must
be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
which means the first character must be a lowercase letter, and all following characters
must be a dash, lowercase letter, or digit, except the last character, which cannot
be a dash.
required: true
type: str
ports:
description:
- This field is used along with the backend_service field for internal load balancing.
- When the load balancing scheme is INTERNAL, a single port or a comma separated list
of ports can be configured. Only packets addressed to these ports will be forwarded
to the backends configured with this forwarding rule.
- You may specify a maximum of up to 5 ports.
elements: str
required: false
type: list
state:
choices:
- present
- absent
default: present
description:
- Whether the given object should exist in GCP
type: str
region:
description:
- A reference to the region where the regional forwarding rule resides.
- This field is not applicable to global forwarding rules.
required: true
type: str
scopes:
description:
- Array of scopes to be used
elements: str
type: list
target:
description:
- The URL of the target resource to receive the matched traffic.
- The target must live in the same region as the forwarding rule.
- The forwarded traffic must be of a type appropriate to the target object.
required: false
type: str
network:
description:
- For internal load balancing, this field identifies the network that the load balanced
IP should belong to for this Forwarding Rule. If this field is not specified, the
default network will be used.
- This field is only used for INTERNAL load balancing.
- 'This field represents a link to a Network resource in GCP. It can be specified
in two ways. First, you can place a dictionary with key ''selfLink'' and value of
your resource''s selfLink Alternatively, you can add `register: name-of-resource`
to a gcp_compute_network task and then set this network field to "{{ name-of-resource
}}"'
required: false
type: dict
project:
description:
- The Google Cloud Platform project to use.
type: str
env_type:
description:
- Specifies which Ansible environment you're running this module within.
- This should not be set unless you know what you're doing.
- This only alters the User Agent string for any API requests.
type: str
all_ports:
description:
- For internal TCP/UDP load balancing (i.e. load balancing scheme is INTERNAL and
protocol is TCP/UDP), set this to true to allow packets addressed to any ports to
be forwarded to the backends configured with this forwarding rule. Used with backend
service. Cannot be set if port or portRange are set.
required: false
type: bool
auth_kind:
choices:
- application
- machineaccount
- serviceaccount
description:
- The type of credential used.
required: true
type: str
ip_address:
description:
- The IP address that this forwarding rule is serving on behalf of.
- Addresses are restricted based on the forwarding rule's load balancing scheme (EXTERNAL
or INTERNAL) and scope (global or regional).
- When the load balancing scheme is EXTERNAL, for global forwarding rules, the address
must be a global IP, and for regional forwarding rules, the address must live in
the same region as the forwarding rule. If this field is empty, an ephemeral IPv4
address from the same scope (global or regional) will be assigned. A regional forwarding
rule supports IPv4 only. A global forwarding rule supports either IPv4 or IPv6.
- When the load balancing scheme is INTERNAL, this can only be an RFC 1918 IP address
belonging to the network/subnet configured for the forwarding rule. By default,
if this field is empty, an ephemeral internal IP address will be automatically allocated
from the IP range of the subnet or network configured for this forwarding rule.
- 'An address can be specified either by a literal IP address or a URL reference to
an existing Address resource. The following examples are all valid: * 100.1.2.3
* U(https://www.googleapis.com/compute/v1/projects/project/regions/region/addresses/address)
* projects/project/regions/region/addresses/address * regions/region/addresses/address
* global/addresses/address * address .'
required: false
type: str
port_range:
description:
- This field is used along with the target field for TargetHttpProxy, TargetHttpsProxy,
TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance.
- Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets addressed to
ports in the specified range will be forwarded to target.
- Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint port
ranges.
- 'Some types of forwarding target have constraints on the acceptable ports: * TargetHttpProxy:
80, 8080 * TargetHttpsProxy: 443 * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465,
587, 700, 993, 995, 1883, 5222 * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465,
587, 700, 993, 995, 1883, 5222 * TargetVpnGateway: 500, 4500 .'
required: false
type: str
subnetwork:
description:
- The subnetwork that the load balanced IP should belong to for this Forwarding Rule.
This field is only used for INTERNAL load balancing.
- If the network specified is in auto subnet mode, this field is optional. However,
if the network is in custom subnet mode, a subnetwork must be specified.
- 'This field represents a link to a Subnetwork resource in GCP. It can be specified
in two ways. First, you can place a dictionary with key ''selfLink'' and value of
your resource''s selfLink Alternatively, you can add `register: name-of-resource`
to a gcp_compute_subnetwork task and then set this subnetwork field to "{{ name-of-resource
}}"'
required: false
type: dict
description:
description:
- An optional description of this resource. Provide this property when you create
the resource.
required: false
type: str
ip_protocol:
description:
- The IP protocol to which this rule applies.
- When the load balancing scheme is INTERNAL, only TCP and UDP are valid.
- 'Some valid choices include: "TCP", "UDP", "ESP", "AH", "SCTP", "ICMP"'
required: false
type: str
network_tier:
description:
- The networking tier used for configuring this address. If this field is not specified,
it is assumed to be PREMIUM.
- 'Some valid choices include: "PREMIUM", "STANDARD"'
required: false
type: str
service_label:
description:
- An optional prefix to the service name for this Forwarding Rule.
- If specified, will be the first label of the fully qualified service name.
- The label must be 1-63 characters long, and comply with RFC1035.
- Specifically, the label must be 1-63 characters long and match the regular expression
`[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase
letter, and all following characters must be a dash, lowercase letter, or digit,
except the last character, which cannot be a dash.
- This field is only used for INTERNAL load balancing.
required: false
type: str
backend_service:
description:
- A BackendService to receive the matched traffic. This is used only for INTERNAL
load balancing.
- 'This field represents a link to a BackendService resource in GCP. It can be specified
in two ways. First, you can place a dictionary with key ''selfLink'' and value of
your resource''s selfLink Alternatively, you can add `register: name-of-resource`
to a gcp_compute_backend_service task and then set this backend_service field to
"{{ name-of-resource }}"'
required: false
type: dict
allow_global_access:
description:
- If true, clients can access ILB from all regions.
- Otherwise only allows from the local region the ILB is located at.
required: false
type: bool
service_account_file:
description:
- The path of a Service Account JSON file if serviceaccount is selected as type.
type: path
load_balancing_scheme:
description:
- This signifies what the ForwardingRule will be used for and can be EXTERNAL, INTERNAL,
or INTERNAL_MANAGED. EXTERNAL is used for Classic Cloud VPN gateways, protocol forwarding
to VMs from an external IP address, and HTTP(S), SSL Proxy, TCP Proxy, and Network
TCP/UDP load balancers.
- INTERNAL is used for protocol forwarding to VMs from an internal IP address, and
internal TCP/UDP load balancers.
- INTERNAL_MANAGED is used for internal HTTP(S) load balancers.
- 'Some valid choices include: "EXTERNAL", "INTERNAL", "INTERNAL_MANAGED"'
required: false
type: str
service_account_email:
description:
- An optional service account email address if machineaccount is selected and the
user does not wish to use the default email.
type: str
is_mirroring_collector:
description:
- Indicates whether or not this load balancer can be used as a collector for packet
mirroring. To prevent mirroring loops, instances behind this load balancer will
not have their traffic mirrored even if a PacketMirroring rule applies to them.
This can only be set to true for load balancers that have their loadBalancingScheme
set to INTERNAL.
required: false
type: bool
service_account_contents:
description:
- The contents of a Service Account JSON file, either in a dictionary or as a JSON
string that represents it.
type: jsonarg
IPAddress:
description:
- The IP address that this forwarding rule is serving on behalf of.
- Addresses are restricted based on the forwarding rule's load balancing scheme
(EXTERNAL or INTERNAL) and scope (global or regional).
- When the load balancing scheme is EXTERNAL, for global forwarding rules, the address
must be a global IP, and for regional forwarding rules, the address must live
in the same region as the forwarding rule. If this field is empty, an ephemeral
IPv4 address from the same scope (global or regional) will be assigned. A regional
forwarding rule supports IPv4 only. A global forwarding rule supports either IPv4
or IPv6.
- When the load balancing scheme is INTERNAL, this can only be an RFC 1918 IP address
belonging to the network/subnet configured for the forwarding rule. By default,
if this field is empty, an ephemeral internal IP address will be automatically
allocated from the IP range of the subnet or network configured for this forwarding
rule.
- 'An address can be specified either by a literal IP address or a URL reference
to an existing Address resource. The following examples are all valid: * 100.1.2.3
* U(https://www.googleapis.com/compute/v1/projects/project/regions/region/addresses/address)
* projects/project/regions/region/addresses/address * regions/region/addresses/address
* global/addresses/address * address .'
returned: success
type: str
IPProtocol:
description:
- The IP protocol to which this rule applies.
- When the load balancing scheme is INTERNAL, only TCP and UDP are valid.
returned: success
type: str
allPorts:
description:
- For internal TCP/UDP load balancing (i.e. load balancing scheme is INTERNAL and
protocol is TCP/UDP), set this to true to allow packets addressed to any ports
to be forwarded to the backends configured with this forwarding rule. Used with
backend service. Cannot be set if port or portRange are set.
returned: success
type: bool
allowGlobalAccess:
description:
- If true, clients can access ILB from all regions.
- Otherwise only allows from the local region the ILB is located at.
returned: success
type: bool
backendService:
description:
- A BackendService to receive the matched traffic. This is used only for INTERNAL
load balancing.
returned: success
type: dict
creationTimestamp:
description:
- Creation timestamp in RFC3339 text format.
returned: success
type: str
description:
description:
- An optional description of this resource. Provide this property when you create
the resource.
returned: success
type: str
id:
description:
- The unique identifier for the resource.
returned: success
type: int
isMirroringCollector:
description:
- Indicates whether or not this load balancer can be used as a collector for packet
mirroring. To prevent mirroring loops, instances behind this load balancer will
not have their traffic mirrored even if a PacketMirroring rule applies to them.
This can only be set to true for load balancers that have their loadBalancingScheme
set to INTERNAL.
returned: success
type: bool
loadBalancingScheme:
description:
- This signifies what the ForwardingRule will be used for and can be EXTERNAL, INTERNAL,
or INTERNAL_MANAGED. EXTERNAL is used for Classic Cloud VPN gateways, protocol
forwarding to VMs from an external IP address, and HTTP(S), SSL Proxy, TCP Proxy,
and Network TCP/UDP load balancers.
- INTERNAL is used for protocol forwarding to VMs from an internal IP address, and
internal TCP/UDP load balancers.
- INTERNAL_MANAGED is used for internal HTTP(S) load balancers.
returned: success
type: str
name:
description:
- Name of the resource; provided by the client when the resource is created. The
name must be 1-63 characters long, and comply with RFC1035. Specifically, the
name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
which means the first character must be a lowercase letter, and all following
characters must be a dash, lowercase letter, or digit, except the last character,
which cannot be a dash.
returned: success
type: str
network:
description:
- For internal load balancing, this field identifies the network that the load balanced
IP should belong to for this Forwarding Rule. If this field is not specified,
the default network will be used.
- This field is only used for INTERNAL load balancing.
returned: success
type: dict
networkTier:
description:
- The networking tier used for configuring this address. If this field is not specified,
it is assumed to be PREMIUM.
returned: success
type: str
portRange:
description:
- This field is used along with the target field for TargetHttpProxy, TargetHttpsProxy,
TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance.
- Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets addressed to
ports in the specified range will be forwarded to target.
- Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint
port ranges.
- 'Some types of forwarding target have constraints on the acceptable ports: * TargetHttpProxy:
80, 8080 * TargetHttpsProxy: 443 * TargetTcpProxy: 25, 43, 110, 143, 195, 443,
465, 587, 700, 993, 995, 1883, 5222 * TargetSslProxy: 25, 43, 110, 143, 195, 443,
465, 587, 700, 993, 995, 1883, 5222 * TargetVpnGateway: 500, 4500 .'
returned: success
type: str
ports:
description:
- This field is used along with the backend_service field for internal load balancing.
- When the load balancing scheme is INTERNAL, a single port or a comma separated
list of ports can be configured. Only packets addressed to these ports will be
forwarded to the backends configured with this forwarding rule.
- You may specify a maximum of up to 5 ports.
returned: success
type: list
region:
description:
- A reference to the region where the regional forwarding rule resides.
- This field is not applicable to global forwarding rules.
returned: success
type: str
serviceLabel:
description:
- An optional prefix to the service name for this Forwarding Rule.
- If specified, will be the first label of the fully qualified service name.
- The label must be 1-63 characters long, and comply with RFC1035.
- Specifically, the label must be 1-63 characters long and match the regular expression
`[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase
letter, and all following characters must be a dash, lowercase letter, or digit,
except the last character, which cannot be a dash.
- This field is only used for INTERNAL load balancing.
returned: success
type: str
serviceName:
description:
- The internal fully qualified service name for this Forwarding Rule.
- This field is only used for INTERNAL load balancing.
returned: success
type: str
subnetwork:
description:
- The subnetwork that the load balanced IP should belong to for this Forwarding
Rule. This field is only used for INTERNAL load balancing.
- If the network specified is in auto subnet mode, this field is optional. However,
if the network is in custom subnet mode, a subnetwork must be specified.
returned: success
type: dict
target:
description:
- The URL of the target resource to receive the matched traffic.
- The target must live in the same region as the forwarding rule.
- The forwarded traffic must be of a type appropriate to the target object.
returned: success
type: str