Try SpotterCreates a GCP TargetSslProxy
Authors: Google Inc. (@googlecloudplatform)
preview | supported by community
Install with ansible-galaxy collection install delowan.googlecloud:==1.0.2
collections:
- name: delowan.googlecloud
version: 1.0.2Represents a TargetSslProxy resource, which is used by one or more global forwarding rule to route incoming SSL requests to a backend service.
- name: create a instance group
google.cloud.gcp_compute_instance_group:
name: instancegroup-targetsslproxy
zone: us-central1-a
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: instancegroup
- name: create a health check
google.cloud.gcp_compute_health_check:
name: healthcheck-targetsslproxy
type: TCP
tcp_health_check:
port_name: service-health
request: ping
response: pong
healthy_threshold: 10
timeout_sec: 2
unhealthy_threshold: 5
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: healthcheck
- name: create a backend service
google.cloud.gcp_compute_backend_service:
name: backendservice-targetsslproxy
backends:
- group: "{{ instancegroup.selfLink }}"
health_checks:
- "{{ healthcheck.selfLink }}"
protocol: SSL
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: backendservice
- name: create a SSL certificate
google.cloud.gcp_compute_ssl_certificate:
name: sslcert-targetsslproxy
description: A certificate for testing. Do not use this certificate in production
certificate: |-
-----BEGIN CERTIFICATE-----
MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG
EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxFTAT
BgNVBAoMDEdvb2dsZSwgSW5jLjEeMBwGA1UECwwVR29vZ2xlIENsb3VkIFBsYXRm
b3JtMR8wHQYDVQQDDBZ3d3cubXktc2VjdXJlLXNpdGUuY29tMSEwHwYJKoZIhvcN
AQkBFhJuZWxzb25hQGdvb2dsZS5jb20wHhcNMTcwNjI4MDQ1NjI2WhcNMjcwNjI2
MDQ1NjI2WjCBsDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xETAP
BgNVBAcMCEtpcmtsYW5kMRUwEwYDVQQKDAxHb29nbGUsIEluYy4xHjAcBgNVBAsM
FUdvb2dsZSBDbG91ZCBQbGF0Zm9ybTEfMB0GA1UEAwwWd3d3Lm15LXNlY3VyZS1z
aXRlLmNvbTEhMB8GCSqGSIb3DQEJARYSbmVsc29uYUBnb29nbGUuY29tMFkwEwYH
KoZIzj0CAQYIKoZIzj0DAQcDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ
4mzkzTv0dXyB750fOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwaNQME4wHQYDVR0O
BBYEFKIQC3A2SDpxcdfn0YLKineDNq/BMB8GA1UdIwQYMBaAFKIQC3A2SDpxcdfn
0YLKineDNq/BMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhALs4vy+O
M3jcqgA4fSW/oKw6UJxp+M6a+nGMX+UJR3YgAiEAvvl39QRVAiv84hdoCuyON0lJ
zqGNhIPGq2ULqXKK8BY=
-----END CERTIFICATE-----
private_key: |-
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIObtRo8tkUqoMjeHhsOh2ouPpXCgBcP+EDxZCB/tws15oAoGCCqGSM49
AwEHoUQDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ4mzkzTv0dXyB750f
OGN02HtkpBOZzzvUARTR10JQoSe2/5PIwQ==
-----END EC PRIVATE KEY-----
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: sslcert
- name: create a target SSL proxy
google.cloud.gcp_compute_target_ssl_proxy:
name: test_object
ssl_certificates:
- "{{ sslcert }}"
service: "{{ backendservice }}"
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
name:
description:
- Name of the resource. Provided by the client when the resource is created. The name
must be 1-63 characters long, and comply with RFC1035. Specifically, the name must
be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
which means the first character must be a lowercase letter, and all following characters
must be a dash, lowercase letter, or digit, except the last character, which cannot
be a dash.
required: true
type: str
state:
choices:
- present
- absent
default: present
description:
- Whether the given object should exist in GCP
type: str
scopes:
description:
- Array of scopes to be used
elements: str
type: list
project:
description:
- The Google Cloud Platform project to use.
type: str
service:
description:
- A reference to the BackendService resource.
- 'This field represents a link to a BackendService resource in GCP. It can be specified
in two ways. First, you can place a dictionary with key ''selfLink'' and value of
your resource''s selfLink Alternatively, you can add `register: name-of-resource`
to a gcp_compute_backend_service task and then set this service field to "{{ name-of-resource
}}"'
required: true
type: dict
env_type:
description:
- Specifies which Ansible environment you're running this module within.
- This should not be set unless you know what you're doing.
- This only alters the User Agent string for any API requests.
type: str
auth_kind:
choices:
- application
- machineaccount
- serviceaccount
description:
- The type of credential used.
required: true
type: str
ssl_policy:
description:
- A reference to the SslPolicy resource that will be associated with the TargetSslProxy
resource. If not set, the TargetSslProxy resource will not have any SSL policy configured.
- 'This field represents a link to a SslPolicy resource in GCP. It can be specified
in two ways. First, you can place a dictionary with key ''selfLink'' and value of
your resource''s selfLink Alternatively, you can add `register: name-of-resource`
to a gcp_compute_ssl_policy task and then set this ssl_policy field to "{{ name-of-resource
}}"'
required: false
type: dict
description:
description:
- An optional description of this resource.
required: false
type: str
proxy_header:
description:
- Specifies the type of proxy header to append before sending data to the backend.
- 'Some valid choices include: "NONE", "PROXY_V1"'
required: false
type: str
ssl_certificates:
description:
- A list of SslCertificate resources that are used to authenticate connections between
users and the load balancer. At least one SSL certificate must be specified.
elements: dict
required: true
type: list
service_account_file:
description:
- The path of a Service Account JSON file if serviceaccount is selected as type.
type: path
service_account_email:
description:
- An optional service account email address if machineaccount is selected and the
user does not wish to use the default email.
type: str
service_account_contents:
description:
- The contents of a Service Account JSON file, either in a dictionary or as a JSON
string that represents it.
type: jsonarg
creationTimestamp:
description:
- Creation timestamp in RFC3339 text format.
returned: success
type: str
description:
description:
- An optional description of this resource.
returned: success
type: str
id:
description:
- The unique identifier for the resource.
returned: success
type: int
name:
description:
- Name of the resource. Provided by the client when the resource is created. The
name must be 1-63 characters long, and comply with RFC1035. Specifically, the
name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
which means the first character must be a lowercase letter, and all following
characters must be a dash, lowercase letter, or digit, except the last character,
which cannot be a dash.
returned: success
type: str
proxyHeader:
description:
- Specifies the type of proxy header to append before sending data to the backend.
returned: success
type: str
service:
description:
- A reference to the BackendService resource.
returned: success
type: dict
sslCertificates:
description:
- A list of SslCertificate resources that are used to authenticate connections between
users and the load balancer. At least one SSL certificate must be specified.
returned: success
type: list
sslPolicy:
description:
- A reference to the SslPolicy resource that will be associated with the TargetSslProxy
resource. If not set, the TargetSslProxy resource will not have any SSL policy
configured.
returned: success
type: dict