Try SpotterCreates a GCP VpnTunnel
Authors: Google Inc. (@googlecloudplatform)
preview | supported by community
Install with ansible-galaxy collection install delowan.googlecloud:==1.0.2
collections:
- name: delowan.googlecloud
version: 1.0.2VPN tunnel resource.
- name: create a network
google.cloud.gcp_compute_network:
name: network-vpn-tunnel
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: network
- name: create a router
google.cloud.gcp_compute_router:
name: router-vpn-tunnel
network: "{{ network }}"
bgp:
asn: 64514
advertise_mode: CUSTOM
advertised_groups:
- ALL_SUBNETS
advertised_ip_ranges:
- range: 1.2.3.4
- range: 6.7.0.0/16
region: us-central1
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: router
- name: create a target vpn gateway
google.cloud.gcp_compute_target_vpn_gateway:
name: gateway-vpn-tunnel
region: us-west1
network: "{{ network }}"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: gateway
- name: create a vpn tunnel
google.cloud.gcp_compute_vpn_tunnel:
name: test_object
region: us-west1
target_vpn_gateway: "{{ gateway }}"
router: "{{ router }}"
shared_secret: super secret
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
name:
description:
- Name of the resource. The name must be 1-63 characters long, and comply with RFC1035.
Specifically, the name must be 1-63 characters long and match the regular expression
`[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase
letter, and all following characters must be a dash, lowercase letter, or digit,
except the last character, which cannot be a dash.
required: true
type: str
state:
choices:
- present
- absent
default: present
description:
- Whether the given object should exist in GCP
type: str
region:
description:
- The region where the tunnel is located.
required: true
type: str
router:
description:
- URL of router resource to be used for dynamic routing.
- 'This field represents a link to a Router resource in GCP. It can be specified in
two ways. First, you can place a dictionary with key ''selfLink'' and value of your
resource''s selfLink Alternatively, you can add `register: name-of-resource` to
a gcp_compute_router task and then set this router field to "{{ name-of-resource
}}"'
required: false
type: dict
scopes:
description:
- Array of scopes to be used
elements: str
type: list
peer_ip:
description:
- IP address of the peer VPN gateway. Only IPv4 is supported.
required: false
type: str
project:
description:
- The Google Cloud Platform project to use.
type: str
env_type:
description:
- Specifies which Ansible environment you're running this module within.
- This should not be set unless you know what you're doing.
- This only alters the User Agent string for any API requests.
type: str
auth_kind:
choices:
- application
- machineaccount
- serviceaccount
description:
- The type of credential used.
required: true
type: str
description:
description:
- An optional description of this resource.
required: false
type: str
ike_version:
default: '2'
description:
- IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway.
- Acceptable IKE versions are 1 or 2. Default version is 2.
required: false
type: int
vpn_gateway:
description:
- URL of the VPN gateway with which this VPN tunnel is associated.
- This must be used if a High Availability VPN gateway resource is created.
- 'This field represents a link to a VpnGateway resource in GCP. It can be specified
in two ways. First, you can place a dictionary with key ''selfLink'' and value of
your resource''s selfLink Alternatively, you can add `register: name-of-resource`
to a gcp_compute_vpn_gateway task and then set this vpn_gateway field to "{{ name-of-resource
}}"'
required: false
type: dict
shared_secret:
description:
- Shared secret used to set the secure session between the Cloud VPN gateway and the
peer VPN gateway.
required: true
type: str
peer_gcp_gateway:
description:
- URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected.
- If provided, the VPN tunnel will automatically use the same vpn_gateway_interface
ID in the peer GCP VPN gateway.
- 'This field represents a link to a VpnGateway resource in GCP. It can be specified
in two ways. First, you can place a dictionary with key ''selfLink'' and value of
your resource''s selfLink Alternatively, you can add `register: name-of-resource`
to a gcp_compute_vpn_gateway task and then set this peer_gcp_gateway field to "{{
name-of-resource }}"'
required: false
type: dict
target_vpn_gateway:
description:
- URL of the Target VPN gateway with which this VPN tunnel is associated.
- 'This field represents a link to a TargetVpnGateway resource in GCP. It can be specified
in two ways. First, you can place a dictionary with key ''selfLink'' and value of
your resource''s selfLink Alternatively, you can add `register: name-of-resource`
to a gcp_compute_target_vpn_gateway task and then set this target_vpn_gateway field
to "{{ name-of-resource }}"'
required: false
type: dict
service_account_file:
description:
- The path of a Service Account JSON file if serviceaccount is selected as type.
type: path
peer_external_gateway:
description:
- URL of the peer side external VPN gateway to which this VPN tunnel is connected.
- 'This field represents a link to a ExternalVpnGateway resource in GCP. It can be
specified in two ways. First, you can place a dictionary with key ''selfLink'' and
value of your resource''s selfLink Alternatively, you can add `register: name-of-resource`
to a gcp_compute_external_vpn_gateway task and then set this peer_external_gateway
field to "{{ name-of-resource }}"'
required: false
type: dict
service_account_email:
description:
- An optional service account email address if machineaccount is selected and the
user does not wish to use the default email.
type: str
vpn_gateway_interface:
description:
- The interface ID of the VPN gateway with which this VPN tunnel is associated.
required: false
type: int
local_traffic_selector:
description:
- Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway.
The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges
should be disjoint.
- Only IPv4 is supported.
elements: str
required: false
type: list
remote_traffic_selector:
description:
- Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway.
The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges
should be disjoint.
- Only IPv4 is supported.
elements: str
required: false
type: list
service_account_contents:
description:
- The contents of a Service Account JSON file, either in a dictionary or as a JSON
string that represents it.
type: jsonarg
peer_external_gateway_interface:
description:
- The interface ID of the external VPN gateway to which this VPN tunnel is connected.
required: false
type: int
creationTimestamp:
description:
- Creation timestamp in RFC3339 text format.
returned: success
type: str
description:
description:
- An optional description of this resource.
returned: success
type: str
id:
description:
- The unique identifier for the resource. This identifier is defined by the server.
returned: success
type: str
ikeVersion:
description:
- IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway.
- Acceptable IKE versions are 1 or 2. Default version is 2.
returned: success
type: int
localTrafficSelector:
description:
- Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway.
The value should be a CIDR formatted string, for example `192.168.0.0/16`. The
ranges should be disjoint.
- Only IPv4 is supported.
returned: success
type: list
name:
description:
- Name of the resource. The name must be 1-63 characters long, and comply with RFC1035.
Specifically, the name must be 1-63 characters long and match the regular expression
`[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase
letter, and all following characters must be a dash, lowercase letter, or digit,
except the last character, which cannot be a dash.
returned: success
type: str
peerExternalGateway:
description:
- URL of the peer side external VPN gateway to which this VPN tunnel is connected.
returned: success
type: dict
peerExternalGatewayInterface:
description:
- The interface ID of the external VPN gateway to which this VPN tunnel is connected.
returned: success
type: int
peerGcpGateway:
description:
- URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected.
- If provided, the VPN tunnel will automatically use the same vpn_gateway_interface
ID in the peer GCP VPN gateway.
returned: success
type: dict
peerIp:
description:
- IP address of the peer VPN gateway. Only IPv4 is supported.
returned: success
type: str
region:
description:
- The region where the tunnel is located.
returned: success
type: str
remoteTrafficSelector:
description:
- Remote traffic selector to use when establishing the VPN tunnel with peer VPN
gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`.
The ranges should be disjoint.
- Only IPv4 is supported.
returned: success
type: list
router:
description:
- URL of router resource to be used for dynamic routing.
returned: success
type: dict
sharedSecret:
description:
- Shared secret used to set the secure session between the Cloud VPN gateway and
the peer VPN gateway.
returned: success
type: str
sharedSecretHash:
description:
- Hash of the shared secret.
returned: success
type: str
targetVpnGateway:
description:
- URL of the Target VPN gateway with which this VPN tunnel is associated.
returned: success
type: dict
vpnGateway:
description:
- URL of the VPN gateway with which this VPN tunnel is associated.
- This must be used if a High Availability VPN gateway resource is created.
returned: success
type: dict
vpnGatewayInterface:
description:
- The interface ID of the VPN gateway with which this VPN tunnel is associated.
returned: success
type: int