From 3e06e189893e9a90289998b008590efae9451adf Mon Sep 17 00:00:00 2001 From: The Magician Date: Thu, 27 Aug 2020 09:19:03 -0700 Subject: [PATCH] Add Erase Windows VSS support to compute disk (#3898) (#283) Co-authored-by: Cameron Thornton Signed-off-by: Modular Magician Co-authored-by: Cameron Thornton --- plugins/modules/gcp_compute_disk.py | 108 +++++++++++++++++++---- plugins/modules/gcp_compute_disk_info.py | 24 ++++- 2 files changed, 114 insertions(+), 18 deletions(-) diff --git a/plugins/modules/gcp_compute_disk.py b/plugins/modules/gcp_compute_disk.py index 4d81a5f7d..1ea7c95ae 100644 --- a/plugins/modules/gcp_compute_disk.py +++ b/plugins/modules/gcp_compute_disk.py @@ -114,9 +114,9 @@ - The source image used to create this disk. If the source image is deleted, this field will not be set. - 'To create a disk with one of the public operating system images, specify the - image by its family name. For example, specify family/debian-8 to use the latest - Debian 8 image: projects/debian-cloud/global/images/family/debian-8 Alternatively, - use a specific version of a public operating system image: projects/debian-cloud/global/images/debian-8-jessie-vYYYYMMDD + image by its family name. For example, specify family/debian-9 to use the latest + Debian 9 image: projects/debian-cloud/global/images/family/debian-9 Alternatively, + use a specific version of a public operating system image: projects/debian-cloud/global/images/debian-9-stretch-vYYYYMMDD To create a disk with a private image that you created, specify the image name in the following format: global/images/my-private-image You can also specify a private image by its image family, which returns the latest version of the @@ -147,6 +147,12 @@ - The name of the encryption key that is stored in Google Cloud KMS. required: false type: str + kms_key_service_account: + description: + - The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + required: false + type: str disk_encryption_key: description: - Encrypts the disk using a customer-supplied encryption key. @@ -173,6 +179,12 @@ must have `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. required: false type: str + kms_key_service_account: + description: + - The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + required: false + type: str source_snapshot: description: - The source snapshot used to create this disk. You can provide this as a partial @@ -202,6 +214,12 @@ - The name of the encryption key that is stored in Google Cloud KMS. required: false type: str + kms_key_service_account: + description: + - The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + required: false + type: str project: description: - The Google Cloud Platform project to use. @@ -358,9 +376,9 @@ - The source image used to create this disk. If the source image is deleted, this field will not be set. - 'To create a disk with one of the public operating system images, specify the - image by its family name. For example, specify family/debian-8 to use the latest - Debian 8 image: projects/debian-cloud/global/images/family/debian-8 Alternatively, - use a specific version of a public operating system image: projects/debian-cloud/global/images/debian-8-jessie-vYYYYMMDD + image by its family name. For example, specify family/debian-9 to use the latest + Debian 9 image: projects/debian-cloud/global/images/family/debian-9 Alternatively, + use a specific version of a public operating system image: projects/debian-cloud/global/images/debian-9-stretch-vYYYYMMDD To create a disk with a private image that you created, specify the image name in the following format: global/images/my-private-image You can also specify a private image by its image family, which returns the latest version of the image @@ -397,6 +415,12 @@ - The name of the encryption key that is stored in Google Cloud KMS. returned: success type: str + kmsKeyServiceAccount: + description: + - The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + returned: success + type: str sourceImageId: description: - The ID value of the image used to create this disk. This value identifies the @@ -438,6 +462,12 @@ must have `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. returned: success type: str + kmsKeyServiceAccount: + description: + - The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + returned: success + type: str sourceSnapshot: description: - The source snapshot used to create this disk. You can provide this as a partial @@ -468,6 +498,12 @@ key that protects this resource. returned: success type: str + kmsKeyServiceAccount: + description: + - The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + returned: success + type: str sourceSnapshotId: description: - The unique ID of the snapshot used to create this disk. This value identifies @@ -515,10 +551,16 @@ def main(): type=dict(type='str'), source_image=dict(type='str'), zone=dict(required=True, type='str'), - source_image_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), kms_key_name=dict(type='str'))), - disk_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), kms_key_name=dict(type='str'))), + source_image_encryption_key=dict( + type='dict', options=dict(raw_key=dict(type='str'), kms_key_name=dict(type='str'), kms_key_service_account=dict(type='str')) + ), + disk_encryption_key=dict( + type='dict', options=dict(raw_key=dict(type='str'), kms_key_name=dict(type='str'), kms_key_service_account=dict(type='str')) + ), source_snapshot=dict(type='dict'), - source_snapshot_encryption_key=dict(type='dict', options=dict(raw_key=dict(type='str'), kms_key_name=dict(type='str'))), + source_snapshot_encryption_key=dict( + type='dict', options=dict(raw_key=dict(type='str'), kms_key_name=dict(type='str'), kms_key_service_account=dict(type='str')) + ), ) ) @@ -740,10 +782,22 @@ def __init__(self, request, module): self.request = {} def to_request(self): - return remove_nones_from_dict({u'rawKey': self.request.get('raw_key'), u'kmsKeyName': self.request.get('kms_key_name')}) + return remove_nones_from_dict( + { + u'rawKey': self.request.get('raw_key'), + u'kmsKeyName': self.request.get('kms_key_name'), + u'kmsKeyServiceAccount': self.request.get('kms_key_service_account'), + } + ) def from_response(self): - return remove_nones_from_dict({u'rawKey': self.request.get(u'rawKey'), u'kmsKeyName': self.request.get(u'kmsKeyName')}) + return remove_nones_from_dict( + { + u'rawKey': self.request.get(u'rawKey'), + u'kmsKeyName': self.request.get(u'kmsKeyName'), + u'kmsKeyServiceAccount': self.request.get(u'kmsKeyServiceAccount'), + } + ) class DiskDiskencryptionkey(object): @@ -755,10 +809,22 @@ def __init__(self, request, module): self.request = {} def to_request(self): - return remove_nones_from_dict({u'rawKey': self.request.get('raw_key'), u'kmsKeyName': self.request.get('kms_key_name')}) + return remove_nones_from_dict( + { + u'rawKey': self.request.get('raw_key'), + u'kmsKeyName': self.request.get('kms_key_name'), + u'kmsKeyServiceAccount': self.request.get('kms_key_service_account'), + } + ) def from_response(self): - return remove_nones_from_dict({u'rawKey': self.request.get(u'rawKey'), u'kmsKeyName': self.request.get(u'kmsKeyName')}) + return remove_nones_from_dict( + { + u'rawKey': self.request.get(u'rawKey'), + u'kmsKeyName': self.request.get(u'kmsKeyName'), + u'kmsKeyServiceAccount': self.request.get(u'kmsKeyServiceAccount'), + } + ) class DiskSourcesnapshotencryptionkey(object): @@ -770,10 +836,22 @@ def __init__(self, request, module): self.request = {} def to_request(self): - return remove_nones_from_dict({u'rawKey': self.request.get('raw_key'), u'kmsKeyName': self.request.get('kms_key_name')}) + return remove_nones_from_dict( + { + u'rawKey': self.request.get('raw_key'), + u'kmsKeyName': self.request.get('kms_key_name'), + u'kmsKeyServiceAccount': self.request.get('kms_key_service_account'), + } + ) def from_response(self): - return remove_nones_from_dict({u'rawKey': self.request.get(u'rawKey'), u'kmsKeyName': self.request.get(u'kmsKeyName')}) + return remove_nones_from_dict( + { + u'rawKey': self.request.get(u'rawKey'), + u'kmsKeyName': self.request.get(u'kmsKeyName'), + u'kmsKeyServiceAccount': self.request.get(u'kmsKeyServiceAccount'), + } + ) if __name__ == '__main__': diff --git a/plugins/modules/gcp_compute_disk_info.py b/plugins/modules/gcp_compute_disk_info.py index f1626f8d4..a05bb4442 100644 --- a/plugins/modules/gcp_compute_disk_info.py +++ b/plugins/modules/gcp_compute_disk_info.py @@ -207,10 +207,10 @@ - The source image used to create this disk. If the source image is deleted, this field will not be set. - 'To create a disk with one of the public operating system images, specify - the image by its family name. For example, specify family/debian-8 to use - the latest Debian 8 image: projects/debian-cloud/global/images/family/debian-8 + the image by its family name. For example, specify family/debian-9 to use + the latest Debian 9 image: projects/debian-cloud/global/images/family/debian-9 Alternatively, use a specific version of a public operating system image: - projects/debian-cloud/global/images/debian-8-jessie-vYYYYMMDD To create a + projects/debian-cloud/global/images/debian-9-stretch-vYYYYMMDD To create a disk with a private image that you created, specify the image name in the following format: global/images/my-private-image You can also specify a private image by its image family, which returns the latest version of the image in @@ -247,6 +247,12 @@ - The name of the encryption key that is stored in Google Cloud KMS. returned: success type: str + kmsKeyServiceAccount: + description: + - The service account used for the encryption request for the given KMS + key. If absent, the Compute Engine Service Agent service account is used. + returned: success + type: str sourceImageId: description: - The ID value of the image used to create this disk. This value identifies @@ -289,6 +295,12 @@ must have `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. returned: success type: str + kmsKeyServiceAccount: + description: + - The service account used for the encryption request for the given KMS + key. If absent, the Compute Engine Service Agent service account is used. + returned: success + type: str sourceSnapshot: description: - The source snapshot used to create this disk. You can provide this as a partial @@ -319,6 +331,12 @@ key that protects this resource. returned: success type: str + kmsKeyServiceAccount: + description: + - The service account used for the encryption request for the given KMS + key. If absent, the Compute Engine Service Agent service account is used. + returned: success + type: str sourceSnapshotId: description: - The unique ID of the snapshot used to create this disk. This value identifies