beaker-google 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 58d4cd4a18e98fac54af847b0f0b3538359483700f9770cb4a222a4c588c4f6d
-  data.tar.gz: 41fcc4aa6d3c4836e4a862807b0fe0ba91c0920995b0c96e9ce483f0d6cd792c
+  metadata.gz: 75a97e86c7f87f03623670307b3473519a9b0661137c217f6ce255bbb4cf7eb7
+  data.tar.gz: b5a2deec42679666ed39aa20e853c04e89d050f0f0dd37cb0511614dbf7b3a52
 SHA512:
-  metadata.gz: 9149521d4525a55f1e35fff642109552028be22a6af77f1a7bfe0fd57fe5d196e00cb8969bbc09ad03a6557d0e5f3f661e8c04fd62e76b260204f2d73db5d0b0
-  data.tar.gz: 75ce8eb08efd1f5f5776f20f79445327d0811bbb8dae79ee005cbcb7dfc17852ea84a4558b1bfd4040f41c563939b3fb0024e3eb2f8b93209930f5c9cdea1dc2
+  metadata.gz: 7294d81451483860acd2db28341cd434a3d4f68b5c4be7720b870260155da057626a768209a38fde29165dbf75a7c75b47ac4b8482a48ccd60348da19ec677c7
+  data.tar.gz: b5b818fda45a9baa3e83fb74596bb7fa7a11f7ae25dbe52234d3257565a88ba07b9ea956a3d3c4ee1f7fe62c7282e3377ce8f61b9d85326503635417f90240a1

data/.github/dependabot.yml

@@ -1,8 +1,17 @@
 version: 2
 updates:
+# raise PRs for gem updates
 - package-ecosystem: bundler
   directory: "/"
   schedule:
     interval: daily
     time: "13:00"
   open-pull-requests-limit: 10
+
+# Maintain dependencies for GitHub Actions
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "13:00"
+  open-pull-requests-limit: 10

data/.github/workflows/ci.yml

@@ -11,7 +11,7 @@ jobs:
   # rubocop:
   #   runs-on: ubuntu-latest
   #   steps:
-  #     - uses: actions/checkout@v2
+  #     - uses: actions/checkout@v4
   #     - name: Install Ruby 3.1
   #       uses: ruby/setup-ruby@v1
   #       with:
@@ -33,7 +33,7 @@ jobs:
       COVERAGE: ${{ matrix.coverage }}
     name: Ruby ${{ matrix.ruby }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Install Ruby ${{ matrix.ruby }}
         uses: ruby/setup-ruby@v1
         with:

data/.github/workflows/codeql-analysis.yml

@@ -38,11 +38,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,7 +53,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -67,4 +67,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v3

data/.github/workflows/release.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository_owner == 'voxpupuli'
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Install Ruby 3.1
         uses: ruby/setup-ruby@v1
         with:

data/CHANGELOG.md

@@ -1,12 +1,35 @@
 # Changelog
 
-## [1.0.0](https://github.com/voxpupuli/beaker-google/tree/1.0.0) (2022-10-31)
+## [1.1.0](https://github.com/voxpupuli/beaker-google/tree/1.1.0) (2024-05-21)
+
+[Full Changelog](https://github.com/voxpupuli/beaker-google/compare/1.0.0...1.1.0)
+
+**Implemented enhancements:**
+
+- Move timestamp in firewall name to a different value [\#45](https://github.com/voxpupuli/beaker-google/issues/45)
+- Add ability to configure the firewall [\#40](https://github.com/voxpupuli/beaker-google/pull/40) ([jaevans](https://github.com/jaevans))
+- Add ability to set custom hostname [\#39](https://github.com/voxpupuli/beaker-google/pull/39) ([Andy-Adrian](https://github.com/Andy-Adrian))
+
+**Closed issues:**
+
+- Add ability to set custom hostname [\#38](https://github.com/voxpupuli/beaker-google/issues/38)
+- network ports should be configurable [\#34](https://github.com/voxpupuli/beaker-google/issues/34)
+
+**Merged pull requests:**
+
+- Fix name conflicts [\#48](https://github.com/voxpupuli/beaker-google/pull/48) ([jaevans](https://github.com/jaevans))
+- Bump actions/checkout from 2 to 4 [\#43](https://github.com/voxpupuli/beaker-google/pull/43) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump github/codeql-action from 1 to 2 [\#42](https://github.com/voxpupuli/beaker-google/pull/42) ([dependabot[bot]](https://github.com/apps/dependabot))
+- dependabot: check for github actions and bundler [\#41](https://github.com/voxpupuli/beaker-google/pull/41) ([bastelfreak](https://github.com/bastelfreak))
+- Update fakefs requirement from ~\> 1.8 to ~\> 2.4 [\#37](https://github.com/voxpupuli/beaker-google/pull/37) ([dependabot[bot]](https://github.com/apps/dependabot))
+
+## [1.0.0](https://github.com/voxpupuli/beaker-google/tree/1.0.0) (2022-11-02)
 
 [Full Changelog](https://github.com/voxpupuli/beaker-google/compare/0.5.0...1.0.0)
 
 **Fixed bugs:**
 
-- exec sysprep commands in child processes [\#31](https://github.com/voxpupuli/beaker-google/pull/31) ([AndyAdrian-OP](https://github.com/AndyAdrian-OP))
+- exec sysprep commands in child processes [\#31](https://github.com/voxpupuli/beaker-google/pull/31) ([Andy-Adrian](https://github.com/Andy-Adrian))
 
 ## [0.5.0](https://github.com/voxpupuli/beaker-google/tree/0.5.0) (2022-10-04)
 

data/README.md

@@ -10,7 +10,7 @@
 
 Beaker library to use the Google hypervisor
 
-# How to use this wizardry
+# How to use this module
 
 This is a gem that allows you to use hosts with [Google Compute](https://cloud.google.com/compute) hypervisor with [Beaker](https://github.com/voxpupuli/beaker).
 
@@ -46,6 +46,7 @@ The behavior of this library can be configured using either the beaker host conf
 | gce_zone             | true             |                                  | The zone to place compute instances in. The region is calculated from the zone name.                                                                                                                                                                                                          |
 | gce_network          | false            | Default                          | The name of the network to attach to instances. If the project uses the default network, this and `gce_subnetwork` can be left empty.                                                                                                                                                         |
 | gce_subnetwork       | false            | Default                          | The name of the subnetwork to attach to the instances network interface. If the Default network is not used, this must be supplied.                                                                                                                                                           |
+| gce_ports            | false            | `[ ]`                            | A comma separated list of ports to add to the external firewall. Each port is specified in the format `number/protocol` where protocol is one of `tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, or `sctp`. **NOTE:** Port `22/tcp` is required for beaker to function and is automatically added to the firewall. |
 | gce_ssh_private_key  | false            | $HOME/.ssh/google_compute_engine | The file path of the private key to use to connect to instances. If using the key created by the gcloud tool, this can be left blank.                                                                                                                                                         |
 | gce_ssh_public_key   | false            | <gce_ssh_private_key>.pub        | The file path of the public key to upload to the instance. If left blank, attempt to use the file at `gce_ssh_private_key` with a `.pub` extension.                                                                                                                                           |
 | gce_machine_type     | false            | e2-standard-4                    | The machine type to use for the instance. If the `BEAKER_gce_machine_type` environment variable is set, it will be used for all hosts.                                                                                                                                                        |
@@ -55,14 +56,24 @@ The behavior of this library can be configured using either the beaker host conf
 
 All the variables in the list can be set in the Beaker host configuration file, or the ones starting with `gce_` can be overridden by environment variables in the form `BEAKER_gce_...`. i.e. To override the `gce_machine_type` setting in the environment, set `BEAKER_gce_machine_type`.
 
+## Networking
+
+Each run of beaker creates a pair of firewalls to protect the hosts, and internal host-to-host firewall, and an external firewall between the hosts and the internet.
+
+The internal firewall allows all communication between hosts in the node set, while keeping them isolated from any other Beaker jobs that may be running in the same environment. This firewall is attached to all hosts in the test set, and allows all `tcp`, `udp`, and `icmp` traffic.
+
+The external firewall allows outside communication from the internet into the hosts in the test. Due to constrains of the Beaker system, the firewall accepts any source IP (`0.0.0.0/0`) and the SSH port (`22/tcp`) is always allowed. Other ports may be added by using the `gce_ports` configuration option or the `BEAKER_gce_ports` environment variable as a comma separated list of `port/proto` values where `port` is the port number or range, and proto is one of `tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, or `sctp`. The port number is only used for `tcp`, `udp`, and `sctp` protocols. Any value, such as `-1` can be used for the other protocols.
+
+VM Instances created during this process will by default use the automatically-generated instance name as the hostname in the VM OS.  Set the `BEAKER_set_gce_hostname` environment variable to `1` to override this behavior and configure the VM OS with the name defined in the nodeset as the hostname.
+
 # Cleanup
 
 In cases where the beaker process is killed before finishing, it may leave resources in GCP. These resources will need to be manually deleted.
 
 | Resource Type | Name Pattern        | Count                                       |
 | ------------- | ------------------- | ------------------------------------------- |
-| Firewall      | `beaker-<number>-*` | 1                                           |
-| Instance      | `beaker-*`          | One or more depending on test configuration |
+| Firewall      | `beaker-<number>-*` | 2                                           |
+| Instance      | `beaker-<number>-*` | One or more depending on test configuration |
 
 # Contributing
 

data/beaker-google.gemspec

@@ -22,7 +22,7 @@ Gem::Specification.new do |s|
   # Testing dependencies
   s.add_development_dependency 'rspec', '~> 3.0'
   s.add_development_dependency 'rspec-its'
-  s.add_development_dependency 'fakefs', '~> 1.8'
+  s.add_development_dependency 'fakefs', '~> 2.4'
   s.add_development_dependency 'rake', '~> 13.0'
   s.add_development_dependency 'simplecov'
   s.add_development_dependency 'pry', '~> 0.10'

data/lib/beaker/hypervisor/google_compute.rb

@@ -1,13 +1,10 @@
-require 'time'
+require 'securerandom'
 
 module Beaker
   # Beaker support for the Google Compute Engine.
   class GoogleCompute < Beaker::Hypervisor
     SLEEPWAIT = 5
 
-    # Hours before an instance is considered a zombie
-    ZOMBIE = 3
-
     # Do some reasonable sleuthing on the SSH public key for GCE
 
     ##
@@ -79,27 +76,33 @@ module Beaker
       @options = options
       @logger = options[:logger]
       @hosts = google_hosts
-      @firewall = ''
+      @external_firewall_name = ''
+      @internal_firewall_name = ''
       @gce_helper = GoogleComputeHelper.new(options)
     end
 
     # Create and configure virtual machines in the Google Compute Engine,
     # including their associated disks and firewall rules
     def provision
-      start = Time.now
-      test_group_identifier = "beaker-#{start.to_i}-"
+      test_group_identifier = "beaker-#{SecureRandom.hex(4)}"
 
       # set firewall to open pe ports
       network = @gce_helper.get_network
 
-      @firewall = test_group_identifier + generate_host_name
+      @external_firewall_name = test_group_identifier + '-external'
 
-      @gce_helper.create_firewall(@firewall, network)
+      # Always allow ssh from anywhere as it's needed for Beaker to run
+      @gce_helper.create_firewall(@external_firewall_name, network, allow: @options[:gce_ports] + ['22/tcp'], source_ranges: ['0.0.0.0/0'], target_tags: [test_group_identifier])
 
-      @logger.debug("Created Google Compute firewall #{@firewall}")
+      @logger.debug("Created External Google Compute firewall #{@external_firewall_name}")
 
-      @hosts.each do |host|
+      # Create a firewall that opens everything between all the hosts in this test group
+      @internal_firewall_name = test_group_identifier + '-internal'
+      internal_ports = ['1-65535/tcp', '1-65535/udp', '-1/icmp']
+      @gce_helper.create_firewall(@internal_firewall_name, network, allow: internal_ports, source_tags: [test_group_identifier], target_tags: [test_group_identifier])
+      @logger.debug("Created test group Google Compute firewall #{@internal_firewall_name}")
 
+      @hosts.each do |host|
         machine_type_name = ENV.fetch('BEAKER_gce_machine_type', host['gce_machine_type'])
         raise "Must provide a machine type name in 'gce_machine_type'." if machine_type_name.nil?
         # Get the GCE machine type object for this host
@@ -142,7 +145,7 @@ module Beaker
           raise('You must specify either :image or :family')
         end
 
-        unique_host_id = test_group_identifier + generate_host_name
+        unique_host_id = test_group_identifier + '-' + generate_host_name
 
         boot_size = host['volume_size'] || img.disk_size_gb
 
@@ -155,13 +158,16 @@ module Beaker
         host['vmhostname'] = unique_host_id
 
         # add a new instance of the image
-        operation = @gce_helper.create_instance(host['vmhostname'], img, machine_type, boot_size)
+        operation = @gce_helper.create_instance(host['vmhostname'], img, machine_type, boot_size, host.name)
         unless operation.error.nil?
           raise "Unable to create Google Compute Instance #{host.name}: [#{operation.error.errors[0].code}] #{operation.error.errors[0].message}"
         end
         @logger.debug("Created Google Compute instance for #{host.name}: #{host['vmhostname']}")
         instance = @gce_helper.get_instance(host['vmhostname'])
 
+        @gce_helper.add_instance_tag(host['vmhostname'], test_group_identifier)
+        @logger.debug("Added network tag #{test_group_identifier} to instance")
+
         # Make sure we have a non root/Adminsitor user to log in as
         if host['user'] == "root" || host['user'] == "Administrator" || host['user'].empty?
           initial_user = 'google_compute'
@@ -184,7 +190,7 @@ module Beaker
             value: 'FALSE'
           },
         ]
-        
+
         # Check for google's default windows images and turn on ssh if found
         if image_project == "windows-cloud" || image_project == "windows-sql-cloud"
           # Turn on SSH on GCP's default windows images
@@ -210,9 +216,6 @@ module Beaker
 
         host['ip'] = instance.network_interfaces[0].access_configs[0].nat_ip
 
-        # Add the new host to the firewall
-        @gce_helper.add_firewall_tag(@firewall, host['vmhostname'])
-
         if host['disable_root_ssh'] == true
           @logger.info('Not enabling root ssh as disable_root_ssh is true')
         else
@@ -235,7 +238,8 @@ module Beaker
     # Shutdown and destroy virtual machines in the Google Compute Engine,
     # including their associated disks and firewall rules
     def cleanup
-      @gce_helper.delete_firewall(@firewall)
+      @gce_helper.delete_firewall(@external_firewall_name)
+      @gce_helper.delete_firewall(@internal_firewall_name)
 
       @hosts.each do |host|
         # TODO: Delete any other disks attached during the instance creation

data/lib/beaker/hypervisor/google_compute_helper.rb

@@ -24,6 +24,8 @@ class Beaker::GoogleComputeHelper
   DEFAULT_MACHINE_TYPE = 'e2-standard-4'
   DEFAULT_NETWORK_NAME = 'default'
 
+  VALID_PROTOS = ['tcp', 'udp', 'icmp', 'esp', 'ah', 'ipip', 'sctp']
+
   GCP_AUTH_SCOPE = [
     Google::Apis::ComputeV1::AUTH_COMPUTE,
     Google::Apis::OsloginV1::AUTH_CLOUD_PLATFORM_READ_ONLY,
@@ -48,8 +50,18 @@ class Beaker::GoogleComputeHelper
     @options[:gce_network] = ENV.fetch('BEAKER_gce_network', DEFAULT_NETWORK_NAME)
     @options[:gce_subnetwork] = ENV.fetch('BEAKER_gce_subnetwork', nil)
 
+    @configure_ports = ENV.fetch('BEAKER_gce_ports', "").strip
+    # Split the ports based on commas, removing any empty values
+    @options[:gce_ports] = @configure_ports.split(/\s*?,\s*/).reject { |s| s.empty? }
+
     raise 'You must specify a gce_project for Google Compute Engine instances!' unless @options[:gce_project]
 
+    @options[:gce_ports].each do |port|
+      parts = port.split('/', 2)
+      raise "Invalid format for port #{port}. Should be 'port/proto'" unless parts.length == 2
+      proto = parts[1]
+      raise "Invalid value '#{proto}' for protocol in '#{port}'. Must be one of '#{VALID_PROTOS.join("', '")}'" unless VALID_PROTOS.include? proto
+    end
     authorizer = authenticate
     @compute = ::Google::Apis::ComputeV1::ComputeService.new
     @compute.authorization = authorizer
@@ -288,39 +300,131 @@ class Beaker::GoogleComputeHelper
   # @param [::Google::Apis::ComputeV1::Network] network The Google Compute networkin which to create
   # the firewall
   #
+  # @param [Array<String>] allow List of ports to allow through the firewall. One of 'allow' or 'deny' must be specified, but not both.
+  #
+  # @param [Array<String>] deny List of ports to deny through the firewall. One of 'allow' or 'deny' must be specified, but not both.
+  #
+  # @param [Array<String>] source_ranges List of ranges in CIDR format to accept through the firewall. If neither 'source_ranges' 
+  # or 'source_tags' is specified, GCP adds a default 'source_range' of '0.0.0.0/0' (allow all)
+  #
+  # @param [Array<String>] source_tags List of network tags to accept through the firewall. If neither 'source_ranges' 
+  # or 'source_tags' is specified, GCP adds a default 'source_range' of '0.0.0.0/0' (allow all)
+  #
+  # @param [Array<String>] target_ranges List of ranges in CIDR format to apply this firewall. If neither 'target_ranges' 
+  # or 'target_tags' is specified, the firewall applies to all hosts in the VPC
+  #
+  # @param [Array<String>] target_tags List of network tags to apply this firewall. If neither 'target_ranges' 
+  # or 'target_tags' is specified, the firewall applies to all hosts in the VPC
+  #
   # @return [Google::Apis::ComputeV1::Operation]
   #
   # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
   # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
   # @raise [Google::Apis::AuthorizationError] Authorization is required
-  def create_firewall(name, network)
+  def create_firewall(name, network, allow: [], deny: [], source_ranges: [], source_tags: [], target_ranges: [], target_tags: [])
+    allowed = []
+    allow.each do |port|
+      parts = port.split('/', 2)
+      if parts[1] == 'tcp' || parts[1] == 'udp' || parts[1] == 'sctp' then
+        allowed << ::Google::Apis::ComputeV1::Firewall::Allowed.new(ip_protocol: parts[1], ports: [parts[0]])
+      else
+        allowed << ::Google::Apis::ComputeV1::Firewall::Allowed.new(ip_protocol: parts[1])
+      end
+    end
+    denied = []
+    deny.each do |port|
+      parts = port.split('/', 2)
+      if parts[1] == 'tcp' || parts[1] == 'udp' || parts[1] == 'sctp' then
+        denied << ::Google::Apis::ComputeV1::Firewall::Denied.new(ip_protocol: parts[1], ports: [parts[0]])
+      else
+        denied << ::Google::Apis::ComputeV1::Firewall::Denied.new(ip_protocol: parts[1])
+      end
+    end
+
     firewall_object = ::Google::Apis::ComputeV1::Firewall.new(
       name: name,
-      allowed: [
-        ::Google::Apis::ComputeV1::Firewall::Allowed.new(ip_protocol: 'tcp',
-                                                         ports: ['443', '8140', '61613', '8080', '8081', '22']),
-      ],
+      direction: 'INGRESS',
       network: network.self_link,
-      # TODO: Is there a better way to do this?
-      sourceRanges: ['0.0.0.0/0'], # Allow from anywhere
+      allowed: allowed,
+      denied: denied,
+      source_ranges: source_ranges,
+      source_tags: source_tags,
+      target_ranges: target_ranges,
+      target_tags: target_tags,
     )
     operation = @compute.insert_firewall(@options[:gce_project], firewall_object)
     @compute.wait_global_operation(@options[:gce_project], operation.name)
   end
 
+  ##
+  # Get the named firewall
+  #
+  # @param [String] name The name of the firewall
+  #
+  # @return [Google::Apis::ComputeV1::Firewall]
+  #
+  # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+  # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+  # @raise [Google::Apis::AuthorizationError] Authorization is required
+  def get_firewall(name)
+    firewall = @compute.get_firewall(@options[:gce_project], name)
+  end
+
+  ##
+  # Add a source range to the firewall.
+  #
+  # @param [String] name The name of the firewall
+  #
+  # @param [String] range The IP range in CIDR format to add to the firewall
+  #
+  # @return [Google::Apis::ComputeV1::Operation]
+  #
+  # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+  # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+  # @raise [Google::Apis::AuthorizationError] Authorization is required
+  def add_firewall_source_range(name, range)
+    firewall = get_firewall(name)
+    firewall.source_ranges = [] if firewall.source_ranges.nil?
+    firewall.source_ranges << range
+    operation = @compute.patch_firewall(@options[:gce_project], name, firewall)
+    @compute.wait_global_operation(@options[:gce_project], operation.name)
+  end
+
+  ##
+  # Add an allowed port to the firewall
+  #
+  # @param [String] name The name of the firewall
+  #
+  # @param [String] port The port number to open on the firewall
+  #
+  # @param [String] proto The protocol of the port. This should be 'tcp' or 'udp'
+  #
+  # @return [Google::Apis::ComputeV1::Operation]
+  #
+  # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+  # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+  # @raise [Google::Apis::AuthorizationError] Authorization is required
+  def add_firewall_port(name, port, proto)
+    firewall = get_firewall(name)
+    firewall.allowed = [] if firewall.allowed.nil?
+    firewall.allowed << ::Google::Apis::ComputeV1::Firewall::Allowed.new(ip_protocol: proto, ports: [port])
+    operation = @compute.patch_firewall(@options[:gce_project], name, firewall)
+    @compute.wait_global_operation(@options[:gce_project], operation.name)
+  end
+
   ##
   # Add a taget_tag to an existing firewall
   #
   # @param [String] the name of the firewall to update
   #
-  # @ param [String] tag The tag to add to the firewall
+  # @param [String] tag The target tag to add to the firewall
   #
   # @return [Google::Apis::ComputeV1::Operation]
   #
   # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
   # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
   # @raise [Google::Apis::AuthorizationError] Authorization is required
-  def add_firewall_tag(name, tag)
+  def add_firewall_target_tag(name, tag)
     firewall = @compute.get_firewall(@options[:gce_project], name)
     firewall.target_tags = [] if firewall.target_tags.nil?
     firewall.target_tags << tag
@@ -328,6 +432,26 @@ class Beaker::GoogleComputeHelper
     @compute.wait_global_operation(@options[:gce_project], operation.name)
   end
 
+  ##
+  # Add a source_tag to an existing firewall
+  #
+  # @param [String] the name of the firewall to update
+  #
+  # @param [String] tag The source tag to add to the firewall
+  #
+  # @return [Google::Apis::ComputeV1::Operation]
+  #
+  # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+  # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+  # @raise [Google::Apis::AuthorizationError] Authorization is required
+  def add_firewall_source_tag(name, tag)
+    firewall = @compute.get_firewall(@options[:gce_project], name)
+    firewall.source_tags = [] if firewall.source_tags.nil?
+    firewall.source_tags << tag
+    operation = @compute.patch_firewall(@options[:gce_project], name, firewall)
+    @compute.wait_global_operation(@options[:gce_project], operation.name)
+  end
+
   ##
   # Create a Google Compute disk
   #
@@ -363,12 +487,14 @@ class Beaker::GoogleComputeHelper
   # @param [Integer] disk_size The size of the boot disk for the new instance. Must be equal to or
   #   greater than the image disk's size
   #
+  # @param [String] hostname The custom hostname to set in the OS of the instance
+  #
   # @return [Google::Apis::ComputeV1::Operation]
   #
   # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
   # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
   # @raise [Google::Apis::AuthorizationError] Authorization is required
-  def create_instance(name, img, machine_type, disk_size)
+  def create_instance(name, img, machine_type, disk_size, hostname)
     initialize_params = ::Google::Apis::ComputeV1::AttachedDiskInitializeParams.new(
       disk_size_gb: disk_size,
       source_image: img.self_link,
@@ -393,13 +519,24 @@ class Beaker::GoogleComputeHelper
         ),
       ],
     )
-    new_instance = ::Google::Apis::ComputeV1::Instance.new(
-      machine_type: machine_type.self_link,
-      name: name,
-      disks: [disk_params],
-      network_interfaces: [network_interface],
-      tags: tags,
-    )
+
+    instance_opts = {
+      :machine_type => machine_type.self_link,
+      :name => name,
+      :disks => [disk_params],
+      :network_interfaces => [network_interface],
+      :tags => tags,
+    }
+
+    # use custom hostname if specified
+    if hostname && ENV.fetch('BEAKER_set_gce_hostname', false)
+      # The google api requires an FQDN for the custom hostname
+      hostname.include?('.') ? valid_hostname = hostname : valid_hostname = hostname + '.beaker.test' 
+      instance_opts[:hostname] = valid_hostname
+    end
+    
+    new_instance = ::Google::Apis::ComputeV1::Instance.new(instance_opts)
+
     operation = @compute.insert_instance(@options[:gce_project], @options[:gce_zone], new_instance)
     @compute.wait_zone_operation(@options[:gce_project], @options[:gce_zone], operation.name)
   end
@@ -418,6 +555,26 @@ class Beaker::GoogleComputeHelper
     @compute.get_instance(@options[:gce_project], @options[:gce_zone], name)
   end
 
+  ##
+  # Add a tag to a Google Compute Instance
+  #
+  # @param [String] name The name of the instance
+  #
+  # @param [String] tag The tag to add to the instance
+  #
+  # @return [Google::Apis::ComputeV1::Operation]
+  #
+  # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+  # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+  # @raise [Google::Apis::AuthorizationError] Authorization is required
+  def add_instance_tag(name, tag)
+    instance = get_instance(name)
+    tags = instance.tags
+    tags.items << tag
+    operation = @compute.set_instance_tags(@options[:gce_project], @options[:gce_zone], name, tags)
+    @compute.wait_zone_operation(@options[:gce_project], @options[:gce_zone], operation.name)
+  end
+
   ##
   # Set key/value metadata pairs to a Google Compute instance
   #

data/lib/beaker-google/version.rb

@@ -1,3 +1,3 @@
 module BeakerGoogle
-  VERSION = '1.0.0'
+  VERSION = '1.1.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: beaker-google
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Puppet
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-11-02 00:00:00.000000000 Z
+date: 2024-05-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -45,14 +45,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '2.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '2.4'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -225,7 +225,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.3.27
 signing_key: 
 specification_version: 4
 summary: Beaker DSL Extension Helpers!