Adds bigip_device_httpd module (#33924)

this module can be used to adjust the details of the server that
hosts the BIG-IP web ui.
This commit is contained in:
Tim Rupp 2017-12-14 14:16:28 -08:00 committed by GitHub
commit 22059cbe67
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 635 additions and 0 deletions

View file

@ -0,0 +1,36 @@
{
"kind": "tm:sys:httpd:httpdstate",
"selfLink": "https://localhost/mgmt/tm/sys/httpd?ver=12.1.2",
"allow": [
"All"
],
"authName": "BIG-IP",
"authPamDashboardTimeout": "off",
"authPamIdleTimeout": 1200,
"authPamValidateIp": "on",
"fastcgiTimeout": 300,
"fipsCipherVersion": 0,
"hostnameLookup": "off",
"logLevel": "warn",
"maxClients": 10,
"redirectHttpToHttps": "disabled",
"requestBodyMaxTimeout": 0,
"requestBodyMinRate": 500,
"requestBodyTimeout": 60,
"requestHeaderMaxTimeout": 40,
"requestHeaderMinRate": 500,
"requestHeaderTimeout": 20,
"sslCertfile": "/etc/httpd/conf/ssl.crt/server.crt",
"sslCertkeyfile": "/etc/httpd/conf/ssl.key/server.key",
"sslCiphersuite": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES128-SHA256:AES256-SHA256:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA",
"sslOcspDefaultResponder": "http://127.0.0.1",
"sslOcspEnable": "off",
"sslOcspOverrideResponder": "off",
"sslOcspResponderTimeout": 300,
"sslOcspResponseMaxAge": -1,
"sslOcspResponseTimeSkew": 300,
"sslPort": 443,
"sslProtocol": "all -SSLv2 -SSLv3",
"sslVerifyClient": "no",
"sslVerifyDepth": 10
}

View file

@ -0,0 +1,122 @@
# -*- coding: utf-8 -*-
#
# Copyright: (c) 2017, F5 Networks Inc.
# GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import sys
from nose.plugins.skip import SkipTest
if sys.version_info < (2, 7):
raise SkipTest("F5 Ansible modules require Python >= 2.7")
from ansible.compat.tests import unittest
from ansible.compat.tests.mock import Mock
from ansible.compat.tests.mock import patch
from ansible.module_utils.f5_utils import AnsibleF5Client
try:
from library.bigip_device_httpd import Parameters
from library.bigip_device_httpd import ModuleManager
from library.bigip_device_httpd import ArgumentSpec
from ansible.module_utils.f5_utils import iControlUnexpectedHTTPError
from test.unit.modules.utils import set_module_args
except ImportError:
try:
from ansible.modules.network.f5.bigip_device_httpd import Parameters
from ansible.modules.network.f5.bigip_device_httpd import ModuleManager
from ansible.modules.network.f5.bigip_device_httpd import ArgumentSpec
from ansible.module_utils.f5_utils import iControlUnexpectedHTTPError
from units.modules.utils import set_module_args
except ImportError:
raise SkipTest("F5 Ansible modules require the f5-sdk Python library")
fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures')
fixture_data = {}
def load_fixture(name):
path = os.path.join(fixture_path, name)
if path in fixture_data:
return fixture_data[path]
with open(path) as f:
data = f.read()
try:
data = json.loads(data)
except Exception:
pass
fixture_data[path] = data
return data
class TestParameters(unittest.TestCase):
def test_module_parameters(self):
args = dict(
auth_name='BIG-IP',
auth_pam_idle_timeout=1200,
auth_pam_validate_ip='on'
)
p = Parameters(args)
assert p.auth_name == 'BIG-IP'
assert p.auth_pam_idle_timeout == 1200
assert p.auth_pam_validate_ip == 'on'
def test_api_parameters(self):
args = load_fixture('load_sys_httpd.json')
p = Parameters(args)
assert p.auth_name == 'BIG-IP'
assert p.auth_pam_idle_timeout == 1200
@patch('ansible.module_utils.f5_utils.AnsibleF5Client._get_mgmt_root',
return_value=True)
class TestModuleManager(unittest.TestCase):
def setUp(self):
self.spec = ArgumentSpec()
def test_update(self, *args):
set_module_args(
dict(
auth_name='foo',
auth_pam_idle_timeout='1000',
auth_pam_validate_ip='off',
auth_pam_dashboard_timeout='on',
fast_cgi_timeout=200,
hostname_lookup='on',
log_level='error',
max_clients='20',
redirect_http_to_https='yes',
ssl_port=8443,
server='localhost',
user='admin',
password='password'
)
)
current = Parameters(
load_fixture('load_sys_httpd.json')
)
client = AnsibleF5Client(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode,
f5_product_name=self.spec.f5_product_name
)
mm = ModuleManager(client)
# Override methods to force specific logic in the module to happen
mm.update_on_device = Mock(return_value=True)
mm.read_current_from_device = Mock(return_value=current)
results = mm.exec_module()
assert results['changed'] is True