mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-24 21:14:00 -07:00 
			
		
		
		
	Adds bigip_remote_role module (#44358)
This module can be used to manage remote roles on a BIG-IP used for remote authentication to management interfaces.
This commit is contained in:
		
					parent
					
						
							
								0eb284b040
							
						
					
				
			
			
				commit
				
					
						783b565583
					
				
			
		
					 2 changed files with 664 additions and 0 deletions
				
			
		
							
								
								
									
										556
									
								
								lib/ansible/modules/network/f5/bigip_remote_role.py
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										556
									
								
								lib/ansible/modules/network/f5/bigip_remote_role.py
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,556 @@ | ||||||
|  | #!/usr/bin/python | ||||||
|  | # -*- coding: utf-8 -*- | ||||||
|  | # | ||||||
|  | # Copyright: (c) 2018, F5 Networks Inc. | ||||||
|  | # GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) | ||||||
|  | 
 | ||||||
|  | from __future__ import absolute_import, division, print_function | ||||||
|  | __metaclass__ = type | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | ANSIBLE_METADATA = {'metadata_version': '1.1', | ||||||
|  |                     'status': ['preview'], | ||||||
|  |                     'supported_by': 'community'} | ||||||
|  | 
 | ||||||
|  | DOCUMENTATION = r''' | ||||||
|  | --- | ||||||
|  | module: bigip_remote_role | ||||||
|  | short_description: Manage remote roles on a BIG-IP | ||||||
|  | description: | ||||||
|  |   - Manages remote roles on a BIG-IP. Remote roles are used in situations where | ||||||
|  |     user authentication is handled off-box. Local access control to the BIG-IP | ||||||
|  |     is controlled by the defined remote role. Where-as authentication (and by | ||||||
|  |     extension, assignment to the role) is handled off-box. | ||||||
|  | version_added: 2.7 | ||||||
|  | options: | ||||||
|  |   name: | ||||||
|  |     description: | ||||||
|  |       - Specifies the name of the remote role. | ||||||
|  |     required: True | ||||||
|  |   line_order: | ||||||
|  |     description: | ||||||
|  |       - Specifies the order of the line in the file C(/config/bigip/auth/remoterole). | ||||||
|  |       - The LDAP and Active Directory servers read this file line by line. | ||||||
|  |       - The order of the information is important; therefore, F5 recommends that | ||||||
|  |         you set the first line at 1000. This allows you, in the future, to insert | ||||||
|  |         lines before the first line. | ||||||
|  |       - When creating a new remote role, this parameter is required. | ||||||
|  |   attribute_string: | ||||||
|  |     description: | ||||||
|  |       - Specifies the user account attributes saved in the group, in the format | ||||||
|  |         C(cn=, ou=, dc=). | ||||||
|  |       - When creating a new remote role, this parameter is required. | ||||||
|  |   remote_access: | ||||||
|  |     description: | ||||||
|  |       - Enables or disables remote access for the specified group of remotely | ||||||
|  |         authenticated users. | ||||||
|  |       - When creating a new remote role, if this parameter is not specified, the default | ||||||
|  |         is C(yes). | ||||||
|  |     type: bool | ||||||
|  |   assigned_role: | ||||||
|  |     description: | ||||||
|  |       - Specifies the authorization (level of access) for the account. | ||||||
|  |       - When creating a new remote role, if this parameter is not provided, the | ||||||
|  |         default is C(none). | ||||||
|  |       - The C(partition_access) parameter controls which partitions the account can | ||||||
|  |         access. | ||||||
|  |       - The chosen role may affect the partitions that one is allowed to specify. | ||||||
|  |         Specifically, roles such as C(administrator), C(auditor) and C(resource-administrator) | ||||||
|  |         required a C(partition_access) of C(all). | ||||||
|  |       - A set of pre-existing roles ship with the system. They are C(none), C(guest), | ||||||
|  |         C(operator), C(application-editor), C(manager), C(certificate-manager), | ||||||
|  |         C(irule-manager), C(user-manager), C(resource-administrator), C(auditor), | ||||||
|  |         C(administrator), C(firewall-manager). | ||||||
|  |   partition_access: | ||||||
|  |     description: | ||||||
|  |       - Specifies the accessible partitions for the account. | ||||||
|  |       - This parameter supports the reserved names C(all) and C(Common), as well as | ||||||
|  |         specific partitions a user may access. | ||||||
|  |       - Users who have access to a partition can operate on objects in that partition, | ||||||
|  |         as determined by the permissions conferred by the user's C(assigned_role). | ||||||
|  |       - When creating a new remote role, if this parameter is not specified, the default | ||||||
|  |         is C(all). | ||||||
|  |   terminal_access: | ||||||
|  |     description: | ||||||
|  |       - Specifies terminal-based accessibility for remote accounts not already | ||||||
|  |         explicitly assigned a user role. | ||||||
|  |       - Common values for this include C(tmsh) and C(none), however custom values | ||||||
|  |         may also be specified. | ||||||
|  |       - When creating a new remote role, if this parameter is not specified, the default | ||||||
|  |         is C(none). | ||||||
|  |   state: | ||||||
|  |     description: | ||||||
|  |       - When C(present), guarantees that the remote role exists. | ||||||
|  |       - When C(absent), removes the remote role from the system. | ||||||
|  |     default: present | ||||||
|  |     choices: | ||||||
|  |       - absent | ||||||
|  |       - present | ||||||
|  | extends_documentation_fragment: f5 | ||||||
|  | author: | ||||||
|  |   - Tim Rupp (@caphrim007) | ||||||
|  | ''' | ||||||
|  | 
 | ||||||
|  | EXAMPLES = r''' | ||||||
|  | - name: Create a remote role | ||||||
|  |   bigip_remote_role: | ||||||
|  |     name: foo | ||||||
|  |     group_name: ldap_group | ||||||
|  |     line_order: 1 | ||||||
|  |     attribute_string: memberOf=cn=ldap_group,cn=ldap.group,ou=ldap | ||||||
|  |     remote_access: enabled | ||||||
|  |     assigned_role: administrator | ||||||
|  |     partition_access: all | ||||||
|  |     terminal_access: none | ||||||
|  |     state: present | ||||||
|  |     provider: | ||||||
|  |       password: secret | ||||||
|  |       server: lb.mydomain.com | ||||||
|  |       user: admin | ||||||
|  |   delegate_to: localhost | ||||||
|  | ''' | ||||||
|  | 
 | ||||||
|  | RETURN = r''' | ||||||
|  | attribute_string: | ||||||
|  |   description: The new attribute string of the resource. | ||||||
|  |   returned: changed | ||||||
|  |   type: string | ||||||
|  |   sample: "memberOf=cn=ldap_group,cn=ldap.group,ou=ldap" | ||||||
|  | terminal_access: | ||||||
|  |   description: The terminal setting of the remote role. | ||||||
|  |   returned: changed | ||||||
|  |   type: string | ||||||
|  |   sample: tmsh | ||||||
|  | line_order: | ||||||
|  |   description: Order of the remote role for LDAP and Active Directory servers. | ||||||
|  |   returned: changed | ||||||
|  |   type: int | ||||||
|  |   sample: 1000 | ||||||
|  | assigned_role: | ||||||
|  |   description: System role that this remote role is associated with. | ||||||
|  |   returned: changed | ||||||
|  |   type: string | ||||||
|  |   sample: administrator | ||||||
|  | partition_access: | ||||||
|  |   description: Partition that the role has access to. | ||||||
|  |   returned: changed | ||||||
|  |   type: string | ||||||
|  |   sample: all | ||||||
|  | remote_access: | ||||||
|  |   description: Whether remote access is allowed or not. | ||||||
|  |   returned: changed | ||||||
|  |   type: bool | ||||||
|  |   sample: no | ||||||
|  | ''' | ||||||
|  | 
 | ||||||
|  | from ansible.module_utils.basic import AnsibleModule | ||||||
|  | from ansible.module_utils.basic import env_fallback | ||||||
|  | from ansible.module_utils.six import iteritems | ||||||
|  | 
 | ||||||
|  | try: | ||||||
|  |     from library.module_utils.network.f5.bigip import F5RestClient | ||||||
|  |     from library.module_utils.network.f5.common import F5ModuleError | ||||||
|  |     from library.module_utils.network.f5.common import AnsibleF5Parameters | ||||||
|  |     from library.module_utils.network.f5.common import cleanup_tokens | ||||||
|  |     from library.module_utils.network.f5.common import fq_name | ||||||
|  |     from library.module_utils.network.f5.common import f5_argument_spec | ||||||
|  |     from library.module_utils.network.f5.common import exit_json | ||||||
|  |     from library.module_utils.network.f5.common import fail_json | ||||||
|  |     from library.module_utils.network.f5.common import flatten_boolean | ||||||
|  |     from library.module_utils.network.f5.common import transform_name | ||||||
|  | except ImportError: | ||||||
|  |     from ansible.module_utils.network.f5.bigip import F5RestClient | ||||||
|  |     from ansible.module_utils.network.f5.common import F5ModuleError | ||||||
|  |     from ansible.module_utils.network.f5.common import AnsibleF5Parameters | ||||||
|  |     from ansible.module_utils.network.f5.common import cleanup_tokens | ||||||
|  |     from ansible.module_utils.network.f5.common import fq_name | ||||||
|  |     from ansible.module_utils.network.f5.common import f5_argument_spec | ||||||
|  |     from ansible.module_utils.network.f5.common import exit_json | ||||||
|  |     from ansible.module_utils.network.f5.common import fail_json | ||||||
|  |     from ansible.module_utils.network.f5.common import flatten_boolean | ||||||
|  |     from ansible.module_utils.network.f5.common import transform_name | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | class Parameters(AnsibleF5Parameters): | ||||||
|  |     api_map = { | ||||||
|  |         'attribute': 'attribute_string', | ||||||
|  |         'console': 'terminal_access', | ||||||
|  |         'lineOrder': 'line_order', | ||||||
|  |         'role': 'assigned_role', | ||||||
|  |         'userPartition': 'partition_access', | ||||||
|  |         'deny': 'remote_access' | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     api_attributes = [ | ||||||
|  |         'attribute', | ||||||
|  |         'console', | ||||||
|  |         'lineOrder', | ||||||
|  |         'role', | ||||||
|  |         'deny', | ||||||
|  |         'userPartition', | ||||||
|  |     ] | ||||||
|  | 
 | ||||||
|  |     returnables = [ | ||||||
|  |         'attribute_string', | ||||||
|  |         'terminal_access', | ||||||
|  |         'line_order', | ||||||
|  |         'assigned_role', | ||||||
|  |         'partition_access', | ||||||
|  |         'remote_access', | ||||||
|  |     ] | ||||||
|  | 
 | ||||||
|  |     updatables = [ | ||||||
|  |         'attribute_string', | ||||||
|  |         'terminal_access', | ||||||
|  |         'line_order', | ||||||
|  |         'assigned_role', | ||||||
|  |         'partition_access', | ||||||
|  |         'remote_access', | ||||||
|  |     ] | ||||||
|  | 
 | ||||||
|  |     role_map = { | ||||||
|  |         'application-editor': 'applicationeditor', | ||||||
|  |         'none': 'noaccess', | ||||||
|  |         'certificate-manager': 'certificatemanager', | ||||||
|  |         'irule-manager': 'irulemanager', | ||||||
|  |         'user-manager': 'usermanager', | ||||||
|  |         'resource-administrator': 'resourceadmin', | ||||||
|  |         'firewall-manager': 'firewallmanager' | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | class ApiParameters(Parameters): | ||||||
|  |     pass | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | class ModuleParameters(Parameters): | ||||||
|  |     @property | ||||||
|  |     def partition(self): | ||||||
|  |         return 'Common' | ||||||
|  | 
 | ||||||
|  |     @property | ||||||
|  |     def assigned_role(self): | ||||||
|  |         if self._values['assigned_role'] is None: | ||||||
|  |             return None | ||||||
|  |         return self.role_map.get(self._values['assigned_role'], self._values['assigned_role']) | ||||||
|  | 
 | ||||||
|  |     @property | ||||||
|  |     def terminal_access(self): | ||||||
|  |         if self._values['terminal_access'] in [None, 'tmsh']: | ||||||
|  |             return self._values['terminal_access'] | ||||||
|  |         elif self._values['terminal_access'] == 'none': | ||||||
|  |             return 'disable' | ||||||
|  |         return self._values['terminal_access'] | ||||||
|  | 
 | ||||||
|  |     @property | ||||||
|  |     def partition_access(self): | ||||||
|  |         if self._values['partition_access'] is None: | ||||||
|  |             return None | ||||||
|  |         if self._values['partition_access'] == 'all': | ||||||
|  |             return 'All' | ||||||
|  |         return self._values['partition_access'] | ||||||
|  | 
 | ||||||
|  |     @property | ||||||
|  |     def remote_access(self): | ||||||
|  |         result = flatten_boolean(self._values['remote_access']) | ||||||
|  |         if result == 'yes': | ||||||
|  |             return 'disabled' | ||||||
|  |         elif result == 'no': | ||||||
|  |             return 'enabled' | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | class Changes(Parameters): | ||||||
|  |     def to_return(self): | ||||||
|  |         result = {} | ||||||
|  |         try: | ||||||
|  |             for returnable in self.returnables: | ||||||
|  |                 result[returnable] = getattr(self, returnable) | ||||||
|  |             result = self._filter_params(result) | ||||||
|  |         except Exception: | ||||||
|  |             pass | ||||||
|  |         return result | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | class UsableChanges(Changes): | ||||||
|  |     pass | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | class ReportableChanges(Changes): | ||||||
|  |     @property | ||||||
|  |     def assigned_role(self): | ||||||
|  |         if self._values['assigned_role'] is None: | ||||||
|  |             return None | ||||||
|  |         rmap = dict((v, k) for k, v in iteritems(self.role_map)) | ||||||
|  |         return rmap.get(self._values['assigned_role'], self._values['assigned_role']) | ||||||
|  | 
 | ||||||
|  |     @property | ||||||
|  |     def terminal_access(self): | ||||||
|  |         if self._values['terminal_access'] in [None, 'tmsh']: | ||||||
|  |             return self._values['terminal_access'] | ||||||
|  |         elif self._values['terminal_access'] == 'disabled': | ||||||
|  |             return 'none' | ||||||
|  |         return self._values['terminal_access'] | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | class Difference(object): | ||||||
|  |     def __init__(self, want, have=None): | ||||||
|  |         self.want = want | ||||||
|  |         self.have = have | ||||||
|  | 
 | ||||||
|  |     def compare(self, param): | ||||||
|  |         try: | ||||||
|  |             result = getattr(self, param) | ||||||
|  |             return result | ||||||
|  |         except AttributeError: | ||||||
|  |             return self.__default(param) | ||||||
|  | 
 | ||||||
|  |     def __default(self, param): | ||||||
|  |         attr1 = getattr(self.want, param) | ||||||
|  |         try: | ||||||
|  |             attr2 = getattr(self.have, param) | ||||||
|  |             if attr1 != attr2: | ||||||
|  |                 return attr1 | ||||||
|  |         except AttributeError: | ||||||
|  |             return attr1 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | class ModuleManager(object): | ||||||
|  |     def __init__(self, *args, **kwargs): | ||||||
|  |         self.module = kwargs.get('module', None) | ||||||
|  |         self.client = kwargs.get('client', None) | ||||||
|  |         self.want = ModuleParameters(params=self.module.params) | ||||||
|  |         self.have = ApiParameters() | ||||||
|  |         self.changes = UsableChanges() | ||||||
|  | 
 | ||||||
|  |     def _set_changed_options(self): | ||||||
|  |         changed = {} | ||||||
|  |         for key in Parameters.returnables: | ||||||
|  |             if getattr(self.want, key) is not None: | ||||||
|  |                 changed[key] = getattr(self.want, key) | ||||||
|  |         if changed: | ||||||
|  |             self.changes = UsableChanges(params=changed) | ||||||
|  | 
 | ||||||
|  |     def _update_changed_options(self): | ||||||
|  |         diff = Difference(self.want, self.have) | ||||||
|  |         updatables = Parameters.updatables | ||||||
|  |         changed = dict() | ||||||
|  |         for k in updatables: | ||||||
|  |             change = diff.compare(k) | ||||||
|  |             if change is None: | ||||||
|  |                 continue | ||||||
|  |             else: | ||||||
|  |                 if isinstance(change, dict): | ||||||
|  |                     changed.update(change) | ||||||
|  |                 else: | ||||||
|  |                     changed[k] = change | ||||||
|  |         if changed: | ||||||
|  |             self.changes = UsableChanges(params=changed) | ||||||
|  |             return True | ||||||
|  |         return False | ||||||
|  | 
 | ||||||
|  |     def should_update(self): | ||||||
|  |         result = self._update_changed_options() | ||||||
|  |         if result: | ||||||
|  |             return True | ||||||
|  |         return False | ||||||
|  | 
 | ||||||
|  |     def exec_module(self): | ||||||
|  |         changed = False | ||||||
|  |         result = dict() | ||||||
|  |         state = self.want.state | ||||||
|  | 
 | ||||||
|  |         if state == "present": | ||||||
|  |             changed = self.present() | ||||||
|  |         elif state == "absent": | ||||||
|  |             changed = self.absent() | ||||||
|  | 
 | ||||||
|  |         reportable = ReportableChanges(params=self.changes.to_return()) | ||||||
|  |         changes = reportable.to_return() | ||||||
|  |         result.update(**changes) | ||||||
|  |         result.update(dict(changed=changed)) | ||||||
|  |         self._announce_deprecations(result) | ||||||
|  |         return result | ||||||
|  | 
 | ||||||
|  |     def _announce_deprecations(self, result): | ||||||
|  |         warnings = result.pop('__warnings', []) | ||||||
|  |         for warning in warnings: | ||||||
|  |             self.client.module.deprecate( | ||||||
|  |                 msg=warning['msg'], | ||||||
|  |                 version=warning['version'] | ||||||
|  |             ) | ||||||
|  | 
 | ||||||
|  |     def present(self): | ||||||
|  |         if self.exists(): | ||||||
|  |             return self.update() | ||||||
|  |         else: | ||||||
|  |             return self.create() | ||||||
|  | 
 | ||||||
|  |     def exists(self): | ||||||
|  |         uri = "https://{0}:{1}/mgmt/tm/auth/remote-role/role-info/{2}".format( | ||||||
|  |             self.client.provider['server'], | ||||||
|  |             self.client.provider['server_port'], | ||||||
|  |             transform_name(self.want.partition, self.want.name) | ||||||
|  |         ) | ||||||
|  |         resp = self.client.api.get(uri) | ||||||
|  |         try: | ||||||
|  |             response = resp.json() | ||||||
|  |         except ValueError: | ||||||
|  |             return False | ||||||
|  |         if resp.status == 404 or 'code' in response and response['code'] == 404: | ||||||
|  |             return False | ||||||
|  |         return True | ||||||
|  | 
 | ||||||
|  |     def update(self): | ||||||
|  |         self.have = self.read_current_from_device() | ||||||
|  |         if not self.should_update(): | ||||||
|  |             return False | ||||||
|  |         if self.module.check_mode: | ||||||
|  |             return True | ||||||
|  |         self.update_on_device() | ||||||
|  |         return True | ||||||
|  | 
 | ||||||
|  |     def remove(self): | ||||||
|  |         if self.module.check_mode: | ||||||
|  |             return True | ||||||
|  |         self.remove_from_device() | ||||||
|  |         if self.exists(): | ||||||
|  |             raise F5ModuleError("Failed to delete the resource.") | ||||||
|  |         return True | ||||||
|  | 
 | ||||||
|  |     def create(self): | ||||||
|  |         if self.want.partition_access is None: | ||||||
|  |             self.want.update({'partition_access': 'all'}) | ||||||
|  |         if self.want.remote_access is None: | ||||||
|  |             self.want.update({'remote_access': True}) | ||||||
|  |         if self.want.assigned_role is None: | ||||||
|  |             self.want.update({'assigned_role': 'none'}) | ||||||
|  |         if self.want.terminal_access is None: | ||||||
|  |             self.want.update({'terminal_access': 'none'}) | ||||||
|  |         self._set_changed_options() | ||||||
|  |         if self.module.check_mode: | ||||||
|  |             return True | ||||||
|  |         self.create_on_device() | ||||||
|  |         return True | ||||||
|  | 
 | ||||||
|  |     def create_on_device(self): | ||||||
|  |         params = self.changes.api_params() | ||||||
|  |         params['name'] = self.want.name | ||||||
|  |         uri = "https://{0}:{1}/mgmt/tm/auth/remote-role/role-info/".format( | ||||||
|  |             self.client.provider['server'], | ||||||
|  |             self.client.provider['server_port'] | ||||||
|  |         ) | ||||||
|  |         resp = self.client.api.post(uri, json=params) | ||||||
|  |         try: | ||||||
|  |             response = resp.json() | ||||||
|  |         except ValueError as ex: | ||||||
|  |             raise F5ModuleError(str(ex)) | ||||||
|  | 
 | ||||||
|  |         if 'code' in response and response['code'] in [400, 403]: | ||||||
|  |             if 'message' in response: | ||||||
|  |                 raise F5ModuleError(response['message']) | ||||||
|  |             else: | ||||||
|  |                 raise F5ModuleError(resp.content) | ||||||
|  | 
 | ||||||
|  |     def update_on_device(self): | ||||||
|  |         params = self.changes.api_params() | ||||||
|  |         uri = "https://{0}:{1}/mgmt/tm/auth/remote-role/role-info/{2}".format( | ||||||
|  |             self.client.provider['server'], | ||||||
|  |             self.client.provider['server_port'], | ||||||
|  |             transform_name(self.want.partition, self.want.name) | ||||||
|  |         ) | ||||||
|  |         resp = self.client.api.patch(uri, json=params) | ||||||
|  |         try: | ||||||
|  |             response = resp.json() | ||||||
|  |         except ValueError as ex: | ||||||
|  |             raise F5ModuleError(str(ex)) | ||||||
|  | 
 | ||||||
|  |         if 'code' in response and response['code'] == 400: | ||||||
|  |             if 'message' in response: | ||||||
|  |                 if 'Once configured [All] partition, remote user group cannot' in response['message']: | ||||||
|  |                     raise F5ModuleError( | ||||||
|  |                         "The specified 'attribute_string' is already used in the 'all' partition." | ||||||
|  |                     ) | ||||||
|  |                 raise F5ModuleError(response['message']) | ||||||
|  |             else: | ||||||
|  |                 raise F5ModuleError(resp.content) | ||||||
|  | 
 | ||||||
|  |     def absent(self): | ||||||
|  |         if self.exists(): | ||||||
|  |             return self.remove() | ||||||
|  |         return False | ||||||
|  | 
 | ||||||
|  |     def remove_from_device(self): | ||||||
|  |         uri = "https://{0}:{1}/mgmt/tm/auth/remote-role/role-info/{2}".format( | ||||||
|  |             self.client.provider['server'], | ||||||
|  |             self.client.provider['server_port'], | ||||||
|  |             transform_name(self.want.partition, self.want.name) | ||||||
|  |         ) | ||||||
|  |         response = self.client.api.delete(uri) | ||||||
|  |         if response.status == 200: | ||||||
|  |             return True | ||||||
|  |         if 'code' in response and response['code'] == 400: | ||||||
|  |             if 'message' in response: | ||||||
|  |                 raise F5ModuleError(response['message']) | ||||||
|  |             else: | ||||||
|  |                 raise F5ModuleError(response.content) | ||||||
|  | 
 | ||||||
|  |     def read_current_from_device(self): | ||||||
|  |         uri = "https://{0}:{1}/mgmt/tm/auth/remote-role/role-info/{2}".format( | ||||||
|  |             self.client.provider['server'], | ||||||
|  |             self.client.provider['server_port'], | ||||||
|  |             transform_name(self.want.partition, self.want.name) | ||||||
|  |         ) | ||||||
|  |         resp = self.client.api.get(uri) | ||||||
|  |         try: | ||||||
|  |             response = resp.json() | ||||||
|  |         except ValueError as ex: | ||||||
|  |             raise F5ModuleError(str(ex)) | ||||||
|  | 
 | ||||||
|  |         if 'code' in response and response['code'] == 400: | ||||||
|  |             if 'message' in response: | ||||||
|  |                 raise F5ModuleError(response['message']) | ||||||
|  |             else: | ||||||
|  |                 raise F5ModuleError(resp.content) | ||||||
|  |         return ApiParameters(params=response) | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | class ArgumentSpec(object): | ||||||
|  |     def __init__(self): | ||||||
|  |         self.supports_check_mode = True | ||||||
|  |         argument_spec = dict( | ||||||
|  |             name=dict(required=True), | ||||||
|  |             line_order=dict(type='int'), | ||||||
|  |             attribute_string=dict(), | ||||||
|  |             remote_access=dict(type='bool'), | ||||||
|  |             assigned_role=dict(), | ||||||
|  |             partition_access=dict(), | ||||||
|  |             terminal_access=dict(), | ||||||
|  |             state=dict( | ||||||
|  |                 default='present', | ||||||
|  |                 choices=['present', 'absent'] | ||||||
|  |             ), | ||||||
|  |         ) | ||||||
|  |         self.argument_spec = {} | ||||||
|  |         self.argument_spec.update(f5_argument_spec) | ||||||
|  |         self.argument_spec.update(argument_spec) | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | def main(): | ||||||
|  |     spec = ArgumentSpec() | ||||||
|  | 
 | ||||||
|  |     module = AnsibleModule( | ||||||
|  |         argument_spec=spec.argument_spec, | ||||||
|  |         supports_check_mode=spec.supports_check_mode, | ||||||
|  |     ) | ||||||
|  | 
 | ||||||
|  |     try: | ||||||
|  |         client = F5RestClient(**module.params) | ||||||
|  |         mm = ModuleManager(module=module, client=client) | ||||||
|  |         results = mm.exec_module() | ||||||
|  |         exit_json(module, results, client) | ||||||
|  |     except F5ModuleError as ex: | ||||||
|  |         fail_json(module, ex, client) | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | if __name__ == '__main__': | ||||||
|  |     main() | ||||||
							
								
								
									
										108
									
								
								test/units/modules/network/f5/test_bigip_remote_role.py
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										108
									
								
								test/units/modules/network/f5/test_bigip_remote_role.py
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,108 @@ | ||||||
|  | # -*- coding: utf-8 -*- | ||||||
|  | # | ||||||
|  | # Copyright: (c) 2017, F5 Networks Inc. | ||||||
|  | # GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) | ||||||
|  | 
 | ||||||
|  | from __future__ import (absolute_import, division, print_function) | ||||||
|  | __metaclass__ = type | ||||||
|  | 
 | ||||||
|  | import os | ||||||
|  | import json | ||||||
|  | import pytest | ||||||
|  | import sys | ||||||
|  | 
 | ||||||
|  | from nose.plugins.skip import SkipTest | ||||||
|  | if sys.version_info < (2, 7): | ||||||
|  |     raise SkipTest("F5 Ansible modules require Python >= 2.7") | ||||||
|  | 
 | ||||||
|  | from ansible.compat.tests import unittest | ||||||
|  | from ansible.compat.tests.mock import Mock | ||||||
|  | from ansible.compat.tests.mock import patch | ||||||
|  | from ansible.module_utils.basic import AnsibleModule | ||||||
|  | 
 | ||||||
|  | try: | ||||||
|  |     from library.modules.bigip_remote_role import ApiParameters | ||||||
|  |     from library.modules.bigip_remote_role import ModuleParameters | ||||||
|  |     from library.modules.bigip_remote_role import ModuleManager | ||||||
|  |     from library.modules.bigip_remote_role import ArgumentSpec | ||||||
|  |     from library.module_utils.network.f5.common import F5ModuleError | ||||||
|  |     from library.module_utils.network.f5.common import iControlUnexpectedHTTPError | ||||||
|  |     from test.unit.modules.utils import set_module_args | ||||||
|  | except ImportError: | ||||||
|  |     try: | ||||||
|  |         from ansible.modules.network.f5.bigip_remote_role import ApiParameters | ||||||
|  |         from ansible.modules.network.f5.bigip_remote_role import ModuleParameters | ||||||
|  |         from ansible.modules.network.f5.bigip_remote_role import ModuleManager | ||||||
|  |         from ansible.modules.network.f5.bigip_remote_role import ArgumentSpec | ||||||
|  |         from ansible.module_utils.network.f5.common import F5ModuleError | ||||||
|  |         from ansible.module_utils.network.f5.common import iControlUnexpectedHTTPError | ||||||
|  |         from units.modules.utils import set_module_args | ||||||
|  |     except ImportError: | ||||||
|  |         raise SkipTest("F5 Ansible modules require the f5-sdk Python library") | ||||||
|  | 
 | ||||||
|  | fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures') | ||||||
|  | fixture_data = {} | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | def load_fixture(name): | ||||||
|  |     path = os.path.join(fixture_path, name) | ||||||
|  | 
 | ||||||
|  |     if path in fixture_data: | ||||||
|  |         return fixture_data[path] | ||||||
|  | 
 | ||||||
|  |     with open(path) as f: | ||||||
|  |         data = f.read() | ||||||
|  | 
 | ||||||
|  |     try: | ||||||
|  |         data = json.loads(data) | ||||||
|  |     except Exception: | ||||||
|  |         pass | ||||||
|  | 
 | ||||||
|  |     fixture_data[path] = data | ||||||
|  |     return data | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | class TestParameters(unittest.TestCase): | ||||||
|  |     def test_module_parameters(self): | ||||||
|  |         args = dict( | ||||||
|  |             terminal_access='none', | ||||||
|  |         ) | ||||||
|  | 
 | ||||||
|  |         p = ModuleParameters(params=args) | ||||||
|  |         assert p.terminal_access == 'disable' | ||||||
|  | 
 | ||||||
|  |     def test_api_parameters(self): | ||||||
|  |         args = load_fixture('load_auth_remote_role_role_info_1.json') | ||||||
|  | 
 | ||||||
|  |         p = ApiParameters(params=args) | ||||||
|  |         assert p.terminal_access == 'disable' | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | class TestManager(unittest.TestCase): | ||||||
|  | 
 | ||||||
|  |     def setUp(self): | ||||||
|  |         self.spec = ArgumentSpec() | ||||||
|  | 
 | ||||||
|  |     def test_create_remote_syslog(self, *args): | ||||||
|  |         set_module_args(dict( | ||||||
|  |             name='foo', | ||||||
|  |             line_order=1000, | ||||||
|  |             attribute_string='bar', | ||||||
|  |             server='localhost', | ||||||
|  |             password='password', | ||||||
|  |             user='admin' | ||||||
|  |         )) | ||||||
|  | 
 | ||||||
|  |         module = AnsibleModule( | ||||||
|  |             argument_spec=self.spec.argument_spec, | ||||||
|  |             supports_check_mode=self.spec.supports_check_mode | ||||||
|  |         ) | ||||||
|  | 
 | ||||||
|  |         # Override methods in the specific type of manager | ||||||
|  |         mm = ModuleManager(module=module) | ||||||
|  |         mm.exists = Mock(side_effect=[False, True]) | ||||||
|  |         mm.create_on_device = Mock(return_value=True) | ||||||
|  | 
 | ||||||
|  |         results = mm.exec_module() | ||||||
|  | 
 | ||||||
|  |         assert results['changed'] is True | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue