mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-24 21:14:00 -07:00 
			
		
		
		
	Adds module for bigip service policies (#39240)
This patch includes a module for managing bigip service policies.
This commit is contained in:
		
					parent
					
						
							
								7c4b91844d
							
						
					
				
			
			
				commit
				
					
						e82a8d177f
					
				
			
		
					 3 changed files with 549 additions and 0 deletions
				
			
		
							
								
								
									
										405
									
								
								lib/ansible/modules/network/f5/bigip_service_policy.py
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										405
									
								
								lib/ansible/modules/network/f5/bigip_service_policy.py
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,405 @@ | |||
| #!/usr/bin/python | ||||
| # -*- coding: utf-8 -*- | ||||
| # | ||||
| # Copyright: (c) 2017, F5 Networks Inc. | ||||
| # GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) | ||||
| 
 | ||||
| from __future__ import absolute_import, division, print_function | ||||
| __metaclass__ = type | ||||
| 
 | ||||
| 
 | ||||
| ANSIBLE_METADATA = {'metadata_version': '1.1', | ||||
|                     'status': ['preview'], | ||||
|                     'supported_by': 'community'} | ||||
| 
 | ||||
| DOCUMENTATION = r''' | ||||
| --- | ||||
| module: bigip_service_policy | ||||
| short_description: Manages service policies on a BIG-IP. | ||||
| description: | ||||
|   - Service policies allow you to configure timers and port misuse rules, | ||||
|     if enabled, on a per rule or per context basis. | ||||
| version_added: 2.6 | ||||
| options: | ||||
|   name: | ||||
|     description: | ||||
|       - Name of the service policy. | ||||
|     required: True | ||||
|   description: | ||||
|     description: | ||||
|       - Description of the service policy. | ||||
|   timer_policy: | ||||
|     description: | ||||
|       - The timer policy to attach to the service policy. | ||||
|   port_misuse_policy: | ||||
|     description: | ||||
|       - The port misuse policy to attach to the service policy. | ||||
|       - Requires that C(afm) be provisioned to use. If C(afm) is not provisioned, this parameter | ||||
|         will be ignored. | ||||
|   state: | ||||
|     description: | ||||
|       - Whether the resource should exist or not. | ||||
|     default: present | ||||
|     choices: | ||||
|       - present | ||||
|       - absent | ||||
|   partition: | ||||
|     description: | ||||
|       - Device partition to manage resources on. | ||||
|     default: Common | ||||
| extends_documentation_fragment: f5 | ||||
| author: | ||||
|   - Tim Rupp (@caphrim007) | ||||
| ''' | ||||
| 
 | ||||
| EXAMPLES = r''' | ||||
| - name: Create a service policy | ||||
|   bigip_service_policy: | ||||
|     name: foo | ||||
|     timer_policy: timer1 | ||||
|     port_misuse_policy: misuse1 | ||||
|     timer_policy_enabled: yes | ||||
|     port_misuse_policy_enabled: yes | ||||
|     password: secret | ||||
|     server: lb.mydomain.com | ||||
|     state: present | ||||
|     user: admin | ||||
|   delegate_to: localhost | ||||
| ''' | ||||
| 
 | ||||
| RETURN = r''' | ||||
| timer_policy: | ||||
|   description: The new timer policy attached to the resource. | ||||
|   returned: changed | ||||
|   type: string | ||||
|   sample: /Common/timer1 | ||||
| port_misuse_policy: | ||||
|   description: The new port misuse policy attached to the resource. | ||||
|   returned: changed | ||||
|   type: string | ||||
|   sample: /Common/misuse1 | ||||
| description: | ||||
|   description: New description of the resource. | ||||
|   returned: changed | ||||
|   type: string | ||||
|   sample: My service policy description | ||||
| ''' | ||||
| 
 | ||||
| from ansible.module_utils.basic import AnsibleModule | ||||
| from ansible.module_utils.basic import env_fallback | ||||
| 
 | ||||
| try: | ||||
|     from library.module_utils.network.f5.bigip import HAS_F5SDK | ||||
|     from library.module_utils.network.f5.bigip import F5Client | ||||
|     from library.module_utils.network.f5.common import F5ModuleError | ||||
|     from library.module_utils.network.f5.common import AnsibleF5Parameters | ||||
|     from library.module_utils.network.f5.common import cleanup_tokens | ||||
|     from library.module_utils.network.f5.common import fq_name | ||||
|     from library.module_utils.network.f5.common import f5_argument_spec | ||||
|     try: | ||||
|         from library.module_utils.network.f5.common import iControlUnexpectedHTTPError | ||||
|     except ImportError: | ||||
|         HAS_F5SDK = False | ||||
| except ImportError: | ||||
|     from ansible.module_utils.network.f5.bigip import HAS_F5SDK | ||||
|     from ansible.module_utils.network.f5.bigip import F5Client | ||||
|     from ansible.module_utils.network.f5.common import F5ModuleError | ||||
|     from ansible.module_utils.network.f5.common import AnsibleF5Parameters | ||||
|     from ansible.module_utils.network.f5.common import cleanup_tokens | ||||
|     from ansible.module_utils.network.f5.common import fq_name | ||||
|     from ansible.module_utils.network.f5.common import f5_argument_spec | ||||
|     try: | ||||
|         from ansible.module_utils.network.f5.common import iControlUnexpectedHTTPError | ||||
|     except ImportError: | ||||
|         HAS_F5SDK = False | ||||
| 
 | ||||
| 
 | ||||
| class Parameters(AnsibleF5Parameters): | ||||
|     api_map = { | ||||
|         'portMisusePolicy': 'port_misuse_policy', | ||||
|         'timerPolicy': 'timer_policy' | ||||
|     } | ||||
| 
 | ||||
|     api_attributes = [ | ||||
|         'description', 'timerPolicy', 'portMisusePolicy' | ||||
|     ] | ||||
| 
 | ||||
|     returnables = [ | ||||
|         'description', 'timer_policy', 'port_misuse_policy' | ||||
|     ] | ||||
| 
 | ||||
|     updatables = [ | ||||
|         'description', 'timer_policy', 'port_misuse_policy' | ||||
|     ] | ||||
| 
 | ||||
| 
 | ||||
| class ApiParameters(Parameters): | ||||
|     pass | ||||
| 
 | ||||
| 
 | ||||
| class ModuleParameters(Parameters): | ||||
|     @property | ||||
|     def timer_policy(self): | ||||
|         if self._values['timer_policy'] is None: | ||||
|             return None | ||||
|         if self._values['timer_policy'] == '': | ||||
|             return '' | ||||
|         return fq_name(self.partition, self._values['timer_policy']) | ||||
| 
 | ||||
|     @property | ||||
|     def port_misuse_policy(self): | ||||
|         if self._values['port_misuse_policy'] is None: | ||||
|             return None | ||||
|         if self._values['port_misuse_policy'] == '': | ||||
|             return '' | ||||
|         return fq_name(self.partition, self._values['port_misuse_policy']) | ||||
| 
 | ||||
| 
 | ||||
| class Changes(Parameters): | ||||
|     def to_return(self): | ||||
|         result = {} | ||||
|         try: | ||||
|             for returnable in self.returnables: | ||||
|                 result[returnable] = getattr(self, returnable) | ||||
|             result = self._filter_params(result) | ||||
|         except Exception: | ||||
|             pass | ||||
|         return result | ||||
| 
 | ||||
| 
 | ||||
| class UsableChanges(Changes): | ||||
|     pass | ||||
| 
 | ||||
| 
 | ||||
| class ReportableChanges(Changes): | ||||
|     pass | ||||
| 
 | ||||
| 
 | ||||
| class Difference(object): | ||||
|     def __init__(self, want, have=None): | ||||
|         self.want = want | ||||
|         self.have = have | ||||
| 
 | ||||
|     def compare(self, param): | ||||
|         try: | ||||
|             result = getattr(self, param) | ||||
|             return result | ||||
|         except AttributeError: | ||||
|             return self.__default(param) | ||||
| 
 | ||||
|     def __default(self, param): | ||||
|         attr1 = getattr(self.want, param) | ||||
|         try: | ||||
|             attr2 = getattr(self.have, param) | ||||
|             if attr1 != attr2: | ||||
|                 return attr1 | ||||
|         except AttributeError: | ||||
|             return attr1 | ||||
| 
 | ||||
| 
 | ||||
| class ModuleManager(object): | ||||
|     def __init__(self, *args, **kwargs): | ||||
|         self.module = kwargs.get('module', None) | ||||
|         self.client = kwargs.get('client', None) | ||||
|         self.want = ModuleParameters(params=self.module.params) | ||||
|         self.have = ApiParameters() | ||||
|         self.changes = UsableChanges() | ||||
| 
 | ||||
|     def _set_changed_options(self): | ||||
|         changed = {} | ||||
|         for key in Parameters.returnables: | ||||
|             if getattr(self.want, key) is not None: | ||||
|                 changed[key] = getattr(self.want, key) | ||||
|         if changed: | ||||
|             self.changes = UsableChanges(params=changed) | ||||
| 
 | ||||
|     def _update_changed_options(self): | ||||
|         diff = Difference(self.want, self.have) | ||||
|         updatables = Parameters.updatables | ||||
|         changed = dict() | ||||
|         for k in updatables: | ||||
|             change = diff.compare(k) | ||||
|             if change is None: | ||||
|                 continue | ||||
|             else: | ||||
|                 if isinstance(change, dict): | ||||
|                     changed.update(change) | ||||
|                 else: | ||||
|                     changed[k] = change | ||||
|         if changed: | ||||
|             self.changes = UsableChanges(params=changed) | ||||
|             return True | ||||
|         return False | ||||
| 
 | ||||
|     def module_provisioned(self, module): | ||||
|         resource = self.client.api.tm.sys.dbs.db.load( | ||||
|             name='provisioned.cpu.{0}'.format(module) | ||||
|         ) | ||||
|         if int(resource.value) == 0: | ||||
|             return False | ||||
|         return True | ||||
| 
 | ||||
|     def should_update(self): | ||||
|         result = self._update_changed_options() | ||||
|         if result: | ||||
|             return True | ||||
|         return False | ||||
| 
 | ||||
|     def exec_module(self): | ||||
|         changed = False | ||||
|         result = dict() | ||||
|         state = self.want.state | ||||
| 
 | ||||
|         try: | ||||
|             if state == "present": | ||||
|                 changed = self.present() | ||||
|             elif state == "absent": | ||||
|                 changed = self.absent() | ||||
|         except iControlUnexpectedHTTPError as e: | ||||
|             raise F5ModuleError(str(e)) | ||||
| 
 | ||||
|         reportable = ReportableChanges(params=self.changes.to_return()) | ||||
|         changes = reportable.to_return() | ||||
|         result.update(**changes) | ||||
|         result.update(dict(changed=changed)) | ||||
|         self._announce_deprecations(result) | ||||
|         return result | ||||
| 
 | ||||
|     def _announce_deprecations(self, result): | ||||
|         warnings = result.pop('__warnings', []) | ||||
|         for warning in warnings: | ||||
|             self.client.module.deprecate( | ||||
|                 msg=warning['msg'], | ||||
|                 version=warning['version'] | ||||
|             ) | ||||
| 
 | ||||
|     def present(self): | ||||
|         if self.exists(): | ||||
|             return self.update() | ||||
|         else: | ||||
|             return self.create() | ||||
| 
 | ||||
|     def exists(self): | ||||
|         result = self.client.api.tm.net.service_policys.service_policy.exists( | ||||
|             name=self.want.name, | ||||
|             partition=self.want.partition | ||||
|         ) | ||||
|         return result | ||||
| 
 | ||||
|     def update(self): | ||||
|         self.have = self.read_current_from_device() | ||||
|         if not self.should_update(): | ||||
|             return False | ||||
|         if self.want.port_misuse_policy: | ||||
|             if not self.module_provisioned('afm'): | ||||
|                 raise F5ModuleError( | ||||
|                     "To configure a 'port_misuse_policy', you must have AFM provisioned." | ||||
|                 ) | ||||
|         if self.module.check_mode: | ||||
|             return True | ||||
|         self.update_on_device() | ||||
|         return True | ||||
| 
 | ||||
|     def remove(self): | ||||
|         if self.module.check_mode: | ||||
|             return True | ||||
|         self.remove_from_device() | ||||
|         if self.exists(): | ||||
|             raise F5ModuleError("Failed to delete the resource.") | ||||
|         return True | ||||
| 
 | ||||
|     def create(self): | ||||
|         self._set_changed_options() | ||||
|         if self.want.port_misuse_policy: | ||||
|             if not self.module_provisioned('afm'): | ||||
|                 raise F5ModuleError( | ||||
|                     "To configure a 'port_misuse_policy', you must have AFM provisioned." | ||||
|                 ) | ||||
|         if self.module.check_mode: | ||||
|             return True | ||||
|         self.create_on_device() | ||||
|         return True | ||||
| 
 | ||||
|     def create_on_device(self): | ||||
|         params = self.changes.api_params() | ||||
|         self.client.api.tm.net.service_policys.service_policy.create( | ||||
|             name=self.want.name, | ||||
|             partition=self.want.partition, | ||||
|             **params | ||||
|         ) | ||||
| 
 | ||||
|     def update_on_device(self): | ||||
|         params = self.changes.api_params() | ||||
|         resource = self.client.api.tm.net.service_policys.service_policy.load( | ||||
|             name=self.want.name, | ||||
|             partition=self.want.partition | ||||
|         ) | ||||
|         resource.modify(**params) | ||||
| 
 | ||||
|     def absent(self): | ||||
|         if self.exists(): | ||||
|             return self.remove() | ||||
|         return False | ||||
| 
 | ||||
|     def remove_from_device(self): | ||||
|         resource = self.client.api.tm.net.service_policys.service_policy.load( | ||||
|             name=self.want.name, | ||||
|             partition=self.want.partition | ||||
|         ) | ||||
|         if resource: | ||||
|             resource.delete() | ||||
| 
 | ||||
|     def read_current_from_device(self): | ||||
|         resource = self.client.api.tm.net.service_policys.service_policy.load( | ||||
|             name=self.want.name, | ||||
|             partition=self.want.partition | ||||
|         ) | ||||
|         result = resource.attrs | ||||
|         return ApiParameters(params=result) | ||||
| 
 | ||||
| 
 | ||||
| class ArgumentSpec(object): | ||||
|     def __init__(self): | ||||
|         self.supports_check_mode = True | ||||
|         argument_spec = dict( | ||||
|             name=dict(), | ||||
|             description=dict(), | ||||
|             timer_policy=dict(), | ||||
|             port_misuse_policy=dict(), | ||||
|             state=dict( | ||||
|                 default='present', | ||||
|                 choices=['absent', 'present'] | ||||
|             ), | ||||
|             partition=dict( | ||||
|                 default='Common', | ||||
|                 fallback=(env_fallback, ['F5_PARTITION']) | ||||
|             ) | ||||
|         ) | ||||
|         self.argument_spec = {} | ||||
|         self.argument_spec.update(f5_argument_spec) | ||||
|         self.argument_spec.update(argument_spec) | ||||
| 
 | ||||
| 
 | ||||
| def main(): | ||||
|     spec = ArgumentSpec() | ||||
| 
 | ||||
|     module = AnsibleModule( | ||||
|         argument_spec=spec.argument_spec, | ||||
|         supports_check_mode=spec.supports_check_mode | ||||
|     ) | ||||
|     if not HAS_F5SDK: | ||||
|         module.fail_json(msg="The python f5-sdk module is required") | ||||
| 
 | ||||
|     try: | ||||
|         client = F5Client(**module.params) | ||||
|         mm = ModuleManager(module=module, client=client) | ||||
|         results = mm.exec_module() | ||||
|         cleanup_tokens(client) | ||||
|         module.exit_json(**results) | ||||
|     except F5ModuleError as ex: | ||||
|         cleanup_tokens(client) | ||||
|         module.fail_json(msg=str(ex)) | ||||
| 
 | ||||
| 
 | ||||
| if __name__ == '__main__': | ||||
|     main() | ||||
|  | @ -0,0 +1,17 @@ | |||
| { | ||||
|     "kind": "tm:net:service-policy:service-policystate", | ||||
|     "name": "baz", | ||||
|     "partition": "Common", | ||||
|     "fullPath": "/Common/baz", | ||||
|     "generation": 581, | ||||
|     "selfLink": "https://localhost/mgmt/tm/net/service-policy/~Common~baz?ver=13.1.0.4", | ||||
|     "description": "my description", | ||||
|     "portMisusePolicy": "/Common/bar", | ||||
|     "portMisusePolicyReference": { | ||||
|         "link": "https://localhost/mgmt/tm/security/firewall/port-misuse-policy/~Common~bar?ver=13.1.0.4" | ||||
|     }, | ||||
|     "timerPolicy": "/Common/foo", | ||||
|     "timerPolicyReference": { | ||||
|         "link": "https://localhost/mgmt/tm/net/timer-policy/~Common~foo?ver=13.1.0.4" | ||||
|     } | ||||
| } | ||||
							
								
								
									
										127
									
								
								test/units/modules/network/f5/test_bigip_service_policy.py
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										127
									
								
								test/units/modules/network/f5/test_bigip_service_policy.py
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,127 @@ | |||
| # -*- coding: utf-8 -*- | ||||
| # | ||||
| # Copyright: (c) 2017, F5 Networks Inc. | ||||
| # GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) | ||||
| 
 | ||||
| from __future__ import (absolute_import, division, print_function) | ||||
| __metaclass__ = type | ||||
| 
 | ||||
| import os | ||||
| import json | ||||
| import pytest | ||||
| import sys | ||||
| 
 | ||||
| from nose.plugins.skip import SkipTest | ||||
| if sys.version_info < (2, 7): | ||||
|     raise SkipTest("F5 Ansible modules require Python >= 2.7") | ||||
| 
 | ||||
| from ansible.compat.tests import unittest | ||||
| from ansible.compat.tests.mock import Mock | ||||
| from ansible.compat.tests.mock import patch | ||||
| from ansible.module_utils.basic import AnsibleModule | ||||
| 
 | ||||
| try: | ||||
|     from test.unit import utils | ||||
| except ImportError: | ||||
|     pass | ||||
| 
 | ||||
| try: | ||||
|     from library.modules.bigip_service_policy import ApiParameters | ||||
|     from library.modules.bigip_service_policy import ModuleParameters | ||||
|     from library.modules.bigip_service_policy import ModuleManager | ||||
|     from library.modules.bigip_service_policy import ArgumentSpec | ||||
|     from library.module_utils.network.f5.common import F5ModuleError | ||||
|     from library.module_utils.network.f5.common import iControlUnexpectedHTTPError | ||||
|     from test.unit.modules.utils import set_module_args | ||||
| except ImportError: | ||||
|     try: | ||||
|         from ansible.modules.network.f5.bigip_service_policy import ApiParameters | ||||
|         from ansible.modules.network.f5.bigip_service_policy import ModuleParameters | ||||
|         from ansible.modules.network.f5.bigip_service_policy import ModuleManager | ||||
|         from ansible.modules.network.f5.bigip_service_policy import ArgumentSpec | ||||
|         from ansible.module_utils.network.f5.common import F5ModuleError | ||||
|         from ansible.module_utils.network.f5.common import iControlUnexpectedHTTPError | ||||
|         from units.modules.utils import set_module_args | ||||
|     except ImportError: | ||||
|         raise SkipTest("F5 Ansible modules require the f5-sdk Python library") | ||||
| 
 | ||||
| fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures') | ||||
| fixture_data = {} | ||||
| 
 | ||||
| 
 | ||||
| def load_fixture(name): | ||||
|     path = os.path.join(fixture_path, name) | ||||
| 
 | ||||
|     if path in fixture_data: | ||||
|         return fixture_data[path] | ||||
| 
 | ||||
|     with open(path) as f: | ||||
|         data = f.read() | ||||
| 
 | ||||
|     try: | ||||
|         data = json.loads(data) | ||||
|     except Exception: | ||||
|         pass | ||||
| 
 | ||||
|     fixture_data[path] = data | ||||
|     return data | ||||
| 
 | ||||
| 
 | ||||
| class TestParameters(unittest.TestCase): | ||||
|     def test_module_parameters(self): | ||||
|         args = dict( | ||||
|             name='foo', | ||||
|             description='my description', | ||||
|             timer_policy='timer1', | ||||
|             port_misuse_policy='misuse1', | ||||
|         ) | ||||
| 
 | ||||
|         p = ModuleParameters(params=args) | ||||
|         assert p.name == 'foo' | ||||
|         assert p.description == 'my description' | ||||
|         assert p.timer_policy == '/Common/timer1' | ||||
|         assert p.port_misuse_policy == '/Common/misuse1' | ||||
| 
 | ||||
|     def test_api_parameters(self): | ||||
|         args = load_fixture('load_net_service_policy_1.json') | ||||
|         p = ApiParameters(params=args) | ||||
|         assert p.name == 'baz' | ||||
|         assert p.description == 'my description' | ||||
|         assert p.timer_policy == '/Common/foo' | ||||
|         assert p.port_misuse_policy == '/Common/bar' | ||||
| 
 | ||||
| 
 | ||||
| @patch('ansible.module_utils.f5_utils.AnsibleF5Client._get_mgmt_root', | ||||
|        return_value=True) | ||||
| class TestManager(unittest.TestCase): | ||||
| 
 | ||||
|     def setUp(self): | ||||
|         self.spec = ArgumentSpec() | ||||
| 
 | ||||
|     def test_create_selfip(self, *args): | ||||
|         set_module_args(dict( | ||||
|             name='foo', | ||||
|             description='my description', | ||||
|             timer_policy='timer1', | ||||
|             port_misuse_policy='misuse1', | ||||
|             partition='Common', | ||||
|             state='present', | ||||
|             password='passsword', | ||||
|             server='localhost', | ||||
|             user='admin' | ||||
|         )) | ||||
| 
 | ||||
|         module = AnsibleModule( | ||||
|             argument_spec=self.spec.argument_spec, | ||||
|             supports_check_mode=self.spec.supports_check_mode | ||||
|         ) | ||||
|         mm = ModuleManager(module=module) | ||||
| 
 | ||||
|         # Override methods to force specific logic in the module to happen | ||||
|         mm.exists = Mock(side_effect=[False, True]) | ||||
|         mm.create_on_device = Mock(return_value=True) | ||||
|         mm.module_provisioned = Mock(return_value=True) | ||||
| 
 | ||||
|         results = mm.exec_module() | ||||
| 
 | ||||
|         assert results['changed'] is True | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue