diff --git a/lib/ansible/modules/network/f5/bigip_asm_policy_signature_set.py b/lib/ansible/modules/network/f5/bigip_asm_policy_signature_set.py
new file mode 100644
index 00000000000..4a2531ec18c
--- /dev/null
+++ b/lib/ansible/modules/network/f5/bigip_asm_policy_signature_set.py
@@ -0,0 +1,727 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Copyright: (c) 2018, F5 Networks Inc.
+# GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'certified'}
+
+DOCUMENTATION = r'''
+---
+module: bigip_asm_policy_signature_set
+short_description: Manages Signature Sets on ASM policy
+description:
+ - Manages Signature Sets on ASM policy.
+version_added: 2.8
+options:
+ name:
+ description:
+ - Specifies the name of the signature sets to apply/remove to the ASM policy.
+ - Apart from built-in signature sets that ship with the device, users can create and use
+ their own signature sets.
+ - When C(All Response Signatures), configures all signatures in the attack signature
+ pool that can review responses.
+ - When C(All Signatures), configures all attack signatures in the attack signature pool.
+ - When C(Apache Struts Signatures), configures signatures that target attacks against
+ the Apache Struts web servers. Only available in version 13.x and up.
+ - When C(Apache Tomcat Signatures), configures signatures that target attacks against
+ the Apache Tomcat web servers. Only available in version 13.x and up.
+ - When C(Cisco Signatures), configures signatures that target attacks against Cisco systems.
+ Only available in version 13.x and up.
+ - When C(Command Execution Signatures), configures signatures involving attacks perpetrated by executing commands.
+ - When C(Cross Site Scripting Signatures), configures signatures that target attacks caused
+ by cross-site scripting techniques.
+ - When C(Directory Indexing Signatures), configures signatures targeting attacks that browse directory listings.
+ - When C(Generic Detection Signatures), configures signatures targeting well-known
+ or common web and application attacks.
+ - When C(HTTP Response Splitting Signatures), configures signatures targeting attacks that
+ take advantage of responses for which input values have not been sanitized.
+ - When C(High Accuracy Detection Evasion Signatures), configures signatures with a high level of accuracy
+ that produce few false positives when identifying evasion attacks. Only available in version 13.x and up.
+ - When C(High Accuracy Signatures), configures signatures with a high level of accuracy
+ that produce few false positives when identifying evasion attacks.
+ - When C(IIS and Windows Signatures), configures signatures that target attacks against IIS
+ and Windows based systems. Only available in version 13.x and up.
+ - When C(Information Leakage Signatures), configures signatures targeting attacks that are looking for system data
+ or debugging information that shows where the system is vulnerable to attack.
+ - When C(Java Servlets/JSP Signatures), configures signatures that target attacks against Java Servlets
+ and Java Server Pages (JSP) based applications. Only available in version 13.x and up.
+ - When C(Low Accuracy Signatures), configures signatures that may result in more false positives
+ when identifying attacks.
+ - When C(Medium Accuracy Signatures), configures signatures with a medium level of accuracy
+ when identifying attacks.
+ - When C(OS Command Injection Signatures), configures signatures targeting attacks
+ that attempt to run system level commands through a vulnerable application.
+ - When C(OWA Signatures), configures signatures that target attacks against
+ the Microsoft Outlook Web Access (OWA) application.
+ - When C(Other Application Attacks Signatures), configures signatures targeting miscellaneous attacks
+ including session fixation, local file access, injection attempts, header tampering,
+ and so on that could affect many applications.
+ - When C(Path Traversal Signatures), configures signatures targeting attacks that attempt to access files
+ and directories that are stored outside the web root folder.
+ - When C(Predictable Resource Location Signatures), configures signatures targeting attacks that attempt
+ to uncover hidden website content and functionality by forceful browsing, or by directory and file enumeration.
+ - When C(Remote File Include Signatures), configures signatures targeting attacks that attempt to exploit
+ a remote file include vulnerability that could enable a remote attacker to execute arbitrary commands
+ on the server hosting the application.
+ - When C(SQL Injection Signatures), configures signatures targeting attacks that attempt to insert (inject)
+ a SQL query using the input data from a client to an application.
+ - When C(Server Side Code Injection Signatures), configures signatures targeting code injection attacks
+ on the server side.
+ - When C(WebSphere signatures), configures signatures targeting attacks on many computing platforms
+ that are integrated using WebSphere including general database, Microsoft Windows, IIS,
+ Microsoft SQL Server, Apache, Oracle, Unix/Linux, IBM DB2, PostgreSQL, and XML.
+ - When C(XPath Injection Signatures), configures signatures targeting attacks that attempt to gain access
+ to data structures or bypass permissions or access when a web site uses user-supplied information
+ to construct XPath queries for XML data.
+ required: True
+ policy_name:
+ description:
+ - Specifies the name of an existing ASM policy to add or remove signature sets.
+ required: True
+ alarm:
+ description:
+ - Specifies whether the security policy logs the request data in the Statistics screen,
+ if a request matches a signature that is included in the signature set.
+ type: bool
+ block:
+ description:
+ - Effective when the security policy's enforcement mode is Blocking.
+ - Determines how the system treats requests that match a signature included in the signature set.
+ - When C(yes) the system blocks all requests that match a signature,
+ and provides the client with a support ID number.
+ - When C(no) the system accepts those requests.
+ type: bool
+ learn:
+ description:
+ - Specifies if the security policy learns all requests that match a signature
+ that is included in the signature set.
+ type: bool
+ state:
+ description:
+ - When C(present), ensures that the resource exists.
+ - When C(absent), ensures the resource is removed.
+ default: present
+ choices:
+ - present
+ - absent
+ partition:
+ description:
+ - This parameter is only used when identifying ASM policy.
+ default: Common
+notes:
+ - This module is primarily used as a component of configuring ASM policy in Ansible Galaxy ASM Policy Role.
+extends_documentation_fragment: f5
+author:
+ - Wojciech Wypior (@wojtek0806)
+'''
+
+EXAMPLES = r'''
+- name: Add Signature Set to ASM Policy
+ bigip_asm_policy_signature_set:
+ name: IIS and Windows Signatures
+ policy_name: FooPolicy
+ provider:
+ password: secret
+ server: lb.mydomain.com
+ user: admin
+ delegate_to: localhost
+- name: Remove Signature Set to ASM Policy
+ bigip_asm_policy_signature_set:
+ name: IIS and Windows Signatures
+ policy_name: FooPolicy
+ state: absent
+ provider:
+ password: secret
+ server: lb.mydomain.com
+ user: admin
+ delegate_to: localhost
+'''
+
+RETURN = r'''
+policy_name:
+ description: The name of the ASM policy
+ returned: changed
+ type: str
+ sample: FooPolicy
+name:
+ description: The name of Signature Set added/removed on ASM policy
+ returned: changed
+ type: str
+ sample: Cisco Signatures
+alarm:
+ description: Specifies whether the security policy logs the request data in the Statistics screen
+ returned: changed
+ type: bool
+ sample: yes
+block:
+ description: Determines how the system treats requests that match a signature included in the signature set
+ returned: changed
+ type: bool
+ sample: no
+learn:
+ description: Specifies if the policy learns all requests that match a signature that is included in the signature set
+ returned: changed
+ type: bool
+ sample: yes
+'''
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.basic import env_fallback
+from distutils.version import LooseVersion
+
+try:
+ from library.module_utils.network.f5.bigip import F5RestClient
+ from library.module_utils.network.f5.common import F5ModuleError
+ from library.module_utils.network.f5.common import AnsibleF5Parameters
+ from library.module_utils.network.f5.common import cleanup_tokens
+ from library.module_utils.network.f5.common import fq_name
+ from library.module_utils.network.f5.common import transform_name
+ from library.module_utils.network.f5.common import f5_argument_spec
+ from library.module_utils.network.f5.common import exit_json
+ from library.module_utils.network.f5.common import fail_json
+ from library.module_utils.network.f5.common import flatten_boolean
+ from library.module_utils.network.f5.icontrol import tmos_version
+ from library.module_utils.network.f5.icontrol import module_provisioned
+except ImportError:
+ from ansible.module_utils.network.f5.bigip import F5RestClient
+ from ansible.module_utils.network.f5.common import F5ModuleError
+ from ansible.module_utils.network.f5.common import AnsibleF5Parameters
+ from ansible.module_utils.network.f5.common import cleanup_tokens
+ from ansible.module_utils.network.f5.common import fq_name
+ from ansible.module_utils.network.f5.common import transform_name
+ from ansible.module_utils.network.f5.common import f5_argument_spec
+ from ansible.module_utils.network.f5.common import exit_json
+ from ansible.module_utils.network.f5.common import fail_json
+ from ansible.module_utils.network.f5.common import flatten_boolean
+ from ansible.module_utils.network.f5.icontrol import tmos_version
+ from ansible.module_utils.network.f5.icontrol import module_provisioned
+
+
+class Parameters(AnsibleF5Parameters):
+ api_map = {
+
+ }
+
+ api_attributes = [
+ 'alarm',
+ 'block',
+ 'learn',
+
+ ]
+
+ returnables = [
+ 'policy_name',
+ 'name',
+ 'alarm',
+ 'block',
+ 'learn',
+
+ ]
+
+ updatables = [
+ 'alarm',
+ 'block',
+ 'learn',
+ ]
+
+
+class ApiParameters(Parameters):
+ pass
+
+
+class ModuleParameters(Parameters):
+ @property
+ def alarm(self):
+ result = flatten_boolean(self._values['alarm'])
+ if result:
+ if result == 'yes':
+ return True
+ return False
+
+ @property
+ def block(self):
+ result = flatten_boolean(self._values['block'])
+ if result:
+ if result == 'yes':
+ return True
+ return False
+
+ @property
+ def learn(self):
+ result = flatten_boolean(self._values['learn'])
+ if result:
+ if result == 'yes':
+ return True
+ return False
+
+ def _signature_set_exists_on_device(self, name):
+ uri = "https://{0}:{1}/mgmt/tm/asm/signature-sets".format(
+ self.client.provider['server'],
+ self.client.provider['server_port'],
+ )
+
+ query = "?$select=name"
+ resp = self.client.api.get(uri + query)
+
+ try:
+ response = resp.json()
+ except ValueError as ex:
+ raise F5ModuleError(str(ex))
+
+ if 'code' in response and response['code'] == 400:
+ if 'message' in response:
+ raise F5ModuleError(response['message'])
+ else:
+ raise F5ModuleError(resp.content)
+
+ if any(p['name'] == name for p in response['items']):
+ return True
+ return False
+
+ @property
+ def name(self):
+ if self._values['name'] is None:
+ return None
+
+ version = tmos_version(self.client)
+
+ if LooseVersion(version) < LooseVersion('13.0.0'):
+ name_list = [
+ 'All Response Signatures',
+ 'All Signatures',
+ 'Command Execution Signatures',
+ 'Cross Site Scripting Signatures',
+ 'Directory Indexing Signatures',
+ 'Generic Detection Signatures',
+ 'HTTP Response Splitting Signatures',
+ 'High Accuracy Signatures',
+ 'Information Leakage Signatures',
+ 'Low Accuracy Signatures',
+ 'Medium Accuracy Signatures',
+ 'OS Command Injection Signatures',
+ 'OWA Signatures',
+ 'Other Application Attacks Signatures',
+ 'Path Traversal Signatures',
+ 'Predictable Resource Location Signatures',
+ 'Remote File Include Signatures',
+ 'SQL Injection Signatures',
+ 'Server Side Code Injection Signatures',
+ 'WebSphere signatures',
+ 'XPath Injection Signatures'
+ ]
+ else:
+ name_list = [
+ 'All Response Signatures',
+ 'All Signatures',
+ 'Apache Struts Signatures',
+ 'Apache Tomcat Signatures',
+ 'Cisco Signatures',
+ 'Command Execution Signatures',
+ 'Cross Site Scripting Signatures',
+ 'Directory Indexing Signatures',
+ 'Generic Detection Signatures',
+ 'HTTP Response Splitting Signatures',
+ 'High Accuracy Detection Evasion Signatures',
+ 'High Accuracy Signatures',
+ 'IIS and Windows Signatures',
+ 'Information Leakage Signatures',
+ 'Java Servlets/JSP Signatures',
+ 'Low Accuracy Signatures',
+ 'Medium Accuracy Signatures',
+ 'OS Command Injection Signatures',
+ 'OWA Signatures',
+ 'Other Application Attacks Signatures',
+ 'Path Traversal Signatures',
+ 'Predictable Resource Location Signatures',
+ 'Remote File Include Signatures',
+ 'SQL Injection Signatures',
+ 'Server Side Code Injection Signatures',
+ 'WebSphere signatures',
+ 'XPath Injection Signatures'
+ ]
+
+ if self._values['name'] in name_list:
+ return self._values['name']
+
+ if self._signature_set_exists_on_device(self._values['name']):
+ return self._values['name']
+
+ raise F5ModuleError(
+ "The specified signature {0} set does not exist.".format(
+ self._values['name']
+ )
+ )
+
+
+class Changes(Parameters):
+ def to_return(self):
+ result = {}
+ try:
+ for returnable in self.returnables:
+ result[returnable] = getattr(self, returnable)
+ result = self._filter_params(result)
+ except Exception:
+ pass
+ return result
+
+
+class UsableChanges(Changes):
+ pass
+
+
+class ReportableChanges(Changes):
+ @property
+ def alarm(self):
+ return flatten_boolean(self._values['alarm'])
+
+ @property
+ def learn(self):
+ return flatten_boolean(self._values['learn'])
+
+ @property
+ def block(self):
+ return flatten_boolean(self._values['block'])
+
+
+class Difference(object):
+ def __init__(self, want, have=None):
+ self.want = want
+ self.have = have
+
+ def compare(self, param):
+ try:
+ result = getattr(self, param)
+ return result
+ except AttributeError:
+ return self.__default(param)
+
+ def __default(self, param):
+ attr1 = getattr(self.want, param)
+ try:
+ attr2 = getattr(self.have, param)
+ if attr1 != attr2:
+ return attr1
+ except AttributeError:
+ return attr1
+
+
+class ModuleManager(object):
+ def __init__(self, *args, **kwargs):
+ self.module = kwargs.get('module', None)
+ self.client = kwargs.get('client', None)
+ self.want = ModuleParameters(params=self.module.params, client=self.client)
+ self.have = ApiParameters()
+ self.changes = UsableChanges()
+
+ def _set_changed_options(self):
+ changed = {}
+ for key in Parameters.returnables:
+ if getattr(self.want, key) is not None:
+ changed[key] = getattr(self.want, key)
+ if changed:
+ self.changes = UsableChanges(params=changed)
+
+ def _update_changed_options(self):
+ diff = Difference(self.want, self.have)
+ updatables = Parameters.updatables
+ changed = dict()
+ for k in updatables:
+ change = diff.compare(k)
+ if change is None:
+ continue
+ else:
+ if isinstance(change, dict):
+ changed.update(change)
+ else:
+ changed[k] = change
+ if changed:
+ self.changes = UsableChanges(params=changed)
+ return True
+ return False
+
+ def _announce_deprecations(self, result):
+ warnings = result.pop('__warnings', [])
+ for warning in warnings:
+ self.client.module.deprecate(
+ msg=warning['msg'],
+ version=warning['version']
+ )
+
+ def exec_module(self):
+ if not module_provisioned(self.client, 'asm'):
+ raise F5ModuleError(
+ "ASM must be provisioned to use this module."
+ )
+ changed = False
+ result = dict()
+ state = self.want.state
+
+ if state == "present":
+ changed = self.present()
+ elif state == "absent":
+ changed = self.absent()
+
+ reportable = ReportableChanges(params=self.changes.to_return())
+ changes = reportable.to_return()
+ result.update(**changes)
+ result.update(dict(changed=changed))
+ self._announce_deprecations(result)
+ return result
+
+ def present(self):
+ if self.exists():
+ return self.update()
+ else:
+ return self.create()
+
+ def absent(self):
+ if self.exists():
+ return self.remove()
+ return False
+
+ def should_update(self):
+ result = self._update_changed_options()
+ if result:
+ return True
+ return False
+
+ def update(self):
+ self.have = self.read_current_from_device()
+ if not self.should_update():
+ return False
+ if self.module.check_mode:
+ return True
+ self.update_on_device()
+ return True
+
+ def remove(self):
+ if self.module.check_mode:
+ return True
+ self.remove_from_device()
+ if self.exists():
+ raise F5ModuleError("Failed to delete the resource.")
+ return True
+
+ def create(self):
+ self._set_changed_options()
+ if self.module.check_mode:
+ return True
+ self.create_on_device()
+ return True
+
+ def exists(self):
+ policy_id = self._get_policy_id()
+ set_link = self._get_signature_set_link()
+ uri = 'https://{0}:{1}/mgmt/tm/asm/policies/{2}/signature-sets/'.format(
+ self.client.provider['server'],
+ self.client.provider['server_port'],
+ policy_id,
+ )
+ resp = self.client.api.get(uri)
+
+ try:
+ response = resp.json()
+ except ValueError as ex:
+ raise F5ModuleError(str(ex))
+
+ if 'items' in response and response['items'] != []:
+ for st in response['items']:
+ if st['signatureSetReference'] == set_link:
+ self.want.ss_id = st['id']
+ return True
+ return False
+
+ def _get_signature_set_link(self):
+ result = None
+ signature_set = self.want.name
+ uri = "https://{0}:{1}/mgmt/tm/asm/signature-sets".format(
+ self.client.provider['server'],
+ self.client.provider['server_port'],
+ )
+
+ query = "?$select=name"
+ resp = self.client.api.get(uri + query)
+
+ try:
+ response = resp.json()
+ except ValueError as ex:
+ raise F5ModuleError(str(ex))
+
+ if 'code' in response and response['code'] == 400:
+ if 'message' in response:
+ raise F5ModuleError(response['message'])
+ else:
+ raise F5ModuleError(resp.content)
+
+ if 'items' in response and response['items'] != []:
+ for item in response['items']:
+ if item['name'] == signature_set:
+ result = dict(link=item['selfLink'])
+
+ return result
+
+ def _get_policy_id(self):
+ policy_id = None
+ uri = "https://{0}:{1}/mgmt/tm/asm/policies/".format(
+ self.client.provider['server'],
+ self.client.provider['server_port'],
+ )
+ query = "?$filter=contains(name,'{0}')+and+contains(partition,'{1}')&$select=name,id".format(
+ self.want.policy_name, self.want.partition
+ )
+ resp = self.client.api.get(uri + query)
+
+ try:
+ response = resp.json()
+ except ValueError as ex:
+ raise F5ModuleError(str(ex))
+
+ if 'items' in response and response['items'] != []:
+ policy_id = response['items'][0]['id']
+
+ if not policy_id:
+ raise F5ModuleError(
+ "The policy with the name {0} does not exist".format(self.want.policy_name)
+ )
+ return policy_id
+
+ def create_on_device(self):
+ policy_id = self._get_policy_id()
+ params = self.changes.api_params()
+ params['signatureSetReference'] = self._get_signature_set_link()
+ uri = "https://{0}:{1}/mgmt/tm/asm/policies/{2}/signature-sets/".format(
+ self.client.provider['server'],
+ self.client.provider['server_port'],
+ policy_id
+ )
+ resp = self.client.api.post(uri, json=params)
+ try:
+ response = resp.json()
+ except ValueError as ex:
+ raise F5ModuleError(str(ex))
+
+ if 'code' in response and response['code'] in [400, 409]:
+ if 'message' in response:
+ raise F5ModuleError(response['message'])
+ else:
+ raise F5ModuleError(resp.content)
+ return True
+
+ def update_on_device(self):
+ policy_id = self._get_policy_id()
+ params = self.changes.api_params()
+ uri = "https://{0}:{1}/mgmt/tm/asm/policies/{2}/signature-sets/{3}".format(
+ self.client.provider['server'],
+ self.client.provider['server_port'],
+ policy_id,
+ self.want.ss_id
+ )
+ resp = self.client.api.patch(uri, json=params)
+ try:
+ response = resp.json()
+ except ValueError as ex:
+ raise F5ModuleError(str(ex))
+
+ if 'code' in response and response['code'] == 400:
+ if 'message' in response:
+ raise F5ModuleError(response['message'])
+ else:
+ raise F5ModuleError(resp.content)
+
+ def remove_from_device(self):
+ policy_id = self._get_policy_id()
+ uri = 'https://{0}:{1}/mgmt/tm/asm/policies/{2}/signature-sets/{3}'.format(
+ self.client.provider['server'],
+ self.client.provider['server_port'],
+ policy_id,
+ self.want.ss_id
+ )
+ response = self.client.api.delete(uri)
+ if response.status in [200, 201]:
+ return True
+ raise F5ModuleError(response.content)
+
+ def read_current_from_device(self):
+ policy_id = self._get_policy_id()
+ uri = "https://{0}:{1}/mgmt/tm/asm/policies/{2}/signature-sets/{3}".format(
+ self.client.provider['server'],
+ self.client.provider['server_port'],
+ policy_id,
+ self.want.ss_id
+ )
+ resp = self.client.api.get(uri)
+ try:
+ response = resp.json()
+ except ValueError as ex:
+ raise F5ModuleError(str(ex))
+
+ if 'code' in response and response['code'] == 400:
+ if 'message' in response:
+ raise F5ModuleError(response['message'])
+ else:
+ raise F5ModuleError(resp.content)
+ return ApiParameters(params=response)
+
+
+class ArgumentSpec(object):
+ def __init__(self):
+ self.supports_check_mode = True
+ argument_spec = dict(
+ policy_name=dict(
+ required=True
+ ),
+ name=dict(
+ required=True
+ ),
+ alarm=dict(
+ type='bool'
+ ),
+ block=dict(
+ type='bool'
+ ),
+ learn=dict(
+ type='bool'
+ ),
+ state=dict(
+ default='present',
+ choices=['present', 'absent']
+ ),
+ partition=dict(
+ default='Common',
+ fallback=(env_fallback, ['F5_PARTITION'])
+ )
+ )
+ self.argument_spec = {}
+ self.argument_spec.update(f5_argument_spec)
+ self.argument_spec.update(argument_spec)
+
+
+def main():
+ spec = ArgumentSpec()
+
+ module = AnsibleModule(
+ argument_spec=spec.argument_spec,
+ supports_check_mode=spec.supports_check_mode,
+ )
+
+ client = F5RestClient(**module.params)
+
+ try:
+ mm = ModuleManager(module=module, client=client)
+ results = mm.exec_module()
+ cleanup_tokens(client)
+ exit_json(module, results, client)
+ except F5ModuleError as ex:
+ cleanup_tokens(client)
+ fail_json(module, ex, client)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/test/units/modules/network/f5/test_bigip_asm_policy_signature_set.py b/test/units/modules/network/f5/test_bigip_asm_policy_signature_set.py
new file mode 100644
index 00000000000..179c62442e4
--- /dev/null
+++ b/test/units/modules/network/f5/test_bigip_asm_policy_signature_set.py
@@ -0,0 +1,151 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright: (c) 2018, F5 Networks Inc.
+# GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+import sys
+
+if sys.version_info < (2, 7):
+ pytestmark = pytest.mark.skip("F5 Ansible modules require Python >= 2.7")
+
+from ansible.module_utils.basic import AnsibleModule
+
+try:
+ from library.modules.bigip_asm_policy_signature_set import ApiParameters
+ from library.modules.bigip_asm_policy_signature_set import ModuleParameters
+ from library.modules.bigip_asm_policy_signature_set import ModuleManager
+ from library.modules.bigip_asm_policy_signature_set import ArgumentSpec
+
+ # In Ansible 2.8, Ansible changed import paths.
+ from test.units.compat import unittest
+ from test.units.compat.mock import Mock
+ from test.units.compat.mock import patch
+
+ from test.units.modules.utils import set_module_args
+except ImportError:
+ from ansible.modules.network.f5.bigip_asm_policy_signature_set import ApiParameters
+ from ansible.modules.network.f5.bigip_asm_policy_signature_set import ModuleParameters
+ from ansible.modules.network.f5.bigip_asm_policy_signature_set import ModuleManager
+ from ansible.modules.network.f5.bigip_asm_policy_signature_set import ArgumentSpec
+
+ # Ansible 2.8 imports
+ from units.compat import unittest
+ from units.compat.mock import Mock
+ from units.compat.mock import patch
+
+ from units.modules.utils import set_module_args
+
+
+fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures')
+fixture_data = {}
+
+
+def load_fixture(name):
+ path = os.path.join(fixture_path, name)
+
+ if path in fixture_data:
+ return fixture_data[path]
+
+ with open(path) as f:
+ data = f.read()
+
+ try:
+ data = json.loads(data)
+ except Exception:
+ pass
+
+ fixture_data[path] = data
+ return data
+
+
+class TestParameters(unittest.TestCase):
+ def test_module_parameters(self):
+ args = dict(
+ name='IIS and Windows Signatures',
+ state='present',
+ policy_name='fake_policy',
+ alarm='yes',
+ block='no',
+ learn='yes'
+ )
+ try:
+ self.p1 = patch('library.modules.bigip_asm_policy_signature_set.tmos_version')
+ self.m1 = self.p1.start()
+ self.m1.return_value = '13.1.0'
+ except Exception:
+ self.p1 = patch('ansible.modules.network.f5.bigip_asm_policy_signature_set.tmos_version')
+ self.m1 = self.p1.start()
+ self.m1.return_value = '13.1.0'
+
+ p = ModuleParameters(params=args)
+
+ assert p.name == 'IIS and Windows Signatures'
+ assert p.state == 'present'
+ assert p.policy_name == 'fake_policy'
+ assert p.alarm is True
+ assert p.block is False
+ assert p.learn is True
+
+ self.p1.stop()
+
+
+class TestManager(unittest.TestCase):
+ def setUp(self):
+ self.spec = ArgumentSpec()
+
+ try:
+ self.p1 = patch('library.modules.bigip_asm_policy_signature_set.module_provisioned')
+ self.p2 = patch('library.modules.bigip_asm_policy_signature_set.tmos_version')
+ self.m1 = self.p1.start()
+ self.m2 = self.p2.start()
+ self.m2.return_value = '13.1.0'
+ self.m1.return_value = True
+ except Exception:
+ self.p1 = patch('ansible.modules.network.f5.bigip_asm_policy_signature_set.module_provisioned')
+ self.p2 = patch('ansible.modules.network.f5.bigip_asm_policy_signature_set.tmos_version')
+ self.m1 = self.p1.start()
+ self.m2 = self.p2.start()
+ self.m2.return_value = '13.1.0'
+ self.m1.return_value = True
+
+ def tearDown(self):
+ self.p1.stop()
+ self.p2.stop()
+
+ def test_add_server_technology(self, *args):
+ set_module_args(dict(
+ policy_name='fake_policy',
+ state='present',
+ name='IIS and Windows Signatures',
+ alarm='yes',
+ block='no',
+ learn='yes',
+ server='localhost',
+ password='password',
+ user='admin',
+ ))
+
+ module = AnsibleModule(
+ argument_spec=self.spec.argument_spec,
+ supports_check_mode=self.spec.supports_check_mode
+ )
+
+ # Override methods to force specific logic in the module to happen
+ mm = ModuleManager(module=module)
+ mm.exists = Mock(return_value=False)
+ mm.create_on_device = Mock(return_value=True)
+
+ results = mm.exec_module()
+
+ assert results['changed'] is True
+ assert results['name'] == 'IIS and Windows Signatures'
+ assert results['policy_name'] == 'fake_policy'
+ assert results['alarm'] == 'yes'
+ assert results['block'] == 'no'
+ assert results['learn'] == 'yes'