Adds "allow" param to bigip_device_httpd (#34439)

This param can control what addresses are allowed to access the
httpd ui of the bigip
This commit is contained in:
Tim Rupp 2018-01-03 20:58:22 -08:00 committed by GitHub
parent f58d9da703
commit 43812d82c1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 101 additions and 6 deletions

2
.github/BOTMETA.yml vendored
View file

@ -469,7 +469,7 @@ files:
$modules/network/enos/: amuraleedhar
$modules/network/eos/: privateip trishnaguha
$modules/network/f5/:
ignored: Etienne-Carriere mhite mryanlam perzizzle srvg wojtek0806
ignored: Etienne-Carriere mhite mryanlam perzizzle srvg wojtek0806 JoeReifel
maintainers: caphrim007
$modules/network/fortios/: bjolivot
$modules/network/illumos/: xen0l

View file

@ -21,9 +21,17 @@ description:
to change when you want to set GUI timeouts and other TMUI related settings.
version_added: "2.5"
options:
allow:
description:
- Specifies, if you have enabled HTTPD access, the IP address or address
range for other systems that can communicate with this system.
choices:
- all
- IP address, such as 172.27.1.10
- IP range, such as 172.27.*.* or 172.27.0.0/255.255.0.0
auth_name:
description:
- Sets the BIG-IP authentication realm name
- Sets the BIG-IP authentication realm name.
auth_pam_idle_timeout:
description:
- Sets the GUI timeout for automatic logout, in seconds.
@ -102,6 +110,51 @@ auth_pam_idle_timeout:
returned: changed
type: string
sample: 1200
auth_name:
description: The new authentication realm name.
returned: changed
type: string
sample: 'foo'
auth_pam_validate_ip:
description: The new authPamValidateIp setting.
returned: changed
type: bool
sample: on
auth_pam_dashboard_timeout:
description: Whether or not the BIG-IP dashboard will timeout.
returned: changed
type: bool
sample: off
fast_cgi_timeout:
description: The new timeout of FastCGI.
returned: changed
type: int
sample: 500
hostname_lookup:
description: Whether or not to display the hostname, if possible.
returned: changed
type: bool
sample: on
log_level:
description: The new minimum httpd log level.
returned: changed
type: string
sample: crit
max_clients:
description: The new maximum number of clients that can connect to the GUI at once.
returned: changed
type: int
sample: 20
redirect_http_to_https:
description: Whether or not to redirect http requests to the GUI to https.
returned: changed
type: bool
sample: on
ssl_port:
description: The new HTTPS port to listen on.
returned: changed
type: int
sample: 10443
'''
import time
@ -142,19 +195,21 @@ class Parameters(AnsibleF5Parameters):
api_attributes = [
'authPamIdleTimeout', 'authPamValidateIp', 'authName', 'authPamDashboardTimeout',
'fastcgiTimeout', 'hostnameLookup', 'logLevel', 'maxClients', 'sslPort',
'redirectHttpToHttps'
'redirectHttpToHttps', 'allow'
]
returnables = [
'auth_pam_idle_timeout', 'auth_pam_validate_ip', 'auth_name',
'auth_pam_dashboard_timeout', 'fast_cgi_timeout', 'hostname_lookup',
'log_level', 'max_clients', 'redirect_http_to_https', 'ssl_port'
'log_level', 'max_clients', 'redirect_http_to_https', 'ssl_port',
'allow'
]
updatables = [
'auth_pam_idle_timeout', 'auth_pam_validate_ip', 'auth_name',
'auth_pam_dashboard_timeout', 'fast_cgi_timeout', 'hostname_lookup',
'log_level', 'max_clients', 'redirect_http_to_https', 'ssl_port'
'log_level', 'max_clients', 'redirect_http_to_https', 'ssl_port',
'allow'
]
def __init__(self, params=None):
@ -255,9 +310,31 @@ class ModuleParameters(Parameters):
return "enabled"
return "disabled"
@property
def allow(self):
if self._values['allow'] is None:
return None
if self._values['allow'][0] == 'all':
return 'all'
if self._values['allow'][0] == '':
return ''
allow = self._values['allow']
result = list(set([str(x) for x in allow]))
result = sorted(result)
return result
class ApiParameters(Parameters):
pass
@property
def allow(self):
if self._values['allow'] is None:
return ''
if self._values['allow'][0] == 'All':
return 'all'
allow = self._values['allow']
result = list(set([str(x) for x in allow]))
result = sorted(result)
return result
class Changes(Parameters):
@ -301,6 +378,21 @@ class Difference(object):
except AttributeError:
return attr1
@property
def allow(self):
if self.want.allow is None:
return None
if self.want.allow == 'all' and self.have.allow == 'all':
return None
if self.want.allow == 'all':
return ['All']
if self.want.allow == '' and self.have.allow == '':
return None
if self.want.allow == '':
return []
if self.want.allow != self.have.allow:
return self.want.allow
class ModuleManager(object):
def __init__(self, client):
@ -403,6 +495,9 @@ class ArgumentSpec(object):
def __init__(self):
self.supports_check_mode = True
self.argument_spec = dict(
allow=dict(
type='list'
),
auth_name=dict(),
auth_pam_idle_timeout=dict(
type='int'