Add workaround for evasive in apache2_module (#22649)

* Add workaround for evasive in apache2_module

* Fixes #22635
* Clean up workarounds for php/shib
* Add test for evasive workaround
* Remove use of re module, since all searches work with native python

* Add unit tests to apache2_module name replacements

Go back to using re package where needed

* Rename replace_name to create_apache_identifier
This commit is contained in:
Robin Roth 2017-04-04 20:12:06 +02:00 committed by Brian Coca
parent 7e3af115ce
commit 6f40cb9647
3 changed files with 59 additions and 18 deletions

View file

@ -109,10 +109,7 @@ def _run_threaded(module):
result, stdout, stderr = module.run_command("%s -V" % control_binary) result, stdout, stderr = module.run_command("%s -V" % control_binary)
if re.search(r'threaded:[ ]*yes', stdout): return bool(re.search(r'threaded:[ ]*yes', stdout))
return True
else:
return False
def _get_ctl_binary(module): def _get_ctl_binary(module):
for command in ['apache2ctl', 'apachectl']: for command in ['apache2ctl', 'apachectl']:
@ -146,20 +143,38 @@ def _module_is_enabled(module):
else: else:
module.fail_json(msg=error_msg) module.fail_json(msg=error_msg)
""" searchstring = ' ' + create_apache_identifier(name)
Work around for php modules; php7.x are always listed as php7_module return searchstring in stdout
"""
php_module = re.search(r'^(php\d)\.', name)
if php_module:
name = php_module.group(1)
def create_apache_identifier(name):
""" """
Workaround for shib2; module is listed as mod_shib By convention if a module is loaded via name, it appears in apache2ctl -M as
""" name_module.
if re.search(r'shib2', name):
return bool(re.search(r' mod_shib', stdout)) Some modules don't follow this convention and we use replacements for those."""
# a2enmod name replacement to apache2ctl -M names
text_workarounds = [
('shib2', 'mod_shib'),
('evasive', 'evasive20_module'),
]
# re expressions to extract subparts of names
re_workarounds = [
('php', r'^(php\d)\.'),
]
for a2enmod_spelling, module_name in text_workarounds:
if a2enmod_spelling in name:
return module_name
for search, reexpr in re_workarounds:
if search in name:
rematch = re.search(reexpr, name)
return rematch.group(1) + '_module'
return name + '_module'
return bool(re.search(r' ' + name + r'_module', stdout))
def _set_state(module, state): def _set_state(module, state):
name = module.params['name'] name = module.params['name']
@ -221,6 +236,6 @@ def main():
_set_state(module, module.params['state']) _set_state(module, module.params['state'])
# import module snippets # import module snippets
from ansible.module_utils.basic import * from ansible.module_utils.basic import AnsibleModule
if __name__ == '__main__': if __name__ == '__main__':
main() main()

View file

@ -15,9 +15,12 @@
- name: install apache via apt - name: install apache via apt
apt: apt:
name: apache2 name: "{{item}}"
state: present state: present
when: "ansible_os_family == 'Debian'" when: "ansible_os_family == 'Debian'"
with_items:
- apache2
- libapache2-mod-evasive
- name: install apache via zypper - name: install apache via zypper
zypper: zypper:
@ -84,4 +87,11 @@
name: autoindex name: autoindex
state: absent state: absent
force: True force: True
when: "ansible_os_family != 'Suse'" when: "ansible_os_family == 'Debian'"
- name: enable evasive module, test https://github.com/ansible/ansible/issues/22635
apache2_module:
name: evasive
state: present
when: "ansible_os_family == 'Debian'"

View file

@ -0,0 +1,16 @@
import pytest
from ansible.modules.web_infrastructure.apache2_module import create_apache_identifier
REPLACEMENTS = [
('php7.1', 'php7_module'),
('php5.6', 'php5_module'),
('shib2', 'mod_shib'),
('evasive', 'evasive20_module'),
('thismoduledoesnotexist', 'thismoduledoesnotexist_module'), # the default
]
@pytest.mark.parametrize("replacement", REPLACEMENTS, ids=lambda x: x[0])
def test_apache_identifier(replacement):
"test the correct replacement of an a2enmod name with an apache2ctl name"
assert create_apache_identifier(replacement[0]) == replacement[1]