Adds new parameters to bigip_profile_http (#48528)

This commit is contained in:
Tim Rupp 2018-11-10 22:12:19 -08:00 committed by GitHub
parent f126db7f21
commit 77afc32621
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 250 additions and 34 deletions

View file

@ -7,6 +7,7 @@
from __future__ import absolute_import, division, print_function from __future__ import absolute_import, division, print_function
__metaclass__ = type __metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1', ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'certified'} 'supported_by': 'certified'}
@ -94,6 +95,53 @@ options:
choices: choices:
- always - always
- on_create - on_create
header_erase:
description:
- The name of a header, in an HTTP request, which the system removes from request.
- To remove the entry completely a value of C(none) or C('') should be set.
- The format of the header must be in C(KEY:VALUE) format, otherwise error is raised.
- When creating a new profile, if this parameter is not specified, the
default is provided by the parent profile.
version_added: 2.8
header_insert:
description:
- A string that the system inserts as a header in an HTTP request.
- To remove the entry completely a value of C(none) or C('') should be set.
- The format of the header must be in C(KEY:VALUE) format, otherwise error is raised.
- When creating a new profile, if this parameter is not specified, the
default is provided by the parent profile.
version_added: 2.8
server_agent_name:
description:
- Specifies the string used as the server name in traffic generated by LTM.
- To remove the entry completely a value of C(none) or C('') should be set.
- When creating a new profile, if this parameter is not specified, the
default is provided by the parent profile.
version_added: 2.8
include_subdomains:
description:
- When set to C(yes), applies the HSTS policy to the HSTS host and its sub-domains.
- When creating a new profile, if this parameter is not specified, the
default is provided by the parent profile.
type: bool
version_added: 2.8
maximum_age:
description:
- Specifies the maximum length of time, in seconds, that HSTS functionality
requests that clients only use HTTPS to connect to the current host and
any sub-domains of the current host's domain name.
- The accepted value range is C(0 - 4294967295) seconds, a value of C(0) seconds
re-enables plaintext HTTP access, while specifying C(indefinite) will set it to the maximum value.
- When creating a new profile, if this parameter is not specified, the
default is provided by the parent profile.
version_added: 2.8
hsts_mode:
description:
- When set to C(yes), enables the HSTS settings.
- When creating a new profile, if this parameter is not specified, the
default is provided by the parent profile.
type: bool
version_added: 2.8
partition: partition:
description: description:
- Device partition to manage resources on. - Device partition to manage resources on.
@ -189,6 +237,7 @@ try:
from library.module_utils.network.f5.common import transform_name from library.module_utils.network.f5.common import transform_name
from library.module_utils.network.f5.common import exit_json from library.module_utils.network.f5.common import exit_json
from library.module_utils.network.f5.common import fail_json from library.module_utils.network.f5.common import fail_json
from library.module_utils.network.f5.urls import check_header_validity
except ImportError: except ImportError:
from ansible.module_utils.network.f5.bigip import F5RestClient from ansible.module_utils.network.f5.bigip import F5RestClient
from ansible.module_utils.network.f5.common import F5ModuleError from ansible.module_utils.network.f5.common import F5ModuleError
@ -200,6 +249,7 @@ except ImportError:
from ansible.module_utils.network.f5.common import transform_name from ansible.module_utils.network.f5.common import transform_name
from ansible.module_utils.network.f5.common import exit_json from ansible.module_utils.network.f5.common import exit_json
from ansible.module_utils.network.f5.common import fail_json from ansible.module_utils.network.f5.common import fail_json
from ansible.module_utils.network.f5.urls import check_header_validity
class Parameters(AnsibleF5Parameters): class Parameters(AnsibleF5Parameters):
@ -211,7 +261,12 @@ class Parameters(AnsibleF5Parameters):
'encryptCookieSecret': 'encrypt_cookie_secret', 'encryptCookieSecret': 'encrypt_cookie_secret',
'proxyType': 'proxy_type', 'proxyType': 'proxy_type',
'explicitProxy': 'explicit_proxy', 'explicitProxy': 'explicit_proxy',
'headerErase': 'header_erase',
'headerInsert': 'header_insert',
'serverAgentName': 'server_agent_name',
'includeSubdomains': 'include_subdomains',
'maximumAge': 'maximum_age',
'mode': 'hsts_mode',
} }
api_attributes = [ api_attributes = [
@ -223,6 +278,10 @@ class Parameters(AnsibleF5Parameters):
'encryptCookieSecret', 'encryptCookieSecret',
'proxyType', 'proxyType',
'explicitProxy', 'explicitProxy',
'headerErase',
'headerInsert',
'hsts',
'serverAgentName',
] ]
returnables = [ returnables = [
@ -234,6 +293,12 @@ class Parameters(AnsibleF5Parameters):
'proxy_type', 'proxy_type',
'explicit_proxy', 'explicit_proxy',
'dns_resolver', 'dns_resolver',
'hsts_mode',
'maximum_age',
'include_subdomains',
'server_agent_name',
'header_erase',
'header_insert',
] ]
updatables = [ updatables = [
@ -244,6 +309,12 @@ class Parameters(AnsibleF5Parameters):
'encrypt_cookie_secret', 'encrypt_cookie_secret',
'proxy_type', 'proxy_type',
'dns_resolver', 'dns_resolver',
'hsts_mode',
'maximum_age',
'include_subdomains',
'server_agent_name',
'header_erase',
'header_insert',
] ]
@ -262,6 +333,24 @@ class ApiParameters(Parameters):
if 'dnsResolverReference' in self._values['explicit_proxy']: if 'dnsResolverReference' in self._values['explicit_proxy']:
return self._values['explicit_proxy']['dnsResolverReference'] return self._values['explicit_proxy']['dnsResolverReference']
@property
def include_subdomains(self):
if self._values['hsts'] is None:
return None
return self._values['hsts']['includeSubdomains']
@property
def hsts_mode(self):
if self._values['hsts'] is None:
return None
return self._values['hsts']['mode']
@property
def maximum_age(self):
if self._values['hsts'] is None:
return None
return self._values['hsts']['maximumAge']
class ModuleParameters(Parameters): class ModuleParameters(Parameters):
@property @property
@ -327,6 +416,56 @@ class ModuleParameters(Parameters):
) )
return result return result
@property
def include_subdomains(self):
result = flatten_boolean(self._values['include_subdomains'])
if result is None:
return None
if result == 'yes':
return 'enabled'
return 'disabled'
@property
def maximum_age(self):
if self._values['maximum_age'] is None:
return None
if self._values['maximum_age'] == 'indefinite':
return 4294967295
if 0 <= int(self._values['maximum_age']) <= 4294967295:
return int(self._values['maximum_age'])
raise F5ModuleError(
"Valid 'maximum_age' must be in range 0 - 4294967295, or 'indefinite'."
)
@property
def hsts_mode(self):
result = flatten_boolean(self._values['hsts_mode'])
if result is None:
return None
if result == 'yes':
return 'enabled'
return 'disabled'
@property
def header_erase(self):
header_erase = self._values['header_erase']
if header_erase is None:
return None
if header_erase in ['none', '']:
return self._values['header_erase']
check_header_validity(header_erase)
return header_erase
@property
def header_insert(self):
header_insert = self._values['header_insert']
if header_insert is None:
return None
if header_insert in ['none', '']:
return self._values['header_insert']
check_header_validity(header_insert)
return header_insert
class Changes(Parameters): class Changes(Parameters):
def to_return(self): def to_return(self):
@ -352,6 +491,19 @@ class UsableChanges(Changes):
return None return None
return result return result
@property
def hsts(self):
result = dict()
if self._values['hsts_mode'] is not None:
result['mode'] = self._values['hsts_mode']
if self._values['maximum_age'] is not None:
result['maximumAge'] = self._values['maximum_age']
if self._values['include_subdomains'] is not None:
result['includeSubdomains'] = self._values['include_subdomains']
if not result:
return None
return result
class ReportableChanges(Changes): class ReportableChanges(Changes):
@property @property
@ -362,6 +514,30 @@ class ReportableChanges(Changes):
return 'yes' return 'yes'
return 'no' return 'no'
@property
def hsts_mode(self):
if self._values['hsts_mode'] is None:
return None
elif self._values['hsts_mode'] == 'enabled':
return 'yes'
return 'no'
@property
def include_subdomains(self):
if self._values['include_subdomains'] is None:
return None
elif self._values['include_subdomains'] == 'enabled':
return 'yes'
return 'no'
@property
def maximum_age(self):
if self._values['maximum_age'] is None:
return None
if self._values['maximum_age'] == 4294967295:
return 'indefinite'
return int(self._values['maximum_age'])
class Difference(object): class Difference(object):
def __init__(self, want, have=None): def __init__(self, want, have=None):
@ -407,16 +583,45 @@ class Difference(object):
if self.have.dns_resolver is None: if self.have.dns_resolver is None:
return self.want.dns_resolver return self.want.dns_resolver
@property
def header_erase(self):
if self.want.header_erase is None:
return None
if self.want.header_erase in ['none', '']:
if self.have.header_erase in [None, 'none']:
return None
if self.want.header_erase != self.have.header_erase:
return self.want.header_erase
@property
def header_insert(self):
if self.want.header_insert is None:
return None
if self.want.header_insert in ['none', '']:
if self.have.header_insert in [None, 'none']:
return None
if self.want.header_insert != self.have.header_insert:
return self.want.header_insert
@property
def server_agent_name(self):
if self.want.server_agent_name is None:
return None
if self.want.server_agent_name in ['none', '']:
if self.have.server_agent_name in [None, 'none']:
return None
if self.want.server_agent_name != self.have.server_agent_name:
return self.want.server_agent_name
@property @property
def encrypt_cookies(self): def encrypt_cookies(self):
if self.want.encrypt_cookies is None: if self.want.encrypt_cookies is None:
return None return None
if self.have.encrypt_cookies == [] and self.want.encrypt_cookies == []: if self.have.encrypt_cookies in [None, []]:
return None if not self.want.encrypt_cookies:
if self.have.encrypt_cookies is not None and self.want.encrypt_cookies == []: return None
return self.want.encrypt_cookies else:
if self.have.encrypt_cookies is None: return self.want.encrypt_cookies
return self.want.encrypt_cookies
if set(self.want.encrypt_cookies) != set(self.have.encrypt_cookies): if set(self.want.encrypt_cookies) != set(self.have.encrypt_cookies):
return self.want.encrypt_cookies return self.want.encrypt_cookies
@ -477,7 +682,6 @@ class ModuleManager(object):
changed = self.present() changed = self.present()
elif state == "absent": elif state == "absent":
changed = self.absent() changed = self.absent()
reportable = ReportableChanges(params=self.changes.to_return()) reportable = ReportableChanges(params=self.changes.to_return())
changes = reportable.to_return() changes = reportable.to_return()
result.update(**changes) result.update(**changes)
@ -499,20 +703,10 @@ class ModuleManager(object):
else: else:
return self.create() return self.create()
def exists(self): def absent(self):
uri = "https://{0}:{1}/mgmt/tm/ltm/profile/http/{2}".format( if self.exists():
self.client.provider['server'], return self.remove()
self.client.provider['server_port'], return False
transform_name(self.want.partition, self.want.name)
)
resp = self.client.api.get(uri)
try:
response = resp.json()
except ValueError:
return False
if resp.status == 404 or 'code' in response and response['code'] == 404:
return False
return True
def update(self): def update(self):
self.have = self.read_current_from_device() self.have = self.read_current_from_device()
@ -538,6 +732,21 @@ class ModuleManager(object):
self.create_on_device() self.create_on_device()
return True return True
def exists(self):
uri = "https://{0}:{1}/mgmt/tm/ltm/profile/http/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name)
)
resp = self.client.api.get(uri)
try:
response = resp.json()
except ValueError:
return False
if resp.status == 404 or 'code' in response and response['code'] == 404:
return False
return True
def create_on_device(self): def create_on_device(self):
params = self.changes.api_params() params = self.changes.api_params()
params['name'] = self.want.name params['name'] = self.want.name
@ -578,11 +787,6 @@ class ModuleManager(object):
else: else:
raise F5ModuleError(resp.content) raise F5ModuleError(resp.content)
def absent(self):
if self.exists():
return self.remove()
return False
def remove_from_device(self): def remove_from_device(self):
uri = "https://{0}:{1}/mgmt/tm/ltm/profile/http/{2}".format( uri = "https://{0}:{1}/mgmt/tm/ltm/profile/http/{2}".format(
self.client.provider['server'], self.client.provider['server'],
@ -644,6 +848,12 @@ class ArgumentSpec(object):
default='always', default='always',
choices=['always', 'on_create'] choices=['always', 'on_create']
), ),
header_erase=dict(),
header_insert=dict(),
server_agent_name=dict(),
hsts_mode=dict(type='bool'),
maximum_age=dict(),
include_subdomains=dict(type='bool'),
state=dict( state=dict(
default='present', default='present',
choices=['present', 'absent'] choices=['present', 'absent']

View file

@ -14,8 +14,6 @@ from nose.plugins.skip import SkipTest
if sys.version_info < (2, 7): if sys.version_info < (2, 7):
raise SkipTest("F5 Ansible modules require Python >= 2.7") raise SkipTest("F5 Ansible modules require Python >= 2.7")
from units.compat import unittest
from units.compat.mock import Mock
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
try: try:
@ -23,17 +21,25 @@ try:
from library.modules.bigip_profile_http import ModuleParameters from library.modules.bigip_profile_http import ModuleParameters
from library.modules.bigip_profile_http import ModuleManager from library.modules.bigip_profile_http import ModuleManager
from library.modules.bigip_profile_http import ArgumentSpec from library.modules.bigip_profile_http import ArgumentSpec
from library.module_utils.network.f5.common import F5ModuleError
from library.module_utils.network.f5.common import iControlUnexpectedHTTPError # In Ansible 2.8, Ansible changed import paths.
from test.unit.modules.utils import set_module_args from test.units.compat import unittest
from test.units.compat.mock import Mock
from test.units.compat.mock import patch
from test.units.modules.utils import set_module_args
except ImportError: except ImportError:
try: try:
from ansible.modules.network.f5.bigip_profile_http import ApiParameters from ansible.modules.network.f5.bigip_profile_http import ApiParameters
from ansible.modules.network.f5.bigip_profile_http import ModuleParameters from ansible.modules.network.f5.bigip_profile_http import ModuleParameters
from ansible.modules.network.f5.bigip_profile_http import ModuleManager from ansible.modules.network.f5.bigip_profile_http import ModuleManager
from ansible.modules.network.f5.bigip_profile_http import ArgumentSpec from ansible.modules.network.f5.bigip_profile_http import ArgumentSpec
from ansible.module_utils.network.f5.common import F5ModuleError
from ansible.module_utils.network.f5.common import iControlUnexpectedHTTPError # Ansible 2.8 imports
from units.compat import unittest
from units.compat.mock import Mock
from units.compat.mock import patch
from units.modules.utils import set_module_args from units.modules.utils import set_module_args
except ImportError: except ImportError:
raise SkipTest("F5 Ansible modules require the f5-sdk Python library") raise SkipTest("F5 Ansible modules require the f5-sdk Python library")