cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fixes repeated calls to create an API object (#35816)

Browse source 
This patch fixes repeated attempts that the module would make to
re-create an API object. The change stores a copy for later lookup
instead. This prevents uncontrolled tokens from being created.
This commit is contained in:
Tim Rupp 2018-02-06 22:16:26 -08:00 committed by GitHub
parent e62c1cd050
commit 95188ed35c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 58 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
lib/ansible/module_utils/network/f5/bigip.py
View file

@ -27,7 +27,8 @@ except ImportError:
class F5Client(F5BaseClient): class F5Client(F5BaseClient):
@property @property
def api(self): def api(self):
result = None if self._client:
return self._client
for x in range(0, 10): for x in range(0, 10):
try: try:
result = ManagementRoot( result = ManagementRoot(
@ -38,13 +39,11 @@ class F5Client(F5BaseClient):
verify=self.params['validate_certs'], verify=self.params['validate_certs'],
token='tmos' token='tmos'
) )
break self._client = result
return self._client
except Exception: except Exception:
time.sleep(3) time.sleep(3)
if result: raise F5ModuleError(
return result 'Unable to connect to {0} on port {1}. '
else: 'Is "validate_certs" preventing this?'.format(self.params['server'], self.params['server_port'])
raise F5ModuleError( )
'Unable to connect to {0} on port {1}. '
'Is "validate_certs" preventing this?'.format(self.params['server'], self.params['server_port'])
)

17
lib/ansible/module_utils/network/f5/bigiq.py
View file

@ -27,7 +27,8 @@ except ImportError:
class F5Client(F5BaseClient): class F5Client(F5BaseClient):
@property @property
def api(self): def api(self):
result = None if self._client:
return self._client
for x in range(0, 10): for x in range(0, 10):
try: try:
result = ManagementRoot( result = ManagementRoot(
@ -38,13 +39,11 @@ class F5Client(F5BaseClient):
verify=self.params['validate_certs'], verify=self.params['validate_certs'],
token='local' token='local'
) )
break self._client = result
return self._client
except Exception: except Exception:
time.sleep(3) time.sleep(3)
if result: raise F5ModuleError(
return result 'Unable to connect to {0} on port {1}. '
else: 'Is "validate_certs" preventing this?'.format(self.params['server'], self.params['server_port'])
raise F5ModuleError( )
'Unable to connect to {0} on port {1}. '
'Is "validate_certs" preventing this?'.format(self.params['server'], self.params['server_port'])
)

35
lib/ansible/module_utils/network/f5/common.py
View file

@ -6,6 +6,8 @@
from __future__ import absolute_import, division, print_function from __future__ import absolute_import, division, print_function
__metaclass__ = type __metaclass__ = type
import re
from ansible.module_utils._text import to_text from ansible.module_utils._text import to_text
from ansible.module_utils.basic import env_fallback from ansible.module_utils.basic import env_fallback
from ansible.module_utils.connection import exec_command from ansible.module_utils.connection import exec_command
@ -156,6 +158,31 @@ def is_cli(module):
return result return result
def is_valid_hostname(host):
"""Reasonable attempt at validating a hostname
Compiled from various paragraphs outlined here
https://tools.ietf.org/html/rfc3696#section-2
https://tools.ietf.org/html/rfc1123
Notably,
* Host software MUST handle host names of up to 63 characters and
SHOULD handle host names of up to 255 characters.
* The "LDH rule", after the characters that it permits. (letters, digits, hyphen)
* If the hyphen is used, it is not permitted to appear at
either the beginning or end of a label
:param host:
:return:
"""
if len(host) > 255:
return False
host = host.rstrip(".")
allowed = re.compile(r'(?!-)[A-Z0-9-]{1,63}(?<!-)$', re.IGNORECASE)
result = all(allowed.match(x) for x in host.split("."))
return result
class Noop(object): class Noop(object):
"""Represent no-operation required """Represent no-operation required
@ -174,6 +201,7 @@ class F5BaseClient(object):
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
self.params = kwargs self.params = kwargs
load_params(self.params) load_params(self.params)
self._client = None
@property @property
def api(self): def api(self):
@ -194,7 +222,7 @@ class F5BaseClient(object):
:return: :return:
:raises iControlUnexpectedHTTPError :raises iControlUnexpectedHTTPError
""" """
self.api = self.mgmt self._client = self.mgmt
class AnsibleF5Parameters(object): class AnsibleF5Parameters(object):
@ -202,12 +230,17 @@ class AnsibleF5Parameters(object):
self._values = defaultdict(lambda: None) self._values = defaultdict(lambda: None)
self._values['__warnings'] = [] self._values['__warnings'] = []
self.client = kwargs.pop('client', None) self.client = kwargs.pop('client', None)
self._module = kwargs.pop('module', None)
self._params = {}
params = kwargs.pop('params', None) params = kwargs.pop('params', None)
if params: if params:
self.update(params=params) self.update(params=params)
self._params.update(params)
def update(self, params=None): def update(self, params=None):
if params: if params:
self._params.update(params)
for k, v in iteritems(params): for k, v in iteritems(params):
if self.api_map is not None and k in self.api_map: if self.api_map is not None and k in self.api_map:
map_key = self.api_map[k] map_key = self.api_map[k]

17
lib/ansible/module_utils/network/f5/iworkflow.py
View file

@ -27,7 +27,8 @@ except ImportError:
class F5Client(F5BaseClient): class F5Client(F5BaseClient):
@property @property
def api(self): def api(self):
result = None if self._client:
return self._client
for x in range(0, 10): for x in range(0, 10):
try: try:
result = ManagementRoot( result = ManagementRoot(
@ -38,13 +39,11 @@ class F5Client(F5BaseClient):
verify=self.params['validate_certs'], verify=self.params['validate_certs'],
token='local' token='local'
) )
break self._client = result
return self._client
except Exception: except Exception:
time.sleep(3) time.sleep(3)
if result: raise F5ModuleError(
return result 'Unable to connect to {0} on port {1}. '
else: 'Is "validate_certs" preventing this?'.format(self.params['server'], self.params['server_port'])
raise F5ModuleError( )
'Unable to connect to {0} on port {1}. '
'Is "validate_certs" preventing this?'.format(self.params['server'], self.params['server_port'])
)