From d19108e592fb34b237abb6d07fae87b0b1ea51b0 Mon Sep 17 00:00:00 2001 From: Tim Rupp Date: Fri, 22 Dec 2017 12:54:56 -0800 Subject: [PATCH] Adds more token cleanup (#34207) Token cleanup assists in preventing the ansible modules from overwhelming the existing tokens in bigip api --- .../modules/network/f5/bigip_config.py | 12 +++++++ .../network/f5/bigip_configsync_action.py | 12 +++++++ .../network/f5/bigip_device_connectivity.py | 13 +++++++ .../modules/network/f5/bigip_device_dns.py | 13 +++++++ .../modules/network/f5/bigip_device_ntp.py | 13 +++++++ .../modules/network/f5/bigip_device_sshd.py | 34 +++++++++---------- .../modules/network/f5/bigip_device_trust.py | 34 +++++++++++++------ 7 files changed, 103 insertions(+), 28 deletions(-) diff --git a/lib/ansible/modules/network/f5/bigip_config.py b/lib/ansible/modules/network/f5/bigip_config.py index 043ba0b09ff..11586c85192 100644 --- a/lib/ansible/modules/network/f5/bigip_config.py +++ b/lib/ansible/modules/network/f5/bigip_config.py @@ -339,6 +339,16 @@ class ArgumentSpec(object): self.f5_product_name = 'bigip' +def cleanup_tokens(client): + try: + resource = client.api.shared.authz.tokens_s.token.load( + name=client.api.icrs.token + ) + resource.delete() + except Exception: + pass + + def main(): if not HAS_F5SDK: raise F5ModuleError("The python f5-sdk module is required") @@ -354,8 +364,10 @@ def main(): try: mm = ModuleManager(client) results = mm.exec_module() + cleanup_tokens(client) client.module.exit_json(**results) except F5ModuleError as e: + cleanup_tokens(client) client.module.fail_json(msg=str(e)) diff --git a/lib/ansible/modules/network/f5/bigip_configsync_action.py b/lib/ansible/modules/network/f5/bigip_configsync_action.py index 05c6804674e..ce35888e120 100644 --- a/lib/ansible/modules/network/f5/bigip_configsync_action.py +++ b/lib/ansible/modules/network/f5/bigip_configsync_action.py @@ -347,6 +347,16 @@ class ArgumentSpec(object): ] +def cleanup_tokens(client): + try: + resource = client.api.shared.authz.tokens_s.token.load( + name=client.api.icrs.token + ) + resource.delete() + except Exception: + pass + + def main(): if not HAS_F5SDK: raise F5ModuleError( @@ -371,8 +381,10 @@ def main(): try: mm = ModuleManager(client) results = mm.exec_module() + cleanup_tokens(client) client.module.exit_json(**results) except F5ModuleError as e: + cleanup_tokens(client) client.module.fail_json(msg=str(e)) diff --git a/lib/ansible/modules/network/f5/bigip_device_connectivity.py b/lib/ansible/modules/network/f5/bigip_device_connectivity.py index 56b760cc8d0..def0422fef4 100644 --- a/lib/ansible/modules/network/f5/bigip_device_connectivity.py +++ b/lib/ansible/modules/network/f5/bigip_device_connectivity.py @@ -565,6 +565,16 @@ class ArgumentSpec(object): ] +def cleanup_tokens(client): + try: + resource = client.api.shared.authz.tokens_s.token.load( + name=client.api.icrs.token + ) + resource.delete() + except Exception: + pass + + def main(): if not HAS_F5SDK: raise F5ModuleError("The python f5-sdk module is required") @@ -583,9 +593,12 @@ def main(): try: mm = ModuleManager(client) results = mm.exec_module() + cleanup_tokens(client) client.module.exit_json(**results) except F5ModuleError as e: + cleanup_tokens(client) client.module.fail_json(msg=str(e)) + if __name__ == '__main__': main() diff --git a/lib/ansible/modules/network/f5/bigip_device_dns.py b/lib/ansible/modules/network/f5/bigip_device_dns.py index 096e39c0e1d..1752f4f4789 100644 --- a/lib/ansible/modules/network/f5/bigip_device_dns.py +++ b/lib/ansible/modules/network/f5/bigip_device_dns.py @@ -366,6 +366,16 @@ class ArgumentSpec(object): self.f5_product_name = 'bigip' +def cleanup_tokens(client): + try: + resource = client.api.shared.authz.tokens_s.token.load( + name=client.api.icrs.token + ) + resource.delete() + except Exception: + pass + + def main(): if not HAS_F5SDK: raise F5ModuleError("The python f5-sdk module is required") @@ -382,9 +392,12 @@ def main(): try: mm = ModuleManager(client) results = mm.exec_module() + cleanup_tokens(client) client.module.exit_json(**results) except F5ModuleError as e: + cleanup_tokens(client) client.module.fail_json(msg=str(e)) + if __name__ == '__main__': main() diff --git a/lib/ansible/modules/network/f5/bigip_device_ntp.py b/lib/ansible/modules/network/f5/bigip_device_ntp.py index c9c6d97c82e..f647b835465 100644 --- a/lib/ansible/modules/network/f5/bigip_device_ntp.py +++ b/lib/ansible/modules/network/f5/bigip_device_ntp.py @@ -251,6 +251,16 @@ class ArgumentSpec(object): self.f5_product_name = 'bigip' +def cleanup_tokens(client): + try: + resource = client.api.shared.authz.tokens_s.token.load( + name=client.api.icrs.token + ) + resource.delete() + except Exception: + pass + + def main(): if not HAS_F5SDK: raise F5ModuleError("The python f5-sdk module is required") @@ -267,9 +277,12 @@ def main(): try: mm = ModuleManager(client) results = mm.exec_module() + cleanup_tokens(client) client.module.exit_json(**results) except F5ModuleError as e: + cleanup_tokens(client) client.module.fail_json(msg=str(e)) + if __name__ == '__main__': main() diff --git a/lib/ansible/modules/network/f5/bigip_device_sshd.py b/lib/ansible/modules/network/f5/bigip_device_sshd.py index 991538bb0f6..4c96f89ace0 100644 --- a/lib/ansible/modules/network/f5/bigip_device_sshd.py +++ b/lib/ansible/modules/network/f5/bigip_device_sshd.py @@ -217,7 +217,9 @@ class Parameters(AnsibleF5Parameters): if self._values['allow'] is None: return None allow = self._values['allow'] - return list(set([str(x) for x in allow])) + result = list(set([str(x) for x in allow])) + result = sorted(result) + return result class ModuleManager(object): @@ -289,37 +291,22 @@ class ArgumentSpec(object): self.supports_check_mode = True self.argument_spec = dict( allow=dict( - required=False, - default=None, type='list' ), banner=dict( - required=False, - default=None, choices=self.choices ), - banner_text=dict( - required=False, - default=None - ), + banner_text=dict(), inactivity_timeout=dict( - required=False, - default=None, type='int' ), log_level=dict( - required=False, - default=None, choices=self.levels ), login=dict( - required=False, - default=None, choices=self.choices ), port=dict( - required=False, - default=None, type='int' ), state=dict( @@ -330,6 +317,16 @@ class ArgumentSpec(object): self.f5_product_name = 'bigip' +def cleanup_tokens(client): + try: + resource = client.api.shared.authz.tokens_s.token.load( + name=client.api.icrs.token + ) + resource.delete() + except Exception: + pass + + def main(): if not HAS_F5SDK: raise F5ModuleError("The python f5-sdk module is required") @@ -345,9 +342,12 @@ def main(): try: mm = ModuleManager(client) results = mm.exec_module() + cleanup_tokens(client) client.module.exit_json(**results) except F5ModuleError as e: + cleanup_tokens(client) client.module.fail_json(msg=str(e)) + if __name__ == '__main__': main() diff --git a/lib/ansible/modules/network/f5/bigip_device_trust.py b/lib/ansible/modules/network/f5/bigip_device_trust.py index 4e7cdf7915f..cff6388c778 100644 --- a/lib/ansible/modules/network/f5/bigip_device_trust.py +++ b/lib/ansible/modules/network/f5/bigip_device_trust.py @@ -297,26 +297,38 @@ class ArgumentSpec(object): self.f5_product_name = 'bigip' -def main(): +def cleanup_tokens(client): try: - spec = ArgumentSpec() - - client = AnsibleF5Client( - argument_spec=spec.argument_spec, - supports_check_mode=spec.supports_check_mode, - f5_product_name=spec.f5_product_name + resource = client.api.shared.authz.tokens_s.token.load( + name=client.api.icrs.token ) + resource.delete() + except Exception: + pass - if not HAS_F5SDK: - raise F5ModuleError("The python f5-sdk module is required") - if not HAS_NETADDR: - raise F5ModuleError("The python netaddr module is required") +def main(): + if not HAS_F5SDK: + raise F5ModuleError("The python f5-sdk module is required") + if not HAS_NETADDR: + raise F5ModuleError("The python netaddr module is required") + + spec = ArgumentSpec() + + client = AnsibleF5Client( + argument_spec=spec.argument_spec, + supports_check_mode=spec.supports_check_mode, + f5_product_name=spec.f5_product_name + ) + + try: mm = ModuleManager(client) results = mm.exec_module() + cleanup_tokens(client) client.module.exit_json(**results) except F5ModuleError as e: + cleanup_tokens(client) client.module.fail_json(msg=str(e))