Adds module for bigip service policies (#39240)

This patch includes a module for managing bigip service policies.

lib/ansible/modules/network/f5/bigip_service_policy.py

@@ -0,0 +1,405 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Copyright: (c) 2017, F5 Networks Inc.
+# GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+                    'status': ['preview'],
+                    'supported_by': 'community'}
+
+DOCUMENTATION = r'''
+---
+module: bigip_service_policy
+short_description: Manages service policies on a BIG-IP.
+description:
+  - Service policies allow you to configure timers and port misuse rules,
+    if enabled, on a per rule or per context basis.
+version_added: 2.6
+options:
+  name:
+    description:
+      - Name of the service policy.
+    required: True
+  description:
+    description:
+      - Description of the service policy.
+  timer_policy:
+    description:
+      - The timer policy to attach to the service policy.
+  port_misuse_policy:
+    description:
+      - The port misuse policy to attach to the service policy.
+      - Requires that C(afm) be provisioned to use. If C(afm) is not provisioned, this parameter
+        will be ignored.
+  state:
+    description:
+      - Whether the resource should exist or not.
+    default: present
+    choices:
+      - present
+      - absent
+  partition:
+    description:
+      - Device partition to manage resources on.
+    default: Common
+extends_documentation_fragment: f5
+author:
+  - Tim Rupp (@caphrim007)
+'''
+
+EXAMPLES = r'''
+- name: Create a service policy
+  bigip_service_policy:
+    name: foo
+    timer_policy: timer1
+    port_misuse_policy: misuse1
+    timer_policy_enabled: yes
+    port_misuse_policy_enabled: yes
+    password: secret
+    server: lb.mydomain.com
+    state: present
+    user: admin
+  delegate_to: localhost
+'''
+
+RETURN = r'''
+timer_policy:
+  description: The new timer policy attached to the resource.
+  returned: changed
+  type: string
+  sample: /Common/timer1
+port_misuse_policy:
+  description: The new port misuse policy attached to the resource.
+  returned: changed
+  type: string
+  sample: /Common/misuse1
+description:
+  description: New description of the resource.
+  returned: changed
+  type: string
+  sample: My service policy description
+'''
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.basic import env_fallback
+
+try:
+    from library.module_utils.network.f5.bigip import HAS_F5SDK
+    from library.module_utils.network.f5.bigip import F5Client
+    from library.module_utils.network.f5.common import F5ModuleError
+    from library.module_utils.network.f5.common import AnsibleF5Parameters
+    from library.module_utils.network.f5.common import cleanup_tokens
+    from library.module_utils.network.f5.common import fq_name
+    from library.module_utils.network.f5.common import f5_argument_spec
+    try:
+        from library.module_utils.network.f5.common import iControlUnexpectedHTTPError
+    except ImportError:
+        HAS_F5SDK = False
+except ImportError:
+    from ansible.module_utils.network.f5.bigip import HAS_F5SDK
+    from ansible.module_utils.network.f5.bigip import F5Client
+    from ansible.module_utils.network.f5.common import F5ModuleError
+    from ansible.module_utils.network.f5.common import AnsibleF5Parameters
+    from ansible.module_utils.network.f5.common import cleanup_tokens
+    from ansible.module_utils.network.f5.common import fq_name
+    from ansible.module_utils.network.f5.common import f5_argument_spec
+    try:
+        from ansible.module_utils.network.f5.common import iControlUnexpectedHTTPError
+    except ImportError:
+        HAS_F5SDK = False
+
+
+class Parameters(AnsibleF5Parameters):
+    api_map = {
+        'portMisusePolicy': 'port_misuse_policy',
+        'timerPolicy': 'timer_policy'
+    }
+
+    api_attributes = [
+        'description', 'timerPolicy', 'portMisusePolicy'
+    ]
+
+    returnables = [
+        'description', 'timer_policy', 'port_misuse_policy'
+    ]
+
+    updatables = [
+        'description', 'timer_policy', 'port_misuse_policy'
+    ]
+
+
+class ApiParameters(Parameters):
+    pass
+
+
+class ModuleParameters(Parameters):
+    @property
+    def timer_policy(self):
+        if self._values['timer_policy'] is None:
+            return None
+        if self._values['timer_policy'] == '':
+            return ''
+        return fq_name(self.partition, self._values['timer_policy'])
+
+    @property
+    def port_misuse_policy(self):
+        if self._values['port_misuse_policy'] is None:
+            return None
+        if self._values['port_misuse_policy'] == '':
+            return ''
+        return fq_name(self.partition, self._values['port_misuse_policy'])
+
+
+class Changes(Parameters):
+    def to_return(self):
+        result = {}
+        try:
+            for returnable in self.returnables:
+                result[returnable] = getattr(self, returnable)
+            result = self._filter_params(result)
+        except Exception:
+            pass
+        return result
+
+
+class UsableChanges(Changes):
+    pass
+
+
+class ReportableChanges(Changes):
+    pass
+
+
+class Difference(object):
+    def __init__(self, want, have=None):
+        self.want = want
+        self.have = have
+
+    def compare(self, param):
+        try:
+            result = getattr(self, param)
+            return result
+        except AttributeError:
+            return self.__default(param)
+
+    def __default(self, param):
+        attr1 = getattr(self.want, param)
+        try:
+            attr2 = getattr(self.have, param)
+            if attr1 != attr2:
+                return attr1
+        except AttributeError:
+            return attr1
+
+
+class ModuleManager(object):
+    def __init__(self, *args, **kwargs):
+        self.module = kwargs.get('module', None)
+        self.client = kwargs.get('client', None)
+        self.want = ModuleParameters(params=self.module.params)
+        self.have = ApiParameters()
+        self.changes = UsableChanges()
+
+    def _set_changed_options(self):
+        changed = {}
+        for key in Parameters.returnables:
+            if getattr(self.want, key) is not None:
+                changed[key] = getattr(self.want, key)
+        if changed:
+            self.changes = UsableChanges(params=changed)
+
+    def _update_changed_options(self):
+        diff = Difference(self.want, self.have)
+        updatables = Parameters.updatables
+        changed = dict()
+        for k in updatables:
+            change = diff.compare(k)
+            if change is None:
+                continue
+            else:
+                if isinstance(change, dict):
+                    changed.update(change)
+                else:
+                    changed[k] = change
+        if changed:
+            self.changes = UsableChanges(params=changed)
+            return True
+        return False
+
+    def module_provisioned(self, module):
+        resource = self.client.api.tm.sys.dbs.db.load(
+            name='provisioned.cpu.{0}'.format(module)
+        )
+        if int(resource.value) == 0:
+            return False
+        return True
+
+    def should_update(self):
+        result = self._update_changed_options()
+        if result:
+            return True
+        return False
+
+    def exec_module(self):
+        changed = False
+        result = dict()
+        state = self.want.state
+
+        try:
+            if state == "present":
+                changed = self.present()
+            elif state == "absent":
+                changed = self.absent()
+        except iControlUnexpectedHTTPError as e:
+            raise F5ModuleError(str(e))
+
+        reportable = ReportableChanges(params=self.changes.to_return())
+        changes = reportable.to_return()
+        result.update(**changes)
+        result.update(dict(changed=changed))
+        self._announce_deprecations(result)
+        return result
+
+    def _announce_deprecations(self, result):
+        warnings = result.pop('__warnings', [])
+        for warning in warnings:
+            self.client.module.deprecate(
+                msg=warning['msg'],
+                version=warning['version']
+            )
+
+    def present(self):
+        if self.exists():
+            return self.update()
+        else:
+            return self.create()
+
+    def exists(self):
+        result = self.client.api.tm.net.service_policys.service_policy.exists(
+            name=self.want.name,
+            partition=self.want.partition
+        )
+        return result
+
+    def update(self):
+        self.have = self.read_current_from_device()
+        if not self.should_update():
+            return False
+        if self.want.port_misuse_policy:
+            if not self.module_provisioned('afm'):
+                raise F5ModuleError(
+                    "To configure a 'port_misuse_policy', you must have AFM provisioned."
+                )
+        if self.module.check_mode:
+            return True
+        self.update_on_device()
+        return True
+
+    def remove(self):
+        if self.module.check_mode:
+            return True
+        self.remove_from_device()
+        if self.exists():
+            raise F5ModuleError("Failed to delete the resource.")
+        return True
+
+    def create(self):
+        self._set_changed_options()
+        if self.want.port_misuse_policy:
+            if not self.module_provisioned('afm'):
+                raise F5ModuleError(
+                    "To configure a 'port_misuse_policy', you must have AFM provisioned."
+                )
+        if self.module.check_mode:
+            return True
+        self.create_on_device()
+        return True
+
+    def create_on_device(self):
+        params = self.changes.api_params()
+        self.client.api.tm.net.service_policys.service_policy.create(
+            name=self.want.name,
+            partition=self.want.partition,
+            **params
+        )
+
+    def update_on_device(self):
+        params = self.changes.api_params()
+        resource = self.client.api.tm.net.service_policys.service_policy.load(
+            name=self.want.name,
+            partition=self.want.partition
+        )
+        resource.modify(**params)
+
+    def absent(self):
+        if self.exists():
+            return self.remove()
+        return False
+
+    def remove_from_device(self):
+        resource = self.client.api.tm.net.service_policys.service_policy.load(
+            name=self.want.name,
+            partition=self.want.partition
+        )
+        if resource:
+            resource.delete()
+
+    def read_current_from_device(self):
+        resource = self.client.api.tm.net.service_policys.service_policy.load(
+            name=self.want.name,
+            partition=self.want.partition
+        )
+        result = resource.attrs
+        return ApiParameters(params=result)
+
+
+class ArgumentSpec(object):
+    def __init__(self):
+        self.supports_check_mode = True
+        argument_spec = dict(
+            name=dict(),
+            description=dict(),
+            timer_policy=dict(),
+            port_misuse_policy=dict(),
+            state=dict(
+                default='present',
+                choices=['absent', 'present']
+            ),
+            partition=dict(
+                default='Common',
+                fallback=(env_fallback, ['F5_PARTITION'])
+            )
+        )
+        self.argument_spec = {}
+        self.argument_spec.update(f5_argument_spec)
+        self.argument_spec.update(argument_spec)
+
+
+def main():
+    spec = ArgumentSpec()
+
+    module = AnsibleModule(
+        argument_spec=spec.argument_spec,
+        supports_check_mode=spec.supports_check_mode
+    )
+    if not HAS_F5SDK:
+        module.fail_json(msg="The python f5-sdk module is required")
+
+    try:
+        client = F5Client(**module.params)
+        mm = ModuleManager(module=module, client=client)
+        results = mm.exec_module()
+        cleanup_tokens(client)
+        module.exit_json(**results)
+    except F5ModuleError as ex:
+        cleanup_tokens(client)
+        module.fail_json(msg=str(ex))
+
+
+if __name__ == '__main__':
+    main()

test/units/modules/network/f5/fixtures/load_net_service_policy_1.json

@@ -0,0 +1,17 @@
+{
+    "kind": "tm:net:service-policy:service-policystate",
+    "name": "baz",
+    "partition": "Common",
+    "fullPath": "/Common/baz",
+    "generation": 581,
+    "selfLink": "https://localhost/mgmt/tm/net/service-policy/~Common~baz?ver=13.1.0.4",
+    "description": "my description",
+    "portMisusePolicy": "/Common/bar",
+    "portMisusePolicyReference": {
+        "link": "https://localhost/mgmt/tm/security/firewall/port-misuse-policy/~Common~bar?ver=13.1.0.4"
+    },
+    "timerPolicy": "/Common/foo",
+    "timerPolicyReference": {
+        "link": "https://localhost/mgmt/tm/net/timer-policy/~Common~foo?ver=13.1.0.4"
+    }
+}

test/units/modules/network/f5/test_bigip_service_policy.py

@@ -0,0 +1,127 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright: (c) 2017, F5 Networks Inc.
+# GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+import pytest
+import sys
+
+from nose.plugins.skip import SkipTest
+if sys.version_info < (2, 7):
+    raise SkipTest("F5 Ansible modules require Python >= 2.7")
+
+from ansible.compat.tests import unittest
+from ansible.compat.tests.mock import Mock
+from ansible.compat.tests.mock import patch
+from ansible.module_utils.basic import AnsibleModule
+
+try:
+    from test.unit import utils
+except ImportError:
+    pass
+
+try:
+    from library.modules.bigip_service_policy import ApiParameters
+    from library.modules.bigip_service_policy import ModuleParameters
+    from library.modules.bigip_service_policy import ModuleManager
+    from library.modules.bigip_service_policy import ArgumentSpec
+    from library.module_utils.network.f5.common import F5ModuleError
+    from library.module_utils.network.f5.common import iControlUnexpectedHTTPError
+    from test.unit.modules.utils import set_module_args
+except ImportError:
+    try:
+        from ansible.modules.network.f5.bigip_service_policy import ApiParameters
+        from ansible.modules.network.f5.bigip_service_policy import ModuleParameters
+        from ansible.modules.network.f5.bigip_service_policy import ModuleManager
+        from ansible.modules.network.f5.bigip_service_policy import ArgumentSpec
+        from ansible.module_utils.network.f5.common import F5ModuleError
+        from ansible.module_utils.network.f5.common import iControlUnexpectedHTTPError
+        from units.modules.utils import set_module_args
+    except ImportError:
+        raise SkipTest("F5 Ansible modules require the f5-sdk Python library")
+
+fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures')
+fixture_data = {}
+
+
+def load_fixture(name):
+    path = os.path.join(fixture_path, name)
+
+    if path in fixture_data:
+        return fixture_data[path]
+
+    with open(path) as f:
+        data = f.read()
+
+    try:
+        data = json.loads(data)
+    except Exception:
+        pass
+
+    fixture_data[path] = data
+    return data
+
+
+class TestParameters(unittest.TestCase):
+    def test_module_parameters(self):
+        args = dict(
+            name='foo',
+            description='my description',
+            timer_policy='timer1',
+            port_misuse_policy='misuse1',
+        )
+
+        p = ModuleParameters(params=args)
+        assert p.name == 'foo'
+        assert p.description == 'my description'
+        assert p.timer_policy == '/Common/timer1'
+        assert p.port_misuse_policy == '/Common/misuse1'
+
+    def test_api_parameters(self):
+        args = load_fixture('load_net_service_policy_1.json')
+        p = ApiParameters(params=args)
+        assert p.name == 'baz'
+        assert p.description == 'my description'
+        assert p.timer_policy == '/Common/foo'
+        assert p.port_misuse_policy == '/Common/bar'
+
+
+@patch('ansible.module_utils.f5_utils.AnsibleF5Client._get_mgmt_root',
+       return_value=True)
+class TestManager(unittest.TestCase):
+
+    def setUp(self):
+        self.spec = ArgumentSpec()
+
+    def test_create_selfip(self, *args):
+        set_module_args(dict(
+            name='foo',
+            description='my description',
+            timer_policy='timer1',
+            port_misuse_policy='misuse1',
+            partition='Common',
+            state='present',
+            password='passsword',
+            server='localhost',
+            user='admin'
+        ))
+
+        module = AnsibleModule(
+            argument_spec=self.spec.argument_spec,
+            supports_check_mode=self.spec.supports_check_mode
+        )
+        mm = ModuleManager(module=module)
+
+        # Override methods to force specific logic in the module to happen
+        mm.exists = Mock(side_effect=[False, True])
+        mm.create_on_device = Mock(return_value=True)
+        mm.module_provisioned = Mock(return_value=True)
+
+        results = mm.exec_module()
+
+        assert results['changed'] is True