Adds module for bigip service policies (#39240)

This patch includes a module for managing bigip service policies.
This commit is contained in:
Tim Rupp 2018-04-24 11:06:34 -07:00 committed by GitHub
parent 7c4b91844d
commit e82a8d177f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 549 additions and 0 deletions

View file

@ -0,0 +1,405 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright: (c) 2017, F5 Networks Inc.
# GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = r'''
---
module: bigip_service_policy
short_description: Manages service policies on a BIG-IP.
description:
- Service policies allow you to configure timers and port misuse rules,
if enabled, on a per rule or per context basis.
version_added: 2.6
options:
name:
description:
- Name of the service policy.
required: True
description:
description:
- Description of the service policy.
timer_policy:
description:
- The timer policy to attach to the service policy.
port_misuse_policy:
description:
- The port misuse policy to attach to the service policy.
- Requires that C(afm) be provisioned to use. If C(afm) is not provisioned, this parameter
will be ignored.
state:
description:
- Whether the resource should exist or not.
default: present
choices:
- present
- absent
partition:
description:
- Device partition to manage resources on.
default: Common
extends_documentation_fragment: f5
author:
- Tim Rupp (@caphrim007)
'''
EXAMPLES = r'''
- name: Create a service policy
bigip_service_policy:
name: foo
timer_policy: timer1
port_misuse_policy: misuse1
timer_policy_enabled: yes
port_misuse_policy_enabled: yes
password: secret
server: lb.mydomain.com
state: present
user: admin
delegate_to: localhost
'''
RETURN = r'''
timer_policy:
description: The new timer policy attached to the resource.
returned: changed
type: string
sample: /Common/timer1
port_misuse_policy:
description: The new port misuse policy attached to the resource.
returned: changed
type: string
sample: /Common/misuse1
description:
description: New description of the resource.
returned: changed
type: string
sample: My service policy description
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.basic import env_fallback
try:
from library.module_utils.network.f5.bigip import HAS_F5SDK
from library.module_utils.network.f5.bigip import F5Client
from library.module_utils.network.f5.common import F5ModuleError
from library.module_utils.network.f5.common import AnsibleF5Parameters
from library.module_utils.network.f5.common import cleanup_tokens
from library.module_utils.network.f5.common import fq_name
from library.module_utils.network.f5.common import f5_argument_spec
try:
from library.module_utils.network.f5.common import iControlUnexpectedHTTPError
except ImportError:
HAS_F5SDK = False
except ImportError:
from ansible.module_utils.network.f5.bigip import HAS_F5SDK
from ansible.module_utils.network.f5.bigip import F5Client
from ansible.module_utils.network.f5.common import F5ModuleError
from ansible.module_utils.network.f5.common import AnsibleF5Parameters
from ansible.module_utils.network.f5.common import cleanup_tokens
from ansible.module_utils.network.f5.common import fq_name
from ansible.module_utils.network.f5.common import f5_argument_spec
try:
from ansible.module_utils.network.f5.common import iControlUnexpectedHTTPError
except ImportError:
HAS_F5SDK = False
class Parameters(AnsibleF5Parameters):
api_map = {
'portMisusePolicy': 'port_misuse_policy',
'timerPolicy': 'timer_policy'
}
api_attributes = [
'description', 'timerPolicy', 'portMisusePolicy'
]
returnables = [
'description', 'timer_policy', 'port_misuse_policy'
]
updatables = [
'description', 'timer_policy', 'port_misuse_policy'
]
class ApiParameters(Parameters):
pass
class ModuleParameters(Parameters):
@property
def timer_policy(self):
if self._values['timer_policy'] is None:
return None
if self._values['timer_policy'] == '':
return ''
return fq_name(self.partition, self._values['timer_policy'])
@property
def port_misuse_policy(self):
if self._values['port_misuse_policy'] is None:
return None
if self._values['port_misuse_policy'] == '':
return ''
return fq_name(self.partition, self._values['port_misuse_policy'])
class Changes(Parameters):
def to_return(self):
result = {}
try:
for returnable in self.returnables:
result[returnable] = getattr(self, returnable)
result = self._filter_params(result)
except Exception:
pass
return result
class UsableChanges(Changes):
pass
class ReportableChanges(Changes):
pass
class Difference(object):
def __init__(self, want, have=None):
self.want = want
self.have = have
def compare(self, param):
try:
result = getattr(self, param)
return result
except AttributeError:
return self.__default(param)
def __default(self, param):
attr1 = getattr(self.want, param)
try:
attr2 = getattr(self.have, param)
if attr1 != attr2:
return attr1
except AttributeError:
return attr1
class ModuleManager(object):
def __init__(self, *args, **kwargs):
self.module = kwargs.get('module', None)
self.client = kwargs.get('client', None)
self.want = ModuleParameters(params=self.module.params)
self.have = ApiParameters()
self.changes = UsableChanges()
def _set_changed_options(self):
changed = {}
for key in Parameters.returnables:
if getattr(self.want, key) is not None:
changed[key] = getattr(self.want, key)
if changed:
self.changes = UsableChanges(params=changed)
def _update_changed_options(self):
diff = Difference(self.want, self.have)
updatables = Parameters.updatables
changed = dict()
for k in updatables:
change = diff.compare(k)
if change is None:
continue
else:
if isinstance(change, dict):
changed.update(change)
else:
changed[k] = change
if changed:
self.changes = UsableChanges(params=changed)
return True
return False
def module_provisioned(self, module):
resource = self.client.api.tm.sys.dbs.db.load(
name='provisioned.cpu.{0}'.format(module)
)
if int(resource.value) == 0:
return False
return True
def should_update(self):
result = self._update_changed_options()
if result:
return True
return False
def exec_module(self):
changed = False
result = dict()
state = self.want.state
try:
if state == "present":
changed = self.present()
elif state == "absent":
changed = self.absent()
except iControlUnexpectedHTTPError as e:
raise F5ModuleError(str(e))
reportable = ReportableChanges(params=self.changes.to_return())
changes = reportable.to_return()
result.update(**changes)
result.update(dict(changed=changed))
self._announce_deprecations(result)
return result
def _announce_deprecations(self, result):
warnings = result.pop('__warnings', [])
for warning in warnings:
self.client.module.deprecate(
msg=warning['msg'],
version=warning['version']
)
def present(self):
if self.exists():
return self.update()
else:
return self.create()
def exists(self):
result = self.client.api.tm.net.service_policys.service_policy.exists(
name=self.want.name,
partition=self.want.partition
)
return result
def update(self):
self.have = self.read_current_from_device()
if not self.should_update():
return False
if self.want.port_misuse_policy:
if not self.module_provisioned('afm'):
raise F5ModuleError(
"To configure a 'port_misuse_policy', you must have AFM provisioned."
)
if self.module.check_mode:
return True
self.update_on_device()
return True
def remove(self):
if self.module.check_mode:
return True
self.remove_from_device()
if self.exists():
raise F5ModuleError("Failed to delete the resource.")
return True
def create(self):
self._set_changed_options()
if self.want.port_misuse_policy:
if not self.module_provisioned('afm'):
raise F5ModuleError(
"To configure a 'port_misuse_policy', you must have AFM provisioned."
)
if self.module.check_mode:
return True
self.create_on_device()
return True
def create_on_device(self):
params = self.changes.api_params()
self.client.api.tm.net.service_policys.service_policy.create(
name=self.want.name,
partition=self.want.partition,
**params
)
def update_on_device(self):
params = self.changes.api_params()
resource = self.client.api.tm.net.service_policys.service_policy.load(
name=self.want.name,
partition=self.want.partition
)
resource.modify(**params)
def absent(self):
if self.exists():
return self.remove()
return False
def remove_from_device(self):
resource = self.client.api.tm.net.service_policys.service_policy.load(
name=self.want.name,
partition=self.want.partition
)
if resource:
resource.delete()
def read_current_from_device(self):
resource = self.client.api.tm.net.service_policys.service_policy.load(
name=self.want.name,
partition=self.want.partition
)
result = resource.attrs
return ApiParameters(params=result)
class ArgumentSpec(object):
def __init__(self):
self.supports_check_mode = True
argument_spec = dict(
name=dict(),
description=dict(),
timer_policy=dict(),
port_misuse_policy=dict(),
state=dict(
default='present',
choices=['absent', 'present']
),
partition=dict(
default='Common',
fallback=(env_fallback, ['F5_PARTITION'])
)
)
self.argument_spec = {}
self.argument_spec.update(f5_argument_spec)
self.argument_spec.update(argument_spec)
def main():
spec = ArgumentSpec()
module = AnsibleModule(
argument_spec=spec.argument_spec,
supports_check_mode=spec.supports_check_mode
)
if not HAS_F5SDK:
module.fail_json(msg="The python f5-sdk module is required")
try:
client = F5Client(**module.params)
mm = ModuleManager(module=module, client=client)
results = mm.exec_module()
cleanup_tokens(client)
module.exit_json(**results)
except F5ModuleError as ex:
cleanup_tokens(client)
module.fail_json(msg=str(ex))
if __name__ == '__main__':
main()

View file

@ -0,0 +1,17 @@
{
"kind": "tm:net:service-policy:service-policystate",
"name": "baz",
"partition": "Common",
"fullPath": "/Common/baz",
"generation": 581,
"selfLink": "https://localhost/mgmt/tm/net/service-policy/~Common~baz?ver=13.1.0.4",
"description": "my description",
"portMisusePolicy": "/Common/bar",
"portMisusePolicyReference": {
"link": "https://localhost/mgmt/tm/security/firewall/port-misuse-policy/~Common~bar?ver=13.1.0.4"
},
"timerPolicy": "/Common/foo",
"timerPolicyReference": {
"link": "https://localhost/mgmt/tm/net/timer-policy/~Common~foo?ver=13.1.0.4"
}
}

View file

@ -0,0 +1,127 @@
# -*- coding: utf-8 -*-
#
# Copyright: (c) 2017, F5 Networks Inc.
# GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
import sys
from nose.plugins.skip import SkipTest
if sys.version_info < (2, 7):
raise SkipTest("F5 Ansible modules require Python >= 2.7")
from ansible.compat.tests import unittest
from ansible.compat.tests.mock import Mock
from ansible.compat.tests.mock import patch
from ansible.module_utils.basic import AnsibleModule
try:
from test.unit import utils
except ImportError:
pass
try:
from library.modules.bigip_service_policy import ApiParameters
from library.modules.bigip_service_policy import ModuleParameters
from library.modules.bigip_service_policy import ModuleManager
from library.modules.bigip_service_policy import ArgumentSpec
from library.module_utils.network.f5.common import F5ModuleError
from library.module_utils.network.f5.common import iControlUnexpectedHTTPError
from test.unit.modules.utils import set_module_args
except ImportError:
try:
from ansible.modules.network.f5.bigip_service_policy import ApiParameters
from ansible.modules.network.f5.bigip_service_policy import ModuleParameters
from ansible.modules.network.f5.bigip_service_policy import ModuleManager
from ansible.modules.network.f5.bigip_service_policy import ArgumentSpec
from ansible.module_utils.network.f5.common import F5ModuleError
from ansible.module_utils.network.f5.common import iControlUnexpectedHTTPError
from units.modules.utils import set_module_args
except ImportError:
raise SkipTest("F5 Ansible modules require the f5-sdk Python library")
fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures')
fixture_data = {}
def load_fixture(name):
path = os.path.join(fixture_path, name)
if path in fixture_data:
return fixture_data[path]
with open(path) as f:
data = f.read()
try:
data = json.loads(data)
except Exception:
pass
fixture_data[path] = data
return data
class TestParameters(unittest.TestCase):
def test_module_parameters(self):
args = dict(
name='foo',
description='my description',
timer_policy='timer1',
port_misuse_policy='misuse1',
)
p = ModuleParameters(params=args)
assert p.name == 'foo'
assert p.description == 'my description'
assert p.timer_policy == '/Common/timer1'
assert p.port_misuse_policy == '/Common/misuse1'
def test_api_parameters(self):
args = load_fixture('load_net_service_policy_1.json')
p = ApiParameters(params=args)
assert p.name == 'baz'
assert p.description == 'my description'
assert p.timer_policy == '/Common/foo'
assert p.port_misuse_policy == '/Common/bar'
@patch('ansible.module_utils.f5_utils.AnsibleF5Client._get_mgmt_root',
return_value=True)
class TestManager(unittest.TestCase):
def setUp(self):
self.spec = ArgumentSpec()
def test_create_selfip(self, *args):
set_module_args(dict(
name='foo',
description='my description',
timer_policy='timer1',
port_misuse_policy='misuse1',
partition='Common',
state='present',
password='passsword',
server='localhost',
user='admin'
))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode
)
mm = ModuleManager(module=module)
# Override methods to force specific logic in the module to happen
mm.exists = Mock(side_effect=[False, True])
mm.create_on_device = Mock(return_value=True)
mm.module_provisioned = Mock(return_value=True)
results = mm.exec_module()
assert results['changed'] is True