Various fixes and features for bigip modules (#39972)

* Removed forwarders parameter that did not work * Updated coding conventions * Added ssl_cipher_suite and ssl_protocols to bigip_device_httpd * Added more unit tests
2026-05-06 13:22:48 +00:00 · 2018-05-10 10:59:49 -07:00
parent 67f387bc3b
commit 4d691e9d7b
17 changed files with 445 additions and 138 deletions
--- a/test/units/modules/network/f5/fixtures/load_sys_httpd_non_default.json
+++ b/test/units/modules/network/f5/fixtures/load_sys_httpd_non_default.json
@@ -0,0 +1,36 @@
+{
+    "kind": "tm:sys:httpd:httpdstate",
+    "selfLink": "https://localhost/mgmt/tm/sys/httpd?ver=12.1.2",
+    "allow": [
+        "All"
+    ],
+    "authName": "BIG-IP",
+    "authPamDashboardTimeout": "off",
+    "authPamIdleTimeout": 1200,
+    "authPamValidateIp": "on",
+    "fastcgiTimeout": 300,
+    "fipsCipherVersion": 0,
+    "hostnameLookup": "off",
+    "logLevel": "warn",
+    "maxClients": 10,
+    "redirectHttpToHttps": "disabled",
+    "requestBodyMaxTimeout": 0,
+    "requestBodyMinRate": 500,
+    "requestBodyTimeout": 60,
+    "requestHeaderMaxTimeout": 40,
+    "requestHeaderMinRate": 500,
+    "requestHeaderTimeout": 20,
+    "sslCertfile": "/etc/httpd/conf/ssl.crt/server.crt",
+    "sslCertkeyfile": "/etc/httpd/conf/ssl.key/server.key",
+    "sslCiphersuite": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384",
+    "sslOcspDefaultResponder": "http://127.0.0.1",
+    "sslOcspEnable": "off",
+    "sslOcspOverrideResponder": "off",
+    "sslOcspResponderTimeout": 300,
+    "sslOcspResponseMaxAge": -1,
+    "sslOcspResponseTimeSkew": 300,
+    "sslPort": 443,
+    "sslProtocol": "all -SSLv2",
+    "sslVerifyClient": "no",
+    "sslVerifyDepth": 10
+}
--- a/test/units/modules/network/f5/test_bigip_device_dns.py
+++ b/test/units/modules/network/f5/test_bigip_device_dns.py
@@ -21,9 +21,9 @@ from ansible.compat.tests.mock import patch
 from ansible.module_utils.basic import AnsibleModule

 try:
-    from library.bigip_device_dns import Parameters
-    from library.bigip_device_dns import ModuleManager
-    from library.bigip_device_dns import ArgumentSpec
+    from library.modules.bigip_device_dns import Parameters
+    from library.modules.bigip_device_dns import ModuleManager
+    from library.modules.bigip_device_dns import ArgumentSpec
    from library.module_utils.network.f5.common import F5ModuleError
    from library.module_utils.network.f5.common import iControlUnexpectedHTTPError
    from test.unit.modules.utils import set_module_args
@@ -64,7 +64,6 @@ class TestParameters(unittest.TestCase):
    def test_module_parameters(self):
        args = dict(
            cache='disable',
-            forwarders=['12.12.12.12', '13.13.13.13'],
            ip_version=4,
            name_servers=['10.10.10.10', '11.11.11.11'],
            search=['14.14.14.14', '15.15.15.15'],
@@ -87,15 +86,6 @@ class TestParameters(unittest.TestCase):
        p = Parameters(params=args)
        assert p.ip_version == 'options inet6'

-    def test_ensure_forwards_raises_exception(self):
-        args = dict(
-            forwarders=['12.12.12.12', '13.13.13.13'],
-        )
-        p = Parameters(params=args)
-        with pytest.raises(F5ModuleError) as ex:
-            p.forwarders
-        assert 'The modifying of forwarders is not supported' in str(ex)
-

 class TestManager(unittest.TestCase):

@@ -105,7 +95,6 @@ class TestManager(unittest.TestCase):
    def test_update_settings(self, *args):
        set_module_args(dict(
            cache='disable',
-            forwarders=['12.12.12.12', '13.13.13.13'],
            ip_version=4,
            name_servers=['10.10.10.10', '11.11.11.11'],
            search=['14.14.14.14', '15.15.15.15'],
--- a/test/units/modules/network/f5/test_bigip_device_group.py
+++ b/test/units/modules/network/f5/test_bigip_device_group.py
@@ -20,9 +20,9 @@ from ansible.compat.tests.mock import patch
 from ansible.module_utils.basic import AnsibleModule

 try:
-    from library.bigip_device_group import Parameters
-    from library.bigip_device_group import ModuleManager
-    from library.bigip_device_group import ArgumentSpec
+    from library.modules.bigip_device_group import Parameters
+    from library.modules.bigip_device_group import ModuleManager
+    from library.modules.bigip_device_group import ArgumentSpec
    from library.module_utils.network.f5.common import F5ModuleError
    from library.module_utils.network.f5.common import iControlUnexpectedHTTPError
    from test.unit.modules.utils import set_module_args
--- a/test/units/modules/network/f5/test_bigip_device_group_member.py
+++ b/test/units/modules/network/f5/test_bigip_device_group_member.py
@@ -21,9 +21,9 @@ from ansible.compat.tests.mock import patch
 from ansible.module_utils.basic import AnsibleModule

 try:
-    from library.bigip_device_group_member import Parameters
-    from library.bigip_device_group_member import ModuleManager
-    from library.bigip_device_group_member import ArgumentSpec
+    from library.modules.bigip_device_group_member import Parameters
+    from library.modules.bigip_device_group_member import ModuleManager
+    from library.modules.bigip_device_group_member import ArgumentSpec
    from library.module_utils.network.f5.common import F5ModuleError
    from library.module_utils.network.f5.common import iControlUnexpectedHTTPError
    from test.unit.modules.utils import set_module_args
--- a/test/units/modules/network/f5/test_bigip_device_httpd.py
+++ b/test/units/modules/network/f5/test_bigip_device_httpd.py
@@ -20,9 +20,9 @@ from ansible.compat.tests.mock import patch
 from ansible.module_utils.basic import AnsibleModule

 try:
-    from library.bigip_device_httpd import Parameters
-    from library.bigip_device_httpd import ModuleManager
-    from library.bigip_device_httpd import ArgumentSpec
+    from library.modules.bigip_device_httpd import Parameters
+    from library.modules.bigip_device_httpd import ModuleManager
+    from library.modules.bigip_device_httpd import ArgumentSpec
    from library.module_utils.network.f5.common import F5ModuleError
    from library.module_utils.network.f5.common import iControlUnexpectedHTTPError
    from test.unit.modules.utils import set_module_args
@@ -122,3 +122,165 @@ class TestModuleManager(unittest.TestCase):

        results = mm.exec_module()
        assert results['changed'] is True
+
+    def test_update_issue_00522(self, *args):
+        set_module_args(
+            dict(
+                ssl_cipher_suite='ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384',
+                server='localhost',
+                user='admin',
+                password='password'
+            )
+        )
+
+        current = Parameters(params=load_fixture('load_sys_httpd.json'))
+
+        module = AnsibleModule(
+            argument_spec=self.spec.argument_spec,
+            supports_check_mode=self.spec.supports_check_mode
+        )
+        mm = ModuleManager(module=module)
+
+        # Override methods to force specific logic in the module to happen
+        mm.update_on_device = Mock(return_value=True)
+        mm.read_current_from_device = Mock(return_value=current)
+
+        results = mm.exec_module()
+        assert results['changed'] is True
+        assert results['ssl_cipher_suite'] == 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384'
+
+    def test_update_issue_00522_as_list(self, *args):
+        set_module_args(
+            dict(
+                ssl_cipher_suite=[
+                    'ECDHE-RSA-AES128-GCM-SHA256',
+                    'ECDHE-RSA-AES256-GCM-SHA384'
+                ],
+                server='localhost',
+                user='admin',
+                password='password'
+            )
+        )
+
+        current = Parameters(params=load_fixture('load_sys_httpd.json'))
+
+        module = AnsibleModule(
+            argument_spec=self.spec.argument_spec,
+            supports_check_mode=self.spec.supports_check_mode
+        )
+        mm = ModuleManager(module=module)
+
+        # Override methods to force specific logic in the module to happen
+        mm.update_on_device = Mock(return_value=True)
+        mm.read_current_from_device = Mock(return_value=current)
+
+        results = mm.exec_module()
+        assert results['changed'] is True
+        assert results['ssl_cipher_suite'] == 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384'
+
+    def test_update_issue_00522_default(self, *args):
+        set_module_args(
+            dict(
+                ssl_cipher_suite='default',
+                server='localhost',
+                user='admin',
+                password='password'
+            )
+        )
+
+        current = Parameters(params=load_fixture('load_sys_httpd_non_default.json'))
+
+        module = AnsibleModule(
+            argument_spec=self.spec.argument_spec,
+            supports_check_mode=self.spec.supports_check_mode
+        )
+        mm = ModuleManager(module=module)
+
+        # Override methods to force specific logic in the module to happen
+        mm.update_on_device = Mock(return_value=True)
+        mm.read_current_from_device = Mock(return_value=current)
+
+        results = mm.exec_module()
+        assert results['changed'] is True
+        assert results['ssl_cipher_suite'] == 'default'
+
+    def test_update_issue_00587(self, *args):
+        set_module_args(
+            dict(
+                ssl_protocols='all -SSLv2',
+                server='localhost',
+                user='admin',
+                password='password'
+            )
+        )
+
+        current = Parameters(params=load_fixture('load_sys_httpd.json'))
+
+        module = AnsibleModule(
+            argument_spec=self.spec.argument_spec,
+            supports_check_mode=self.spec.supports_check_mode
+        )
+        mm = ModuleManager(module=module)
+
+        # Override methods to force specific logic in the module to happen
+        mm.update_on_device = Mock(return_value=True)
+        mm.read_current_from_device = Mock(return_value=current)
+
+        results = mm.exec_module()
+        assert results['changed'] is True
+        assert results['ssl_protocols'] == '-SSLv2 all'
+
+    def test_update_issue_00587_as_list(self, *args):
+        set_module_args(
+            dict(
+                ssl_protocols=[
+                    'all',
+                    '-SSLv2'
+                ],
+                server='localhost',
+                user='admin',
+                password='password'
+            )
+        )
+
+        current = Parameters(params=load_fixture('load_sys_httpd.json'))
+
+        module = AnsibleModule(
+            argument_spec=self.spec.argument_spec,
+            supports_check_mode=self.spec.supports_check_mode
+        )
+        mm = ModuleManager(module=module)
+
+        # Override methods to force specific logic in the module to happen
+        mm.update_on_device = Mock(return_value=True)
+        mm.read_current_from_device = Mock(return_value=current)
+
+        results = mm.exec_module()
+        assert results['changed'] is True
+        assert results['ssl_protocols'] == '-SSLv2 all'
+
+    def test_update_issue_00587_default(self, *args):
+        set_module_args(
+            dict(
+                ssl_protocols='default',
+                server='localhost',
+                user='admin',
+                password='password'
+            )
+        )
+
+        current = Parameters(params=load_fixture('load_sys_httpd_non_default.json'))
+
+        module = AnsibleModule(
+            argument_spec=self.spec.argument_spec,
+            supports_check_mode=self.spec.supports_check_mode
+        )
+        mm = ModuleManager(module=module)
+
+        # Override methods to force specific logic in the module to happen
+        mm.update_on_device = Mock(return_value=True)
+        mm.read_current_from_device = Mock(return_value=current)
+
+        results = mm.exec_module()
+        assert results['changed'] is True
+        assert results['ssl_protocols'] == 'default'
--- a/test/units/modules/network/f5/test_bigip_device_ntp.py
+++ b/test/units/modules/network/f5/test_bigip_device_ntp.py
@@ -20,9 +20,9 @@ from ansible.compat.tests.mock import patch
 from ansible.module_utils.basic import AnsibleModule

 try:
-    from library.bigip_device_ntp import Parameters
-    from library.bigip_device_ntp import ModuleManager
-    from library.bigip_device_ntp import ArgumentSpec
+    from library.modules.bigip_device_ntp import Parameters
+    from library.modules.bigip_device_ntp import ModuleManager
+    from library.modules.bigip_device_ntp import ArgumentSpec
    from library.module_utils.network.f5.common import F5ModuleError
    from library.module_utils.network.f5.common import iControlUnexpectedHTTPError
    from test.unit.modules.utils import set_module_args
--- a/test/units/modules/network/f5/test_bigip_device_sshd.py
+++ b/test/units/modules/network/f5/test_bigip_device_sshd.py
@@ -20,15 +20,17 @@ from ansible.compat.tests.mock import patch
 from ansible.module_utils.basic import AnsibleModule

 try:
-    from library.bigip_device_sshd import Parameters
-    from library.bigip_device_sshd import ModuleManager
-    from library.bigip_device_sshd import ArgumentSpec
+    from library.modules.bigip_device_sshd import ApiParameters
+    from library.modules.bigip_device_sshd import ModuleParameters
+    from library.modules.bigip_device_sshd import ModuleManager
+    from library.modules.bigip_device_sshd import ArgumentSpec
    from library.module_utils.network.f5.common import F5ModuleError
    from library.module_utils.network.f5.common import iControlUnexpectedHTTPError
    from test.unit.modules.utils import set_module_args
 except ImportError:
    try:
-        from ansible.modules.network.f5.bigip_device_sshd import Parameters
+        from ansible.modules.network.f5.bigip_device_sshd import ApiParameters
+        from ansible.modules.network.f5.bigip_device_sshd import ModuleParameters
        from ansible.modules.network.f5.bigip_device_sshd import ModuleManager
        from ansible.modules.network.f5.bigip_device_sshd import ArgumentSpec
        from ansible.module_utils.network.f5.common import F5ModuleError
@@ -73,7 +75,7 @@ class TestParameters(unittest.TestCase):
            user='admin',
            password='password'
        )
-        p = Parameters(params=args)
+        p = ModuleParameters(params=args)
        assert p.allow == ['all']
        assert p.banner == 'enabled'
        assert p.banner_text == 'asdf'
@@ -104,8 +106,8 @@ class TestManager(unittest.TestCase):

        # Configure the parameters that would be returned by querying the
        # remote device
-        current = Parameters(
-            dict(
+        current = ApiParameters(
+            params=dict(
                allow=['172.27.1.1']
            )
        )
--- a/test/units/modules/network/f5/test_bigip_device_trust.py
+++ b/test/units/modules/network/f5/test_bigip_device_trust.py
@@ -20,11 +20,11 @@ from ansible.compat.tests.mock import patch
 from ansible.module_utils.basic import AnsibleModule

 try:
-    from library.bigip_device_trust import Parameters
-    from library.bigip_device_trust import ModuleManager
-    from library.bigip_device_trust import ArgumentSpec
-    from library.bigip_device_trust import HAS_F5SDK
-    from library.bigip_device_trust import HAS_NETADDR
+    from library.modules.bigip_device_trust import Parameters
+    from library.modules.bigip_device_trust import ModuleManager
+    from library.modules.bigip_device_trust import ArgumentSpec
+    from library.modules.bigip_device_trust import HAS_F5SDK
+    from library.modules.bigip_device_trust import HAS_NETADDR
    from library.module_utils.network.f5.common import F5ModuleError
    from library.module_utils.network.f5.common import iControlUnexpectedHTTPError
    from test.unit.modules.utils import set_module_args
@@ -114,6 +114,22 @@ class TestParameters(unittest.TestCase):
        assert p.peer_password == 'secret'
        assert p.type is False

+    def test_hyphenated_peer_hostname(self):
+        args = dict(
+            peer_hostname='hn---hyphen____underscore.hmatsuda.local',
+        )
+
+        p = Parameters(params=args)
+        assert p.peer_hostname == 'hn---hyphen____underscore.hmatsuda.local'
+
+    def test_numbered_peer_hostname(self):
+        args = dict(
+            peer_hostname='BIG-IP_12x_ans2.example.local',
+        )
+
+        p = Parameters(params=args)
+        assert p.peer_hostname == 'BIG-IP_12x_ans2.example.local'
+

 class TestManager(unittest.TestCase):

--- a/test/units/modules/network/f5/test_bigip_gtm_datacenter.py
+++ b/test/units/modules/network/f5/test_bigip_gtm_datacenter.py
@@ -20,10 +20,10 @@ from ansible.compat.tests.mock import patch
 from ansible.module_utils.basic import AnsibleModule

 try:
-    from library.bigip_gtm_datacenter import ApiParameters
-    from library.bigip_gtm_datacenter import ModuleParameters
-    from library.bigip_gtm_datacenter import ModuleManager
-    from library.bigip_gtm_datacenter import ArgumentSpec
+    from library.modules.bigip_gtm_datacenter import ApiParameters
+    from library.modules.bigip_gtm_datacenter import ModuleParameters
+    from library.modules.bigip_gtm_datacenter import ModuleManager
+    from library.modules.bigip_gtm_datacenter import ArgumentSpec
    from library.module_utils.network.f5.common import F5ModuleError
    from library.module_utils.network.f5.common import iControlUnexpectedHTTPError
    from test.unit.modules.utils import set_module_args