diff --git a/lib/ansible/modules/network/f5/bigip_policy_rule.py b/lib/ansible/modules/network/f5/bigip_policy_rule.py index ca12705357..424ba5c129 100644 --- a/lib/ansible/modules/network/f5/bigip_policy_rule.py +++ b/lib/ansible/modules/network/f5/bigip_policy_rule.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- # -# Copyright (c) 2017 F5 Networks Inc. +# Copyright: (c) 2017, F5 Networks Inc. # GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function @@ -40,8 +40,9 @@ options: this rule. - When C(type) is C(ignore), will remove all existing actions from this rule. + - When C(type) is C(redirect), will redirect an HTTP request to a different URL. required: true - choices: ['forward', 'enable', 'ignore'] + choices: ['forward', 'enable', 'ignore', 'redirect'] pool: description: - Pool that you want to forward traffic to. @@ -54,6 +55,10 @@ options: description: - ASM policy to enable. - This parameter is only valid with the C(enable) type. + location: + description: + - The new URL for which a redirect response will be sent. + - A Tcl command substitution can be used for this field. policy: description: - The name of the policy that you want to associate this rule with. @@ -82,11 +87,19 @@ options: - When C(type) is C(all_traffic), will remove all existing conditions from this rule. required: True - choices: [ 'http_uri', 'all_traffic' ] + choices: [ 'http_uri', 'all_traffic', 'http_host' ] path_begins_with_any: description: - A list of strings of characters that the HTTP URI should start with. - This parameter is only valid with the C(http_uri) type. + host_is_any: + description: + - A list of strings of characters that the HTTP Host should match. + - This parameter is only valid with the C(http_host) type. + host_begins_with_any: + description: + - A list of strings of characters that the HTTP Host should start with. + - This parameter is only valid with the C(http_host) type. state: description: - When C(present), ensures that the key is uploaded to the device. When @@ -105,6 +118,7 @@ requirements: - BIG-IP >= v12.1.0 author: - Tim Rupp (@caphrim007) + - Wojciech Wypior (@wojtek0806) ''' EXAMPLES = r''' @@ -205,46 +219,46 @@ from ansible.module_utils.basic import env_fallback from ansible.module_utils.six import iteritems try: - from library.module_utils.network.f5.bigip import HAS_F5SDK - from library.module_utils.network.f5.bigip import F5Client + from library.module_utils.network.f5.bigip import F5RestClient from library.module_utils.network.f5.common import F5ModuleError from library.module_utils.network.f5.common import AnsibleF5Parameters from library.module_utils.network.f5.common import cleanup_tokens from library.module_utils.network.f5.common import fq_name from library.module_utils.network.f5.common import f5_argument_spec - try: - from library.module_utils.network.f5.common import iControlUnexpectedHTTPError - except ImportError: - HAS_F5SDK = False + from library.module_utils.network.f5.common import transform_name + from library.module_utils.network.f5.common import exit_json + from library.module_utils.network.f5.common import fail_json except ImportError: - from ansible.module_utils.network.f5.bigip import HAS_F5SDK - from ansible.module_utils.network.f5.bigip import F5Client + from ansible.module_utils.network.f5.bigip import F5RestClient from ansible.module_utils.network.f5.common import F5ModuleError from ansible.module_utils.network.f5.common import AnsibleF5Parameters from ansible.module_utils.network.f5.common import cleanup_tokens from ansible.module_utils.network.f5.common import fq_name from ansible.module_utils.network.f5.common import f5_argument_spec - try: - from ansible.module_utils.network.f5.common import iControlUnexpectedHTTPError - except ImportError: - HAS_F5SDK = False + from ansible.module_utils.network.f5.common import transform_name + from ansible.module_utils.network.f5.common import exit_json + from ansible.module_utils.network.f5.common import fail_json class Parameters(AnsibleF5Parameters): api_map = { 'actionsReference': 'actions', - 'conditionsReference': 'conditions' + 'conditionsReference': 'conditions', } api_attributes = [ - 'description', 'actions', 'conditions' + 'description', + 'actions', + 'conditions', ] updatables = [ - 'actions', 'conditions', 'description' + 'actions', + 'conditions', + 'description', ] returnable = [ - 'description' + 'description', ] @property @@ -264,7 +278,9 @@ class Parameters(AnsibleF5Parameters): class ApiParameters(Parameters): def _remove_internal_keywords(self, resource): - items = ['kind', 'generation', 'selfLink', 'poolReference'] + items = [ + 'kind', 'generation', 'selfLink', 'poolReference', 'offset', + ] for item in items: try: del resource[item] @@ -287,6 +303,10 @@ class ApiParameters(Parameters): action.update(item) action['type'] = 'enable' del action['enable'] + elif 'redirect' in item: + action.update(item) + action['type'] = 'redirect' + del action['redirect'] result.append(action) result = sorted(result, key=lambda x: x['name']) return result @@ -312,6 +332,11 @@ class ApiParameters(Parameters): # whatever the common stringiness is. if 'values' in action: action['values'] = [str(x) for x in action['values']] + elif 'httpHost' in item: + action.update(item) + action['type'] = 'http_host' + if 'values' in action: + action['values'] = [str(x) for x in action['values']] result.append(action) # Names contains the index in which the rule is at. result = sorted(result, key=lambda x: x['name']) @@ -336,6 +361,8 @@ class ModuleParameters(Parameters): self._handle_enable_action(action, item) elif item['type'] == 'ignore': return [dict(type='ignore')] + elif item['type'] == 'redirect': + self._handle_redirect_action(action, item) result.append(action) result = sorted(result, key=lambda x: x['name']) return result @@ -353,12 +380,37 @@ class ModuleParameters(Parameters): action['name'] = str(idx) if item['type'] == 'http_uri': self._handle_http_uri_condition(action, item) + elif item['type'] == 'http_host': + self._handle_http_host_condition(action, item) elif item['type'] == 'all_traffic': return [dict(type='all_traffic')] result.append(action) result = sorted(result, key=lambda x: x['name']) return result + def _handle_http_host_condition(self, action, item): + action['type'] = 'http_host' + if 'host_begins_with_any' in item: + if isinstance(item['host_begins_with_any'], list): + values = item['host_begins_with_any'] + else: + values = [item['host_begins_with_any']] + action.update(dict( + host=True, + startsWith=True, + values=values + )) + elif 'host_is_any' in item: + if isinstance(item['host_is_any'], list): + values = item['host_is_any'] + else: + values = [item['host_is_any']] + action.update(dict( + equals=True, + host=True, + values=values + )) + def _handle_http_uri_condition(self, action, item): """Handle the nuances of the forwarding type @@ -423,6 +475,23 @@ class ModuleParameters(Parameters): asm=True )) + def _handle_redirect_action(self, action, item): + """Handle the nuances of the redirect type + + :param action: + :param item: + :return: + """ + action['type'] = 'redirect' + if 'location' not in item: + raise F5ModuleError( + "A 'location' must be specified when the 'redirect' type is used." + ) + action.update( + location=item['location'], + httpReply=True, + ) + class Changes(Parameters): def to_return(self): @@ -456,6 +525,11 @@ class ReportableChanges(Changes): action.update(item) action['type'] = 'enable' del action['enable'] + elif 'redirect' in item: + action.update(item) + action['type'] = 'redirect' + del action['redirect'] + del action['httpReply'] result.append(action) result = sorted(result, key=lambda x: x['name']) return result @@ -471,6 +545,10 @@ class ReportableChanges(Changes): action.update(item) action['type'] = 'http_uri' del action['httpUri'] + elif 'httpHost' in item: + action.update(item) + action['type'] = 'http_host' + del action['httpHost'] result.append(action) # Names contains the index in which the rule is at. result = sorted(result, key=lambda x: x['name']) @@ -495,6 +573,10 @@ class UsableChanges(Changes): elif action['type'] == 'ignore': result = [] break + elif action['type'] == 'redirect': + action['httpReply'] = True + action['redirect'] = True + del action['type'] result.append(action) return result @@ -509,6 +591,9 @@ class UsableChanges(Changes): if condition['type'] == 'http_uri': condition['httpUri'] = True del condition['type'] + elif condition['type'] == 'http_host': + condition['httpHost'] = True + del condition['type'] elif condition['type'] == 'all_traffic': result = [] break @@ -627,13 +712,10 @@ class ModuleManager(object): result = dict() state = self.want.state - try: - if state == "present": - changed = self.present() - elif state == "absent": - changed = self.absent() - except iControlUnexpectedHTTPError as e: - raise F5ModuleError(str(e)) + if state == "present": + changed = self.present() + elif state == "absent": + changed = self.absent() reportable = ReportableChanges(params=self.changes.to_return()) changes = reportable.to_return() @@ -656,46 +738,10 @@ class ModuleManager(object): else: return self.create() - def exists(self): - args = dict( - name=self.want.policy, - partition=self.want.partition, - ) - if self.draft_exists(): - args['subPath'] = 'Drafts' - - policy = self.client.api.tm.ltm.policys.policy.load(**args) - result = policy.rules_s.rules.exists( - name=self.want.name - ) - return result - - def draft_exists(self): - params = dict( - name=self.want.policy, - partition=self.want.partition, - subPath='Drafts' - ) - result = self.client.api.tm.ltm.policys.policy.exists(**params) - return result - - def _create_existing_policy_draft_on_device(self): - params = dict( - name=self.want.policy, - partition=self.want.partition, - ) - resource = self.client.api.tm.ltm.policys.policy.load(**params) - resource.draft() - return True - - def publish_on_device(self): - resource = self.client.api.tm.ltm.policys.policy.load( - name=self.want.policy, - partition=self.want.partition, - subPath='Drafts' - ) - resource.publish() - return True + def absent(self): + if self.exists(): + return self.remove() + return False def update(self): self.have = self.read_current_from_device() @@ -742,62 +788,172 @@ class ModuleManager(object): self.publish_on_device() return True + def exists(self): + if self.draft_exists(): + uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}/rules/{3}".format( + self.client.provider['server'], + self.client.provider['server_port'], + transform_name(self.want.partition, self.want.policy, sub_path='Drafts'), + self.want.name + ) + else: + uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}/rules/{3}".format( + self.client.provider['server'], + self.client.provider['server_port'], + transform_name(self.want.partition, self.want.policy), + self.want.name + ) + resp = self.client.api.get(uri) + try: + response = resp.json() + except ValueError: + return False + if resp.status == 404 or 'code' in response and response['code'] == 404: + return False + return True + + def draft_exists(self): + uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}".format( + self.client.provider['server'], + self.client.provider['server_port'], + transform_name(self.want.partition, self.want.policy, sub_path='Drafts') + ) + resp = self.client.api.get(uri) + try: + response = resp.json() + except ValueError: + return False + if resp.status == 404 or 'code' in response and response['code'] == 404: + return False + return True + + def _create_existing_policy_draft_on_device(self): + params = dict(createDraft=True) + uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}".format( + self.client.provider['server'], + self.client.provider['server_port'], + transform_name(self.want.partition, self.want.policy) + ) + resp = self.client.api.patch(uri, json=params) + try: + response = resp.json() + except ValueError as ex: + raise F5ModuleError(str(ex)) + + if 'code' in response and response['code'] == 400: + if 'message' in response: + raise F5ModuleError(response['message']) + else: + raise F5ModuleError(resp.content) + return True + + def publish_on_device(self): + params = dict( + name=fq_name(self.want.partition, + self.want.name, + sub_path='Drafts' + ), + command="publish" + + ) + uri = "https://{0}:{1}/mgmt/tm/ltm/policy/".format( + self.client.provider['server'], + self.client.provider['server_port'], + ) + resp = self.client.api.post(uri, json=params) + try: + response = resp.json() + except ValueError as ex: + raise F5ModuleError(str(ex)) + + if 'code' in response and response['code'] in [400, 403]: + if 'message' in response: + raise F5ModuleError(response['message']) + else: + raise F5ModuleError(resp.content) + return True + def create_on_device(self): params = self.changes.api_params() - policy = self.client.api.tm.ltm.policys.policy.load( - name=self.want.policy, - partition=self.want.partition, - subPath='Drafts' - ) - policy.rules_s.rules.create( - name=self.want.name, - **params + params['name'] = self.want.name + uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}/rules/".format( + self.client.provider['server'], + self.client.provider['server_port'], + transform_name(self.want.partition, self.want.policy, sub_path='Drafts'), ) + resp = self.client.api.post(uri, json=params) + try: + response = resp.json() + except ValueError as ex: + raise F5ModuleError(str(ex)) + + if 'code' in response and response['code'] in [400, 403]: + if 'message' in response: + raise F5ModuleError(response['message']) + else: + raise F5ModuleError(resp.content) + return response['selfLink'] def update_on_device(self): params = self.changes.api_params() - policy = self.client.api.tm.ltm.policys.policy.load( - name=self.want.policy, - partition=self.want.partition, - subPath='Drafts' + uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}/rules/{3}".format( + self.client.provider['server'], + self.client.provider['server_port'], + transform_name(self.want.partition, self.want.policy, sub_path='Drafts'), + self.want.name ) - resource = policy.rules_s.rules.load( - name=self.want.name - ) - resource.modify(**params) + resp = self.client.api.patch(uri, json=params) + try: + response = resp.json() + except ValueError as ex: + raise F5ModuleError(str(ex)) - def absent(self): - if self.exists(): - return self.remove() - return False + if 'code' in response and response['code'] == 400: + if 'message' in response: + raise F5ModuleError(response['message']) + else: + raise F5ModuleError(resp.content) def remove_from_device(self): - policy = self.client.api.tm.ltm.policys.policy.load( - name=self.want.policy, - partition=self.want.partition, - subPath='Drafts' + uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}/rules/{3}".format( + self.client.provider['server'], + self.client.provider['server_port'], + transform_name(self.want.partition, self.want.policy, sub_path='Drafts'), + self.want.name ) - resource = policy.rules_s.rules.load( - name=self.want.name - ) - if resource: - resource.delete() + response = self.client.api.delete(uri) + if response.status == 200: + return True + raise F5ModuleError(response.content) def read_current_from_device(self): - args = dict( - name=self.want.policy, - partition=self.want.partition, - ) if self.draft_exists(): - args['subPath'] = 'Drafts' - policy = self.client.api.tm.ltm.policys.policy.load(**args) - resource = policy.rules_s.rules.load( - name=self.want.name, - requests_params=dict( - params='expandSubcollections=true' + uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}/rules/{3}".format( + self.client.provider['server'], + self.client.provider['server_port'], + transform_name(self.want.partition, self.want.policy, sub_path='Drafts'), + self.want.name ) - ) - return ApiParameters(params=resource.attrs) + else: + uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}/rules/{3}".format( + self.client.provider['server'], + self.client.provider['server_port'], + transform_name(self.want.partition, self.want.policy), + self.want.name + ) + query = "?expandSubcollections=true" + resp = self.client.api.get(uri + query) + try: + response = resp.json() + except ValueError as ex: + raise F5ModuleError(str(ex)) + + if 'code' in response and response['code'] == 400: + if 'message' in response: + raise F5ModuleError(response['message']) + else: + raise F5ModuleError(resp.content) + return ApiParameters(params=response) class ArgumentSpec(object): @@ -813,16 +969,18 @@ class ArgumentSpec(object): choices=[ 'forward', 'enable', - 'ignore' + 'ignore', + 'redirect', ], required=True ), pool=dict(), asm_policy=dict(), - virtual=dict() + virtual=dict(), + location=dict(), ), mutually_exclusive=[ - ['pool', 'asm_policy', 'virtual'] + ['pool', 'asm_policy', 'virtual', 'location'] ] ), conditions=dict( @@ -831,11 +989,14 @@ class ArgumentSpec(object): type=dict( choices=[ 'http_uri', + 'http_host', 'all_traffic' ], required=True ), - path_begins_with_any=dict() + path_begins_with_any=dict(), + host_begins_with_any=dict(), + host_is_any=dict() ), ), name=dict(required=True), @@ -861,18 +1022,17 @@ def main(): argument_spec=spec.argument_spec, supports_check_mode=spec.supports_check_mode ) - if not HAS_F5SDK: - module.fail_json(msg="The python f5-sdk module is required") + + client = F5RestClient(**module.params) try: - client = F5Client(**module.params) mm = ModuleManager(module=module, client=client) results = mm.exec_module() cleanup_tokens(client) - module.exit_json(**results) + exit_json(module, results, client) except F5ModuleError as ex: cleanup_tokens(client) - module.fail_json(msg=str(ex)) + fail_json(module, ex, client) if __name__ == '__main__': diff --git a/test/units/modules/network/f5/test_bigip_policy_rule.py b/test/units/modules/network/f5/test_bigip_policy_rule.py index 55095ad3b3..d86261fb86 100644 --- a/test/units/modules/network/f5/test_bigip_policy_rule.py +++ b/test/units/modules/network/f5/test_bigip_policy_rule.py @@ -14,9 +14,6 @@ from nose.plugins.skip import SkipTest if sys.version_info < (2, 7): raise SkipTest("F5 Ansible modules require Python >= 2.7") -from units.compat import unittest -from units.compat.mock import Mock -from units.compat.mock import patch from ansible.module_utils.basic import AnsibleModule try: @@ -25,9 +22,13 @@ try: from library.modules.bigip_policy_rule import ApiParameters from library.modules.bigip_policy_rule import ModuleManager from library.modules.bigip_policy_rule import ArgumentSpec - from library.module_utils.network.f5.common import F5ModuleError - from library.module_utils.network.f5.common import iControlUnexpectedHTTPError - from test.unit.modules.utils import set_module_args + + # In Ansible 2.8, Ansible changed import paths. + from test.units.compat import unittest + from test.units.compat.mock import Mock + from test.units.compat.mock import patch + + from test.units.modules.utils import set_module_args except ImportError: try: from ansible.modules.network.f5.bigip_policy_rule import Parameters @@ -35,8 +36,12 @@ except ImportError: from ansible.modules.network.f5.bigip_policy_rule import ApiParameters from ansible.modules.network.f5.bigip_policy_rule import ModuleManager from ansible.modules.network.f5.bigip_policy_rule import ArgumentSpec - from ansible.module_utils.network.f5.common import F5ModuleError - from ansible.module_utils.network.f5.common import iControlUnexpectedHTTPError + + # Ansible 2.8 imports + from units.compat import unittest + from units.compat.mock import Mock + from units.compat.mock import patch + from units.modules.utils import set_module_args except ImportError: raise SkipTest("F5 Ansible modules require the f5-sdk Python library")