diff --git a/lib/ansible/modules/network/f5/bigip_device_sshd.py b/lib/ansible/modules/network/f5/bigip_device_sshd.py index 6e3ee27eb1..cf60d6009e 100644 --- a/lib/ansible/modules/network/f5/bigip_device_sshd.py +++ b/lib/ansible/modules/network/f5/bigip_device_sshd.py @@ -1,8 +1,9 @@ #!/usr/bin/python # -*- coding: utf-8 -*- # -# Copyright (c) 2017 F5 Networks Inc. +# Copyright: (c) 2017, F5 Networks Inc. # GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -27,6 +28,8 @@ options: - To specify all addresses, use the value C(all). - IP address can be specified, such as 172.27.1.10. - IP rangees can be specified, such as 172.27.*.* or 172.27.0.0/255.255.0.0. + - To remove SSH access specify an empty list or an empty string. + type: list banner: description: - Whether to enable the banner or not. @@ -69,6 +72,7 @@ notes: extends_documentation_fragment: f5 author: - Tim Rupp (@caphrim007) + - Wojciech Wypior (@wojtek0806) ''' EXAMPLES = r''' @@ -76,26 +80,29 @@ EXAMPLES = r''' bigip_device_sshd: banner: enabled banner_text: banner text goes here - password: secret - server: lb.mydomain.com - user: admin + provider: + password: secret + server: lb.mydomain.com + user: admin delegate_to: localhost - name: Set the banner for the SSHD service from a file bigip_device_sshd: banner: enabled banner_text: "{{ lookup('file', '/path/to/file') }}" - password: secret - server: lb.mydomain.com - user: admin + provider: + password: secret + server: lb.mydomain.com + user: admin delegate_to: localhost - name: Set the SSHD service to run on port 2222 bigip_device_sshd: - password: secret port: 2222 - server: lb.mydomain.com - user: admin + provider: + user: admin + password: secret + server: lb.mydomain.com delegate_to: localhost ''' @@ -106,7 +113,7 @@ allow: range for other systems that can use SSH to communicate with this system. returned: changed - type: string + type: list sample: 192.0.2.* banner: description: Whether the banner is enabled or not. @@ -147,58 +154,55 @@ port: from ansible.module_utils.basic import AnsibleModule try: - from library.module_utils.network.f5.bigip import HAS_F5SDK - from library.module_utils.network.f5.bigip import F5Client + from library.module_utils.network.f5.bigip import F5RestClient from library.module_utils.network.f5.common import F5ModuleError from library.module_utils.network.f5.common import AnsibleF5Parameters from library.module_utils.network.f5.common import cleanup_tokens + from library.module_utils.network.f5.common import fq_name from library.module_utils.network.f5.common import f5_argument_spec - try: - from library.module_utils.network.f5.common import iControlUnexpectedHTTPError - except ImportError: - HAS_F5SDK = False + from library.module_utils.network.f5.common import exit_json + from library.module_utils.network.f5.common import fail_json + from library.module_utils.network.f5.common import is_empty_list except ImportError: - from ansible.module_utils.network.f5.bigip import HAS_F5SDK - from ansible.module_utils.network.f5.bigip import F5Client + from ansible.module_utils.network.f5.bigip import F5RestClient from ansible.module_utils.network.f5.common import F5ModuleError from ansible.module_utils.network.f5.common import AnsibleF5Parameters from ansible.module_utils.network.f5.common import cleanup_tokens + from ansible.module_utils.network.f5.common import fq_name from ansible.module_utils.network.f5.common import f5_argument_spec - try: - from ansible.module_utils.network.f5.common import iControlUnexpectedHTTPError - except ImportError: - HAS_F5SDK = False + from ansible.module_utils.network.f5.common import exit_json + from ansible.module_utils.network.f5.common import fail_json + from ansible.module_utils.network.f5.common import is_empty_list class Parameters(AnsibleF5Parameters): api_map = { 'bannerText': 'banner_text', 'inactivityTimeout': 'inactivity_timeout', - 'logLevel': 'log_level' + 'logLevel': 'log_level', } api_attributes = [ - 'allow', 'banner', 'bannerText', 'inactivityTimeout', 'logLevel', - 'login', 'port' + 'allow', 'banner', 'bannerText', 'inactivityTimeout', + 'logLevel', 'login', 'port', ] updatables = [ - 'allow', 'banner', 'banner_text', 'inactivity_timeout', 'log_level', - 'login', 'port' + 'allow', 'banner', 'banner_text', 'inactivity_timeout', + 'log_level', 'login', 'port', ] returnables = [ - 'allow', 'banner', 'banner_text', 'inactivity_timeout', 'log_level', - 'login', 'port' + 'allow', 'banner', 'banner_text', 'inactivity_timeout', + 'log_level', 'login', 'port', ] - def to_return(self): - result = {} - for returnable in self.returnables: - result[returnable] = getattr(self, returnable) - result = self._filter_params(result) - return result +class ApiParameters(Parameters): + pass + + +class ModuleParameters(Parameters): @property def inactivity_timeout(self): if self._values['inactivity_timeout'] is None: @@ -213,24 +217,28 @@ class Parameters(AnsibleF5Parameters): @property def allow(self): - if self._values['allow'] is None: - return None allow = self._values['allow'] - result = list(set([str(x) for x in allow])) - result = sorted(result) - return result - - -class ApiParameters(Parameters): - pass - - -class ModuleParameters(Parameters): - pass + if allow is None: + return None + if is_empty_list(allow): + return [] + return allow class Changes(Parameters): - pass + def to_return(self): + result = {} + try: + for returnable in self.returnables: + change = getattr(self, returnable) + if isinstance(change, dict): + result.update(change) + else: + result[returnable] = change + result = self._filter_params(result) + except Exception: + pass + return result class UsableChanges(Changes): @@ -241,44 +249,90 @@ class ReportableChanges(Changes): pass +class Difference(object): + def __init__(self, want, have=None): + self.want = want + self.have = have + + def compare(self, param): + try: + result = getattr(self, param) + return result + except AttributeError: + return self.__default(param) + + def __default(self, param): + attr1 = getattr(self.want, param) + try: + attr2 = getattr(self.have, param) + if attr1 != attr2: + return attr1 + except AttributeError: + return attr1 + + @property + def allow(self): + if self.want.allow is None: + return None + if not self.want.allow: + if self.have.allow is None: + return None + if self.have.allow is not None: + return self.want.allow + if self.have.allow is None: + return self.want.allow + if set(self.want.allow) != set(self.have.allow): + return self.want.allow + + class ModuleManager(object): def __init__(self, *args, **kwargs): self.module = kwargs.get('module', None) self.client = kwargs.get('client', None) - self.have = None self.want = ModuleParameters(params=self.module.params) + self.have = ApiParameters() self.changes = UsableChanges() - def _update_changed_options(self): # lgtm [py/similar-function] - changed = {} - for key in Parameters.updatables: - if getattr(self.want, key) is not None: - attr1 = getattr(self.want, key) - attr2 = getattr(self.have, key) - if attr1 != attr2: - changed[key] = attr1 + def _update_changed_options(self): + diff = Difference(self.want, self.have) + updatables = Parameters.updatables + changed = dict() + for k in updatables: + change = diff.compare(k) + if change is None: + continue + else: + if isinstance(change, dict): + changed.update(change) + else: + changed[k] = change if changed: self.changes = UsableChanges(params=changed) return True return False + def _announce_deprecations(self, result): + warnings = result.pop('__warnings', []) + for warning in warnings: + self.client.module.deprecate( + msg=warning['msg'], + version=warning['version'] + ) + def exec_module(self): result = dict() - try: - changed = self.update() - except iControlUnexpectedHTTPError as e: - raise F5ModuleError(str(e)) + changed = self.present() - changes = self.changes.to_return() + reportable = ReportableChanges(params=self.changes.to_return()) + changes = reportable.to_return() result.update(**changes) result.update(dict(changed=changed)) + self._announce_deprecations(result) return result - def read_current_from_device(self): - resource = self.client.api.tm.sys.sshd.load() - result = resource.attrs - return ApiParameters(params=result) + def present(self): + return self.update() def update(self): self.have = self.read_current_from_device() @@ -297,8 +351,39 @@ class ModuleManager(object): def update_on_device(self): params = self.changes.api_params() - resource = self.client.api.tm.sys.sshd.load() - resource.update(**params) + uri = "https://{0}:{1}/mgmt/tm/sys/sshd/".format( + self.client.provider['server'], + self.client.provider['server_port'], + ) + resp = self.client.api.patch(uri, json=params) + try: + response = resp.json() + except ValueError as ex: + raise F5ModuleError(str(ex)) + + if 'code' in response and response['code'] == 400: + if 'message' in response: + raise F5ModuleError(response['message']) + else: + raise F5ModuleError(resp.content) + + def read_current_from_device(self): + uri = "https://{0}:{1}/mgmt/tm/sys/sshd/".format( + self.client.provider['server'], + self.client.provider['server_port'], + ) + resp = self.client.api.get(uri) + try: + response = resp.json() + except ValueError as ex: + raise F5ModuleError(str(ex)) + + if 'code' in response and response['code'] == 400: + if 'message' in response: + raise F5ModuleError(response['message']) + else: + raise F5ModuleError(resp.content) + return ApiParameters(params=response) class ArgumentSpec(object): @@ -342,18 +427,17 @@ def main(): argument_spec=spec.argument_spec, supports_check_mode=spec.supports_check_mode ) - if not HAS_F5SDK: - module.fail_json(msg="The python f5-sdk module is required") + + client = F5RestClient(**module.params) try: - client = F5Client(**module.params) mm = ModuleManager(module=module, client=client) results = mm.exec_module() cleanup_tokens(client) - module.exit_json(**results) + exit_json(module, results, client) except F5ModuleError as ex: cleanup_tokens(client) - module.fail_json(msg=str(ex)) + fail_json(module, ex, client) if __name__ == '__main__': diff --git a/test/units/modules/network/f5/test_bigip_device_sshd.py b/test/units/modules/network/f5/test_bigip_device_sshd.py index 62dac4b51b..d07fd899ff 100644 --- a/test/units/modules/network/f5/test_bigip_device_sshd.py +++ b/test/units/modules/network/f5/test_bigip_device_sshd.py @@ -14,9 +14,6 @@ from nose.plugins.skip import SkipTest if sys.version_info < (2, 7): raise SkipTest("F5 Ansible modules require Python >= 2.7") -from units.compat import unittest -from units.compat.mock import Mock -from units.compat.mock import patch from ansible.module_utils.basic import AnsibleModule try: @@ -24,17 +21,25 @@ try: from library.modules.bigip_device_sshd import ModuleParameters from library.modules.bigip_device_sshd import ModuleManager from library.modules.bigip_device_sshd import ArgumentSpec - from library.module_utils.network.f5.common import F5ModuleError - from library.module_utils.network.f5.common import iControlUnexpectedHTTPError - from test.unit.modules.utils import set_module_args + + # In Ansible 2.8, Ansible changed import paths. + from test.units.compat import unittest + from test.units.compat.mock import Mock + from test.units.compat.mock import patch + + from test.units.modules.utils import set_module_args except ImportError: try: from ansible.modules.network.f5.bigip_device_sshd import ApiParameters from ansible.modules.network.f5.bigip_device_sshd import ModuleParameters from ansible.modules.network.f5.bigip_device_sshd import ModuleManager from ansible.modules.network.f5.bigip_device_sshd import ArgumentSpec - from ansible.module_utils.network.f5.common import F5ModuleError - from ansible.module_utils.network.f5.common import iControlUnexpectedHTTPError + + # Ansible 2.8 imports + from units.compat import unittest + from units.compat.mock import Mock + from units.compat.mock import patch + from units.modules.utils import set_module_args except ImportError: raise SkipTest("F5 Ansible modules require the f5-sdk Python library")