Adds "allow" param to bigip_device_httpd (#34439)

This param can control what addresses are allowed to access the
httpd ui of the bigip

.github/BOTMETA.yml

@@ -469,7 +469,7 @@ files:
   $modules/network/enos/: amuraleedhar
   $modules/network/eos/: privateip trishnaguha
   $modules/network/f5/:
-    ignored: Etienne-Carriere mhite mryanlam perzizzle srvg wojtek0806
+    ignored: Etienne-Carriere mhite mryanlam perzizzle srvg wojtek0806 JoeReifel
     maintainers: caphrim007
   $modules/network/fortios/: bjolivot
   $modules/network/illumos/: xen0l

lib/ansible/modules/network/f5/bigip_device_httpd.py

@@ -21,9 +21,17 @@ description:
     to change when you want to set GUI timeouts and other TMUI related settings.
 version_added: "2.5"
 options:
+  allow:
+    description:
+      - Specifies, if you have enabled HTTPD access, the IP address or address
+        range for other systems that can communicate with this system.
+    choices:
+      - all
+      - IP address, such as 172.27.1.10
+      - IP range, such as 172.27.*.* or 172.27.0.0/255.255.0.0
   auth_name:
     description:
-      - Sets the BIG-IP authentication realm name
+      - Sets the BIG-IP authentication realm name.
   auth_pam_idle_timeout:
     description:
       - Sets the GUI timeout for automatic logout, in seconds.
@@ -102,6 +110,51 @@ auth_pam_idle_timeout:
   returned: changed
   type: string
   sample: 1200
+auth_name:
+  description: The new authentication realm name.
+  returned: changed
+  type: string
+  sample: 'foo'
+auth_pam_validate_ip:
+  description: The new authPamValidateIp setting.
+  returned: changed
+  type: bool
+  sample: on
+auth_pam_dashboard_timeout:
+  description: Whether or not the BIG-IP dashboard will timeout.
+  returned: changed
+  type: bool
+  sample: off
+fast_cgi_timeout:
+  description: The new timeout of FastCGI.
+  returned: changed
+  type: int
+  sample: 500
+hostname_lookup:
+  description: Whether or not to display the hostname, if possible.
+  returned: changed
+  type: bool
+  sample: on
+log_level:
+  description: The new minimum httpd log level.
+  returned: changed
+  type: string
+  sample: crit
+max_clients:
+  description: The new maximum number of clients that can connect to the GUI at once.
+  returned: changed
+  type: int
+  sample: 20
+redirect_http_to_https:
+  description: Whether or not to redirect http requests to the GUI to https.
+  returned: changed
+  type: bool
+  sample: on
+ssl_port:
+  description: The new HTTPS port to listen on.
+  returned: changed
+  type: int
+  sample: 10443
 '''
 
 import time
@@ -142,19 +195,21 @@ class Parameters(AnsibleF5Parameters):
     api_attributes = [
         'authPamIdleTimeout', 'authPamValidateIp', 'authName', 'authPamDashboardTimeout',
         'fastcgiTimeout', 'hostnameLookup', 'logLevel', 'maxClients', 'sslPort',
-        'redirectHttpToHttps'
+        'redirectHttpToHttps', 'allow'
     ]
 
     returnables = [
         'auth_pam_idle_timeout', 'auth_pam_validate_ip', 'auth_name',
         'auth_pam_dashboard_timeout', 'fast_cgi_timeout', 'hostname_lookup',
-        'log_level', 'max_clients', 'redirect_http_to_https', 'ssl_port'
+        'log_level', 'max_clients', 'redirect_http_to_https', 'ssl_port',
+        'allow'
     ]
 
     updatables = [
         'auth_pam_idle_timeout', 'auth_pam_validate_ip', 'auth_name',
         'auth_pam_dashboard_timeout', 'fast_cgi_timeout', 'hostname_lookup',
-        'log_level', 'max_clients', 'redirect_http_to_https', 'ssl_port'
+        'log_level', 'max_clients', 'redirect_http_to_https', 'ssl_port',
+        'allow'
     ]
 
     def __init__(self, params=None):
@@ -255,9 +310,31 @@ class ModuleParameters(Parameters):
             return "enabled"
         return "disabled"
 
+    @property
+    def allow(self):
+        if self._values['allow'] is None:
+            return None
+        if self._values['allow'][0] == 'all':
+            return 'all'
+        if self._values['allow'][0] == '':
+            return ''
+        allow = self._values['allow']
+        result = list(set([str(x) for x in allow]))
+        result = sorted(result)
+        return result
+
 
 class ApiParameters(Parameters):
-    pass
+    @property
+    def allow(self):
+        if self._values['allow'] is None:
+            return ''
+        if self._values['allow'][0] == 'All':
+            return 'all'
+        allow = self._values['allow']
+        result = list(set([str(x) for x in allow]))
+        result = sorted(result)
+        return result
 
 
 class Changes(Parameters):
@@ -301,6 +378,21 @@ class Difference(object):
         except AttributeError:
             return attr1
 
+    @property
+    def allow(self):
+        if self.want.allow is None:
+            return None
+        if self.want.allow == 'all' and self.have.allow == 'all':
+            return None
+        if self.want.allow == 'all':
+            return ['All']
+        if self.want.allow == '' and self.have.allow == '':
+            return None
+        if self.want.allow == '':
+            return []
+        if self.want.allow != self.have.allow:
+            return self.want.allow
+
 
 class ModuleManager(object):
     def __init__(self, client):
@@ -403,6 +495,9 @@ class ArgumentSpec(object):
     def __init__(self):
         self.supports_check_mode = True
         self.argument_spec = dict(
+            allow=dict(
+                type='list'
+            ),
             auth_name=dict(),
             auth_pam_idle_timeout=dict(
                 type='int'