1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Adds DNS profile module for BIGIP (#39270)

This module can be used for managing DNS profiles on a BIGIP
This commit is contained in:
Tim Rupp 2018-04-24 21:05:30 -07:00 committed by GitHub
parent 20d5b04ac4
commit 9940b5db9c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 844 additions and 0 deletions

View file

@ -0,0 +1,664 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright: (c) 2017, F5 Networks Inc.
# GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = r'''
---
module: bigip_profile_dns
short_description: Manage DNS profiles on a BIG-IP
description:
- Manage DNS profiles on a BIG-IP. There are a variety of DNS profiles, each with their
own adjustments to the standard C(dns) profile. Users of this module should be aware
that many of the adjustable knobs have no module default. Instead, the default is
assigned by the BIG-IP system itself which, in most cases, is acceptable.
version_added: 2.6
options:
name:
description:
- Specifies the name of the DNS profile.
required: True
parent:
description:
- Specifies the profile from which this profile inherits settings.
- When creating a new profile, if this parameter is not specified, the default
is the system-supplied C(dns) profile.
enable_dns_express:
description:
- Specifies whether the DNS Express engine is enabled.
- When creating a new profile, if this parameter is not specified, the default is
C(yes).
- The DNS Express engine receives zone transfers from the authoritative DNS server
for the zone. If the C(enable_zone_transfer) setting is also C(yes) on this profile,
the DNS Express engine also responds to zone transfer requests made by the nameservers
configured as zone transfer clients for the DNS Express zone.
type: bool
enable_zone_transfer:
description:
- Specifies whether the system answers zone transfer requests for a DNS zone created
on the system.
- When creating a new profile, if this parameter is not specified, the default is
C(no).
- The C(enable_dns_express) and C(enable_zone_transfer) settings on a DNS profile
affect how the system responds to zone transfer requests.
- When the C(enable_dns_express) and C(enable_zone_transfer) settings are both C(yes),
if a zone transfer request matches a DNS Express zone, then DNS Express answers the
request.
- When the C(enable_dns_express) setting is C(no) and the C(enable_zone_transfer)
setting is C(yes), the BIG-IP system processes zone transfer requests based on the
last action and answers the request from local BIND or a pool member.
type: bool
enable_dnssec:
description:
- Specifies whether the system signs responses with DNSSEC keys and replies to DNSSEC
specific queries (e.g., DNSKEY query type).
- When creating a new profile, if this parameter is not specified, the default is
C(yes).
type: bool
enable_gtm:
description:
- Specifies whether the system uses Global Traffic Manager to manage the response.
- When creating a new profile, if this parameter is not specified, the default is
C(yes).
type: bool
process_recursion_desired:
description:
- Specifies whether to process client-side DNS packets with Recursion Desired set in
the header.
- When creating a new profile, if this parameter is not specified, the default is
C(yes).
- If set to C(no), processing of the packet is subject to the unhandled-query-action
option.
type: bool
use_local_bind:
description:
- Specifies whether the system forwards non-wide IP queries to the local BIND server
on the BIG-IP system.
- For best performance, disable this setting when using a DNS cache.
- When creating a new profile, if this parameter is not specified, the default is
C(yes).
type: bool
enable_dns_firewall:
description:
- Specifies whether DNS firewall capability is enabled.
- When creating a new profile, if this parameter is not specified, the default is
C(no).
type: bool
partition:
description:
- Device partition to manage resources on.
default: Common
state:
description:
- When C(present), ensures that the profile exists.
- When C(absent), ensures the profile is removed.
default: present
choices:
- present
- absent
extends_documentation_fragment: f5
author:
- Tim Rupp (@caphrim007)
'''
EXAMPLES = r'''
- name: Create a DNS profile
bigip_profile_dns:
name: foo
enable_dns_express: no
enable_dnssec: no
enable_gtm: no
process_recursion_desired: no
use_local_bind: no
enable_dns_firewall: yes
password: secret
server: lb.mydomain.com
state: present
user: admin
delegate_to: localhost
'''
RETURN = r'''
enable_dns_express:
description: Whether DNS Express is enabled on the resource or not.
returned: changed
type: bool
sample: True
enable_zone_transfer:
description: Whether zone transfer are enabled on the resource or not.
returned: changed
type: bool
sample: False
enable_dnssec:
description: Whether DNSSEC is enabled on the resource or not.
returned: changed
type: bool
sample: False
enable_gtm:
description: Whether GTM is used to manage the resource or not.
returned: changed
type: bool
sample: True
process_recursion_desired:
description: Whether client-side DNS packets are processed with Recursion Desired set.
returned: changed
type: bool
sample: True
use_local_bind:
description: Whether non-wide IP queries are forwarded to the local BIND server or not.
returned: changed
type: bool
sample: False
enable_dns_firewall:
description: Whether DNS firewall capability is enabled or not.
returned: changed
type: bool
sample: False
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.basic import env_fallback
try:
from library.module_utils.network.f5.bigip import HAS_F5SDK
from library.module_utils.network.f5.bigip import F5Client
from library.module_utils.network.f5.common import F5ModuleError
from library.module_utils.network.f5.common import AnsibleF5Parameters
from library.module_utils.network.f5.common import cleanup_tokens
from library.module_utils.network.f5.common import fq_name
from library.module_utils.network.f5.common import f5_argument_spec
try:
from library.module_utils.network.f5.common import iControlUnexpectedHTTPError
except ImportError:
HAS_F5SDK = False
except ImportError:
from ansible.module_utils.network.f5.bigip import HAS_F5SDK
from ansible.module_utils.network.f5.bigip import F5Client
from ansible.module_utils.network.f5.common import F5ModuleError
from ansible.module_utils.network.f5.common import AnsibleF5Parameters
from ansible.module_utils.network.f5.common import cleanup_tokens
from ansible.module_utils.network.f5.common import fq_name
from ansible.module_utils.network.f5.common import f5_argument_spec
try:
from ansible.module_utils.network.f5.common import iControlUnexpectedHTTPError
except ImportError:
HAS_F5SDK = False
class Parameters(AnsibleF5Parameters):
api_map = {
'enableDnsFirewall': 'enable_dns_firewall',
'useLocalBind': 'use_local_bind',
'processRd': 'process_recursion_desired',
'enableGtm': 'enable_gtm',
'enableDnssec': 'enable_dnssec',
'processXfr': 'enable_zone_transfer',
'enableDnsExpress': 'enable_dns_express',
'defaultsFrom': 'parent',
}
api_attributes = [
'enableDnsFirewall',
'useLocalBind',
'processRd',
'enableGtm',
'enableDnssec',
'processXfr',
'enableDnsExpress',
]
returnables = [
'enable_dns_firewall',
'use_local_bind',
'process_recursion_desired',
'enable_gtm',
'enable_dnssec',
'enable_zone_transfer',
'enable_dns_express',
]
updatables = [
'enable_dns_firewall',
'use_local_bind',
'process_recursion_desired',
'enable_gtm',
'enable_dnssec',
'enable_zone_transfer',
'enable_dns_express',
]
class ApiParameters(Parameters):
@property
def enable_dns_firewall(self):
if self._values['enable_dns_firewall'] is None:
return None
if self._values['enable_dns_firewall'] == 'yes':
return True
return False
@property
def use_local_bind(self):
if self._values['use_local_bind'] is None:
return None
if self._values['use_local_bind'] == 'yes':
return True
return False
@property
def process_recursion_desired(self):
if self._values['process_recursion_desired'] is None:
return None
if self._values['process_recursion_desired'] == 'yes':
return True
return False
@property
def enable_gtm(self):
if self._values['enable_gtm'] is None:
return None
if self._values['enable_gtm'] == 'yes':
return True
return False
@property
def enable_dnssec(self):
if self._values['enable_dnssec'] is None:
return None
if self._values['enable_dnssec'] == 'yes':
return True
return False
@property
def enable_zone_transfer(self):
if self._values['enable_zone_transfer'] is None:
return None
if self._values['enable_zone_transfer'] == 'yes':
return True
return False
@property
def enable_dns_express(self):
if self._values['enable_dns_express'] is None:
return None
if self._values['enable_dns_express'] == 'yes':
return True
return False
class ModuleParameters(Parameters):
@property
def parent(self):
if self._values['parent'] is None:
return None
result = fq_name(self.partition, self._values['parent'])
return result
class Changes(Parameters):
def to_return(self):
result = {}
try:
for returnable in self.returnables:
result[returnable] = getattr(self, returnable)
result = self._filter_params(result)
except Exception:
pass
return result
class UsableChanges(Changes):
@property
def enable_dns_firewall(self):
if self._values['enable_dns_firewall'] is None:
return None
if self._values['enable_dns_firewall']:
return 'yes'
return 'no'
@property
def use_local_bind(self):
if self._values['use_local_bind'] is None:
return None
if self._values['use_local_bind']:
return 'yes'
return 'no'
@property
def process_recursion_desired(self):
if self._values['process_recursion_desired'] is None:
return None
if self._values['process_recursion_desired']:
return 'yes'
return 'no'
@property
def enable_gtm(self):
if self._values['enable_gtm'] is None:
return None
if self._values['enable_gtm']:
return 'yes'
return 'no'
@property
def enable_dnssec(self):
if self._values['enable_dnssec'] is None:
return None
if self._values['enable_dnssec']:
return 'yes'
return 'no'
@property
def enable_zone_transfer(self):
if self._values['enable_zone_transfer'] is None:
return None
if self._values['enable_zone_transfer']:
return 'yes'
return 'no'
@property
def enable_dns_express(self):
if self._values['enable_dns_express'] is None:
return None
if self._values['enable_dns_express']:
return 'yes'
return 'no'
class ReportableChanges(Changes):
@property
def enable_dns_firewall(self):
if self._values['enable_dns_firewall'] is None:
return None
if self._values['enable_dns_firewall'] == 'yes':
return True
return False
@property
def use_local_bind(self):
if self._values['use_local_bind'] is None:
return None
if self._values['use_local_bind'] == 'yes':
return True
return False
@property
def process_recursion_desired(self):
if self._values['process_recursion_desired'] is None:
return None
if self._values['process_recursion_desired'] == 'yes':
return True
return False
@property
def enable_gtm(self):
if self._values['enable_gtm'] is None:
return None
if self._values['enable_gtm'] == 'yes':
return True
return False
@property
def enable_dnssec(self):
if self._values['enable_dnssec'] is None:
return None
if self._values['enable_dnssec'] == 'yes':
return True
return False
@property
def enable_zone_transfer(self):
if self._values['enable_zone_transfer'] is None:
return None
if self._values['enable_zone_transfer'] == 'yes':
return True
return False
@property
def enable_dns_express(self):
if self._values['enable_dns_express'] is None:
return None
if self._values['enable_dns_express'] == 'yes':
return True
return False
class Difference(object):
def __init__(self, want, have=None):
self.want = want
self.have = have
def compare(self, param):
try:
result = getattr(self, param)
return result
except AttributeError:
return self.__default(param)
def __default(self, param):
attr1 = getattr(self.want, param)
try:
attr2 = getattr(self.have, param)
if attr1 != attr2:
return attr1
except AttributeError:
return attr1
class ModuleManager(object):
def __init__(self, *args, **kwargs):
self.module = kwargs.get('module', None)
self.client = kwargs.get('client', None)
self.want = ModuleParameters(params=self.module.params)
self.have = ApiParameters()
self.changes = UsableChanges()
def _set_changed_options(self):
changed = {}
for key in Parameters.returnables:
if getattr(self.want, key) is not None:
changed[key] = getattr(self.want, key)
if changed:
self.changes = UsableChanges(params=changed)
def _update_changed_options(self):
diff = Difference(self.want, self.have)
updatables = Parameters.updatables
changed = dict()
for k in updatables:
change = diff.compare(k)
if change is None:
continue
else:
if isinstance(change, dict):
changed.update(change)
else:
changed[k] = change
if changed:
self.changes = UsableChanges(params=changed)
return True
return False
def should_update(self):
result = self._update_changed_options()
if result:
return True
return False
def exec_module(self):
changed = False
result = dict()
state = self.want.state
try:
if state == "present":
changed = self.present()
elif state == "absent":
changed = self.absent()
except iControlUnexpectedHTTPError as e:
raise F5ModuleError(str(e))
reportable = ReportableChanges(params=self.changes.to_return())
changes = reportable.to_return()
result.update(**changes)
result.update(dict(changed=changed))
self._announce_deprecations(result)
return result
def _announce_deprecations(self, result):
warnings = result.pop('__warnings', [])
for warning in warnings:
self.client.module.deprecate(
msg=warning['msg'],
version=warning['version']
)
def present(self):
if self.exists():
return self.update()
else:
return self.create()
def exists(self):
result = self.client.api.tm.ltm.profile.dns_s.dns.exists(
name=self.want.name,
partition=self.want.partition
)
return result
def update(self):
self.have = self.read_current_from_device()
if not self.should_update():
return False
if self.module.check_mode:
return True
self.update_on_device()
return True
def remove(self):
if self.module.check_mode:
return True
self.remove_from_device()
if self.exists():
raise F5ModuleError("Failed to delete the resource.")
return True
def create(self):
if self.want.enable_dns_express is None:
self.want.update({'enable_dns_express': True})
if self.want.enable_zone_transfer is None:
self.want.update({'enable_zone_transfer': False})
if self.want.enable_dnssec is None:
self.want.update({'enable_dnssec': True})
if self.want.enable_gtm is None:
self.want.update({'enable_gtm': True})
if self.want.process_recursion_desired is None:
self.want.update({'process_recursion_desired': True})
if self.want.use_local_bind is None:
self.want.update({'use_local_bind': True})
if self.want.enable_dns_firewall is None:
self.want.update({'enable_dns_firewall': False})
self._set_changed_options()
if self.module.check_mode:
return True
self.create_on_device()
return True
def create_on_device(self):
params = self.changes.api_params()
self.client.api.tm.ltm.profile.dns_s.dns.create(
name=self.want.name,
partition=self.want.partition,
**params
)
def update_on_device(self):
params = self.changes.api_params()
resource = self.client.api.tm.ltm.profile.dns_s.dns.load(
name=self.want.name,
partition=self.want.partition
)
resource.modify(**params)
def absent(self):
if self.exists():
return self.remove()
return False
def remove_from_device(self):
resource = self.client.api.tm.ltm.profile.dns_s.dns.load(
name=self.want.name,
partition=self.want.partition
)
if resource:
resource.delete()
def read_current_from_device(self):
resource = self.client.api.tm.ltm.profile.dns_s.dns.load(
name=self.want.name,
partition=self.want.partition
)
result = resource.attrs
return ApiParameters(params=result)
class ArgumentSpec(object):
def __init__(self):
self.supports_check_mode = True
argument_spec = dict(
name=dict(required=True),
parent=dict(),
enable_dns_express=dict(type='bool'),
enable_zone_transfer=dict(type='bool'),
enable_dnssec=dict(type='bool'),
enable_gtm=dict(type='bool'),
process_recursion_desired=dict(type='bool'),
use_local_bind=dict(type='bool'),
enable_dns_firewall=dict(type='bool'),
state=dict(
default='present',
choices=['present', 'absent']
),
partition=dict(
default='Common',
fallback=(env_fallback, ['F5_PARTITION'])
)
)
self.argument_spec = {}
self.argument_spec.update(f5_argument_spec)
self.argument_spec.update(argument_spec)
def main():
spec = ArgumentSpec()
module = AnsibleModule(
argument_spec=spec.argument_spec,
supports_check_mode=spec.supports_check_mode
)
if not HAS_F5SDK:
module.fail_json(msg="The python f5-sdk module is required")
try:
client = F5Client(**module.params)
mm = ModuleManager(module=module, client=client)
results = mm.exec_module()
cleanup_tokens(client)
module.exit_json(**results)
except F5ModuleError as ex:
cleanup_tokens(client)
module.fail_json(msg=str(ex))
if __name__ == '__main__':
main()

View file

@ -0,0 +1,35 @@
{
"kind": "tm:ltm:profile:dns:dnsstate",
"name": "foo",
"partition": "Common",
"fullPath": "/Common/foo",
"generation": 1211,
"selfLink": "https://localhost/mgmt/tm/ltm/profile/dns/~Common~foo?ver=13.1.0.4",
"appService": "none",
"avrDnsstatSampleRate": 0,
"cache": "none",
"defaultsFrom": "/Common/dns",
"defaultsFromReference": {
"link": "https://localhost/mgmt/tm/ltm/profile/dns/~Common~dns?ver=13.1.0.4"
},
"description": "none",
"dnsSecurity": "none",
"dns64": "disabled",
"dns64AdditionalSectionRewrite": "disabled",
"dns64Prefix": "any6",
"enableCache": "no",
"enableDnsExpress": "no",
"enableDnsFirewall": "yes",
"enableDnssec": "no",
"enableGtm": "no",
"enableHardwareQueryValidation": "no",
"enableHardwareResponseCache": "no",
"enableLogging": "no",
"enableRapidResponse": "no",
"logProfile": "none",
"processRd": "yes",
"processXfr": "yes",
"rapidResponseLastAction": "drop",
"unhandledQueryAction": "allow",
"useLocalBind": "no"
}

View file

@ -0,0 +1,145 @@
# -*- coding: utf-8 -*-
#
# Copyright: (c) 2017, F5 Networks Inc.
# GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import os
import json
import pytest
import sys
from nose.plugins.skip import SkipTest
if sys.version_info < (2, 7):
raise SkipTest("F5 Ansible modules require Python >= 2.7")
from ansible.compat.tests import unittest
from ansible.compat.tests.mock import Mock
from ansible.compat.tests.mock import patch
from ansible.module_utils.basic import AnsibleModule
try:
from library.modules.bigip_profile_dns import ApiParameters
from library.modules.bigip_profile_dns import ModuleParameters
from library.modules.bigip_profile_dns import ModuleManager
from library.modules.bigip_profile_dns import ArgumentSpec
from library.module_utils.network.f5.common import F5ModuleError
from library.module_utils.network.f5.common import iControlUnexpectedHTTPError
from test.unit.modules.utils import set_module_args
except ImportError:
try:
from ansible.modules.network.f5.bigip_profile_dns import ApiParameters
from ansible.modules.network.f5.bigip_profile_dns import ModuleParameters
from ansible.modules.network.f5.bigip_profile_dns import ModuleManager
from ansible.modules.network.f5.bigip_profile_dns import ArgumentSpec
from ansible.module_utils.network.f5.common import F5ModuleError
from ansible.module_utils.network.f5.common import iControlUnexpectedHTTPError
from units.modules.utils import set_module_args
except ImportError:
raise SkipTest("F5 Ansible modules require the f5-sdk Python library")
fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures')
fixture_data = {}
def load_fixture(name):
path = os.path.join(fixture_path, name)
if path in fixture_data:
return fixture_data[path]
with open(path) as f:
data = f.read()
try:
data = json.loads(data)
except Exception:
pass
fixture_data[path] = data
return data
class TestParameters(unittest.TestCase):
def test_module_parameters(self):
args = dict(
name='foo',
parent='bar',
enable_dns_express=True,
enable_zone_transfer=True,
enable_dnssec=True,
enable_gtm=True,
process_recursion_desired=True,
use_local_bind=True,
enable_dns_firewall=True,
)
p = ModuleParameters(params=args)
assert p.name == 'foo'
assert p.parent == '/Common/bar'
assert p.enable_dns_express is True
assert p.enable_zone_transfer is True
assert p.enable_dnssec is True
assert p.enable_gtm is True
assert p.process_recursion_desired is True
assert p.use_local_bind is True
assert p.enable_dns_firewall is True
def test_api_parameters(self):
args = load_fixture('load_ltm_profile_dns_1.json')
p = ApiParameters(params=args)
assert p.name == 'foo'
assert p.parent == '/Common/dns'
assert p.enable_dns_express is False
assert p.enable_zone_transfer is True
assert p.enable_dnssec is False
assert p.enable_gtm is False
assert p.process_recursion_desired is True
assert p.use_local_bind is False
assert p.enable_dns_firewall is True
class TestManager(unittest.TestCase):
def setUp(self):
self.spec = ArgumentSpec()
def test_create(self, *args):
# Configure the arguments that would be sent to the Ansible module
set_module_args(dict(
name='foo',
parent='bar',
enable_dns_express=True,
enable_zone_transfer=True,
enable_dnssec=True,
enable_gtm=True,
process_recursion_desired=True,
use_local_bind=True,
enable_dns_firewall=True,
password='password',
server='localhost',
user='admin'
))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode
)
mm = ModuleManager(module=module)
# Override methods to force specific logic in the module to happen
mm.exists = Mock(return_value=False)
mm.create_on_device = Mock(return_value=True)
results = mm.exec_module()
assert results['changed'] is True
assert results['enable_dns_express'] is True
assert results['enable_zone_transfer'] is True
assert results['enable_dnssec'] is True
assert results['enable_gtm'] is True
assert results['process_recursion_desired'] is True
assert results['use_local_bind'] is True
assert results['enable_dns_firewall'] is True