diff --git a/lib/ansible/modules/network/f5/bigip_device_facts.py b/lib/ansible/modules/network/f5/bigip_device_facts.py index 56dadcb979..336726fb97 100644 --- a/lib/ansible/modules/network/f5/bigip_device_facts.py +++ b/lib/ansible/modules/network/f5/bigip_device_facts.py @@ -33,6 +33,9 @@ options: - monitors - profiles - asm-policy-stats + - asm-policies + - asm-server-technologies + - asm-signature-sets - client-ssl-profiles - devices - device-groups @@ -92,6 +95,9 @@ options: - "!monitors" - "!profiles" - "!asm-policy-stats" + - "!asm-policies" + - "!asm-server-technologies" + - "!asm-signature-sets" - "!client-ssl-profiles" - "!devices" - "!device-groups" @@ -151,6 +157,7 @@ options: extends_documentation_fragment: f5 author: - Tim Rupp (@caphrim007) + - Wojciech Wypior (@wojtek0806) ''' EXAMPLES = r''' @@ -224,6 +231,336 @@ asm_policy_stats: type: int sample: 3 sample: hash/dictionary of values +asm_policies: + description: Detailed facts for ASM policies present on device. + returned: When C(asm-policies) is specified in C(gather_subset). + type: complex + contains: + full_path: + description: + - Full name of the resource as known to BIG-IP. + returned: changed + type: string + sample: /Common/foo_policy + name: + description: + - Relative name of the resource in BIG-IP. + returned: changed + type: string + sample: foo_policy + policy_id: + description: + - Generated ID of the ASM policy resource. + returned: changed + type: string + sample: l0Ckxe-7yHsXp8U5tTgbFQ + active: + description: + - Indicates if an ASM policy is active. + returned: changed + type: bool + sample: yes + protocol_independent: + description: + - Indicates if the ASM policy differentiates between HTTP/WS and HTTPS/WSS URLs. + returned: changed + type: bool + sample: no + has_parent: + description: + - Indicates if the ASM policy is a child of another ASM policy. + returned: changed + type: bool + sample: no + type: + description: + - The type of policy, can be C(Security) or C(Parent). + returned: changed + type: string + sample: security + virtual_servers: + description: + - Virtual server or servers which have this policy assigned to them. + returned: changed + type: list + sample: ['/Common/foo_VS/'] + allowed_response_codes: + description: + - Lists the response status codes between 400 and 599 that the security profile considers legal. + returned: changed + type: list + sample: ['400', '404'] + description: + description: + - Description of the resource. + returned: changed + type: string + sample: Significant Policy Description + learning_mode: + description: + - Determine how the policy is built. + returned: changed + type: string + sample: manual + enforcement_mode: + description: + - Specifies whether blocking is active or inactive for the ASM policy. + returned: changed + type: string + sample: blocking + trust_xff: + description: + - Indicates the system has confidence in an XFF (X-Forwarded-For) header in the request. + returned: changed + type: bool + sample: yes + custom_xff_headers: + description: + - List of custom XFF headers trusted by the system. + returned: changed + type: string + sample: asm-proxy1 + case_insensitive: + description: + - Indicates if the ASM policy treats file types, URLs, and parameters as case sensitive. + returned: changed + type: bool + sample: yes + signature_staging: + description: + - Specifies if the staging feature is active on the ASM policy. + returned: changed + type: bool + sample: yes + place_signatures_in_staging: + description: + - Specifies if the system places new or updated signatures in staging + for the number of days specified in the enforcement readiness period. + returned: changed + type: bool + sample: no + enforcement_readiness_period: + description: + - Period in days both security policy entities and attack signatures + remain in staging mode before the system suggests to enforce them. + returned: changed + type: int + sample: 8 + path_parameter_handling: + description: + - Specifies how the system handles path parameters that are attached to path segments in URIs. + returned: changed + type: string + sample: ignore + trigger_asm_irule_event: + description: + - Indicates if iRule event is enabled. + returned: changed + type: string + sample: disabled + inspect_http_uploads: + description: + - Specify if the system should inspect all http uploads. + returned: changed + type: bool + sample: yes + mask_credit_card_numbers_in_request: + description: + - Indicates if the system masks credit card numbers. + returned: changed + type: bool + sample: no + maximum_http_header_length: + description: + - Maximum length of an HTTP header name and value that the system processes. + returned: changed + type: int + sample: 8192 + use_dynamic_session_id_in_url: + description: + - Specifies how the security policy processes URLs that use dynamic sessions. + returned: changed + type: bool + sample: no + maximum_cookie_header_length: + description: + - Maximum length of a cookie header name and value that the system processes. + returned: changed + type: int + sample: 8192 + application_language: + description: + - The language encoding for the web application. + returned: changed + type: string + sample: utf-8 + disallowed_geolocations: + description: + - Displays countries that may not access the web application. + returned: changed + type: string + sample: Argentina + csrf_protection_enabled: + description: + - Specifies if CSRF protection is active on the ASM policy. + returned: changed + type: bool + sample: yes + csrf_protection_ssl_only: + description: + - Specifies that only HTTPS URLs will be checked for CSRF protection. + returned: changed + type: bool + sample: yes + csrf_protection_expiration_time_in_seconds: + description: + - Specifies how long, in seconds, a configured CSRF token is valid before it expires. + returned: changed + type: int + sample: 600 + csrf_urls: + description: + - Specifies a list of URLs for CSRF token verification. + - In version 13.0.0 and above this has become a sub-collection and a list of dictionaries. + - In version 12.x this is a list of simple strings. + returned: changed + type: complex + contains: + csrf_url_required_parameters: + description: + - Indicates whether to ignore or require one of the specified parameters is present + in a request when checking if the URL entry matches the request. + returned: changed + type: string + sample: ignore + csrf_url_parameters_list: + description: + - List of parameters to look for in a request when checking if the URL entry matches the request. + returned: changed + type: list + sample: ['fooparam'] + csrf_url: + description: + - Specifies an URL to protect. + returned: changed + type: string + sample: ['/foo.html'] + csrf_url_method: + description: + - Method for the specified URL. + returned: changed + type: string + sample: POST + csrf_url_enforcement_action: + description: + - Indicates the action specified for the system to take when the URL entry matches. + returned: changed + type: string + sample: none + csrf_url_id: + description: + - Specified the generated ID for the configured CSRF url resource. + returned: changed + type: string + sample: l0Ckxe-7yHsXp8U5tTgbFQ + csrf_url_wildcard_order: + description: + - Specified the order in which the wildcard URLs are enforced. + returned: changed + type: string + sample: 1 + sample: hash/dictionary of values +asm_server_technologies: + description: Detailed facts for ASM server technologies present on device. + returned: When C(asm-server-technologies) is specified in C(gather_subset). + type: complex + contains: + id: + description: + - Displays the generated ID for the server technology resource. + returned: changed + type: string + sample: l0Ckxe-7yHsXp8U5tTgbFQ + server_technology_name: + description: + - Human friendly name of the server technology resource. + returned: changed + type: string + sample: Wordpress + server_technology_references: + description: + - List of dictionaries containing API self links of the associated technology resources. + returned: changed + type: complex + contains: + link: + description: + - A self link to an associated server technology. + sample: https://localhost/mgmt/tm/asm/server-technologies/NQG7CT02OBC2cQWbnP7T-A?ver=13.1.0 + sample: hash/dictionary of values +asm_signature_sets: + description: Detailed facts for ASM signature sets present on device. + returned: When C(asm-signature-sets) is specified in C(gather_subset). + type: complex + contains: + name: + description: + - Name of the signature set + returned: changed + type: string + sample: WebSphere signatures + id: + description: + - Displays the generated ID for the signature set resource. + returned: changed + type: string + sample: l0Ckxe-7yHsXp8U5tTgbFQ + type: + description: + - The method used to select signatures to be a part of the signature set. + returned: changed + type: string + sample: filter-based + category: + description: + - Displays the category of the signature set. + returned: changed + type: string + sample: filter-based + is_user_defined: + description: + - Specifies that this signature set was added by a user. + returned: changed + type: bool + sample: no + assign_to_policy_by_default: + description: + - Indicates whether the system assigns this signature set to a new created security policy by default. + returned: changed + type: bool + sample: yes + default_alarm: + description: + - Displays whether the security policy logs the request data in the Statistics + screen if a request matches a signature that is included in the signature set + returned: changed + type: bool + sample: yes + default_block: + description: + - Displays, when the security policy's enforcement mode is Blocking, + how the system treats requests that match a signature included in the signature set. + returned: changed + type: bool + sample: yes + default_learn: + description: + - Displays whether the security policy learns all requests that match a signature + that is included in the signature set. + returned: changed + type: bool + sample: yes + sample: hash/dictionary of values client_ssl_profiles: description: Client SSL Profile related facts. returned: When C(client-ssl-profiles) is specified in C(gather_subset). @@ -233,13 +570,13 @@ client_ssl_profiles: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/bigip02.internal name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: bigip02.internal alert_timeout: description: @@ -264,13 +601,13 @@ client_ssl_profiles: description: - Specifies how often the system authenticates a user. returned: changed - type: str + type: string sample: once ca_file: description: - Specifies the certificate authority (CA) file name. returned: changed - type: str + type: string sample: /Common/default-ca.crt cache_size: description: @@ -290,38 +627,38 @@ client_ssl_profiles: management system for the purpose of terminating or initiating an SSL connection. returned: changed - type: str + type: string sample: /Common/default.crt chain_file: description: - Specifies or builds a certificate chain file that a client can use to authenticate the profile. returned: changed - type: str + type: string sample: /Common/ca-chain.crt ciphers: description: - Specifies a list of cipher names. returned: changed - type: str + type: string sample: ['DEFAULT'] crl_file: description: - Specifies the certificate revocation list file name. returned: changed - type: str + type: string sample: /Common/default.crl parent: description: - Parent of the profile returned: changed - type: str + type: string sample: /Common/clientssl description: description: - Description of the profile. returned: changed - type: str + type: string sample: My profile modssl_methods: description: @@ -333,7 +670,7 @@ client_ssl_profiles: description: - Specifies the peer certificate mode. returned: changed - type: str + type: string sample: ignore sni_require: description: @@ -392,7 +729,7 @@ client_ssl_profiles: indication) extension information in ClientHello from a client connection. returned: changed - type: str + type: string sample: bigip01 session_ticket: description: @@ -418,7 +755,7 @@ client_ssl_profiles: description: - Specifies the secure renegotiation mode. returned: changed - type: str + type: string sample: require handshake_timeout: description: @@ -459,21 +796,21 @@ client_ssl_profiles: certification authority key when SSL forward proxy feature is enabled. returned: changed - type: str + type: string forward_proxy_ca_certificate_file: description: - Specifies the name of the certificate file that is used as the certification authority certificate when SSL forward proxy feature is enabled. returned: changed - type: str + type: string forward_proxy_ca_key_file: description: - Specifies the name of the key file that is used as the certification authority key when SSL forward proxy feature is enabled. returned: changed - type: str + type: string sample: hash/dictionary of values devices: description: Device related facts. @@ -484,13 +821,13 @@ devices: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/bigip02.internal name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: bigip02.internal active_modules: description: @@ -502,91 +839,91 @@ devices: description: - Media Access Control address (MAC address) of the device. returned: changed - type: str + type: string sample: "fa:16:3e:c3:42:6f" build: description: - The minor version information of the total product version. returned: changed - type: str + type: string sample: 0.0.1 chassis_id: description: - Serial number of the device. returned: changed - type: str + type: string sample: 11111111-2222-3333-444444444444 chassis_type: description: - Displays the chassis type. The possible values are C(individual) and C(viprion). returned: changed - type: str + type: string sample: individual comment: description: - User comments about the device. returned: changed - type: str + type: string sample: My device configsync_address: description: - IP address used for configuration synchronization. returned: changed - type: str + type: string sample: 10.10.10.10 contact: description: - Administrator contact information. returned: changed - type: str + type: string sample: The User description: description: - Description of the device. returned: changed - type: str + type: string sample: My device edition: description: - Displays the software edition. returned: changed - type: str + type: string sample: Point Release 7 failover_state: description: - Device failover state. returned: changed - type: str + type: string sample: active hostname: description: - Device hostname returned: changed - type: str + type: string sample: bigip02.internal location: description: - Specifies the physical location of the device. returned: changed - type: str + type: string sample: London management_address: description: - IP address of the management interface. returned: changed - type: str + type: string sample: 3.3.3.3 marketing_name: description: - Marketing name of the device platform. returned: changed - type: str + type: string sample: BIG-IP Virtual Edition multicast_address: description: - Specifies the multicast IP address used for failover. returned: changed - type: str + type: string sample: 4.4.4.4 optional_modules: description: @@ -598,25 +935,25 @@ devices: description: - Displays the device platform identifier. returned: changed - type: str + type: string sample: Z100 primary_mirror_address: description: - Specifies the IP address used for state mirroring. returned: changed - type: str + type: string sample: 5.5.5.5 product: description: - Displays the software product name. returned: changed - type: str + type: string sample: BIG-IP secondary_mirror_address: description: - Secondary IP address used for state mirroring. returned: changed - type: str + type: string sample: 2.2.2.2 self: description: @@ -628,7 +965,7 @@ devices: description: - Displays the software version number. returned: changed - type: str + type: string sample: 13.1.0.7 timelimited_modules: description: @@ -640,7 +977,7 @@ devices: description: - Displays the time zone configured on the device. returned: changed - type: str + type: string sample: UTC unicast_addresses: description: @@ -652,7 +989,7 @@ devices: description: - The IP address that peers can use to reach this unicast address IP. returned: changed - type: str + type: string sample: 5.4.3.5 effective_port: description: @@ -664,7 +1001,7 @@ devices: description: - The IP address that the failover daemon will listen on for packets from its peers. returned: changed - type: str + type: string sample: 5.4.3.5 port: description: @@ -682,13 +1019,13 @@ device_groups: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/fasthttp name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: fasthttp autosync_enabled: description: @@ -700,7 +1037,7 @@ device_groups: description: - Description of the device group. returned: changed - type: str + type: string sample: My device group devices: description: @@ -731,7 +1068,7 @@ device_groups: description: - Specifies the type of device group. returned: changed - type: str + type: string sample: sync-only asm_sync_enabled: description: @@ -749,41 +1086,41 @@ external_monitors: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/external name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: external parent: description: - Profile from which this profile inherits settings. returned: changed - type: str + type: string sample: external description: description: - Description of the resource. returned: changed - type: str + type: string sample: My monitor destination: description: - Specifies the IP address and service port of the resource that is the destination of this monitor. - type: str + type: string sample: "*:*" args: description: - Specifies any command-line arguments that the script requires. - type: str + type: string sample: arg1 arg2 arg3 external_program: description: - Specifies the name of the file for the monitor to use. - type: str + type: string sample: /Common/arg_example variables: description: @@ -831,13 +1168,13 @@ fasthttp_profiles: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/fasthttp name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: fasthttp client_close_timeout: description: @@ -890,13 +1227,13 @@ fasthttp_profiles: description: - Profile from which this profile inherits settings. returned: changed - type: str + type: string sample: fasthttp description: description: - Description of the resource. returned: changed - type: str + type: string sample: My profile force_http_1_0_response: description: @@ -910,7 +1247,7 @@ fasthttp_profiles: - A string that the system inserts as a header in an HTTP request. If the header exists already, the system does not replace it. returned: changed - type: str + type: string sample: "X-F5-Authentication: foo" http_1_1_close_workarounds: description: @@ -991,7 +1328,7 @@ fasthttp_profiles: - How the system handles closing connections. Values provided may be C(enabled), C(disabled), or C(fast). returned: changed - type: str + type: string sample: enabled sample: hash/dictionary of values fastl4_profiles: @@ -1003,13 +1340,13 @@ fastl4_profiles: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/fastl4 name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: fastl4 client_timeout: description: @@ -1026,13 +1363,13 @@ fastl4_profiles: description: - Profile from which this profile inherits settings. returned: changed - type: str + type: string sample: fastl4 description: description: - Description of the resource. returned: changed - type: str + type: string sample: My profile explicit_flow_migration: description: @@ -1069,7 +1406,7 @@ fastl4_profiles: - When C(set), sets the outgoing packet's IP Header DF bit. - When C(clear), clears the outgoing packet's IP Header DF bit. returned: changed - type: str + type: string sample: pmtu ip_tos_to_client: description: @@ -1077,7 +1414,7 @@ fastl4_profiles: - This option specifies the ToS level that the traffic management system assigns to IP packets when sending them to clients. returned: changed - type: str or int + type: string or int sample: 200 ip_tos_to_server: description: @@ -1085,7 +1422,7 @@ fastl4_profiles: - This option specifies the ToS level that the traffic management system assigns to IP packets when sending them to servers. returned: changed - type: str or int + type: string or int sample: pass-through ttl_mode: description: @@ -1099,7 +1436,7 @@ fastl4_profiles: - When C(set), sets the outgoing IP Header TTL value to a specific value(as specified by C(ttl_v4) or C(ttl_v6). returned: changed - type: str + type: string sample: preserve ttl_v4: description: @@ -1193,7 +1530,7 @@ fastl4_profiles: description: - Specifies the Packet Velocity(r) ASIC acceleration policy. returned: changed - type: str + type: string sample: full pva_dynamic_client_packets: description: @@ -1237,7 +1574,7 @@ fastl4_profiles: - When C(establish), implies TCP 3WAY handshaking or UDP CS round trip are confirmed. returned: changed - type: str + type: string sample: embryonic reassemble_fragments: description: @@ -1351,13 +1688,13 @@ fastl4_profiles: description: - Specifies how you want to handle the TCP timestamp. returned: changed - type: str + type: string sample: preserve tcp_window_scale_mode: description: - Specifies how you want to handle the TCP window scale. returned: changed - type: str + type: string sample: preserve timeout_recovery: description: @@ -1368,7 +1705,7 @@ fastl4_profiles: - When C(fallback), the normal FastL4 load-balancing methods are acceptable to pick a server. returned: changed - type: str + type: string sample: fallback sample: hash/dictionary of values gateway_icmp_monitors: @@ -1380,25 +1717,25 @@ gateway_icmp_monitors: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/gateway_icmp name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: gateway_icmp parent: description: - Profile from which this profile inherits settings. returned: changed - type: str + type: string sample: gateway_icmp description: description: - Description of the resource. returned: changed - type: str + type: string sample: My monitor adaptive: description: @@ -1409,7 +1746,7 @@ gateway_icmp_monitors: description: - Specifies whether the adaptive-divergence-value is C(relative) or C(absolute). - type: str + type: string sample: relative adaptive_divergence_value: description: @@ -1433,7 +1770,7 @@ gateway_icmp_monitors: description: - Specifies the IP address and service port of the resource that is the destination of this monitor. - type: str + type: string sample: "*:*" interval: description: @@ -1484,19 +1821,19 @@ gtm_pools: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/pool1 name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: pool1 alternate_mode: description: - The load balancing mode that the system uses to load balance name resolution requests among the members of the pool. - type: str + type: string sample: drop-packet dynamic_ratio: description: @@ -1517,12 +1854,12 @@ gtm_pools: - Specifies the load balancing mode that the system uses to load balance name resolution amongst the pool members if the preferred and alternate modes are unsuccessful in picking a pool. - type: str + type: string load_balancing_mode: description: - Specifies the preferred load balancing mode that the system uses to load balance requests across pool members. - type: str + type: string manual_resume: description: - Whether manual resume is enabled for this pool @@ -1604,18 +1941,18 @@ gtm_servers: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/server1 name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: server1 datacenter: description: - Full name of the datacenter this server belongs to. - type: str + type: string enabled: description: - Whether the server is enabled. @@ -1686,7 +2023,7 @@ gtm_servers: link_discovery: description: - Specifies whether the system auto-discovers the links for this server. - type: str + type: string monitors: description: - Specifies health monitors that the system uses to determine whether this @@ -1698,7 +2035,7 @@ gtm_servers: description: - Whether one or monitors need to pass, or all monitors need to pass. returned: changed - type: str + type: string sample: and_list product: description: @@ -1713,7 +2050,7 @@ gtm_servers: virtual_server_discovery: description: - Whether the system auto-discovers the virtual servers for this server. - type: str + type: string addresses: description: - Specifies the server IP addresses for the server. @@ -1739,13 +2076,13 @@ gtm_wide_ips: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/wide1 name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: wide1 description: description: @@ -1806,25 +2143,25 @@ http_monitors: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/http name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: http parent: description: - Profile from which this profile inherits settings. returned: changed - type: str + type: string sample: http description: description: - Description of the resource. returned: changed - type: str + type: string sample: My monitor adaptive: description: @@ -1835,7 +2172,7 @@ http_monitors: description: - Specifies whether the adaptive-divergence-value is C(relative) or C(absolute). - type: str + type: string sample: relative adaptive_divergence_value: description: @@ -1859,7 +2196,7 @@ http_monitors: description: - Specifies the IP address and service port of the resource that is the destination of this monitor. - type: str + type: string sample: "*:*" interval: description: @@ -1883,14 +2220,14 @@ http_monitors: description: - Specifies the text string that the monitor looks for in the returned resource. - type: str + type: string sample: check string receive_disable_string: description: - Specifies a text string that the monitor looks for in the returned resource. If the text string is matched in the returned resource, the corresponding node or pool member is marked session disabled. - type: str + type: string sample: check disable string reverse: description: @@ -1903,7 +2240,7 @@ http_monitors: description: - Specifies the text string that the monitor sends to the target object. - type: str + type: string sample: "GET /\\r\\n" time_until_up: description: @@ -1932,7 +2269,7 @@ http_monitors: description: - Specifies the username, if the monitored target requires authentication. - type: str + type: string sample: user1 sample: hash/dictionary of values https_monitors: @@ -1944,25 +2281,25 @@ https_monitors: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/http name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: http parent: description: - Profile from which this profile inherits settings. returned: changed - type: str + type: string sample: http description: description: - Description of the resource. returned: changed - type: str + type: string sample: My monitor adaptive: description: @@ -1973,7 +2310,7 @@ https_monitors: description: - Specifies whether the adaptive-divergence-value is C(relative) or C(absolute). - type: str + type: string sample: relative adaptive_divergence_value: description: @@ -1997,7 +2334,7 @@ https_monitors: description: - Specifies the IP address and service port of the resource that is the destination of this monitor. - type: str + type: string sample: "*:*" interval: description: @@ -2021,14 +2358,14 @@ https_monitors: description: - Specifies the text string that the monitor looks for in the returned resource. - type: str + type: string sample: check string receive_disable_string: description: - Specifies a text string that the monitor looks for in the returned resource. If the text string is matched in the returned resource, the corresponding node or pool member is marked session disabled. - type: str + type: string sample: check disable string reverse: description: @@ -2041,12 +2378,12 @@ https_monitors: description: - Specifies the text string that the monitor sends to the target object. - type: str + type: string sample: "GET /\\r\\n" ssl_profile: description: - Specifies the SSL profile to use for the HTTPS monitor. - type: str + type: string sample: /Common/serverssl time_until_up: description: @@ -2075,7 +2412,7 @@ https_monitors: description: - Specifies the username, if the monitored target requires authentication. - type: str + type: string sample: user1 sample: hash/dictionary of values http_profiles: @@ -2087,25 +2424,25 @@ http_profiles: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/http name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: http parent: description: - Profile from which this profile inherits settings. returned: changed - type: str + type: string sample: http description: description: - Description of the resource. returned: changed - type: str + type: string sample: My profile accept_xff: description: @@ -2130,7 +2467,7 @@ http_profiles: exceeded by the client. - When C(reject), rejects the connection. returned: changed - type: str + type: string sample: reject excess_server_headers: description: @@ -2138,7 +2475,7 @@ http_profiles: exceeded by the server. - When C(reject), rejects the connection. returned: changed - type: str + type: string sample: reject known_methods: description: @@ -2175,33 +2512,33 @@ http_profiles: - Specifies the pass-through behavior when the C(max_header_size) value is exceeded by the client. returned: changed - type: str + type: string sample: reject oversize_server_headers: description: - Specifies the pass-through behavior when the C(max_header_size) value is exceeded by the server. returned: changed - type: str + type: string sample: reject pipeline_action: description: - Enables or disables HTTP/1.1 pipelining. returned: changed - type: str + type: string sample: allow unknown_method: description: - Specifies the behavior (allow, reject, or pass through) when an unknown HTTP method is parsed. returned: changed - type: str + type: string sample: allow default_connect_handling: description: - Specifies the behavior of the proxy service when handling outbound requests. returned: changed - type: str + type: string sample: deny hsts_include_subdomains: description: @@ -2240,32 +2577,32 @@ http_profiles: description: - Specifies the proxy mode for this profile. Either reverse, explicit, or transparent. returned: changed - type: str + type: string sample: reverse redirect_rewrite: description: - Specifies whether the system rewrites the URIs that are part of HTTP redirect (3XX) responses returned: changed - type: str + type: string sample: none request_chunking: description: - Specifies how the system handles HTTP content that is chunked by a client. returned: changed - type: str + type: string sample: preserve response_chunking: description: - Specifies how the system handles HTTP content that is chunked by a server. returned: changed - type: str + type: string sample: selective server_agent_name: description: - Specifies the string used as the server name in traffic generated by LTM. returned: changed - type: str + type: string sample: BigIP sflow_poll_interval: description: @@ -2284,14 +2621,14 @@ http_profiles: - Specifies whether to Remove, Preserve, or Append Via headers included in a client request to an origin web server. returned: changed - type: str + type: string sample: preserve via_response: description: - Specifies whether to Remove, Preserve, or Append Via headers included in an origin web server response to a client. returned: changed - type: str + type: string sample: preserve sample: hash/dictionary of values iapp_services: @@ -2303,19 +2640,19 @@ iapp_services: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/service1 name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: service1 device_group: description: - The device group the iApp service is part of. returned: changed - type: str + type: string sample: /Common/dg1 inherited_device_group: description: @@ -2346,7 +2683,7 @@ iapp_services: description: - Traffic group the service is a part of. returned: changed - type: str + type: string sample: /Common/tg tables: description: @@ -2376,7 +2713,7 @@ iapp_services: description: - Description of the service returned: changed - type: str + type: string sample: My service sample: hash/dictionary of values icmp_monitors: @@ -2388,25 +2725,25 @@ icmp_monitors: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/icmp name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: icmp parent: description: - Profile from which this profile inherits settings. returned: changed - type: str + type: string sample: icmp description: description: - Description of the resource. returned: changed - type: str + type: string sample: My monitor adaptive: description: @@ -2417,7 +2754,7 @@ icmp_monitors: description: - Specifies whether the adaptive-divergence-value is C(relative) or C(absolute). - type: str + type: string sample: relative adaptive_divergence_value: description: @@ -2441,7 +2778,7 @@ icmp_monitors: description: - Specifies the IP address and service port of the resource that is the destination of this monitor. - type: str + type: string sample: "*:*" interval: description: @@ -2489,45 +2826,45 @@ interfaces: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/irul1 name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: irule1 active_media_type: description: - Displays the current media setting for the interface. returned: changed - type: str + type: string sample: 100TX-FD flow_control: description: - Specifies how the system controls the sending of PAUSE frames for flow control. returned: changed - type: str + type: string sample: tx-rx description: description: - Description of the interface returned: changed - type: str + type: string sample: My interface bundle: description: - The bundle capability on the port. returned: changed - type: str + type: string sample: not-supported bundle_speed: description: - The bundle-speed on the port when bundle capability is enabled. returned: changed - type: str + type: string sample: 100G enabled: description: @@ -2546,20 +2883,20 @@ interfaces: - Displays the 6-byte ethernet address in non-case-sensitive hexadecimal colon notation. returned: changed - type: str + type: string sample: "00:0b:09:88:00:9a" media_sfp: description: - The settings for an SFP (pluggable) interface. returned: changed - type: str + type: string sample: auto lldp_admin: description: - Sets the sending or receiving of LLDP packets on that interface. Should be one of C(disable), C(txonly), C(rxonly) or C(txrx). returned: changed - type: str + type: string sample: txonly mtu: description: @@ -2574,7 +2911,7 @@ interfaces: - Indicates which side of a combo port the interface uses, if both sides of the port have the potential for external links. returned: changed - type: str + type: string sample: sfp sflow_poll_interval: description: @@ -2606,7 +2943,7 @@ interfaces: description: - Specifies the STP link type for the interface. returned: changed - type: str + type: string sample: auto sample: hash/dictionary of values irules: @@ -2618,13 +2955,13 @@ irules: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/irul1 name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: irule1 ignore_verification: description: @@ -2636,19 +2973,19 @@ irules: description: - Checksum of the iRule as calculated by BIG-IP. returned: changed - type: str + type: string sample: d41d8cd98f00b204e9800998ecf8427e definition: description: - The actual definition of the iRule. returned: changed - type: str + type: string sample: when HTTP_REQUEST ... signature: description: - The calculated signature of the iRule. returned: changed - type: str + type: string sample: WsYy2M6xMqvosIKIEH/FSsvhtWMe6xKOA6i7f... sample: hash/dictionary of values ltm_pools: @@ -2708,7 +3045,7 @@ ltm_pools: description: - The availability of the pool. returned: changed - type: str + type: string sample: offline allow_nat: description: @@ -2728,7 +3065,7 @@ ltm_pools: based on the targeted pool. - Values can range from C(0) to C(255), or be set to C(pass-through) or C(mimic). returned: changed - type: str + type: string sample: pass-through client_link_qos: description: @@ -2736,7 +3073,7 @@ ltm_pools: based on the targeted pool. - Values can range from C(0) to C(7), or be set to C(pass-through). returned: changed - type: str + type: string sample: pass-through current_sessions: descriptions: @@ -2748,19 +3085,19 @@ ltm_pools: description: - Description of the pool. returned: changed - type: str + type: string sample: my pool enabled_status: description: - The enabled-ness of the pool. returned: changed - type: str + type: string sample: enabled full_path: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/pool1 ignore_persisted_weight: description: @@ -2772,7 +3109,7 @@ ltm_pools: description: - Load balancing method used by the pool. returned: changed - type: str + type: string sample: round-robin member_count: description: @@ -2804,7 +3141,7 @@ ltm_pools: - The action to take if the C(minimum_up_members_checking) is enabled and the number of active pool members falls below the number specified in C(minimum_up_members). returned: changed - type: str + type: string sample: failover minimum_up_members_checking: description: @@ -2816,7 +3153,7 @@ ltm_pools: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: pool1 pool_avg_queue_entry_age: description: @@ -2886,7 +3223,7 @@ ltm_pools: can be considered a generalization of all available sessions, instead of the specific value of the session. returned: changed - type: str + type: string sample: monitor-enabled real_state: description: @@ -2895,7 +3232,7 @@ ltm_pools: can be considered a generalization of all available states, instead of the specific value of the state. returned: changed - type: str + type: string sample: up reselect_tries: description: @@ -2907,19 +3244,19 @@ ltm_pools: description: - The Type of Service (ToS) level to use when sending packets to a server. returned: changed - type: str + type: string sample: pass-through server_link_qos: description: - The Quality of Service (QoS) level to use when sending packets to a server. returned: changed - type: str + type: string sample: pass-through service_down_action: description: - The action to take if the service specified in the pool is marked down. returned: changed - type: str + type: string sample: none server_side_bits_in: description: @@ -2975,7 +3312,7 @@ ltm_pools: description: - If there is a problem with the status of the pool, that problem is reported here. returned: changed - type: str + type: string sample: The children pool member(s) are down. members: description: List of LTM (Local Traffic Manager) pools. @@ -2985,7 +3322,7 @@ ltm_pools: address: description: IP address of the pool member. returned: changed - type: str + type: string sample: 1.1.1.1 connection_limit: description: The maximum number of concurrent connections allowed for a pool member. @@ -2995,7 +3332,7 @@ ltm_pools: description: description: The description of the pool member. returned: changed - type: str + type: string sample: pool member 1 dynamic_ratio: description: @@ -3020,7 +3357,7 @@ ltm_pools: - Full name of the resource as known to BIG-IP. - Includes the port in the name returned: changed - type: str + type: string sample: "/Common/member:80" inherit_profile: description: @@ -3044,13 +3381,13 @@ ltm_pools: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: "member:80" partition: description: - Partition that the member exists on. returned: changed - type: str + type: string sample: Common priority_group: description: @@ -3062,7 +3399,7 @@ ltm_pools: description: - The encapsulation profile to use for the pool member. returned: changed - type: str + type: string sample: ip4ip4 rate_limit: description: @@ -3080,13 +3417,13 @@ ltm_pools: description: - Enables or disables the pool member for new sessions. returned: changed - type: str + type: string sample: monitor-enabled state: description: - Controls the state of the pool member, overriding any monitors. returned: changed - type: str + type: string sample: down total_requests: description: @@ -3104,13 +3441,13 @@ nodes: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/5.6.7.8 name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: 5.6.7.8 ratio: description: @@ -3122,7 +3459,7 @@ nodes: description: - Description of the node. returned: changed - type: str + type: string sample: My node connection_limit: description: @@ -3134,7 +3471,7 @@ nodes: description: - IP address of the node. returned: changed - type: str + type: string sample: 2.3.4.5 dynamic_ratio: description: @@ -3153,37 +3490,37 @@ nodes: - Status of the node as reported by the monitor(s) associated with it. - This value is also used in determining node C(state). returned: changed - type: str + type: string sample: down session_status: description: - This value is also used in determining node C(state). returned: changed - type: str + type: string sample: enabled availability_status: description: - The availability of the node. returned: changed - type: str + type: string sample: offline enabled_status: description: - The enabled-ness of the node. returned: changed - type: str + type: string sample: enabled status_reason: description: - If there is a problem with the status of the node, that problem is reported here. returned: changed - type: str + type: string sample: /Common/https_443 No successful responses received... monitor_rule: description: - A string representation of the full monitor rule. returned: changed - type: str + type: string sample: /Common/https_443 and /Common/icmp monitors: description: @@ -3196,7 +3533,7 @@ nodes: - The C(monitor_type) field related to the C(bigip_node) module, for this nodes monitors. returned: changed - type: str + type: string sample: and_list sample: hash/dictionary of values oneconnect_profiles: @@ -3208,25 +3545,25 @@ oneconnect_profiles: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/oneconnect name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: oneconnect parent: description: - Profile from which this profile inherits settings. returned: changed - type: str + type: string sample: oneconnect description: description: - Description of the resource. returned: changed - type: str + type: string sample: My profile idle_timeout_override: description: @@ -3246,7 +3583,7 @@ oneconnect_profiles: connections from being made until they expire, even if they could otherwise be reused. returned: changed - type: str + type: string sample: idle max_age: description: @@ -3283,7 +3620,7 @@ oneconnect_profiles: - Specifies a source IP mask. - If no mask is provided, the value C(any6) is used. returned: changed - type: str + type: string sample: 255.255.255.0 sample: hash/dictionary of values partitions: @@ -3295,19 +3632,19 @@ partitions: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: Common name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: Common description: description: - Description of the partition. returned: changed - type: str + type: string sample: Tenant 1 default_route_domain: description: @@ -3326,13 +3663,13 @@ provision_info: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: asm name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: asm cpu_ratio: description: @@ -3376,25 +3713,25 @@ self_ips: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/self1 name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: self1 description: description: - Description of the Self-IP. returned: changed - type: str + type: string sample: My self-ip netmask: description: - Netmask portion of the IP address. In dotted notation. returned: changed - type: str + type: string sample: 255.255.255.0 netmask_cidr: description: @@ -3412,19 +3749,19 @@ self_ips: description: - Traffic group the Self-IP is associated with. returned: changed - type: str + type: string sample: /Common/traffic-group-local-only service_policy: description: - Service policy assigned to the Self-IP. returned: changed - type: str + type: string sample: /Common/service1 vlan: description: - VLAN associated with the Self-IP. returned: changed - type: str + type: string sample: /Common/vlan1 allow_access_list: description: @@ -3451,32 +3788,32 @@ server_ssl_profiles: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: serverssl name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: serverssl description: description: - Description of the resource. returned: changed - type: str + type: string sample: My profile parent: description: - Profile from which this profile inherits settings. returned: changed - type: str + type: string sample: serverssl alert_timeout: description: - Maximum time period in seconds to keep the SSL session active after alert message is sent, or indefinite. returned: changed - type: str + type: string sample: 100 allow_expired_crl: description: @@ -3488,7 +3825,7 @@ server_ssl_profiles: description: - Specifies the frequency of authentication. returned: changed - type: str + type: string sample: once authenticate_depth: description: @@ -3501,7 +3838,7 @@ server_ssl_profiles: - Common Name (CN) that is embedded in a server certificate. - The system authenticates a server based on the specified CN. returned: changed - type: str + type: string sample: foo bypass_on_client_cert_fail: description: @@ -3521,14 +3858,14 @@ server_ssl_profiles: - Name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled. - type: str + type: string sample: /Common/cacert.crt c3d_ca_key: description: - Name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. - type: str + type: string sample: /Common/default.key c3d_cert_extension_includes: description: @@ -3546,7 +3883,7 @@ server_ssl_profiles: ca_file: description: - Certificate authority file name. - type: str + type: string sample: default.crt cache_size: description: @@ -3564,49 +3901,49 @@ server_ssl_profiles: - The name of the certificate installed on the traffic management system for the purpose of terminating or initiating an SSL connection. - type: str + type: string sample: /Common/default.crt chain: description: - Specifies or builds a certificate chain file that a client can use to authenticate the profile. - type: str + type: string sample: /Common/default.crt cipher_group: description: - Specifies a cipher group. - type: str + type: string ciphers: description: - Specifies a cipher name - type: str + type: string sample: DEFAULT crl_file: description: - Specifies the certificate revocation list file name. - type: str + type: string expire_cert_response_control: description: - Specifies the BIGIP action when the server certificate has expired. - type: str + type: string sample: drop handshake_timeout: description: - Specifies the handshake timeout in seconds. - type: str + type: string sample: 10 key: description: - Specifies the key file name. Specifies the name of the key installed on the traffic management system for the purpose of terminating or initiating an SSL connection. - type: str + type: string sample: /Common/default.key max_active_handshakes: description: - Specifies the maximum number allowed SSL active handshakes. - type: str + type: string sample: 100 mod_ssl_methods: description: @@ -3622,7 +3959,7 @@ server_ssl_profiles: description: - Specifies the name of ocsp profile for purpose of validating status of server certificate. - type: str + type: string options: description: - Enables options, including some industry-related workarounds. @@ -3631,7 +3968,7 @@ server_ssl_profiles: peer_cert_mode: description: - Specifies the peer certificate mode. - type: str + type: string sample: ignore proxy_ssl: description: @@ -3650,12 +3987,12 @@ server_ssl_profiles: description: - Number of seconds from the initial connect time after which the system renegotiates an SSL session. - type: str + type: string sample: indefinite renegotiate_size: description: - Specifies a throughput size, in megabytes, of SSL renegotiation. - type: str + type: string sample: indefinite renegotiation: description: @@ -3676,13 +4013,13 @@ server_ssl_profiles: secure_renegotiation: description: - Specifies the secure renegotiation mode. - type: str + type: string sample: require server_name: description: - Server name to be included in SNI (server name indication) extension during SSL handshake in ClientHello. - type: str + type: string session_mirroring: description: - Enables or disables the mirroring of sessions to high availability @@ -3723,7 +4060,7 @@ server_ssl_profiles: - Specifies SSL sign hash algorithm which is used to sign and verify SSL Server Key Exchange and Certificate Verify messages for the specified SSL profiles. - type: str + type: string sample: sha1 ssl_forward_proxy_bypass: description: @@ -3748,7 +4085,7 @@ server_ssl_profiles: description: - Specifies the BIGIP action when the server certificate has untrusted CA. - type: str + type: string sample: drop sample: hash/dictionary of values software_hotfixes: @@ -3760,20 +4097,20 @@ software_hotfixes: description: - Name of the image. returned: changed - type: str + type: string sample: Hotfix-BIGIP-13.0.0.3.0.1679-HF3.iso full_path: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: Hotfix-BIGIP-13.0.0.3.0.1679-HF3.iso build: description: - Build number of the image. - This is usually a sub-string of the C(name). returned: changed - type: str + type: string sample: 3.0.1679 checksum: description: @@ -3781,26 +4118,26 @@ software_hotfixes: - Note that this is the checksum that is stored inside the ISO. It is not the actual checksum of the ISO. returned: changed - type: str + type: string sample: df1ec715d2089d0fa54c0c4284656a98 product: description: - Product contained in the ISO. returned: changed - type: str + type: string sample: BIG-IP id: description: - ID component of the image. - This is usually a sub-string of the C(name). returned: changed - type: str + type: string sample: HF3 title: description: - Human friendly name of the image. returned: changed - type: str + type: string sample: Hotfix Version 3.0.1679 verified: description: @@ -3813,7 +4150,7 @@ software_hotfixes: - Version of software contained in the image. - This is a sub-string of the C(name). returned: changed - type: str + type: string sample: 13.0.0 sample: hash/dictionary of values software_images: @@ -3825,26 +4162,26 @@ software_images: description: - Name of the image. returned: changed - type: str + type: string sample: BIGIP-13.1.0.7-0.0.1.iso full_path: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: BIGIP-13.1.0.7-0.0.1.iso build: description: - Build number of the image. - This is usually a sub-string of the C(name). returned: changed - type: str + type: string sample: 0.0.1 build_date: description: - Date of the build. returned: changed - type: str + type: string sample: "2018-05-05T15:26:30" checksum: description: @@ -3852,7 +4189,7 @@ software_images: - Note that this is the checksum that is stored inside the ISO. It is not the actual checksum of the ISO. returned: changed - type: str + type: string sample: df1ec715d2089d0fa54c0c4284656a98 file_size: description: @@ -3864,13 +4201,13 @@ software_images: description: - Last modified date of the ISO. returned: changed - type: str + type: string sample: "2018-05-05T15:26:30" product: description: - Product contained in the ISO. returned: changed - type: str + type: string sample: BIG-IP verified: description: @@ -3883,7 +4220,7 @@ software_images: - Version of software contained in the image. - This is a sub-string of the C(name). returned: changed - type: str + type: string sample: 13.1.0.7 sample: hash/dictionary of values software_volumes: @@ -3904,19 +4241,19 @@ software_volumes: - When a hotfix is installed, this refers to the base version of software that the hotfix requires. returned: changed - type: str + type: string sample: 0.0.6 build: description: - Build version of the software installed in the volume. returned: changed - type: str + type: string sample: 0.0.6 full_path: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: HD1.1 default_boot_location: description: @@ -3929,27 +4266,27 @@ software_volumes: - Relative name of the resource in BIG-IP. - This usually matches the C(full_name). returned: changed - type: str + type: string sample: HD1.1 product: description: - The F5 product installed in this slot. - This should always be BIG-IP. returned: changed - type: str + type: string sample: BIG-IP status: description: - Status of the software installed, or being installed, in the volume. - When C(complete), indicates that the software has completed installing. returned: changed - type: str + type: string sample: complete version: description: - Version of software installed in the volume, excluding the C(build) number. returned: changed - type: str + type: string sample: 13.1.0.4 sample: hash/dictionary of values ssl_certs: @@ -3961,19 +4298,19 @@ ssl_certs: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/cert1 name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: cert1 key_type: description: - Specifies the type of cryptographic key associated with this certificate. returned: changed - type: str + type: string sample: rsa-private key_size: description: @@ -3985,32 +4322,32 @@ ssl_certs: description: - Path on the BIG-IP where the cert can be found. returned: changed - type: str + type: string sample: /config/ssl/ssl.crt/f5-irule.crt sha1_checksum: description: - SHA1 checksum of the certificate. returned: changed - type: str + type: string sample: 1306e84e1e6a2da53816cefe1f684b80d6be1e3e subject: description: - Specifies X509 information of the certificate's subject. returned: changed - type: str + type: string sample: "emailAddress=support@f5.com,CN=..." last_update_time: description: - Specifies the last time at which the file-object was updated/modified. returned: changed - type: str + type: string sample: "2018-05-15T21:11:15Z" issuer: description: - Specifies X509 information of the certificate's issuer. returned: changed - type: str + type: string sample: "emailAddress=support@f5.com,...CN=support.f5.com," is_bundle: description: @@ -4023,14 +4360,14 @@ ssl_certs: description: - Displays the SHA-256 fingerprint of the certificate. returned: changed - type: str + type: string sample: "SHA256/88:A3:05:...:59:01:EA:5D:B0" expiration_date: description: - Specifies a string representation of the expiration date of the certificate. returned: changed - type: str + type: string sample: "Aug 13 21:21:29 2031 GMT" expiration_timestamp: description: @@ -4043,7 +4380,7 @@ ssl_certs: description: - Specifies the time at which the file-object was created. returned: changed - type: str + type: string sample: "2018-05-15T21:11:15Z" sample: hash/dictionary of values ssl_keys: @@ -4055,20 +4392,20 @@ ssl_keys: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/key1 name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: key1 key_type: description: - Specifies the cryptographic type of the key in question. That is, which algorithm this key is compatible with. returned: changed - type: str + type: string sample: rsa-private key_size: description: @@ -4081,19 +4418,19 @@ ssl_keys: description: - Specifies the type of security used to handle or store the key. returned: changed - type: str + type: string sample: normal system_path: description: - The path on the filesystem where the key is stored. returned: changed - type: str + type: string sample: /config/ssl/ssl.key/default.key sha1_checksum: description: - The SHA1 checksum of the key. returned: changed - type: str + type: string sample: 1fcf7de3dd8e834d613099d8e10b2060cd9ecc9f sample: hash/dictionary of values system_db: @@ -4105,37 +4442,37 @@ system_db: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: vendor.wwwurl name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: vendor.wwwurl default: description: - Default value of the key. returned: changed - type: str + type: string sample: www.f5.com scf_config: description: - Whether the database key would be found in an SCF config or not. returned: changed - type: str + type: string sample: false value: description: - The value of the key returned: changed - type: str + type: string sample: www.f5.com value_range: description: - The accepted range of values for the key returned: changed - type: str + type: string sample: string sample: hash/dictionary of values system_info: @@ -4147,13 +4484,13 @@ system_info: description: - Media Access Control address (MAC address) of the device. returned: changed - type: str + type: string sample: "fa:16:3e:c3:42:6f" marketing_name: description: - Marketing name of the device platform. returned: changed - type: str + type: string sample: BIG-IP Virtual Edition time: description: @@ -4206,17 +4543,17 @@ system_info: model: description: - The model of the hardware. - type: str + type: string sample: Virtual Disk name: description: - The name of the hardware. - type: str + type: string sample: HD1 type: description: - The type of hardware. - type: str + type: string sample: physical-disk versions: description: @@ -4226,38 +4563,38 @@ system_info: name: description: - Name of the property - type: str + type: string sample: Size version: description: - Value of the property - type: str + type: string sample: 154.00G package_edition: description: - Displays the software edition. returned: changed - type: str + type: string sample: Point Release 7 package_version: description: - A string combining the C(product_build) and C(product_build_date). - type: str + type: string sample: "Build 0.0.1 - Tue May 15 15:26:30 PDT 2018" product_code: description: - Code identifying the product. - type: str + type: string sample: BIG-IP product_build: description: - Build version of the release version. - type: str + type: string sample: 0.0.1 product_version: description: - Major product version of the running software. - type: str + type: string sample: 13.1.0.7 product_built: description: @@ -4267,7 +4604,7 @@ system_info: product_build_date: description: - Human readable build date. - type: str + type: string sample: "Tue May 15 15:26:30 PDT 2018" product_changelist: description: @@ -4282,29 +4619,29 @@ system_info: chassis_serial: description: - Serial of the chassis - type: str + type: string sample: 11111111-2222-3333-444444444444 host_board_part_revision: description: - Revision of the host board. - type: str + type: string host_board_serial: description: - Serial of the host board. - type: str + type: string platform: description: - Platform identifier. - type: str + type: string sample: Z100 switch_board_part_revision: description: - Switch board revision. - type: str + type: string switch_board_serial: description: - Serial of the switch board. - type: str + type: string uptime: description: - Time, in seconds, since the system booted. @@ -4320,25 +4657,25 @@ tcp_monitors: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/tcp name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: tcp parent: description: - Profile from which this profile inherits settings. returned: changed - type: str + type: string sample: tcp description: description: - Description of the resource. returned: changed - type: str + type: string sample: My monitor adaptive: description: @@ -4349,7 +4686,7 @@ tcp_monitors: description: - Specifies whether the adaptive-divergence-value is C(relative) or C(absolute). - type: str + type: string sample: relative adaptive_divergence_value: description: @@ -4373,7 +4710,7 @@ tcp_monitors: description: - Specifies the IP address and service port of the resource that is the destination of this monitor. - type: str + type: string sample: "*:*" interval: description: @@ -4433,31 +4770,31 @@ tcp_half_open_monitors: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/tcp name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: tcp parent: description: - Profile from which this profile inherits settings. returned: changed - type: str + type: string sample: tcp description: description: - Description of the resource. returned: changed - type: str + type: string sample: My monitor destination: description: - Specifies the IP address and service port of the resource that is the destination of this monitor. - type: str + type: string sample: "*:*" interval: description: @@ -4505,25 +4842,25 @@ tcp_profiles: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: tcp name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: /Common/tcp parent: description: - Profile from which this profile inherits settings. returned: changed - type: str + type: string sample: tcp description: description: - Description of the resource. returned: changed - type: str + type: string sample: My profile abc: description: @@ -4566,7 +4903,7 @@ tcp_profiles: after entering the LAST-ACK state. - When C(indefinite), specifies that TCP connections in the LAST-ACK state do not close until they meet the maximum retransmissions timeout. - type: str + type: string sample: indefinite congestion_metrics_cache: description: @@ -4589,7 +4926,7 @@ tcp_profiles: - Return values may include, C(high-speed), C(cdg), C(chd), C(none), C(cubic), C(illinois), C(new-reno), C(reno), C(scalable), C(vegas), C(westwood), and C(woodside). - type: str + type: string sample: high-speed deferred_accept: description: @@ -4655,19 +4992,19 @@ tcp_profiles: description: - Specifies the length of time that a TCP connection is in the FIN-WAIT-1 or CLOSING state before quitting. - type: str + type: string sample: indefinite fin_wait_2: description: - Specifies the length of time that a TCP connection is in the FIN-WAIT-2 state before quitting. - type: str + type: string sample: 100 idle_timeout: description: - Specifies the length of time that a connection is idle (has no traffic) before the connection is eligible for deletion. - type: str + type: string sample: 300 initial_congestion_window_size: description: @@ -4683,18 +5020,18 @@ tcp_profiles: description: - Specifies the Don't Fragment (DF) bit setting in the IP Header of the outgoing TCP packet. - type: str + type: string sample: pmtu ip_tos: description: - Specifies the L3 Type of Service (ToS) level that the system inserts in TCP packets destined for clients. - type: str + type: string sample: mimic time_to_live: description: - Specifies the outgoing TCP packet's IP Header TTL mode. - type: str + type: string sample: proxy time_to_live_v4: description: @@ -4710,7 +5047,7 @@ tcp_profiles: description: - Specifies how frequently the system sends data over an idle TCP connection, to determine whether the connection is still valid. - type: str + type: string sample: 50 limited_transmit_recovery: description: @@ -4723,7 +5060,7 @@ tcp_profiles: description: - Specifies the L2 Quality of Service (QoS) level that the system inserts in TCP packets destined for clients. - type: str + type: string sample: 200 max_segment_retrans: description: @@ -4777,7 +5114,7 @@ tcp_profiles: description: - Specifies an action on fallback, that is, when MPTCP transitions to regular TCP, because something prevents MPTCP from working correctly. - type: str + type: string sample: reset mptcp_fast_join: description: @@ -4881,7 +5218,7 @@ tcp_profiles: push_flag: description: - Specifies how the BIG-IP system receives ACKs. - type: str + type: string sample: default rate_pace: description: @@ -4974,7 +5311,7 @@ tcp_profiles: description: - Specifies the length of time that a TCP connection remains in the TIME-WAIT state before entering the CLOSED state. - type: str + type: string sample: 2000 timestamps: description: @@ -4992,7 +5329,7 @@ tcp_profiles: description: - Specifies the timeout in milliseconds for terminating a connection with an effective zero length TCP transmit window. - type: str + type: string sample: 2000 sample: hash/dictionary of values traffic_groups: @@ -5004,19 +5341,19 @@ traffic_groups: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/tg1 name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: tg1 description: description: - Description of the traffic group. returned: changed - type: str + type: string sample: My traffic group auto_failback_enabled: description: @@ -5057,7 +5394,7 @@ traffic_groups: description: - Specifies a MAC address for the traffic group. returned: changed - type: str + type: string sample: "00:98:76:54:32:10" sample: hash/dictionary of values trunks: @@ -5069,19 +5406,19 @@ trunks: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/trunk1 name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: trunk1 description: description: - Description of the Trunk. returned: changed - type: str + type: string sample: My trunk media_speed: description: @@ -5093,7 +5430,7 @@ trunks: description: - The operation mode for LACP. returned: changed - type: str + type: string sample: passive lacp_enabled: description: @@ -5124,7 +5461,7 @@ trunks: - The LACP policy that the trunk uses to determine which member link can handle new traffic. returned: changed - type: str + type: string sample: maximum-bandwidth lacp_timeout: description: @@ -5144,7 +5481,7 @@ trunks: - The system uses this hash to determine which interface to use for forwarding traffic. returned: changed - type: str + type: string sample: src-dst-ipport configured_member_count: description: @@ -5162,25 +5499,25 @@ udp_profiles: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: udp name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: /Common/udp parent: description: - Profile from which this profile inherits settings. returned: changed - type: str + type: string sample: udp description: description: - Description of the resource. returned: changed - type: str + type: string sample: My profile allow_no_payload: description: @@ -5226,7 +5563,7 @@ udp_profiles: - When C(set), sets the outgoing UDP packet DF bit. - When C(clear), clears the outgoing UDP packet DF bit. returned: changed - type: str + type: string sample: pmtu ip_tos_to_client: description: @@ -5234,7 +5571,7 @@ udp_profiles: system assigns to UDP packets when sending them to clients. - May be numeric, or the values C(pass-through) or C(mimic). returned: changed - type: str + type: string sample: mimic ip_ttl_mode: description: @@ -5247,7 +5584,7 @@ udp_profiles: - When C(set), set the IP TTL with the specified values in C(ip_ttl_v4) and C(ip_ttl_v6) values in the same profile. returned: changed - type: str + type: string sample: proxy ip_ttl_v4: description: @@ -5267,7 +5604,7 @@ udp_profiles: UDP packets when sending them to clients. - May be either numberic, or the value C(pass-through). returned: changed - type: str + type: string sample: pass-through no_checksum: description: @@ -5294,13 +5631,13 @@ vcmp_guests: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: guest1 name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: guest1 allowed_slots: description: @@ -5330,37 +5667,37 @@ vcmp_guests: description: - FQDN assigned to the guest. returned: changed - type: str + type: string sample: guest1.localdomain hotfix_image: description: - hotfix image to install onto any of this guest's newly created virtual disks. returned: changed - type: str + type: string sample: Hotfix-BIGIP-12.1.3.4-0.0.2-hf1.iso initial_image: description: - Software image to install onto any of this guest's newly created virtual disks. returned: changed - type: str + type: string sample: BIGIP-12.1.3.4-0.0.2.iso mgmt_route: description: - Management gateway IP address for the guest. returned: changed - type: str + type: string sample: 2.2.2.1 mgmt_address: description: - Management IP address configuration for the guest. returned: changed - type: str + type: string sample: 2.3.2.3 mgmt_network: description: - Accessibility of this vCMP guest's management network. returned: changed - type: str + type: string sample: bridged min_number_of_slots: description: @@ -5379,7 +5716,7 @@ vcmp_guests: description: - The SSL hardware allocation mode for the guest. returned: changed - type: str + type: string sample: shared state: description: @@ -5387,13 +5724,13 @@ vcmp_guests: - May be one of C(configured), C(provisioned), or C(deployed). - Each state implies the actions of all states before it. returned: changed - type: str + type: string sample: provisioned virtual_disk: description: - The filename of the virtual disk to use for this guest. returned: changed - type: str + type: string sample: guest1.img sample: hash/dictionary of values virtual_addresses: @@ -5405,19 +5742,19 @@ virtual_addresses: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/2.3.4.5 name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: 2.3.4.5 address: description: - The virtual IP address. returned: changed - type: str + type: string sample: 2.3.4.5 arp_enabled: description: @@ -5443,7 +5780,7 @@ virtual_addresses: description: - The description of the virtual address. returned: changed - type: str + type: string sample: My virtual address enabled: description: @@ -5469,7 +5806,7 @@ virtual_addresses: description: - Netmask of the virtual address. returned: changed - type: str + type: string sample: 255.255.255.255 route_advertisement: description: @@ -5481,7 +5818,7 @@ virtual_addresses: description: - Traffic group on which the virtual address is active. returned: changed - type: str + type: string sample: /Common/traffic-group-1 spanning: description: @@ -5505,19 +5842,19 @@ virtual_servers: description: - The availability of the virtual server. returned: changed - type: str + type: string sample: offline full_path: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/2.3.4.5 name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: 2.3.4.5 auto_lasthop: description: @@ -5525,14 +5862,14 @@ virtual_servers: that transmitted the request, even if the routing table points to a different network or interface. returned: changed - type: str + type: string sample: default bw_controller_policy: description: - The bandwidth controller for the system to use to enforce a throughput policy for incoming network traffic. returned: changed - type: str + type: string sample: /Common/bw1 client_side_bits_in: description: @@ -5598,7 +5935,7 @@ virtual_servers: description: - The clustered-multiprocessing mode. returned: changed - type: str + type: string sample: all-cpus connection_limit: description: @@ -5610,7 +5947,7 @@ virtual_servers: description: - The description of the virtual server. returned: changed - type: str + type: string sample: My virtual enabled: description: @@ -5766,21 +6103,21 @@ virtual_servers: description: - SYN Cookies Status returned: changed - type: str + type: string sample: not-activated fallback_persistence_profile: description: - Fallback persistence profile for the virtual server to use when the default persistence profile is not available. returned: changed - type: str + type: string sample: /Common/fallback1 persistence_profile: description: - The persistence profile you want the system to use as the default for this virtual server. returned: changed - type: str + type: string sample: /Common/persist1 translate_port: description: @@ -5805,14 +6142,14 @@ virtual_servers: - Name of the virtual address and service on which the virtual server listens for connections. returned: changed - type: str + type: string sample: /Common/2.2.3.3%1:76 last_hop_pool: description: - Name of the last hop pool that you want the virtual server to use to direct reply traffic to the last hop router. returned: changed - type: str + type: string sample: /Common/pool1 nat64_enabled: description: @@ -5824,25 +6161,25 @@ virtual_servers: description: - Specifies whether the system preserves the source port of the connection. returned: changed - type: str + type: string sample: preserve ip_intelligence_policy: description: - IP Intelligence policy assigned to the virtual returned: changed - type: str + type: string sample: /Common/ip1 protocol: description: - IP protocol for which you want the virtual server to direct traffic. returned: changed - type: str + type: string sample: tcp default_pool: description: - Pool name that you want the virtual server to use as the default pool. returned: changed - type: str + type: string sample: /Common/pool1 rate_limit_mode: description: @@ -5850,7 +6187,7 @@ virtual_servers: per source address, per destination address, or some combination thereof. returned: changed - type: str + type: string sample: object rate_limit_source_mask: description: @@ -5870,19 +6207,19 @@ virtual_servers: - Specifies the type of source address translation associated with the specified virtual server. returned: changed - type: str + type: string sample: none snat_pool: description: - Specifies the name of a LSN or SNAT pool used by the specified virtual server. returned: changed - type: str + type: string sample: /Common/pool1 status_reason: description: - If there is a problem with the status of the virtual, that problem is reported here. returned: changed - type: str + type: string sample: The children pool member(s) either don't have service checking... gtm_score: description: @@ -5896,7 +6233,7 @@ virtual_servers: virtual server to use to enforce a throughput policy for incoming network traffic. returned: changed - type: str + type: string rate_limit_destination_mask: description: - Specifies a mask, in bits, to be applied to the destination @@ -5909,7 +6246,7 @@ virtual_servers: - Specifies an IP address or network from which the virtual server will accept traffic. returned: changed - type: str + type: string sample: 0.0.0./0 authentication_profile: description: @@ -5940,13 +6277,13 @@ virtual_servers: description: - Virtual server type. returned: changed - type: str + type: string sample: standard destination_address: description: - Address portion of the C(destination). returned: changed - type: str + type: string sample: 2.3.3.2 destination_port: description: @@ -5964,19 +6301,19 @@ virtual_servers: - Which side of the connection the profile affects; either C(all), C(client-side) or C(server-side). returned: changed - type: str + type: string sample: client-side full_path: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: /Common/tcp name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: tcp total_requests: description: @@ -5995,25 +6332,25 @@ vlans: - Allows the system to send return traffic to the MAC address that transmitted the request, even if the routing table points to a different network or interface. returned: changed - type: str + type: string sample: enabled cmp_hash_algorithm: description: - Specifies how the traffic on the VLAN will be disaggregated. returned: changed - type: str + type: string sample: default description: description: - Description of the VLAN. returned: changed - type: str + type: string sample: My vlan failsafe_action: description: - Action for the system to take when the fail-safe mechanism is triggered. returned: changed - type: str + type: string sample: reboot failsafe_enabled: description: @@ -6040,7 +6377,7 @@ vlans: - Whether switch ports placed in the VLAN are configured for switch learning, forwarding only, or dropped. returned: changed - type: str + type: string sample: enable-forward interfaces: description: @@ -6052,13 +6389,13 @@ vlans: description: - Full name of the resource as known to BIG-IP. returned: changed - type: str + type: string sample: 1.3 name: description: - Relative name of the resource in BIG-IP. returned: changed - type: str + type: string sample: 1.3 tagged: description: @@ -6108,7 +6445,7 @@ vlans: description: - Media access control (MAC) address for the lowest-numbered interface assigned to this VLAN. returned: changed - type: str + type: string sample: "fa:16:3e:10:da:ff" tag: description: @@ -6130,6 +6467,7 @@ from ansible.module_utils.parsing.convert_bool import BOOLEANS_TRUE from ansible.module_utils.six import iteritems from ansible.module_utils.six import string_types from collections import namedtuple +from distutils.version import LooseVersion try: from library.module_utils.network.f5.bigip import F5RestClient @@ -6142,6 +6480,7 @@ try: from library.module_utils.network.f5.common import transform_name from library.module_utils.network.f5.ipaddress import is_valid_ip from library.module_utils.network.f5.icontrol import modules_provisioned + from library.module_utils.network.f5.icontrol import tmos_version from library.module_utils.network.f5.urls import parseStats except ImportError: from ansible.module_utils.network.f5.bigip import F5RestClient @@ -6154,6 +6493,7 @@ except ImportError: from ansible.module_utils.network.f5.common import transform_name from ansible.module_utils.network.f5.ipaddress import is_valid_ip from ansible.module_utils.network.f5.icontrol import modules_provisioned + from ansible.module_utils.network.f5.icontrol import tmos_version from ansible.module_utils.network.f5.urls import parseStats @@ -6318,12 +6658,660 @@ class AsmPolicyStatsFactManager(BaseManager): raise F5ModuleError(response['message']) else: raise F5ModuleError(resp.content) - return dict( policies=response['items'] ) +class AsmPolicyFactParameters(BaseParameters): + api_map = { + 'hasParent': 'has_parent', + 'protocolIndependent': 'protocol_independent', + 'virtualServers': 'virtual_servers', + 'allowedResponseCodes': 'allowed_response_codes', + 'learningMode': 'learning_mode', + 'enforcementMode': 'enforcement_mode', + 'customXffHeaders': 'custom_xff_headers', + 'caseInsensitive': 'case_insensitive', + 'stagingSettings': 'staging_settings', + 'applicationLanguage': 'application_language', + 'trustXff': 'trust_xff', + 'geolocation-enforcement': 'geolocation_enforcement', + 'disallowedLocations': 'disallowed_locations', + 'signature-settings': 'signature_settings', + 'header-settings': 'header_settings', + 'cookie-settings': 'cookie_settings', + 'policy-builder': 'policy_builder', + 'disallowed-geolocations': 'disallowed_geolocations', + 'whitelist-ips': 'whitelist_ips', + 'fullPath': 'full_path', + 'csrf-protection': 'csrf_protection', + } + + returnables = [ + 'full_path', + 'name', + 'policy_id', + 'active', + 'protocol_independent', + 'has_parent', + 'type', + 'virtual_servers', + 'allowed_response_codes', + 'description', + 'learning_mode', + 'enforcement_mode', + 'custom_xff_headers', + 'case_insensitive', + 'signature_staging', + 'place_signatures_in_staging', + 'enforcement_readiness_period', + 'path_parameter_handling', + 'trigger_asm_irule_event', + 'inspect_http_uploads', + 'mask_credit_card_numbers_in_request', + 'maximum_http_header_length', + 'use_dynamic_session_id_in_url', + 'maximum_cookie_header_length', + 'application_language', + 'trust_xff', + 'disallowed_geolocations', + 'csrf_urls', + 'csrf_protection_enabled', + 'csrf_protection_ssl_only', + 'csrf_protection_expiration_time_in_seconds', + ] + + def _morph_keys(self, key_map, item): + for k, v in iteritems(key_map): + item[v] = item.pop(k, None) + result = self._filter_params(item) + return result + + @property + def active(self): + return flatten_boolean(self._values['active']) + + @property + def case_insensitive(self): + return flatten_boolean(self._values['case_insensitive']) + + @property + def has_parent(self): + return flatten_boolean(self._values['has_parent']) + + @property + def policy_id(self): + if self._values['id'] is None: + return None + return self._values['id'] + + @property + def signature_staging(self): + if 'staging_settings' in self._values: + if self._values['staging_settings'] is None: + return None + if 'signatureStaging' in self._values['staging_settings']: + return flatten_boolean(self._values['staging_settings']['signatureStaging']) + if 'signature_settings' in self._values: + if self._values['signature_settings'] is None: + return None + if 'signatureStaging' in self._values['signature_settings']: + return flatten_boolean(self._values['signature_settings']['signatureStaging']) + + @property + def place_signatures_in_staging(self): + if 'staging_settings' in self._values: + if self._values['staging_settings'] is None: + return None + if 'placeSignaturesInStaging' in self._values['staging_settings']: + return flatten_boolean(self._values['staging_settings']['placeSignaturesInStaging']) + if 'signature_settings' in self._values: + if self._values['signature_settings'] is None: + return None + if 'signatureStaging' in self._values['signature_settings']: + return flatten_boolean(self._values['signature_settings']['placeSignaturesInStaging']) + + @property + def enforcement_readiness_period(self): + if 'staging_settings' in self._values: + if self._values['staging_settings'] is None: + return None + if 'enforcementReadinessPeriod' in self._values['staging_settings']: + return self._values['staging_settings']['enforcementReadinessPeriod'] + if 'general' in self._values: + if self._values['general'] is None: + return None + if 'signatureStaging' in self._values['general']: + return self._values['general']['enforcementReadinessPeriod'] + + @property + def path_parameter_handling(self): + if 'attributes' in self._values: + if self._values['attributes'] is None: + return None + if 'pathParameterHandling' in self._values['attributes']: + return self._values['attributes']['pathParameterHandling'] + if 'general' in self._values: + if self._values['general'] is None: + return None + if 'pathParameterHandling' in self._values['general']: + return self._values['general']['pathParameterHandling'] + + @property + def trigger_asm_irule_event(self): + if 'attributes' in self._values: + if self._values['attributes'] is None: + return None + if 'triggerAsmIruleEvent' in self._values['attributes']: + return self._values['attributes']['triggerAsmIruleEvent'] + if 'general' in self._values: + if self._values['general'] is None: + return None + if 'triggerAsmIruleEvent' in self._values['general']: + return self._values['general']['triggerAsmIruleEvent'] + + @property + def inspect_http_uploads(self): + if 'attributes' in self._values: + if self._values['attributes'] is None: + return None + if 'inspectHttpUploads' in self._values['attributes']: + return flatten_boolean(self._values['attributes']['inspectHttpUploads']) + if 'antivirus' in self._values: + if self._values['antivirus'] is None: + return None + if 'inspectHttpUploads' in self._values['antivirus']: + return flatten_boolean(self._values['antivirus']['inspectHttpUploads']) + + @property + def mask_credit_card_numbers_in_request(self): + if 'attributes' in self._values: + if self._values['attributes'] is None: + return None + if 'maskCreditCardNumbersInRequest' in self._values['attributes']: + return flatten_boolean(self._values['attributes']['maskCreditCardNumbersInRequest']) + if 'general' in self._values: + if self._values['general'] is None: + return None + if 'maskCreditCardNumbersInRequest' in self._values['general']: + return flatten_boolean(self._values['general']['maskCreditCardNumbersInRequest']) + + @property + def maximum_http_header_length(self): + if 'attributes' in self._values: + if self._values['attributes'] is None: + return None + if 'maximumHttpHeaderLength' in self._values['attributes']: + if self._values['attributes']['maximumHttpHeaderLength'] == 'any': + return 'any' + return int(self._values['attributes']['maximumHttpHeaderLength']) + + if 'header_settings' in self._values: + if self._values['header_settings'] is None: + return None + if 'maximumHttpHeaderLength' in self._values['header_settings']: + if self._values['header_settings']['maximumHttpHeaderLength'] == 'any': + return 'any' + return int(self._values['header_settings']['maximumHttpHeaderLength']) + + @property + def use_dynamic_session_id_in_url(self): + if 'attributes' in self._values: + if self._values['attributes'] is None: + return None + if 'useDynamicSessionIdInUrl' in self._values['attributes']: + return flatten_boolean(self._values['attributes']['useDynamicSessionIdInUrl']) + if 'general' in self._values: + if self._values['general'] is None: + return None + if 'useDynamicSessionIdInUrl' in self._values['general']: + return flatten_boolean(self._values['general']['useDynamicSessionIdInUrl']) + + @property + def maximum_cookie_header_length(self): + if 'attributes' in self._values: + if self._values['attributes'] is None: + return None + if 'maximumCookieHeaderLength' in self._values['attributes']: + if self._values['attributes']['maximumCookieHeaderLength'] == 'any': + return 'any' + return int(self._values['attributes']['maximumCookieHeaderLength']) + if 'cookie_settings' in self._values: + if self._values['cookie_settings'] is None: + return None + if 'maximumCookieHeaderLength' in self._values['cookie_settings']: + if self._values['cookie_settings']['maximumCookieHeaderLength'] == 'any': + return 'any' + return int(self._values['cookie_settings']['maximumCookieHeaderLength']) + + @property + def trust_xff(self): + if 'trust_xff' in self._values: + if self._values['trust_xff'] is None: + return None + return flatten_boolean(self._values['trust_xff']) + if 'general' in self._values: + if self._values['general'] is None: + return None + if 'trustXff' in self._values['general']: + return flatten_boolean(self._values['general']['trustXff']) + + @property + def custom_xff_headers(self): + if 'custom_xff_headers' in self._values: + if self._values['custom_xff_headers'] is None: + return None + return self._values['custom_xff_headers'] + if 'general' in self._values: + if self._values['general'] is None: + return None + if 'customXffHeaders' in self._values['general']: + return self._values['general']['customXffHeaders'] + + @property + def allowed_response_codes(self): + if 'allowed_response_codes' in self._values: + if self._values['allowed_response_codes'] is None: + return None + return self._values['allowed_response_codes'] + if 'general' in self._values: + if self._values['general'] is None: + return None + if 'allowedResponseCodes' in self._values['general']: + return self._values['general']['allowedResponseCodes'] + + @property + def learning_mode(self): + if 'policy_builder' in self._values: + if self._values['policy_builder'] is None: + return None + if 'learningMode' in self._values['policy_builder']: + return self._values['policy_builder']['learningMode'] + + @property + def disallowed_locations(self): + if 'geolocation_enforcement' in self._values: + if self._values['geolocation_enforcement'] is None: + return None + return self._values['geolocation_enforcement']['disallowedLocations'] + + @property + def disallowed_geolocations(self): + if 'disallowed_geolocations' in self._values: + if self._values['disallowed_geolocations'] is None: + return None + return self._values['disallowed_geolocations'] + + @property + def csrf_protection_enabled(self): + if 'csrf_protection' in self._values: + return flatten_boolean(self._values['csrf_protection']['enabled']) + + @property + def csrf_protection_ssl_only(self): + if 'csrf_protection' in self._values: + if 'sslOnly' in self._values['csrf_protection']: + return flatten_boolean(self._values['csrf_protection']['sslOnly']) + + @property + def csrf_protection_expiration_time_in_seconds(self): + if 'csrf_protection' in self._values: + if 'expirationTimeInSeconds' in self._values['csrf_protection']: + if self._values['csrf_protection']['expirationTimeInSeconds'] is None: + return None + if self._values['csrf_protection']['expirationTimeInSeconds'] == 'disabled': + return 'disabled' + return int(self._values['csrf_protection']['expirationTimeInSeconds']) + + def format_csrf_collection(self, items): + result = list() + key_map = { + 'requiredParameters': 'csrf_url_required_parameters', + 'url': 'csrf_url', + 'method': 'csrf_url_method', + 'enforcementAction': 'csrf_url_enforcement_action', + 'id': 'csrf_url_id', + 'wildcardOrder': 'csrf_url_wildcard_order', + 'parametersList': 'csrf_url_parameters_list' + } + for item in items: + self._remove_internal_keywords(item) + item.pop('lastUpdateMicros') + output = self._morph_keys(key_map, item) + result.append(output) + return result + + @property + def csrf_urls(self): + if 'csrfUrls' in self._values: + if self._values['csrfUrls'] is None: + return None + return self._values['csrfUrls'] + if 'csrf-urls' in self._values: + if self._values['csrf-urls'] is None: + return None + return self.format_csrf_collection(self._values['csrf-urls']) + + @property + def protocol_independent(self): + return flatten_boolean(self._values['protocol_independent']) + + +# TODO include: web-scraping,ip-intelligence,session-tracking, +# TODO login-enforcement,data-guard,redirection-protection,vulnerability-assessment, parentPolicyReference + + +class AsmPolicyFactManager(BaseManager): + def __init__(self, *args, **kwargs): + self.client = kwargs.get('client', None) + self.module = kwargs.get('module', None) + super(AsmPolicyFactManager, self).__init__(**kwargs) + self.want = AsmPolicyFactParameters(params=self.module.params) + + def exec_module(self): + facts = self._exec_module() + result = dict(asm_policies=facts) + return result + + def _exec_module(self): + if 'asm' not in self.provisioned_modules: + return [] + manager = self.get_manager() + return manager._exec_module() + + def get_manager(self): + if self.version_is_less_than_13(): + return AsmPolicyFactManagerV12(**self.kwargs) + else: + return AsmPolicyFactManagerV13(**self.kwargs) + + def version_is_less_than_13(self): + version = tmos_version(self.client) + if LooseVersion(version) < LooseVersion('13.0.0'): + return True + else: + return False + + def read_facts(self): + results = [] + collection = self.increment_read() + for resource in collection: + params = AsmPolicyFactParameters(params=resource) + results.append(params) + return results + + def increment_read(self): + n = 0 + result = [] + while True: + items = self.read_collection_from_device(skip=n) + if not items: + break + result.extend(items) + n = n + 10 + return result + + +class AsmPolicyFactManagerV12(AsmPolicyFactManager): + def _exec_module(self): + results = [] + facts = self.read_facts() + for item in facts: + attrs = item.to_return() + results.append(attrs) + results = sorted(results, key=lambda k: k['full_path']) + return results + + def read_collection_from_device(self, skip=0): + uri = "https://{0}:{1}/mgmt/tm/asm/policies".format( + self.client.provider['server'], + self.client.provider['server_port'], + ) + + to_expand = 'policy-builder,geolocation-enforcement,csrf-protection' + query = '?$top=10&$skip={0}&$expand={1}'.format(skip, to_expand) + + resp = self.client.api.get(uri + query) + + try: + response = resp.json() + except ValueError as ex: + raise F5ModuleError(str(ex)) + + if 'code' in response and response['code'] == 400: + if 'message' in response: + raise F5ModuleError(response['message']) + else: + raise F5ModuleError(resp.content) + + if 'items' not in response: + return None + return response['items'] + + +class AsmPolicyFactManagerV13(AsmPolicyFactManager): + def _exec_module(self): + results = [] + facts = self.read_facts() + for item in facts: + attrs = item.to_return() + results.append(attrs) + results = sorted(results, key=lambda k: k['full_path']) + return results + + def read_collection_from_device(self, skip=0): + uri = "https://{0}:{1}/mgmt/tm/asm/policies".format( + self.client.provider['server'], + self.client.provider['server_port'], + ) + to_expand = 'general,signature-settings,header-settings,cookie-settings,antivirus,' \ + 'policy-builder,csrf-protection,csrf-urls' + query = '?$top=10&$skip={0}&$expand={1}'.format(skip, to_expand) + resp = self.client.api.get(uri + query) + + try: + response = resp.json() + except ValueError as ex: + raise F5ModuleError(str(ex)) + + if 'code' in response and response['code'] == 400: + if 'message' in response: + raise F5ModuleError(response['message']) + else: + raise F5ModuleError(resp.content) + + if 'items' not in response: + return None + + return response['items'] + + +class AsmServerTechnologyFactParameters(BaseParameters): + api_map = { + 'serverTechnologyName': 'server_technology_name', + 'serverTechnologyReferences': 'server_technology_references', + } + + returnables = [ + 'id', + 'server_technology_name', + 'server_technology_references', + ] + + +class AsmServerTechnologyFactManager(BaseManager): + def __init__(self, *args, **kwargs): + self.client = kwargs.get('client', None) + self.module = kwargs.get('module', None) + super(AsmServerTechnologyFactManager, self).__init__(**kwargs) + self.want = AsmServerTechnologyFactParameters(params=self.module.params) + + def exec_module(self): + facts = self._exec_module() + result = dict(asm_server_technologies=facts) + return result + + def _exec_module(self): + results = [] + if 'asm' not in self.provisioned_modules: + return results + if self.version_is_less_than_13(): + return results + facts = self.read_facts() + for item in facts: + attrs = item.to_return() + results.append(attrs) + results = sorted(results, key=lambda k: k['server_technology_name']) + return results + + def version_is_less_than_13(self): + version = tmos_version(self.client) + if LooseVersion(version) < LooseVersion('13.0.0'): + return True + else: + return False + + def read_facts(self): + results = [] + collection = self.read_collection_from_device() + for resource in collection: + params = AsmServerTechnologyFactParameters(params=resource) + results.append(params) + return results + + def read_collection_from_device(self): + uri = "https://{0}:{1}/mgmt/tm/asm/server-technologies".format( + self.client.provider['server'], + self.client.provider['server_port'], + ) + resp = self.client.api.get(uri) + try: + response = resp.json() + except ValueError as ex: + raise F5ModuleError(str(ex)) + if 'code' in response and response['code'] == 400: + if 'message' in response: + raise F5ModuleError(response['message']) + else: + raise F5ModuleError(resp.content) + if 'items' not in response: + return [] + result = response['items'] + return result + + +class AsmSignatureSetsFactParameters(BaseParameters): + api_map = { + 'isUserDefined': 'is_user_defined', + 'assignToPolicyByDefault': 'assign_to_policy_by_default', + 'defaultAlarm': 'default_alarm', + 'defaultBlock': 'default_block', + 'defaultLearn': 'default_learn', + } + + returnables = [ + 'name', + 'id', + 'type', + 'category', + 'is_user_defined', + 'assign_to_policy_by_default', + 'default_alarm', + 'default_block', + 'default_learn', + ] + + @property + def is_user_defined(self): + return flatten_boolean(self._values['is_user_defined']) + + @property + def assign_to_policy_by_default(self): + return flatten_boolean(self._values['assign_to_policy_by_default']) + + @property + def default_alarm(self): + return flatten_boolean(self._values['default_alarm']) + + @property + def default_block(self): + return flatten_boolean(self._values['default_block']) + + @property + def default_learn(self): + return flatten_boolean(self._values['default_learn']) + +# TODO: add the following: filter, systems, signatureReferences + + +class AsmSignatureSetsFactManager(BaseManager): + def __init__(self, *args, **kwargs): + self.client = kwargs.get('client', None) + self.module = kwargs.get('module', None) + super(AsmSignatureSetsFactManager, self).__init__(**kwargs) + self.want = AsmSignatureSetsFactParameters(params=self.module.params) + + def exec_module(self): + facts = self._exec_module() + result = dict(asm_signature_sets=facts) + return result + + def _exec_module(self): + results = [] + if 'asm' not in self.provisioned_modules: + return results + facts = self.read_facts() + for item in facts: + attrs = item.to_return() + results.append(attrs) + results = sorted(results, key=lambda k: k['name']) + return results + + def read_facts(self): + results = [] + collection = self.increment_read() + for resource in collection: + params = AsmSignatureSetsFactParameters(params=resource) + results.append(params) + return results + + def increment_read(self): + n = 0 + result = [] + while True: + items = self.read_collection_from_device(skip=n) + if not items: + break + result.extend(items) + n = n + 5 + return result + + def read_collection_from_device(self, skip=0): + uri = "https://{0}:{1}/mgmt/tm/asm/signature-sets".format( + self.client.provider['server'], + self.client.provider['server_port'], + ) + query = '?$top=5&$skip={0}'.format(skip) + resp = self.client.api.get(uri + query) + + try: + response = resp.json() + except ValueError as ex: + raise F5ModuleError(str(ex)) + + if 'code' in response and response['code'] == 400: + if 'message' in response: + raise F5ModuleError(response['message']) + else: + raise F5ModuleError(resp.content) + + if 'items' not in response: + return None + + return response['items'] + + class ClientSslProfilesParameters(BaseParameters): api_map = { 'fullPath': 'full_path', @@ -14125,6 +15113,9 @@ class ModuleManager(object): self.want = Parameters(params=self.module.params) self.managers = { 'asm-policy-stats': AsmPolicyStatsFactManager, + 'asm-policies': AsmPolicyFactManager, + 'asm-server-technologies': AsmServerTechnologyFactManager, + 'asm-signature-sets': AsmSignatureSetsFactManager, 'client-ssl-profiles': ClientSslProfilesFactManager, 'devices': DevicesFactManager, 'device-groups': DeviceGroupsFactManager, @@ -14320,7 +15311,10 @@ class ArgumentSpec(object): 'gtm-wide-ips', # Non-meta choices + 'asm-policies', 'asm-policy-stats', + 'asm-server-technologies', + 'asm-signature-sets', 'client-ssl-profiles', 'devices', 'device-groups', @@ -14384,6 +15378,9 @@ class ArgumentSpec(object): # Negations of non-meta-choices '!asm-policy-stats', + '!asm-policies', + '!asm-server-technologies', + '!asm-signature-sets', '!client-ssl-profiles', '!devices', '!device-groups',