def test_delete_topology_object_dump_json(self, *args):
# Configure the arguments that would be sent to the Ansible module
expected = load_fixture('sslo_topology_delete_created.json')
set_module_args(
dict(name='expl_topo',
topology_type='outbound_explicit',
state='absent',
dump_json=True))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode,
mutually_exclusive=self.spec.mutually_exclusive,
required_together=self.spec.required_together,
required_if=self.spec.required_if)
mm = ModuleManager(module=module)
exists = dict(code=200,
contents=load_fixture('load_sslo_topology.json'))
# Override methods to force specific logic in the module to happen
mm.client.get = Mock(side_effect=[exists, exists])
results = mm.exec_module()
assert results['changed'] is False
assert results['json'] == expected
def test_create_expl_out_topology_object_dump_json(self, *args):
# Configure the arguments that would be sent to the Ansible module
expected = load_fixture('sslo_l3_expl_topo_create_generated.json')
set_module_args(
dict(name='expl_topo',
topology_type='outbound_explicit',
proxy_ip='192.168.1.1',
proxy_port=3211,
security_policy='from_gui',
ssl_settings='foobar',
vlans=['/Common/fake1'],
dump_json=True))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode,
mutually_exclusive=self.spec.mutually_exclusive,
required_together=self.spec.required_together,
required_if=self.spec.required_if)
mm = ModuleManager(module=module)
# Override methods to force specific logic in the module to happen
mm.exists = Mock(return_value=False)
mm.client.get = Mock(return_value=dict(
code=200, contents=load_fixture('sslo_gs_present.json')))
results = mm.exec_module()
assert results['changed'] is False
assert results['json'] == expected
def test_create_expl_out_topology_object(self, *args):
# Configure the arguments that would be sent to the Ansible module
set_module_args(
dict(name='expl_topo',
topology_type='outbound_explicit',
proxy_ip='192.168.1.1',
proxy_port=3211,
security_policy='from_gui',
ssl_settings='foobar',
vlans=['/Common/fake1']))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode,
mutually_exclusive=self.spec.mutually_exclusive,
required_together=self.spec.required_together,
required_if=self.spec.required_if)
mm = ModuleManager(module=module)
gs = dict(code=200, contents=load_fixture('sslo_gs_present.json'))
exists = dict(code=200,
contents=load_fixture('load_sslo_topo_expl.json'))
done = dict(
code=200,
contents=load_fixture('reply_sslo_topo_expl_create_done.json'))
# Override methods to force specific logic in the module to happen
mm.exists = Mock(return_value=False)
mm.client.get = Mock(side_effect=[exists, gs, done])
mm.client.post = Mock(return_value=dict(
code=202,
contents=load_fixture('reply_sslo_topo_expl_create_start.json')))
results = mm.exec_module()
assert results['changed'] is True
assert results['topology'] == 'topology_l3_explicit_proxy'
assert results['rule'] == 'Outbound'
assert results['proxy_type'] == 'explicit'
assert results['proxy_ip'] == '192.168.1.1'
assert results['proxy_port'] == 3211
assert results['vlans'] == [{
'name': '/Common/fake1',
'value': '/Common/fake1'
}]
assert results['ssl_settings'] == 'ssloT_foobar'
assert results['security_policy'] == 'ssloP_from_gui'
def test_create_l2_in_topology_object(self, *args):
# Configure the arguments that would be sent to the Ansible module
set_module_args(
dict(name='l2_topo_in',
dest='192.168.1.3%0/32',
port=0,
topology_type='inbound_l2',
ssl_settings='foobar',
vlans=['/Common/fake1']))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode,
mutually_exclusive=self.spec.mutually_exclusive,
required_together=self.spec.required_together,
required_if=self.spec.required_if)
mm = ModuleManager(module=module)
gs = dict(code=200, contents=load_fixture('sslo_gs_present.json'))
exists = dict(code=200,
contents=load_fixture('load_sslo_topo_l2_in.json'))
done = dict(
code=200,
contents=load_fixture('reply_sslo_topo_l2_in_create_done.json'))
# Override methods to force specific logic in the module to happen
mm.exists = Mock(return_value=False)
mm.client.get = Mock(side_effect=[exists, gs, done])
mm.client.post = Mock(return_value=dict(
code=202,
contents=load_fixture('reply_sslo_topo_l2_in_create_start.json')))
results = mm.exec_module()
assert results['changed'] is True
assert results['topology'] == 'topology_l2_inbound'
assert results['rule'] == 'Inbound'
assert results['dep_net'] == 'l2_network'
assert results['dest'] == '192.168.1.3%0/32'
assert results['port'] == 0
assert results['vlans'] == [{
'name': '/Common/fake1',
'value': '/Common/fake1'
}]
assert results['ssl_settings'] == 'ssloT_foobar'
def test_ssl_settings_invalid_protocol_udp_l2_out(self, *args):
# Configure the arguments that would be sent to the Ansible module
set_module_args(
dict(name='l2_topo_out',
topology_type='outbound_l2',
vlans=['/Common/fake'],
protocol='udp',
ssl_settings='foobar'))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode,
mutually_exclusive=self.spec.mutually_exclusive,
required_together=self.spec.required_together,
required_if=self.spec.required_if)
mm = ModuleManager(module=module)
# Override methods to force specific logic in the module to happen
mm.exists = Mock(return_value=False)
mm.return_sslo_global = Mock(return_value=True)
with self.assertRaises(F5ModuleError) as res:
mm.exec_module()
assert str(
res.exception
) == 'The Outbound L2 topology for UDP traffic cannot contain an ssl_settings key.'
def test_primary_auth_uri_invalid_protocol_l3_out(self, sslo):
# Configure the arguments that would be sent to the Ansible module
sslo.return_value = '8.2'
err = "The 'primary_auth_uri' key can only be used with an outbound L3 TCP topology."
set_module_args(
dict(name='l3_topo_out',
topology_type='outbound_l3',
vlans=['/Common/fake'],
protocol='other',
primary_auth_uri='/fake'))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode,
mutually_exclusive=self.spec.mutually_exclusive,
required_together=self.spec.required_together,
required_if=self.spec.required_if)
mm = ModuleManager(module=module)
# Override methods to force specific logic in the module to happen
mm.exists = Mock(return_value=False)
mm.return_sslo_global = Mock(return_value=True)
with self.assertRaises(F5ModuleError) as res:
mm.exec_module()
assert str(res.exception) == err
def test_verify_accept_invalid_version(self, *args):
# Configure the arguments that would be sent to the Ansible module
err = "The 'verify_accept' key is supported on SSLO version 9.0 and above, your SSLO version is 7.5."
set_module_args(
dict(name='l2_topo_out',
topology_type='inbound_l2',
vlans=['/Common/fake'],
verify_accept='no'))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode,
mutually_exclusive=self.spec.mutually_exclusive,
required_together=self.spec.required_together,
required_if=self.spec.required_if)
mm = ModuleManager(module=module)
# Override methods to force specific logic in the module to happen
mm.exists = Mock(return_value=False)
mm.return_sslo_global = Mock(return_value=True)
with self.assertRaises(F5ModuleError) as res:
mm.exec_module()
assert str(res.exception) == err
def test_profile_scope_named_invalid_version(self, *args):
# Configure the arguments that would be sent to the Ansible module
err = "The 'primary_auth_uri', 'profile_scope_value' or 'profile_scope' are " \
"supported on SSLO version 8.2 and above, your SSLO version is 7.5."
set_module_args(
dict(name='l3_topo_out',
topology_type='outbound_l3',
vlans=['/Common/fake'],
profile_scope='named',
profile_scope_value='some_value',
primary_auth_uri='/foofake'))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode,
mutually_exclusive=self.spec.mutually_exclusive,
required_together=self.spec.required_together,
required_if=self.spec.required_if)
mm = ModuleManager(module=module)
# Override methods to force specific logic in the module to happen
mm.exists = Mock(return_value=False)
mm.return_sslo_global = Mock(return_value=True)
with self.assertRaises(F5ModuleError) as res:
mm.exec_module()
assert str(res.exception) == err
def test_ip_family_mismatch_proxy(self, *args):
# Configure the arguments that would be sent to the Ansible module
set_module_args(
dict(name='fake_explicit',
topology_type='outbound_explicit',
vlans=['/Common/fake'],
proxy_ip='19.1.1.1',
proxy_port=1234,
source='2001:0db8:85a3:0000:0000:8a2e:0370:7334/32'))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode,
mutually_exclusive=self.spec.mutually_exclusive,
required_together=self.spec.required_together,
required_if=self.spec.required_if)
mm = ModuleManager(module=module)
# Override methods to force specific logic in the module to happen
mm.exists = Mock(return_value=False)
mm.return_sslo_global = Mock(return_value=True)
with self.assertRaises(F5ModuleError) as res:
mm.exec_module()
assert str(
res.exception
) == 'Source and proxy addresses must be in the same IP family.'
def test_proxy_ip_defined_for_non_explict_proxy_type(self, *args):
# Configure the arguments that would be sent to the Ansible module
err = "The 'proxy_ip' key is only to be used with explicit proxy type, use 'dest' key instead."
set_module_args(
dict(name='l2_out',
topology_type='outbound_l2',
proxy_ip='191.1.1.1',
proxy_port=1234,
ssl_settings='fakesettings',
vlans=['/Common/fake']))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode,
mutually_exclusive=self.spec.mutually_exclusive,
required_together=self.spec.required_together,
required_if=self.spec.required_if)
mm = ModuleManager(module=module)
# Override methods to force specific logic in the module to happen
mm.exists = Mock(return_value=False)
mm.return_sslo_global = Mock(return_value=True)
with self.assertRaises(F5ModuleError) as res:
mm.exec_module()
assert str(res.exception) == err
def test_security_policy_missing_explicit_proxy(self, *args):
# Configure the arguments that would be sent to the Ansible module
set_module_args(
dict(name='explicit_out',
topology_type='outbound_explicit',
proxy_ip='191.1.1.1',
proxy_port=1234,
vlans=['/Common/fake']))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode,
mutually_exclusive=self.spec.mutually_exclusive,
required_together=self.spec.required_together,
required_if=self.spec.required_if)
mm = ModuleManager(module=module)
# Override methods to force specific logic in the module to happen
mm.exists = Mock(return_value=False)
mm.return_sslo_global = Mock(return_value=True)
with self.assertRaises(F5ModuleError) as res:
mm.exec_module()
assert str(
res.exception
) == "The 'security_policy' is required when creating explicit proxy type topology."
def test_vlans_parameter_missing(self, *args):
# Configure the arguments that would be sent to the Ansible module
set_module_args(dict(name='l2_topo_out', topology_type='inbound_l2'))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode,
mutually_exclusive=self.spec.mutually_exclusive,
required_together=self.spec.required_together,
required_if=self.spec.required_if)
mm = ModuleManager(module=module)
# Override methods to force specific logic in the module to happen
mm.exists = Mock(return_value=False)
mm.return_sslo_global = Mock(return_value=True)
with self.assertRaises(F5ModuleError) as res:
mm.exec_module()
assert str(res.exception) == 'At least one VLAN must be defined.'