def test_create_policy_from_bigip(icr_policy_dict):
policy = IcrPolicy(**icr_policy_dict)
assert policy.name == "wrapper_policy"
assert policy.partition == "Test"
data = policy.data
assert data.get('strategy') == "/Common/first-match"
assert len(data.get('rules')) == 2
assert data.get('legacy')
assert data.get('controls') == ["forwarding"]
assert data.get('requires') == ["http"]
def test_create_policy_supported_conditions(self, bigip, partition):
"""Create a policy with supported conditions"""
if isinstance(bigip, MagicMock):
return
policy_data = {
'name': self.name,
'strategy': "/Common/first-match",
'rules': [{
'name': "test_rule0",
'actions': [],
'conditions': []
}]
}
rule = policy_data['rules'][0]
skip_conditions = [
"http_uri_unsupported", "http_unsupported_operand_type"
]
# For each supported condition create, test, and delete.
for condition in conditions:
if condition in skip_conditions:
continue
rule['conditions'] = [conditions[condition]]
# Create the CCCL policy object.
policy = Policy(partition=partition, **policy_data)
# Create on the BIG-IP
try:
policy.create(bigip)
except exceptions.F5CcclError as e:
print(e)
# Retrieve it from the BIG-IP
(icr_policy, code) = self._get_policy_from_bigip(bigip, partition)
# Compare.
assert icr_policy
assert policy == IcrPolicy(**icr_policy.raw)
# Delete the policy
try:
policy.delete(bigip)
except exceptions.F5CcclError as e:
print(e)
def test_create_policy_one_rule(self, bigip, partition):
"""Create a simple policy with one rule."""
if isinstance(bigip, MagicMock):
return
test_rule = {'name': "rule_0", 'actions': [], 'conditions': []}
test_policy = {
'name': self.name,
'strategy': "/Common/first-match",
'rules': []
}
test_policy['rules'].append(test_rule)
# Create the policy resource.
policy = Policy(partition=partition, **test_policy)
try:
# Create on bigip.
policy.create(bigip)
except exceptions.F5CcclError as e:
print(e)
# Get the policy from the bigip.
(icr_policy, code) = self._get_policy_from_bigip(bigip, partition)
# Assert object exists and test attributes.
assert icr_policy
assert icr_policy.raw['name'] == self.name
assert icr_policy.raw['strategy'] == "/Common/first-match"
assert 'items' in icr_policy.raw['rulesReference']
rules = icr_policy.raw['rulesReference']['items']
assert len(rules) == 1
rule = rules[0]
assert rule['name'] == "rule_0"
assert rule['ordinal'] == 0
assert policy == IcrPolicy(**icr_policy.raw)
# Cleanup
try:
policy.delete(bigip)
except exceptions.F5CcclError as e:
print(e)
def test_compare_icr_to_api_policy(icr_policy_dict, api_policy):
icr_policy = IcrPolicy(**icr_policy_dict)
assert icr_policy == api_policy
def test_create_policy_rule_conditions(self, bigip, partition):
"""Create a policy with a rule and conditions."""
if isinstance(bigip, MagicMock):
return
policy_data = {
'name': self.name,
'strategy': "/Common/first-match",
'rules': [{
'name': "test_rule0",
'actions': [],
'conditions': []
}]
}
rule_0 = policy_data['rules'][0]
rule_0['conditions'].append(conditions['http_host'])
policy = Policy(partition=partition, **policy_data)
try:
policy.create(bigip)
except exceptions.F5CcclError as e:
print(e)
(icr_policy, code) = self._get_policy_from_bigip(bigip, partition)
assert icr_policy
assert policy == IcrPolicy(**icr_policy.raw)
# Add a condition
condition = conditions['http_host']
rule_0['conditions'].append(conditions['http_host'])
policy = Policy(partition=partition, **policy_data)
try:
policy.update(bigip)
except exceptions.F5CcclError as e:
print(e)
(icr_policy, code) = self._get_policy_from_bigip(bigip, partition)
assert icr_policy
assert policy == IcrPolicy(**icr_policy.raw)
# Remove both conditions
rule_0['conditions'] = list()
policy = Policy(partition=partition, **policy_data)
try:
policy.update(bigip)
except exceptions.F5CcclError as e:
print(e)
(icr_policy, code) = self._get_policy_from_bigip(bigip, partition)
assert icr_policy
assert policy == IcrPolicy(**icr_policy.raw)
# Modify the condition and check that they are different
new_condition = deepcopy(conditions['http_host'])
# Change the matcher.
new_condition.pop('equals')
new_condition['contains'] = True
rule_0['conditions'] = [new_condition]
policy = Policy(partition=partition, **policy_data)
# Test that the conditions are not equal.
assert policy != IcrPolicy(**icr_policy.raw)
# Update and check that they are equal
try:
policy.update(bigip)
except exceptions.F5CcclError as e:
print(e)
(icr_policy, code) = self._get_policy_from_bigip(bigip, partition)
assert icr_policy
assert policy == IcrPolicy(**icr_policy.raw)
# Delete the policy
try:
policy.delete(bigip)
except exceptions.F5CcclError as e:
print(e)
def test_create_policy_rules(self, bigip, partition):
if isinstance(bigip, MagicMock):
return
# Create a new policy
policy_data = {
'name': self.name,
'strategy': "/Common/first-match",
'rules': []
}
policy = Policy(partition=partition, **policy_data)
try:
policy.create(bigip)
except exceptions.F5CcclError as e:
print(e)
(icr_policy, code) = self._get_policy_from_bigip(bigip, partition)
assert icr_policy
for i in range(5):
test_rule = {'actions': [], 'conditions': []}
test_rule['name'] = "rule_{}".format(i)
policy_data['rules'].append(test_rule)
policy = Policy(partition=partition, **policy_data)
try:
policy.update(bigip)
except exceptions.F5CcclError as e:
print(e)
(icr_policy, code) = self._get_policy_from_bigip(bigip, partition)
assert icr_policy
assert 'items' in icr_policy.raw['rulesReference']
rules = icr_policy.raw['rulesReference']['items']
assert len(rules) == i + 1
# Assert that the policy is equal to the one on the bigip.
assert policy == IcrPolicy(**icr_policy.raw)
# Reverse the list of rules and assert that the ordinals change.
policy_data['rules'].reverse()
policy = Policy(partition=partition, **policy_data)
try:
policy.update(bigip)
except exceptions.F5CcclError as e:
print(e)
(icr_policy, code) = self._get_policy_from_bigip(bigip, partition)
assert icr_policy
assert 'items' in icr_policy.raw['rulesReference']
rules = icr_policy.raw['rulesReference']['items']
for rule in rules:
ordinal = rule['ordinal']
assert rule['name'] == "rule_{}".format(4 - ordinal)
# Assert that the policy is equal to the one on the bigip.
assert policy == IcrPolicy(**icr_policy.raw)
policy_data = {
'name': self.name,
'strategy': "/Common/first-match",
'rules': []
}
policy = Policy(partition=partition, **policy_data)
try:
policy.update(bigip)
except exceptions.F5CcclError as e:
print(e)
(icr_policy, code) = self._get_policy_from_bigip(bigip, partition)
assert icr_policy
assert 'items' not in icr_policy.raw['rulesReference']
try:
policy.delete(bigip)
except exceptions.F5CcclError as e:
print(e)
def refresh(self):
"""Refresh the internal cache with the BIG-IP state."""
partition_filter = "$filter=partition+eq+{}".format(self._partition)
# Retrieve the list of virtual servers in managed partition.
query = partition_filter
# Retrieve the lists of health monitors
http_monitors = self.tm.ltm.monitor.https.get_collection(
requests_params={"params": query})
https_monitors = self.tm.ltm.monitor.https_s.get_collection(
requests_params={"params": query})
tcp_monitors = self.tm.ltm.monitor.tcps.get_collection(
requests_params={"params": query})
icmp_monitors = (
self.tm.ltm.monitor.gateway_icmps.get_collection(
requests_params={"params": query})
)
iapps = self.tm.sys.application.services.get_collection(
requests_params={"params": query})
nodes = self.tm.ltm.nodes.get_collection(
requests_params={"params": query})
virtual_addresses = self.tm.ltm.virtual_address_s.get_collection(
requests_params={"params": query})
# Retrieve the list of virtuals, pools, and policies in the
# managed partition getting all subCollections.
query = "{}&expandSubcollections=true".format(partition_filter)
virtuals = self.tm.ltm.virtuals.get_collection(
requests_params={"params": query})
pools = self.tm.ltm.pools.get_collection(
requests_params={"params": query})
policies = self.tm.ltm.policys.get_collection(
requests_params={"params": query})
# Refresh the virtuals cache.
self._virtuals = {
v.name: IcrVirtualServer(**v.raw) for v in virtuals
if self._manageable_resource(v)
}
# Refresh the virtuals cache.
self._all_virtuals = {
v.name: IcrVirtualServer(**v.raw) for v in virtuals
}
# Refresh the virtual address cache.
self._virtual_addresses = {
v.name: IcrVirtualAddress(**v.raw) for v in virtual_addresses
if self._manageable_resource(v)
}
# Refresh the pool cache
self._pools = {
p.name: IcrPool(**p.raw) for p in pools
if self._manageable_resource(p)
}
# Refresh the all-pool cache
self._all_pools = {
p.name: IcrPool(**p.raw) for p in pools
}
# Refresh the policy cache
self._policies = {
p.name: IcrPolicy(**p.raw) for p in policies
if self._manageable_resource(p)
}
# Refresh the iapp cache
self._iapps = {
i.name: ApplicationService(**i.raw) for i in iapps
if i.name.startswith(self._prefix)
}
# Refresh the node cache
self._nodes = {
n.name: Node(**n.raw) for n in nodes
}
# Refresh the health monitor cache
self._monitors['http'] = {
m.name: IcrHTTPMonitor(**m.raw) for m in http_monitors
if self._manageable_resource(m)
}
self._monitors['https'] = {
m.name: IcrHTTPSMonitor(**m.raw) for m in https_monitors
if self._manageable_resource(m)
}
self._monitors['tcp'] = {
m.name: IcrTCPMonitor(**m.raw) for m in tcp_monitors
if self._manageable_resource(m)
}
self._monitors['icmp'] = {
m.name: IcrICMPMonitor(**m.raw) for m in icmp_monitors
if self._manageable_resource(m)
}
