def test_ip_enforcement_update(self, *args): set_module_args( dict(subscription_id='s-xxxxxxxxxx', state='absent', ip_endpoints=[ default_endpoint, ])) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode) get_subscription_fake = load_fixture( 'f5_cs_dnslb_ip_endpoints_get_subscription.json') connection = Mock() api_client = CloudservicesApi(connection) api_client.login = Mock() api_client.get_subscription_by_id = Mock( return_value=get_subscription_fake) api_client.update_subscription = Mock( side_effect=self.update_enforcement_list) mm = ModuleManager(module=module, client=api_client) results = mm.exec_module() assert results['changed'] is True assert results['subscription_id'] == 's-xxxxxxxxxx' assert len(results['ip_endpoints']) == 0
def test_records_exclude(self, *args): set_module_args( dict(subscription_id='s-xxxxxxxxxx', state='absent', records={"demo-record": {}})) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode) get_subscription_fake = load_fixture( 'f5_cs_dns_subscription_get_multi_records.json') connection = Mock() api_client = CloudservicesApi(connection) api_client.login = Mock() api_client.get_subscription_by_id = Mock( return_value=get_subscription_fake) api_client.update_subscription = Mock(side_effect=self.update_records) mm = ModuleManager(module=module, client=api_client) results = mm.exec_module() assert results['changed'] is True assert results['subscription_id'] == 's-xxxxxxxxxx' assert len(results['records'].keys()) == 1 remote_default_record = results['records'][''][0] assert default_record[0]['ttl'] == remote_default_record['ttl'] assert default_record[0]['type'] == remote_default_record['type'] assert default_record[0]['values'] == remote_default_record['values']
def test_cname_fetch(self, *args): set_module_args(dict( subscription_id='s-xxxxxxxxxx' )) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode ) connection = Mock() api_client = CloudservicesApi(connection) api_client.login = Mock() fixture = load_fixture('f5_cs_eap_cname_fetch_get_eap_subscription.json') api_client.get_subscription_by_id = Mock(return_value=fixture) mm = ModuleManager(module=module, client=api_client) mm.exists = Mock(return_value=False) mm.publish_on_device = Mock(return_value=True) mm.draft_exists = Mock(return_value=False) mm._create_existing_policy_draft_on_device = Mock(return_value=True) results = mm.exec_module() assert results['CNAMEValue'] == 'waf-xxxxxxxxxx.waf.prd.f5aas.com' assert results['subscription_id'] == 's-xxxxxxxxxx'
def test_subscription_patch_update(self, *args): set_module_args( dict(subscription_id='s-xxxxxxxxxx', patch=True, configuration=dict(gslb_service=dict(custom_parameter=True)))) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode) get_subscription_fake = load_fixture( 'f5_cs_dnslb_subscription_app_update_default.json') get_user_fake = load_fixture('f5_cs_subscription_app_get_user.json') get_subscriptions_fake = load_fixture( 'f5_cs_dnslb_subscriptions_get.json') connection = Mock() api_client = CloudservicesApi(connection) api_client.login = Mock() api_client.update_subscription = Mock( side_effect=self.update_subscription) api_client.get_subscription_by_id = Mock( return_value=get_subscription_fake) api_client.get_current_user = Mock(return_value=get_user_fake) api_client.get_subscriptions_by_type = Mock( return_value=get_subscriptions_fake) mm = ModuleManager(module=module, client=api_client) results = mm.exec_module() assert results['changed'] is True assert results['subscription_id'] == 's-xxxxxxxxxx'
def test_subscription_fetch(self, *args): set_module_args(dict( state='fetch', subscription_id='s-xxxxxxxxxx', )) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode ) get_subscription_fake = load_fixture('f5_cs_dnslb_subscription_app_fetch.json') connection = Mock() api_client = CloudservicesApi(connection) api_client.login = Mock() api_client.get_subscription_by_id = Mock(return_value=get_subscription_fake) mm = ModuleManager(module=module, client=api_client) results = mm.exec_module() assert results['changed'] is False assert results['account_id'] == 'a-xxxxxxxxxx' assert results['catalog_id'] == 'c-xxxxxxxxxx' assert results['subscription_id'] == 's-xxxxxxxxxx' assert results['service_instance_name'] == 'fqdn.demo.com' assert results['configuration']['gslb_service']['virtual_servers']['ipEndpoint_1']['address'] == '12.34.56.78' assert results['configuration']['gslb_service']['virtual_servers']['ipEndpoint_1']['display_name'] == 'endpoint_1' assert results['configuration']['gslb_service']['virtual_servers']['ipEndpoint_1']['monitor'] == 'none' assert results['configuration']['gslb_service']['virtual_servers']['ipEndpoint_1']['port'] == 80 assert results['configuration']['gslb_service']['virtual_servers']['ipEndpoint_1']['virtual_server_type'] == 'cloud'
def test_subscription_fetch(self, *args): set_module_args(dict( state='fetch', subscription_id='s-xxxxxxxxxx', )) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode ) get_subscription_fake = load_fixture('f5_cs_eap_subscription_app_fetch.json') connection = Mock() api_client = CloudservicesApi(connection) api_client.login = Mock() api_client.get_subscription_by_id = Mock(return_value=get_subscription_fake) mm = ModuleManager(module=module, client=api_client) results = mm.exec_module() assert results['changed'] is False assert results['account_id'] == 'a-xxxxxxxxxx' assert results['catalog_id'] == 'c-xxxxxxxxxx' assert results['subscription_id'] == 's-xxxxxxxxxx' assert results['service_instance_name'] == 'fqdn.demo.com' assert results['configuration']['details']['CNAMEValue'] == 'waf-xxxxxxxxxx.waf.prd.f5aas.com' assert results['configuration']['waf_service']['application']['fqdn'] == 'fqdn.demo.com' assert results['configuration']['waf_service']['application']['description'] == 'fqdn.demo.com' assert results['configuration']['waf_service']['application']['waf_regions']['aws']['us-east-1']['endpoint']['ips'] == ['192.168.1.1']
def test_ip_enforcement_update(self, *args): set_module_args( dict(subscription_id='s-xxxxxxxxxx', state='append', ip_endpoints=[ cloud_endpoint_1, ltm_endpoint_1, ])) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode) get_subscription_fake = load_fixture( 'f5_cs_dnslb_ip_endpoints_get_subscription.json') connection = Mock() api_client = CloudservicesApi(connection) api_client.login = Mock() api_client.get_subscription_by_id = Mock( return_value=get_subscription_fake) api_client.update_subscription = Mock( side_effect=self.update_enforcement_list) mm = ModuleManager(module=module, client=api_client) results = mm.exec_module() assert results['changed'] is True assert results['subscription_id'] == 's-xxxxxxxxxx' updated_endpoint_0 = results['ip_endpoints'][0] assert default_endpoint['virtual_server_type'] == updated_endpoint_0[ 'virtual_server_type'] assert default_endpoint['display_name'] == updated_endpoint_0[ 'display_name'] assert default_endpoint['port'] == updated_endpoint_0['port'] assert default_endpoint['address'] == updated_endpoint_0['address'] assert default_endpoint['monitor'] == updated_endpoint_0['monitor'] updated_endpoint_1 = results['ip_endpoints'][1] assert cloud_endpoint_1['virtual_server_type'] == updated_endpoint_1[ 'virtual_server_type'] assert cloud_endpoint_1['display_name'] == updated_endpoint_1[ 'display_name'] assert cloud_endpoint_1['port'] == updated_endpoint_1['port'] assert cloud_endpoint_1['address'] == updated_endpoint_1['address'] assert cloud_endpoint_1['monitor'] == updated_endpoint_1['monitor'] updated_endpoint_2 = results['ip_endpoints'][2] assert ltm_endpoint_1['virtual_server_type'] == updated_endpoint_2[ 'virtual_server_type'] assert ltm_endpoint_1['display_name'] == updated_endpoint_2[ 'display_name'] assert ltm_endpoint_1['port'] == updated_endpoint_2['port'] assert ltm_endpoint_1['translation_address'] == updated_endpoint_2[ 'translation_address'] assert ltm_endpoint_1['vip_id'] == updated_endpoint_2['vip_id']
def test_ip_enforcement_update(self, *args): set_module_args( dict(subscription_id='s-xxxxxxxxxx', state='present', append=True, ip_enforcement=[ hacker_ip, devops_ip, ])) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode) get_subscription_fake = load_fixture( 'f5_cs_eap_ip_enforcement_get_eap_subscription.json') connection = Mock() api_client = CloudservicesApi(connection) api_client.login = Mock() api_client.get_subscription_by_id = Mock( return_value=get_subscription_fake) api_client.update_subscription = Mock( side_effect=self.update_enforcement_list) mm = ModuleManager(module=module, client=api_client) results = mm.exec_module() assert results['changed'] is True assert results['subscription_id'] == 's-xxxxxxxxxx' bot_ip = results['ip_enforcement'][0] assert bot_ip['address'] == '192.168.1.1' assert bot_ip['description'] == 'bot_1' assert bot_ip['action'] == 'block' assert bot_ip['log'] is False updated_hacker_ip = results['ip_enforcement'][1] assert hacker_ip['address'] == updated_hacker_ip['address'] assert hacker_ip['description'] == updated_hacker_ip['description'] assert updated_hacker_ip['action'] == 'block' assert hacker_ip['log'] == updated_hacker_ip['log'] updated_devops_ip = results['ip_enforcement'][2] assert devops_ip['address'] == updated_devops_ip['address'] assert devops_ip['description'] == updated_devops_ip['description'] assert devops_ip['action'] == updated_devops_ip['action'] assert updated_devops_ip['log'] is False
def test_certificate_upload(self, *args): set_module_args( dict(subscription_id='s-xxxxxxxxxx', certificate='cert', private_key='key', passphrase='pass_phrase', certificate_chain='certificate_chain', https_port=443, https_redirect=True, update_comment='update SSL certificate')) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode) get_subscription_fake = load_fixture( 'f5_cs_eap_certificate_get_subscription.json') update_subscription_fake = load_fixture( 'f5_cs_eap_certificate_update_subscription.json') post_certificate_fake = load_fixture( 'f5_cs_eap_certificate_post_certificate.json') connection = Mock() api_client = CloudservicesApi(connection) api_client.login = Mock() api_client.get_subscription_by_id = Mock( return_value=get_subscription_fake) api_client.update_subscription = Mock( return_value=update_subscription_fake) api_client.post_certificate = Mock(return_value=post_certificate_fake) mm = ModuleManager(module=module, client=api_client) results = mm.exec_module() assert results['changed'] is True assert results['subscription_id'] == 's-xxxxxxxxxx' assert results['account_id'] == 'a-xxxxxxxxxx' assert results['configuration']['waf_service']['application']['http'][ 'https_redirect'] is True assert results['configuration']['waf_service']['application']['https'][ 'enabled'] is True assert results['configuration']['waf_service']['application']['https'][ 'port'] == 443 assert results['configuration']['waf_service']['application']['https'][ 'tls']['certificate_id'] == 'cert-xxxxxx_xxx'
def test_protection_change(self, *args): set_module_args( dict(subscription_id='s-xxxxxxxxxx', hi_risk_attack=dict(enabled=True, enforcement_mode='monitoring'), threat_campaign=dict(enabled=True, enforcement_mode='monitoring'), malicious_ip=dict(enabled=True, enforcement_mode='monitoring'), update_comment='update EAP protection mode')) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode) get_subscription_fake = load_fixture( 'f5_cs_eap_protection_mode_get_subscription.json') update_subscription_fake = load_fixture( 'f5_cs_eap_protection_mode_update_subscription.json') connection = Mock() api_client = CloudservicesApi(connection) api_client.login = Mock() api_client.get_subscription_by_id = Mock( return_value=get_subscription_fake) api_client.update_subscription = Mock( return_value=update_subscription_fake) mm = ModuleManager(module=module, client=api_client) results = mm.exec_module() assert results['changed'] is True assert results['subscription_id'] == 's-xxxxxxxxxx' assert results['hi_risk_attack']['enabled'] is True assert results['hi_risk_attack']['enforcement_mode'] == 'monitoring' assert results['malicious_ip']['enabled'] is True assert results['malicious_ip']['enforcement_mode'] == 'monitoring' assert results['threat_campaign']['enabled'] is True assert results['threat_campaign']['enforcement_mode'] == 'monitoring'