def test_create_policy_from_bigip(icr_policy_dict): policy = IcrPolicy(**icr_policy_dict) assert policy.name == "wrapper_policy" assert policy.partition == "Test" data = policy.data assert data.get('strategy') == "/Common/first-match" assert len(data.get('rules')) == 2 assert data.get('legacy') assert data.get('controls') == ["forwarding"] assert data.get('requires') == ["http"]
def test_create_policy_supported_conditions(self, bigip, partition): """Create a policy with supported conditions""" if isinstance(bigip, MagicMock): return policy_data = { 'name': self.name, 'strategy': "/Common/first-match", 'rules': [{ 'name': "test_rule0", 'actions': [], 'conditions': [] }] } rule = policy_data['rules'][0] skip_conditions = [ "http_uri_unsupported", "http_unsupported_operand_type" ] # For each supported condition create, test, and delete. for condition in conditions: if condition in skip_conditions: continue rule['conditions'] = [conditions[condition]] # Create the CCCL policy object. policy = Policy(partition=partition, **policy_data) # Create on the BIG-IP try: policy.create(bigip) except exceptions.F5CcclError as e: print(e) # Retrieve it from the BIG-IP (icr_policy, code) = self._get_policy_from_bigip(bigip, partition) # Compare. assert icr_policy assert policy == IcrPolicy(**icr_policy.raw) # Delete the policy try: policy.delete(bigip) except exceptions.F5CcclError as e: print(e)
def test_create_policy_one_rule(self, bigip, partition): """Create a simple policy with one rule.""" if isinstance(bigip, MagicMock): return test_rule = {'name': "rule_0", 'actions': [], 'conditions': []} test_policy = { 'name': self.name, 'strategy': "/Common/first-match", 'rules': [] } test_policy['rules'].append(test_rule) # Create the policy resource. policy = Policy(partition=partition, **test_policy) try: # Create on bigip. policy.create(bigip) except exceptions.F5CcclError as e: print(e) # Get the policy from the bigip. (icr_policy, code) = self._get_policy_from_bigip(bigip, partition) # Assert object exists and test attributes. assert icr_policy assert icr_policy.raw['name'] == self.name assert icr_policy.raw['strategy'] == "/Common/first-match" assert 'items' in icr_policy.raw['rulesReference'] rules = icr_policy.raw['rulesReference']['items'] assert len(rules) == 1 rule = rules[0] assert rule['name'] == "rule_0" assert rule['ordinal'] == 0 assert policy == IcrPolicy(**icr_policy.raw) # Cleanup try: policy.delete(bigip) except exceptions.F5CcclError as e: print(e)
def test_compare_icr_to_api_policy(icr_policy_dict, api_policy): icr_policy = IcrPolicy(**icr_policy_dict) assert icr_policy == api_policy
def test_create_policy_rule_conditions(self, bigip, partition): """Create a policy with a rule and conditions.""" if isinstance(bigip, MagicMock): return policy_data = { 'name': self.name, 'strategy': "/Common/first-match", 'rules': [{ 'name': "test_rule0", 'actions': [], 'conditions': [] }] } rule_0 = policy_data['rules'][0] rule_0['conditions'].append(conditions['http_host']) policy = Policy(partition=partition, **policy_data) try: policy.create(bigip) except exceptions.F5CcclError as e: print(e) (icr_policy, code) = self._get_policy_from_bigip(bigip, partition) assert icr_policy assert policy == IcrPolicy(**icr_policy.raw) # Add a condition condition = conditions['http_host'] rule_0['conditions'].append(conditions['http_host']) policy = Policy(partition=partition, **policy_data) try: policy.update(bigip) except exceptions.F5CcclError as e: print(e) (icr_policy, code) = self._get_policy_from_bigip(bigip, partition) assert icr_policy assert policy == IcrPolicy(**icr_policy.raw) # Remove both conditions rule_0['conditions'] = list() policy = Policy(partition=partition, **policy_data) try: policy.update(bigip) except exceptions.F5CcclError as e: print(e) (icr_policy, code) = self._get_policy_from_bigip(bigip, partition) assert icr_policy assert policy == IcrPolicy(**icr_policy.raw) # Modify the condition and check that they are different new_condition = deepcopy(conditions['http_host']) # Change the matcher. new_condition.pop('equals') new_condition['contains'] = True rule_0['conditions'] = [new_condition] policy = Policy(partition=partition, **policy_data) # Test that the conditions are not equal. assert policy != IcrPolicy(**icr_policy.raw) # Update and check that they are equal try: policy.update(bigip) except exceptions.F5CcclError as e: print(e) (icr_policy, code) = self._get_policy_from_bigip(bigip, partition) assert icr_policy assert policy == IcrPolicy(**icr_policy.raw) # Delete the policy try: policy.delete(bigip) except exceptions.F5CcclError as e: print(e)
def test_create_policy_rules(self, bigip, partition): if isinstance(bigip, MagicMock): return # Create a new policy policy_data = { 'name': self.name, 'strategy': "/Common/first-match", 'rules': [] } policy = Policy(partition=partition, **policy_data) try: policy.create(bigip) except exceptions.F5CcclError as e: print(e) (icr_policy, code) = self._get_policy_from_bigip(bigip, partition) assert icr_policy for i in range(5): test_rule = {'actions': [], 'conditions': []} test_rule['name'] = "rule_{}".format(i) policy_data['rules'].append(test_rule) policy = Policy(partition=partition, **policy_data) try: policy.update(bigip) except exceptions.F5CcclError as e: print(e) (icr_policy, code) = self._get_policy_from_bigip(bigip, partition) assert icr_policy assert 'items' in icr_policy.raw['rulesReference'] rules = icr_policy.raw['rulesReference']['items'] assert len(rules) == i + 1 # Assert that the policy is equal to the one on the bigip. assert policy == IcrPolicy(**icr_policy.raw) # Reverse the list of rules and assert that the ordinals change. policy_data['rules'].reverse() policy = Policy(partition=partition, **policy_data) try: policy.update(bigip) except exceptions.F5CcclError as e: print(e) (icr_policy, code) = self._get_policy_from_bigip(bigip, partition) assert icr_policy assert 'items' in icr_policy.raw['rulesReference'] rules = icr_policy.raw['rulesReference']['items'] for rule in rules: ordinal = rule['ordinal'] assert rule['name'] == "rule_{}".format(4 - ordinal) # Assert that the policy is equal to the one on the bigip. assert policy == IcrPolicy(**icr_policy.raw) policy_data = { 'name': self.name, 'strategy': "/Common/first-match", 'rules': [] } policy = Policy(partition=partition, **policy_data) try: policy.update(bigip) except exceptions.F5CcclError as e: print(e) (icr_policy, code) = self._get_policy_from_bigip(bigip, partition) assert icr_policy assert 'items' not in icr_policy.raw['rulesReference'] try: policy.delete(bigip) except exceptions.F5CcclError as e: print(e)
def refresh(self): """Refresh the internal cache with the BIG-IP state.""" partition_filter = "$filter=partition+eq+{}".format(self._partition) # Retrieve the list of virtual servers in managed partition. query = partition_filter # Retrieve the lists of health monitors http_monitors = self.tm.ltm.monitor.https.get_collection( requests_params={"params": query}) https_monitors = self.tm.ltm.monitor.https_s.get_collection( requests_params={"params": query}) tcp_monitors = self.tm.ltm.monitor.tcps.get_collection( requests_params={"params": query}) icmp_monitors = ( self.tm.ltm.monitor.gateway_icmps.get_collection( requests_params={"params": query}) ) iapps = self.tm.sys.application.services.get_collection( requests_params={"params": query}) nodes = self.tm.ltm.nodes.get_collection( requests_params={"params": query}) virtual_addresses = self.tm.ltm.virtual_address_s.get_collection( requests_params={"params": query}) # Retrieve the list of virtuals, pools, and policies in the # managed partition getting all subCollections. query = "{}&expandSubcollections=true".format(partition_filter) virtuals = self.tm.ltm.virtuals.get_collection( requests_params={"params": query}) pools = self.tm.ltm.pools.get_collection( requests_params={"params": query}) policies = self.tm.ltm.policys.get_collection( requests_params={"params": query}) # Refresh the virtuals cache. self._virtuals = { v.name: IcrVirtualServer(**v.raw) for v in virtuals if self._manageable_resource(v) } # Refresh the virtuals cache. self._all_virtuals = { v.name: IcrVirtualServer(**v.raw) for v in virtuals } # Refresh the virtual address cache. self._virtual_addresses = { v.name: IcrVirtualAddress(**v.raw) for v in virtual_addresses if self._manageable_resource(v) } # Refresh the pool cache self._pools = { p.name: IcrPool(**p.raw) for p in pools if self._manageable_resource(p) } # Refresh the all-pool cache self._all_pools = { p.name: IcrPool(**p.raw) for p in pools } # Refresh the policy cache self._policies = { p.name: IcrPolicy(**p.raw) for p in policies if self._manageable_resource(p) } # Refresh the iapp cache self._iapps = { i.name: ApplicationService(**i.raw) for i in iapps if i.name.startswith(self._prefix) } # Refresh the node cache self._nodes = { n.name: Node(**n.raw) for n in nodes } # Refresh the health monitor cache self._monitors['http'] = { m.name: IcrHTTPMonitor(**m.raw) for m in http_monitors if self._manageable_resource(m) } self._monitors['https'] = { m.name: IcrHTTPSMonitor(**m.raw) for m in https_monitors if self._manageable_resource(m) } self._monitors['tcp'] = { m.name: IcrTCPMonitor(**m.raw) for m in tcp_monitors if self._manageable_resource(m) } self._monitors['icmp'] = { m.name: IcrICMPMonitor(**m.raw) for m in icmp_monitors if self._manageable_resource(m) }