def test_delete_topology_object_dump_json(self, *args): # Configure the arguments that would be sent to the Ansible module expected = load_fixture('sslo_topology_delete_created.json') set_module_args( dict(name='expl_topo', topology_type='outbound_explicit', state='absent', dump_json=True)) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode, mutually_exclusive=self.spec.mutually_exclusive, required_together=self.spec.required_together, required_if=self.spec.required_if) mm = ModuleManager(module=module) exists = dict(code=200, contents=load_fixture('load_sslo_topology.json')) # Override methods to force specific logic in the module to happen mm.client.get = Mock(side_effect=[exists, exists]) results = mm.exec_module() assert results['changed'] is False assert results['json'] == expected
def test_create_expl_out_topology_object_dump_json(self, *args): # Configure the arguments that would be sent to the Ansible module expected = load_fixture('sslo_l3_expl_topo_create_generated.json') set_module_args( dict(name='expl_topo', topology_type='outbound_explicit', proxy_ip='192.168.1.1', proxy_port=3211, security_policy='from_gui', ssl_settings='foobar', vlans=['/Common/fake1'], dump_json=True)) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode, mutually_exclusive=self.spec.mutually_exclusive, required_together=self.spec.required_together, required_if=self.spec.required_if) mm = ModuleManager(module=module) # Override methods to force specific logic in the module to happen mm.exists = Mock(return_value=False) mm.client.get = Mock(return_value=dict( code=200, contents=load_fixture('sslo_gs_present.json'))) results = mm.exec_module() assert results['changed'] is False assert results['json'] == expected
def test_create_expl_out_topology_object(self, *args): # Configure the arguments that would be sent to the Ansible module set_module_args( dict(name='expl_topo', topology_type='outbound_explicit', proxy_ip='192.168.1.1', proxy_port=3211, security_policy='from_gui', ssl_settings='foobar', vlans=['/Common/fake1'])) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode, mutually_exclusive=self.spec.mutually_exclusive, required_together=self.spec.required_together, required_if=self.spec.required_if) mm = ModuleManager(module=module) gs = dict(code=200, contents=load_fixture('sslo_gs_present.json')) exists = dict(code=200, contents=load_fixture('load_sslo_topo_expl.json')) done = dict( code=200, contents=load_fixture('reply_sslo_topo_expl_create_done.json')) # Override methods to force specific logic in the module to happen mm.exists = Mock(return_value=False) mm.client.get = Mock(side_effect=[exists, gs, done]) mm.client.post = Mock(return_value=dict( code=202, contents=load_fixture('reply_sslo_topo_expl_create_start.json'))) results = mm.exec_module() assert results['changed'] is True assert results['topology'] == 'topology_l3_explicit_proxy' assert results['rule'] == 'Outbound' assert results['proxy_type'] == 'explicit' assert results['proxy_ip'] == '192.168.1.1' assert results['proxy_port'] == 3211 assert results['vlans'] == [{ 'name': '/Common/fake1', 'value': '/Common/fake1' }] assert results['ssl_settings'] == 'ssloT_foobar' assert results['security_policy'] == 'ssloP_from_gui'
def test_create_l2_in_topology_object(self, *args): # Configure the arguments that would be sent to the Ansible module set_module_args( dict(name='l2_topo_in', dest='192.168.1.3%0/32', port=0, topology_type='inbound_l2', ssl_settings='foobar', vlans=['/Common/fake1'])) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode, mutually_exclusive=self.spec.mutually_exclusive, required_together=self.spec.required_together, required_if=self.spec.required_if) mm = ModuleManager(module=module) gs = dict(code=200, contents=load_fixture('sslo_gs_present.json')) exists = dict(code=200, contents=load_fixture('load_sslo_topo_l2_in.json')) done = dict( code=200, contents=load_fixture('reply_sslo_topo_l2_in_create_done.json')) # Override methods to force specific logic in the module to happen mm.exists = Mock(return_value=False) mm.client.get = Mock(side_effect=[exists, gs, done]) mm.client.post = Mock(return_value=dict( code=202, contents=load_fixture('reply_sslo_topo_l2_in_create_start.json'))) results = mm.exec_module() assert results['changed'] is True assert results['topology'] == 'topology_l2_inbound' assert results['rule'] == 'Inbound' assert results['dep_net'] == 'l2_network' assert results['dest'] == '192.168.1.3%0/32' assert results['port'] == 0 assert results['vlans'] == [{ 'name': '/Common/fake1', 'value': '/Common/fake1' }] assert results['ssl_settings'] == 'ssloT_foobar'
def test_ssl_settings_invalid_protocol_udp_l2_out(self, *args): # Configure the arguments that would be sent to the Ansible module set_module_args( dict(name='l2_topo_out', topology_type='outbound_l2', vlans=['/Common/fake'], protocol='udp', ssl_settings='foobar')) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode, mutually_exclusive=self.spec.mutually_exclusive, required_together=self.spec.required_together, required_if=self.spec.required_if) mm = ModuleManager(module=module) # Override methods to force specific logic in the module to happen mm.exists = Mock(return_value=False) mm.return_sslo_global = Mock(return_value=True) with self.assertRaises(F5ModuleError) as res: mm.exec_module() assert str( res.exception ) == 'The Outbound L2 topology for UDP traffic cannot contain an ssl_settings key.'
def test_primary_auth_uri_invalid_protocol_l3_out(self, sslo): # Configure the arguments that would be sent to the Ansible module sslo.return_value = '8.2' err = "The 'primary_auth_uri' key can only be used with an outbound L3 TCP topology." set_module_args( dict(name='l3_topo_out', topology_type='outbound_l3', vlans=['/Common/fake'], protocol='other', primary_auth_uri='/fake')) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode, mutually_exclusive=self.spec.mutually_exclusive, required_together=self.spec.required_together, required_if=self.spec.required_if) mm = ModuleManager(module=module) # Override methods to force specific logic in the module to happen mm.exists = Mock(return_value=False) mm.return_sslo_global = Mock(return_value=True) with self.assertRaises(F5ModuleError) as res: mm.exec_module() assert str(res.exception) == err
def test_verify_accept_invalid_version(self, *args): # Configure the arguments that would be sent to the Ansible module err = "The 'verify_accept' key is supported on SSLO version 9.0 and above, your SSLO version is 7.5." set_module_args( dict(name='l2_topo_out', topology_type='inbound_l2', vlans=['/Common/fake'], verify_accept='no')) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode, mutually_exclusive=self.spec.mutually_exclusive, required_together=self.spec.required_together, required_if=self.spec.required_if) mm = ModuleManager(module=module) # Override methods to force specific logic in the module to happen mm.exists = Mock(return_value=False) mm.return_sslo_global = Mock(return_value=True) with self.assertRaises(F5ModuleError) as res: mm.exec_module() assert str(res.exception) == err
def test_profile_scope_named_invalid_version(self, *args): # Configure the arguments that would be sent to the Ansible module err = "The 'primary_auth_uri', 'profile_scope_value' or 'profile_scope' are " \ "supported on SSLO version 8.2 and above, your SSLO version is 7.5." set_module_args( dict(name='l3_topo_out', topology_type='outbound_l3', vlans=['/Common/fake'], profile_scope='named', profile_scope_value='some_value', primary_auth_uri='/foofake')) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode, mutually_exclusive=self.spec.mutually_exclusive, required_together=self.spec.required_together, required_if=self.spec.required_if) mm = ModuleManager(module=module) # Override methods to force specific logic in the module to happen mm.exists = Mock(return_value=False) mm.return_sslo_global = Mock(return_value=True) with self.assertRaises(F5ModuleError) as res: mm.exec_module() assert str(res.exception) == err
def test_ip_family_mismatch_proxy(self, *args): # Configure the arguments that would be sent to the Ansible module set_module_args( dict(name='fake_explicit', topology_type='outbound_explicit', vlans=['/Common/fake'], proxy_ip='19.1.1.1', proxy_port=1234, source='2001:0db8:85a3:0000:0000:8a2e:0370:7334/32')) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode, mutually_exclusive=self.spec.mutually_exclusive, required_together=self.spec.required_together, required_if=self.spec.required_if) mm = ModuleManager(module=module) # Override methods to force specific logic in the module to happen mm.exists = Mock(return_value=False) mm.return_sslo_global = Mock(return_value=True) with self.assertRaises(F5ModuleError) as res: mm.exec_module() assert str( res.exception ) == 'Source and proxy addresses must be in the same IP family.'
def test_proxy_ip_defined_for_non_explict_proxy_type(self, *args): # Configure the arguments that would be sent to the Ansible module err = "The 'proxy_ip' key is only to be used with explicit proxy type, use 'dest' key instead." set_module_args( dict(name='l2_out', topology_type='outbound_l2', proxy_ip='191.1.1.1', proxy_port=1234, ssl_settings='fakesettings', vlans=['/Common/fake'])) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode, mutually_exclusive=self.spec.mutually_exclusive, required_together=self.spec.required_together, required_if=self.spec.required_if) mm = ModuleManager(module=module) # Override methods to force specific logic in the module to happen mm.exists = Mock(return_value=False) mm.return_sslo_global = Mock(return_value=True) with self.assertRaises(F5ModuleError) as res: mm.exec_module() assert str(res.exception) == err
def test_security_policy_missing_explicit_proxy(self, *args): # Configure the arguments that would be sent to the Ansible module set_module_args( dict(name='explicit_out', topology_type='outbound_explicit', proxy_ip='191.1.1.1', proxy_port=1234, vlans=['/Common/fake'])) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode, mutually_exclusive=self.spec.mutually_exclusive, required_together=self.spec.required_together, required_if=self.spec.required_if) mm = ModuleManager(module=module) # Override methods to force specific logic in the module to happen mm.exists = Mock(return_value=False) mm.return_sslo_global = Mock(return_value=True) with self.assertRaises(F5ModuleError) as res: mm.exec_module() assert str( res.exception ) == "The 'security_policy' is required when creating explicit proxy type topology."
def test_vlans_parameter_missing(self, *args): # Configure the arguments that would be sent to the Ansible module set_module_args(dict(name='l2_topo_out', topology_type='inbound_l2')) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode, mutually_exclusive=self.spec.mutually_exclusive, required_together=self.spec.required_together, required_if=self.spec.required_if) mm = ModuleManager(module=module) # Override methods to force specific logic in the module to happen mm.exists = Mock(return_value=False) mm.return_sslo_global = Mock(return_value=True) with self.assertRaises(F5ModuleError) as res: mm.exec_module() assert str(res.exception) == 'At least one VLAN must be defined.'