def test_ip_enforcement_update(self, *args):
set_module_args(
dict(subscription_id='s-xxxxxxxxxx',
state='absent',
ip_endpoints=[
default_endpoint,
]))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode)
get_subscription_fake = load_fixture(
'f5_cs_dnslb_ip_endpoints_get_subscription.json')
connection = Mock()
api_client = CloudservicesApi(connection)
api_client.login = Mock()
api_client.get_subscription_by_id = Mock(
return_value=get_subscription_fake)
api_client.update_subscription = Mock(
side_effect=self.update_enforcement_list)
mm = ModuleManager(module=module, client=api_client)
results = mm.exec_module()
assert results['changed'] is True
assert results['subscription_id'] == 's-xxxxxxxxxx'
assert len(results['ip_endpoints']) == 0
def test_records_exclude(self, *args):
set_module_args(
dict(subscription_id='s-xxxxxxxxxx',
state='absent',
records={"demo-record": {}}))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode)
get_subscription_fake = load_fixture(
'f5_cs_dns_subscription_get_multi_records.json')
connection = Mock()
api_client = CloudservicesApi(connection)
api_client.login = Mock()
api_client.get_subscription_by_id = Mock(
return_value=get_subscription_fake)
api_client.update_subscription = Mock(side_effect=self.update_records)
mm = ModuleManager(module=module, client=api_client)
results = mm.exec_module()
assert results['changed'] is True
assert results['subscription_id'] == 's-xxxxxxxxxx'
assert len(results['records'].keys()) == 1
remote_default_record = results['records'][''][0]
assert default_record[0]['ttl'] == remote_default_record['ttl']
assert default_record[0]['type'] == remote_default_record['type']
assert default_record[0]['values'] == remote_default_record['values']
def test_cname_fetch(self, *args):
set_module_args(dict(
subscription_id='s-xxxxxxxxxx'
))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode
)
connection = Mock()
api_client = CloudservicesApi(connection)
api_client.login = Mock()
fixture = load_fixture('f5_cs_eap_cname_fetch_get_eap_subscription.json')
api_client.get_subscription_by_id = Mock(return_value=fixture)
mm = ModuleManager(module=module, client=api_client)
mm.exists = Mock(return_value=False)
mm.publish_on_device = Mock(return_value=True)
mm.draft_exists = Mock(return_value=False)
mm._create_existing_policy_draft_on_device = Mock(return_value=True)
results = mm.exec_module()
assert results['CNAMEValue'] == 'waf-xxxxxxxxxx.waf.prd.f5aas.com'
assert results['subscription_id'] == 's-xxxxxxxxxx'
def test_subscription_patch_update(self, *args):
set_module_args(
dict(subscription_id='s-xxxxxxxxxx',
patch=True,
configuration=dict(gslb_service=dict(custom_parameter=True))))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode)
get_subscription_fake = load_fixture(
'f5_cs_dnslb_subscription_app_update_default.json')
get_user_fake = load_fixture('f5_cs_subscription_app_get_user.json')
get_subscriptions_fake = load_fixture(
'f5_cs_dnslb_subscriptions_get.json')
connection = Mock()
api_client = CloudservicesApi(connection)
api_client.login = Mock()
api_client.update_subscription = Mock(
side_effect=self.update_subscription)
api_client.get_subscription_by_id = Mock(
return_value=get_subscription_fake)
api_client.get_current_user = Mock(return_value=get_user_fake)
api_client.get_subscriptions_by_type = Mock(
return_value=get_subscriptions_fake)
mm = ModuleManager(module=module, client=api_client)
results = mm.exec_module()
assert results['changed'] is True
assert results['subscription_id'] == 's-xxxxxxxxxx'
def test_subscription_fetch(self, *args):
set_module_args(dict(
state='fetch',
subscription_id='s-xxxxxxxxxx',
))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode
)
get_subscription_fake = load_fixture('f5_cs_dnslb_subscription_app_fetch.json')
connection = Mock()
api_client = CloudservicesApi(connection)
api_client.login = Mock()
api_client.get_subscription_by_id = Mock(return_value=get_subscription_fake)
mm = ModuleManager(module=module, client=api_client)
results = mm.exec_module()
assert results['changed'] is False
assert results['account_id'] == 'a-xxxxxxxxxx'
assert results['catalog_id'] == 'c-xxxxxxxxxx'
assert results['subscription_id'] == 's-xxxxxxxxxx'
assert results['service_instance_name'] == 'fqdn.demo.com'
assert results['configuration']['gslb_service']['virtual_servers']['ipEndpoint_1']['address'] == '12.34.56.78'
assert results['configuration']['gslb_service']['virtual_servers']['ipEndpoint_1']['display_name'] == 'endpoint_1'
assert results['configuration']['gslb_service']['virtual_servers']['ipEndpoint_1']['monitor'] == 'none'
assert results['configuration']['gslb_service']['virtual_servers']['ipEndpoint_1']['port'] == 80
assert results['configuration']['gslb_service']['virtual_servers']['ipEndpoint_1']['virtual_server_type'] == 'cloud'
def test_subscription_fetch(self, *args):
set_module_args(dict(
state='fetch',
subscription_id='s-xxxxxxxxxx',
))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode
)
get_subscription_fake = load_fixture('f5_cs_eap_subscription_app_fetch.json')
connection = Mock()
api_client = CloudservicesApi(connection)
api_client.login = Mock()
api_client.get_subscription_by_id = Mock(return_value=get_subscription_fake)
mm = ModuleManager(module=module, client=api_client)
results = mm.exec_module()
assert results['changed'] is False
assert results['account_id'] == 'a-xxxxxxxxxx'
assert results['catalog_id'] == 'c-xxxxxxxxxx'
assert results['subscription_id'] == 's-xxxxxxxxxx'
assert results['service_instance_name'] == 'fqdn.demo.com'
assert results['configuration']['details']['CNAMEValue'] == 'waf-xxxxxxxxxx.waf.prd.f5aas.com'
assert results['configuration']['waf_service']['application']['fqdn'] == 'fqdn.demo.com'
assert results['configuration']['waf_service']['application']['description'] == 'fqdn.demo.com'
assert results['configuration']['waf_service']['application']['waf_regions']['aws']['us-east-1']['endpoint']['ips'] == ['192.168.1.1']
def test_ip_enforcement_update(self, *args):
set_module_args(
dict(subscription_id='s-xxxxxxxxxx',
state='append',
ip_endpoints=[
cloud_endpoint_1,
ltm_endpoint_1,
]))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode)
get_subscription_fake = load_fixture(
'f5_cs_dnslb_ip_endpoints_get_subscription.json')
connection = Mock()
api_client = CloudservicesApi(connection)
api_client.login = Mock()
api_client.get_subscription_by_id = Mock(
return_value=get_subscription_fake)
api_client.update_subscription = Mock(
side_effect=self.update_enforcement_list)
mm = ModuleManager(module=module, client=api_client)
results = mm.exec_module()
assert results['changed'] is True
assert results['subscription_id'] == 's-xxxxxxxxxx'
updated_endpoint_0 = results['ip_endpoints'][0]
assert default_endpoint['virtual_server_type'] == updated_endpoint_0[
'virtual_server_type']
assert default_endpoint['display_name'] == updated_endpoint_0[
'display_name']
assert default_endpoint['port'] == updated_endpoint_0['port']
assert default_endpoint['address'] == updated_endpoint_0['address']
assert default_endpoint['monitor'] == updated_endpoint_0['monitor']
updated_endpoint_1 = results['ip_endpoints'][1]
assert cloud_endpoint_1['virtual_server_type'] == updated_endpoint_1[
'virtual_server_type']
assert cloud_endpoint_1['display_name'] == updated_endpoint_1[
'display_name']
assert cloud_endpoint_1['port'] == updated_endpoint_1['port']
assert cloud_endpoint_1['address'] == updated_endpoint_1['address']
assert cloud_endpoint_1['monitor'] == updated_endpoint_1['monitor']
updated_endpoint_2 = results['ip_endpoints'][2]
assert ltm_endpoint_1['virtual_server_type'] == updated_endpoint_2[
'virtual_server_type']
assert ltm_endpoint_1['display_name'] == updated_endpoint_2[
'display_name']
assert ltm_endpoint_1['port'] == updated_endpoint_2['port']
assert ltm_endpoint_1['translation_address'] == updated_endpoint_2[
'translation_address']
assert ltm_endpoint_1['vip_id'] == updated_endpoint_2['vip_id']
def test_ip_enforcement_update(self, *args):
set_module_args(
dict(subscription_id='s-xxxxxxxxxx',
state='present',
append=True,
ip_enforcement=[
hacker_ip,
devops_ip,
]))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode)
get_subscription_fake = load_fixture(
'f5_cs_eap_ip_enforcement_get_eap_subscription.json')
connection = Mock()
api_client = CloudservicesApi(connection)
api_client.login = Mock()
api_client.get_subscription_by_id = Mock(
return_value=get_subscription_fake)
api_client.update_subscription = Mock(
side_effect=self.update_enforcement_list)
mm = ModuleManager(module=module, client=api_client)
results = mm.exec_module()
assert results['changed'] is True
assert results['subscription_id'] == 's-xxxxxxxxxx'
bot_ip = results['ip_enforcement'][0]
assert bot_ip['address'] == '192.168.1.1'
assert bot_ip['description'] == 'bot_1'
assert bot_ip['action'] == 'block'
assert bot_ip['log'] is False
updated_hacker_ip = results['ip_enforcement'][1]
assert hacker_ip['address'] == updated_hacker_ip['address']
assert hacker_ip['description'] == updated_hacker_ip['description']
assert updated_hacker_ip['action'] == 'block'
assert hacker_ip['log'] == updated_hacker_ip['log']
updated_devops_ip = results['ip_enforcement'][2]
assert devops_ip['address'] == updated_devops_ip['address']
assert devops_ip['description'] == updated_devops_ip['description']
assert devops_ip['action'] == updated_devops_ip['action']
assert updated_devops_ip['log'] is False
def test_certificate_upload(self, *args):
set_module_args(
dict(subscription_id='s-xxxxxxxxxx',
certificate='cert',
private_key='key',
passphrase='pass_phrase',
certificate_chain='certificate_chain',
https_port=443,
https_redirect=True,
update_comment='update SSL certificate'))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode)
get_subscription_fake = load_fixture(
'f5_cs_eap_certificate_get_subscription.json')
update_subscription_fake = load_fixture(
'f5_cs_eap_certificate_update_subscription.json')
post_certificate_fake = load_fixture(
'f5_cs_eap_certificate_post_certificate.json')
connection = Mock()
api_client = CloudservicesApi(connection)
api_client.login = Mock()
api_client.get_subscription_by_id = Mock(
return_value=get_subscription_fake)
api_client.update_subscription = Mock(
return_value=update_subscription_fake)
api_client.post_certificate = Mock(return_value=post_certificate_fake)
mm = ModuleManager(module=module, client=api_client)
results = mm.exec_module()
assert results['changed'] is True
assert results['subscription_id'] == 's-xxxxxxxxxx'
assert results['account_id'] == 'a-xxxxxxxxxx'
assert results['configuration']['waf_service']['application']['http'][
'https_redirect'] is True
assert results['configuration']['waf_service']['application']['https'][
'enabled'] is True
assert results['configuration']['waf_service']['application']['https'][
'port'] == 443
assert results['configuration']['waf_service']['application']['https'][
'tls']['certificate_id'] == 'cert-xxxxxx_xxx'
def test_protection_change(self, *args):
set_module_args(
dict(subscription_id='s-xxxxxxxxxx',
hi_risk_attack=dict(enabled=True,
enforcement_mode='monitoring'),
threat_campaign=dict(enabled=True,
enforcement_mode='monitoring'),
malicious_ip=dict(enabled=True,
enforcement_mode='monitoring'),
update_comment='update EAP protection mode'))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode)
get_subscription_fake = load_fixture(
'f5_cs_eap_protection_mode_get_subscription.json')
update_subscription_fake = load_fixture(
'f5_cs_eap_protection_mode_update_subscription.json')
connection = Mock()
api_client = CloudservicesApi(connection)
api_client.login = Mock()
api_client.get_subscription_by_id = Mock(
return_value=get_subscription_fake)
api_client.update_subscription = Mock(
return_value=update_subscription_fake)
mm = ModuleManager(module=module, client=api_client)
results = mm.exec_module()
assert results['changed'] is True
assert results['subscription_id'] == 's-xxxxxxxxxx'
assert results['hi_risk_attack']['enabled'] is True
assert results['hi_risk_attack']['enforcement_mode'] == 'monitoring'
assert results['malicious_ip']['enabled'] is True
assert results['malicious_ip']['enforcement_mode'] == 'monitoring'
assert results['threat_campaign']['enabled'] is True
assert results['threat_campaign']['enforcement_mode'] == 'monitoring'