def exec_module(self):
changed = False
result = dict()
state = self.want.state
if state == 'present':
changed = self.present()
elif state == 'fetch':
if self.want.subscription_id is None and self.want.service_instance_name is None:
self.read_subscriptions_from_cloud()
elif self.exists() is False:
raise F5ModuleError('subscription not found')
elif state == 'absent':
if self.exists():
changed = self.retire()
elif state == 'active':
if self.exists():
changed = self.activate()
elif state == 'suspended':
if self.exists():
changed = self.suspend()
reportable = ReportableChanges(params=self.changes.to_return())
changes = reportable.to_return()
result.update(**changes)
result.update(dict(changed=changed))
self._announce_deprecations(result)
return result
def get_catalog_from_cloud(self):
services = self.get_catalog_services()
service = (
[x for x in services if x['catalog_id'] == self.want.catalog_id]
or [None])[0]
if service is None:
raise F5ModuleError('service not found')
self.have = ApiParameters(params=service)
self._update_changed_options()
def activate(self):
state = self.client.activate_subscription(subscription_id=self.have.subscription_id)
for retry in range(0, 12):
time.sleep(10)
state = self.client.get_subscription_status(subscription_id=self.have.subscription_id)
if state['status'] == 'ACTIVE':
break
if state['status'] != 'ACTIVE':
raise F5ModuleError('cannot activate subscription: ' + state.status)
def activate(self, subscription_id):
state = self.client.activate_subscription(subscription_id)
if not self.want.wait_status_change:
return True
for retry in range(0, 100):
state = self.client.get_subscription_status(subscription_id)
if state['status'] == 'ACTIVE' and state[
'service_state'] == 'DEPLOYED':
break
time.sleep(15)
if state['status'] != 'ACTIVE' or state['service_state'] != 'DEPLOYED':
raise F5ModuleError('cannot activate subscription: ' +
state.status)
def activate(self):
state = self.client.activate_subscription(
subscription_id=self.want.subscription_id)
for retry in range(0, 12):
time.sleep(10)
state = self.client.get_subscription_status(
subscription_id=self.want.subscription_id)
if state['status'] == 'ACTIVE':
break
if state['status'] != 'ACTIVE':
raise F5ModuleError('cannot activate subscription: ' +
state.status)
self.have = ApiParameters(params=state)
self._update_changed_options()
return True
def suspend(self):
state = self.client.activate_subscription(
subscription_id=self.want.subscription_id)
for retry in range(0, 12):
time.sleep(10)
state = self.client.get_subscription_status(
subscription_id=self.want.subscription_id)
if state['status'] == 'DISABLED' and state[
'service_state'] == 'UNDEPLOYED':
break
if state['status'] != 'DISABLED' or state[
'service_state'] != 'UNDEPLOYED':
raise F5ModuleError('cannot suspend subscription: ' + state.status)
self.have = ApiParameters(params=state)
self._update_changed_options()
return True
def activate(self):
if self.have.status == 'ACTIVE':
return False
state = self.client.activate_subscription(self.have.subscription_id)
for retry in range(0, 100):
state = self.client.get_subscription_status(
self.have.subscription_id)
if state['status'] == 'ACTIVE':
break
time.sleep(15)
if state['status'] != 'ACTIVE':
raise F5ModuleError('cannot activate subscription: ' +
state.status)
self.have.update(dict(status=state['status']))
return True
def suspend(self):
if self.have.status == 'DISABLED':
return False
state = self.client.suspend_subscription(
subscription_id=self.want.subscription_id)
for retry in range(0, 100):
state = self.client.get_subscription_status(
subscription_id=self.want.subscription_id)
if state['status'] == 'DISABLED' and state[
'service_state'] == 'UNDEPLOYED':
break
time.sleep(15)
if state['status'] != 'DISABLED' or state[
'service_state'] != 'UNDEPLOYED':
raise F5ModuleError('cannot suspend subscription: ' + state.status)
self.have.update(dict(status=state['status']))
return True
def auto_discover(self, account_id, catalog_id):
payload = {
'account_id': account_id,
'catalog_id': catalog_id,
'service_instance_name': self.want.service_instance_name,
'service_type': 'waf',
'configuration': {
'waf_service': {
'application': {
'description': '',
'fqdn': self.want.fqdn,
'http': {
'enabled': True,
'port': 80,
},
},
'policy': {
'encoding': 'utf-8',
},
},
},
}
self.create_on_cloud(payload)
discovery = None
for retry in range(0, 5):
subscription = self.client.get_subscription_by_id(
self.have.subscription_id)
if subscription['configuration'].get('details'):
if subscription['configuration']['details']['discovery'] \
and subscription['configuration']['details']['discovery']['ipGeolocations']:
discovery = subscription['configuration']['details'][
'discovery']
break
time.sleep(15)
if discovery is None:
raise F5ModuleError('Auto discovery failed')
return {
'waf_service': {
'application': {
'description': '',
'fqdn': self.want.fqdn,
'http': {
'enabled': True,
'port': 80,
},
'https': {
'enabled': False,
'port': 443,
'tls': {
'certificate_id': '',
}
},
'waf_regions': {
discovery['cloudProvider']: {
discovery['cloudRegion']: {
'endpoint': {
'http': {
'port': 80,
'enabled': discovery["isHTTP"],
},
'https': {
'port': 443,
'enabled': discovery["isHTTPS"],
},
'ips':
[discovery['ipGeolocations'][0]['ip']]
}
}
}
},
},
'policy': f5_cs_eap_default_policy,
}
}
def get_role_id_by_name(self, name):
roles = self.get_roles()
role = ([x for x in roles if x['name'] == name] or [None])[0]
if role is None:
raise F5ModuleError('role not found')
return role['id']
def exec_module(self):
result = dict()
changed = False
if self.want.state == "present":
certificate_id = self.want.certificate_id
assigned_subscriptions = self.want.assigned_subscriptions
if certificate_id is None:
certificate_id = self.find_existing_certificate()
if certificate_id is None:
certificate_id = self.upload_certificate()
changed = True
if assigned_subscriptions:
for subscription in assigned_subscriptions:
params = dict(
certificate_id=certificate_id,
subscription_id=subscription['subscription_id'],
enabled=subscription['enabled'],
https_port=subscription['https_port'],
https_redirect=subscription['https_redirect'],
tls_version=subscription['tls_version'],
update_comment=subscription['update_comment'],
)
changed = self.update_subscription_on_cloud(params)
self.find_certificate_usage_on_cloud(certificate_id)
elif self.want.state == "fetch":
if self.want.certificate_id:
self.find_certificate_usage_on_cloud(self.want.certificate_id)
elif self.want.subscription_id:
certificate_id = self.get_certificate_id_by_subscription_id(
self.want.subscription_id)
if certificate_id:
self.find_certificate_usage_on_cloud(certificate_id)
else:
raise F5ModuleError('certificate not found')
else:
response = self.get_certificates()
self.have = ApiParameters(params=dict(certificates=response))
changed = False
elif self.want.state == "absent":
if self.want.certificate_id:
certificates = self.get_certificates()
certificate = ([
x for x in certificates
if x['id'] == self.want.certificate_id
] or [None])[0]
if certificate:
self.remove_certificate(self.want.certificate_id)
changed = True
elif self.want.subscription_id:
certificate = self.get_certificate_id_by_subscription_id(
self.want.subscription_id)
if certificate:
self.remove_certificate_from_eap(self.want.subscription_id)
changed = True
self._update_changed_options()
reportable = ReportableChanges(params=self.changes.to_return())
changes = reportable.to_return()
result.update(**changes)
result.update(dict(changed=changed))
self._announce_deprecations(result)
return result
