def read_current_from_device(self):
if self.draft_exists():
uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name, sub_path='Drafts'),
)
else:
uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name)
)
query = "?expandSubcollections=true"
resp = self.client.api.get(uri + query)
try:
response = resp.json()
except ValueError as ex:
raise F5ModuleError(str(ex))
if 'code' in response and response['code'] == 400:
if 'message' in response:
raise F5ModuleError(response['message'])
else:
raise F5ModuleError(resp.content)
rules = self._get_rule_names(response['rulesReference'])
result = ComplexParameters(params=response)
result.update(dict(rules=rules))
return result
def _modify_rule_on_device(self, rule_name, idx, draft=False):
params = dict(ordinal=idx)
if draft:
uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}/rules/{3}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name, sub_path='Drafts'),
rule_name
)
else:
uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}/rules/{3}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name),
self.want.name
)
resp = self.client.api.patch(uri, json=params)
try:
response = resp.json()
except ValueError as ex:
raise F5ModuleError(str(ex))
if 'code' in response and response['code'] == [400, 409]:
if 'message' in response:
raise F5ModuleError(response['message'])
else:
raise F5ModuleError(resp.content)
def read_current_from_device(self):
if self.want.parent_policy:
uri = "https://{0}:{1}/mgmt/tm/security/firewall/policy/{2}/rules/{3}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.parent_policy),
self.want.name
)
else:
uri = "https://{0}:{1}/mgmt/tm/security/firewall/rule-list/{2}/rules/{3}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.parent_rule_list),
self.want.name
)
resp = self.client.api.get(uri)
try:
response = resp.json()
except ValueError as ex:
raise F5ModuleError(str(ex))
if 'code' in response and response['code'] == 400:
if 'message' in response:
raise F5ModuleError(response['message'])
else:
raise F5ModuleError(resp.content)
return ApiParameters(params=response)
def create_on_device(self):
params = self.changes.api_params()
params['name'] = self.want.name
params['partition'] = self.want.partition
params['placeAfter'] = 'last'
if self.want.parent_policy:
uri = "https://{0}:{1}/mgmt/tm/security/firewall/policy/{2}/rules/".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.parent_policy),
)
else:
uri = "https://{0}:{1}/mgmt/tm/security/firewall/rule-list/{2}/rules/".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.parent_rule_list),
)
if self.changes.protocol not in ['icmp', 'icmpv6']:
if self.changes.icmp_message is not None:
raise F5ModuleError(
"The 'icmp_message' can only be specified when 'protocol' is 'icmp' or 'icmpv6'."
)
resp = self.client.api.post(uri, json=params)
try:
response = resp.json()
except ValueError as ex:
raise F5ModuleError(str(ex))
if 'code' in response and response['code'] in [400, 403]:
if 'message' in response:
raise F5ModuleError(response['message'])
else:
raise F5ModuleError(resp.content)
def read_current_from_device(self):
"""Reads the current configuration from the device
For an external data group, we are interested in two things from the
current configuration
* ``checksum``
* ``type``
The ``checksum`` will allow us to compare the data group value we have
with the data group value being provided.
The ``type`` will allow us to do validation on the data group value being
provided (if any).
Returns:
ExternalApiParameters: Attributes of the remote resource.
"""
uri = "https://{0}:{1}/mgmt/tm/ltm/data-group/external/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name)
)
resp_dg = self.client.api.get(uri)
try:
response_dg = resp_dg.json()
except ValueError as ex:
raise F5ModuleError(str(ex))
if 'code' in response_dg and response_dg['code'] == 400:
if 'message' in response_dg:
raise F5ModuleError(response_dg['message'])
else:
raise F5ModuleError(resp_dg.content)
external_file = os.path.basename(response_dg['externalFileName'])
external_file_partition = os.path.dirname(response_dg['externalFileName']).strip('/')
uri = "https://{0}:{1}/mgmt/tm/sys/file/data-group/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(external_file_partition, external_file)
)
resp = self.client.api.get(uri)
try:
response = resp.json()
except ValueError as ex:
raise F5ModuleError(str(ex))
if 'code' in response and response['code'] == 400:
if 'message' in response:
raise F5ModuleError(response['message'])
else:
raise F5ModuleError(resp.content)
result = ApiParameters(params=response)
result.update({'description': response_dg.get('description', None)})
return result
def _read_rule_from_device(self, rule_name, draft=False):
if draft:
uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}/rules/{3}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name, sub_path='Drafts'),
rule_name
)
else:
uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}/rules/{3}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name),
self.want.name
)
resp = self.client.api.get(uri)
try:
response = resp.json()
except ValueError as ex:
raise F5ModuleError(str(ex))
if 'code' in response and response['code'] == 400:
if 'message' in response:
raise F5ModuleError(response['message'])
else:
raise F5ModuleError(resp.content)
return response['ordinal']
def remove_from_device(self):
uri = "https://{0}:{1}/mgmt/tm/gtm/server/{2}/virtual-servers/{3}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.server_name),
transform_name(name=self.want.name)
)
response = self.client.api.delete(uri)
if response.status == 200:
return True
raise F5ModuleError(response.content)
def exists(self):
uri = "https://{0}:{1}/mgmt/tm/gtm/server/{2}/virtual-servers/{3}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.server_name),
transform_name(name=self.want.name)
)
resp = self.client.api.get(uri)
try:
response = resp.json()
except ValueError:
return False
if resp.status == 404 or 'code' in response and response['code'] == 404:
return False
return True
def _remove_iapp_checksum(self):
"""Removes the iApp tmplChecksum
This is required for updating in place or else the load command will
fail with a "AppTemplate ... content does not match the checksum"
error.
:return:
"""
uri = "https://{0}:{1}/mgmt/tm/sys/application/template/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name)
)
params = dict(tmplChecksum=None)
resp = self.client.api.patch(uri, json=params)
try:
response = resp.json()
except ValueError as ex:
raise F5ModuleError(str(ex))
if 'code' in response and response['code'] == 400:
if 'message' in response:
raise F5ModuleError(response['message'])
else:
raise F5ModuleError(resp.content)
def update_on_device(self):
params = {}
if self.want.records_src is not None:
name = self.want.external_file_name
remote_path = '/var/config/rest/downloads/{0}'.format(name)
external_file = self._upload_to_file(name, self.have.type, remote_path, update=True)
params['externalFileName'] = external_file
if self.changes.description is not None:
params['description'] = self.changes.description
if not params:
return
uri = "https://{0}:{1}/mgmt/tm/ltm/data-group/external/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name)
)
resp = self.client.api.patch(uri, json=params)
try:
response = resp.json()
except ValueError as ex:
raise F5ModuleError(str(ex))
if 'code' in response and response['code'] == 400:
if 'message' in response:
raise F5ModuleError(response['message'])
else:
raise F5ModuleError(resp.content)
def _read_purge_collection(self):
type = self.module.params['type']
pool_name = transform_name(name=fq_name(self.module.params['partition'], self.module.params['pool']))
uri = "https://{0}:{1}/mgmt/tm/gtm/pool/{2}/{3}/members".format(
self.client.provider['server'],
self.client.provider['server_port'],
type,
pool_name
)
query = '?$select=name,selfLink,fullPath,subPath'
resp = self.client.api.get(uri + query)
try:
response = resp.json()
except ValueError as ex:
raise F5ModuleError(str(ex))
if 'code' in response and response['code'] == 400:
if 'message' in response:
raise F5ModuleError(response['message'])
else:
raise F5ModuleError(resp.content)
if 'items' in response:
return response['items']
return []
def create_default_rule_on_device(self, rule):
params = dict(
name=rule.replace('/', '_'),
action='reject',
# Adding items to the end of the list causes the list of rules to match
# what the user specified in the original list.
placeAfter='last',
)
uri = "https://{0}:{1}/mgmt/tm/security/firewall/rule-list/{2}/rules/".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name),
)
resp = self.client.api.post(uri, json=params)
try:
response = resp.json()
except ValueError as ex:
raise F5ModuleError(str(ex))
if 'code' in response and response['code'] in [400, 403]:
if 'message' in response:
raise F5ModuleError(response['message'])
else:
raise F5ModuleError(resp.content)
return response['selfLink']
def remove_from_device(self):
uri = "https://{0}:{1}/mgmt/tm/cli/script/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name)
)
resp = self.client.api.delete(uri)
if resp.status == 200:
return True
def remove_from_device(self):
uri = "https://{0}:{1}/mgmt/tm/gtm/monitor/tcp-half-open/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name),
)
response = self.client.api.delete(uri)
if response.status == 200:
return True
raise F5ModuleError(response.content)
def _remove_rule_on_device(self, rule_name, draft=False):
if draft:
uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}/rules/{3}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name, sub_path='Drafts'),
rule_name
)
else:
uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}/rules/{3}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name),
self.want.name
)
response = self.client.api.delete(uri)
if response.status == 200:
return True
raise F5ModuleError(response.content)
def remove_from_device(self):
uri = "https://{0}:{1}/mgmt/tm/sys/file/ssl-key/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.key_filename)
)
response = self.client.api.delete(uri)
if response.status == 200:
return True
raise F5ModuleError(response.content)
def exists(self):
if not self.pool_exist():
raise F5ModuleError('The specified GTM pool does not exist')
uri = "https://{0}:{1}/mgmt/tm/gtm/pool/{2}/{3}/members/{4}".format(
self.client.provider['server'],
self.client.provider['server_port'],
self.want.type,
transform_name(name=fq_name(self.want.partition, self.want.pool)),
transform_name(self.want.partition, self.want.name),
)
resp = self.client.api.get(uri)
try:
response = resp.json()
except ValueError:
return False
if resp.status == 404 or 'code' in response and response['code'] == 404:
return False
return True
def remove_from_device(self):
uri = "https://{0}:{1}/mgmt/tm/security/firewall/address-list/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name)
)
resp = self.client.api.delete(uri)
if resp.status == 200:
return True
raise F5ModuleError(resp.content)
def remove_from_device(self):
if self.want.parent_policy:
uri = "https://{0}:{1}/mgmt/tm/security/firewall/policy/{2}/rules/{3}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.parent_policy),
self.want.name
)
else:
uri = "https://{0}:{1}/mgmt/tm/security/firewall/rule-list/{2}/rules/{3}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.parent_rule_list),
self.want.name
)
resp = self.client.api.delete(uri)
if resp.status == 200:
return True
def read_current_from_device(self):
uri = "https://{0}:{1}/mgmt/tm/gtm/server/{2}/virtual-servers/{3}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.server_name),
transform_name(name=self.want.name)
)
resp = self.client.api.get(uri)
try:
response = resp.json()
except ValueError as ex:
raise F5ModuleError(str(ex))
if 'code' in response and response['code'] == 400:
if 'message' in response:
raise F5ModuleError(response['message'])
else:
raise F5ModuleError(resp.content)
return ApiParameters(params=response)
def exists(self):
if self.want.parent_policy:
uri = "https://{0}:{1}/mgmt/tm/security/firewall/policy/{2}/rules/{3}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.parent_policy),
self.want.name
)
else:
uri = "https://{0}:{1}/mgmt/tm/security/firewall/rule-list/{2}/rules/{3}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.parent_rule_list),
self.want.name
)
resp = self.client.api.get(uri)
if resp.ok:
return True
return False
def update_on_device(self):
params = self.changes.api_params()
uri = "https://{0}:{1}/mgmt/tm/gtm/server/{2}/virtual-servers/{3}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.server_name),
transform_name(name=self.want.name)
)
resp = self.client.api.patch(uri, json=params)
try:
response = resp.json()
except ValueError as ex:
raise F5ModuleError(str(ex))
if 'code' in response and response['code'] == 400:
if 'message' in response:
raise F5ModuleError(response['message'])
else:
raise F5ModuleError(resp.content)
def remove_from_device(self):
uri = "https://{0}:{1}/mgmt/tm/auth/ldap/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name('Common', 'system-auth')
)
response = self.client.api.delete(uri)
if response.status == 200:
return True
raise F5ModuleError(response.content)
def remove_from_device(self):
name = self.want.name
name = name.replace('%', '%25')
uri = "https://{0}:{1}/mgmt/tm/ltm/virtual-address/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, name)
)
resp = self.client.api.delete(uri)
if resp.status == 200:
return True
def remove_policy_draft_from_device(self):
uri = "https://{0}:{1}/mgmt/tm/ltm/policy/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name, sub_path='Drafts'),
)
response = self.client.api.delete(uri)
if response.status == 200:
return True
raise F5ModuleError(response.content)
def remove_rule_from_device(self, rule):
uri = "https://{0}:{1}/mgmt/tm/security/firewall/rule-list/{2}/rules/{3}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name),
rule.replace('/', '_'),
)
# this response returns no payload
resp = self.client.api.delete(uri)
if resp.status in [400, 403]:
raise F5ModuleError(resp.content)
def _item_exists(self):
if self.type == 'access_policy':
uri = 'https://{0}:{1}/mgmt/tm/apm/policy/access-policy/{2}'.format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.partition, self.name)
)
else:
uri = 'https://{0}:{1}/mgmt/tm/apm/profile/access/{2}'.format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.partition, self.name)
)
resp = self.client.api.get(uri)
try:
response = resp.json()
except ValueError as ex:
raise F5ModuleError(str(ex))
if 'items' in response and response['items'] != []:
return True
return False
def exists(self):
if self.want.type == 'access_policy':
uri = "https://{0}:{1}/mgmt/tm/apm/policy/access-policy/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name)
)
else:
uri = "https://{0}:{1}/mgmt/tm/apm/profile/access/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.name)
)
resp = self.client.api.get(uri)
try:
response = resp.json()
except ValueError:
return False
if resp.status == 404 or 'code' in response and response['code'] == 404:
return False
return True
def remove_data_group_file_from_device(self):
uri = "https://{0}:{1}/mgmt/tm/sys/file/data-group/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name(self.want.partition, self.want.external_file_name)
)
resp = self.client.api.delete(uri)
if resp.status == 200:
return True
else:
return False
def _remove_temporary_cli_script_from_device(self):
uri = "https://{0}:{1}/mgmt/tm/task/cli/script/{2}".format(
self.client.provider['server'],
self.client.provider['server_port'],
transform_name('Common', '__ansible_mkqkview')
)
try:
self.client.api.delete(uri)
return True
except ValueError:
raise F5ModuleError(
"Failed to remove the temporary cli script from the device."
)