1# -*- coding: utf-8 -*- 2# 3# Copyright: (c) 2017, F5 Networks Inc. 4# GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 5 6from __future__ import (absolute_import, division, print_function) 7__metaclass__ = type 8 9import os 10import json 11import pytest 12import sys 13 14if sys.version_info < (2, 7): 15 pytestmark = pytest.mark.skip("F5 Ansible modules require Python >= 2.7") 16 17from ansible.module_utils.basic import AnsibleModule 18 19from ansible_collections.f5networks.f5_modules.plugins.modules.bigip_device_httpd import ( 20 Parameters, ModuleManager, ArgumentSpec 21) 22from ansible_collections.f5networks.f5_modules.tests.unit.compat import unittest 23from ansible_collections.f5networks.f5_modules.tests.unit.compat.mock import Mock, patch 24from ansible_collections.f5networks.f5_modules.tests.unit.modules.utils import set_module_args 25 26 27fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures') 28fixture_data = {} 29 30 31def load_fixture(name): 32 path = os.path.join(fixture_path, name) 33 34 if path in fixture_data: 35 return fixture_data[path] 36 37 with open(path) as f: 38 data = f.read() 39 40 try: 41 data = json.loads(data) 42 except Exception: 43 pass 44 45 fixture_data[path] = data 46 return data 47 48 49class TestParameters(unittest.TestCase): 50 def test_module_parameters(self): 51 args = dict( 52 auth_name='BIG-IP', 53 auth_pam_idle_timeout=1200, 54 auth_pam_validate_ip='on' 55 ) 56 57 p = Parameters(params=args) 58 assert p.auth_name == 'BIG-IP' 59 assert p.auth_pam_idle_timeout == 1200 60 assert p.auth_pam_validate_ip == 'on' 61 62 def test_api_parameters(self): 63 args = load_fixture('load_sys_httpd.json') 64 p = Parameters(params=args) 65 assert p.auth_name == 'BIG-IP' 66 assert p.auth_pam_idle_timeout == 1200 67 68 69class TestModuleManager(unittest.TestCase): 70 71 def setUp(self): 72 self.spec = ArgumentSpec() 73 self.patcher1 = patch('time.sleep') 74 self.patcher1.start() 75 self.p2 = patch('ansible_collections.f5networks.f5_modules.plugins.modules.bigip_device_httpd.tmos_version') 76 self.p3 = patch('ansible_collections.f5networks.f5_modules.plugins.modules.bigip_device_httpd.send_teem') 77 self.m2 = self.p2.start() 78 self.m2.return_value = '14.1.0' 79 self.m3 = self.p3.start() 80 self.m3.return_value = True 81 82 def tearDown(self): 83 self.patcher1.stop() 84 self.p2.stop() 85 self.p3.stop() 86 87 def test_update(self, *args): 88 set_module_args( 89 dict( 90 auth_name='foo', 91 auth_pam_idle_timeout='1000', 92 auth_pam_validate_ip='off', 93 auth_pam_dashboard_timeout='on', 94 fast_cgi_timeout=200, 95 hostname_lookup='on', 96 log_level='error', 97 max_clients='20', 98 redirect_http_to_https='yes', 99 ssl_port=8443, 100 provider=dict( 101 server='localhost', 102 password='password', 103 user='admin' 104 ) 105 ) 106 ) 107 108 current = Parameters(params=load_fixture('load_sys_httpd.json')) 109 110 module = AnsibleModule( 111 argument_spec=self.spec.argument_spec, 112 supports_check_mode=self.spec.supports_check_mode 113 ) 114 mm = ModuleManager(module=module) 115 116 # Override methods to force specific logic in the module to happen 117 mm.update_on_device = Mock(return_value=True) 118 mm.read_current_from_device = Mock(return_value=current) 119 120 results = mm.exec_module() 121 assert results['changed'] is True 122 123 def test_update_issue_00522(self, *args): 124 set_module_args( 125 dict( 126 ssl_cipher_suite='ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384', 127 provider=dict( 128 server='localhost', 129 password='password', 130 user='admin' 131 ) 132 ) 133 ) 134 135 current = Parameters(params=load_fixture('load_sys_httpd.json')) 136 137 module = AnsibleModule( 138 argument_spec=self.spec.argument_spec, 139 supports_check_mode=self.spec.supports_check_mode 140 ) 141 mm = ModuleManager(module=module) 142 143 # Override methods to force specific logic in the module to happen 144 mm.update_on_device = Mock(return_value=True) 145 mm.read_current_from_device = Mock(return_value=current) 146 147 results = mm.exec_module() 148 assert results['changed'] is True 149 assert results['ssl_cipher_suite'] == 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384' 150 151 def test_update_issue_00522_as_list(self, *args): 152 set_module_args( 153 dict( 154 ssl_cipher_suite=[ 155 'ECDHE-RSA-AES128-GCM-SHA256', 156 'ECDHE-RSA-AES256-GCM-SHA384' 157 ], 158 provider=dict( 159 server='localhost', 160 password='password', 161 user='admin' 162 ) 163 ) 164 ) 165 166 current = Parameters(params=load_fixture('load_sys_httpd.json')) 167 168 module = AnsibleModule( 169 argument_spec=self.spec.argument_spec, 170 supports_check_mode=self.spec.supports_check_mode 171 ) 172 mm = ModuleManager(module=module) 173 174 # Override methods to force specific logic in the module to happen 175 mm.update_on_device = Mock(return_value=True) 176 mm.read_current_from_device = Mock(return_value=current) 177 178 results = mm.exec_module() 179 assert results['changed'] is True 180 assert results['ssl_cipher_suite'] == 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384' 181 182 def test_update_issue_00522_default(self, *args): 183 set_module_args( 184 dict( 185 ssl_cipher_suite='default', 186 provider=dict( 187 server='localhost', 188 password='password', 189 user='admin' 190 ) 191 ) 192 ) 193 194 current = Parameters(params=load_fixture('load_sys_httpd_non_default.json')) 195 196 module = AnsibleModule( 197 argument_spec=self.spec.argument_spec, 198 supports_check_mode=self.spec.supports_check_mode 199 ) 200 mm = ModuleManager(module=module) 201 202 # Override methods to force specific logic in the module to happen 203 mm.update_on_device = Mock(return_value=True) 204 mm.read_current_from_device = Mock(return_value=current) 205 206 results = mm.exec_module() 207 assert results['changed'] is True 208 assert results['ssl_cipher_suite'] == 'default' 209 210 def test_update_issue_00587(self, *args): 211 set_module_args( 212 dict( 213 ssl_protocols='all -SSLv2', 214 provider=dict( 215 server='localhost', 216 password='password', 217 user='admin' 218 ) 219 ) 220 ) 221 222 current = Parameters(params=load_fixture('load_sys_httpd.json')) 223 224 module = AnsibleModule( 225 argument_spec=self.spec.argument_spec, 226 supports_check_mode=self.spec.supports_check_mode 227 ) 228 mm = ModuleManager(module=module) 229 230 # Override methods to force specific logic in the module to happen 231 mm.update_on_device = Mock(return_value=True) 232 mm.read_current_from_device = Mock(return_value=current) 233 234 results = mm.exec_module() 235 assert results['changed'] is True 236 assert results['ssl_protocols'] == 'all -SSLv2' 237 238 def test_update_issue_00587_as_list(self, *args): 239 set_module_args( 240 dict( 241 ssl_protocols=[ 242 'all', 243 '-SSLv2' 244 ], 245 provider=dict( 246 server='localhost', 247 password='password', 248 user='admin' 249 ) 250 ) 251 ) 252 253 current = Parameters(params=load_fixture('load_sys_httpd.json')) 254 255 module = AnsibleModule( 256 argument_spec=self.spec.argument_spec, 257 supports_check_mode=self.spec.supports_check_mode 258 ) 259 mm = ModuleManager(module=module) 260 261 # Override methods to force specific logic in the module to happen 262 mm.update_on_device = Mock(return_value=True) 263 mm.read_current_from_device = Mock(return_value=current) 264 265 results = mm.exec_module() 266 assert results['changed'] is True 267 assert results['ssl_protocols'] == 'all -SSLv2' 268 269 def test_update_issue_00587_default(self, *args): 270 set_module_args( 271 dict( 272 ssl_protocols='default', 273 provider=dict( 274 server='localhost', 275 password='password', 276 user='admin' 277 ) 278 ) 279 ) 280 281 current = Parameters(params=load_fixture('load_sys_httpd_non_default.json')) 282 283 module = AnsibleModule( 284 argument_spec=self.spec.argument_spec, 285 supports_check_mode=self.spec.supports_check_mode 286 ) 287 mm = ModuleManager(module=module) 288 289 # Override methods to force specific logic in the module to happen 290 mm.update_on_device = Mock(return_value=True) 291 mm.read_current_from_device = Mock(return_value=current) 292 293 results = mm.exec_module() 294 assert results['changed'] is True 295 assert results['ssl_protocols'] == 'default' 296