Adds "allow" param to bigip_device_httpd (#34439)

This param can control what addresses are allowed to access the httpd ui of the bigip
7 years ago · 43812d82c1
parent f58d9da703
commit 43812d82c1
2 changed files with 101 additions and 6 deletions
--- a/.github/BOTMETA.yml
+++ b/.github/BOTMETA.yml
@ -469,7 +469,7 @@ files:
  $modules/network/enos/: amuraleedhar
  $modules/network/eos/: privateip trishnaguha
  $modules/network/f5/:
-    ignored: Etienne-Carriere mhite mryanlam perzizzle srvg wojtek0806
+    ignored: Etienne-Carriere mhite mryanlam perzizzle srvg wojtek0806 JoeReifel
    maintainers: caphrim007
  $modules/network/fortios/: bjolivot
  $modules/network/illumos/: xen0l
--- a/lib/ansible/modules/network/f5/bigip_device_httpd.py
+++ b/lib/ansible/modules/network/f5/bigip_device_httpd.py
@ -21,9 +21,17 @@ description:
    to change when you want to set GUI timeouts and other TMUI related settings.
 version_added: "2.5"
 options:
+  allow:
+    description:
+      - Specifies, if you have enabled HTTPD access, the IP address or address
+        range for other systems that can communicate with this system.
+    choices:
+      - all
+      - IP address, such as 172.27.1.10
+      - IP range, such as 172.27.*.* or 172.27.0.0/255.255.0.0
  auth_name:
    description:
-      - Sets the BIG-IP authentication realm name
+      - Sets the BIG-IP authentication realm name.
  auth_pam_idle_timeout:
    description:
      - Sets the GUI timeout for automatic logout, in seconds.
@ -102,6 +110,51 @@ auth_pam_idle_timeout:
  returned: changed
  type: string
  sample: 1200
+auth_name:
+  description: The new authentication realm name.
+  returned: changed
+  type: string
+  sample: 'foo'
+auth_pam_validate_ip:
+  description: The new authPamValidateIp setting.
+  returned: changed
+  type: bool
+  sample: on
+auth_pam_dashboard_timeout:
+  description: Whether or not the BIG-IP dashboard will timeout.
+  returned: changed
+  type: bool
+  sample: off
+fast_cgi_timeout:
+  description: The new timeout of FastCGI.
+  returned: changed
+  type: int
+  sample: 500
+hostname_lookup:
+  description: Whether or not to display the hostname, if possible.
+  returned: changed
+  type: bool
+  sample: on
+log_level:
+  description: The new minimum httpd log level.
+  returned: changed
+  type: string
+  sample: crit
+max_clients:
+  description: The new maximum number of clients that can connect to the GUI at once.
+  returned: changed
+  type: int
+  sample: 20
+redirect_http_to_https:
+  description: Whether or not to redirect http requests to the GUI to https.
+  returned: changed
+  type: bool
+  sample: on
+ssl_port:
+  description: The new HTTPS port to listen on.
+  returned: changed
+  type: int
+  sample: 10443
 '''

 import time
@ -142,19 +195,21 @@ class Parameters(AnsibleF5Parameters):
    api_attributes = [
        'authPamIdleTimeout', 'authPamValidateIp', 'authName', 'authPamDashboardTimeout',
        'fastcgiTimeout', 'hostnameLookup', 'logLevel', 'maxClients', 'sslPort',
-        'redirectHttpToHttps'
+        'redirectHttpToHttps', 'allow'
    ]

    returnables = [
        'auth_pam_idle_timeout', 'auth_pam_validate_ip', 'auth_name',
        'auth_pam_dashboard_timeout', 'fast_cgi_timeout', 'hostname_lookup',
-        'log_level', 'max_clients', 'redirect_http_to_https', 'ssl_port'
+        'log_level', 'max_clients', 'redirect_http_to_https', 'ssl_port',
+        'allow'
    ]

    updatables = [
        'auth_pam_idle_timeout', 'auth_pam_validate_ip', 'auth_name',
        'auth_pam_dashboard_timeout', 'fast_cgi_timeout', 'hostname_lookup',
-        'log_level', 'max_clients', 'redirect_http_to_https', 'ssl_port'
+        'log_level', 'max_clients', 'redirect_http_to_https', 'ssl_port',
+        'allow'
    ]

    def __init__(self, params=None):
@ -255,9 +310,31 @@ class ModuleParameters(Parameters):
            return "enabled"
        return "disabled"

+    @property
+    def allow(self):
+        if self._values['allow'] is None:
+            return None
+        if self._values['allow'][0] == 'all':
+            return 'all'
+        if self._values['allow'][0] == '':
+            return ''
+        allow = self._values['allow']
+        result = list(set([str(x) for x in allow]))
+        result = sorted(result)
+        return result
+

 class ApiParameters(Parameters):
-    pass
+    @property
+    def allow(self):
+        if self._values['allow'] is None:
+            return ''
+        if self._values['allow'][0] == 'All':
+            return 'all'
+        allow = self._values['allow']
+        result = list(set([str(x) for x in allow]))
+        result = sorted(result)
+        return result


 class Changes(Parameters):
@ -301,6 +378,21 @@ class Difference(object):
        except AttributeError:
            return attr1

+    @property
+    def allow(self):
+        if self.want.allow is None:
+            return None
+        if self.want.allow == 'all' and self.have.allow == 'all':
+            return None
+        if self.want.allow == 'all':
+            return ['All']
+        if self.want.allow == '' and self.have.allow == '':
+            return None
+        if self.want.allow == '':
+            return []
+        if self.want.allow != self.have.allow:
+            return self.want.allow
+

 class ModuleManager(object):
    def __init__(self, client):
@ -403,6 +495,9 @@ class ArgumentSpec(object):
    def __init__(self):
        self.supports_check_mode = True
        self.argument_spec = dict(
+            allow=dict(
+                type='list'
+            ),
            auth_name=dict(),
            auth_pam_idle_timeout=dict(
                type='int'