Removes bigip ssl certificate from skip file (#32424)

pull/32425/head
Tim Rupp 7 years ago committed by GitHub
parent 6193d5bc65
commit fc4580b4cc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -4,13 +4,17 @@
# Copyright (c) 2017 F5 Networks Inc. # Copyright (c) 2017 F5 Networks Inc.
# GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1', ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
module: bigip_ssl_certificate module: bigip_ssl_certificate
short_description: Import/Delete certificates from BIG-IP. short_description: Import/Delete certificates from BIG-IP
description: description:
- This module will import/delete SSL certificates on BIG-IP LTM. - This module will import/delete SSL certificates on BIG-IP LTM.
Certificates can be imported from certificate and key files on the local Certificates can be imported from certificate and key files on the local
@ -41,7 +45,7 @@ options:
- absent - absent
name: name:
description: description:
- SSL Certificate Name. This is the cert/key pair name used - SSL Certificate Name. This is the cert/key pair name used
when importing a certificate/key into the F5. It also when importing a certificate/key into the F5. It also
determines the filenames of the objects on the LTM determines the filenames of the objects on the LTM
(:Partition:name.cer_11111_1 and :Partition_name.key_11111_1). (:Partition:name.cer_11111_1 and :Partition_name.key_11111_1).
@ -69,87 +73,97 @@ notes:
a role context. a role context.
extends_documentation_fragment: f5 extends_documentation_fragment: f5
requirements: requirements:
- f5-sdk >= 1.5.0 - f5-sdk >= 3.0.3
- BIG-IP >= v12 - BIG-IP >= v12
author: author:
- Tim Rupp (@caphrim007) - Tim Rupp (@caphrim007)
''' '''
EXAMPLES = ''' EXAMPLES = r'''
- name: Import PEM Certificate from local disk - name: Import PEM Certificate from local disk
bigip_ssl_certificate: bigip_ssl_certificate:
name: "certificate-name" name: certificate-name
server: "lb.mydomain.com" server: lb.mydomain.com
user: "admin" user: admin
password: "secret" password: secret
state: "present" state: present
cert_src: "/path/to/cert.crt" cert_src: /path/to/cert.crt
key_src: "/path/to/key.key" key_src: /path/to/key.key
delegate_to: localhost delegate_to: localhost
- name: Use a file lookup to import PEM Certificate - name: Use a file lookup to import PEM Certificate
bigip_ssl_certificate: bigip_ssl_certificate:
name: "certificate-name" name: certificate-name
server: "lb.mydomain.com" server: lb.mydomain.com
user: "admin" user: admin
password: "secret" password: secret
state: "present" state: present
cert_content: "{{ lookup('file', '/path/to/cert.crt') }}" cert_content: "{{ lookup('file', '/path/to/cert.crt') }}"
key_content: "{{ lookup('file', '/path/to/key.key') }}" key_content: "{{ lookup('file', '/path/to/key.key') }}"
delegate_to: localhost
- name: Use a file lookup to import CA certificate chain
bigip_ssl_certificate:
name: ca-chain-name
server: lb.mydomain.com
user: admin
password: secret
state: present
cert_content: "{{ lookup('file', '/path/to/ca-chain.crt') }}"
delegate_to: localhost delegate_to: localhost
- name: "Delete Certificate" - name: "Delete Certificate"
bigip_ssl_certificate: bigip_ssl_certificate:
name: "certificate-name" name: certificate-name
server: "lb.mydomain.com" server: lb.mydomain.com
user: "admin" user: admin
password: "secret" password: secret
state: "absent" state: absent
delegate_to: localhost delegate_to: localhost
''' '''
RETURN = ''' RETURN = r'''
cert_name: cert_name:
description: The name of the certificate that the user provided description: The name of the certificate that the user provided
returned: created returned: created
type: string type: string
sample: "cert1" sample: cert1
key_filename: key_filename:
description: description:
- The name of the SSL certificate key. The C(key_filename) and - The name of the SSL certificate key. The C(key_filename) and
C(cert_filename) will be similar to each other, however the C(cert_filename) will be similar to each other, however the
C(key_filename) will have a C(.key) extension. C(key_filename) will have a C(.key) extension.
returned: created returned: created
type: string type: string
sample: "cert1.key" sample: cert1.key
key_checksum: key_checksum:
description: SHA1 checksum of the key that was provided. description: SHA1 checksum of the key that was provided.
returned: changed and created returned: changed and created
type: string type: string
sample: "cf23df2207d99a74fbe169e3eba035e633b65d94" sample: cf23df2207d99a74fbe169e3eba035e633b65d94
key_source_path: key_source_path:
description: Path on BIG-IP where the source of the key is stored description: Path on BIG-IP where the source of the key is stored
returned: created returned: created
type: string type: string
sample: "/var/config/rest/downloads/cert1.key" sample: /var/config/rest/downloads/cert1.key
cert_filename: cert_filename:
description: description:
- The name of the SSL certificate. The C(cert_filename) and - The name of the SSL certificate. The C(cert_filename) and
C(key_filename) will be similar to each other, however the C(key_filename) will be similar to each other, however the
C(cert_filename) will have a C(.crt) extension. C(cert_filename) will have a C(.crt) extension.
returned: created returned: created
type: string type: string
sample: "cert1.crt" sample: cert1.crt
cert_checksum: cert_checksum:
description: SHA1 checksum of the cert that was provided. description: SHA1 checksum of the cert that was provided.
returned: changed and created returned: changed and created
type: string type: string
sample: "f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0" sample: f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0
cert_source_path: cert_source_path:
description: Path on BIG-IP where the source of the certificate is stored. description: Path on BIG-IP where the source of the certificate is stored.
returned: created returned: created
type: string type: string
sample: "/var/config/rest/downloads/cert1.crt" sample: /var/config/rest/downloads/cert1.crt
''' '''
@ -162,14 +176,16 @@ try:
except ImportError: except ImportError:
from io import StringIO from io import StringIO
from ansible.module_utils.f5_utils import ( from ansible.module_utils.f5_utils import AnsibleF5Client
AnsibleF5Client, from ansible.module_utils.f5_utils import AnsibleF5Parameters
AnsibleF5Parameters, from ansible.module_utils.f5_utils import HAS_F5SDK
HAS_F5SDK, from ansible.module_utils.f5_utils import F5ModuleError
F5ModuleError, from ansible.module_utils.f5_utils import iteritems
iControlUnexpectedHTTPError,
iteritems try:
) from ansible.module_utils.f5_utils import iControlUnexpectedHTTPError
except ImportError:
HAS_F5SDK = False
class Parameters(AnsibleF5Parameters): class Parameters(AnsibleF5Parameters):
@ -544,14 +560,14 @@ class KeyManager(BaseManager):
if getattr(self.want, key) is not None: if getattr(self.want, key) is not None:
changed[key] = getattr(self.want, key) changed[key] = getattr(self.want, key)
if changed: if changed:
self.changes = Parameters(changed) self.changes = KeyParameters(changed)
except Exception: except Exception:
pass pass
def _update_changed_options(self): def _update_changed_options(self):
changed = {} changed = {}
try: try:
for key in CertParameters.updatables: for key in KeyParameters.updatables:
if getattr(self.want, key) is not None: if getattr(self.want, key) is not None:
attr1 = getattr(self.want, key) attr1 = getattr(self.want, key)
attr2 = getattr(self.have, key) attr2 = getattr(self.have, key)
@ -560,7 +576,7 @@ class KeyManager(BaseManager):
if self.want.key_checksum != self.have.checksum: if self.want.key_checksum != self.have.checksum:
changed['key_checksum'] = self.want.key_checksum changed['key_checksum'] = self.want.key_checksum
if changed: if changed:
self.changes = CertParameters(changed) self.changes = KeyParameters(changed)
return True return True
except Exception: except Exception:
pass pass
@ -635,7 +651,7 @@ class ArgumentSpec(object):
name=dict( name=dict(
required=True required=True
), ),
cert_content=dict(), cert_content=dict(aliases=['content']),
cert_src=dict( cert_src=dict(
type='path', type='path',
removed_in_version='2.4' removed_in_version='2.4'
@ -649,7 +665,6 @@ class ArgumentSpec(object):
no_log=True no_log=True
), ),
state=dict( state=dict(
required=False,
default='present', default='present',
choices=['absent', 'present'] choices=['absent', 'present']
) )

@ -23,7 +23,6 @@ lib/ansible/modules/network/f5/bigip_provision.py
lib/ansible/modules/network/f5/bigip_qkview.py lib/ansible/modules/network/f5/bigip_qkview.py
lib/ansible/modules/network/f5/bigip_snmp.py lib/ansible/modules/network/f5/bigip_snmp.py
lib/ansible/modules/network/f5/bigip_snmp_trap.py lib/ansible/modules/network/f5/bigip_snmp_trap.py
lib/ansible/modules/network/f5/bigip_ssl_certificate.py
lib/ansible/modules/network/f5/bigip_ucs.py lib/ansible/modules/network/f5/bigip_ucs.py
lib/ansible/modules/network/f5/bigip_user.py lib/ansible/modules/network/f5/bigip_user.py
lib/ansible/modules/network/f5/bigip_virtual_address.py lib/ansible/modules/network/f5/bigip_virtual_address.py

@ -0,0 +1,68 @@
-----BEGIN CERTIFICATE-----
MIIF2DCCA8CgAwIBAgIJAKql/ua7JdaGMA0GCSqGSIb3DQEBCwUAMHkxCzAJBgNV
BAYTAkdCMRAwDgYDVQQIDAdFbmdsYW5kMRIwEAYDVQQKDAlBbGljZSBMdGQxKDAm
BgNVBAsMH0FsaWNlIEx0ZCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxGjAYBgNVBAMM
EUFsaWNlIEx0ZCBSb290IENBMB4XDTE3MDcyNTAzMTcwNloXDTM3MDcyMDAzMTcw
NloweTELMAkGA1UEBhMCR0IxEDAOBgNVBAgMB0VuZ2xhbmQxEjAQBgNVBAoMCUFs
aWNlIEx0ZDEoMCYGA1UECwwfQWxpY2UgTHRkIENlcnRpZmljYXRlIEF1dGhvcml0
eTEaMBgGA1UEAwwRQWxpY2UgTHRkIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUA
A4ICDwAwggIKAoICAQC7grIMGI9e11lKh++bhyhTAU4qsKgM52xkl4sctSkK5hyT
jY8YYfD9ERrrJov6LLCt8QiwFypoqdILTht4g6sGACoVGXigFbLNyhEhX64kIWwT
PNFFXezYJv87qxPeT0I+6oHwai3smrUsPzsK73vwWOlnAW0mxvSzWpzvc3CgCB1J
+vRhdPm0VgT5HuR20WDPvx0T+ftQRrhIHz/UZSTHo/CEcuJ9zjhEmQlZRhfxZiBW
FY8Mgs6bgAKC+KtAsFTqRAuXq++xOnIIBzXACluFxp7Fee1CZh2GPxmtzFSIJVH0
pH6wf9Kxkr0zuiAt3nq3xQcQZVdRP3bWscxp0lYG8BjuMZppI+r+gG1k/7WsRU/A
SUiHi4EogznIuJ7o1LbcULpIKjHsHVKXYz+ff+hx7npisHIE9BoyBe9SbalJxIcS
7n9/Mw6UmKk/zxspXCwMLraaeoyy2vUoC/zXW2WQHq67IarSAVbCPEPliqydVZ9k
y1ZQKGdrpxxLdsbasNv3xnS50DBd4GsSnxdhzCXUUhvLQ8dZ/NRXvZ6wwcdeQ6PV
5+dQNgnm7yd4mxyBbqv6RBAa37uNKWNf4yAQ9j9QN8pzW+qzuusAcLxTdDbtyeMi
Dz5UHzF912m3KLlF/Aad2TbjrCR4K0CEozVT8lhFpZlNl+IdZyuSbZQ6tYrJ0wID
AQABo2MwYTAdBgNVHQ4EFgQUk2h12cau/s1k/IGR0OAUWZbf8a8wHwYDVR0jBBgw
FoAUk2h12cau/s1k/IGR0OAUWZbf8a8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
Af8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBADSBpj8O7Wrs0gpciOmJ7cmVUIoX
XTd+WgzustaUJoqpeCmzkeC7O9/a9Eat2LrmKIBoY6uzH1hnYwOxSdSdodBuUcOv
6hBl7rFCgg+ACRn7zaaInFRPdx4P+ovbfFFetKmg54XA8ZDb7YRpwj3zMtlV38Ca
WC1jP36ocn8UZ8av1ki7KNz/0PqzJ4sVs6IZrj2Lo0lDcu+29Nh5VJ7AZnOfUeas
4sQr3dPHPaMQBxz0rKr/FN4qx63kd9GmoGz4DEDnPeUl2v52i/48ym0Q7JrntD5J
qJaaoU4uxUMkmnD8wOmBBtXQ3eRpHE6W8ZcJGWkL8bRPrFnwxMk71N1guetetzoY
xX7E3/CtSV7CSJMF74hE/ULNG8XdWAYY3zojSStA8UzYzO/pCA/PcmxBzxnkch4W
3LetTSKH9mN9k2p51jGLWIbRGod5qffmtb76xRzhyhgryCV/afwfJxKeXwjDz8ty
J6qFBXclDjTWVHHOU8hGvu4Z4PD6cbQ68tLlfFoDRq6nqKufFKpxOyw9ioLcPWbz
+rJsnqE1+5QR4tisplmSQtQ5nI45Wns+UCmsEJm+gPkyp9pBQVudkEo1OSyCSSwZ
evwZgkD2YclUpxcQRQR/Sy4Kvrwv3D+6zfgovClqpI3SHvQ1v/TXa3wB/RTB1H0q
0Qn4FWp63AaOBNrC
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF3TCCA8WgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAweTELMAkGA1UEBhMCR0Ix
EDAOBgNVBAgMB0VuZ2xhbmQxEjAQBgNVBAoMCUFsaWNlIEx0ZDEoMCYGA1UECwwf
QWxpY2UgTHRkIENlcnRpZmljYXRlIEF1dGhvcml0eTEaMBgGA1UEAwwRQWxpY2Ug
THRkIFJvb3QgQ0EwHhcNMTcwNzI1MDMxNzE0WhcNMjcwNzIzMDMxNzE0WjCBgTEL
MAkGA1UEBhMCR0IxEDAOBgNVBAgMB0VuZ2xhbmQxEjAQBgNVBAoMCUFsaWNlIEx0
ZDEoMCYGA1UECwwfQWxpY2UgTHRkIENlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAG
A1UEAwwZQWxpY2UgTHRkIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcNAQEB
BQADggIPADCCAgoCggIBAL1whyll1+/qWhAUdy6U5vtopX0wzJrg3dk8tIlpDChh
khTEK779aQNapRKpZmJ6hnCkg7buVOSBP2WqqGQ1s9cakBSFkDyy5hrqeSzIR93w
9n2sTc4EBD0b8QWn5D0hdoWLT3+OwFHCBf/vb+qA9Vz0P/PRPYUnKttQH6nXTj9C
+AzegfS4SbfDJ4XdhbzCewgUvr3rqP61AQuEwZq7qoVCA3bFSASUfbJgMBxJgfBG
KynueJ62L+wbZLXUDq9G3T0KIUlxgGIcPQ0tu2kW7uSeY5wZazuvNJCHM9HKsjUf
wb8GgavQRlgunE9zXAEr+iP2DQrmZXdhJkkb4EyG1vuTMK3DtGjlpXAVGsiuuZ1o
PVYZDVKhfKFN9tyop/dppxDTHyJlp2prtsudhtqwzYDqrUsMu4/LMWvxgUcTK4U7
mPSBcvOb4fTqXirNRYsqi8BK/nxt/hUBVG0vEnoIH0ppzqWvMcsMtMi3535sErUJ
k8IVKYIGB9OKb9SzpERYT6+BH9sUURZ/xyhRd2pj7EiVAEVxrrVoedZJzLRuXH99
qhFG2HnDAaDC9LX09GveTzgUVUfif5fJgGBkzslpM3z8t3THz9RjrqtrzKOCHcZF
cgt46oQByT0UjhIPCz3/6h04XzSszue8aTAwi1JaYhHoXEPolgJRoLeuFdsJtfyt
AgMBAAGjZjBkMB0GA1UdDgQWBBSiTrrHxly7SsSV+MqprYstABOIjDAfBgNVHSME
GDAWgBSTaHXZxq7+zWT8gZHQ4BRZlt/xrzASBgNVHRMBAf8ECDAGAQH/AgEAMA4G
A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAakyu4lsOWz2+VHI0S6xb
M/afSDgnmI+i/1lSQ7UHM1XIvuINIzAcWndU1XuHyFjT7p9ZDPZ52gcseIenrKOD
EsJWKO3u33to3YUMfBCJi9VbTCtd6rkjuFggN6EKM1esqs0kgenWmvEQSv73OOii
UCAbif4fSva6C5PhgK7X0zE+hTsPxRZnN8baRlL01IHEraG+PfYCEpjvzExzoaW6
aLNS0DAS1escb9K5u6Cf4KIxkdqpcYIW7v7tehj5KS3E0cRv3QAaMUBkMWTWlSP3
irzC0OB8BFuYZ1OxDYnxhSY1mfwfI8kWrvA83okS8qwfjq/rty53VG3tON9GzGXg
P1SQ3xB/6yxSvskcbN1blfHJfJRpOIxBvAydhdBCh7PO0WJzTP8kmffMhOiT5AdE
jcJVxWSjwqUetomlNiErEvo7ZmxEwQZQE5wnuGM4eAbV87zLVrnj+viRo1dP7RFN
iRUwjrxKpozUY5AGY2hZdFrWObBe1AvLDQcNDUc+oMwgnIBC2YtO1cTKJ3IFru0f
Av48lyJ88AfO2W7pEfoVqAAZszu2s0VZB5W9fBOQLizvkjK8s5YeUPdhW3epEYF9
I1PsTSNdN+abV5qNdIjgRVtNlV63+1y0Ez7J7RvO847ZYTuqHnfaRG03p10YnxBs
WcSe5ozInV3EZ9TxFcGQR+E=
-----END CERTIFICATE-----

@ -1,21 +1,7 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# #
# Copyright 2017 F5 Networks Inc. # Copyright (c) 2017 F5 Networks Inc.
# # GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
from __future__ import (absolute_import, division, print_function) from __future__ import (absolute_import, division, print_function)
__metaclass__ = type __metaclass__ = type
@ -39,14 +25,18 @@ try:
from library.bigip_ssl_certificate import KeyParameters from library.bigip_ssl_certificate import KeyParameters
from library.bigip_ssl_certificate import CertParameters from library.bigip_ssl_certificate import CertParameters
from library.bigip_ssl_certificate import CertificateManager from library.bigip_ssl_certificate import CertificateManager
from library.bigip_ssl_certificate import HAS_F5SDK
from library.bigip_ssl_certificate import KeyManager from library.bigip_ssl_certificate import KeyManager
from ansible.module_utils.f5_utils import iControlUnexpectedHTTPError
except ImportError: except ImportError:
try: try:
from ansible.modules.network.f5.bigip_ssl_certificate import ArgumentSpec from ansible.modules.network.f5.bigip_ssl_certificate import ArgumentSpec
from ansible.modules.network.f5.bigip_ssl_certificate import KeyParameters from ansible.modules.network.f5.bigip_ssl_certificate import KeyParameters
from ansible.modules.network.f5.bigip_ssl_certificate import CertParameters from ansible.modules.network.f5.bigip_ssl_certificate import CertParameters
from ansible.modules.network.f5.bigip_ssl_certificate import CertificateManager from ansible.modules.network.f5.bigip_ssl_certificate import CertificateManager
from ansible.modules.network.f5.bigip_ssl_certificate import HAS_F5SDK
from ansible.modules.network.f5.bigip_ssl_certificate import KeyManager from ansible.modules.network.f5.bigip_ssl_certificate import KeyManager
from ansible.module_utils.f5_utils import iControlUnexpectedHTTPError
except ImportError: except ImportError:
raise SkipTest("F5 Ansible modules require the f5-sdk Python library") raise SkipTest("F5 Ansible modules require the f5-sdk Python library")
@ -139,7 +129,7 @@ class TestCertificateManager(unittest.TestCase):
cert_content=load_fixture('cert1.crt'), cert_content=load_fixture('cert1.crt'),
key_content=load_fixture('cert1.key'), key_content=load_fixture('cert1.key'),
state='present', state='present',
password='passsword', password='password',
server='localhost', server='localhost',
user='admin' user='admin'
)) ))
@ -159,14 +149,12 @@ class TestCertificateManager(unittest.TestCase):
assert results['changed'] is True assert results['changed'] is True
def test_update_certificate_new_certificate_and_key_password_protected_key(self, *args): def test_import_certificate_chain(self, *args):
set_module_args(dict( set_module_args(dict(
name='foo', name='foo',
cert_content=load_fixture('cert2.crt'), cert_content=load_fixture('chain1.crt'),
key_content=load_fixture('cert2.key'),
state='present', state='present',
passphrase='keypass', password='password',
password='passsword',
server='localhost', server='localhost',
user='admin' user='admin'
)) ))
@ -200,7 +188,7 @@ class TestKeyManager(unittest.TestCase):
cert_content=load_fixture('cert1.crt'), cert_content=load_fixture('cert1.crt'),
key_content=load_fixture('cert1.key'), key_content=load_fixture('cert1.key'),
state='present', state='present',
password='passsword', password='password',
server='localhost', server='localhost',
user='admin' user='admin'
)) ))
@ -227,7 +215,7 @@ class TestKeyManager(unittest.TestCase):
key_content=load_fixture('cert2.key'), key_content=load_fixture('cert2.key'),
state='present', state='present',
passphrase='keypass', passphrase='keypass',
password='passsword', password='password',
server='localhost', server='localhost',
user='admin' user='admin'
)) ))

Loading…
Cancel
Save