Merge pull request #337 from netscaler/issue-292-sslprofile_sslcipher…

…_binding-fails-at-2nd-run Issue #292 sslprofile sslcipher binding fails at 2nd run
netscaler · Jan 8, 2024 · 5e26e9f · 5e26e9f
2 parents 20d72aa + 437191b
commit 5e26e9f
Show file tree

Hide file tree

Showing 5 changed files with 218 additions and 1 deletion.
diff --git a/plugins/module_utils/module_executor.py b/plugins/module_utils/module_executor.py
@@ -200,6 +200,13 @@ def get_existing_resource(self):
             if attr in self.resource_module_params:
                 get_args[attr] = self.resource_module_params[attr]
 
+        # FIXME: NITRO-BUG: in `sslprofile_sslcipher_binding`, the NITRO is not returning the `ciphername` attribute. It's a bug in NITRO.
+        # Below is a hack to fix it.
+        if self.resource_name == "sslprofile_sslcipher_binding":
+            if "ciphername" in get_args:
+                get_args["cipheraliasname"] = get_args["ciphername"]
+                del get_args["ciphername"]
+
         # binding resources require `filter` instead of `args` to uniquely identify a resource
         existing_resource = get_resource(
             self.client,
@@ -219,7 +226,7 @@ def get_existing_resource(self):
             self.return_failure(msg)
 
         self.existing_resource = existing_resource[0] if existing_resource else {}
-        # FIXME: in lbmonitor, for `interval=60`, the `units3` will wrongly be set to `MIN` by the NetScaler.
+        # FIXME: NITRO-BUG: in lbmonitor, for `interval=60`, the `units3` will wrongly be set to `MIN` by the NetScaler.
         # Hence, we will set it to `SEC` to make it idempotent
         # Refer Issue: #324 (https://github.com/netscaler/ansible-collection-netscaleradc/issues/324)
         if self.resource_name == "lbmonitor":
@@ -237,6 +244,17 @@ def get_existing_resource(self):
                     )
                     self.existing_resource["units3"] = "SEC"
 
+        # FIXME:NITRO-BUG: in `sslprofile_sslcipher_binding`, the NITRO is not returning the `ciphername` attribute. It's a bug in NITRO.
+        # Below is a hack to fix it.
+        elif self.resource_name == "sslprofile_sslcipher_binding":
+            if (
+                "ciphername" not in self.existing_resource
+                and "cipheraliasname" in self.existing_resource
+            ):
+                self.existing_resource["ciphername"] = self.existing_resource[
+                    "cipheraliasname"
+                ]
+
         return self.existing_resource
 
     @trace

diff --git a/tests/integration/targets/sslprofile_sslcipher_binding/aliases b/tests/integration/targets/sslprofile_sslcipher_binding/aliases
@@ -0,0 +1 @@
+gather_facts/no
diff --git a/tests/integration/targets/sslprofile_sslcipher_binding/tasks/main.yaml b/tests/integration/targets/sslprofile_sslcipher_binding/tasks/main.yaml
@@ -0,0 +1,144 @@
+---
+- name: Include prerequisite tasks
+  ansible.builtin.include_tasks: setup.yaml
+
+- name: SSLPROFILE_SSLCIPHER_BINDING | ADD | --check
+  delegate_to: localhost
+  register: result
+  check_mode: true
+  tags: test
+  netscaler.adc.sslprofile_sslcipher_binding:
+    nsip: "{{ nsip }}"
+    nitro_user: "{{ nitro_user }}"
+    nitro_pass: "{{ nitro_pass }}"
+    nitro_protocol: "{{ nitro_protocol }}"
+    validate_certs: "{{ validate_certs }}"
+    state: present
+    name: "test-sslprofile"
+    ciphername: "TLSv1.3"
+    cipherpriority: 1
+
+- name: Assert | SSLPROFILE_SSLCIPHER_BINDING | ADD | --check
+  tags: test
+  ansible.builtin.assert:
+    that:
+      - "result.failed==false"
+      - "result.changed==true"
+
+- name: SSLPROFILE_SSLCIPHER_BINDING | ADD
+  delegate_to: localhost
+  register: result
+  check_mode: false
+  tags: test
+  netscaler.adc.sslprofile_sslcipher_binding:
+    nsip: "{{ nsip }}"
+    nitro_user: "{{ nitro_user }}"
+    nitro_pass: "{{ nitro_pass }}"
+    nitro_protocol: "{{ nitro_protocol }}"
+    validate_certs: "{{ validate_certs }}"
+    save_config: "{{ save_config }}"
+    state: present
+    name: "test-sslprofile"
+    ciphername: "TLSv1.3"
+    cipherpriority: 1
+
+- name: Assert | SSLPROFILE_SSLCIPHER_BINDING | ADD
+  ansible.builtin.assert:
+    that:
+      - "result.failed==false"
+      - "result.changed==true"
+
+- name: SSLPROFILE_SSLCIPHER_BINDING | ADD | idempotent
+  delegate_to: localhost
+  register: result
+  check_mode: false
+  tags: test
+  netscaler.adc.sslprofile_sslcipher_binding:
+    nsip: "{{ nsip }}"
+    nitro_user: "{{ nitro_user }}"
+    nitro_pass: "{{ nitro_pass }}"
+    nitro_protocol: "{{ nitro_protocol }}"
+    validate_certs: "{{ validate_certs }}"
+    save_config: "{{ save_config }}"
+    state: present
+    name: "test-sslprofile"
+    ciphername: "TLSv1.3"
+    cipherpriority: 1
+
+- name: Assert | SSLPROFILE_SSLCIPHER_BINDING | ADD | idempotent
+  tags: test
+  ansible.builtin.assert:
+    that:
+      - "result.failed==false"
+      - "result.changed==false"
+
+- name: SSLPROFILE_SSLCIPHER_BINDING | DELETE | --check
+  delegate_to: localhost
+  register: result
+  check_mode: true
+  tags: test
+  netscaler.adc.sslprofile_sslcipher_binding:
+    nsip: "{{ nsip }}"
+    nitro_user: "{{ nitro_user }}"
+    nitro_pass: "{{ nitro_pass }}"
+    nitro_protocol: "{{ nitro_protocol }}"
+    validate_certs: "{{ validate_certs }}"
+    save_config: "{{ save_config }}"
+    state: absent
+    name: "test-sslprofile"
+    ciphername: "TLSv1.3"
+    cipherpriority: 1
+
+- name: Assert | SSLPROFILE_SSLCIPHER_BINDING | DELETE | --check
+  tags: test
+  ansible.builtin.assert:
+    that:
+      - "result.failed==false"
+      - "result.changed==true"
+
+- name: SSLPROFILE_SSLCIPHER_BINDING | DELETE
+  delegate_to: localhost
+  register: result
+  check_mode: false
+  tags: test
+  netscaler.adc.sslprofile_sslcipher_binding:
+    nsip: "{{ nsip }}"
+    nitro_user: "{{ nitro_user }}"
+    nitro_pass: "{{ nitro_pass }}"
+    nitro_protocol: "{{ nitro_protocol }}"
+    validate_certs: "{{ validate_certs }}"
+    save_config: "{{ save_config }}"
+    state: absent
+    name: "test-sslprofile"
+    ciphername: "TLSv1.3"
+    cipherpriority: 1
+- name: Assert | SSLPROFILE_SSLCIPHER_BINDING | DELETE
+  ansible.builtin.assert:
+    that:
+      - "result.failed==false"
+      - "result.changed==true"
+- name: SSLPROFILE_SSLCIPHER_BINDING | DELETE | idempotent
+  delegate_to: localhost
+  register: result
+  check_mode: false
+  tags: test
+  netscaler.adc.sslprofile_sslcipher_binding:
+    nsip: "{{ nsip }}"
+    nitro_user: "{{ nitro_user }}"
+    nitro_pass: "{{ nitro_pass }}"
+    nitro_protocol: "{{ nitro_protocol }}"
+    validate_certs: "{{ validate_certs }}"
+    save_config: "{{ save_config }}"
+    state: absent
+    name: "test-sslprofile"
+    ciphername: "TLSv1.3"
+    cipherpriority: 1
+- name: Assert | SSLPROFILE_SSLCIPHER_BINDING | DELETE | idempotent
+  tags: test
+  ansible.builtin.assert:
+    that:
+      - "result.failed==false"
+      - "result.changed==false"
+
+- name: Include prerequisite tasks
+  ansible.builtin.include_tasks: teardown.yaml
diff --git a/tests/integration/targets/sslprofile_sslcipher_binding/tasks/setup.yaml b/tests/integration/targets/sslprofile_sslcipher_binding/tasks/setup.yaml
@@ -0,0 +1,27 @@
+---
+- name: Enable default profile in SSLPARAMETER | ADD
+  delegate_to: localhost
+  register: result
+  check_mode: false
+  tags: test
+  netscaler.adc.sslparameter:
+    nsip: "{{ nsip }}"
+    nitro_user: "{{ nitro_user }}"
+    nitro_pass: "{{ nitro_pass }}"
+    nitro_protocol: "{{ nitro_protocol }}"
+    validate_certs: "{{ validate_certs }}"
+    defaultprofile: ENABLED
+
+- name: SSLPROFILE | ADD
+  delegate_to: localhost
+  register: result
+  check_mode: false
+  tags: test
+  netscaler.adc.sslprofile:
+    nsip: "{{ nsip }}"
+    nitro_user: "{{ nitro_user }}"
+    nitro_pass: "{{ nitro_pass }}"
+    nitro_protocol: "{{ nitro_protocol }}"
+    validate_certs: "{{ validate_certs }}"
+    state: present
+    name: "test-sslprofile"
diff --git a/tests/integration/targets/sslprofile_sslcipher_binding/tasks/teardown.yaml b/tests/integration/targets/sslprofile_sslcipher_binding/tasks/teardown.yaml
@@ -0,0 +1,27 @@
+---
+# - name: DISABLE default profile in SSLPARAMETER | DELETE
+#   delegate_to: localhost
+#   register: result
+#   check_mode: false
+#   tags: test
+#   netscaler.adc.sslparameter:
+#     nsip: "{{ nsip }}"
+#     nitro_user: "{{ nitro_user }}"
+#     nitro_pass: "{{ nitro_pass }}"
+#     nitro_protocol: "{{ nitro_protocol }}"
+#     validate_certs: "{{ validate_certs }}"
+#     defaultprofile: DISABLED
+
+- name: SSLPROFILE | DELETE
+  delegate_to: localhost
+  register: result
+  check_mode: false
+  tags: test
+  netscaler.adc.sslprofile:
+    nsip: "{{ nsip }}"
+    nitro_user: "{{ nitro_user }}"
+    nitro_pass: "{{ nitro_pass }}"
+    nitro_protocol: "{{ nitro_protocol }}"
+    validate_certs: "{{ validate_certs }}"
+    state: absent
+    name: "test-sslprofile"