From deee981aee72b9a9256feb90bb3a6ec6a3d595e5 Mon Sep 17 00:00:00 2001 From: Sumanth Lingappa Date: Mon, 8 Jan 2024 13:40:34 +0530 Subject: [PATCH 1/2] issue :392: fixed idempotency issue Signed-off-by: Sumanth Lingappa --- plugins/module_utils/module_executor.py | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/plugins/module_utils/module_executor.py b/plugins/module_utils/module_executor.py index 67d6c210f..c220ed5f8 100644 --- a/plugins/module_utils/module_executor.py +++ b/plugins/module_utils/module_executor.py @@ -200,6 +200,13 @@ def get_existing_resource(self): if attr in self.resource_module_params: get_args[attr] = self.resource_module_params[attr] + # FIXME: NITRO-BUG: in `sslprofile_sslcipher_binding`, the NITRO is not returning the `ciphername` attribute. It's a bug in NITRO. + # Below is a hack to fix it. + if self.resource_name == "sslprofile_sslcipher_binding": + if "ciphername" in get_args: + get_args["cipheraliasname"] = get_args["ciphername"] + del get_args["ciphername"] + # binding resources require `filter` instead of `args` to uniquely identify a resource existing_resource = get_resource( self.client, @@ -219,7 +226,7 @@ def get_existing_resource(self): self.return_failure(msg) self.existing_resource = existing_resource[0] if existing_resource else {} - # FIXME: in lbmonitor, for `interval=60`, the `units3` will wrongly be set to `MIN` by the NetScaler. + # FIXME: NITRO-BUG: in lbmonitor, for `interval=60`, the `units3` will wrongly be set to `MIN` by the NetScaler. # Hence, we will set it to `SEC` to make it idempotent # Refer Issue: #324 (https://github.com/netscaler/ansible-collection-netscaleradc/issues/324) if self.resource_name == "lbmonitor": @@ -237,6 +244,17 @@ def get_existing_resource(self): ) self.existing_resource["units3"] = "SEC" + # FIXME:NITRO-BUG: in `sslprofile_sslcipher_binding`, the NITRO is not returning the `ciphername` attribute. It's a bug in NITRO. + # Below is a hack to fix it. + elif self.resource_name == "sslprofile_sslcipher_binding": + if ( + "ciphername" not in self.existing_resource + and "cipheraliasname" in self.existing_resource + ): + self.existing_resource["ciphername"] = self.existing_resource[ + "cipheraliasname" + ] + return self.existing_resource @trace From 437191b519609f1ebb6cf45936ffb52a1dc1f6bb Mon Sep 17 00:00:00 2001 From: Sumanth Lingappa Date: Mon, 8 Jan 2024 14:22:44 +0530 Subject: [PATCH 2/2] integration tests for sslprofile_sslcipher_binding added --- .../sslprofile_sslcipher_binding/aliases | 1 + .../tasks/main.yaml | 144 ++++++++++++++++++ .../tasks/setup.yaml | 27 ++++ .../tasks/teardown.yaml | 27 ++++ 4 files changed, 199 insertions(+) create mode 100644 tests/integration/targets/sslprofile_sslcipher_binding/aliases create mode 100644 tests/integration/targets/sslprofile_sslcipher_binding/tasks/main.yaml create mode 100644 tests/integration/targets/sslprofile_sslcipher_binding/tasks/setup.yaml create mode 100644 tests/integration/targets/sslprofile_sslcipher_binding/tasks/teardown.yaml diff --git a/tests/integration/targets/sslprofile_sslcipher_binding/aliases b/tests/integration/targets/sslprofile_sslcipher_binding/aliases new file mode 100644 index 000000000..6f209e23b --- /dev/null +++ b/tests/integration/targets/sslprofile_sslcipher_binding/aliases @@ -0,0 +1 @@ +gather_facts/no \ No newline at end of file diff --git a/tests/integration/targets/sslprofile_sslcipher_binding/tasks/main.yaml b/tests/integration/targets/sslprofile_sslcipher_binding/tasks/main.yaml new file mode 100644 index 000000000..77640b0d1 --- /dev/null +++ b/tests/integration/targets/sslprofile_sslcipher_binding/tasks/main.yaml @@ -0,0 +1,144 @@ +--- +- name: Include prerequisite tasks + ansible.builtin.include_tasks: setup.yaml + +- name: SSLPROFILE_SSLCIPHER_BINDING | ADD | --check + delegate_to: localhost + register: result + check_mode: true + tags: test + netscaler.adc.sslprofile_sslcipher_binding: + nsip: "{{ nsip }}" + nitro_user: "{{ nitro_user }}" + nitro_pass: "{{ nitro_pass }}" + nitro_protocol: "{{ nitro_protocol }}" + validate_certs: "{{ validate_certs }}" + state: present + name: "test-sslprofile" + ciphername: "TLSv1.3" + cipherpriority: 1 + +- name: Assert | SSLPROFILE_SSLCIPHER_BINDING | ADD | --check + tags: test + ansible.builtin.assert: + that: + - "result.failed==false" + - "result.changed==true" + +- name: SSLPROFILE_SSLCIPHER_BINDING | ADD + delegate_to: localhost + register: result + check_mode: false + tags: test + netscaler.adc.sslprofile_sslcipher_binding: + nsip: "{{ nsip }}" + nitro_user: "{{ nitro_user }}" + nitro_pass: "{{ nitro_pass }}" + nitro_protocol: "{{ nitro_protocol }}" + validate_certs: "{{ validate_certs }}" + save_config: "{{ save_config }}" + state: present + name: "test-sslprofile" + ciphername: "TLSv1.3" + cipherpriority: 1 + +- name: Assert | SSLPROFILE_SSLCIPHER_BINDING | ADD + ansible.builtin.assert: + that: + - "result.failed==false" + - "result.changed==true" + +- name: SSLPROFILE_SSLCIPHER_BINDING | ADD | idempotent + delegate_to: localhost + register: result + check_mode: false + tags: test + netscaler.adc.sslprofile_sslcipher_binding: + nsip: "{{ nsip }}" + nitro_user: "{{ nitro_user }}" + nitro_pass: "{{ nitro_pass }}" + nitro_protocol: "{{ nitro_protocol }}" + validate_certs: "{{ validate_certs }}" + save_config: "{{ save_config }}" + state: present + name: "test-sslprofile" + ciphername: "TLSv1.3" + cipherpriority: 1 + +- name: Assert | SSLPROFILE_SSLCIPHER_BINDING | ADD | idempotent + tags: test + ansible.builtin.assert: + that: + - "result.failed==false" + - "result.changed==false" + +- name: SSLPROFILE_SSLCIPHER_BINDING | DELETE | --check + delegate_to: localhost + register: result + check_mode: true + tags: test + netscaler.adc.sslprofile_sslcipher_binding: + nsip: "{{ nsip }}" + nitro_user: "{{ nitro_user }}" + nitro_pass: "{{ nitro_pass }}" + nitro_protocol: "{{ nitro_protocol }}" + validate_certs: "{{ validate_certs }}" + save_config: "{{ save_config }}" + state: absent + name: "test-sslprofile" + ciphername: "TLSv1.3" + cipherpriority: 1 + +- name: Assert | SSLPROFILE_SSLCIPHER_BINDING | DELETE | --check + tags: test + ansible.builtin.assert: + that: + - "result.failed==false" + - "result.changed==true" + +- name: SSLPROFILE_SSLCIPHER_BINDING | DELETE + delegate_to: localhost + register: result + check_mode: false + tags: test + netscaler.adc.sslprofile_sslcipher_binding: + nsip: "{{ nsip }}" + nitro_user: "{{ nitro_user }}" + nitro_pass: "{{ nitro_pass }}" + nitro_protocol: "{{ nitro_protocol }}" + validate_certs: "{{ validate_certs }}" + save_config: "{{ save_config }}" + state: absent + name: "test-sslprofile" + ciphername: "TLSv1.3" + cipherpriority: 1 +- name: Assert | SSLPROFILE_SSLCIPHER_BINDING | DELETE + ansible.builtin.assert: + that: + - "result.failed==false" + - "result.changed==true" +- name: SSLPROFILE_SSLCIPHER_BINDING | DELETE | idempotent + delegate_to: localhost + register: result + check_mode: false + tags: test + netscaler.adc.sslprofile_sslcipher_binding: + nsip: "{{ nsip }}" + nitro_user: "{{ nitro_user }}" + nitro_pass: "{{ nitro_pass }}" + nitro_protocol: "{{ nitro_protocol }}" + validate_certs: "{{ validate_certs }}" + save_config: "{{ save_config }}" + state: absent + name: "test-sslprofile" + ciphername: "TLSv1.3" + cipherpriority: 1 +- name: Assert | SSLPROFILE_SSLCIPHER_BINDING | DELETE | idempotent + tags: test + ansible.builtin.assert: + that: + - "result.failed==false" + - "result.changed==false" + +- name: Include prerequisite tasks + ansible.builtin.include_tasks: teardown.yaml diff --git a/tests/integration/targets/sslprofile_sslcipher_binding/tasks/setup.yaml b/tests/integration/targets/sslprofile_sslcipher_binding/tasks/setup.yaml new file mode 100644 index 000000000..104c9f3d8 --- /dev/null +++ b/tests/integration/targets/sslprofile_sslcipher_binding/tasks/setup.yaml @@ -0,0 +1,27 @@ +--- +- name: Enable default profile in SSLPARAMETER | ADD + delegate_to: localhost + register: result + check_mode: false + tags: test + netscaler.adc.sslparameter: + nsip: "{{ nsip }}" + nitro_user: "{{ nitro_user }}" + nitro_pass: "{{ nitro_pass }}" + nitro_protocol: "{{ nitro_protocol }}" + validate_certs: "{{ validate_certs }}" + defaultprofile: ENABLED + +- name: SSLPROFILE | ADD + delegate_to: localhost + register: result + check_mode: false + tags: test + netscaler.adc.sslprofile: + nsip: "{{ nsip }}" + nitro_user: "{{ nitro_user }}" + nitro_pass: "{{ nitro_pass }}" + nitro_protocol: "{{ nitro_protocol }}" + validate_certs: "{{ validate_certs }}" + state: present + name: "test-sslprofile" diff --git a/tests/integration/targets/sslprofile_sslcipher_binding/tasks/teardown.yaml b/tests/integration/targets/sslprofile_sslcipher_binding/tasks/teardown.yaml new file mode 100644 index 000000000..8577658b8 --- /dev/null +++ b/tests/integration/targets/sslprofile_sslcipher_binding/tasks/teardown.yaml @@ -0,0 +1,27 @@ +--- +# - name: DISABLE default profile in SSLPARAMETER | DELETE +# delegate_to: localhost +# register: result +# check_mode: false +# tags: test +# netscaler.adc.sslparameter: +# nsip: "{{ nsip }}" +# nitro_user: "{{ nitro_user }}" +# nitro_pass: "{{ nitro_pass }}" +# nitro_protocol: "{{ nitro_protocol }}" +# validate_certs: "{{ validate_certs }}" +# defaultprofile: DISABLED + +- name: SSLPROFILE | DELETE + delegate_to: localhost + register: result + check_mode: false + tags: test + netscaler.adc.sslprofile: + nsip: "{{ nsip }}" + nitro_user: "{{ nitro_user }}" + nitro_pass: "{{ nitro_pass }}" + nitro_protocol: "{{ nitro_protocol }}" + validate_certs: "{{ validate_certs }}" + state: absent + name: "test-sslprofile"