diff options
Diffstat (limited to 'ansible_collections/f5networks/f5_modules/plugins')
108 files changed, 1140 insertions, 421 deletions
diff --git a/ansible_collections/f5networks/f5_modules/plugins/doc_fragments/f5.py b/ansible_collections/f5networks/f5_modules/plugins/doc_fragments/f5.py index 2fdd53d43..ca509f5f5 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/doc_fragments/f5.py +++ b/ansible_collections/f5networks/f5_modules/plugins/doc_fragments/f5.py @@ -18,14 +18,14 @@ options: suboptions: password: description: - - The password for the user account used to connect to the BIG-IP. + - The password for the user account used to connect to the BIG-IP or the BIG-IQ. - You may omit this option by setting the environment variable C(F5_PASSWORD). type: str required: true aliases: [ pass, pwd ] server: description: - - The BIG-IP host. + - The BIG-IP host or the BIG-IQ host. - You may omit this option by setting the environment variable C(F5_SERVER). type: str required: true @@ -37,7 +37,7 @@ options: default: 443 user: description: - - The username to connect to the BIG-IP with. This user must have + - The username to connect to the BIG-IP or the BIG-IQ. This user must have administrative privileges on the device. - You may omit this option by setting the environment variable C(F5_USER). type: str diff --git a/ansible_collections/f5networks/f5_modules/plugins/doc_fragments/f5_rest_cli.py b/ansible_collections/f5networks/f5_modules/plugins/doc_fragments/f5_rest_cli.py index 16f7b4f1c..f40bf3107 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/doc_fragments/f5_rest_cli.py +++ b/ansible_collections/f5networks/f5_modules/plugins/doc_fragments/f5_rest_cli.py @@ -51,6 +51,7 @@ options: default: yes timeout: description: + - Parameter in effect when C(transport) is set to C(rest) - Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error. @@ -83,6 +84,9 @@ options: notes: - For more information on using Ansible to manage F5 Networks devices see U(https://www.ansible.com/integrations/networks/f5). - Requires BIG-IP software version >= 12. + - To specify C(timeout) when C(transport) is set to C(cli), use the C(ANSIBLE_PERSISTENT_COMMAND_TIMEOUT) + environment variable or specify a C(command_timeout) in the ansible.cfg file, + see U(https://docs.ansible.com/ansible/latest/reference_appendices/config.html#persistent-command-timeout) - The F5 modules only manipulate the running configuration of the F5 product. To ensure that BIG-IP specific configuration persists to disk, be sure to include at least one task that uses the M(f5networks.f5_modules.bigip_config) module to save the running configuration. Refer to the module's documentation for diff --git a/ansible_collections/f5networks/f5_modules/plugins/doc_fragments/files.py b/ansible_collections/f5networks/f5_modules/plugins/doc_fragments/files.py new file mode 100644 index 000000000..2efbccbd1 --- /dev/null +++ b/ansible_collections/f5networks/f5_modules/plugins/doc_fragments/files.py @@ -0,0 +1,92 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2014, Matt Martz <matt@sivel.net> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +class ModuleDocFragment(object): + + # Standard files documentation fragment + + # Note: mode is overridden by the copy and template modules so if you change the description + # here, you should also change it there. + DOCUMENTATION = r''' +options: + mode: + description: + - The permissions the resulting filesystem object should have. + - For those used to I(/usr/bin/chmod) remember that modes are actually octal numbers. + You must give Ansible enough information to parse them correctly. + For consistent results, quote octal numbers (for example, V('644') or V('1777')) so Ansible receives + a string and can do its own conversion from string into number. + Adding a leading zero (for example, V(0755)) works sometimes, but can fail in loops and some other circumstances. + - Giving Ansible a number without following either of these rules will end up with a decimal + number which will have unexpected results. + - As of Ansible 1.8, the mode may be specified as a symbolic mode (for example, V(u+rwx) or + V(u=rw,g=r,o=r)). + - If O(mode) is not specified and the destination filesystem object B(does not) exist, the default C(umask) on the system will be used + when setting the mode for the newly created filesystem object. + - If O(mode) is not specified and the destination filesystem object B(does) exist, the mode of the existing filesystem object will be used. + - Specifying O(mode) is the best way to ensure filesystem objects are created with the correct permissions. + See CVE-2020-1736 for further details. + type: raw + owner: + description: + - Name of the user that should own the filesystem object, as would be fed to I(chown). + - When left unspecified, it uses the current user unless you are root, in which + case it can preserve the previous ownership. + - Specifying a numeric username will be assumed to be a user ID and not a username. Avoid numeric usernames to avoid this confusion. + + type: str + group: + description: + - Name of the group that should own the filesystem object, as would be fed to I(chown). + - When left unspecified, it uses the current group of the current user unless you are root, + in which case it can preserve the previous ownership. + type: str + seuser: + description: + - The user part of the SELinux filesystem object context. + - By default it uses the V(system) policy, where applicable. + - When set to V(_default), it will use the C(user) portion of the policy if available. + type: str + serole: + description: + - The role part of the SELinux filesystem object context. + - When set to V(_default), it will use the C(role) portion of the policy if available. + type: str + setype: + description: + - The type part of the SELinux filesystem object context. + - When set to V(_default), it will use the C(type) portion of the policy if available. + type: str + selevel: + description: + - The level part of the SELinux filesystem object context. + - This is the MLS/MCS attribute, sometimes known as the C(range). + - When set to V(_default), it will use the C(level) portion of the policy if available. + type: str + unsafe_writes: + description: + - Influence when to use atomic operation to prevent data corruption or inconsistent reads from the target filesystem object. + - By default this module uses atomic operations to prevent data corruption or inconsistent reads from the target filesystem objects, + but sometimes systems are configured or just broken in ways that prevent this. One example is docker mounted filesystem objects, + which cannot be updated atomically from inside the container and can only be written in an unsafe manner. + - This option allows Ansible to fall back to unsafe methods of updating filesystem objects when atomic operations fail + (however, it doesn't force Ansible to perform unsafe writes). + - IMPORTANT! Unsafe writes are subject to race conditions and can lead to data corruption. + type: bool + default: no + version_added: '2.2' + attributes: + description: + - The attributes the resulting filesystem object should have. + - To get supported flags look at the man page for I(chattr) on the target system. + - This string should contain the attributes in the same order as the one displayed by I(lsattr). + - The C(=) operator is assumed as default, otherwise C(+) or C(-) operators need to be included in the string. + type: str + aliases: [ attr ] + version_added: '2.3' +''' diff --git a/ansible_collections/f5networks/f5_modules/plugins/filter/markdev.yml b/ansible_collections/f5networks/f5_modules/plugins/filter/markdev.yml index cd727d24a..bfea3b30e 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/filter/markdev.yml +++ b/ansible_collections/f5networks/f5_modules/plugins/filter/markdev.yml @@ -19,5 +19,5 @@ EXAMPLES: | RETURN: _value: - description: The string with -devel suffix. + description: The string with -devel suffix. type: string diff --git a/ansible_collections/f5networks/f5_modules/plugins/lookup/bigiq_license.py b/ansible_collections/f5networks/f5_modules/plugins/lookup/bigiq_license.py index 74e5b07ef..b3c23bb26 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/lookup/bigiq_license.py +++ b/ansible_collections/f5networks/f5_modules/plugins/lookup/bigiq_license.py @@ -7,13 +7,14 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type DOCUMENTATION = """ - lookup: bigiq_license - author: Wojciech Wypior <w.wypior@f5.com> - version_added: "1.0" + name: bigiq_license + author: + - Wojciech Wypior (@wojtek0806) + version_added: "1.0.0" short_description: Select a random license key from a pool of biqiq available licenses description: - - Select a random license key from a pool of biqiq available licenses - ,Requires specifying BIGIQ license pool name and connection parameters + - Select a random license key from a pool of biqiq available licenses. + - Requires specifying BIGIQ license pool name and connection parameters. """ EXAMPLES = """ diff --git a/ansible_collections/f5networks/f5_modules/plugins/lookup/license_hopper.py b/ansible_collections/f5networks/f5_modules/plugins/lookup/license_hopper.py index e0899239b..fcbe71748 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/lookup/license_hopper.py +++ b/ansible_collections/f5networks/f5_modules/plugins/lookup/license_hopper.py @@ -5,13 +5,13 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type DOCUMENTATION = """ - lookup: Select a random license key from a file and remove it from future lookups - author: Tim Rupp <caphrim007@gmail.com> - version_added: "1.0" + name: license_hopper + author: Tim Rupp (@caphrim007) + version_added: "1.0.0" short_description: Return random license from list description: - - Select a random license key from a file and remove it from future lookups - - Can optionally remove the key if C(remove=True) is specified + - Select a random license key from a file and remove it from future lookups. + - Can optionally remove the key if C(remove=True) is specified. """ EXAMPLES = """ diff --git a/ansible_collections/f5networks/f5_modules/plugins/module_utils/version.py b/ansible_collections/f5networks/f5_modules/plugins/module_utils/version.py index d8df5f65e..00be178d3 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/module_utils/version.py +++ b/ansible_collections/f5networks/f5_modules/plugins/module_utils/version.py @@ -4,4 +4,4 @@ # GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # This collection version needs to be updated at each release -CURRENT_COLL_VERSION = "1.25.0" +CURRENT_COLL_VERSION = "1.28.0" diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_apm_acl.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_apm_acl.py index de437f6de..e0aa6180a 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_apm_acl.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_apm_acl.py @@ -199,7 +199,7 @@ EXAMPLES = r''' name: L7foo acl_order: 1 type: static - path_match_case: no + path_match_case: false entries: - action: allow host_name: 'foobar.com' @@ -221,7 +221,7 @@ EXAMPLES = r''' name: L7L4foo acl_order: 2 type: static - path_match_case: no + path_match_case: false entries: - action: allow host_name: 'foobar.com' diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_apm_network_access.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_apm_network_access.py index c5898da5e..5658e6e48 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_apm_network_access.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_apm_network_access.py @@ -152,7 +152,7 @@ EXAMPLES = r''' bigip_apm_network_access: name: foobar ip_version: ipv4 - split_tunnel: yes + split_tunnel: true snat_pool: "none" ipv4_lease_pool: leasefoo ipv4_address_space: @@ -174,8 +174,8 @@ EXAMPLES = r''' - subnet: 172.16.23.0/24 excluded_ipv4_adresses: - subnet: 10.10.2.0/24 - allow_local_subnet: yes - allow_local_dns: yes + allow_local_subnet: true + allow_local_dns: true provider: password: secret server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_apm_policy_import.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_apm_policy_import.py index 3ae248757..3d9552369 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_apm_policy_import.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_apm_policy_import.py @@ -87,7 +87,7 @@ EXAMPLES = r''' bigip_asm_policy: name: new_apm_policy source: /root/apm_policy.tar.gz - force: yes + force: true provider: server: lb.mydomain.com user: admin diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_asm_dos_application.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_asm_dos_application.py index 30061723d..5ee49e6e9 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_asm_dos_application.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_asm_dos_application.py @@ -192,11 +192,11 @@ EXAMPLES = r''' whitelist: - Cuba heavy_urls: - auto_detect: yes + auto_detect: true latency_threshold: 1000 rtbh_duration: 3600 - rtbh_enable: yes - single_page_application: yes + rtbh_enable: true + single_page_application: true provider: password: secret server: lb.mydomain.com @@ -207,9 +207,9 @@ EXAMPLES = r''' bigip_asm_dos_application: profile: dos_foo mobile_detection: - enabled: yes - allow_any_ios_package: yes - allow_emulators: yes + enabled: true + allow_any_ios_package: true + allow_emulators: true provider: password: secret server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_asm_policy_fetch.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_asm_policy_fetch.py index 29fa872cd..66c91cadd 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_asm_policy_fetch.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_asm_policy_fetch.py @@ -72,7 +72,7 @@ EXAMPLES = r''' name: foobar file: export_foo dest: /root/download - binary: yes + binary: true provider: password: secret server: lb.mydomain.com @@ -82,8 +82,8 @@ EXAMPLES = r''' - name: Export policy inline base64 encoded format bigip_asm_policy_fetch: name: foobar - inline: yes - base64: yes + inline: true + base64: true provider: password: secret server: lb.mydomain.com @@ -106,7 +106,7 @@ EXAMPLES = r''' name: foobar file: export_foo.xml dest: /root/download/ - compact: yes + compact: true provider: password: secret server: lb.mydomain.com @@ -117,7 +117,7 @@ EXAMPLES = r''' bigip_asm_policy_fetch: name: foobar dest: /root/download/ - binary: yes + binary: true provider: password: secret server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_asm_policy_import.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_asm_policy_import.py index 6f5d4ec58..af3a3765b 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_asm_policy_import.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_asm_policy_import.py @@ -150,7 +150,7 @@ EXAMPLES = r''' bigip_asm_policy: name: new_asm_policy source: /root/asm_policy_new.xml - force: yes + force: true provider: server: lb.mydomain.com user: admin diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_asm_policy_manage.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_asm_policy_manage.py index 7d5ce59c9..ff21d8969 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_asm_policy_manage.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_asm_policy_manage.py @@ -126,7 +126,7 @@ EXAMPLES = r''' - name: Create blank ASM policy and activate bigip_asm_policy_manage: name: new_blank_policy - active: yes + active: true state: present provider: server: lb.mydomain.com @@ -137,7 +137,7 @@ EXAMPLES = r''' - name: Activate ASM policy bigip_asm_policy_manage: name: inactive_policy - active: yes + active: true state: present provider: server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_config.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_config.py index 69d140ba1..7d42b7aa3 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_config.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_config.py @@ -65,7 +65,7 @@ author: EXAMPLES = r''' - name: Save the running configuration of the BIG-IP bigip_config: - save: yes + save: true provider: server: lb.mydomain.com password: secret @@ -74,8 +74,8 @@ EXAMPLES = r''' - name: Reset the BIG-IP configuration, for example, to RMA the device bigip_config: - reset: yes - save: yes + reset: true + save: true provider: server: lb.mydomain.com password: secret diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_configsync_action.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_configsync_action.py index 2acd3015f..3667d4625 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_configsync_action.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_configsync_action.py @@ -55,7 +55,7 @@ EXAMPLES = r''' - name: Sync configuration from device to group bigip_configsync_action: device_group: foo-group - sync_device_to_group: yes + sync_device_to_group: true provider: server: lb.mydomain.com user: admin @@ -65,7 +65,7 @@ EXAMPLES = r''' - name: Sync configuration from most recent device to the current host bigip_configsync_action: device_group: foo-group - sync_group_to_device: yes + sync_group_to_device: true provider: server: lb.mydomain.com user: admin @@ -75,7 +75,7 @@ EXAMPLES = r''' - name: Perform an initial sync of a device to a new device group bigip_configsync_action: device_group: new-device-group - sync_device_to_group: yes + sync_device_to_group: true provider: server: lb.mydomain.com user: admin diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_data_group.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_data_group.py index 5b7b444ee..cfd621d6c 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_data_group.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_data_group.py @@ -159,7 +159,7 @@ EXAMPLES = r''' - name: Create a data group of addresses bigip_data_group: name: foo - internal: yes + internal: true records: - key: 0.0.0.0/32 value: External_NAT @@ -175,7 +175,7 @@ EXAMPLES = r''' - name: Create a data group of strings bigip_data_group: name: foo - internal: yes + internal: true records: - key: caddy value: "" @@ -204,7 +204,7 @@ EXAMPLES = r''' - name: Update an existing internal data group of strings bigip_data_group: name: foo - internal: yes + internal: true records: - key: caddy value: "" @@ -1459,7 +1459,7 @@ class ArgumentSpec(object): type='list', elements='raw', options=dict( - key=dict(required=True), + key=dict(required=True, no_log=True), value=dict(type='raw') ) ), diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_auth.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_auth.py index b42f46271..8a089d200 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_auth.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_auth.py @@ -170,7 +170,7 @@ EXAMPLES = r''' - 10.10.10.11 service_name: ppp state: present - use_for_auth: yes + use_for_auth: true provider: password: secret server: lb.mydomain.com @@ -188,7 +188,7 @@ EXAMPLES = r''' port: 1234 - 10.10.10.11 service_name: ppp - use_for_auth: yes + use_for_auth: true state: present provider: password: secret diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_auth_ldap.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_auth_ldap.py index 8706f5315..3a638b3c1 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_auth_ldap.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_auth_ldap.py @@ -872,7 +872,7 @@ class ArgumentSpec(object): choices=['yes', 'no', 'start-tls'] ), ca_cert=dict(aliases=['ssl_ca_cert']), - client_key=dict(aliases=['ssl_client_key']), + client_key=dict(aliases=['ssl_client_key'], no_log=True), client_cert=dict(aliases=['ssl_client_cert']), validate_certs=dict(type='bool', aliases=['ssl_check_peer']), login_ldap_attr=dict(), diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_auth_radius.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_auth_radius.py index f147b7da3..2096d8ddc 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_auth_radius.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_auth_radius.py @@ -86,9 +86,9 @@ EXAMPLES = r''' - "ansible_test2" retries: 3 service_type: authenticate-only - accounting_bug: no - use_for_auth: yes - fallback_to_local: yes + accounting_bug: false + use_for_auth: true + fallback_to_local: true state: present provider: password: secret @@ -100,7 +100,7 @@ EXAMPLES = r''' bigip_device_auth_radius: retries: 5 service_type: administrative - accounting_bug: yes + accounting_bug: true state: present provider: password: secret diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_certificate.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_certificate.py index 0e2562e7a..556f5af59 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_certificate.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_certificate.py @@ -135,7 +135,7 @@ EXAMPLES = r''' - name: Force update not expired certificate bigip_device_certificate: days_valid: 365 - force: yes + force: true provider: password: secret server: lb.mydomain.com @@ -147,7 +147,7 @@ EXAMPLES = r''' - name: Create a new certificate to replace expired certificate bigip_device_certificate: days_valid: 365 - new_cert: yes + new_cert: true issuer: country: US state: WA @@ -165,8 +165,8 @@ EXAMPLES = r''' days_valid: 365 cert_name: custom.crt key_name: custom.key - new_cert: yes - force: yes + new_cert: true + force: true issuer: country: US state: WA @@ -521,6 +521,8 @@ class ModuleManager(object): result = dict() command = 'openssl x509 -in /config/httpd/conf/ssl.crt/{0} -dates -issuer -noout'.format(self.want.cert_name) rc, out, err = exec_command(self.module, command) + if rc != 0: + raise F5ModuleError(err) if rc == 0: result['epoch'] = self._parse_cert_date(out) return ApiParameters(params=result) diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_group.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_group.py index 1fc8de948..022efd3e0 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_group.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_group.py @@ -121,7 +121,7 @@ EXAMPLES = r''' - name: Create a sync-only device group with auto-sync enabled bigip_device_group: name: foo-group - auto_sync: yes + auto_sync: true provider: password: secret server: lb.mydomain.com @@ -131,8 +131,8 @@ EXAMPLES = r''' - name: Create a sync-only device group with auto-sync and asm-sync enabled bigip_device_group: name: foo-group - auto_sync: yes - asm_sync: yes + auto_sync: true + asm_sync: true provider: password: secret server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_ha_group.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_ha_group.py index 7152612bf..11093ee77 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_ha_group.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_ha_group.py @@ -130,7 +130,7 @@ EXAMPLES = r''' name: foo_ha description: empty_foo active_bonus: 20 - enable: no + enable: false provider: password: secret server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_httpd.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_httpd.py index 87d8c69ff..f4f4a2e11 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_httpd.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_httpd.py @@ -131,7 +131,7 @@ EXAMPLES = r''' - name: Set the validate IP settings bigip_device_httpd: - auth_pam_validate_ip: on + auth_pam_validate_ip: false provider: password: secret server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_info.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_info.py index b897cfbcd..6753634a7 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_info.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_info.py @@ -7579,7 +7579,7 @@ vlans: - Specifies that only connections that have a return route in the routing table are accepted. returned: queried type: bool - sample: yes + sample: true true_mac_address: description: - Media access control (MAC) address for the lowest-numbered interface assigned to this VLAN. diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_license.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_license.py index 87c34de14..e34152bd7 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_license.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_license.py @@ -899,10 +899,11 @@ class ArgumentSpec(object): def __init__(self): self.supports_check_mode = True argument_spec = dict( - license_key=dict(), + license_key=dict(no_log=True), addon_keys=dict( type='list', elements='str', + no_log=True ), license_server=dict( default='activate.f5.com' diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_traffic_group.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_traffic_group.py index f884f1023..3a52e23b0 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_traffic_group.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_device_traffic_group.py @@ -121,7 +121,7 @@ EXAMPLES = r''' ha_order: - /Common/bigip1.lab.local - /Common/bigip2.lab.local - auto_failback: yes + auto_failback: true auto_failback_time: 40 provider: user: admin @@ -135,7 +135,7 @@ EXAMPLES = r''' state: present ha_group: foo_HA_grp ha_order: "" - auto_failback: no + auto_failback: false provider: user: admin password: secret diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_dns_cache_resolver.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_dns_cache_resolver.py index 8dcc6b86b..d38f9e448 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_dns_cache_resolver.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_dns_cache_resolver.py @@ -83,7 +83,7 @@ EXAMPLES = r''' - name: Create a DNS resolver cache bigip_dns_cache: name: foo - answer_default_zones: yes + answer_default_zones: true forward_zones: - name: foo.bar.com nameservers: diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_dns_nameserver.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_dns_nameserver.py index 9da3370c2..9d23146ca 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_dns_nameserver.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_dns_nameserver.py @@ -426,7 +426,7 @@ class ArgumentSpec(object): address=dict(), service_port=dict(), route_domain=dict(), - tsig_key=dict(), + tsig_key=dict(no_log=True), state=dict( default='present', choices=['present', 'absent'] diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_dns_zone.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_dns_zone.py index ab6c155fc..41eb223ff 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_dns_zone.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_dns_zone.py @@ -106,13 +106,13 @@ EXAMPLES = r''' bigip_dns_zone: name: zone.foo.com dns_express: - enabled: yes + enabled: true server: dns-lab allow_notify_from: - 192.168.39.10 notify_action: consume - verify_tsig: no - response_policy: no + verify_tsig: false + response_policy: false provider: password: secret server: lb.mydomain.com @@ -123,13 +123,13 @@ EXAMPLES = r''' bigip_dns_zone: name: zone.foo.com dns_express: - enabled: no + enabled: false server: foo1.server.com allow_notify_from: - 192.168.39.10 notify_action: bypass - verify_tsig: no - response_policy: no + verify_tsig: false + response_policy: false provider: password: secret server: lb.mydomain.com @@ -200,7 +200,6 @@ EXAMPLES = r''' server: lb.mydomain.com user: admin delegate_to: localhost - ''' RETURN = r''' @@ -662,7 +661,7 @@ class ArgumentSpec(object): type='list', elements='str', ), - tsig_server_key=dict(), + tsig_server_key=dict(no_log=True), partition=dict( default='Common', fallback=(env_fallback, ['F5_PARTITION']) diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_file_copy.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_file_copy.py index a84c54a0a..d200bfdf1 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_file_copy.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_file_copy.py @@ -91,7 +91,7 @@ EXAMPLES = r''' find: paths: /var/tmp/project patterns: "^.*?\\.(?:html|?:css|?:js)$" - use_regex: yes + use_regex: true register: f - name: Upload a directory of files as a set of iFiles diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_firewall_address_list.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_firewall_address_list.py index 5bb375f64..7f43701e9 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_firewall_address_list.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_firewall_address_list.py @@ -44,9 +44,6 @@ options: - Valid country codes can be found here https://countrycode.org/. type: str required: True - choices: - - Any valid 2 character ISO country code. - - Any valid country name. region: description: - Region name of the country to use. diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_firewall_log_profile.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_firewall_log_profile.py index 0f88c4bdc..c2a68dc92 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_firewall_log_profile.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_firewall_log_profile.py @@ -143,8 +143,8 @@ EXAMPLES = r''' name: barbaz ip_intelligence: rate_limit: 400000 - log_translation_fields: yes - log_rtbh: yes + log_translation_fields: true + log_rtbh: true log_publisher: "/foobar/non-local-db" port_misuse: log_publisher: "" diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_firewall_log_profile_network.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_firewall_log_profile_network.py index 39fc59d05..6f2fde7fb 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_firewall_log_profile_network.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_firewall_log_profile_network.py @@ -49,7 +49,7 @@ options: - This option sets rate limits for the logging of packets that match ACL rules configured with an "accept" or "accept decisively" action. - This option is effective only if logging of this message type is enabled. - type: int + type: str log_matches_drop_rule: description: - Modifies log settings for ACL rules configured with a drop action. @@ -65,7 +65,7 @@ options: - This option sets rate limits for the logging of packets that match ACL rules configured with a drop action. - This option is effective only if logging of this message type is enabled. - type: int + type: str log_matches_reject_rule: description: - Modifies log settings for ACL rules configured with a reject action. @@ -81,7 +81,7 @@ options: - This option sets rate limits for the logging of packets that match ACL rules configured with a reject action. - This option is effective only if logging of this message type is enabled. - type: int + type: str log_ip_errors: description: - Modifies log settings for logging of IP error packets. @@ -95,7 +95,7 @@ options: description: - This option sets rate limits for the logging of IP error packets. - This option is effective only if logging of this message type is enabled. - type: int + type: str log_tcp_errors: description: - Modifies log settings for the logging of TCP error packets. @@ -109,7 +109,7 @@ options: description: - This option sets rate limits for the logging of TCP error packets. - This option is effective only if logging of this message type is enabled. - type: int + type: str log_tcp_events: description: - Modifies the log settings for logging of TCP events on the client side. @@ -124,7 +124,7 @@ options: description: - This option sets rate limits for the logging of TCP events on the client side. - This option is effective only if logging of this message type is enabled. - type: int + type: str log_translation_fields: description: - This option enables or disables the logging of translated (i.e server side) fields in ACL @@ -228,14 +228,14 @@ EXAMPLES = r''' - name: Add network settings to log profile bigip_firewall_log_profile_network: profile_name: barbaz - rate_limit: 150000 + rate_limit: "150000" log_publisher: local-db-pub log_tcp_errors: - enabled: yes - rate_limit: 10000 + enabled: true + rate_limit: "10000" log_tcp_events: - enabled: yes - rate_limit: 40000 + enabled: true + rate_limit: "40000" log_storage_format: "field-list" log_message_fields: - vlan @@ -265,12 +265,12 @@ EXAMPLES = r''' profile_name: "global-network" log_publisher: "/foobar/log1" log_ip_errors: - enabled: yes - rate_limit: 60000 + enabled: true + rate_limit: "60000" log_matches_reject_rule: - enabled: yes - rate_limit: 2000 - log_translation_fields: yes + enabled: true + rate_limit: "2000" + log_translation_fields: true log_storage_format: "field-list" log_format_delimiter: '.' log_message_fields: diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_firewall_rule.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_firewall_rule.py index 92c7e89c8..e3311004b 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_firewall_rule.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_firewall_rule.py @@ -286,7 +286,7 @@ EXAMPLES = r''' - port_range: 80-443 irule: irule1 action: accept - logging: yes + logging: true provider: password: secret server: lb.mydomain.com @@ -302,7 +302,7 @@ EXAMPLES = r''' source: - country: US action: drop - logging: yes + logging: true provider: password: secret server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_dns_listener.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_dns_listener.py index 2a24df497..f9a6d1dd0 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_dns_listener.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_dns_listener.py @@ -146,8 +146,8 @@ EXAMPLES = r''' user: admin source_port: preserve state: present - translate_address: yes - translate_port: yes + translate_address: true + translate_port: true delegate_to: localhost - name: 'Disable a DNS Listener' diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_global.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_global.py index d001b88a9..4a156469a 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_global.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_global.py @@ -43,9 +43,9 @@ author: EXAMPLES = r''' - name: Configure synchronization settings bigip_gtm_global: - synchronization: yes + synchronization: true synchronization_group_name: my-group - synchronize_zone_files: yes + synchronize_zone_files: true state: present provider: user: admin diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_bigip.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_bigip.py index 0c232f811..94d6c549a 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_bigip.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_bigip.py @@ -347,6 +347,13 @@ class Changes(Parameters): class UsableChanges(Changes): @property + def destination(self): + if self.ip is None and self.port is None: + return None + destination = '{0}:{1}'.format(self.ip, self.port) + return destination + + @property def ignore_down_response(self): if self._values['ignore_down_response']: return 'enabled' diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_firepass.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_firepass.py index 5a5047cc6..2d7c7e91c 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_firepass.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_firepass.py @@ -425,6 +425,13 @@ class Changes(Parameters): class UsableChanges(Changes): @property + def destination(self): + if self.ip is None and self.port is None: + return None + destination = '{0}:{1}'.format(self.ip, self.port) + return destination + + @property def ignore_down_response(self): if self._values['ignore_down_response'] is None: return None diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_http.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_http.py index d841705d7..a3aa61ac1 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_http.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_http.py @@ -376,7 +376,7 @@ class ModuleParameters(Parameters): return int(self._values['timeout']) @property - def ip(self): # lgtm [py/similar-function] + def ip(self): if self._values['ip'] is None: return None if self._values['ip'] in ['*', '0.0.0.0']: @@ -441,6 +441,13 @@ class Changes(Parameters): class UsableChanges(Changes): @property + def destination(self): + if self.ip is None and self.port is None: + return None + destination = '{0}:{1}'.format(self.ip, self.port) + return destination + + @property def transparent(self): if self._values['transparent'] is None: return None diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_https.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_https.py index fac85d931..393ae0b13 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_https.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_https.py @@ -528,6 +528,13 @@ class Changes(Parameters): class UsableChanges(Changes): @property + def destination(self): + if self.ip is None and self.port is None: + return None + destination = '{0}:{1}'.format(self.ip, self.port) + return destination + + @property def transparent(self): if self._values['transparent'] is None: return None @@ -934,7 +941,7 @@ class ArgumentSpec(object): cipher_list=dict(), compatibility=dict(type='bool'), client_cert=dict(), - client_key=dict(), + client_key=dict(no_log=True), update_password=dict( default='always', choices=['always', 'on_create'], diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_tcp.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_tcp.py index 05a29c52a..6dc5f15d5 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_tcp.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_tcp.py @@ -415,6 +415,13 @@ class Changes(Parameters): class UsableChanges(Changes): @property + def destination(self): + if self.ip is None and self.port is None: + return None + destination = '{0}:{1}'.format(self.ip, self.port) + return destination + + @property def transparent(self): if self._values['transparent'] is None: return None diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_tcp_half_open.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_tcp_half_open.py index b8f1384ad..ae46f13f4 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_tcp_half_open.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_monitor_tcp_half_open.py @@ -362,6 +362,13 @@ class Changes(Parameters): class UsableChanges(Changes): @property + def destination(self): + if self.ip is None and self.port is None: + return None + destination = '{0}:{1}'.format(self.ip, self.port) + return destination + + @property def transparent(self): if self._values['transparent']: return 'enabled' diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_pool_member.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_pool_member.py index 9ad3d293a..0f6bb894e 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_pool_member.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_pool_member.py @@ -20,6 +20,108 @@ description: settings. version_added: "1.0.0" options: + aggregate: + description: + - List of GTM pool member definitions to be created, modified, or removed. + - When using C(aggregates), if one of the aggregate definitions is invalid, the aggregate run will fail, + indicating the error it last encountered. + - The module will C(NOT) rollback any changes it has made prior to encountering the error. + - The module also will not indicate what changes were made prior to failure, therefore we strongly advise + you run the module in check mode to make basic validation, prior to module execution. + type: list + elements: dict + suboptions: + virtual_server: + description: + - Specifies the name of the GTM virtual server which is assigned to the specified + C(server). + type: str + server_name: + description: + - Specifies the GTM server which contains the C(virtual_server). + type: str + member_order: + description: + - Specifies the order in which the member will appear in the pool. + - The system uses this number with load balancing methods that involve prioritizing + pool members, such as the Ratio load balancing method. + type: int + monitor: + description: + - Specifies the monitor assigned to this pool member. + - Pool members only support a single monitor. + - If the C(port) of the C(gtm_virtual_server) is C(*), the accepted values of this + parameter will be affected. + - If this parameter is not specified when creating a new pool member, the default + of C(default) will be used. + - To remove the monitor from the pool member, use the value C(none). + type: str + ratio: + description: + - Specifies the weight of the pool member for load balancing purposes. + type: int + description: + description: + - The description of the pool member. + type: str + limits: + description: + - Specifies resource thresholds or limit requirements at the pool member level. + - When you enable one or more limit settings, the system then uses that data to take + members in and out of service. + - You can define limits for any or all of the limit settings. However, when a + member does not meet the resource threshold limit requirement, the system marks + the member as unavailable and directs load balancing traffic to another resource. + type: dict + suboptions: + bits_enabled: + description: + - Whether or not the bits limit is enabled. + type: bool + packets_enabled: + description: + - Whether or not the packets limit is enabled. + type: bool + connections_enabled: + description: + - Whether or not the current connections limit is enabled. + type: bool + bits_limit: + description: + - Specifies the maximum allowable data throughput rate + for the member, in bits per second. + type: int + packets_limit: + description: + - Specifies the maximum allowable data transfer rate for the member, + in packets per second. + type: int + connections_limit: + description: + - Specifies the maximum number of concurrent connections, combined, for all of + the members. + type: int + state: + description: + - Pool member state. When C(present), ensures the pool member is + created and enabled. When C(absent), ensures the pool member is + removed from the system. When C(enabled) or C(disabled), ensures + the pool member is enabled or disabled (respectively) on the remote + device. + type: str + choices: + - present + - absent + - enabled + - disabled + default: present + partition: + description: + - Device partition to manage resources on. + type: str + default: Common + aliases: + - members virtual_server: description: - Specifies the name of the GTM virtual server which is assigned to the specified @@ -29,37 +131,11 @@ options: description: - Specifies the GTM server which contains the C(virtual_server). type: str - type: - description: - - The type of GTM pool that the member is in. - type: str - required: True - choices: - - a - - aaaa - - cname - - mx - - naptr - - srv - pool: - description: - - Name of the GTM pool. - - For pools created on different partitions, you must specify partition of the pool in the full path format, - for example, C(/FooBar/pool_name). - type: str - required: True - partition: - description: - - Device partition to manage resources on. - type: str - default: Common member_order: description: - Specifies the order in which the member will appear in the pool. - The system uses this number with load balancing methods that involve prioritizing pool members, such as the Ratio load balancing method. - - When creating a new member using this module, if the C(member_order) parameter - is not specified, it will default to C(0) (first member in the pool). type: int monitor: description: @@ -70,8 +146,6 @@ options: - If this parameter is not specified when creating a new pool member, the default of C(default) will be used. - To remove the monitor from the pool member, use the value C(none). - - For pool members created on different partitions, you can also specify the full - path to the Common monitor. For example, C(/Common/tcp). type: str ratio: description: @@ -81,27 +155,6 @@ options: description: - The description of the pool member. type: str - aggregate: - description: - - List of GTM pool member definitions to be created, modified, or removed. - - When using C(aggregates), if one of the aggregate definitions is invalid, the aggregate run will fail, - indicating the error it last encountered. - - The module will C(NOT) rollback any changes it has made prior to encountering the error. - - The module also will not indicate what changes were made prior to failure, therefore we strongly advise - you run the module in check mode to make basic validation, prior to module execution. - type: list - elements: dict - aliases: - - members - replace_all_with: - description: - - Removes members not defined in the C(aggregate) parameter. - - This operation is all or none, meaning it will stop if there are some pool members - that cannot be removed. - default: false - type: bool - aliases: - - purge limits: description: - Specifies resource thresholds or limit requirements at the pool member level. @@ -110,44 +163,68 @@ options: - You can define limits for any or all of the limit settings. However, when a member does not meet the resource threshold limit requirement, the system marks the member as unavailable and directs load balancing traffic to another resource. + type: dict suboptions: bits_enabled: description: - Whether or not the bits limit is enabled. - - This parameter allows you to switch on or off the effect of the limit. type: bool packets_enabled: description: - Whether or not the packets limit is enabled. - - This parameter allows you to switch on or off the effect of the limit. type: bool connections_enabled: description: - Whether or not the current connections limit is enabled. - - This parameter allows you to switch on or off the effect of the limit. type: bool bits_limit: description: - Specifies the maximum allowable data throughput rate for the member, in bits per second. - - If the network traffic volume exceeds this limit, the system marks the - member as unavailable. type: int packets_limit: description: - Specifies the maximum allowable data transfer rate for the member, in packets per second. - - If the network traffic volume exceeds this limit, the system marks the - member as unavailable. type: int connections_limit: description: - Specifies the maximum number of concurrent connections, combined, for all of the members. - - If the connections exceed this limit, the system marks the server as - unavailable. type: int - type: dict + pool: + description: + - Name of the GTM pool. + - For pools created on different partitions, you must specify partition of the pool in the full path format, + for example, C(/FooBar/pool_name). + type: str + required: True + type: + description: + - The type of GTM pool that the member is in. + type: str + required: True + choices: + - a + - aaaa + - cname + - mx + - naptr + - srv + replace_all_with: + description: + - Removes members not defined in the C(aggregate) parameter. + - This operation is all or none, meaning it will stop if there are some pool members + that cannot be removed. + type: bool + default: false + aliases: + - purge + partition: + description: + - Device partition to manage resources on. + type: str + default: Common state: description: - Pool member state. When C(present), ensures the pool member is @@ -155,13 +232,6 @@ options: removed from the system. When C(enabled) or C(disabled), ensures the pool member is enabled or disabled (respectively) on the remote device. - - We recommend you use the C(members) parameter of the C(bigip_gtm_pool) - module when adding and removing members, as it provides an easier way of - specifying order. If this is not possible, the C(state) parameter here - should be used. - - Remember that the order of the members will be affected if you add or remove them - using this method. To some extent, this can be controlled using the C(member_order) - parameter. type: str choices: - present @@ -247,7 +317,7 @@ EXAMPLES = r''' partition: Common description: web server3 member_order: 2 - replace_all_with: yes + replace_all_with: true provider: server: lb.mydomain.com user: admin @@ -1012,6 +1082,8 @@ class ArgumentSpec(object): # remove default in aggregate spec, to handle common arguments remove_default_spec(aggregate_spec) + aggregate_spec["state"].update(default="present") + aggregate_spec["partition"].update(default="Common") self.argument_spec = dict( aggregate=dict( diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_server.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_server.py index 0a2a9d5f3..b54371670 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_server.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_server.py @@ -407,7 +407,7 @@ packets_enabled: description: Whether the packets limit is enabled. returned: changed type: bool - sample: yes + sample: true packets_limit: description: The new packets_limit limit. returned: changed diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_topology_record.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_topology_record.py index c33995381..c1bb89d40 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_topology_record.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_topology_record.py @@ -202,10 +202,10 @@ EXAMPLES = r''' bigip_gtm_topology_record: source: - region: Baz - - negate: yes + - negate: true destination: - datacenter: Baz-DC - - negate: yes + - negate: true provider: password: secret server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_topology_region.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_topology_region.py index 4ac232f0c..bfea370e0 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_topology_region.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_topology_region.py @@ -119,7 +119,7 @@ EXAMPLES = r''' name: foobar region_members: - country: CN - negate: yes + negate: true - datacenter: baz provider: password: secret @@ -152,7 +152,6 @@ region_members: type: list sample: [{"continent": "EU"}, {"country": "PL"}] ''' - import copy from datetime import datetime @@ -195,9 +194,15 @@ class ApiParameters(Parameters): members = self._values['region_members'] if members is None: return None - result = [member['name'] for member in members] + result = [self._replace_quotes(member['name']) for member in members] return result + @staticmethod + def _replace_quotes(value): + # we need to remove the double quotes from the items on the list so that comparison engine + # does not return change + return value.replace('"', '') + class ModuleParameters(Parameters): countries = { @@ -502,13 +507,6 @@ class ModuleParameters(Parameters): result.append(item) return result - def _flatten_negate(self, item): - result = flatten_boolean(item['negate']) - item.pop('negate') - if result == 'yes': - return 'not' - return None - def _change_value(self, key, value): if key in ['region', 'pool', 'datacenter']: return key, fq_name(self.partition, value) @@ -524,7 +522,8 @@ class ModuleParameters(Parameters): return key, self._test_subnet(value) return key, value - def _test_subnet(self, item): + @staticmethod + def _test_subnet(item): if item is None: return None if is_valid_ip_network(item): @@ -533,6 +532,14 @@ class ModuleParameters(Parameters): "Specified 'subnet' is not a valid subnet." ) + @staticmethod + def _flatten_negate(item): + result = flatten_boolean(item['negate']) + item.pop('negate') + if result == 'yes': + return 'not' + return None + class Changes(Parameters): def to_return(self): @@ -554,7 +561,17 @@ class UsableChanges(Changes): return None if not members: return 'none' - return ' '.join(members) + result = [self.escape_spaces(member) for member in members] + return ' '.join(result) + + @staticmethod + def escape_spaces(item): + # this method is needed as the API has problems in handling spaces and using just double quotes causes + # api to complain about quote imbalance + if item.startswith('state ') and ' ' in item[len('state '):]: + return item[:len('state ')] + '\\"{0}\\"'.format(item[len('state '):]) + else: + return item class ReportableChanges(Changes): @@ -733,6 +750,7 @@ class ModuleManager(object): self.client.provider['server'], self.client.provider['server_port'] ) + resp = self.client.api.post(uri, json=payload) try: response = resp.json() diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_wide_ip.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_wide_ip.py index 92f03b621..73173c9a9 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_wide_ip.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_gtm_wide_ip.py @@ -222,7 +222,7 @@ EXAMPLES = r''' type: a pools: - name: pool1 - persistence: yes + persistence: true persist_cidr_ipv4: 24 persist_cidr_ipv6: 120 persistence_ttl: 3500 diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_iapp_service.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_iapp_service.py index b59d2f59e..b3d90abd3 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_iapp_service.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_iapp_service.py @@ -157,7 +157,7 @@ EXAMPLES = r''' bigip_iapp_service: name: tests template: web_frontends - force: yes + force: true state: present parameters: variables: @@ -237,9 +237,9 @@ EXAMPLES = r''' template: f5.http parameters: "{{ lookup('file', 'f5.http.parameters.json') }}" metadata: - - persist: yes + - persist: true name: data 1 - - persist: yes + - persist: true name: data 2 state: present provider: diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_iapp_template.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_iapp_template.py index fa0b03dc4..098864976 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_iapp_template.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_iapp_template.py @@ -91,7 +91,7 @@ EXAMPLES = r''' - name: Update a template in place that has existing services created from it. bigip_iapp_template: content: "{{ lookup('template', 'iapp-new.tmpl') }}" - force: yes + force: true state: present provider: user: admin diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ike_peer.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ike_peer.py index d174a92bd..ab285840b 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ike_peer.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ike_peer.py @@ -769,7 +769,7 @@ class ArgumentSpec(object): ] ), phase1_cert=dict(), - phase1_key=dict(), + phase1_key=dict(no_log=True), phase1_verify_peer_cert=dict(type='bool'), update_password=dict( default='always', diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_imish_config.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_imish_config.py index 962911d34..d728f753d 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_imish_config.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_imish_config.py @@ -20,7 +20,7 @@ options: description: - Route domain on which to manage the BGP configuration. type: str - default: 0 + default: "0" lines: description: - The ordered set of commands that should be configured in the @@ -211,7 +211,9 @@ options: version_added: "1.2.0" notes: - Abbreviated commands are NOT idempotent -extends_documentation_fragment: f5networks.f5_modules.f5 +extends_documentation_fragment: + - f5networks.f5_modules.f5 + - ansible.builtin.files author: - Tim Rupp (@caphrim007) - Wojciech Wypior (@wojtek0806) @@ -284,7 +286,7 @@ EXAMPLES = r''' - name: configurable backup path bigip_imish_config: lines: bfd slow-timer 2000 - backup: yes + backup: true provider: user: admin password: secret @@ -775,7 +777,7 @@ class ArgumentSpec(object): dir_path=dict(type='path') ) argument_spec = dict( - route_domain=dict(default=0), + route_domain=dict(default="0"), src=dict(type='path'), lines=dict( type='list', diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_interface.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_interface.py index 9f791fa65..eff449c2c 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_interface.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_interface.py @@ -266,18 +266,18 @@ EXAMPLES = r''' - name: Update Interface Settings bigip_interface: name: 1.1 - stp: yes - stp_auto_edge_port: no - stp_edge_port: yes + stp: true + stp_auto_edge_port: false + stp_edge_port: true stp_link_type: shared description: my description flow_control: tx lldp_admin: txrx lldp_tlvmap: 8 - force_gigabit_fiber: no + force_gigabit_fiber: false sflow: - poll_interval: 10 - - poll_interval_global: no + - poll_interval_global: false provider: password: secret server: lb.mydomain.com @@ -287,7 +287,7 @@ EXAMPLES = r''' - name: Disable Interface bigip_interface: name: 1.1 - enabled: no + enabled: false provider: password: secret server: lb.mydomain.com @@ -299,7 +299,7 @@ EXAMPLES = r''' name: 1.1 sflow: - poll_interval: 0 - - poll_interval_global: yes + - poll_interval_global: true provider: password: secret server: lb.mydomain.com @@ -382,7 +382,7 @@ stp_auto_edge_port: description: Sets STP automatic edge port detection for the interface. returned: changed type: bool - sample: yes + sample: true stp_edge_port: description: Specifies whether the interface connects to an end station instead of another spanning tree bridge. returned: changed diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_lx_package.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_lx_package.py index 6f58097dd..f42b0e5d0 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_lx_package.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_lx_package.py @@ -88,7 +88,7 @@ EXAMPLES = r''' - name: Install AS3 and don't delete package file bigip_lx_package: package: f5-appsvcs-3.5.0-3.noarch.rpm - retain_package_file: yes + retain_package_file: true provider: password: secret server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_message_routing_peer.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_message_routing_peer.py index b56847daa..81cbe890f 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_message_routing_peer.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_message_routing_peer.py @@ -115,7 +115,7 @@ EXAMPLES = r''' partition: baz transport_config: foovirtual ratio: 10 - auto_init: yes + auto_init: true provider: password: secret server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_message_routing_protocol.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_message_routing_protocol.py index 9fac0371e..a9a142fa4 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_message_routing_protocol.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_message_routing_protocol.py @@ -84,7 +84,7 @@ EXAMPLES = r''' bigip_message_routing_protocol: name: foo description: 'This is parser' - no_response: yes + no_response: true provider: password: secret server: lb.mydomain.com @@ -94,7 +94,7 @@ EXAMPLES = r''' - name: Modify a generic parser bigip_message_routing_protocol: name: foo - no_response: no + no_response: false max_egress_buffer: 10000 max_msg_size: 2000 provider: diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_message_routing_router.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_message_routing_router.py index 7dad08545..94524b0a8 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_message_routing_router.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_message_routing_router.py @@ -122,7 +122,7 @@ EXAMPLES = r''' bigip_message_routing_router: name: foo max_retries: 10 - ignore_client_port: yes + ignore_client_port: true routes: - /Common/route1 - /Common/route2 @@ -135,8 +135,8 @@ EXAMPLES = r''' - name: Modify a generic router profile bigip_message_routing_router: name: foo - ignore_client_port: no - mirror: yes + ignore_client_port: false + mirror: true mirrored_msg_sweeper_interval: 4000 traffic_group: /Common/traffic-group-2 provider: diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_monitor_dns.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_monitor_dns.py index 773825904..ff7ffa006 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_monitor_dns.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_monitor_dns.py @@ -237,7 +237,7 @@ EXAMPLES = r''' query_name: localhost query_type: aaaa up_interval: 5 - adaptive: no + adaptive: false state: present provider: user: admin diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_monitor_gateway_icmp.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_monitor_gateway_icmp.py index 7e4c2c801..e5a01e393 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_monitor_gateway_icmp.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_monitor_gateway_icmp.py @@ -167,7 +167,7 @@ EXAMPLES = r''' - name: Create a monitor bigip_monitor_gateway_icmp: name: gw1 - adaptive: no + adaptive: false interval: 1 time_until_up: 0 timeout: 3 diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_monitor_icmp.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_monitor_icmp.py index 03fa58106..4dfe1a7c2 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_monitor_icmp.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_monitor_icmp.py @@ -172,7 +172,7 @@ EXAMPLES = r''' - name: Create an ICMP monitor bigip_monitor_icmp: name: icmp1 - adaptive: no + adaptive: false interval: 1 time_until_up: 0 timeout: 3 @@ -185,7 +185,7 @@ EXAMPLES = r''' - name: Update an ICMP monitor bigip_monitor_icmp: name: icmp1 - manual_resume: yes + manual_resume: true interval: 5 provider: password: secret diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_password_policy.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_password_policy.py index a649ad9bc..d35cf0134 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_password_policy.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_password_policy.py @@ -396,7 +396,7 @@ class ArgumentSpec(object): max_login_failures=dict(type='int'), min_duration=dict(type='int'), min_length=dict(type='int'), - password_memory=dict(type='int'), + password_memory=dict(type='int', no_log=True), policy_enforcement=dict(type='bool'), required_lowercase=dict(type='int'), required_numeric=dict(type='int'), diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_policy.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_policy.py index 9e35810e5..b7f99f15f 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_policy.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_policy.py @@ -105,8 +105,8 @@ EXAMPLES = r''' path_ends_with: - baz actions: - - forward: yes - select: yes + - forward: true + select: true pool: pool-svrs provider: server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_policy_rule.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_policy_rule.py index e366e13a7..9c7ce9c2f 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_policy_rule.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_policy_rule.py @@ -24,7 +24,7 @@ options: required: True policy: description: - - The name of the policy you want to associate this rule with. + - The name of the policy with which you want to associate this rule. type: str required: True replace_with: @@ -42,7 +42,7 @@ options: - If there are rules with the same rule order number, the device uses rule names to determine how the rules are ordered. - The lower the number, the lower the rule is in the general order, with the lowest number C(0) being the - topmost one. + topmost rule. - Valid range of values is between C(0) and C(4294967295) inclusive. type: int version_added: "1.10.0" @@ -342,10 +342,10 @@ options: conditions: description: - A list of attributes that describe the condition. - - See suboptions for details on how to construct each list entry. + - See sub-options for details on how to construct each list entry. - The ordering of this list is important, the module ensures the order is kept when modifying the task. - - The suboption options below are not required for all condition types, + - The following sub-options are not required for all condition types, read the description for more details. - These conditions can be specified in any order. Despite the fact they are in a list, the order in the list does not matter to the BIG-IP. @@ -376,7 +376,7 @@ options: - tcp path_begins_with_any: description: - - A list of strings of characters the HTTP URI should start with. + - A list of strings of characters with which the HTTP URI should begin. - This parameter is only valid with the C(http_uri) type. type: list elements: str @@ -415,27 +415,27 @@ options: version_added: "1.23.0" host_begins_with_any: description: - - A list of strings of characters the HTTP Host should start with. + - A list of strings of characters with which the HTTP Host should begin. - This parameter is only valid with the C(http_host) type. type: list elements: str host_begins_not_with_any: description: - - A list of strings of characters the HTTP Host should not start with. + - A list of strings of characters with which the HTTP Host should NOT begin. - This parameter is only valid with the C(http_host) type. type: list elements: str version_added: "1.22.0" host_ends_not_with_any: description: - - A list of strings of characters the HTTP Host should not end with. + - A list of strings of characters with which the HTTP Host should NOT begin. - This parameter is only valid with the C(http_host) type. type: list elements: str version_added: "1.22.0" host_ends_with_any: description: - - A list of strings of characters the HTTP Host should end with. + - A list of strings of characters with which the HTTP Host should end. - This parameter is only valid with the C(http_host) type. type: list elements: str @@ -462,27 +462,69 @@ options: version_added: "1.10.0" server_name_is_any: description: - - A list of strings of characters the SSL Extension should match. + - A list of names that includes the server name. - This parameter is only valid with the C(ssl_extension) type. type: list elements: str + server_name_is_not_any: + description: + - A list of names that does NOT include the server name. + - This parameter is only valid with the C(ssl_extension) type. + type: list + elements: str + version_added: "1.27.0" + server_name_begins_with_any: + description: + - A list of names with which the server name should begin. + - This parameter is only valid with the C(ssl_extension) type. + type: list + elements: str + version_added: "1.27.0" + server_name_begins_not_with_any: + description: + - A list of names with which the server name should NOT begin. + - This parameter is only valid with the C(ssl_extension) type. + type: list + elements: str + version_added: "1.27.0" + server_name_ends_with_any: + description: + - A list of names with which the server name should end. + - This parameter is only valid with the C(ssl_extension) type. + type: list + elements: str + version_added: "1.27.0" + server_name_ends_not_with_any: + description: + - A list of names with which the server name should NOT end. + - This parameter is only valid with the C(ssl_extension) type. + type: list + elements: str + version_added: "1.27.0" + server_name_contains: + description: + - A list of names the server name should contain. + - This parameter is only valid with the C(ssl_extension) type. + type: list + elements: str + version_added: "1.27.0" address_matches_with_any: description: - - A list of IP Subnet address strings the IP address should match. + - A list of IP Subnet address strings that the IP address should match. - This parameter is only valid with the C(tcp) type. type: list elements: str version_added: "1.8.0" address_matches_with_datagroup: description: - - A list of internal datagroup strings the IP address should match. + - A list of internal data group strings that the IP address should match. - This parameter is only valid with the C(tcp) type. type: list elements: str version_added: "1.8.0" address_matches_with_external_datagroup: description: - - A list of external datagroup strings the IP address should match. + - A list of external data group strings that the IP address should match. - This parameter is only valid with the C(tcp) type. type: list elements: str @@ -512,7 +554,7 @@ options: default: present partition: description: - - Device partition to manage resources on. + - Device partition on which to manage resources. type: str default: Common extends_documentation_fragment: f5networks.f5_modules.f5 @@ -633,7 +675,7 @@ conditions: type: str sample: http_uri path_begins_with_any: - description: List of strings the URI begins with. + description: List of strings with which the URI begins. returned: changed type: list sample: [foo, bar] @@ -1161,8 +1203,13 @@ class ModuleParameters(Parameters): action[event] = True def _handle_ssl_extension_condition(self, action, item): + options = [ + 'server_name_is_any', 'server_name_is_not_any', 'server_name_contains', + 'server_name_begins_with_any', 'server_name_begins_not_with_any', + 'server_name_ends_with_any', 'server_name_ends_not_with_any', + ] action['type'] = 'ssl_extension' - if 'server_name_is_any' in item: + if 'server_name_is_any' in item and item['server_name_is_any'] is not None: if isinstance(item['server_name_is_any'], list): values = item['server_name_is_any'] else: @@ -1172,6 +1219,69 @@ class ModuleParameters(Parameters): serverName=True, values=values )) + if 'server_name_is_not_any' in item and item['server_name_is_not_any'] is not None: + if isinstance(item['server_name_is_not_any'], list): + values = item['server_name_is_not_any'] + else: + values = [item['server_name_is_not_any']] + action.update({ + 'equals': True, + 'serverName': True, + 'not': True, + 'values': values + }) + if 'server_name_begins_with_any' in item and item['server_name_begins_with_any'] is not None: + if isinstance(item['server_name_begins_with_any'], list): + values = item['server_name_begins_with_any'] + else: + values = [item['server_name_begins_with_any']] + action.update(dict( + serverName=True, + startsWith=True, + values=values + )) + if 'server_name_begins_not_with_any' in item and item['server_name_begins_not_with_any'] is not None: + if isinstance(item['server_name_begins_not_with_any'], list): + values = item['server_name_begins_not_with_any'] + else: + values = [item['server_name_begins_not_with_any']] + action.update({ + 'serverName': True, + 'startsWith': True, + 'not': True, + 'values': values + }) + if 'server_name_ends_with_any' in item and item['server_name_ends_with_any'] is not None: + if isinstance(item['server_name_ends_with_any'], list): + values = item['server_name_ends_with_any'] + else: + values = [item['server_name_ends_with_any']] + action.update(dict( + serverName=True, + endsWith=True, + values=values + )) + if 'server_name_ends_not_with_any' in item and item['server_name_ends_not_with_any'] is not None: + if isinstance(item['server_name_ends_not_with_any'], list): + values = item['server_name_ends_not_with_any'] + else: + values = [item['server_name_ends_not_with_any']] + action.update({ + 'serverName': True, + 'endsWith': True, + 'not': True, + 'values': values + }) + if 'server_name_contains' in item and item['server_name_contains'] is not None: + if isinstance(item['server_name_contains'], list): + values = item['server_name_contains'] + else: + values = [item['server_name_contains']] + action.update({ + 'serverName': True, + 'contains': True, + 'values': values + }) if 'event' not in item: raise F5ModuleError( "An 'event' must be specified when the 'ssl_extension' condition is used." @@ -2692,6 +2802,30 @@ class ArgumentSpec(object): type='list', elements='str', ), + server_name_is_not_any=dict( + type='list', + elements='str', + ), + server_name_begins_with_any=dict( + type='list', + elements='str', + ), + server_name_begins_not_with_any=dict( + type='list', + elements='str', + ), + server_name_ends_with_any=dict( + type='list', + elements='str', + ), + server_name_ends_not_with_any=dict( + type='list', + elements='str', + ), + server_name_contains=dict( + type='list', + elements='str', + ), address_matches_with_any=dict( type='list', elements='str', diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_pool.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_pool.py index 50d503e44..82ec9c8b2 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_pool.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_pool.py @@ -106,7 +106,7 @@ options: - reselect partition: description: - - Device partition to manage resources on. + - Device partition on which to manage resources. type: str default: Common state: @@ -185,6 +185,166 @@ options: you run the module in C(check) mode to ensure basic validation prior to executing this module. type: list elements: dict + suboptions: + description: + description: + - Specifies descriptive text that identifies the pool. + type: str + name: + description: + - Pool name + type: str + aliases: + - pool + lb_method: + description: + - Load balancing method. When creating a new pool, if this value is not + specified, the default of C(round-robin) is used. + type: str + choices: + - dynamic-ratio-member + - dynamic-ratio-node + - fastest-app-response + - fastest-node + - least-connections-member + - least-connections-node + - least-sessions + - observed-member + - observed-node + - predictive-member + - predictive-node + - ratio-least-connections-member + - ratio-least-connections-node + - ratio-member + - ratio-node + - ratio-session + - round-robin + - weighted-least-connections-member + - weighted-least-connections-node + monitor_type: + description: + - Monitor rule type when C(monitors) is specified. + - When creating a new pool, if this value is not specified, the default + of C(and_list) is used. + - When C(single), ensures all specified monitors are checked, but + additionally includes checks to make sure you only specified a single + monitor. + - When C(and_list), ensures B(all) monitors are checked. + - When C(m_of_n), ensures C(quorum) of C(monitors) are checked. C(m_of_n) + B(requires) a C(quorum) of 1 or greater be set either in the playbook, + or already exist on the device. + - Both C(single) and C(and_list) are functionally identical, as BIG-IP + considers all monitors as "a list". + type: str + aliases: + - availability_requirements_type + choices: + - and_list + - m_of_n + - single + quorum: + description: + - Monitor quorum value when C(monitor_type) is C(m_of_n). + - Quorum must be a value of 1 or greater when C(monitor_type) is C(m_of_n). + type: int + aliases: + - availability_requirements_at_least + monitors: + description: + - Monitor template name list. If the partition is not provided as part of + the monitor name, the C(partition) option is used instead. + type: list + elements: str + slow_ramp_time: + description: + - Sets the ramp-up time (in seconds) to gradually ramp up the load on + newly added or freshly detected up pool members. + type: int + reselect_tries: + description: + - Sets the number of times the system tries to contact a pool member + after a passive failure. + type: int + service_down_action: + description: + - Sets the action to take when node goes down in pool. + type: str + choices: + - none + - reset + - drop + - reselect + partition: + description: + - Device partition on which to manage resources. + type: str + default: Common + state: + description: + - When C(present), guarantees the pool exists with the provided + attributes. + - When C(absent), removes the pool from the system. + type: str + choices: + - absent + - present + default: present + metadata: + description: + - Arbitrary key/value pairs you can attach to a pool. This is useful in + situations where you might want to annotate a pool to be managed by Ansible. + - Key names are stored as strings; this includes names that are numbers. + - Values for all of the keys are stored as strings; this includes values + that are numbers. + - Data will be persisted, not ephemeral. + type: raw + priority_group_activation: + description: + - Specifies whether the system load balances traffic according to the priority + number assigned to the pool member. + - When creating a new pool, if this parameter is not specified, the default of + C(0) is used. + - To disable this setting, provide the value C(0). + - Once you enable this setting, you can specify pool member priority when you + create a new pool or on a pool member's properties screen. + - The system treats same-priority pool members as a group. + - To enable priority group activation, provide a number from C(0) to C(65535) + that represents the minimum number of members that must be available in one + priority group before the system directs traffic to members in a lower + priority group. + - When a sufficient number of members become available in the higher priority + group, the system again directs traffic to the higher priority group. + type: int + aliases: + - minimum_active_members + min_up_members: + description: + - Specifies the minimum number of pool members that must be up, + - otherwise, the system takes the action specified in the C(min-up-members-action) option. + - Use this option for gateway pools in a redundant system where a unit number is applied to the pool. + - This indicates the pool is configured only on the specified unit. + - When creating a new pool, if this parameter is not specified, the default is C(0). + type: int + min_up_members_action: + description: + - Specifies the action to take if C(min_up_members_checking) is C(enabled) and the number of active pool members + falls below the number specified in the C(min_up_members) option. + - When creating a new pool, if this parameter is not specified, the default is C(failover). + type: str + choices: + - failover + - reboot + - restart-all + min_up_members_checking: + description: + - Enables or disables the C(min_up_members) feature. + - If you enable this feature, you must also specify a value for both the C(min_up_members) and + C(min_up_members_action) options. + - When creating a new pool, if this parameter is not specified, the default is C(disabled). + type: str + choices: + - enabled + - disabled aliases: - pools replace_all_with: @@ -363,7 +523,7 @@ EXAMPLES = r''' partition: Common lb_method: round-robin slow_ramp_time: 120 - replace_all_with: yes + replace_all_with: true provider: server: lb.mydomain.com user: admin @@ -790,6 +950,8 @@ class Difference(object): "Quorum value must be specified with monitor_type 'm_of_n'." ) if self.want.monitors != self.have.monitors: + if self.want.monitors is None or not self.want.monitors_list: + return None return dict( monitors=self.want.monitors ) @@ -799,6 +961,8 @@ class Difference(object): "Quorum values have no effect when used with 'and_list'." ) if self.want.monitors != self.have.monitors: + if self.want.monitors is None or not self.want.monitors_list: + return None return dict( monitors=self.want.monitors ) @@ -822,6 +986,8 @@ class Difference(object): # "and_list plus some extra checks" self.want.update(dict(monitor_type='and_list')) if self.want.monitors != self.have.monitors: + if self.want.monitors is None or not self.want.monitors_list: + return None return dict( monitors=self.want.monitors ) @@ -836,10 +1002,17 @@ class Difference(object): @property def monitors(self): + if self.want.monitors is None: + return None + if not self.want.monitors_list and self.have.monitors is None: + # Idempotency check - removing monitors from a device where no monitors exists + return None + # when monitors_list is [], remove all the monitors + if not self.want.monitors_list: + # monitors is '' in the case of monitor_type and_list and min <quorum> of { } in case monitor_type m_of_n + return {'monitors': ''} if self.want.monitor_type is None: self.want.update(dict(monitor_type=self.have.monitor_type)) - if not self.want.monitors_list: - self.want.monitors = self.have.monitors_list if not self.want.monitors and self.want.monitor_type is not None: raise F5ModuleError( "The 'monitors' parameter cannot be empty when 'monitor_type' parameter is specified" @@ -1278,10 +1451,6 @@ class ArgumentSpec(object): ), description=dict(), metadata=dict(type='raw'), - state=dict( - default='present', - choices=['present', 'absent'] - ), priority_group_activation=dict( type='int', aliases=['minimum_active_members'] @@ -1295,6 +1464,10 @@ class ArgumentSpec(object): min_up_members_checking=dict( choices=['enabled', 'disabled'] ), + state=dict( + default='present', + choices=['present', 'absent'] + ), partition=dict( default='Common', fallback=(env_fallback, ['F5_PARTITION']) @@ -1303,8 +1476,9 @@ class ArgumentSpec(object): aggregate_spec = deepcopy(element_spec) - # remove default in aggregate spec, to handle common arguments remove_default_spec(aggregate_spec) + aggregate_spec["state"].update(default="present") + aggregate_spec["partition"].update(default="Common") argument_spec = dict( aggregate=dict( diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_pool_member.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_pool_member.py index 85a97da9b..b1ddbf61b 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_pool_member.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_pool_member.py @@ -16,35 +16,183 @@ description: - Manages F5 BIG-IP LTM pool members via the REST API. version_added: "1.0.0" options: - name: - description: - - Name of the node to create or re-use when creating a new pool member. - - While this parameter is optional, we recommend specifying this parameter - at all times to mitigate anyunexpected behavior. - - If not specified, a node name is created automatically from either the specified C(address) or C(fqdn). - - The C(enabled) state is an alias of C(present). - type: str - state: + aggregate: description: - - Pool member state. - type: str - choices: - - present - - absent - - enabled - - disabled - - forced_offline - default: present + - List of pool member definitions to be created, modified, or removed. + - When using C(aggregates), if one of the aggregate definitions is invalid, the aggregate run will fail, + indicating the error it last encountered. + - The module will B(NOT) rollback any changes it has made prior to encountering the error. + - The module also will not indicate what changes were made prior to failure. Therefore we strong advise + you run the module in C(check) mode to ensure basic validation prior to executing this module. + type: list + elements: dict + suboptions: + name: + description: + - Name of the node to create or re-use when creating a new pool member. + - While this parameter is optional, we recommend specifying this parameter + at all times to mitigate any unexpected behavior. + - If not specified, a node name is created automatically from either the specified C(address) or C(fqdn). + - The C(enabled) state is an alias of C(present). + type: str + address: + description: + - IP address of the pool member. This can be either IPv4 or IPv6. When creating a + new pool member, one of either C(address) or C(fqdn) must be provided. This + parameter cannot be updated after it is set. + type: str + aliases: + - ip + - host + fqdn: + description: + - FQDN name of the pool member. This can be any name that is a valid RFC 1123 DNS + name. Therefore, the only usable characters are "A" to "Z", + "a" to "z", "0" to "9", the hyphen ("-") and the period ("."). + - FQDN names must include at least one period; delineating the host from + the domain. For example, C(host.domain). + - FQDN names must end with a letter or a number. + - When creating a new pool member, one of either C(address) or C(fqdn) must be + provided. This parameter cannot be updated after it is set. + type: str + aliases: + - hostname + port: + description: + - Pool member port. + - This value cannot be changed after it has been set. + - Parameter must be provided when using aggregates. + type: int + connection_limit: + description: + - Pool member connection limit. Setting this to C(0) disables the limit. + type: int + description: + description: + - Pool member description. + type: str + rate_limit: + description: + - Pool member rate limit (connections-per-second). Setting this to C(0) + disables the limit. + type: int + ratio: + description: + - Pool member ratio weight. Valid values range from 1 through 100. + New pool members -- unless overridden with this value -- default + to 1. + type: int + preserve_node: + description: + - When state is C(absent), the system attempts to remove the node the pool + member references. + - The node will not be removed if it is still referenced by other pool + members. If this happens, the module will not raise an error. + - Setting this to C(true) disables this behavior. + type: bool + priority_group: + description: + - Specifies a number representing the priority group for the pool member. + - When adding a new member, the default is C(0), meaning the member has no priority. + - To specify a priority, you must activate priority group usage when you + create a new pool or when adding or removing pool members. When activated, + the system load balances traffic according to the priority group number + assigned to the pool member. + - The higher the number, the higher the priority. So a member with a priority + of 3 has higher priority than a member with a priority of 1. + type: int + fqdn_auto_populate: + description: + - Specifies whether the system automatically creates ephemeral nodes using + the IP addresses returned by the resolution of a DNS query for a node + defined by an FQDN. + - When C(true), the system generates an ephemeral node for each IP address + returned in response to a DNS query for the FQDN of the node. Additionally, + when a DNS response indicates the IP address of an ephemeral node no longer + exists, the system deletes the ephemeral node. + - When C(false), the system resolves a DNS query for the FQDN of the node + with the single IP address associated with the FQDN. + - When creating a new pool member, the default for this parameter is C(true). + - Once set this parameter cannot be changed afterwards. + - This parameter is ignored when C(reuse_nodes) is C(true). + type: bool + reuse_nodes: + description: + - Reuses node definitions if requested. + type: bool + default: true + monitors: + description: + - Specifies the health monitors the system currently uses to monitor + this resource. + type: list + elements: str + availability_requirements: + description: + - If you activate more than one health monitor, specifies the number of health + monitors that must receive successful responses in order for the link to be + considered available. + - Specifying an empty string will remove the monitors and revert to inheriting from the pool (default). + - Specifying C(none) will remove any health monitoring from the member completely. + type: dict + suboptions: + type: + description: + - Monitor rule type when C(monitors) is specified. + - When creating a new pool, if this value is not specified, the default of + C(all) will be used. + type: str + required: True + choices: + - all + - at_least + at_least: + description: + - Specifies the minimum number of active health monitors that must be successful + before the link is considered up. + - This parameter is only relevant when a C(type) of C(at_least) is used. + - This parameter will be ignored if a type of C(all) is used. + type: int + ip_encapsulation: + description: + - Specifies the IP encapsulation using either IPIP (IP encapsulation within IP, + RFC 2003) or GRE (Generic Router Encapsulation, RFC 2784) on outbound packets + (from BIG-IP system to server-pool member). + - When C(none), disables IP encapsulation. + - When C(inherit), inherits the IP encapsulation setting from the member's pool. + - When any other value, the options are None, Inherit from Pool, and Member Specific. + type: str + state: + description: + - Pool member state. + type: str + choices: + - present + - absent + - enabled + - disabled + - forced_offline + default: present + partition: + description: + - Partition to manage resources on. + type: str + default: Common + aliases: + - members pool: description: - Pool name. This pool must exist. type: str required: True - partition: + name: description: - - Partition to manage resources on. + - Name of the node to create or re-use when creating a new pool member. + - While this parameter is optional, we recommend specifying this parameter + at all times to mitigate any unexpected behavior. + - If not specified, a node name is created automatically from either the specified C(address) or C(fqdn). + - The C(enabled) state is an alias of C(present). type: str - default: Common address: description: - IP address of the pool member. This can be either IPv4 or IPv6. When creating a @@ -130,7 +278,7 @@ options: description: - Reuses node definitions if requested. type: bool - default: yes + default: true monitors: description: - Specifies the health monitors the system currently uses to monitor @@ -172,18 +320,22 @@ options: - When C(inherit), inherits the IP encapsulation setting from the member's pool. - When any other value, the options are None, Inherit from Pool, and Member Specific. type: str - aggregate: + state: description: - - List of pool member definitions to be created, modified, or removed. - - When using C(aggregates), if one of the aggregate definitions is invalid, the aggregate run will fail, - indicating the error it last encountered. - - The module will B(NOT) rollback any changes it has made prior to encountering the error. - - The module also will not indicate what changes were made prior to failure. Therefore we strong advise - you run the module in C(check) mode to ensure basic validation prior to executing this module. - type: list - elements: dict - aliases: - - members + - Pool member state. + type: str + choices: + - present + - absent + - enabled + - disabled + - forced_offline + default: present + partition: + description: + - Partition to manage resources on. + type: str + default: Common replace_all_with: description: - Removes members not defined in the C(aggregate) parameter. @@ -343,7 +495,7 @@ EXAMPLES = r''' connection_limit: 100 rate_limit: 50 ratio: 2 - replace_all_with: yes + replace_all_with: true provider: server: lb.mydomain.com user: admin @@ -1612,6 +1764,9 @@ class ArgumentSpec(object): # remove default in aggregate spec, to handle common arguments remove_default_spec(aggregate_spec) + aggregate_spec["state"].update(default="present") + aggregate_spec["partition"].update(default="Common") + aggregate_spec["reuse_nodes"].update(default=True) self.argument_spec = dict( aggregate=dict( diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_client_ssl.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_client_ssl.py index 4497edf3d..4084fba21 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_client_ssl.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_client_ssl.py @@ -1180,11 +1180,12 @@ class ArgumentSpec(object): cert_key_chain=dict( type='list', elements='dict', + no_log=True, options=dict( cert=dict(required=True), - key=dict(required=True), + key=dict(required=True, no_log=True), chain=dict(), - passphrase=dict(), + passphrase=dict(no_log=True), true_names=dict( type='bool', default='no' diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_dns.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_dns.py index 5ace57732..507b7a8fd 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_dns.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_dns.py @@ -151,12 +151,12 @@ EXAMPLES = r''' - name: Create a DNS profile bigip_profile_dns: name: foo - enable_dns_express: no - enable_dnssec: no - enable_gtm: no - process_recursion_desired: no - use_local_bind: no - enable_dns_firewall: yes + enable_dns_express: false + enable_dnssec: false + enable_gtm: false + process_recursion_desired: false + use_local_bind: false + enable_dns_firewall: true provider: password: secret server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_ftp.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_ftp.py index 20cf05a7e..cb64094e7 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_ftp.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_ftp.py @@ -88,7 +88,7 @@ EXAMPLES = r''' name: foo parent: /Common/barfoo port: 2221 - allow_ftps: yes + allow_ftps: true provider: password: secret server: lb.mydomain.com @@ -100,7 +100,7 @@ EXAMPLES = r''' name: foo log_profile: /Common/alg_log log_publisher: /Common/foo_publisher - security: yes + security: true description: my description provider: password: secret diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_http.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_http.py index 7f56fab59..57731bd46 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_http.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_http.py @@ -377,7 +377,7 @@ EXAMPLES = r''' - name: Create HTTP profile bigip_profile_http: name: my_profile - insert_xforwarded_for: yes + insert_xforwarded_for: true redirect_rewrite: all state: present provider: diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_http2.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_http2.py index d6c5961d3..11d5c730b 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_http2.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_http2.py @@ -114,7 +114,7 @@ EXAMPLES = r''' - name: Create HTTP2 profile bigip_profile_http2: name: my_profile - insert_header: yes + insert_header: true insert_header_name: FOO state: present provider: diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_persistence_src_addr.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_persistence_src_addr.py index d0c834bb7..69e7668a5 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_persistence_src_addr.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_persistence_src_addr.py @@ -113,9 +113,9 @@ EXAMPLES = r''' name: foo state: present hash_algorithm: carp - match_across_services: yes - match_across_virtuals: yes - mirror: yes + match_across_services: true + match_across_virtuals: true + mirror: true mask: 255.255.255.255 provider: password: secret diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_persistence_universal.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_persistence_universal.py index 20355a96b..721da176c 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_persistence_universal.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_persistence_universal.py @@ -103,9 +103,9 @@ EXAMPLES = r''' bigip_profile_persistence_universal: name: foo state: present - match_across_services: yes - match_across_virtuals: yes - mirror: yes + match_across_services: true + match_across_virtuals: true + mirror: true provider: password: secret server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_server_ssl.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_server_ssl.py index a12262eef..a33b501f9 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_server_ssl.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_server_ssl.py @@ -773,7 +773,7 @@ class ArgumentSpec(object): name=dict(required=True), certificate=dict(), chain=dict(), - key=dict(), + key=dict(no_log=True), passphrase=dict(no_log=True), parent=dict(default='/Common/serverssl'), ciphers=dict(), diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_sip.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_sip.py index 5386e9f94..dac9e4810 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_sip.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_sip.py @@ -130,7 +130,7 @@ EXAMPLES = r''' log_profile: alg_log log_publisher: foo-publisher description: this is a new profile - security: yes + security: true provider: password: secret server: lb.mydomain.com @@ -140,9 +140,9 @@ EXAMPLES = r''' - name: Update SIP profile bigip_profile_sip: name: foo - insert_record_route_header: yes - enable_sip_firewall: yes - insert_via_header: yes + insert_record_route_header: true + enable_sip_firewall: true + insert_via_header: true user_via_header: "SIP/2.0/UDP 10.10.10.10:5060" provider: password: secret diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_tcp.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_tcp.py index 44bd3ce91..c5687db9b 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_tcp.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_tcp.py @@ -156,7 +156,7 @@ EXAMPLES = r''' bigip_profile_tcp: name: foo parent: f5-tcp-progressive - time_wait_recycle: no + time_wait_recycle: false idle_timeout: 300 state: present provider: diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_udp.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_udp.py index d7aa4ab86..0aab26cc4 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_udp.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_profile_udp.py @@ -73,7 +73,7 @@ EXAMPLES = r''' name: foo parent: udp idle_timeout: 300 - datagram_load_balancing: no + datagram_load_balancing: false state: present provider: user: admin diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_provision_async.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_provision_async.py index 453fdfc8a..49c5338f2 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_provision_async.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_provision_async.py @@ -124,7 +124,7 @@ EXAMPLES = r''' - name: Check for provision progress bigip_provision_async: module: "gtm" - check_status: yes + check_status: true status_timeout: 900 provider: server: lb.mydomain.com @@ -147,7 +147,7 @@ EXAMPLES = r''' - name: Re-check for provision progress bigip_provision_async: module: "gtm" - check_status: yes + check_status: true status_timeout: 900 provider: server: lb.mydomain.com @@ -191,7 +191,7 @@ EXAMPLES = r''' bigip_provision_async: module: "vcmp" level: "dedicated" - check_status: yes + check_status: true status_timeout: 900 provider: server: lb.mydomain.com @@ -216,7 +216,7 @@ EXAMPLES = r''' bigip_provision_async: module: "vcmp" level: "dedicated" - check_status: yes + check_status: true status_timeout: 900 provider: server: lb.mydomain.com @@ -260,7 +260,7 @@ EXAMPLES = r''' bigip_provision_async: module: "vcmp" state: "absent" - check_status: yes + check_status: true status_timeout: 900 provider: server: lb.mydomain.com @@ -282,7 +282,7 @@ EXAMPLES = r''' bigip_provision_async: module: "vcmp" state: "absent" - check_status: yes + check_status: true status_timeout: 900 provider: server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_qkview.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_qkview.py index e71128c4e..e392a1c93 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_qkview.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_qkview.py @@ -63,7 +63,7 @@ options: - If C(no), the file will only be transferred if the destination does not exist. type: bool - default: yes + default: true only_create_file: description: - If C(true), the file is created on the device and not downloaded. The file will not be deleted by the @@ -87,7 +87,7 @@ author: EXAMPLES = r''' - name: Fetch a qkview from the remote device bigip_qkview: - asm_request_log: yes + asm_request_log: true exclude: - audit - secure diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_remote_role.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_remote_role.py index 1300989de..f42990134 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_remote_role.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_remote_role.py @@ -99,7 +99,7 @@ EXAMPLES = r''' name: ldap_group line_order: 1 attribute_string: memberOf=cn=ldap_group,cn=ldap.group,ou=ldap - remote_access: yes + remote_access: true assigned_role: administrator partition_access: all terminal_access: none diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_remote_user.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_remote_user.py index 053570fd6..7358f17d4 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_remote_user.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_remote_user.py @@ -60,7 +60,7 @@ EXAMPLES = r''' - name: Modify default partition and console access bigip_remote_user: default_partition: Common - console_access: yes + console_access: true provider: password: secret server: lb.mydomain.com @@ -71,7 +71,7 @@ EXAMPLES = r''' bigip_remote_user: default_partition: Common default_role: manager - console_access: yes + console_access: true description: "Changed new settings" provider: password: secret @@ -83,7 +83,7 @@ EXAMPLES = r''' bigip_remote_user: default_partition: all default_role: "no-access" - console_access: no + console_access: false description: "" provider: password: secret diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_selfip.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_selfip.py index 2ab13a1d2..afe906532 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_selfip.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_selfip.py @@ -20,6 +20,7 @@ options: - The IP addresses for the new self IP. This value is ignored upon update as addresses themselves cannot be changed after they are created. - This value is required when creating new self IPs. + - IPv4 and IPv6 are supported. type: str allow_service: description: @@ -104,6 +105,18 @@ EXAMPLES = r''' user: admin delegate_to: localhost +- name: Create Self IPv6 + bigip_selfip: + address: fe80::10 + name: self2 + netmask: "ffff:ffff:ffff:ffff::" + vlan: vlan1 + provider: + password: secret + server: lb.mydomain.com + user: admin + delegate_to: localhost + - name: Create Self IP with a Route Domain bigip_selfip: name: self1 diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_service_policy.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_service_policy.py index 432e880c0..1e4db5ffe 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_service_policy.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_service_policy.py @@ -60,8 +60,8 @@ EXAMPLES = r''' name: foo timer_policy: timer1 port_misuse_policy: misuse1 - timer_policy_enabled: yes - port_misuse_policy_enabled: yes + timer_policy_enabled: true + port_misuse_policy_enabled: true state: present provider: user: admin diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_snat_translation.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_snat_translation.py index b9b60d56a..f3826c689 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_snat_translation.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_snat_translation.py @@ -112,7 +112,7 @@ EXAMPLES = r''' name: my-snat-pool state: present address: 10.10.10.10 - arp: no + arp: false connection_limit: 300 ip_idle_timeout: 1800 tcp_idle_timeout: 1800 @@ -128,7 +128,7 @@ EXAMPLES = r''' name: my-snat-pool state: disabled address: 10.10.10.10 - arp: no + arp: false connection_limit: 300 ip_idle_timeout: 1800 tcp_idle_timeout: 1800 @@ -144,7 +144,7 @@ EXAMPLES = r''' name: my-snat-pool state: enabled address: 10.10.10.10 - arp: no + arp: false connection_limit: 300 ip_idle_timeout: 1800 tcp_idle_timeout: 1800 @@ -160,7 +160,7 @@ EXAMPLES = r''' name: my-new-snat-pool state: enabled address: 10.10.10.10 - arp: no + arp: false connection_limit: 300 ip_idle_timeout: 1800 partition: ansible @@ -177,7 +177,7 @@ EXAMPLES = r''' name: my-new-snat-pool state: enabled address: 10.10.10.10 - arp: no + arp: false connection_limit: 300 ip_idle_timeout: 1800 partition: ansible @@ -189,7 +189,6 @@ EXAMPLES = r''' user: admin password: secret delegate_to: localhost - ''' RETURN = r''' diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_software_update.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_software_update.py index 5ce7c77c8..7e9605356 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_software_update.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_software_update.py @@ -42,7 +42,7 @@ author: EXAMPLES = r''' - name: Enable automatic update checking bigip_software_update: - auto_check: yes + auto_check: true provider: password: secret server: lb.mydomain.com @@ -51,8 +51,8 @@ EXAMPLES = r''' - name: Disable automatic update checking and phoning home bigip_software_update: - auto_check: no - auto_phone_home: no + auto_check: false + auto_phone_home: false provider: password: secret server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py index df3d00e11..3b9533edb 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_key_cert.py @@ -459,9 +459,9 @@ class ModuleManager(object): return True self.create_on_device() if self.want.key_filename: - self.remove_uploaded_file_from_device(self.want.key_filename) + self.remove_uploaded_file_from_device(self.want.key_filename + "_key") if self.want.cert_filename: - self.remove_uploaded_file_from_device(self.want.cert_filename) + self.remove_uploaded_file_from_device(self.want.cert_filename + "_cert") return True def remove_uploaded_file_from_device(self, name): @@ -585,6 +585,8 @@ class ModuleManager(object): ) key_params_dict = params_dict.copy() key_params_dict['sourcePath'] = self.want.key_source_path + if self.want.passphrase: + key_params_dict['passphrase'] = self.want.passphrase links_and_params.append({'link': key_link, 'params': key_params_dict}) if self.want.cert_name: @@ -611,7 +613,9 @@ class ModuleManager(object): ) key_params_dict = params_dict.copy() key_params_dict['name'] = self.want.key_filename - key_params_dict['sourcePath'] = self.want.key_source_path + key_params_dict['sourcePath'] = self.want.key_source_path + "_key" + if self.want.passphrase: + key_params_dict['passphrase'] = self.want.passphrase links_and_params.append({'link': key_link, 'params': key_params_dict}) if self.want.cert_name: @@ -621,7 +625,7 @@ class ModuleManager(object): ) cert_params_dict = params_dict.copy() cert_params_dict['name'] = self.want.cert_filename - cert_params_dict['sourcePath'] = self.want.cert_source_path + cert_params_dict['sourcePath'] = self.want.cert_source_path + "_cert" links_and_params.append({'link': cert_link, 'params': cert_params_dict}) @@ -637,11 +641,11 @@ class ModuleManager(object): if self.want.key_name: key_content = StringIO(self.want.key_content) - self.upload_file_to_device(key_content, self.want.key_filename) + self.upload_file_to_device(key_content, self.want.key_filename + "_key") if self.want.cert_name: cert_content = StringIO(self.want.cert_content) - self.upload_file_to_device(cert_content, self.want.cert_filename) + self.upload_file_to_device(cert_content, self.want.cert_filename + "_cert") with TransactionContextManager(self.client) as transact: for link in links_and_params: diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_ocsp.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_ocsp.py index ad76b55bb..7c2bb0cfb 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_ocsp.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ssl_ocsp.py @@ -728,7 +728,7 @@ class ArgumentSpec(object): choices=['sha256', 'sha1'] ), certificate=dict(), - key=dict(), + key=dict(no_log=True), passphrase=dict(no_log=True), status_age=dict(type='int'), strict_responder_checking=dict(type='bool'), diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_static_route.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_static_route.py index 3e8b84929..604b3727a 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_static_route.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_static_route.py @@ -101,7 +101,7 @@ EXAMPLES = r''' password: secret server: lb.mydomain.come user: admin - validate_certs: no + validate_certs: false delegate_to: localhost ''' @@ -135,7 +135,7 @@ pool: description: Whether the banner is enabled or not. returned: changed type: str - sample: yes + sample: true partition: description: The partition that the static route was created on. returned: changed diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_sys_db.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_sys_db.py index ac9580634..376a28851 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_sys_db.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_sys_db.py @@ -366,7 +366,7 @@ class ArgumentSpec(object): def __init__(self): self.supports_check_mode = True argument_spec = dict( - key=dict(required=True), + key=dict(required=True, no_log=True), state=dict( default='present', choices=['present', 'reset'] diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_sys_global.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_sys_global.py index 37d921a4d..fb9dd1555 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_sys_global.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_sys_global.py @@ -80,7 +80,7 @@ author: EXAMPLES = r''' - name: Disable the setup utility bigip_sys_global: - gui_setup: no + gui_setup: false provider: password: secret server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_trunk.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_trunk.py index 7dbb18cf5..90ea3c31c 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_trunk.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_trunk.py @@ -132,7 +132,7 @@ EXAMPLES = r''' - 1.2 link_selection_policy: maximum-bandwidth frame_distribution_hash: destination-mac - lacp_enabled: yes + lacp_enabled: true lacp_mode: passive lacp_timeout: short provider: diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_tunnel.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_tunnel.py index d5ce23bcf..50f690570 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_tunnel.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_tunnel.py @@ -157,7 +157,7 @@ EXAMPLES = r''' key: 0 secondary_address: 192.168.1.100 mtu: 0 - use_pmtu: yes + use_pmtu: true tos: preserve auto_last_hop: default traffic_group: traffic-group-1 @@ -570,7 +570,7 @@ class ArgumentSpec(object): name=dict(required=True), profile=dict(), description=dict(), - key=dict(type='int'), + key=dict(type='int', no_log=True), local_address=dict(), remote_address=dict(), secondary_address=dict(), diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ucs.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ucs.py index f71f936f6..e4ddfb39e 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ucs.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ucs.py @@ -128,7 +128,7 @@ EXAMPLES = r''' bigip_ucs: ucs: /root/bigip.localhost.localdomain.ucs state: installed - no_license: yes + no_license: true provider: server: lb.mydomain.com user: admin @@ -139,8 +139,8 @@ EXAMPLES = r''' bigip_ucs: ucs: /root/bigip.localhost.localdomain.ucs state: installed - no_license: yes - no_platform_check: yes + no_license: true + no_platform_check: true provider: server: lb.mydomain.com user: admin diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ucs_fetch.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ucs_fetch.py index 687828906..ef63f61fe 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ucs_fetch.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_ucs_fetch.py @@ -90,7 +90,9 @@ notes: https://clouddocs.f5.com/products/orchestration/ansible/devel/usage/module-usage-with-tower.html - Some longer running tasks might cause the REST interface on BIG-IP to time out, to avoid this adjust the timers as per this KB article https://support.f5.com/csp/article/K94602685 -extends_documentation_fragment: f5networks.f5_modules.f5 +extends_documentation_fragment: + - f5networks.f5_modules.f5 + - ansible.builtin.files author: - Tim Rupp (@caphrim007) - Wojciech Wypior (@wojtek0806) @@ -110,7 +112,7 @@ EXAMPLES = r''' - name: Only create new UCS, no download bigip_ucs_fetch: src: cs_backup.ucs - only_create_file: yes + only_create_file: true provider: server: lb.mydomain.com user: admin @@ -130,7 +132,7 @@ EXAMPLES = r''' - name: Recreate UCS file left on device - create new file bigip_ucs_fetch: src: cs_backup.ucs - only_create_file: yes + only_create_file: true provider: server: lb.mydomain.com user: admin diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_vcmp_guest.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_vcmp_guest.py index ae3a7949f..be3570840 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_vcmp_guest.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_vcmp_guest.py @@ -204,7 +204,7 @@ EXAMPLES = r''' bigip_vcmp_guest: name: guest1 state: absent - delete_virtual_disk: yes + delete_virtual_disk: true provider: password: secret server: lb.mydomain.com diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_virtual_server.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_virtual_server.py index 37b56e814..7994c15e4 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_virtual_server.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_virtual_server.py @@ -1626,11 +1626,14 @@ class ApiParameters(Parameters): if 'items' not in self._values['profiles']: return None result = [] + prof_path = 'https://localhost/mgmt/tm/ltm/profile/' for item in self._values['profiles']['items']: context = item['context'] name = item['name'] + path = item['nameReference']['link'] if context in ['all', 'serverside', 'clientside']: - result.append(dict(name=name, context=context, fullPath=item['fullPath'])) + if path.startswith(prof_path): + result.append(dict(name=name, context=context, fullPath=item['fullPath'])) else: raise F5ModuleError( "Unknown profile context found: '{0}'".format(context) diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_fasthttp.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_fasthttp.py index 743ba9603..18b9704d3 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_fasthttp.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_fasthttp.py @@ -44,7 +44,7 @@ options: - The port of the server. - When creating a new application and specifying a server, if this parameter is not provided, the default is C(80). - type: str + type: int default: 80 inbound_virtual: description: @@ -69,7 +69,7 @@ options: - The port on which the virtual listens for connections. - When creating a new application, if this parameter is not specified, the default value is C(80). - type: str + type: int default: 80 type: dict service_environment: @@ -113,7 +113,7 @@ author: ''' EXAMPLES = r''' -- name: Load balance an HTTP application on port 80 on BIG-IP +- name: BIG-IQ CM an HTTP application on port 80 on BIG-IP bigiq_application_fasthttp: name: my-app description: Fast HTTP @@ -130,7 +130,7 @@ EXAMPLES = r''' port: 80 provider: password: secret - server: lb.mydomain.com + server: cm.mydomain.com user: admin state: present delegate_to: localhost @@ -713,7 +713,7 @@ class ArgumentSpec(object): elements='dict', options=dict( address=dict(required=True), - port=dict(default=80) + port=dict(type='int', default=80) ) ), inbound_virtual=dict( @@ -721,7 +721,7 @@ class ArgumentSpec(object): options=dict( address=dict(required=True), netmask=dict(required=True), - port=dict(default=80) + port=dict(type='int', default=80) ) ), service_environment=dict(), diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_fastl4_tcp.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_fastl4_tcp.py index be64888e2..bbeead3a5 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_fastl4_tcp.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_fastl4_tcp.py @@ -44,7 +44,7 @@ options: - The port of the server. - When creating a new application and specifying a server, if this parameter is not provided, the default is C(8000). - type: str + type: int default: 8000 inbound_virtual: description: @@ -69,7 +69,7 @@ options: - The port on which the virtual listens for connections. - When creating a new application, if this parameter is not specified, the default value is C(8080). - type: str + type: int default: 8080 service_environment: description: @@ -114,7 +114,7 @@ author: ''' EXAMPLES = r''' -- name: Load balance a TCP-based application with a FastL4 profile +- name: BIG-IQ CM a TCP-based application with a FastL4 profile bigiq_application_fastl4_tcp: name: my-app description: My description @@ -131,7 +131,7 @@ EXAMPLES = r''' port: 443 provider: password: secret - server: lb.mydomain.com + server: cm.mydomain.com user: admin state: present delegate_to: localhost @@ -661,7 +661,7 @@ class ArgumentSpec(object): elements='dict', options=dict( address=dict(required=True), - port=dict(default=8000) + port=dict(type='int', default=8000) ) ), inbound_virtual=dict( @@ -669,7 +669,7 @@ class ArgumentSpec(object): options=dict( address=dict(required=True), netmask=dict(required=True), - port=dict(default=8080) + port=dict(type='int', default=8080) ) ), service_environment=dict(), diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_fastl4_udp.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_fastl4_udp.py index 3cc61593a..fca1cb66c 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_fastl4_udp.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_fastl4_udp.py @@ -44,7 +44,7 @@ options: - The port of the server. - When creating a new application and specifying a server, if this parameter is not provided, the default is C(8000). - type: str + type: int default: 8000 inbound_virtual: description: @@ -69,7 +69,7 @@ options: - The port on which the virtual listens for connections. - When creating a new application, if this parameter is not specified, the default value is C(53). - type: str + type: int default: 53 service_environment: description: @@ -113,7 +113,7 @@ author: ''' EXAMPLES = r''' -- name: Load balance a UDP-based application with a FastL4 profile +- name: BIG-IQ CM a UDP-based application with a FastL4 profile bigiq_application_fastl4_udp: name: my-app description: My description @@ -130,7 +130,7 @@ EXAMPLES = r''' port: 53 provider: password: secret - server: lb.mydomain.com + server: cm.mydomain.com user: admin state: present delegate_to: localhost @@ -658,7 +658,7 @@ class ArgumentSpec(object): elements='dict', options=dict( address=dict(required=True), - port=dict(default=8000) + port=dict(type='int', default=8000) ) ), inbound_virtual=dict( @@ -666,7 +666,7 @@ class ArgumentSpec(object): options=dict( address=dict(required=True), netmask=dict(required=True), - port=dict(default=53) + port=dict(type='int', default=53) ) ), service_environment=dict(), diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_http.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_http.py index 90b5ed1f8..104acd5a5 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_http.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_http.py @@ -44,7 +44,7 @@ options: - The port of the server. - When creating a new application and specifying a server, if this parameter is not provided, the default is C(80). - type: str + type: int default: 80 inbound_virtual: description: @@ -69,7 +69,7 @@ options: - The port on which the virtual listens for connections. - When creating a new application, if this parameter is not specified, the default value is C(80). - type: str + type: int default: 80 type: dict service_environment: @@ -113,7 +113,7 @@ author: ''' EXAMPLES = r''' -- name: Load balance an HTTP application on port 80 on BIG-IP +- name: BIG-IQ CM an HTTP application on port 80 on BIG-IP bigiq_application_http: name: my-app description: Redirect HTTP to HTTPS @@ -130,7 +130,7 @@ EXAMPLES = r''' port: 443 provider: password: secret - server: lb.mydomain.com + server: cm.mydomain.com user: admin state: present delegate_to: localhost @@ -711,7 +711,7 @@ class ArgumentSpec(object): elements='dict', options=dict( address=dict(required=True), - port=dict(default=80) + port=dict(type='int', default=80) ) ), inbound_virtual=dict( @@ -719,7 +719,7 @@ class ArgumentSpec(object): options=dict( address=dict(required=True), netmask=dict(required=True), - port=dict(default=80) + port=dict(type='int', default=80) ) ), service_environment=dict(), diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_https_offload.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_https_offload.py index 4657607c3..1f2503745 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_https_offload.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_https_offload.py @@ -42,7 +42,7 @@ options: port: description: - The port of the server. - type: str + type: int default: 80 inbound_virtual: description: @@ -70,7 +70,7 @@ options: - The port on which the virtual listens for connections. - When creating a new application, if this parameter is not specified, the default value is C(443). - type: str + type: int default: 443 redirect_virtual: description: @@ -100,7 +100,7 @@ options: - The port on which the virtual listens for connections. - When creating a new application, if this parameter is not specified, the default value is C(80). - type: str + type: int default: 80 client_ssl_profile: description: @@ -184,7 +184,7 @@ author: ''' EXAMPLES = r''' -- name: Load balance an HTTPS application on port 443 with SSL offloading on BIG-IP +- name: BIG-IQ CM an HTTPS application on port 443 with SSL offloading on BIG-IP bigiq_application_https_offload: name: my-app description: Redirect HTTP to HTTPS @@ -204,7 +204,7 @@ EXAMPLES = r''' port: 80 provider: password: secret - server: lb.mydomain.com + server: cm.mydomain.com user: admin state: present delegate_to: localhost @@ -948,7 +948,7 @@ class ArgumentSpec(object): elements='dict', options=dict( address=dict(required=True), - port=dict(default=80) + port=dict(type='int', default=80) ) ), inbound_virtual=dict( @@ -956,7 +956,7 @@ class ArgumentSpec(object): options=dict( address=dict(required=True), netmask=dict(required=True), - port=dict(default=443) + port=dict(type='int', default=443) ) ), redirect_virtual=dict( @@ -964,7 +964,7 @@ class ArgumentSpec(object): options=dict( address=dict(required=True), netmask=dict(required=True), - port=dict(default=80) + port=dict(type='int', default=80) ) ), service_environment=dict(), @@ -978,11 +978,12 @@ class ArgumentSpec(object): name=dict(default='clientssl'), cert_key_chain=dict( type='raw', + no_log=True, options=dict( cert=dict(), - key=dict(), + key=dict(no_log=True), chain=dict(), - passphrase=dict() + passphrase=dict(no_log=True) ) ) ) diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_https_waf.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_https_waf.py index 2524b0a29..8ca90f0ea 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_https_waf.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_application_https_waf.py @@ -42,7 +42,7 @@ options: port: description: - The port of the server. - type: str + type: int default: 80 inbound_virtual: description: @@ -70,7 +70,7 @@ options: - The port on which the virtual listens for connections. - When creating a new application, if this parameter is not specified, the default value is C(443). - type: str + type: int default: 443 redirect_virtual: description: @@ -100,7 +100,7 @@ options: - The port on which the virtual listens for connections. - When creating a new application, if this parameter is not specified, the default value of C(80) will be used. - type: str + type: int default: 80 client_ssl_profile: description: @@ -191,7 +191,7 @@ author: ''' EXAMPLES = r''' -- name: Load balance an HTTPS application on port 443 with a WAF using ASM +- name: BIG-IQ CM an HTTPS application on port 443 with a WAF using ASM bigiq_application_https_waf: name: my-app description: Redirect HTTP to HTTPS via WAF @@ -211,7 +211,7 @@ EXAMPLES = r''' port: 80 provider: password: secret - server: lb.mydomain.com + server: cm.mydomain.com user: admin state: present delegate_to: localhost @@ -973,7 +973,7 @@ class ArgumentSpec(object): elements='dict', options=dict( address=dict(required=True), - port=dict(default=80) + port=dict(type='int', default=80) ) ), inbound_virtual=dict( @@ -981,7 +981,7 @@ class ArgumentSpec(object): options=dict( address=dict(required=True), netmask=dict(required=True), - port=dict(default=443) + port=dict(type='int', default=443) ) ), redirect_virtual=dict( @@ -989,7 +989,7 @@ class ArgumentSpec(object): options=dict( address=dict(required=True), netmask=dict(required=True), - port=dict(default=80) + port=dict(type='int', default=80) ) ), service_environment=dict(), @@ -1003,11 +1003,12 @@ class ArgumentSpec(object): name=dict(default='clientssl'), cert_key_chain=dict( type='raw', + no_log=True, options=dict( cert=dict(), - key=dict(), + key=dict(no_log=True), chain=dict(), - passphrase=dict() + passphrase=dict(no_log=True) ) ) ) diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_device_discovery.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_device_discovery.py index 91b5dd6b1..7b559db52 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_device_discovery.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_device_discovery.py @@ -18,6 +18,7 @@ options: device_address: description: - The IP address of the BIG-IP device to be imported/managed. + - For this module, C(provider) block should point to C(BIG-IQ) credentials type: str required: True device_username: @@ -161,6 +162,7 @@ extends_documentation_fragment: f5networks.f5_modules.f5 notes: - BIG-IQ >= 6.1.0. - This module does not support atomic removal of discovered modules on the device. + - Provider should point to the BIG-IQ credentials author: - Wojciech Wypior (@wojtek0806) ''' @@ -177,7 +179,7 @@ EXAMPLES = r''' - shared_security provider: password: secret - server: lb.mydomain.com + server: cm.mydomain.com user: admin delegate_to: localhost @@ -190,7 +192,7 @@ EXAMPLES = r''' conflict_policy: use_bigip provider: password: secret - server: lb.mydomain.com + server: cm.mydomain.com user: admin delegate_to: localhost @@ -202,10 +204,10 @@ EXAMPLES = r''' - afm - dns - shared_security - force: yes + force: true provider: password: secret - server: lb.mydomain.com + server: cm.mydomain.com user: admin delegate_to: localhost @@ -215,7 +217,7 @@ EXAMPLES = r''' state: absent provider: password: secret - server: lb.mydomain.com + server: cm.mydomain.com user: admin delegate_to: localhost ''' diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_device_info.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_device_info.py index de593a6c4..a4f32a925 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_device_info.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_device_info.py @@ -65,7 +65,7 @@ EXAMPLES = r''' gather_subset: - all provider: - server: lb.mydomain.com + server: cm.mydomain.com user: admin password: secret delegate_to: localhost @@ -76,7 +76,7 @@ EXAMPLES = r''' - all - "!trunks" provider: - server: lb.mydomain.com + server: cm.mydomain.com user: admin password: secret delegate_to: localhost diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_regkey_license.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_regkey_license.py index 5475afa98..5b55dbdb5 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_regkey_license.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_regkey_license.py @@ -68,10 +68,10 @@ EXAMPLES = r''' bigiq_regkey_license: regkey_pool: foo-pool license_key: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX - accept_eula: yes + accept_eula: true provider: password: secret - server: lb.mydomain.com + server: cm.mydomain.com user: admin delegate_to: localhost @@ -82,10 +82,10 @@ EXAMPLES = r''' addon_keys: - YYYY-YYY-YYY - ZZZZ-ZZZ-ZZZ - accept_eula: yes + accept_eula: true provider: password: secret - server: lb.mydomain.com + server: cm.mydomain.com user: admin delegate_to: localhost @@ -96,7 +96,7 @@ EXAMPLES = r''' state: absent provider: password: secret - server: lb.mydomain.com + server: cm.mydomain.com user: admin delegate_to: localhost ''' @@ -461,7 +461,7 @@ class ArgumentSpec(object): def __init__(self): self.supports_check_mode = True argument_spec = dict( - regkey_pool=dict(required=True), + regkey_pool=dict(required=True, no_log=True), license_key=dict(required=True, no_log=True), addon_keys=dict(type='list', elements='str', no_log=True), description=dict(), diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_regkey_license_assignment.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_regkey_license_assignment.py index 9711eda8f..d10bf4404 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_regkey_license_assignment.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_regkey_license_assignment.py @@ -83,14 +83,14 @@ EXAMPLES = r''' pool: my-regkey-pool key: XXXX-XXXX-XXXX-XXXX-XXXX device: 1.1.1.1 - managed: no + managed: false device_username: admin device_password: secret state: present provider: user: admin password: secret - server: lb.mydomain.com + server: cm.mydomain.com delegate_to: localhost - name: Register a managed device, by name @@ -98,12 +98,12 @@ EXAMPLES = r''' pool: my-regkey-pool key: XXXX-XXXX-XXXX-XXXX-XXXX device: bigi1.foo.com - managed: yes + managed: true state: present provider: user: admin password: secret - server: lb.mydomain.com + server: cm.mydomain.com delegate_to: localhost - name: Register a managed device, by UUID @@ -111,12 +111,12 @@ EXAMPLES = r''' pool: my-regkey-pool key: XXXX-XXXX-XXXX-XXXX-XXXX device: 7141a063-7cf8-423f-9829-9d40599fa3e0 - managed: yes + managed: true state: present provider: user: admin password: secret - server: lb.mydomain.com + server: cm.mydomain.com delegate_to: localhost ''' diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_regkey_pool.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_regkey_pool.py index f1eb5578e..7ce51a45a 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_regkey_pool.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_regkey_pool.py @@ -56,7 +56,7 @@ EXAMPLES = r''' provider: user: admin password: secret - server: lb.mydomain.com + server: cm.mydomain.com delegate_to: localhost ''' diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_utility_license.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_utility_license.py index d72defb65..b522ff31e 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_utility_license.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_utility_license.py @@ -50,12 +50,12 @@ EXAMPLES = r''' - name: Add a utility license to the system bigiq_utility_license: license_key: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX - accept_eula: yes + accept_eula: true state: present provider: user: admin password: secret - server: lb.mydomain.com + server: cm.mydomain.com delegate_to: localhost - name: Remove a utility license from the system @@ -65,7 +65,7 @@ EXAMPLES = r''' provider: user: admin password: secret - server: lb.mydomain.com + server: cm.mydomain.com delegate_to: localhost ''' diff --git a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_utility_license_assignment.py b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_utility_license_assignment.py index 7be9af853..c9f98419c 100644 --- a/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_utility_license_assignment.py +++ b/ansible_collections/f5networks/f5_modules/plugins/modules/bigiq_utility_license_assignment.py @@ -96,13 +96,13 @@ EXAMPLES = r''' key: XXXX-XXXX-XXXX-XXXX-XXXX offering: F5-BIG-MSP-AFM-10G-LIC device: 1.1.1.1 - managed: no + managed: false device_username: admin device_password: secret state: present provider: password: secret - server: lb.mydomain.com + server: cm.mydomain.com user: admin delegate_to: localhost @@ -111,11 +111,11 @@ EXAMPLES = r''' key: XXXX-XXXX-XXXX-XXXX-XXXX offering: F5-BIG-MSP-AFM-10G-LIC device: bigi1.foo.com - managed: yes + managed: true state: present provider: password: secret - server: lb.mydomain.com + server: cm.mydomain.com user: admin delegate_to: localhost @@ -124,11 +124,11 @@ EXAMPLES = r''' key: XXXX-XXXX-XXXX-XXXX-XXXX offering: F5-BIG-MSP-AFM-10G-LIC device: 7141a063-7cf8-423f-9829-9d40599fa3e0 - managed: yes + managed: true state: present provider: password: secret - server: lb.mydomain.com + server: cm.mydomain.com user: admin delegate_to: localhost ''' |