Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add f5_passwordpolicy type/provider #14

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add f5_passwordpolicy type/provider #14

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 58 additions & 0 deletions lib/puppet/provider/f5_passwordpolicy/rest.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
require File.join(File.dirname(__FILE__), '../f5')
require 'json'

Puppet::Type.type(:f5_passwordpolicy).provide(:rest, parent: Puppet::Provider::F5) do
mk_resource_methods

def self.instances
instances = []
instances << new(password_policy_properties)
instances
end

def self.prefetch(resources)
raise 'More than 1 f5_passwordpolicy resource in catalog' unless resources.size == 1
resource = resources.values[0]
resource.provider = instances.first
end

def self.password_policy_properties
properties = {}
policy = Puppet::Provider::F5.call('/mgmt/tm/auth/password-policy')

properties[:name] = '/Common/password-policy'
%w[expirationWarning maxDuration maxLoginFailures minDuration minimumLength passwordMemory policyEnforcement requiredLowercase requiredNumeric requiredSpecial requiredUppercase].each do |property|
properties[property.gsub(/([a-z\d])([A-Z])/, '\1_\2').downcase.to_sym] = policy[property]
end
properties[:provider] = :rest
properties
end

def strip_puppet_keys(hash)
# Remove puppet keys from resource hash.
hash.reject do |k, _|
[:ensure, :name, :provider, Puppet::Type.metaparams].flatten.include?(k)
end
end

# Expects a puppet resource property_hash and returns a payload suitable for posting to the F5 API.
def message(resource)
message = strip_nil_values(resource)
message = convert_underscores(message)
message = strip_puppet_keys(message)
message = string_to_integer(message)
message.to_json
end

def flush
begin
Puppet::Provider::F5.put('/mgmt/tm/auth/password-policy/',
message(@property_hash))
rescue StandardError => e
# Something went wrong.
@property_hash = self.class.password_policy_properties
raise e
end
@property_hash = self.class.password_policy_properties
end
end
73 changes: 73 additions & 0 deletions lib/puppet/type/f5_passwordpolicy.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
Puppet::Type.newtype(:f5_passwordpolicy) do
@doc = 'Sets the password policy on the BIG-IP system.'

apply_to_device if Facter.value(:url).nil?
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The if Facter.value(:url).nil? makes it possible to use puppet resource or puppet apply to set properties. This is really helpful during testing! :)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 @alexjfisher


newparam(:name, namevar: true) do
end

newproperty(:expiration_warning) do
newvalues(/^\d+$/)
munge { |value| Integer(value) }
end

newproperty(:max_duration) do
newvalues(/^\d+$/)
munge { |value| Integer(value) }
end

newproperty(:max_login_failures) do
newvalues(/^\d+$/)
munge { |value| Integer(value) }
end

newproperty(:min_duration) do
newvalues(/^\d+$/)
munge { |value| Integer(value) }
end

newproperty(:minimum_length) do
newvalues(/^\d+$/)
munge { |value| Integer(value) }
end

newproperty(:password_memory) do
newvalues(/^\d+$/)
munge { |value| Integer(value) }
end

newproperty(:policy_enforcement) do
munge do |value|
value = value.downcase if value.respond_to? :downcase

case value
when true, 'true', 'enabled'
'enabled'
when false, 'false', 'disabled'
'disabled'
else
raise ArgumentError, 'expected a boolean value, \'enabled\' or \'disabled\''
end
end
end

newproperty(:required_lowercase) do
newvalues(/^\d+$/)
munge { |value| Integer(value) }
end

newproperty(:required_numeric) do
newvalues(/^\d+$/)
munge { |value| Integer(value) }
end

newproperty(:required_special) do
newvalues(/^\d+$/)
munge { |value| Integer(value) }
end

newproperty(:required_uppercase) do
newvalues(/^\d+$/)
munge { |value| Integer(value) }
end
end
24 changes: 24 additions & 0 deletions spec/acceptance/f5_passwordpolicy/rest_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
require 'spec_helper_acceptance'

describe 'f5_passwordpolicy' do
it 'sets password policy' do
pp = <<-MANIFEST
f5_passwordpolicy { '/Common/password-policy':
expiration_warning => 10,
max_duration => 99998,
max_login_failures => 0,
min_duration => 0,
minimum_length => 10,
password_memory => 0,
policy_enforcement => true,
required_lowercase => 2,
required_numeric => 1,
required_special => 1,
required_uppercase => 1,
}
MANIFEST
make_site_pp(pp)
run_device(allow_changes: true)
run_device(allow_changes: false)
end
end