Persist SSL configuration for appgateway (#746)

* ensure ssl config is utilized * update appgw_info for ssl policy and add tests * perform cleanup for appgw tests * add doc for new info return values * update appgw to support ssl_policy config changes * handle appgw ssl idempotency and correct tests * correct version added for new appgw info return val * correct sanity error for module documentation Co-authored-by: Ross Bender <rbender@rbfcu.org>
ansible-collections · Apr 15, 2022 · 3342043 · 3342043
1 parent 7f8e745
commit 3342043
Show file tree

Hide file tree

Showing 3 changed files with 251 additions and 41 deletions.
diff --git a/plugins/modules/azure_rm_appgateway.py b/plugins/modules/azure_rm_appgateway.py
@@ -61,6 +61,8 @@
             disabled_ssl_protocols:
                 description:
                     - List of SSL protocols to be disabled on application gateway.
+                type: list
+                elements: str
                 choices:
                     - 'tls_v1_0'
                     - 'tls_v1_1'
@@ -81,6 +83,8 @@
             cipher_suites:
                 description:
                     - List of SSL cipher suites to be enabled in the specified order to application gateway.
+                type: list
+                elements: str
                 choices:
                     - tls_ecdhe_rsa_with_aes_256_gcm_sha384
                     - tls_ecdhe_rsa_with_aes_128_gcm_sha256
@@ -112,7 +116,7 @@
                     - tls_dhe_dss_with_3des_ede_cbc_sha
             min_protocol_version:
                 description:
-                    - Minimum version of Ssl protocol to be supported on application gateway.
+                    - Minimum version of SSL protocol to be supported on application gateway.
                 choices:
                     - 'tls_v1_0'
                     - 'tls_v1_1'
@@ -1038,6 +1042,11 @@ def exec_module(self, **kwargs):
                         if suites is not None:
                             for i in range(len(suites)):
                                 suites[i] = suites[i].upper()
+                    for prop_name in ['policy_name', 'min_protocol_version', 'disabled_ssl_protocols', 'cipher_suites']:
+                        if prop_name in ev and ev[prop_name] is None:
+                            # delete unspecified properties for clean comparison
+                            del ev[prop_name]
+                    self.parameters["ssl_policy"] = ev
                 elif key == "gateway_ip_configurations":
                     ev = kwargs[key]
                     for i in range(len(ev)):
@@ -1317,6 +1326,7 @@ def exec_module(self, **kwargs):
                     self.parameters['sku']['tier'] != old_response['sku']['tier'] or
                     self.parameters['sku']['capacity'] != old_response['sku']['capacity'] or
                     not compare_arrays(old_response, self.parameters, 'authentication_certificates') or
+                    not compare_arrays(old_response, self.parameters, 'ssl_policy') or
                     not compare_arrays(old_response, self.parameters, 'gateway_ip_configurations') or
                     not compare_arrays(old_response, self.parameters, 'redirect_configurations') or
                     not compare_arrays(old_response, self.parameters, 'frontend_ip_configurations') or

diff --git a/plugins/modules/azure_rm_appgateway_info.py b/plugins/modules/azure_rm_appgateway_info.py
@@ -89,9 +89,29 @@
             returned: always
             type: str
             sample: Succeeded
+        ssl_policy:
+            description:
+                - SSL policy of the application gateway.
+            returned: always
+            type: complex
+            version_added: "1.11.0"
+            contains:
+                policy_type:
+                    description:
+                        - The type of SSL policy.
+                    returned: always
+                    type: str
+                    sample: predefined
+                policy_name:
+                    description:
+                        - The name of the SSL policy.
+                    returned: always
+                    type: str
+                    sample: ssl_policy20170401_s
 '''
 
 from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common import AzureRMModuleBase
+from ansible.module_utils.common.dict_transformations import _camel_to_snake
 
 try:
     from azure.core.exceptions import ResourceNotFoundError
@@ -188,9 +208,22 @@ def format_response(self, appgw):
             "location": d.get("location"),
             "operational_state": d.get("operational_state"),
             "provisioning_state": d.get("provisioning_state"),
+            "ssl_policy": None if d.get("ssl_policy") is None else {
+                "policy_type": _camel_to_snake(d.get("ssl_policy").get("policy_type", None)),
+                "policy_name": self.ssl_policy_name(d.get("ssl_policy").get("policy_name", None)),
+            },
         }
         return d
 
+    def ssl_policy_name(self, policy_name):
+        if policy_name == "AppGwSslPolicy20150501":
+            return "ssl_policy20150501"
+        elif policy_name == "AppGwSslPolicy20170401":
+            return "ssl_policy20170401"
+        elif policy_name == "AppGwSslPolicy20170401S":
+            return "ssl_policy20170401_s"
+        return None
+
 
 def main():
     AzureRMApplicationGatewayInfo()