From d4eb5bba3414803ee329d109baf90d19942381d7 Mon Sep 17 00:00:00 2001 From: Ross Bender Date: Mon, 9 Aug 2021 22:33:33 -0500 Subject: [PATCH] Allow application gateway probe to use host header from HTTP settings (#450) * allow probe to use host header from http settings * correct documentation verbiage * add test coverage * correct probe idempotency, add test coverage * corrrect usage of using backend hostname in probe * Add default value for pick_host_name_from_backend_http_settings * correct assert verbiage Co-authored-by: Fred-sun <37327967+Fred-sun@users.noreply.github.com> Co-authored-by: Fred-sun Co-authored-by: xuzhang3 <57888764+xuzhang3@users.noreply.github.com> --- plugins/modules/azure_rm_appgateway.py | 12 +- .../azure_rm_appgateway/tasks/main.yml | 174 +++++++++++++++++- 2 files changed, 183 insertions(+), 3 deletions(-) diff --git a/plugins/modules/azure_rm_appgateway.py b/plugins/modules/azure_rm_appgateway.py index 991503817..e1b8b4a36 100644 --- a/plugins/modules/azure_rm_appgateway.py +++ b/plugins/modules/azure_rm_appgateway.py @@ -281,6 +281,11 @@ - The I(probe) retry count. - Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold. - Acceptable values are from 1 second to 20. + pick_host_name_from_backend_http_settings: + description: + - Whether host header should be picked from the host name of the backend HTTP settings. Default value is false. + type: bool + default: False backend_http_settings_collection: description: - Backend http settings of the application gateway resource. @@ -321,7 +326,7 @@ - Host header to be sent to the backend servers. pick_host_name_from_backend_address: description: - - Whether to pick host header should be picked from the host name of the backend server. Default value is false. + - Whether host header should be picked from the host name of the backend server. Default value is false. affinity_cookie_name: description: - Cookie name to use for the affinity cookie. @@ -613,7 +618,8 @@ class Actions: path=dict(type='str'), protocol=dict(type='str', choices=['http', 'https']), timeout=dict(type='int'), - unhealthy_threshold=dict(type='int') + unhealthy_threshold=dict(type='int'), + pick_host_name_from_backend_http_settings=dict(type='bool', default=False) ) @@ -836,6 +842,8 @@ def exec_module(self, **kwargs): item = ev[i] if 'protocol' in item: item['protocol'] = _snake_to_camel(item['protocol'], True) + if 'pick_host_name_from_backend_http_settings' in item and item['pick_host_name_from_backend_http_settings'] and 'host' in item: + del item['host'] self.parameters["probes"] = ev elif key == "backend_http_settings_collection": ev = kwargs[key] diff --git a/tests/integration/targets/azure_rm_appgateway/tasks/main.yml b/tests/integration/targets/azure_rm_appgateway/tasks/main.yml index c99e75f2f..0aa607052 100644 --- a/tests/integration/targets/azure_rm_appgateway/tasks/main.yml +++ b/tests/integration/targets/azure_rm_appgateway/tasks/main.yml @@ -286,6 +286,178 @@ that: - output.changed +- name: Create instance of Application Gateway with probe using hostname from backend http settings + azure_rm_appgateway: + resource_group: "{{ resource_group }}" + name: "appgateway-probe-{{ rpfx }}" + sku: + name: standard_small + tier: standard + capacity: 2 + ssl_policy: + policy_type: predefined + policy_name: ssl_policy20150501 + disabled_ssl_protocols: + - tls_v1_0 + cipher_suites: + - tls_ecdhe_ecdsa_with_aes_256_gcm_sha384 + authentication_certificates: + - name: cert1 + data: "{{ lookup('file', 'cert1.txt') }}" + ssl_certificates: + - name: cert2 + password: your-password + data: "{{ lookup('file', 'cert2.txt') }}" + gateway_ip_configurations: + - subnet: + id: "{{ subnet_output.state.id }}" + name: app_gateway_ip_config + frontend_ip_configurations: + - subnet: + id: "{{ subnet_output.state.id }}" + name: sample_gateway_frontend_ip_config + frontend_ports: + - port: 90 + name: ag_frontend_port + - port: 80 + name: http_frontend_port + backend_address_pools: + - backend_addresses: + - ip_address: 10.0.0.4 + name: test_backend_address_pool + probes: + - name: custom_probe + protocol: http + path: /healthz + interval: 30 + timeout: 30 + unhealthy_threshold: 3 + pick_host_name_from_backend_http_settings: true + backend_http_settings_collection: + - port: 80 + protocol: http + cookie_based_affinity: enabled + probe: custom_probe + name: sample_appgateway_http_settings + pick_host_name_from_backend_address: true + http_listeners: + - frontend_ip_configuration: sample_gateway_frontend_ip_config + frontend_port: ag_frontend_port + protocol: https + ssl_certificate: cert2 + name: sample_http_listener + - frontend_ip_configuration: sample_gateway_frontend_ip_config + frontend_port: http_frontend_port + protocol: http + name: http_listener + request_routing_rules: + - rule_type: Basic + backend_address_pool: test_backend_address_pool + backend_http_settings: sample_appgateway_http_settings + http_listener: sample_http_listener + name: rule1 + - rule_type: Basic + http_listener: http_listener + redirect_configuration: redirect_site_to_https + name: http_redirect_rule + redirect_configurations: + - redirect_type: permanent + target_listener: sample_http_listener + include_path: true + include_query_string: true + name: redirect_site_to_https + register: output +- name: Assert the resource instance is well created + assert: + that: + - output.changed + +- name: Test no update instance of Application Gateway with probe using hostname from backend http settings + azure_rm_appgateway: + resource_group: "{{ resource_group }}" + name: "appgateway-probe-{{ rpfx }}" + sku: + name: standard_small + tier: standard + capacity: 2 + ssl_policy: + policy_type: predefined + policy_name: ssl_policy20150501 + disabled_ssl_protocols: + - tls_v1_0 + cipher_suites: + - tls_ecdhe_ecdsa_with_aes_256_gcm_sha384 + authentication_certificates: + - name: cert1 + data: "{{ lookup('file', 'cert1.txt') }}" + ssl_certificates: + - name: cert2 + password: your-password + data: "{{ lookup('file', 'cert2.txt') }}" + gateway_ip_configurations: + - subnet: + id: "{{ subnet_output.state.id }}" + name: app_gateway_ip_config + frontend_ip_configurations: + - subnet: + id: "{{ subnet_output.state.id }}" + name: sample_gateway_frontend_ip_config + frontend_ports: + - port: 90 + name: ag_frontend_port + - port: 80 + name: http_frontend_port + backend_address_pools: + - backend_addresses: + - ip_address: 10.0.0.4 + name: test_backend_address_pool + probes: + - name: custom_probe + protocol: http + path: /healthz + interval: 30 + timeout: 30 + unhealthy_threshold: 3 + pick_host_name_from_backend_http_settings: true + backend_http_settings_collection: + - port: 80 + protocol: http + cookie_based_affinity: enabled + probe: custom_probe + name: sample_appgateway_http_settings + pick_host_name_from_backend_address: true + http_listeners: + - frontend_ip_configuration: sample_gateway_frontend_ip_config + frontend_port: ag_frontend_port + protocol: https + ssl_certificate: cert2 + name: sample_http_listener + - frontend_ip_configuration: sample_gateway_frontend_ip_config + frontend_port: http_frontend_port + protocol: http + name: http_listener + request_routing_rules: + - rule_type: Basic + backend_address_pool: test_backend_address_pool + backend_http_settings: sample_appgateway_http_settings + http_listener: sample_http_listener + name: rule1 + - rule_type: Basic + http_listener: http_listener + redirect_configuration: redirect_site_to_https + name: http_redirect_rule + redirect_configurations: + - redirect_type: permanent + target_listener: sample_http_listener + include_path: true + include_query_string: true + name: redirect_site_to_https + register: output +- name: Assert the resource instance is not changed + assert: + that: + - not output.changed + - name: Try to update instance of Application Gateway - no change azure_rm_appgateway: resource_group: "{{ resource_group }}" @@ -367,7 +539,7 @@ include_query_string: true name: redirect_site_to_https register: output -- name: Assert the resource instance is well created +- name: Assert the resource instance is not changed assert: that: - not output.changed