Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Creates base Sophos XG module #53210

Open
wants to merge 6 commits into
base: devel
from

Conversation

Projects
None yet
3 participants
@rdelcampog
Copy link

rdelcampog commented Mar 2, 2019

SUMMARY

Implementation of SFOSModule Base Class that can easily be used to implement other endpoints to control Sophos XG NGFWs. Taking as base the @MatrixCrawler Sophos UTM module. Sophos XG API is based on XML request so XMLTODICT and a lot of checks and response checks have to be made.

I will try to add a module for each API endpoint described in Sophos XG API Docs (can be downloaded from this KB). A fully functional Sophos XG virtual appliance can be downloaded for free in order to test this module.

ISSUE TYPE
  • New Module Pull Request
COMPONENT NAME
  • sfos_iphost
ADDITIONAL INFORMATION

Fully tested against SFOS v17.5.1.

ANSIBLE VERSION
ansible 2.7.6
  config file = None
  executable location = /usr/local/bin/ansible
  python version = 3.7.2 (default, Feb 12 2019, 08:15:36) [Clang 10.0.0 (clang-1000.11.45.5)]

@rdelcampog rdelcampog changed the title Sfos iphost Creates base Sophos XG module Mar 2, 2019

@ansibot

This comment has been minimized.

Copy link
Contributor

ansibot commented Mar 2, 2019

@rdelcampog, just so you are aware we have a dedicated Working Group for network.
You can find other people interested in this in #ansible-network on Freenode IRC
For more information about communities, meetings and agendas see https://github.com/ansible/community

click here for bot help

@ansibot

This comment has been minimized.

Copy link
Contributor

ansibot commented Mar 2, 2019

The test ansible-test sanity --test pylint [explain] failed with 1 error:

lib/ansible/module_utils/sfos_utils.py:42:0: ansible-bad-module-import Import external package or ansible.module_utils not ansible.errors

The test ansible-test sanity --test pylint [explain] failed with 1 error:

lib/ansible/plugins/doc_fragments/sfos.py:57:0: mixed-line-endings Mixed line endings LF and CRLF

The test ansible-test sanity --test ansible-doc --python 2.7 [explain] failed with 1 error:

lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: missing documentation (or could not parse documentation): expected string or buffer

The test ansible-test sanity --test ansible-doc --python 2.6 [explain] failed with 1 error:

lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: missing documentation (or could not parse documentation): expected string or buffer

The test ansible-test sanity --test ansible-doc --python 3.5 [explain] failed with 1 error:

lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: missing documentation (or could not parse documentation): expected string or bytes-like object

The test ansible-test sanity --test ansible-doc --python 3.6 [explain] failed with 1 error:

lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: missing documentation (or could not parse documentation): expected string or bytes-like object

The test ansible-test sanity --test ansible-doc --python 3.7 [explain] failed with 1 error:

lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: missing documentation (or could not parse documentation): expected string or bytes-like object

The test ansible-test sanity --test ansible-doc --python 3.8 [explain] failed with 1 error:

lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: missing documentation (or could not parse documentation): expected string or bytes-like object

The test ansible-test sanity --test compile --python 2.6 [explain] failed with 1 error:

lib/ansible/module_utils/sfos_utils.py:310:34: SyntaxError: result = {k.lower(): v for k, v in result.items()}

The test ansible-test sanity --test import --python 2.6 [explain] failed with 2 errors:

lib/ansible/module_utils/sfos_utils.py:310:34: SyntaxError: invalid syntax
lib/ansible/modules/network/sfos/sfos_iphost.py:146:0: SyntaxError: invalid syntax (sfos_utils.py, line 310)

The test ansible-test sanity --test import --python 2.7 [explain] failed with 3 errors:

lib/ansible/module_utils/sfos_utils.py:37:0: ImportError: No module named six.moves.urllib.parse
lib/ansible/modules/network/sfos/sfos_iphost.py:146:0: ImportError: No module named six.moves.urllib.parse
test/runner/.tox/import/lib/ansible/module_utils/sfos_utils.py:37:0: ImportError: No module named six.moves.urllib.parse

The test ansible-test sanity --test import --python 3.5 [explain] failed with 3 errors:

lib/ansible/module_utils/sfos_utils.py:37:0: ImportError: No module named 'six'
lib/ansible/modules/network/sfos/sfos_iphost.py:146:0: ImportError: No module named 'six'
test/runner/.tox/import/lib/ansible/module_utils/sfos_utils.py:37:0: ImportError: No module named 'six'

The test ansible-test sanity --test import --python 3.6 [explain] failed with 3 errors:

lib/ansible/module_utils/sfos_utils.py:37:0: ModuleNotFoundError: No module named 'six'
lib/ansible/modules/network/sfos/sfos_iphost.py:146:0: ModuleNotFoundError: No module named 'six'
test/runner/.tox/import/lib/ansible/module_utils/sfos_utils.py:37:0: ModuleNotFoundError: No module named 'six'

The test ansible-test sanity --test import --python 3.8 [explain] failed with 4 errors:

lib/ansible/module_utils/sfos_utils.py:37:0: ModuleNotFoundError: No module named 'six'
lib/ansible/module_utils/sfos_utils.py:174:0: SyntaxWarning: "is" with a literal. Did you mean "=="?
lib/ansible/modules/network/sfos/sfos_iphost.py:146:0: ModuleNotFoundError: No module named 'six'
test/runner/.tox/import/lib/ansible/module_utils/sfos_utils.py:37:0: ModuleNotFoundError: No module named 'six'

The test ansible-test sanity --test import --python 3.7 [explain] failed with 3 errors:

lib/ansible/module_utils/sfos_utils.py:37:0: ModuleNotFoundError: No module named 'six'
lib/ansible/modules/network/sfos/sfos_iphost.py:146:0: ModuleNotFoundError: No module named 'six'
test/runner/.tox/import/lib/ansible/module_utils/sfos_utils.py:37:0: ModuleNotFoundError: No module named 'six'

The test ansible-test sanity --test no-underscore-variable [explain] failed with 3 errors:

lib/ansible/module_utils/sfos_utils.py:231:23: use `dummy` instead of `_` for a variable name
lib/ansible/module_utils/sfos_utils.py:244:17: use `dummy` instead of `_` for a variable name
lib/ansible/module_utils/sfos_utils.py:249:23: use `dummy` instead of `_` for a variable name

The test ansible-test sanity --test pep8 [explain] failed with 3 errors:

lib/ansible/plugins/doc_fragments/sfos.py:7:1: E302 expected 2 blank lines, found 1
lib/ansible/plugins/doc_fragments/sfos.py:34:161: E501 line too long (177 > 160 characters)
lib/ansible/plugins/doc_fragments/sfos.py:57:4: W292 no newline at end of file

The test ansible-test sanity --test shebang [explain] failed with 4 errors:

lib/ansible/module_utils/sfos_utils.py:0:0: should not have a shebang
lib/ansible/modules/network/sfos/__init__.py:0:0: file without shebang should not be executable
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: module should not be executable
lib/ansible/plugins/doc_fragments/sfos.py:0:0: should not have a shebang

The test ansible-test sanity --test use-compat-six [explain] failed with 1 error:

lib/ansible/module_utils/sfos_utils.py:37:1: use `ansible.module_utils.six` instead of `six`

The test ansible-test sanity --test validate-modules [explain] failed with 20 errors:

lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E305 DOCUMENTATION.options.endipaddress.type: not a valid value for dictionary value @ data['options']['endipaddress']['type']. Got 'string'
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E305 DOCUMENTATION.options.hosttype.description.0: expected str @ data['options']['hosttype']['description'][0]. Got {'Select the type of Host': "IP, Network, IP Range or IP List. Required if state is 'present'."}
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E305 DOCUMENTATION.options.hosttype.type: not a valid value for dictionary value @ data['options']['hosttype']['type']. Got 'string'
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E305 DOCUMENTATION.options.ipaddress.type: not a valid value for dictionary value @ data['options']['ipaddress']['type']. Got 'string'
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E305 DOCUMENTATION.options.ipfamily.description.0: expected str @ data['options']['ipfamily']['description'][0]. Got {'IP Family to which the IP Host belongs': 'IPv4 or IPv6.'}
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E305 DOCUMENTATION.options.ipfamily.type: not a valid value for dictionary value @ data['options']['ipfamily']['type']. Got 'string'
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E305 DOCUMENTATION.options.name.type: not a valid value for dictionary value @ data['options']['name']['type']. Got 'string'
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E305 DOCUMENTATION.options.startipaddress.type: not a valid value for dictionary value @ data['options']['startipaddress']['type']. Got 'string'
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E305 DOCUMENTATION.options.subnet.type: not a valid value for dictionary value @ data['options']['subnet']['type']. Got 'string'
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E325 Argument 'endipaddress' in argument_spec defines type as 'str' but documentation defines type as 'string'
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E325 Argument 'hosttype' in argument_spec defines type as 'str' but documentation defines type as 'string'
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E325 Argument 'ipaddress' in argument_spec defines type as 'str' but documentation defines type as 'string'
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E325 Argument 'ipfamily' in argument_spec defines type as 'str' but documentation defines type as 'string'
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E325 Argument 'name' in argument_spec defines type as 'str' but documentation defines type as 'string'
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E325 Argument 'startipaddress' in argument_spec defines type as 'str' but documentation defines type as 'string'
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E325 Argument 'subnet' in argument_spec defines type as 'str' but documentation defines type as 'string'
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E326 Argument 'ipfamily' in argument_spec defines choices as (['IPv4', 'IPv6']) but documentation defines choices as ([])
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E326 Argument 'sfos_password' in argument_spec defines choices as ([]) but documentation defines choices as (['http', 'https'])
lib/ansible/modules/network/sfos/sfos_iphost.py:0:0: E326 Argument 'sfos_username' in argument_spec defines choices as ([]) but documentation defines choices as (['http', 'https'])
lib/ansible/modules/network/sfos/sfos_iphost.py:121:58: E313 RETURN is not valid YAML

The test ansible-test sanity --test yamllint [explain] failed with 1 error:

lib/ansible/modules/network/sfos/sfos_iphost.py:121:58: error RETURN: syntax error: mapping values are not allowed here

click here for bot help

@ansibot ansibot added needs_revision and removed core_review labels Mar 2, 2019

@ansibot ansibot added core_review and removed needs_revision labels Mar 2, 2019

@Qalthos

This comment has been minimized.

Copy link
Contributor

Qalthos commented Mar 20, 2019

This should be using an httpapi plugin rather than manually calling fetch_url. See https://github.com/ansible/ansible/tree/devel/lib/ansible/plugins/httpapi for examples

@rdelcampog

This comment has been minimized.

Copy link
Author

rdelcampog commented Mar 20, 2019

This should be using an httpapi plugin rather than manually calling fetch_url. See https://github.com/ansible/ansible/tree/devel/lib/ansible/plugins/httpapi for examples

Hi @Qalthos, SophosXG API has a very strange implementation. For example, the API always returns a 200 OK HTTP code, even if the request fails for bad credentials or bad endpoint.

I can't look into HTTPAPI right now, but I'll take a look later and see if it's possible to use this plugin.

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.