bigip_sslo_config_ssl - defaults not being applied

[cwise24]

COMPONENT NAME

bigip_sslo_config_ssl

Environment

ANSIBLE VERSION

ansible [core 2.15.2]
  config file = /home/cwise/Project/sslo_ansible/ansible.cfg
  configured module search path = ['/home/cwise/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/cwise/.local/lib/python3.10/site-packages/ansible
  ansible collection location = /home/cwise/Project/sslo_ansible/collections
  executable location = /home/cwise/.local/bin/ansible
  python version = 3.10.12 (main, Jun 11 2023, 05:26:28) [GCC 11.4.0] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

BIGIP VERSION

SSLO- 7.6.17
[admin@ip-10-255-20-9:Active:Standalone] ~ # tmsh show sys version
Sys::Version
Main Package
  Product     BIG-IP
  Version     15.1.8.2
  Build       0.0.17
  Edition     Point Release 2
  Date        Thu Mar 16 03:44:11 PDT 2023

CONFIGURATION

tasks:

    - name: Create demo SSLO SSL setting
      tags: step1
      bigip_sslo_config_ssl:
        name: "{{ sslo_ssl }}"
        bypass_handshake_failure: yes
        client_settings:
          proxy_type: reverse
          cert: "/Common/{{ ssl_name }}"
          key: "/Common/{{ ssl_key }}"

OS / ENVIRONMENT

WSL Ubuntu 22.04

SUMMARY

BIG IP SSLO config has wrong defaults:

• Expire Certificate Response | drop
• Untrusted Certificate Authority | drop

When sending proxy_type: reverse should result in ignore value. In verbose output it shows correct:

changed: [sslo-2] => {
    "bypass_handshake_failure": true,
    "changed": true,
    "client_settings": {
        "cert": "/Common/default.crt",
        "key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
        "proxy_type": "reverse"
    },
    "invocation": {
        "module_args": {
            "bypass_client_cert_failure": null,
            "bypass_handshake_failure": true,
            "client_settings": {
                "alpn": null,
                "ca_cert": null,
                "ca_chain": null,
                "ca_key": null,
                "cert": "/Common/default.crt",
                "chain": null,
                "cipher_group": null,
                "cipher_string": null,
                "cipher_type": null,
                "client_ssl_options": null,
                "key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "log_publisher": null,
                "proxy_type": "reverse"
            },
            "dump_json": false,
            "name": "demo2_ssl",
            "server_settings": null,
            "sni": null,
            "state": "present",
            "timeout": 300
        }
    },
    "server_settings": {
        "block_expired": "ignore",
        "block_untrusted": "ignore"
    }
}

STEPS TO REPRODUCE

tasks:

    - name: Create demo SSLO SSL setting
      tags: step1
      bigip_sslo_config_ssl:
        name: "{{ sslo_ssl }}"
        bypass_handshake_failure: yes
        client_settings:
          proxy_type: reverse
          cert: "/Common/{{ ssl_name }}"
          key: "/Common/{{ ssl_key }}"

EXPECTED RESULTS

• Expire Certificate Response | ignore
• Untrusted Certificate Authority | ignore

ACTUAL RESULTS

• Expire Certificate Response | drop
• Untrusted Certificate Authority | drop

[pgouband]

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1373.