setup_requirements.txt and requirements.test.txt list redundant packages, and packages are not consistently organized.

The CI installing both (so they do not need to be redundant) and alphabetizing both will make maintenance simpler.

If you have a virtual server which then has its virtual address updated to a different one. Then the old virtual address will remain allocated to the virtual server even though it is no longer in use. Virtual addresses are only relinquished when a virtual server is deleted.

When creating a policy with rules the rule names show up under the policy but when clicking the rule name an error occurs Object not found - 0

This appears to be caused by creating the rule with the name formatted as /partition/name.
If the rule is created without the partition in the name the GUI works as expected.

"name": "/partition/0",
"name": "0",

The netaddr, simplejson, and jsonschema modules are not pinned to specific versions, which can cause problems for users when those versions are changed by the respective maintainers. This should be corrected for netaddr and simplejson as they have released versions, but not necessarily for jsonschema as it has no released versions and has not been updated for 5 years.

The Pool and PoolMember classes implement eq and according to the Python3 data model must also implement the hash if they are to be manipulated in a Set. They should add a call to the super hash.

_f5.py logs Pools to update, Healthchecks to update, Updating healthchecks, etc. whenever we check for updates, and not actually when we update.

These logs should only be printed if we are actually updating these resources.

In order to optimize CCCL so that a user does not create a bigip management root instance for each partition on the managed device. CCCL should be initialized with an already instantiated BIG-IP management root.

Moving forward, we need to import these two modules from f5-cccl via something like:
import f5_cccl._f5
and
import f5_cccl.common

This will consolidate the import to this module over other sources for these files.

Present implementation validates the schema AND the config at each validate() call.

The schema should be validated at initialization, and then the config validated against the schema at each validate() call.

Problem is that some of the mock classes had unused arguments cleaned up, but were needed to implement the caller expected signature of the callee.

We run flake8 on the code, but we should be more strict in checking. Add pylint checks and PEP 257.

This ticket is to address the enhancement of being capable of creating both .rpm and .deb packages containing the repo's contents.

CCCL Error: Service congifuration provided does not match schema

"Configuration" is spelled incorrectly.

iApps using appsvcs-integration templates are redeployed by the controller because of F5Networks/f5-application-services-integration-iApp #43.

Git template currently suggests the summary for a commit should be "issues", meaning commit log summaries are not descriptive.

Per @mattgreene comments in slack, README.md needs to be updated:

"please copy the bones of README.rst from f5-common-python, specifically the Contributing, Copyright and License sections. We can add additional sections as makes sense, but we should put the correct ‘legal’ pieces in place fro the beginning."

In the
./f5-cccl/f5_cccl/resource/ltm/*monitor.py
Set of files, there is a variable that should be protected called *Monitor.monitor_schema_kvps. So in the...

• ./http_monitor.py it is the HTTPMonitor.monitor_schema_kvps
• ./https_monitor.py it is the HTTPSMonitor.monitor_schema_kvps
• ./icmp_monitor.py it is the ICMPMonitor.monitor_schema_kvps
• ./tcp_monitor.py it is the TCPMonitor.monitor_schema_kvps

These objects are namedtuple's that should be only changeable by this object, but share across all instantiated instances. In the way that I originally authored these files, it is modified in the "BEGIN" statement in the bottom of each file within the if/then block for whether or not the executor instance is __main__ (negative) or not (positive).

This was originally meant to be a level of future-proofing allowing for the later functionality of implementing a dynamic schema based upon the original inputs that might include different schemas.

This is a low-priority bug or enhancement that would add a level of protection.

We need to add netaddr with is imported by pool_member.

http virtual servers automatically have both tcp and http profiles attached to them by the BIG-IP. This was causing http virtual servers to have update called every verify interval even though nothing had actually changed. This was due to the comparison logic in virtual_update.

Currently cccl does not check for duplicate pool members. It would be nice if it did as a duplicate member causes the BIG-IP system to error.

We need the ability to create L7 routing policies on the BIG-IP. _f5.py should accept a config containing all required policy fields and create the defined policies on the BIG-IP.

Adding the implementation of L7 policies for CCCL. This will support pool forwarding, reject, and url redirect actions.

We need to manage virtual addresses which requires the creation of the type.

Any Virtual Address that was created as a result of being defined as the destination of a virtual server (i.e. auto-created) can be disabled on the BigIP. A subsequent invocation of apply_config will not reenable this virtual address because it does not exist in the configuration.

Add logic to detect when an auto-created virtual address gets disabled and reenable it.

This ticket is to address the commit enhancement to implement continuous integration via Travis. This is to address the need to have continuous tests run against any new commit or pull request.

When server SSL profiles are created by CCCL only the name can be set. Since the default options for server SSL profiles are such that server certificates are not validated, there needs to be a way to set the "Server Certificate" option to "require" and the "Chain" field to a pre-installed CA bundle.

Travis builds are failing b/c of a error returning from the before_install section. The command git fetch --100 is causing problems. I am not sure why this is actually included, but I am not sure what the fix is. This does not seem to be a transient issue -- successive builds do not make the problem go away.

As a CCCL User, I can determine how functionality is provided via Python without having to investigate the code.

Define the entire set of APIs and parameters
Provide user-facing documentation

The code written for exceptions does not have unit tests and it should. Add these to conform with policy.

The Pool sub-class should handle everything the BIG-IP® Pool should orchestrate via the F5-SDK. This object should have the following methods:
init(partition=None, name=None, loadBalancingMode=None, monitor=None, members=None, bigip=None) - initializes a new Pool object
create() - Creates the Pool object on the BIG-IP®
delete() - Deletes the Pool object on the BIG-IP®
read() - Reads the Pool (or subsequent child) object on the BIG-IP®
update() - Updates any new changes to the Pool on the BIG-IP®
eq() - Verifies that Pool() == Pool() across multiple instances or Pool() == dict(BIG-IP® Pool)
equals() - performs the action of eq
update_member(member=None) - Updates a single member on the BIG-IP® Pool
read_member(member=None) - Reads a single member on the BIG-IP® Pool
list_members() - Returns a list of currently-present Pool().members
delete_member(member=None) - Deletes the provided member
(list subject to change per the evolution of the Resource, Member, and Pool f5_cccl objects)

This object will handle the above operations while inheriting from the Resource object. And many of the above methods may call the super class for the parent to handle the transaction.

Key/value names and meanings are mapped following the schema. Ambiguity is as follows:
monitor - list of monitorType objects or monitorType.name delimited by ', '

This mock function is needed for both the marathon and k8s frontend controllers unit tests.

schemas/tests/service.json was not updated to stay in sync with changes to schemas/cccl-api-schema.yml.

Sample service config needs to reflect current schema, and build needs to fail when the sample does not work.

Problem:

• Need exists for a Monitor CCCL class that handles BIG-IP monitors
• This class will need to interface with the F5-SDK monitor
• Class must have some place holders to handle a dynamic schema
• Class must have a means of overwrite for any sub-classes to have their own schema defaults

Additional items for expansion:

• HTTPS Monitor sub-class
• HTTP Monitor sub-class
• ICMP Monitor sub-class
• TCP Monitor sub-class
• UDP Monitor sub-class

The CCCL schema for iApps presents an interface very similar to that used by the f5-common-python SDK. However, this places the burden for formatting a complex iApp configuration upon the CCCL user (e.g. marathon-bigip-ctlr and k8s-bigip-ctlr).

Simplify the CCCL schema for iApps and move the burden for formatting the iApp data (tables, variables, and options) to CCCL.

If an administrator makes a policy update controllers and CCCL cannot update policies to reflect the orchestration config.

1. Start a controller which configures L7 policy (k8s, openshift, cf)
2. Stop controller
3. Make policy change through GUI (draft, edit, publish)
4. Restart controller - policy updates cannot be made.

CCCL requires policies to be in status == legacy. Administrator changes update status to published. The BIG-IP will not let new legacy updates through once the status is updated.

The desired config for nodes should be computed from the list of pools and iapps in the service configuration that is passed in to apply config.

The issue is that the desired config is being collected from the BIG-IP

In the bigip common refresh function it is possible for one of the Icr* constructors to raise an
exception. We try to manage this by handling exceptions for the creation of these objects and
creating a spare ICR object with just a name and partition. This way the object can be updated or
deleted.

The resources managed by CCCL (e.g. Virtuals, Pools, Healthmonitors, Members, Nodes, Virtual Addresses) should have python object representations to use to perform CRUD and compare the schema config model with the existing config on the big-ip.

running from f5_cccl._f5 import CloudBigIP from a python interpreter causes import errors

from f5_cccl._f5 import CloudBigIP
Traceback (most recent call last):
File "", line 1, in
from f5_cccl._f5 import CloudBigIP
File "/usr/local/lib/python3.5/site-packages/f5_cccl/_f5.py", line 38, in
from common import list_diff, list_intersect
File "/Users/ramich/development/f5-cccl/f5_cccl/common.py", line 26, in
import jwt
ImportError: No module named 'jwt'

From interpreter tried to import jwt and it still failed. Possibly requirements file needs to be update.

When creating CCCL resources from reading the configuration file, we don't handle any exceptions. We should not rely on the configuration file having input that will not produce exceptions when reading. We need to harden the config_reader to handle or document exceptional conditions.

There are discrepancies with how some of the resource types implement eq. Monitor compares to dicts, but other types only compare to like types. Want to make sure these methods are consistent.

Conflicts occur with the current Add, Update, Delete ordering when objects are added that conflict with objects being deleted. This order needs to be changed to Delete, Add, Update so these conflicts do not occur. Also the Iapp CRUD operations need to be integrated with the rest of the objects CRUD operations to prevent similar errors described above (currently it is Iapp CRUD, then rest of the objects CRUD, these should be combined).

Need to add support for logging.

Uses the python logging package.

Nodes in k8s 1.6 are not marked as Unscheduled but instead are tainted NoSchedule, leading to false negative nightly regression test results.

Define a schema that will be used to define the services that are input to apply_config.

iApps are redeployed every verify interval since there is not any logic to tell if an iApp needs to be updated or not causing them to be redeployed every verify interval.

The module expects all policy rules to have conditions which is not a requirement on the Big-IP; and fails to detect when a virtual has policies attached or detached from it.

Problem: Sometimes BIG-IP's iControl REST API returns objects that are missing fields that we expect to be present. This often happens when running against an unsupported version of BIG-IP. The error message in this case is unclear; we should clarify it. Here's an example (for f5-cccl used in k8s-bigip-ctlr):

2017/09/05 23:59:23 [ERROR] [2017-09-05 23:59:23,195 controller ERROR] Exception Error
2017/09/05 23:59:23 [INFO] Traceback (most recent call last):
2017/09/05 23:59:23 [INFO]   File "/app/src/f5-cccl/f5_cccl/_f5.py", line 232, in regenerate_config_f5
2017/09/05 23:59:23 [INFO]     self._apply_config(cfg)
2017/09/05 23:59:23 [INFO]   File "/app/python/bigipconfigdriver.py", line 97, in _apply_config
2017/09/05 23:59:23 [INFO]     CloudBigIP._apply_config(self, config['ltm'])
2017/09/05 23:59:23 [INFO]   File "/app/src/f5-cccl/f5_cccl/_f5.py", line 347, in _apply_config
2017/09/05 23:59:23 [INFO]     f5_healthcheck_dict = self.get_healthcheck_list(partition)
2017/09/05 23:59:23 [INFO]   File "/app/src/f5-cccl/f5_cccl/_f5.py", line 985, in get_healthcheck_list
2017/09/05 23:59:23 [INFO]     if hc.partition == partition and appService is None:
2017/09/05 23:59:23 [INFO]   File "/usr/local/lib/python2.7/site-packages/f5/bigip/mixins.py", line 102, in __getattr__
2017/09/05 23:59:23 [INFO]     raise AttributeError(error_message)
2017/09/05 23:59:23 [INFO] AttributeError: '<class 'f5.bigip.tm.ltm.monitor.Http'>' object has no attribute 'partition'
2017/09/05 23:59:23 [WARNING] [2017-09-05 23:59:23,196 __main__ WARNING] regenerate operation failed, restarting
2017/09/05 23:59:23 [ERROR] [2017-09-05 23:59:23,196 __main__ ERROR] Error applying config, will try again in 1 seconds
2017/09/05 23:59:24 [ERROR] [2017-09-05 23:59:24,986 controller ERROR] Exception Error
2017/09/05 23:59:24 [INFO] Traceback (most recent call last):
2017/09/05 23:59:24 [INFO]   File "/app/src/f5-cccl/f5_cccl/_f5.py", line 232, in regenerate_config_f5
2017/09/05 23:59:24 [INFO]     self._apply_config(cfg)
2017/09/05 23:59:24 [INFO]   File "/app/python/bigipconfigdriver.py", line 97, in _apply_config
2017/09/05 23:59:24 [INFO]     CloudBigIP._apply_config(self, config['ltm'])

In this case, we read a health monitor object and it didn't have the attribute 'partition' when we assumed it would. In a couple of cases this has happened when customers use k8s-bigip-ctlr against a version of BIG-IP that is technically not supported - we should give them a better message, maybe something like:

Error: Reading attributes from BIG-IP iControl REST API, are you using a supported version of BIG-IP? (AttributeError: '<class 'f5.bigip.tm.ltm.monitor.Http'>' object has no attribute 'partition')
<Backtrace>

The destination pattern regular expressions only match partition names in A-Za-z0-9_ This excludes valid folder name characters '.' and '-'.

CCCL currently depends upon f5-sdk v2.2.2, but we should upgrade to v3.0.1