Train::F5

A simple Train plugin that wraps REST calls to F5 BigIP load balancers.

Train is used by Chef infrastructure automation products like Chef Infra and Chef Inspec to connect to remote backends.

Add this line to your application's Gemfile:

gem 'train-f5'

And then execute:

$ bundle install

Or just install it yourself as:

$ gem install train-f5

To test the plugin using Inspec you can try:-

inspec detect -t f5://admin:secrit_pa55word@f5.myorg.com:8443 --insecure

You should end up with output like this if all went well

─────── Platform Details ───────

Name:      f5
Families:  api
Release:   16.1.3.1

To write an Inspec custom resource, you can use the following methods:-

json_body = inspec.backend.get(f5_rest_endpoint)
json_body = inspec.backend.put(f5_rest_endpoint, data)
json_body = inspec.backend.post(f5_rest_endpoint, data)
json_body = inspec.backend.delete(f5_rest_endpoint)

You can experiment with the API using the Inspec Shell

inspec detect -t f5://admin:secrit_pa55word@f5.myorg.com:8443 --insecure

inspec.backend.get '/mgmt/tm/sys/version'

The custom resource

# libraries/f5_software.rb
class F5Software < Inspec.resource(1)
  name "f5_software"

  def version
    body = inspec.backend.get('/mgmt/tm/sys/version')
    f5_release = body['entries'].values[0]['nestedStats']['entries']['Version']['description']
  end
end

The Control

# controls/software.rb
control "Software - 1.1" do
  impact 0.7
  title "Version must be correct"

  describe f5_software do
    its('version') { should eq '16.1.3.0' }
  end
end

You can pass credentials at the command line

inspec detect -t f5://admin:secrit_pa55word@f5.myorg.com:8443 --insecure

You can also pass credentials in environment variables (useful to avoid creds on the command line)

export F5_PORT=8443
export F5_HOST=f5.myorg.com
export F5_PASSWORD=secrit_pa55word
export F5_USER=admin

inspec detect -t f5:// --insecure

Bug reports and pull requests are welcome on GitHub at https://github.com/trickyearlobe/train-f5.