def run_module():
module_args = dict(
state=dict(required=False, default='present', choices=['present', 'absent']),
type=dict(required=False, default='server'),
refid=dict(required=True), # 13 hex digit
crt=dict(required=True),
prv=dict(required=True),
descr=dict(required=True)
)
result = dict(
changed=False,
)
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=True
)
configuration = ""
params = module.params
pfsense_check(module)
# get config and find our cert
cfg = read_config(module,'cert')
index = search(cfg,'refid',params['refid'])
base = "$config['cert'][" + str(index) + "]"
if params['state'] == 'present':
for p in ['refid','descr','crt','prv']:
if isstr(params[p]):
validate(module,p,params[p])
if index=='':
configuration += "$cert['"+p+"']='" + params[p] + "';\n"
elif cfg[index][p] != params[p]:
configuration += base + "['"+p+"']='" + params[p] + "';\n"
if index=='':
configuration += base + "=$cert;\n"
elif params['state'] == 'absent':
if index != '':
configuration += "unset("+base+");\n"
else:
module.fail_json(msg='Incorrect state value, possible choices: absent, present(default)')
result['phpcode'] = configuration
if module.check_mode:
module.exit_json(**result)
if configuration != '':
write_config(module,configuration)
result['changed'] = True
for section in params:
if type(params[section]) is dict:
result[section] = read_config(module,section)
module.exit_json(**result)
def run_module():
module_args = dict(username=dict(required=True, default=None),
password=dict(required=True, default=None),
authorizedkeys=dict(required=False, default=''))
result = dict(changed=False, )
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=
False # Password is always a change since it's supplied in clear text and saved in bcrypt
)
params = module.params
configuration = ""
pfsense_check(module)
system = read_config(module, 'system')
index = search(system['user'], 'name', params['username'])
if index == '':
module.fail_json(msg='username: '******'username'] + ' not found')
base = "$config['system']['user'][" + str(index) + "]"
for p in ['password', 'authorizedkeys']:
if isstr(params[p]):
validate(module, p, params[p])
if p not in system['user'][
index] or system['user'][index][p] != params[p]:
configuration += base + "['" + p + "']='" + params[p] + "';\n"
result['phpcode'] = configuration
if module.check_mode:
module.exit_json(**result)
if configuration != '':
configuration = 'require("auth.inc");\n' + configuration
configuration += "local_user_set_password($config['system']['user'][" + str(
index) + "], '" + params['password'] + "');\n"
write_config(module,
configuration,
post="local_user_set($config['system']['user'][" +
str(index) + "]);")
result['changed'] = True
system = read_config(module, 'system')
result['user'] = system['user']
module.exit_json(**result)
def run_module():
module_args = dict(
state=dict(required=False,
default='present',
choices=['present', 'absent']),
name=dict(required=True),
address=dict(required=False),
descr=dict(required=False, default=''),
type=dict(required=True,
choices=[
'host', 'network', 'port', 'url', 'url_ports',
'urltable', 'urltable_ports'
]),
detail=dict(required=False),
)
args = ['name', 'address', 'descr', 'type', 'detail']
result = dict(changed=False, )
module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
configuration = ""
params = module.params
section = 'aliases'
pfsense_check(module)
# get config and find our alias
cfg = read_config(module, section)
try:
index = search(cfg['alias'], 'name', params['name'])
except:
configuration = "if (empty($config['aliases'])) $config['aliases'] = [];\n"
index = ''
base = "$config['aliases']['alias'][" + str(index) + "]"
if params['state'] == 'present':
for p in args:
if isstr(params[p]):
validate(module, p, params[p])
if index == '':
configuration += "$alias['" + p + "']='" + params[
p] + "';\n"
elif not p in cfg['alias'][
index] or cfg['alias'][index][p] != params[p]:
configuration += base + "['" + p + "']='" + params[
p] + "';\n"
if index == '':
configuration += base + "=$alias;\n"
elif params['state'] == 'absent':
if index != '':
configuration += "unset(" + base + ");\n"
else:
module.fail_json(
msg=
'Incorrect state value, possible choices: absent, present(default)'
)
result['phpcode'] = configuration
if module.check_mode:
module.exit_json(**result)
if configuration != '':
write_config(module, configuration)
result['changed'] = True
result[section] = read_config(module, section)
module.exit_json(**result)
def run_module():
module_args = dict(
state=dict(required=False, default='present', choices=['present', 'absent']),
tracker=dict(required=True), # 10 digit (e.g. timestamp)
type=dict(required=False, default='pass', choices=['pass', 'block', 'reject']),
disabled=dict(required=False),
quick=dict(required=False),
interface=dict(required=False, default='lan'),
ipprotocol=dict(required=False, default='inet', choices=['inet', 'inet6', 'inet46']),
icmptype=dict(required=False, default='any'),
protocol=dict(required=False, default=None, choices=['tcp', 'udp', 'tcp/udp', 'icmp', 'esp', 'ah', 'gre', 'ipv6', 'igmp', 'ospf', 'any', 'carp', 'pfsync', None]),
direction=dict(required=False, default='any', choices=['any','in','out']),
statetype=dict(required=False, default='keep state', choices=['keep state','sloppy state','synproxy state','none']),
floating=dict(required=False, choices=[None, True]),
source=dict(required=False, type=dict, default=dict(any='') ),
destination=dict(required=False, type=dict, default=dict(any='') ),
log=dict(required=False),
descr=dict(required=False)
)
result = dict(
changed=False,
)
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=True
)
params = module.params
configuration = ""
diff = False
updated = ""
pfsense_check(module)
# get config and find our rule
cfg = read_config(module,'filter')
index = search(cfg['rule'],'tracker',params['tracker'])
base = "$config['filter']['rule'][" + str(index) + "]"
if params['state'] == 'present':
if type(params['protocol']) in [str,unicode]:
if params['protocol']!='icmp':
params['icmptype'] = None
for p in ['source','destination']:
for el in params[p]:
if index=='' or (el not in cfg['rule'][index][p]) or (str(cfg['rule'][index][p][el]) != str(params[p][el])):
diff = True
updated += ":"+p+"."+el
for (k,v) in params[p].iteritems():
validate(module,p+":"+el+":"+k,v)
for p in ['type','tracker','ipprotocol','interface','direction','statetype']:
validate(module,p,params[p])
configuration += "$rule['" + p + "'] = '" + params[p] + "';\n"
if index=='' or (str(params[p]) != str(cfg['rule'][index][p])):
diff = True
updated += ":"+p
for p in ['descr','log','disabled','quick','protocol','icmptype']:
if type(params[p]) in [str,unicode]:
validate(module,p,params[p])
configuration += "$rule['" + p + "'] = '" + params[p] + "';\n"
if index=='' or (p not in cfg['rule'][index]) or (str(params[p]) != str(cfg['rule'][index][p])):
diff = True
updated += ":"+p
for p in ['floating']:
if type(params[p]) in [bool]:
configuration += "$rule['" + p + "'] = " + str(params[p]) + ";\n"
if index=='' or (p not in cfg['rule'][index]):
diff = True
updated += ":"+p
if diff:
configuration += "$rule['source'] = [" + ', '.join("'%s'=>%r" % (key,val) for (key,val) in params['source'].iteritems()) + "];\n"
configuration += "$rule['destination'] = [" + ', '.join("'%s'=>%r" % (key,val) for (key,val) in params['destination'].iteritems()) + "];\n"
configuration += base + "=$rule;\n"
elif params['state'] == 'absent':
if index != '':
configuration += "unset("+base+");\n"
diff = True
else:
module.fail_json(msg='Incorrect state value, possible choices: absent, present(default)')
result['phpcode'] = configuration
result['updated'] = updated
if module.check_mode:
module.exit_json(**result)
if diff:
write_config(module,configuration)
result['changed'] = True
cfg = read_config(module,'filter')
result['filter_rules'] = cfg['rule']
module.exit_json(**result)
def run_module():
module_args = dict(name=dict(required=True, default=None),
scope=dict(required=False,
default='remote',
choices=['local', 'remote']),
description=dict(required=False, default=''),
priv=dict(required=True, type=list),
state=dict(required=False,
default='present',
choices=['present', 'absent']))
result = dict(changed=False, )
module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
params = module.params
priv = params['priv']
configuration = ""
pfsense_check(module)
validate(module, 'name', params['name'],
'^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]$')
validate(module, 'priv', params['priv'])
system = read_config(module, 'system')
index = search(system['group'], 'name', params['name'])
if index == '':
gid = system['nextgid']
configuration += "$config['system']['nextgid']++;\n"
else:
gid = system['group'][index]['gid']
base = "$config['system']['group'][" + str(index) + "]"
if params['state'] == 'present':
for p in ['name', 'description', 'scope']:
if isstr(params[p]):
validate(module, p, params[p])
if index == '':
configuration += "$group['" + p + "']='" + params[
p] + "';\n"
elif system['group'][index][p] != params[p]:
configuration += base + "['" + p + "']='" + params[
p] + "';\n"
if index == '':
configuration += "$group['gid']='" + gid + "';\n"
configuration += "$group['priv']=['" + "','".join(priv) + "'];\n"
configuration += base + "=$group;\n"
elif set(system['group'][index]['priv']) != set(priv):
configuration += base + "['priv']=['" + "','".join(priv) + "'];\n"
elif params['state'] == 'absent':
if index != '':
configuration += "unset(" + base + ");\n"
else:
module.fail_json(
msg=
'Incorrect state value, possible choices: absent, present(default)'
)
result['phpcode'] = configuration
if module.check_mode:
module.exit_json(**result)
if configuration != '':
write_config(module, configuration)
result['changed'] = True
cfg = read_config(module, 'system')
result['group'] = cfg['group']
module.exit_json(**result)
def run_module():
module_args = dict(
safe_mode=dict(default='yes', choices=['yes','no']),
snmpd=dict(type=dict),
syslog=dict(type=dict),
system=dict(type=dict),
widgets=dict(type=dict),
hasync=dict(type=dict),
nat=dict(type=dict),
installedpackages=dict(type=dict),
)
result = dict(
changed=False,
)
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=True
)
params = module.params
DoNotCreate = ['rule','cert','user','group','authserver','alias','item','monitor_type','gateway_item','package']; # Arrays of Dict
AllowCreateKeys = False
if params['safe_mode'] == 'no':
AllowCreateKeys = True
del params['safe_mode']
configuration = ""
pfsense_check(module)
# Loop through all possible params
for section in params:
# Process provided sections
if type(params[section]) is dict:
# Read existing configuration
result[section] = read_config(module,section)
if not type(result[section]) is dict:
result[section] = dict()
# Loop through provided keys in the section
for key in params[section]:
# Check for keys we can't handle here
if key in DoNotCreate:
module.fail_json(msg='Cannot create array type, try pfsense_'+key+' module')
# Check that key exists in config (unless we are allowing key create "safe: no")
if (key in result[section]) or AllowCreateKeys:
validate(module,section+":"+key,params[section][key])
# String Type
if isstr(params[section][key]):
# Validate Data type provided matches existing config
if (key in result[section]):
if not isstr(result[section][key]):
module.fail_json(msg=section + ":" + key + " requires " + str(type(result[section][key])))
# Update if changed
if not key in result[section] or str(result[section][key]) != params[section][key]:
configuration += "$config['" + section + "']['" + key + "']='" + params[section][key] + "';\n"
result[section][key] = params[section][key]
# List Type
elif type(params[section][key]) is list:
# Validate Data type provided matches existing config
if (key in result[section]):
if type(result[section][key]) is not list:
module.fail_json(msg=section + ":" + key + " requires " + str(type(result[section][key])))
# Update if changed
if set(result[section][key]) != set(params[section][key]):
configuration += "$config['" + section + "']['" + key + "']=['"+"','".join(params[section][key])+"'];\n"
result[section][key] = params[section][key]
# Dict Type
elif type(params[section][key]) is dict:
# Validate Data type provided matches existing config
if (key in result[section]):
if type(result[section][key]) is not dict:
module.fail_json(msg=section + ":" + key + " requires " + str(type(result[section][key])))
# Loop thru subkeys k in dict
for (k,v) in params[section][key].items():
validate(module,section+":"+key+":"+k,v)
if (k in result[section][key]) or AllowCreateKeys:
# Type validation
if (k in result[section][key]):
if not isstr(result[section][key][k]):
module.fail_json(msg="String expected in config at "+section + ":" + key + ":" + k + " " + str(type(result[section][key][k])) + " found")
if type(v) is not str:
module.fail_json(msg="String value expected in "+section + ":" + key + ":" + k)
# Update if changed
if not k in result[section][key] or result[section][key][k] != params[section][key][k]:
configuration += "$config['" + section + "']['" + key + "']['" + k + "'] = '" + v.replace("'","\\'") + "';\n"
result[section][key][k]=v
else:
module.fail_json(msg='SubKey: '+k+' not found in '+section+":"+key+'. Cannot create new keys in safe mode')
else:
module.fail_json(msg= section + ":" + key + " has unexpected type " + str(type(params[section][key])))
else:
module.fail_json(msg='Key: '+key+' not found in section: '+section+'. Cannot create new keys in safe mode')
result['phpcode'] = configuration
if module.check_mode:
module.exit_json(**result)
if configuration != '':
write_config(module,configuration)
result['changed'] = True
for section in params:
if type(params[section]) is dict:
result[section] = read_config(module,section)
module.exit_json(**result)
def run_module():
module_args = dict(
services=dict(required=True, default=None),
)
result = dict(
changed=False,
)
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=True
)
params = module.params
services = params['services']
configuration = ""
pfsense_check(module)
cfg = read_config(module);
if 'all' in services:
DoAll = True
else:
DoAll = False
if 'interfaces' in services or DoAll:
configuration += "interfaces_configure();\n"
if 'hostname' in services or DoAll:
configuration += "system_hostname_configure();\n"
if 'hosts' in services or DoAll:
configuration += "system_hosts_generate();\n"
if 'resolv' in services or DoAll:
configuration += "system_resolvconf_generate();\n"
if 'timezone' in services or DoAll:
configuration += "system_timezone_configure();\n"
if 'ntp' in services or DoAll:
configuration += "system_ntp_configure();\n"
if 'reload_dns' in services or DoAll:
configuration += "send_event('service reload dns');\n"
if 'snmp' in services or DoAll:
configuration += "services_snmpd_configure();\n"
if 'filter' in services or DoAll:
configuration += "require_once('filter.inc');filter_configure();clear_subsystem_dirty('filter');\n"
if 'hasync' in services or DoAll:
configuration += "interfaces_sync_setup();\n"
if 'dnsmasq' in services or DoAll:
try:
if cfg['dnsmasq']['enable']:
configuration += "services_dnsmasq_configure();\n"
except:
pass
if 'unbound' in services or DoAll:
try:
if cfg['unbound']['enable']:
configuration += "services_unbound_configure();\n"
except:
pass
if 'restart_webgui' in services or DoAll:
configuration += "system_webgui_start();\n"
# if '' in services or DoAll:
# configuration +=
if 'frr' in services or DoAll:
if os.path.isfile('/usr/local/pkg/frr.inc'): # Check frr installed.
configuration += "include('/usr/local/pkg/frr.inc');frr_generate_config();\n"
result['phpcode'] = configuration
if module.check_mode:
module.exit_json(**result)
if configuration != '':
write_config(module,configuration)
result['changed'] = True
module.exit_json(**result)
def run_module():
module_args = dict(name=dict(required=True,
choices=['wan', 'lan', 'opt1', 'opt2']),
enable=dict(required=False, default=True, type=str),
ipaddr=dict(required=False),
ipprotocol=dict(required=False, default='inet'),
subnet=dict(required=False),
gateway=dict(required=False),
gateway_name=dict(required=False, default='Default_GW'),
gateway_weight=dict(required=False, default='1'),
descr=dict(required=False, default=''))
result = dict(changed=False, )
module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
params = module.params
section = 'interfaces'
configuration = ""
pfsense_check(module)
name = params['name']
cfg = read_config(module, section)
try:
if cfg[name]:
pass
except:
module.fail_json(msg='interface ' + name + ' not found')
interface = "$config['" + section + "']['" + name + "']"
# Interface Params
for key in ['ipaddr', 'subnet', 'descr']:
if params[key]:
if not key in cfg[name] or params[key] != cfg[name][key]:
validate(module, key, params[key])
configuration += interface + "['" + key + "']='" + params[
key] + "';\n"
# Handle enable param
if params['enable'] and 'enable' not in cfg[name]:
configuration += interface + "['enable']='';\n"
if not params['enable'] and 'enable' in cfg[name]:
configuration += "unset(" + interface + "['enable']);\n"
# Setup Gateway if provided, (should really be in its own pfsense_gateways module)
section = 'gateways'
gw_diff = False
gw_params = {
'name': 'interface',
'gateway': 'gateway',
'gateway_name': 'name',
'gateway_weight': 'weight'
}
if params['gateway']:
gateways = read_config(module, section)
gw = search(gateways['gateway_item'], 'name', params['gateway_name'])
if gw == '':
gw_diff = True
else:
for p, key in gw_params.iteritems():
if p in params:
validate(module, p, params[p])
if (key not in gateways['gateway_item'][gw]) or (
params[p] != gateways['gateway_item'][gw][key]):
gw_diff = True
if gw_diff:
configuration += interface + "['gateway']='" + params[
'gateway_name'] + "';\n"
configuration += "$config['gateways']['gateway_item'][" + gw + "]=[\n"
configuration += "'interface'=>'" + params['name'] + "',\n"
configuration += "'gateway'=>'" + params['gateway'] + "',\n"
configuration += "'name'=>'" + params['gateway_name'] + "',\n"
configuration += "'weight'=>'" + params['gateway_weight'] + "'];"
result['phpcode'] = configuration
if module.check_mode:
module.exit_json(**result)
if configuration != '':
write_config(module, configuration)
result['changed'] = True
for section in ['interfaces', 'gateways']:
result[section] = read_config(module, section)
module.exit_json(**result)
def run_module():
module_args = dict(
rules=dict(required=True, type=list),
enforce=dict(required=False, choices=[None, 'yes', 'no']),
)
result = dict(changed=False, )
module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
count = 0
audit = []
trackers = []
configuration = ""
params = module.params
enforce = params['enforce']
rules = params['rules']
if not isstr(enforce):
enforce = 'no'
pfsense_check(module)
for rule in rules:
try:
tracker = rule['tracker']
except:
module.fail_json(msg='tracker not found in rule', rule=rule)
try:
state = rule['state']
except:
state = 'present'
if state == 'present':
trackers.append(str(rule['tracker']))
cfg = read_config(module, 'filter')
for key, rule in enumerate(cfg['rule']):
tracker = rule['tracker']
if tracker not in trackers:
audit.append(rule)
if enforce == 'yes':
configuration += "unset($config['filter']['rule'][" + str(
key) + "]);\n"
else:
count += 1
result['audit'] = audit
result['phpcode'] = configuration
if count == 0:
result['trackers'] = trackers
module.fail_json(msg='no matched rules: aborting')
if module.check_mode:
module.exit_json(**result)
if configuration != '':
write_config(module, configuration)
result['changed'] = True
module.exit_json(**result)
def run_module():
module_args = dict(state=dict(required=False,
default='present',
choices=['present', 'absent']),
zebra=dict(required=False),
bgpd=dict(required=False),
ospfd=dict(required=False),
ospf6d=dict(required=False))
args = ['zebra', 'bgpd', 'ospfd', 'ospf6d']
result = dict(changed=False, )
module = AnsibleModule(argument_spec=module_args,
required_one_of=[args],
supports_check_mode=True)
params = module.params
configuration = ""
pfsense_check(module)
if not os.path.isfile('/usr/local/pkg/frr.inc'):
module.fail_json(msg='pfsense-pkg-frr package not installed')
index = 0
cfg = read_config(module, 'installedpackages')
try:
frr = cfg['frrglobalraw']['config'][0]
except:
index = ""
base = "$config['installedpackages']['frrglobalraw']['config'][0]"
if params['state'] == 'present':
for p in args:
if type(params[p]) in [str, unicode]:
validate(module, p, params[p])
if index == "" or (p in frr and params[p] != frr[p]):
configuration += base + "['" + p + "']='" + params[
p] + "';\n"
elif params['state'] == 'absent':
if index != '':
configuration += "unset(" + base + ");\n"
else:
module.fail_json(
msg=
'Incorrect state value, possible choices: absent, present(default)'
)
result['phpcode'] = configuration
if module.check_mode:
module.exit_json(**result)
if configuration != '':
# uncomment these to overwrite gui config
configuration += "unset($config['installedpackages']['frr']);\n"
configuration += "unset($config['installedpackages']['frrbgp']);\n"
configuration += "$frr['enable']='on';\n"
configuration += "$config['installedpackages']['frrbgp']['config']=$frr;\n"
configuration += "$frr['password']=uniqid();\n"
configuration += "$config['installedpackages']['frr']['config']=$frr;\n"
# Write new config
configuration += "write_config();\n;"
# Apply the config
configuration += "include('/usr/local/pkg/frr.inc');frr_generate_config();\n"
write_config(module, configuration)
result['changed'] = True
module.exit_json(**result)
def run_module():
module_args = dict(
state=dict(required=False,
default='present',
choices=['present', 'absent']),
uniqid=dict(required=False),
interface=dict(required=False,
default='lo0',
choices=['lo0', 'wan', 'lan', 'opt1', 'opt2']),
mode=dict(required=False,
default='ipalias',
choices=['ipalias', 'carp', 'proxyarp', 'other']),
subnet=dict(Required=True),
subnet_bits=dict(required=False, default='32'),
type=dict(required=False, default='single'),
vhid=dict(required=False, default=''),
password=dict(required=False, default=''),
advbase=dict(required=False, default='1'),
advskew=dict(required=False, default='0'),
descr=dict(required=False, default=''))
result = dict(changed=False, )
module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
section = 'virtualip'
configuration = ""
params = module.params
pfsense_check(module)
cfg = read_config(module, section)
index = ''
if type(cfg) is dict and 'vip' in cfg:
if isstr(params['uniqid']):
index = search(cfg['vip'], 'uniqid', params['uniqid'])
else:
params['uniqid'] = uniqid()
if index == '':
index = search(cfg['vip'], 'subnet', params['subnet'])
base = "$config['virtualip']['vip'][" + str(index) + "]"
if params['state'] == 'present':
for p in [
'mode', 'type', 'uniqid', 'interface', 'descr', 'subnet',
'subnet_bits', 'vhid', 'password', 'advbase', 'advskew'
]:
if isstr(params[p]):
validate(module, p, params[p])
if index == '':
configuration += "$virtualip['" + p + "']='" + params[
p] + "';\n"
elif cfg[index][p] != params[p]:
configuration += base + "['" + p + "']='" + params[
p] + "';\n"
if index == '':
configuration += base + "=$virtualip;\n"
elif params['state'] == 'absent':
if index != '':
configuration += "unset(" + base + ");\n"
else:
module.fail_json(
msg=
'Incorrect state value, possible choices: absent, present(default)'
)
result['phpcode'] = configuration
if module.check_mode:
module.exit_json(**result)
if configuration != '':
write_config(module, configuration)
result['changed'] = True
result[section] = read_config(module, section)
module.exit_json(**result)
def run_module():
module_args = dict(
state=dict(required=False,
default='present',
choices=['present', 'absent']),
refid=dict(required=True), # 10 digit (e.g. timestamp)
name=dict(required=True),
host=dict(required=True),
type=dict(required=False, default='ldap', choices=['ldap', 'radius']),
radius_protocol=dict(
required=False,
default='MS-CHAPv2',
choices=['PAP,', 'MD5-CHAP', 'MS-CHAPv1', 'MS-CHAPv2']),
radius_nasip_attribute=dict(required=False),
radius_secret=dict(required=False, ),
radius_timeout=dict(required=False, default="10"),
radius_auth_port=dict(required=False, default="1812"),
radius_acct_port=dict(required=False, default="1813"),
ldap_port=dict(required=False, default="389"),
ldap_urltype=dict(
required=False,
default="TCP - Standard",
choices=['TCP - Standard', 'TCP - STARTTLS', 'SSL - Encrypted']),
ldap_protver=dict(required=False, default="3", choices=['2', '3']),
ldap_scope=dict(required=False,
default="one",
choices=['one', 'subtree']),
ldap_basedn=dict(required=False),
ldap_authcn=dict(required=False),
ldap_extended_enabled=dict(required=False, default=""),
ldap_extended_query=dict(required=False, default=""),
ldap_attr_user=dict(required=False, default="samAccountName"),
ldap_attr_group=dict(required=False, default="cn"),
ldap_attr_member=dict(required=False, default="memberOf"),
ldap_attr_groupobj=dict(required=False, default="group"),
ldap_timeout=dict(required=False, default="25"),
ldap_binddn=dict(required=False),
ldap_bindpw=dict(required=False))
result = dict(changed=False, )
module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
params = module.params
configuration = ""
pfsense_check(module)
# get config and find our authserver
cfg = read_config(module, 'system')
try:
index = search(cfg['authserver'], 'refid', params['refid'])
except:
index = ''
configuration = "$config['system']['authserver']=[];\n"
base = "$config['system']['authserver'][" + str(index) + "]"
if params['state'] == 'present':
for p in ['type', 'refid', 'name', 'host']:
validate(module, p, params[p])
if index == '':
configuration += "$auth['" + p + "'] = '" + params[p] + "';\n"
elif params[p] != cfg['authserver'][index][p]:
configuration += base + "['" + p + "'] = '" + params[p] + "';\n"
for p in params:
if type(params[p]) is str and p.split('_')[0] == params['type']:
validate(module, p, params[p])
if index == '':
configuration += "$auth['" + p + "'] = '" + params[
p] + "';\n"
elif params[p] != cfg['authserver'][index][p]:
configuration += base + "['" + p + "'] = '" + params[
p] + "';\n"
if index == '':
configuration += base + "=$auth;\n"
elif params['state'] == 'absent':
if index != '':
configuration += "unset(" + base + ");\n"
else:
module.fail_json(
msg=
'Incorrect state value, possible choices: absent, present(default)'
)
result['phpcode'] = configuration
if module.check_mode:
module.exit_json(**result)
if configuration != '':
write_config(module, configuration)
result['changed'] = True
cfg = read_config(module, 'system')
result['authserver'] = cfg['authserver']
module.exit_json(**result)
