def __init__(self, module):
     self.module = module
     self.pfsense = PFSenseModule(module)
     self.pfsense_aliases = PFSenseAliasModule(module, self.pfsense)
     self.pfsense_interfaces = PFSenseInterfaceModule(module, self.pfsense)
     self.pfsense_rules = PFSenseRuleModule(module, self.pfsense)
     self.pfsense_rule_separators = PFSenseRuleSeparatorModule(module, self.pfsense)
     self.pfsense_vlans = PFSenseVlanModule(module, self.pfsense)
예제 #2
0
 def __init__(self, module):
     self.module = module
     self.pfsense = PFSenseModule(module)
     self.pfsense_aliases = PFSenseAliasModule(module, self.pfsense)
     self.pfsense_interfaces = PFSenseInterfaceModule(module, self.pfsense)
     self.pfsense_nat_outbounds = PFSenseNatOutboundModule(
         module, self.pfsense)
     self.pfsense_nat_port_forwards = PFSenseNatPortForwardModule(
         module, self.pfsense)
     self.pfsense_rules = PFSenseRuleModule(module, self.pfsense)
     self.pfsense_rule_separators = PFSenseRuleSeparatorModule(
         module, self.pfsense)
     self.pfsense_vlans = PFSenseVlanModule(module, self.pfsense)
def main():
    module = AnsibleModule(
        argument_spec=RULE_SEPARATOR_ARGUMENT_SPEC,
        required_one_of=RULE_SEPARATOR_REQUIRED_ONE_OF,
        mutually_exclusive=RULE_SEPARATOR_MUTUALLY_EXCLUSIVE,
        supports_check_mode=True)

    pfmodule = PFSenseRuleSeparatorModule(module)
    pfmodule.run(module.params)
    pfmodule.commit_changes()
class PFSenseModuleAggregate(object):
    """ module managing pfsense aggregated aliases, rules, rule separators, interfaces and vlans """

    def __init__(self, module):
        self.module = module
        self.pfsense = PFSenseModule(module)
        self.pfsense_aliases = PFSenseAliasModule(module, self.pfsense)
        self.pfsense_interfaces = PFSenseInterfaceModule(module, self.pfsense)
        self.pfsense_rules = PFSenseRuleModule(module, self.pfsense)
        self.pfsense_rule_separators = PFSenseRuleSeparatorModule(module, self.pfsense)
        self.pfsense_vlans = PFSenseVlanModule(module, self.pfsense)

    def _update(self):
        run = False
        cmd = 'require_once("filter.inc");\n'
        if self.pfsense_vlans.result['changed']:
            run = True
            cmd += self.pfsense_vlans.get_update_cmds()

        if self.pfsense_interfaces.result['changed']:
            run = True
            cmd += self.pfsense_interfaces.get_update_cmds()

        cmd += 'if (filter_configure() == 0) { \n'
        if self.pfsense_aliases.result['changed']:
            run = True
            cmd += 'clear_subsystem_dirty(\'aliases\');\n'
        if self.pfsense_rules.result['changed'] or self.pfsense_rule_separators.result['changed']:
            run = True
            cmd += 'clear_subsystem_dirty(\'filter\');\n'
        cmd += '}'
        if run:
            return self.pfsense.phpshell(cmd)

        return ('', '', '')

    def want_rule(self, rule_elt, rules):
        """ return True if we want to keep rule_elt """
        descr = rule_elt.find('descr')
        interface = rule_elt.find('interface')

        # probably not a rule
        if descr is None or interface is None:
            return True

        for rule in rules:
            if rule['state'] == 'absent':
                continue
            if rule['name'] == descr.text and self.pfsense.parse_interface(rule['interface']) == interface.text:
                return True
        return False

    def want_rule_separator(self, separator_elt, rule_separators):
        """ return True if we want to keep separator_elt """
        name = separator_elt.find('text').text
        interface = separator_elt.find('if').text

        for separator in rule_separators:
            if separator['state'] == 'absent':
                continue
            if separator['name'] != name:
                continue
            if self.pfsense.parse_interface(separator['interface']) == interface or interface == 'floatingrules' and separator.get('floating'):
                return True
        return False

    @staticmethod
    def want_alias(alias_elt, aliases):
        """ return True if we want to keep alias_elt """
        name = alias_elt.find('name')
        alias_type = alias_elt.find('type')

        # probably not an alias
        if name is None or type is None:
            return True

        for alias in aliases:
            if alias['state'] == 'absent':
                continue
            if alias['name'] == name.text and alias['type'] == alias_type.text:
                return True
        return False

    def want_interface(self, interface_elt, interfaces):
        """ return True if we want to keep interface_elt """
        descr_elt = interface_elt.find('descr')
        if descr_elt is not None and descr_elt.text:
            name = descr_elt.text
        else:
            name = interface_elt.tag

        for interface in interfaces:
            if interface['state'] == 'absent':
                continue
            if interface['descr'] == name:
                return True
        return False

    @staticmethod
    def want_vlan(vlan_elt, vlans):
        """ return True if we want to keep vlan_elt """
        tag = int(vlan_elt.find('tag').text)
        interface = vlan_elt.find('if')

        for vlan in vlans:
            if vlan['state'] == 'absent':
                continue
            if vlan['vlan_id'] == tag and vlan['interface'] == interface.text:
                return True
        return False

    @staticmethod
    def is_filtered(interface_filter, floating_filter, params):
        if interface_filter is None:
            return False

        if 'floating' in params:
            if isinstance(params['floating'], str):
                floating = params['floating'].lower()
            else:
                floating = 'true' if params['floating'] else 'false'

            if floating != 'false' and floating != 'no':
                return not floating_filter

        return floating_filter or params['interface'].lower() != interface_filter

    def run_rules(self):
        """ process input params to add/update/delete all rules """

        want = self.module.params['aggregated_rules']
        interface_filter = self.module.params['interface_filter'].lower() if self.module.params.get('interface_filter') is not None else None
        floating_filter = False
        if interface_filter is not None and interface_filter.lower() == 'floating':
            floating_filter = True

        if want is None:
            return

        # delete every other rule if required
        if self.module.params['purge_rules']:
            todel = []
            for rule_elt in self.pfsense_rules.root_elt:
                if not self.want_rule(rule_elt, want):
                    params = {}
                    params['state'] = 'absent'
                    params['name'] = rule_elt.find('descr').text

                    if rule_elt.find('floating') is not None:
                        params['floating'] = True
                        interfaces = rule_elt.find('interface').text.split(',')
                        params['interface'] = list()
                        for interface in interfaces:
                            target = self.pfsense.get_interface_display_name(interface, return_none=True)
                            if target is not None:
                                params['interface'].append(target)
                            else:
                                params['interface'].append(interface)
                        params['interface'] = ','.join(params['interface'])
                    else:
                        params['interface'] = self.pfsense.get_interface_display_name(rule_elt.find('interface').text, return_none=True)

                    if params['interface'] is None:
                        continue

                    todel.append(params)

            for params in todel:
                if self.is_filtered(interface_filter, floating_filter, params):
                    continue
                self.pfsense_rules.run(params)

        # generating order if required
        if self.module.params.get('order_rules'):
            last_rules = dict()
            for params in want:
                if params.get('before') is not None or params.get('after') is not None:
                    self.module.fail_json(msg="You can't use after or before parameters on rules when using order_rules (see {0})".format(params['name']))

                if params.get('state') == 'absent':
                    continue

                if params.get('floating'):
                    key = 'floating'
                else:
                    key = params['interface']

                # first rule on interface
                if key not in last_rules:
                    params['after'] = 'top'
                    last_rules[key] = params['name']
                    continue

                params['after'] = last_rules[key]
                last_rules[key] = params['name']

        # processing aggregated parameters
        for params in want:
            if self.is_filtered(interface_filter, floating_filter, params):
                continue
            self.pfsense_rules.run(params)

    def run_aliases(self):
        """ process input params to add/update/delete all aliases """
        want = self.module.params['aggregated_aliases']

        if want is None:
            return

        # processing aggregated parameter
        for param in want:
            self.pfsense_aliases.run(param)

        # delete every other alias if required
        if self.module.params['purge_aliases']:
            todel = []
            for alias_elt in self.pfsense_aliases.root_elt:
                if not self.want_alias(alias_elt, want):
                    params = {}
                    params['state'] = 'absent'
                    params['name'] = alias_elt.find('name').text
                    todel.append(params)

            for params in todel:
                self.pfsense_aliases.run(params)

    def run_interfaces(self):
        """ process input params to add/update/delete all interfaces """
        want = self.module.params['aggregated_interfaces']

        if want is None:
            return

        # processing aggregated parameter
        for param in want:
            self.pfsense_interfaces.run(param)

        # delete every other if required
        if self.module.params['purge_interfaces']:
            todel = []
            for interface_elt in self.pfsense_interfaces.root_elt:
                if not self.want_interface(interface_elt, want):
                    params = {}
                    params['state'] = 'absent'
                    descr_elt = interface_elt.find('descr')
                    if descr_elt is not None and descr_elt.text:
                        params['descr'] = descr_elt.text
                        todel.append(params)

            for params in todel:
                self.pfsense_interfaces.run(params)

    def run_rule_separators(self):
        """ process input params to add/update/delete all separators """
        want = self.module.params['aggregated_rule_separators']
        interface_filter = self.module.params['interface_filter'].lower() if self.module.params.get('interface_filter') is not None else None
        floating_filter = False
        if interface_filter is not None and interface_filter.lower() == 'floating':
            floating_filter = True

        if want is None:
            return

        # processing aggregated parameter
        for params in want:
            if self.is_filtered(interface_filter, floating_filter, params):
                continue
            self.pfsense_rule_separators.run(params)

        # delete every other if required
        if self.module.params['purge_rule_separators']:
            todel = []
            for interface_elt in self.pfsense_rule_separators.separators:
                for separator_elt in interface_elt:
                    if not self.want_rule_separator(separator_elt, want):
                        params = {}
                        params['state'] = 'absent'
                        params['name'] = separator_elt.find('text').text
                        if interface_elt.tag == 'floatingrules':
                            params['floating'] = True
                        else:
                            params['interface'] = self.pfsense.get_interface_display_name(interface_elt.tag, return_none=True)
                            if params['interface'] is None:
                                continue
                        todel.append(params)

            for params in todel:
                if self.is_filtered(interface_filter, floating_filter, params):
                    continue
                self.pfsense_rule_separators.run(params)

    def run_vlans(self):
        """ process input params to add/update/delete all vlans """
        want = self.module.params['aggregated_vlans']

        if want is None:
            return

        # processing aggregated parameter
        for param in want:
            self.pfsense_vlans.run(param)

        # delete every other if required
        if self.module.params['purge_vlans']:
            todel = []
            for vlan_elt in self.pfsense_vlans.root_elt:
                if not self.want_vlan(vlan_elt, want):
                    params = {}
                    params['state'] = 'absent'
                    params['interface'] = vlan_elt.find('if').text
                    params['vlan_id'] = int(vlan_elt.find('tag').text)
                    todel.append(params)

            for params in todel:
                self.pfsense_vlans.run(params)

    def commit_changes(self):
        """ apply changes and exit module """
        stdout = ''
        stderr = ''
        changed = (
            self.pfsense_aliases.result['changed'] or self.pfsense_interfaces.result['changed'] or self.pfsense_rules.result['changed']
            or self.pfsense_rule_separators.result['changed'] or self.pfsense_vlans.result['changed']
        )

        if changed and not self.module.check_mode:
            self.pfsense.write_config(descr='aggregated change')
            (dummy, stdout, stderr) = self._update()

        result = {}
        result['result_aliases'] = self.pfsense_aliases.result['commands']
        result['result_interfaces'] = self.pfsense_interfaces.result['commands']
        result['result_rules'] = self.pfsense_rules.result['commands']
        result['result_rule_separators'] = self.pfsense_rule_separators.result['commands']
        result['result_vlans'] = self.pfsense_vlans.result['commands']
        result['changed'] = changed
        result['stdout'] = stdout
        result['stderr'] = stderr
        self.module.exit_json(**result)