def run_module():
module_args = dict(
state=dict(required=False, default='present', choices=['present', 'absent']),
type=dict(required=False, default='server'),
refid=dict(required=True), # 13 hex digit
crt=dict(required=True),
prv=dict(required=True),
descr=dict(required=True)
)
result = dict(
changed=False,
)
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=True
)
configuration = ""
params = module.params
pfsense_check(module)
# get config and find our cert
cfg = read_config(module,'cert')
index = search(cfg,'refid',params['refid'])
base = "$config['cert'][" + str(index) + "]"
if params['state'] == 'present':
for p in ['refid','descr','crt','prv']:
if isstr(params[p]):
validate(module,p,params[p])
if index=='':
configuration += "$cert['"+p+"']='" + params[p] + "';\n"
elif cfg[index][p] != params[p]:
configuration += base + "['"+p+"']='" + params[p] + "';\n"
if index=='':
configuration += base + "=$cert;\n"
elif params['state'] == 'absent':
if index != '':
configuration += "unset("+base+");\n"
else:
module.fail_json(msg='Incorrect state value, possible choices: absent, present(default)')
result['phpcode'] = configuration
if module.check_mode:
module.exit_json(**result)
if configuration != '':
write_config(module,configuration)
result['changed'] = True
for section in params:
if type(params[section]) is dict:
result[section] = read_config(module,section)
module.exit_json(**result)
def run_module():
module_args = dict(username=dict(required=True, default=None),
password=dict(required=True, default=None),
authorizedkeys=dict(required=False, default=''))
result = dict(changed=False, )
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=
False # Password is always a change since it's supplied in clear text and saved in bcrypt
)
params = module.params
configuration = ""
pfsense_check(module)
system = read_config(module, 'system')
index = search(system['user'], 'name', params['username'])
if index == '':
module.fail_json(msg='username: '******'username'] + ' not found')
base = "$config['system']['user'][" + str(index) + "]"
for p in ['password', 'authorizedkeys']:
if isstr(params[p]):
validate(module, p, params[p])
if p not in system['user'][
index] or system['user'][index][p] != params[p]:
configuration += base + "['" + p + "']='" + params[p] + "';\n"
result['phpcode'] = configuration
if module.check_mode:
module.exit_json(**result)
if configuration != '':
configuration = 'require("auth.inc");\n' + configuration
configuration += "local_user_set_password($config['system']['user'][" + str(
index) + "], '" + params['password'] + "');\n"
write_config(module,
configuration,
post="local_user_set($config['system']['user'][" +
str(index) + "]);")
result['changed'] = True
system = read_config(module, 'system')
result['user'] = system['user']
module.exit_json(**result)
def run_module():
module_args = dict(
state=dict(required=False,
default='present',
choices=['present', 'absent']),
name=dict(required=True),
address=dict(required=False),
descr=dict(required=False, default=''),
type=dict(required=True,
choices=[
'host', 'network', 'port', 'url', 'url_ports',
'urltable', 'urltable_ports'
]),
detail=dict(required=False),
)
args = ['name', 'address', 'descr', 'type', 'detail']
result = dict(changed=False, )
module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
configuration = ""
params = module.params
section = 'aliases'
pfsense_check(module)
# get config and find our alias
cfg = read_config(module, section)
try:
index = search(cfg['alias'], 'name', params['name'])
except:
configuration = "if (empty($config['aliases'])) $config['aliases'] = [];\n"
index = ''
base = "$config['aliases']['alias'][" + str(index) + "]"
if params['state'] == 'present':
for p in args:
if isstr(params[p]):
validate(module, p, params[p])
if index == '':
configuration += "$alias['" + p + "']='" + params[
p] + "';\n"
elif not p in cfg['alias'][
index] or cfg['alias'][index][p] != params[p]:
configuration += base + "['" + p + "']='" + params[
p] + "';\n"
if index == '':
configuration += base + "=$alias;\n"
elif params['state'] == 'absent':
if index != '':
configuration += "unset(" + base + ");\n"
else:
module.fail_json(
msg=
'Incorrect state value, possible choices: absent, present(default)'
)
result['phpcode'] = configuration
if module.check_mode:
module.exit_json(**result)
if configuration != '':
write_config(module, configuration)
result['changed'] = True
result[section] = read_config(module, section)
module.exit_json(**result)
def run_module():
module_args = dict(
state=dict(required=False, default='present', choices=['present', 'absent']),
tracker=dict(required=True), # 10 digit (e.g. timestamp)
type=dict(required=False, default='pass', choices=['pass', 'block', 'reject']),
disabled=dict(required=False),
quick=dict(required=False),
interface=dict(required=False, default='lan'),
ipprotocol=dict(required=False, default='inet', choices=['inet', 'inet6', 'inet46']),
icmptype=dict(required=False, default='any'),
protocol=dict(required=False, default=None, choices=['tcp', 'udp', 'tcp/udp', 'icmp', 'esp', 'ah', 'gre', 'ipv6', 'igmp', 'ospf', 'any', 'carp', 'pfsync', None]),
direction=dict(required=False, default='any', choices=['any','in','out']),
statetype=dict(required=False, default='keep state', choices=['keep state','sloppy state','synproxy state','none']),
floating=dict(required=False, choices=[None, True]),
source=dict(required=False, type=dict, default=dict(any='') ),
destination=dict(required=False, type=dict, default=dict(any='') ),
log=dict(required=False),
descr=dict(required=False)
)
result = dict(
changed=False,
)
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=True
)
params = module.params
configuration = ""
diff = False
updated = ""
pfsense_check(module)
# get config and find our rule
cfg = read_config(module,'filter')
index = search(cfg['rule'],'tracker',params['tracker'])
base = "$config['filter']['rule'][" + str(index) + "]"
if params['state'] == 'present':
if type(params['protocol']) in [str,unicode]:
if params['protocol']!='icmp':
params['icmptype'] = None
for p in ['source','destination']:
for el in params[p]:
if index=='' or (el not in cfg['rule'][index][p]) or (str(cfg['rule'][index][p][el]) != str(params[p][el])):
diff = True
updated += ":"+p+"."+el
for (k,v) in params[p].iteritems():
validate(module,p+":"+el+":"+k,v)
for p in ['type','tracker','ipprotocol','interface','direction','statetype']:
validate(module,p,params[p])
configuration += "$rule['" + p + "'] = '" + params[p] + "';\n"
if index=='' or (str(params[p]) != str(cfg['rule'][index][p])):
diff = True
updated += ":"+p
for p in ['descr','log','disabled','quick','protocol','icmptype']:
if type(params[p]) in [str,unicode]:
validate(module,p,params[p])
configuration += "$rule['" + p + "'] = '" + params[p] + "';\n"
if index=='' or (p not in cfg['rule'][index]) or (str(params[p]) != str(cfg['rule'][index][p])):
diff = True
updated += ":"+p
for p in ['floating']:
if type(params[p]) in [bool]:
configuration += "$rule['" + p + "'] = " + str(params[p]) + ";\n"
if index=='' or (p not in cfg['rule'][index]):
diff = True
updated += ":"+p
if diff:
configuration += "$rule['source'] = [" + ', '.join("'%s'=>%r" % (key,val) for (key,val) in params['source'].iteritems()) + "];\n"
configuration += "$rule['destination'] = [" + ', '.join("'%s'=>%r" % (key,val) for (key,val) in params['destination'].iteritems()) + "];\n"
configuration += base + "=$rule;\n"
elif params['state'] == 'absent':
if index != '':
configuration += "unset("+base+");\n"
diff = True
else:
module.fail_json(msg='Incorrect state value, possible choices: absent, present(default)')
result['phpcode'] = configuration
result['updated'] = updated
if module.check_mode:
module.exit_json(**result)
if diff:
write_config(module,configuration)
result['changed'] = True
cfg = read_config(module,'filter')
result['filter_rules'] = cfg['rule']
module.exit_json(**result)
def run_module():
module_args = dict(name=dict(required=True, default=None),
scope=dict(required=False,
default='remote',
choices=['local', 'remote']),
description=dict(required=False, default=''),
priv=dict(required=True, type=list),
state=dict(required=False,
default='present',
choices=['present', 'absent']))
result = dict(changed=False, )
module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
params = module.params
priv = params['priv']
configuration = ""
pfsense_check(module)
validate(module, 'name', params['name'],
'^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]$')
validate(module, 'priv', params['priv'])
system = read_config(module, 'system')
index = search(system['group'], 'name', params['name'])
if index == '':
gid = system['nextgid']
configuration += "$config['system']['nextgid']++;\n"
else:
gid = system['group'][index]['gid']
base = "$config['system']['group'][" + str(index) + "]"
if params['state'] == 'present':
for p in ['name', 'description', 'scope']:
if isstr(params[p]):
validate(module, p, params[p])
if index == '':
configuration += "$group['" + p + "']='" + params[
p] + "';\n"
elif system['group'][index][p] != params[p]:
configuration += base + "['" + p + "']='" + params[
p] + "';\n"
if index == '':
configuration += "$group['gid']='" + gid + "';\n"
configuration += "$group['priv']=['" + "','".join(priv) + "'];\n"
configuration += base + "=$group;\n"
elif set(system['group'][index]['priv']) != set(priv):
configuration += base + "['priv']=['" + "','".join(priv) + "'];\n"
elif params['state'] == 'absent':
if index != '':
configuration += "unset(" + base + ");\n"
else:
module.fail_json(
msg=
'Incorrect state value, possible choices: absent, present(default)'
)
result['phpcode'] = configuration
if module.check_mode:
module.exit_json(**result)
if configuration != '':
write_config(module, configuration)
result['changed'] = True
cfg = read_config(module, 'system')
result['group'] = cfg['group']
module.exit_json(**result)
def run_module():
module_args = dict(name=dict(required=True,
choices=['wan', 'lan', 'opt1', 'opt2']),
enable=dict(required=False, default=True, type=str),
ipaddr=dict(required=False),
ipprotocol=dict(required=False, default='inet'),
subnet=dict(required=False),
gateway=dict(required=False),
gateway_name=dict(required=False, default='Default_GW'),
gateway_weight=dict(required=False, default='1'),
descr=dict(required=False, default=''))
result = dict(changed=False, )
module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
params = module.params
section = 'interfaces'
configuration = ""
pfsense_check(module)
name = params['name']
cfg = read_config(module, section)
try:
if cfg[name]:
pass
except:
module.fail_json(msg='interface ' + name + ' not found')
interface = "$config['" + section + "']['" + name + "']"
# Interface Params
for key in ['ipaddr', 'subnet', 'descr']:
if params[key]:
if not key in cfg[name] or params[key] != cfg[name][key]:
validate(module, key, params[key])
configuration += interface + "['" + key + "']='" + params[
key] + "';\n"
# Handle enable param
if params['enable'] and 'enable' not in cfg[name]:
configuration += interface + "['enable']='';\n"
if not params['enable'] and 'enable' in cfg[name]:
configuration += "unset(" + interface + "['enable']);\n"
# Setup Gateway if provided, (should really be in its own pfsense_gateways module)
section = 'gateways'
gw_diff = False
gw_params = {
'name': 'interface',
'gateway': 'gateway',
'gateway_name': 'name',
'gateway_weight': 'weight'
}
if params['gateway']:
gateways = read_config(module, section)
gw = search(gateways['gateway_item'], 'name', params['gateway_name'])
if gw == '':
gw_diff = True
else:
for p, key in gw_params.iteritems():
if p in params:
validate(module, p, params[p])
if (key not in gateways['gateway_item'][gw]) or (
params[p] != gateways['gateway_item'][gw][key]):
gw_diff = True
if gw_diff:
configuration += interface + "['gateway']='" + params[
'gateway_name'] + "';\n"
configuration += "$config['gateways']['gateway_item'][" + gw + "]=[\n"
configuration += "'interface'=>'" + params['name'] + "',\n"
configuration += "'gateway'=>'" + params['gateway'] + "',\n"
configuration += "'name'=>'" + params['gateway_name'] + "',\n"
configuration += "'weight'=>'" + params['gateway_weight'] + "'];"
result['phpcode'] = configuration
if module.check_mode:
module.exit_json(**result)
if configuration != '':
write_config(module, configuration)
result['changed'] = True
for section in ['interfaces', 'gateways']:
result[section] = read_config(module, section)
module.exit_json(**result)
def run_module():
module_args = dict(
state=dict(required=False,
default='present',
choices=['present', 'absent']),
uniqid=dict(required=False),
interface=dict(required=False,
default='lo0',
choices=['lo0', 'wan', 'lan', 'opt1', 'opt2']),
mode=dict(required=False,
default='ipalias',
choices=['ipalias', 'carp', 'proxyarp', 'other']),
subnet=dict(Required=True),
subnet_bits=dict(required=False, default='32'),
type=dict(required=False, default='single'),
vhid=dict(required=False, default=''),
password=dict(required=False, default=''),
advbase=dict(required=False, default='1'),
advskew=dict(required=False, default='0'),
descr=dict(required=False, default=''))
result = dict(changed=False, )
module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
section = 'virtualip'
configuration = ""
params = module.params
pfsense_check(module)
cfg = read_config(module, section)
index = ''
if type(cfg) is dict and 'vip' in cfg:
if isstr(params['uniqid']):
index = search(cfg['vip'], 'uniqid', params['uniqid'])
else:
params['uniqid'] = uniqid()
if index == '':
index = search(cfg['vip'], 'subnet', params['subnet'])
base = "$config['virtualip']['vip'][" + str(index) + "]"
if params['state'] == 'present':
for p in [
'mode', 'type', 'uniqid', 'interface', 'descr', 'subnet',
'subnet_bits', 'vhid', 'password', 'advbase', 'advskew'
]:
if isstr(params[p]):
validate(module, p, params[p])
if index == '':
configuration += "$virtualip['" + p + "']='" + params[
p] + "';\n"
elif cfg[index][p] != params[p]:
configuration += base + "['" + p + "']='" + params[
p] + "';\n"
if index == '':
configuration += base + "=$virtualip;\n"
elif params['state'] == 'absent':
if index != '':
configuration += "unset(" + base + ");\n"
else:
module.fail_json(
msg=
'Incorrect state value, possible choices: absent, present(default)'
)
result['phpcode'] = configuration
if module.check_mode:
module.exit_json(**result)
if configuration != '':
write_config(module, configuration)
result['changed'] = True
result[section] = read_config(module, section)
module.exit_json(**result)
def run_module():
module_args = dict(
state=dict(required=False,
default='present',
choices=['present', 'absent']),
refid=dict(required=True), # 10 digit (e.g. timestamp)
name=dict(required=True),
host=dict(required=True),
type=dict(required=False, default='ldap', choices=['ldap', 'radius']),
radius_protocol=dict(
required=False,
default='MS-CHAPv2',
choices=['PAP,', 'MD5-CHAP', 'MS-CHAPv1', 'MS-CHAPv2']),
radius_nasip_attribute=dict(required=False),
radius_secret=dict(required=False, ),
radius_timeout=dict(required=False, default="10"),
radius_auth_port=dict(required=False, default="1812"),
radius_acct_port=dict(required=False, default="1813"),
ldap_port=dict(required=False, default="389"),
ldap_urltype=dict(
required=False,
default="TCP - Standard",
choices=['TCP - Standard', 'TCP - STARTTLS', 'SSL - Encrypted']),
ldap_protver=dict(required=False, default="3", choices=['2', '3']),
ldap_scope=dict(required=False,
default="one",
choices=['one', 'subtree']),
ldap_basedn=dict(required=False),
ldap_authcn=dict(required=False),
ldap_extended_enabled=dict(required=False, default=""),
ldap_extended_query=dict(required=False, default=""),
ldap_attr_user=dict(required=False, default="samAccountName"),
ldap_attr_group=dict(required=False, default="cn"),
ldap_attr_member=dict(required=False, default="memberOf"),
ldap_attr_groupobj=dict(required=False, default="group"),
ldap_timeout=dict(required=False, default="25"),
ldap_binddn=dict(required=False),
ldap_bindpw=dict(required=False))
result = dict(changed=False, )
module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
params = module.params
configuration = ""
pfsense_check(module)
# get config and find our authserver
cfg = read_config(module, 'system')
try:
index = search(cfg['authserver'], 'refid', params['refid'])
except:
index = ''
configuration = "$config['system']['authserver']=[];\n"
base = "$config['system']['authserver'][" + str(index) + "]"
if params['state'] == 'present':
for p in ['type', 'refid', 'name', 'host']:
validate(module, p, params[p])
if index == '':
configuration += "$auth['" + p + "'] = '" + params[p] + "';\n"
elif params[p] != cfg['authserver'][index][p]:
configuration += base + "['" + p + "'] = '" + params[p] + "';\n"
for p in params:
if type(params[p]) is str and p.split('_')[0] == params['type']:
validate(module, p, params[p])
if index == '':
configuration += "$auth['" + p + "'] = '" + params[
p] + "';\n"
elif params[p] != cfg['authserver'][index][p]:
configuration += base + "['" + p + "'] = '" + params[
p] + "';\n"
if index == '':
configuration += base + "=$auth;\n"
elif params['state'] == 'absent':
if index != '':
configuration += "unset(" + base + ");\n"
else:
module.fail_json(
msg=
'Incorrect state value, possible choices: absent, present(default)'
)
result['phpcode'] = configuration
if module.check_mode:
module.exit_json(**result)
if configuration != '':
write_config(module, configuration)
result['changed'] = True
cfg = read_config(module, 'system')
result['authserver'] = cfg['authserver']
module.exit_json(**result)
