def __init__(self, module):
self.module = module
self.pfsense = PFSenseModule(module)
self.pfsense_aliases = PFSenseAliasModule(module, self.pfsense)
self.pfsense_rules = PFSenseRuleModule(module, self.pfsense)
self.pfsense_rule_separators = PFSenseRuleSeparatorModule(
module, self.pfsense)
def _rule_element_to_dict(rule_elt):
""" convert rule_elt to dictionary like module arguments """
rule = PFSenseModule.element_to_dict(rule_elt)
# We use 'name' for 'descr'
rule['name'] = rule.pop('descr', 'UNKNOWN')
# We use 'action' for 'type'
rule['action'] = rule.pop('type', 'UNKNOWN')
# Convert addresses to argument format
for addr_item in ['source', 'destination']:
rule[addr_item] = PFSenseModule.addr_normalize(rule[addr_item])
return rule
def __init__(self, module, pfsense=None):
if pfsense is None:
pfsense = PFSenseModule(module)
self.module = module
self.pfsense = pfsense
self.rules = self.pfsense.get_element('filter')
self.changed = False
self.change_descr = ''
self.diff = {'after': {}, 'before': {}}
self.result = {}
self.result['added'] = []
self.result['deleted'] = []
self.result['modified'] = []
self.result['commands'] = []
# internals params
self._rule = None
self._descr = None
self._interface = None
self._floating = None
self._after = None
self._before = None
self._params = None
self._position_changed = False
def __init__(self, module, pfsense=None):
if pfsense is None:
pfsense = PFSenseModule(module)
self.module = module
self.pfsense = pfsense
self.aliases = self.pfsense.get_element('aliases')
self.change_descr = ''
self.diff = {}
self.result = {}
self.result['changed'] = False
self.result['diff'] = self.diff
self.result['commands'] = []
def __init__(self, module, pfsense=None):
if pfsense is None:
pfsense = PFSenseModule(module)
self.module = module
self.pfsense = pfsense
self.separators = self.pfsense.rules.find('separator')
self.change_descr = None
self.result = {}
self.result['changed'] = False
self.result['commands'] = []
self._params = None
self._separator = None
self._name = None
self._interface_name = None
self._interface = None
self._floating = None
self._after = None
self._before = None
def __init__(self, module):
self.module = module
self.pfsense = PFSenseModule(module)
self.system = self.pfsense.get_element('system')
self.groups = self.system.findall('group')
class pfSenseGroup(object):
def __init__(self, module):
self.module = module
self.pfsense = PFSenseModule(module)
self.system = self.pfsense.get_element('system')
self.groups = self.system.findall('group')
def _find_group(self, name):
found = None
i = 0
for group in self.groups:
i = list(self.system).index(group)
if group.find('name').text == name:
found = group
break
return (found, i)
def add(self, group):
group_elt, i = self._find_group(group['name'])
changed = False
if group_elt is None:
changed = True
if self.module.check_mode:
self.module.exit_json(changed=True)
group_elt = self.pfsense.new_element('group')
self.pfsense.copy_dict_to_element(group, group_elt)
self.system.insert(i + 1, group_elt)
self.pfsense.write_config(descr='ansible pfsense_group added %s' % (group['name']))
else:
changed = self.pfsense.copy_dict_to_element(group, group_elt)
if self.module.check_mode:
self.module.exit_json(changed=changed)
if changed:
self.pfsense.write_config(descr='ansible pfsense_group updated "%s"' % (group['name']))
self.module.exit_json(changed=changed)
def remove(self, group):
group_elt, dummy = self._find_group(group['name'])
changed = False
if group_elt is not None:
if self.module.check_mode:
self.module.exit_json(changed=True)
self.groups.remove(group_elt)
changed = True
self.pfsense.write_config(descr='ansible pfsense_group removed "%s"' % (group['name']))
self.module.exit_json(changed=changed)
def __init__(self, module):
self.module = module
self.pfsense = PFSenseModule(module)
self.cas = self.pfsense.get_elements('ca')
self.crls = self.pfsense.get_elements('crl')
class pfSenseCA(object):
def __init__(self, module):
self.module = module
self.pfsense = PFSenseModule(module)
self.cas = self.pfsense.get_elements('ca')
self.crls = self.pfsense.get_elements('crl')
def _find_ca(self, name):
found = None
i = 0
for ca in self.cas:
i = self.pfsense.get_index(ca)
if ca.find('descr').text == name:
found = ca
break
return (found, i)
def _find_crl(self, caref):
found = None
i = 0
for crl in self.crls:
i = self.pfsense.get_index(crl)
if crl.find('caref').text == caref:
found = crl
break
return (found, i)
def add(self, ca):
ca_elt, i = self._find_ca(ca['descr'])
changed = False
crl = {}
diff = {}
if 'crl' in ca:
crl['method'] = 'existing'
crl['text'] = ca.pop('crl')
if ca_elt is None:
diff['before'] = ''
changed = True
ca_elt = self.pfsense.new_element('ca')
ca['refid'] = self.pfsense.uniqid()
if 'text' in crl:
crl_elt = self.pfsense.new_element('crl')
crl['refid'] = self.pfsense.uniqid()
crl['descr'] = ca['descr'] + ' CRL'
crl['caref'] = ca['refid']
self.pfsense.copy_dict_to_element(crl, crl_elt)
self.pfsense.root.insert(i + 1, crl_elt)
self.pfsense.copy_dict_to_element(ca, ca_elt)
self.pfsense.root.insert(i + 1, ca_elt)
descr = 'ansible pfsense_ca added %s' % (ca['descr'])
else:
diff['before'] = self.pfsense.element_to_dict(ca_elt)
if 'text' in crl:
crl_elt, crl_index = self._find_crl(ca_elt.find('refid').text)
if crl_elt is None:
changed = True
crl_elt = self.pfsense.new_element('crl')
crl['refid'] = self.pfsense.uniqid()
crl['descr'] = ca['descr'] + ' CRL'
crl['caref'] = ca_elt.find('refid').text
self.pfsense.copy_dict_to_element(crl, crl_elt)
self.pfsense.root.insert(crl_index + 1, crl_elt)
else:
diff['before']['crl'] = crl_elt.find('text').text
changed = self.pfsense.copy_dict_to_element(crl, crl_elt)
if self.pfsense.copy_dict_to_element(ca, ca_elt):
changed = True
descr = 'ansible pfsense_ca updated "%s"' % (ca['descr'])
if changed and not self.module.check_mode:
self.pfsense.write_config(descr=descr)
diff['after'] = self.pfsense.element_to_dict(ca_elt)
if 'text' in crl:
diff['after']['crl'] = crl['text']
self.module.exit_json(changed=changed, diff=diff)
def remove(self, ca):
ca_elt, dummy = self._find_ca(ca['descr'])
changed = False
diff = {}
diff['after'] = {}
if ca_elt is not None:
changed = True
diff['before'] = self.pfsense.element_to_dict(ca_elt)
crl_elt, dummy = self._find_crl(ca_elt.find('refid').text)
self.cas.remove(ca_elt)
if crl_elt is not None:
diff['before']['crl'] = crl_elt.find('text').text
self.crls.remove(crl_elt)
else:
diff['before'] = {}
if changed and not self.module.check_mode:
self.pfsense.write_config(descr='ansible pfsense_ca removed "%s"' %
(ca['descr']))
self.module.exit_json(changed=changed, diff=diff)
class PFSenseModuleAggregate(object):
""" module managing pfsense aggregated aliases and rules """
def __init__(self, module):
self.module = module
self.pfsense = PFSenseModule(module)
self.pfsense_aliases = PFSenseAliasModule(module, self.pfsense)
self.pfsense_rules = PFSenseRuleModule(module, self.pfsense)
self.pfsense_rule_separators = PFSenseRuleSeparatorModule(
module, self.pfsense)
def _update(self):
cmd = 'require_once("filter.inc");\n'
cmd += 'if (filter_configure() == 0) { \n'
if self.pfsense_aliases.result['changed']:
cmd += 'clear_subsystem_dirty(\'aliases\');\n'
if self.pfsense_rules.changed or self.pfsense_rule_separators.result[
'changed']:
cmd += 'clear_subsystem_dirty(\'rules\');\n'
cmd += '}'
return self.pfsense.phpshell(cmd)
def want_rule(self, rule_elt, rules):
""" return True if we want to keep rule_elt """
descr = rule_elt.find('descr')
interface = rule_elt.find('interface')
# probably not a rule
if descr is None or interface is None:
return True
for rule in rules:
if rule['state'] == 'absent':
continue
if rule['name'] == descr.text and self.pfsense.parse_interface(
rule['interface']) == interface.text:
return True
return False
def want_rule_separator(self, separator_elt, rule_separators):
""" return True if we want to keep separator_elt """
name = separator_elt.find('text').text
interface = separator_elt.find('if').text
for separator in rule_separators:
if separator['state'] == 'absent':
continue
if separator['name'] != name:
continue
if self.pfsense.parse_interface(
separator['interface']
) == interface or interface == 'floatingrules' and separator.get(
'floating'):
return True
return False
@staticmethod
def want_alias(alias_elt, aliases):
""" return True if we want to keep alias_elt """
name = alias_elt.find('name')
alias_type = alias_elt.find('type')
# probably not an alias
if name is None or type is None:
return True
for alias in aliases:
if alias['state'] == 'absent':
continue
if alias['name'] == name.text and alias['type'] == alias_type.text:
return True
return False
def run_rules(self):
""" process input params to add/update/delete all rules """
want = self.module.params['aggregated_rules']
if want is None:
return
# delete every other rule if required
if self.module.params['purge_rules']:
todel = []
for rule_elt in self.pfsense_rules.rules:
if not self.want_rule(rule_elt, want):
params = {}
params['state'] = 'absent'
params['name'] = rule_elt.find('descr').text
params['interface'] = rule_elt.find('interface').text
if rule_elt.find('floating') is not None:
params['floating'] = True
todel.append(params)
for params in todel:
self.pfsense_rules.run(params)
# processing aggregated parameters
for params in want:
self.pfsense_rules.run(params)
def run_aliases(self):
""" process input params to add/update/delete all aliases """
want = self.module.params['aggregated_aliases']
if want is None:
return
# processing aggregated parameter
for param in want:
self.pfsense_aliases.run(param)
# delete every other alias if required
if self.module.params['purge_aliases']:
todel = []
for alias_elt in self.pfsense_aliases.aliases:
if not self.want_alias(alias_elt, want):
params = {}
params['state'] = 'absent'
params['name'] = alias_elt.find('name').text
todel.append(params)
for params in todel:
self.pfsense_aliases.run(params)
def run_rule_separators(self):
""" process input params to add/update/delete all separators """
want = self.module.params['aggregated_rule_separators']
if want is None:
return
# processing aggregated parameter
for param in want:
self.pfsense_rule_separators.run(param)
# delete every other alias if required
if self.module.params['purge_rule_separators']:
todel = []
for interface_elt in self.pfsense_rule_separators.separators:
for separator_elt in interface_elt:
if not self.want_rule_separator(separator_elt, want):
params = {}
params['state'] = 'absent'
params['name'] = separator_elt.find('text').text
if interface_elt.tag == 'floatingrules':
params['floating'] = True
else:
params['interface'] = interface_elt.tag
todel.append(params)
for params in todel:
self.pfsense_rule_separators.run(params)
def commit_changes(self):
""" apply changes and exit module """
stdout = ''
stderr = ''
changed = self.pfsense_aliases.result[
'changed'] or self.pfsense_rules.changed or self.pfsense_rule_separators.result[
'changed']
if changed and not self.module.check_mode:
self.pfsense.write_config(descr='aggregated change')
(dummy, stdout, stderr) = self._update()
result = {}
result['result_aliases'] = self.pfsense_aliases.result['commands']
result['result_rules'] = self.pfsense_rules.result['commands']
result['result_rule_separators'] = self.pfsense_rule_separators.result[
'commands']
result['changed'] = changed
result['stdout'] = stdout
result['stderr'] = stderr
self.module.exit_json(**result)
def __init__(self, module):
self.module = module
self.pfsense = PFSenseModule(module)
self.system = self.pfsense.get_element('system')
self.authservers = self.system.findall('authserver')
class PFSenseAuthserverLDAP(object):
def __init__(self, module):
self.module = module
self.pfsense = PFSenseModule(module)
self.system = self.pfsense.get_element('system')
self.authservers = self.system.findall('authserver')
def _find_authserver_ldap(self, name):
found = None
i = 0
for authserver in self.authservers:
i = list(self.system).index(authserver)
if authserver.find('name').text == name and authserver.find(
'type').text == 'ldap':
found = authserver
break
return (found, i)
def add(self, authserver):
authserver_elt, i = self._find_authserver_ldap(authserver['name'])
changed = False
# Replace the text CA name with the caref id
authserver['ldap_caref'] = self.pfsense.get_caref(authserver['ca'])
if authserver['ldap_caref'] is None:
self.module.fail_json(msg="could not find CA '%s'" %
(authserver['ca']))
del authserver['ca']
if authserver_elt is None:
changed = True
if self.module.check_mode:
self.module.exit_json(changed=True)
authserver_elt = self.pfsense.new_element('authserver')
authserver['refid'] = self.pfsense.uniqid()
self.pfsense.copy_dict_to_element(authserver, authserver_elt)
self.system.insert(i + 1, authserver_elt)
self.pfsense.write_config(
descr='ansible pfsense_authserver_ldap added %s' %
(authserver['name']))
else:
changed = self.pfsense.copy_dict_to_element(
authserver, authserver_elt)
if self.module.check_mode:
self.module.exit_json(changed=changed)
if changed:
self.pfsense.write_config(
descr='ansible pfsense_authserver_ldap updated "%s"' %
(authserver['name']))
self.module.exit_json(changed=changed)
def remove(self, authserver):
authserver_elt, dummy = self._find_authserver_ldap(authserver['name'])
changed = False
if authserver_elt is not None:
if self.module.check_mode:
self.module.exit_json(changed=True)
self.authservers.remove(authserver_elt)
changed = True
self.pfsense.write_config(
descr='ansible pfsense_authserver_ldap removed "%s"' %
(authserver['name']))
self.module.exit_json(changed=changed)