From 3fd5bacdd0324ab636a0456f19993d588f900dcb Mon Sep 17 00:00:00 2001
From: James Holland <6574404+jamesholland-uk@users.noreply.github.com>
Date: Wed, 14 Jun 2023 10:05:30 +0100
Subject: [PATCH] feat(panos_import): Add private key blocking to keypair
 import (#417)

---
 plugins/modules/panos_import.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/plugins/modules/panos_import.py b/plugins/modules/panos_import.py
index 476186f8b..af8d41a83 100644
--- a/plugins/modules/panos_import.py
+++ b/plugins/modules/panos_import.py
@@ -98,6 +98,11 @@
         description:
             - Passphrase used to decrypt the certificate and/or private key.
         type: str
+    block_private_key_export:
+        description:
+            - When I(category=keypair), controls if the private key is allowed to be exported from PAN-OS in future.
+            - If this parameter is left undefined, the effective value with be no.
+        type: bool
     custom_logo_location:
         description:
             - When I(category=custom-logo), import this logo file here.
@@ -286,6 +291,7 @@ def main():
             certificate_name=dict(type="str"),
             format=dict(type="str", choices=["pem", "pkcs12"]),
             passphrase=dict(type="str", no_log=True),
+            block_private_key_export=dict(type="bool"),
             custom_logo_location=dict(
                 type="str",
                 choices=[
@@ -334,6 +340,14 @@ def main():
         params["certificate-name"] = module.params["certificate_name"]
         params["format"] = module.params["format"]
         params["passphrase"] = module.params["passphrase"]
+        src = "block_private_key_export"
+        dst = "block-private-key"
+        if module.params[src] is None:
+            params[dst] = None
+        elif module.params[src]:
+            params[dst] = "yes"
+        else:
+            params[dst] = "no"
 
     elif category == "custom-logo":
         params["where"] = module.params["custom_logo_location"]