[pfsense_openvpn_server] Handle generate value for tls, psk

Fixes #81

plugins/module_utils/openvpn_server.py

@@ -106,7 +106,7 @@ def get_argument_spec():
     def __init__(self, module, pfsense=None):
         super(PFSenseOpenVPNServerModule, self).__init__(module, pfsense)
         self.name = "pfsense_openvpn_server"
-        self.root_elt = self.pfsense.get_element('openvpn')
+        self.root_elt = self.pfsense.get_element('openvpn', create_node=True)
         self.obj = dict()
 
     ##############################
@@ -213,10 +213,13 @@ def _validate_params(self):
         for param in ['shared_key', 'tls']:
             if params[param] is not None:
                 key = params[param]
-                if re.search('^-----BEGIN OpenVPN Static key V1-----.*-----END OpenVPN Static key V1-----$', key, flags=re.MULTILINE | re.DOTALL):
+                if key == 'generate':
+                    # generate during params_to_obj
+                    pass
+                elif re.search('^-----BEGIN OpenVPN Static key V1-----.*-----END OpenVPN Static key V1-----$', key, flags=re.MULTILINE | re.DOTALL):
                     params[param] = base64.b64encode(key.encode()).decode()
                 else:
-                    key_decoded = base64.b64decode(params[param].encode()).decode()
+                    key_decoded = base64.b64decode(key.encode()).decode()
                     if not re.search('^-----BEGIN OpenVPN Static key V1-----.*-----END OpenVPN Static key V1-----$',
                                      key_decoded, flags=re.MULTILINE | re.DOTALL):
                         self.module.fail_json(msg='Could not recognize {0} key format: {1}'.format(param, key_decoded))
@@ -283,21 +286,15 @@ def _get_params_to_remove(self):
 
     def _copy_and_update_target(self):
         """ update the XML target_elt """
-        before = self.pfsense.element_to_dict(self.target_elt)
+        (before, changed) = super(PFSenseOpenVPNServerModule, self)._copy_and_update_target()
+
         # Check if local port is used
         self._openvpn_port_used(self.params['protocol'], self.params['interface'], self.params['local_port'], before['vpnid'])
-        changed = self.pfsense.copy_dict_to_element(self.obj, self.target_elt)
-        if self._remove_deleted_params():
-            changed = True
-
-        self.diff['before'] = before
-        if changed:
-            self.diff['after'] = self.pfsense.element_to_dict(self.target_elt)
-            self.result['changed'] = True
-        else:
+
+        if not changed:
             self.diff['after'] = self.obj
 
-        self.result['vpnid'] = int(self.diff['before']['vpnid'])
+        self.result['vpnid'] = int(before['vpnid'])
         return (before, changed)
 
     def _create_target(self):
@@ -316,6 +313,16 @@ def _create_target(self):
     def _find_target(self):
         """ find the XML target_elt """
         (target_elt, self.idx) = self._find_openvpn_server(self.obj['description'])
+        for param in ['shared_key', 'tls']:
+            current_elt = self.pfsense.get_element(param, target_elt)
+            if self.params[param] == 'generate':
+                if current_elt is None:
+                    (dummy, key, stderr) = self.module.run_command('/usr/local/sbin/openvpn --genkey secret /dev/stdout')
+                    if stderr != "":
+                        self.module.fail_json(msg='generate for "{0}" secret key: {1}'.format(param, stderr))
+                    self.obj[param] = base64.b64encode(key.encode()).decode()
+                else:
+                    self.obj[param] = current_elt.text
         return target_elt
 
     ##############################

plugins/modules/pfsense_openvpn_server.py

@@ -90,7 +90,7 @@
     default: false
     type: bool
   shared_key:
-    description: Pre-shared key for shared key modes.
+    description: Pre-shared key for shared key modes.  If set to 'generate' it will create a key if one does not already exist.
     type: str
   dh_length:
     description: DH parameter length.