From 99ccce9a262d8a519eed71a6a73de68c802dfdd9 Mon Sep 17 00:00:00 2001 From: genofire Date: Fri, 8 Sep 2023 18:14:07 +0200 Subject: [PATCH] [pfsense_openvpn_server] Handle `generate` value for tls, psk Fixes #81 --- plugins/module_utils/openvpn_server.py | 35 ++++++++++++++--------- plugins/modules/pfsense_openvpn_server.py | 2 +- 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/plugins/module_utils/openvpn_server.py b/plugins/module_utils/openvpn_server.py index a5c06d35..00b29478 100644 --- a/plugins/module_utils/openvpn_server.py +++ b/plugins/module_utils/openvpn_server.py @@ -106,7 +106,7 @@ def get_argument_spec(): def __init__(self, module, pfsense=None): super(PFSenseOpenVPNServerModule, self).__init__(module, pfsense) self.name = "pfsense_openvpn_server" - self.root_elt = self.pfsense.get_element('openvpn') + self.root_elt = self.pfsense.get_element('openvpn', create_node=True) self.obj = dict() ############################## @@ -213,10 +213,13 @@ def _validate_params(self): for param in ['shared_key', 'tls']: if params[param] is not None: key = params[param] - if re.search('^-----BEGIN OpenVPN Static key V1-----.*-----END OpenVPN Static key V1-----$', key, flags=re.MULTILINE | re.DOTALL): + if key == 'generate': + # generate during params_to_obj + pass + elif re.search('^-----BEGIN OpenVPN Static key V1-----.*-----END OpenVPN Static key V1-----$', key, flags=re.MULTILINE | re.DOTALL): params[param] = base64.b64encode(key.encode()).decode() else: - key_decoded = base64.b64decode(params[param].encode()).decode() + key_decoded = base64.b64decode(key.encode()).decode() if not re.search('^-----BEGIN OpenVPN Static key V1-----.*-----END OpenVPN Static key V1-----$', key_decoded, flags=re.MULTILINE | re.DOTALL): self.module.fail_json(msg='Could not recognize {0} key format: {1}'.format(param, key_decoded)) @@ -283,21 +286,15 @@ def _get_params_to_remove(self): def _copy_and_update_target(self): """ update the XML target_elt """ - before = self.pfsense.element_to_dict(self.target_elt) + (before, changed) = super(PFSenseOpenVPNServerModule, self)._copy_and_update_target() + # Check if local port is used self._openvpn_port_used(self.params['protocol'], self.params['interface'], self.params['local_port'], before['vpnid']) - changed = self.pfsense.copy_dict_to_element(self.obj, self.target_elt) - if self._remove_deleted_params(): - changed = True - - self.diff['before'] = before - if changed: - self.diff['after'] = self.pfsense.element_to_dict(self.target_elt) - self.result['changed'] = True - else: + + if not changed: self.diff['after'] = self.obj - self.result['vpnid'] = int(self.diff['before']['vpnid']) + self.result['vpnid'] = int(before['vpnid']) return (before, changed) def _create_target(self): @@ -316,6 +313,16 @@ def _create_target(self): def _find_target(self): """ find the XML target_elt """ (target_elt, self.idx) = self._find_openvpn_server(self.obj['description']) + for param in ['shared_key', 'tls']: + current_elt = self.pfsense.get_element(param, target_elt) + if self.params[param] == 'generate': + if current_elt is None: + (dummy, key, stderr) = self.module.run_command('/usr/local/sbin/openvpn --genkey secret /dev/stdout') + if stderr != "": + self.module.fail_json(msg='generate for "{0}" secret key: {1}'.format(param, stderr)) + self.obj[param] = base64.b64encode(key.encode()).decode() + else: + self.obj[param] = current_elt.text return target_elt ############################## diff --git a/plugins/modules/pfsense_openvpn_server.py b/plugins/modules/pfsense_openvpn_server.py index 384126d3..de14159a 100644 --- a/plugins/modules/pfsense_openvpn_server.py +++ b/plugins/modules/pfsense_openvpn_server.py @@ -90,7 +90,7 @@ default: false type: bool shared_key: - description: Pre-shared key for shared key modes. + description: Pre-shared key for shared key modes. If set to 'generate' it will create a key if one does not already exist. type: str dh_length: description: DH parameter length.