[pfsense_rule] Change after to insert after the last match instead of the first

Author: opoplawski

changelogs/fragments/pfsense_rule-after.yml

@@ -0,0 +1,2 @@
+minor_changes:
+ - pfsense_rule - Change `after` to insert after the last match instead of the first.

plugins/module_utils/pfsense.py

@@ -229,18 +229,22 @@ def get_interface_rules_count(self, interface, floating):
 
         return count
 
-    def get_rule_position(self, descr, interface, floating):
+    def get_rule_position(self, descr, interface, floating, first=True):
         """ get rule position in interface/floating """
         i = 0
+        found = None
         for rule_elt in self.rules:
             if not self.rule_match_interface(rule_elt, interface, floating):
                 continue
             descr_elt = rule_elt.find('descr')
             if descr_elt is not None and descr_elt.text == descr:
-                return i
+                if first:
+                    return i
+                else:
+                    found = i
             i += 1
 
-        return None
+        return found
 
     def copy_dict_to_element(self, src, top_elt, sub=0):
         """ Copy/update top_elt from src """

plugins/module_utils/rule.py

@@ -410,7 +410,7 @@ def _get_expected_rule_position(self):
         elif self._after == 'top':
             return 0
         elif self._after is not None:
-            return self._get_rule_position(self._after) + 1
+            return self._get_rule_position(self._after, first=False) + 1
         elif self._before is not None:
             position = self._get_rule_position(self._before) - 1
             if position < 0:
@@ -472,12 +472,12 @@ def _get_params_to_remove():
         """ returns the list of params to remove if they are not set """
         return ['log', 'protocol', 'disabled', 'defaultqueue', 'ackqueue', 'dnpipe', 'pdnpipe', 'gateway', 'icmptype', 'sched', 'quick', 'tcpflags_any']
 
-    def _get_rule_position(self, descr=None, fail=True):
+    def _get_rule_position(self, descr=None, fail=True, first=True):
         """ get rule position in interface/floating """
         if descr is None:
             descr = self.obj['descr']
 
-        res = self.pfsense.get_rule_position(descr, self.obj['interface'], self._floating)
+        res = self.pfsense.get_rule_position(descr, self.obj['interface'], self._floating, first=first)
         if fail and res is None:
             self.module.fail_json(msg='Failed to find rule=%s interface=%s' % (descr, self._interface_name()))
         return res

plugins/modules/pfsense_pkg.py

@@ -0,0 +1,140 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2024, Orion Poplawski <orion@nwra.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+---
+module: pfsense_pkg
+
+short_description: Manage pfSense configs
+
+version_added: "0.6.0"
+
+description:
+  - Manage pfSense configs
+
+options:
+  name:
+    description: The name of the config
+    required: true
+    type: str
+  state:
+    description: State in which to leave the config
+    choices: ['present', 'absent']
+    default: present
+    type: str
+  cmd:
+    description: Command of the config. Enter the command to run.
+    type: str
+  cmdtype:
+    description: Shellcmd Type of the config. Choose the shellcmd type. Click Info for details.
+    choices: ['shellcmd', 'earlyshellcmd', 'afterfilterchangeshellcmd', 'disabled']
+    type: str
+
+author: Orion Poplawski (@)
+'''
+
+EXAMPLES = r'''
+- name: Add myitem config
+  pfsensible.core.pfsense_pkg:
+    name: myitem
+    cmd: echo hi
+    cmdtype: shellcmd
+    state: present
+
+- name: Remove myitem config
+  pfsensible.core.pfsense_pkg:
+    name: myitem
+    state: absent
+'''
+RETURN = r'''
+commands:
+    description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)
+    returned: always
+    type: list
+    sample: ["create config 'myitem'", "update config 'myitem' set ...", "delete config 'myitem'"]
+'''
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase
+
+# Change to name of module, extend for needed parameters
+CONFIG_ARGUMENT_SPEC = {
+    # Only name should be required here - othewise you cannot remove an item with just 'name'
+    # Required arguments for creation should be note in CONFIG_REQUIRED_IF = ['state', 'present', ...] below
+    'name': {'required': True, 'type': 'str'},
+    'state': {
+        'type': 'str',
+        'default': 'present',
+        'choices': ['present', 'absent']
+    },
+    'cmd': {
+        'type': 'str',
+    },
+    'cmdtype': {
+        'choices': ['shellcmd', 'earlyshellcmd', 'afterfilterchangeshellcmd', 'disabled'],
+        'type': 'str',
+    },
+}
+
+# Compact style
+CONFIG_ARGUMENT_SPEC = dict(
+    # Only name should be required here - othewise you cannot remove an item with just 'name'
+    # Required arguments for creation should be note in CONFIG_REQUIRED_IF = ['state', 'present', ...] below
+    name=dict(required=True, typ='str'),
+    state=dict(type='str', default='present', choices=['present', 'absent']),
+    cmd=dict(type='str'),
+    cmdtype=dict(type='str', choices=['shellcmd', 'earlyshellcmd', 'afterfilterchangeshellcmd', 'disabled'],),
+)
+
+# TODO - check for validity - what are default values when creating a new config
+CONFIG_CREATE_DEFAULT = dict(
+)
+
+# TODO - check for validity - what parameters are actually required when creating a new config?
+CONFIG_REQUIRED_IF = [
+    ['state', 'present', ['{'key': 'cmd', 'value': {'description': 'Command of the config. Enter the command to run.', 'type': 'str', 'required': True, 'example': 'echo hi'}}', '{'key': 'cmdtype', 'value': {'description': 'Shellcmd Type of the config. Choose the shellcmd type. Click Info for details.', 'choices': ['shellcmd', 'earlyshellcmd', 'afterfilterchangeshellcmd', 'disabled'], 'type': 'str', 'multiple': False, 'required': True, 'example': 'shellcmd'}}']],
+]
+
+CONFIG_PHP_COMMAND_SET = r'''
+require_once("filter.inc");
+if (filter_configure() == 0) { clear_subsystem_dirty(''); }
+'''
+
+
+class PFSenseConfigModule(PFSenseModuleBase):
+    """ module managing pfsense configs """
+
+    ##############################
+    # unit tests
+    #
+    # Must be class method for unit test usage
+    @staticmethod
+    def get_argument_spec():
+        """ return argument spec """
+        return CONFIG_ARGUMENT_SPEC
+
+    def __init__(self, module, pfsense=None):
+        super(PFSenseConfigModule, self).__init__(module, pfsense, root='shellcmdsettings', node='config', key='description', update_php=CONFIG_PHP_COMMAND_SET,
++                                                arg_route=Config_ARG_ROUTE, map_param=Config_MAP_PARAM, create_default=Config_CREATE_DEFAULT)
+
+
+def main():
+    module = AnsibleModule(
+        argument_spec=CONFIG_ARGUMENT_SPEC,
+        required_if=CONFIG_REQUIRED_IF,
+        supports_check_mode=True)
+
+    pfmodule = PFSenseConfigModule(module)
+    # Pass params for testing framework
+    pfmodule.run(module.params)
+    pfmodule.commit_changes()
+
+
+if __name__ == '__main__':
+    main()

plugins/modules/pkg_edit.php.py

@@ -0,0 +1,140 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2024, Orion Poplawski <orion@nwra.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+---
+module: /pkg_edit.php
+
+short_description: Manage pfSense configs
+
+version_added: "0.6.0"
+
+description:
+  - Manage pfSense configs
+
+options:
+  name:
+    description: The name of the config
+    required: true
+    type: str
+  state:
+    description: State in which to leave the config
+    choices: ['present', 'absent']
+    default: present
+    type: str
+  cmd:
+    description: Command of the config. Enter the command to run.
+    type: str
+  cmdtype:
+    description: Shellcmd Type of the config. Choose the shellcmd type. Click Info for details.
+    choices: ['shellcmd', 'earlyshellcmd', 'afterfilterchangeshellcmd', 'disabled']
+    type: str
+
+author: Orion Poplawski (@)
+'''
+
+EXAMPLES = r'''
+- name: Add myitem config
+  pfsensible.core./pkg_edit.php:
+    name: myitem
+    cmd: echo hi
+    cmdtype: shellcmd
+    state: present
+
+- name: Remove myitem config
+  pfsensible.core./pkg_edit.php:
+    name: myitem
+    state: absent
+'''
+RETURN = r'''
+commands:
+    description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)
+    returned: always
+    type: list
+    sample: ["create config 'myitem'", "update config 'myitem' set ...", "delete config 'myitem'"]
+'''
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase
+
+# Change to name of module, extend for needed parameters
+CONFIG_ARGUMENT_SPEC = {
+    # Only name should be required here - othewise you cannot remove an item with just 'name'
+    # Required arguments for creation should be note in CONFIG_REQUIRED_IF = ['state', 'present', ...] below
+    'name': {'required': True, 'type': 'str'},
+    'state': {
+        'type': 'str',
+        'default': 'present',
+        'choices': ['present', 'absent']
+    },
+    'cmd': {
+        'type': 'str',
+    },
+    'cmdtype': {
+        'choices': ['shellcmd', 'earlyshellcmd', 'afterfilterchangeshellcmd', 'disabled'],
+        'type': 'str',
+    },
+}
+
+# Compact style
+CONFIG_ARGUMENT_SPEC = dict(
+    # Only name should be required here - othewise you cannot remove an item with just 'name'
+    # Required arguments for creation should be note in CONFIG_REQUIRED_IF = ['state', 'present', ...] below
+    name=dict(required=True, typ='str'),
+    state=dict(type='str', default='present', choices=['present', 'absent']),
+    cmd=dict(type='str'),
+    cmdtype=dict(type='str', choices=['shellcmd', 'earlyshellcmd', 'afterfilterchangeshellcmd', 'disabled'],),
+)
+
+# TODO - check for validity - what are default values when creating a new config
+CONFIG_CREATE_DEFAULT = dict(
+)
+
+# TODO - check for validity - what parameters are actually required when creating a new config?
+CONFIG_REQUIRED_IF = [
+    ['state', 'present', ['{'key': 'cmd', 'value': {'description': 'Command of the config. Enter the command to run.', 'type': 'str', 'required': True, 'example': 'echo hi'}}', '{'key': 'cmdtype', 'value': {'description': 'Shellcmd Type of the config. Choose the shellcmd type. Click Info for details.', 'choices': ['shellcmd', 'earlyshellcmd', 'afterfilterchangeshellcmd', 'disabled'], 'type': 'str', 'multiple': False, 'required': True, 'example': 'shellcmd'}}']],
+]
+
+CONFIG_PHP_COMMAND_SET = r'''
+require_once("filter.inc");
+if (filter_configure() == 0) { clear_subsystem_dirty(''); }
+'''
+
+
+class PFSenseConfigModule(PFSenseModuleBase):
+    """ module managing pfsense configs """
+
+    ##############################
+    # unit tests
+    #
+    # Must be class method for unit test usage
+    @staticmethod
+    def get_argument_spec():
+        """ return argument spec """
+        return CONFIG_ARGUMENT_SPEC
+
+    def __init__(self, module, pfsense=None):
+        super(PFSenseConfigModule, self).__init__(module, pfsense, root='shellcmdsettings', node='config', key='description', update_php=CONFIG_PHP_COMMAND_SET,
++                                                arg_route=Config_ARG_ROUTE, map_param=Config_MAP_PARAM, create_default=Config_CREATE_DEFAULT)
+
+
+def main():
+    module = AnsibleModule(
+        argument_spec=CONFIG_ARGUMENT_SPEC,
+        required_if=CONFIG_REQUIRED_IF,
+        supports_check_mode=True)
+
+    pfmodule = PFSenseConfigModule(module)
+    # Pass params for testing framework
+    pfmodule.run(module.params)
+    pfmodule.commit_changes()
+
+
+if __name__ == '__main__':
+    main()