Merge pull request #2 from gavinwill/tlc

TLC to role and pre commit config
gavinwill · Mar 23, 2023 · bee4d85 · bee4d85
2 parents 7824647 + 0914c9e
commit bee4d85
Show file tree

Hide file tree

Showing 6 changed files with 192 additions and 38 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,22 @@
+
+# DS Store 
+**/.DS_Store
+
+# pyenv
+.python-version
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+.env_
+
+# Misc
+.*ignore
+!.gitignore
+.python-version
+.vscode
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,19 @@
+---
+repos:
+  - repo: git@github.com:Yelp/detect-secrets
+    rev: v1.4.0
+    hooks:
+      - id: detect-secrets
+        name: Detect secrets
+        args:
+          [
+            "--baseline",
+            ".secrets.baseline",
+            "--exclude-secrets",
+            "redactedpassword",
+          ]
+
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: v2.7.1
+    hooks:
+      - id: prettier
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -0,0 +1,122 @@
+{
+  "version": "1.4.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_baseline_file",
+      "filename": ".secrets.baseline"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    },
+    {
+      "path": "detect_secrets.filters.regex.should_exclude_secret",
+      "pattern": [
+        "redactedpassword"
+      ]
+    }
+  ],
+  "results": {},
+  "generated_at": "2023-03-23T18:22:23Z"
+}
diff --git a/README.md b/README.md
@@ -1,33 +1,27 @@
-Role Name
-=========
+# Role Name
 
 This role is designed to interact with a pfsense firewall to create and download a local backup of the firewalls configuration. This runs locally to interact with pfsense via the webinterface. Currently it is limited to downloading just the basic configuration and does not include RRD Data or SSH keys as of writing.
 
+## Role Variables
 
-Role Variables
---------------
+| Name                          | Description                                    | Default                                                                                       |
+| ----------------------------- | ---------------------------------------------- | --------------------------------------------------------------------------------------------- |
+| pfsense_hostname              | Hostname or IP of Fireall                      |                                                                                               |
+| pfsense_username              | Username to login to pfsense                   |                                                                                               |
+| pfsense_password              | password to login to pfsense                   |                                                                                               |
+| pfsense_backup_page           | url for backup page in web interface           | `diag_backup.php`                                                                             |
+| pfsense_backup_directory      | Local Backup Directory to save pfsense configr |                                                                                               |
+| pfsense_backup_filename       | Filename of the saved file                     | `'{{ pfsense_backup_directory }}/{{ pfsense_hostname }}-{{ ansible_date_time.iso8601 }}.xml'` |
+| pfsense_https                 | If using HTTPS to connect to firewall          | `true`                                                                                        |
+| pfsense_validate_certificates | Check for valid certificates                   | `true`                                                                                        |
+| pfsense_backup_no_log         | Hide output from ansible logs                  | `true`                                                                                        |
 
-| Name          | Description   | Default               |
-| ------------- | ------------- | ----------------------|
-| pfsense_hostname  | Hostname or IP of Fireall      |   |
-| pfsense_username  | Username to login to pfsense   |   |
-| pfsense_password  | password to login to pfsense   |   |
-| pfsense_backup_page  | url for backup page in web interface  | `diag_backup.php`  |
-| pfsense_backup_directory  | Local Backup Directory to save pfsense configr  |  |
-| pfsense_backup_filename  | Filename of the saved file  | `'{{ pfsense_backup_directory }}/{{ pfsense_hostname }}-{{ ansible_date_time.iso8601 }}.xml'`  |
-| pfsense_https  | If using HTTPS to connect to firewall | `true`  |
-| pfsense_validate_certificates | Check for valid certificates  | `true` |
-| pfsense_backup_no_log  | Hide output from ansible logs  | `true` |
-
-
-
-Example Playbook
-----------------
+## Example Playbook
 
 ```
 - hosts: 'localhost'
-  connection: local 
-  vars: 
+  connection: local
+  vars:
     - pfsense_hostname: 'pfsense.example.com'
     - pfsense_username: 'pfbackup'
     - pfsense_password: 'redactedpassword'
@@ -36,12 +30,10 @@ Example Playbook
     - role: ansible-role-pfsense-backup
 ```
 
-License
--------
+## License
 
 MIT
 
-Author Information
-------------------
+## Author Information
 
 Gavin Will - https://github.com/gavinwill
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,17 +1,16 @@
 ---
-
 # Credentials
-pfsense_hostname: ''
-pfsense_username: ''
-pfsense_password: ''
+pfsense_hostname: ""
+pfsense_username: ""
+pfsense_password: ""
 
 # Web Backup Config
-pfsense_backup_page: 'diag_backup.php'
+pfsense_backup_page: "diag_backup.php"
 # Local Backup Config
-pfsense_backup_directory: ''
-pfsense_backup_filename: '{{ pfsense_backup_directory }}/{{ pfsense_hostname }}-{{ ansible_date_time.iso8601 }}.xml'
+pfsense_backup_directory: ""
+pfsense_backup_filename: "{{ pfsense_backup_directory }}/{{ pfsense_hostname }}-{{ ansible_date_time.iso8601 }}.xml"
 
 # SSL and Logging
 pfsense_https: true
 pfsense_validate_certificates: true
-pfsense_backup_no_log: true
+pfsense_backup_no_log: true
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -8,7 +8,7 @@
       - "{{ item }} | length"
     fail_msg: "'{{ item }}' must be supplied"
     quiet: true
-  with_items: 
+  with_items:
     - pfsense_hostname
     - pfsense_username
     - pfsense_password
@@ -20,9 +20,9 @@
 
 - name: pfSense Backup | Obtain timestamp for saved backup file
   debug:
-   var: ansible_date_time
+    var: ansible_date_time
   no_log: "{{ pfsense_backup_no_log }}"
-  
+
 - name: pfSense Backup | Obtain Cookies & CSRF Token
   ansible.builtin.uri:
     url: "{{ pfsense_backup_protocol }}://{{ pfsense_hostname }}/{{ pfsense_backup_page }}"
@@ -32,7 +32,7 @@
   register: pfsense_cookie_token
   no_log: "{{ pfsense_backup_no_log }}"
 
-- name: pfSense Backup | Set Fact for CSRF Token 
+- name: pfSense Backup | Set Fact for CSRF Token
   ansible.builtin.set_fact:
     pfsense_backup_csrf0: "{{ pfsense_cookie_token.content | regex_search('var\\s+csrfMagicToken\\s+=\\s+\\\"([a-f0-9sidp:;,]+)\\\"','\\1') }}"
   no_log: "{{ pfsense_backup_no_log }}"