Merge branch 'pfsensible:master' into master

.github/workflows/main.yml

@@ -18,8 +18,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: ['3.9']
-        ansible-version: ['2.12', '2.13', '2.14']
+        python-version: ['3.10']
+        ansible-version: ['2.14', '2.15', '2.16']
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:

CHANGELOG.rst

@@ -0,0 +1,53 @@
+=============================
+pfSensible.Core Release Notes
+=============================
+
+.. contents:: Topics
+
+
+v0.6.0
+======
+
+Major Changes
+-------------
+
+- pfsense_default_gateway - Add module for setting the default gateways (https://github.com/pfsensible/core/pull/99)
+- pfsense_dns_resolver - Add module for DNS resolver (unbound) settings (https://github.com/pfsensible/core/pull/76)
+
+Minor Changes
+-------------
+
+- ipaddress support for pfSense 2.4.4
+- pfsense_cert - Support EC certs (https://github.com/pfsensible/core/pull/98)
+- pfsense_interface - Always return `ifname` - even on interface creation
+- pfsense_interface - Prevent removal if interface is part of an interface group
+- pfsense_nat_outbound - Allow for NET:INTERFACE addresses
+- pfsense_nat_port_forward - 2.4.5 compatibility
+- pfsense_openvpn_server - Do not allow removal of an instance with an interface assignment
+- pfsense_rule - Add option to ignore an inexistent queue
+- pfsense_rule - Add support for floating 'any' interface rule (https://github.com/pfsensible/core/pull/90)
+- plugins/lookup/pfsense - Optimization and ignore queue setting
+- tests/plays - Add plays for testing with a live pfSense instance
+
+Bugfixes
+--------
+
+- pfsense_aggregate - Fix where a rule with a duplicated name would not be deleted if required
+- pfsense_dhcp_static - Allow removing entry with just name (https://github.com/pfsensible/core/issues/69)
+- pfsense_dhcp_static - Allow use of display name for netif. Error in case a interface group name is specified (https://github.com/pfsensible/core/issues/79)
+- pfsense_interface - Properly shut dwon interface and kill dhclient process when removing interface (https://github.com/pfsensible/core/pull/67)
+- pfsense_interface_group - Check that members list is unique
+- pfsense_interface_group - Fix creation (https://github.com/pfsensible/core/issues/74)
+- pfsense_interface_group - `members` is only required for creation
+- pfsense_nat_outbound - Fix boolean values, invert (https://github.com/pfsensible/core/issues/92)
+- pfsense_openvpn_client - Fix strictuserdn -> strictusercn option (https://github.com/pfsensible/core/pull/93)
+- pfsense_openvpn_client/override/server - Allow network alias and non-strict network address for `tunnel_network`/`tunnel_network6` (https://github.com/pfsensible/core/issues/77)
+- pfsense_openvpn_server - Fix use of `generate` with `shared_key` and `tls` (https://github.com/pfsensible/core/issues/81)
+- pfsense_setup - No default values - leads to unexpected changes (https://github.com/pfsensible/core/issues/91)
+- pfsense_user - Fix setting system group membership (https://github.com/pfsensible/core/issues/70)
+
+New Modules
+-----------
+
+- pfsensible.core.pfsense_default_gateway - Manage pfSense default gateway
+- pfsensible.core.pfsense_dns_resolver - Manage pfSense DNS resolver (unbound) settings

README.md

@@ -65,7 +65,9 @@ The following modules are currently available:
 * [pfsense_authserver_radius](https://github.com/pfsensible/core/wiki/pfsense_authserver_radius) for RADIUS authentication servers
 * [pfsense_ca](https://github.com/pfsensible/core/wiki/pfsense_ca) for Certificate Authorities
 * [pfsense_cert](https://github.com/pfsensible/core/wiki/pfsense_cert) for Certificates
+* [pfsense_default_gateway](https://github.com/pfsensible/core/wiki/pfsense_default_gateway) for setting the default gateways
 * [pfsense_dhcp_static](https://github.com/pfsensible/core/wiki/pfsense_dhcp_static) for static DHCP entries
+* [pfsense_dns_resolver](https://github.com/pfsensible/core/wiki/pfsense_dns_resolver) for DNS resolver (unbound) settings
 * [pfsense_gateway](https://github.com/pfsensible/core/wiki/pfsense_gateway) for routing gateways
 * [pfsense_group](https://github.com/pfsensible/core/wiki/pfsense_group) for user groups
 * [pfsense_interface](https://github.com/pfsensible/core/wiki/pfsense_interface) for interfaces
@@ -99,6 +101,8 @@ These modules allow you to manage installed packages:
 * [pfsense_haproxy_backend](https://github.com/pfsensible/core/wiki/pfsense_haproxy_backend) for HAProxy backends
 * [pfsense_haproxy_backend_server](https://github.com/pfsensible/core/wiki/pfsense_haproxy_backend_server) for HAProxy backends servers
 
+## [Change Log](https://github.com/pfsensible/core/blob/master/CHANGELOG.rst)
+
 ## Operation
 
 Modules in the collection work by editing `/cf/conf/config.xml` using xml.etree.ElementTree, then

changelogs/.plugin-cache.yaml

@@ -0,0 +1,184 @@
+objects:
+  role: {}
+plugins:
+  become: {}
+  cache: {}
+  callback: {}
+  cliconf: {}
+  connection: {}
+  filter: {}
+  httpapi: {}
+  inventory: {}
+  lookup:
+    pfsense:
+      description: Generate pfSense aliases, rules and rule_separators
+      name: pfsense
+      version_added: 0.1.0
+  module:
+    pfsense_aggregate:
+      description: Manage multiple pfSense firewall aliases, rules, and rule separators,
+        plus interfaces and VLANs
+      name: pfsense_aggregate
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_alias:
+      description: Manage pfSense aliases
+      name: pfsense_alias
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_authserver_ldap:
+      description: Manage pfSense LDAP authentication servers
+      name: pfsense_authserver_ldap
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_authserver_radius:
+      description: Manage pfSense RADIUS authentication servers
+      name: pfsense_authserver_radius
+      namespace: ''
+      version_added: 0.5.0
+    pfsense_ca:
+      description: Manage pfSense Certificate Authorities
+      name: pfsense_ca
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_cert:
+      description: Manage pfSense certificates
+      name: pfsense_cert
+      namespace: ''
+      version_added: 0.5.0
+    pfsense_default_gateway:
+      description: Manage pfSense default gateway
+      name: pfsense_default_gateway
+      namespace: ''
+      version_added: 0.6.0
+    pfsense_dhcp_static:
+      description: Manage pfSense DHCP static mapping
+      name: pfsense_dhcp_static
+      namespace: ''
+      version_added: 0.5.0
+    pfsense_dns_resolver:
+      description: Manage pfSense DNS resolver (unbound) settings
+      name: pfsense_dns_resolver
+      namespace: ''
+      version_added: 0.6.0
+    pfsense_gateway:
+      description: Manage pfSense gateways
+      name: pfsense_gateway
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_group:
+      description: Manage pfSense user groups
+      name: pfsense_group
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_haproxy_backend:
+      description: Manage pfSense HAProxy backends
+      name: pfsense_haproxy_backend
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_haproxy_backend_server:
+      description: Manage pfSense haproxy backend servers
+      name: pfsense_haproxy_backend_server
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_interface:
+      description: Manage pfSense interfaces
+      name: pfsense_interface
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_interface_group:
+      description: Manage pfSense interface groups
+      name: pfsense_interface_group
+      namespace: ''
+      version_added: 0.5.0
+    pfsense_ipsec:
+      description: Manage pfSense IPsec tunnels and phase 1 options
+      name: pfsense_ipsec
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_ipsec_aggregate:
+      description: Manage multiple pfSense IPsec tunnels, phases 1, phases 2 and proposals
+      name: pfsense_ipsec_aggregate
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_ipsec_p2:
+      description: Manage pfSense IPsec tunnels phase 2 options
+      name: pfsense_ipsec_p2
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_ipsec_proposal:
+      description: Manage pfSense IPsec proposals
+      name: pfsense_ipsec_proposal
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_log_settings:
+      description: Manage pfSense syslog settings
+      name: pfsense_log_settings
+      namespace: ''
+      version_added: 0.4.2
+    pfsense_nat_outbound:
+      description: Manage pfSense Outbound NAT (SNAT) rules
+      name: pfsense_nat_outbound
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_nat_port_forward:
+      description: Manage pfSense port forwarding NAT (DNAT) rules
+      name: pfsense_nat_port_forward
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_openvpn_client:
+      description: Manage pfSense OpenVPN configuration
+      name: pfsense_openvpn_client
+      namespace: ''
+      version_added: 0.5.0
+    pfsense_openvpn_override:
+      description: Manage pfSense OpenVPN Client Specific Overrides
+      name: pfsense_openvpn_override
+      namespace: ''
+      version_added: 0.5.0
+    pfsense_openvpn_server:
+      description: Manage pfSense OpenVPN server configuration
+      name: pfsense_openvpn_server
+      namespace: ''
+      version_added: 0.5.0
+    pfsense_rewrite_config:
+      description: Rewrite pfSense config.xml
+      name: pfsense_rewrite_config
+      namespace: ''
+      version_added: 0.5.3
+    pfsense_route:
+      description: Manage pfSense routes
+      name: pfsense_route
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_rule:
+      description: Manage pfSense firewall rules
+      name: pfsense_rule
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_rule_separator:
+      description: Manage pfSense firewall rule separators
+      name: pfsense_rule_separator
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_setup:
+      description: Manage pfSense general setup
+      name: pfsense_setup
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_user:
+      description: Manage pfSense users
+      name: pfsense_user
+      namespace: ''
+      version_added: 0.1.0
+    pfsense_vlan:
+      description: Manage pfSense VLANs
+      name: pfsense_vlan
+      namespace: ''
+      version_added: 0.1.0
+  netconf: {}
+  shell: {}
+  strategy: {}
+  test: {}
+  vars: {}
+version: 0.6.0

changelogs/changelog.yaml

@@ -0,0 +1,49 @@
+ancestor: null
+releases:
+  0.6.0:
+    changes:
+      bugfixes:
+      - pfsense_aggregate - Fix where a rule with a duplicated name would not be deleted
+        if required
+      - pfsense_dhcp_static - Allow removing entry with just name (https://github.com/pfsensible/core/issues/69)
+      - pfsense_dhcp_static - Allow use of display name for netif. Error in case a
+        interface group name is specified (https://github.com/pfsensible/core/issues/79)
+      - pfsense_interface - Properly shut dwon interface and kill dhclient process
+        when removing interface (https://github.com/pfsensible/core/pull/67)
+      - pfsense_interface_group - Check that members list is unique
+      - pfsense_interface_group - Fix creation (https://github.com/pfsensible/core/issues/74)
+      - pfsense_interface_group - `members` is only required for creation
+      - pfsense_nat_outbound - Fix boolean values, invert (https://github.com/pfsensible/core/issues/92)
+      - pfsense_openvpn_client - Fix strictuserdn -> strictusercn option (https://github.com/pfsensible/core/pull/93)
+      - pfsense_openvpn_client/override/server - Allow network alias and non-strict
+        network address for `tunnel_network`/`tunnel_network6` (https://github.com/pfsensible/core/issues/77)
+      - pfsense_openvpn_server - Fix use of `generate` with `shared_key` and `tls`
+        (https://github.com/pfsensible/core/issues/81)
+      - pfsense_setup - No default values - leads to unexpected changes (https://github.com/pfsensible/core/issues/91)
+      - pfsense_user - Fix setting system group membership (https://github.com/pfsensible/core/issues/70)
+      major_changes:
+      - pfsense_default_gateway - Add module for setting the default gateways
+      - pfsense_dns_resolver - Add module for DNS resolver (unbound) settings
+      minor_changes:
+      - ipaddress support for pfSense 2.4.4
+      - pfsense_cert - Support EC certs (https://github.com/pfsensible/core/pull/98)
+      - pfsense_interface - Always return `ifname` - even on interface creation
+      - pfsense_interface - Prevent removal if interface is part of an interface group
+      - pfsense_nat_outbound - Allow for NET:INTERFACE addresses
+      - pfsense_nat_port_forward - 2.4.5 compatibility
+      - pfsense_openvpn_server - Do not allow removal of an instance with an interface
+        assignment
+      - pfsense_rule - Add option to ignore an inexistent queue
+      - pfsense_rule - Add support for floating 'any' interface rule (https://github.com/pfsensible/core/pull/90)
+      - plugins/lookup/pfsense - Optimization and ignore queue setting
+      - tests/plays - Add plays for testing with a live pfSense instance
+    fragments:
+    - 0.6.0-changes.yaml
+    modules:
+    - description: Manage pfSense default gateway
+      name: pfsense_default_gateway
+      namespace: ''
+    - description: Manage pfSense DNS resolver (unbound) settings
+      name: pfsense_dns_resolver
+      namespace: ''
+    release_date: '2024-01-06'

changelogs/config.yaml

@@ -0,0 +1,32 @@
+changelog_filename_template: ../CHANGELOG.rst
+changelog_filename_version_depth: 0
+changes_file: changelog.yaml
+changes_format: combined
+ignore_other_fragment_extensions: true
+keep_fragments: false
+mention_ancestor: true
+new_plugins_after_name: removed_features
+notesdir: fragments
+prelude_section_name: release_summary
+prelude_section_title: Release Summary
+sanitize_changelog: true
+sections:
+- - major_changes
+  - Major Changes
+- - minor_changes
+  - Minor Changes
+- - breaking_changes
+  - Breaking Changes / Porting Guide
+- - deprecated_features
+  - Deprecated Features
+- - removed_features
+  - Removed Features (previously deprecated)
+- - security_fixes
+  - Security Fixes
+- - bugfixes
+  - Bugfixes
+- - known_issues
+  - Known Issues
+title: pfSensible.Core
+trivial_section_name: trivial
+use_fqcn: true

changelogs/fragments/111-Add-arp_table-static_entry.yml

@@ -0,0 +1,3 @@
+minor_changes:
+  - pfsense_dhcp_static - Add arp_table_static_entry argument
+    (https://github.com/https://github.com/pfsensible/core/issues/109).

changelogs/fragments/pfsense_ca-allow-disabling.yml

@@ -0,0 +1,2 @@
+minor_changes:
+  - pfsense_ca - allow for disabling `randomserial` and `trust` parameters.

examples/ipsec/filter_plugins/pfsense.py

@@ -7,14 +7,6 @@
 __metaclass__ = type
 
 from ansible.errors import AnsibleFilterError
-from ipaddress import ip_network
-import re
-
-try:
-    from __main__ import display
-except ImportError:
-    from ansible.utils.display import Display
-    display = Display()
 
 
 def format_ipsec_aggregate_ipsecs(all_tunnels, pfname):

galaxy.yml

@@ -9,7 +9,7 @@ namespace: pfsensible
 name: core
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 0.5.3
+version: 0.6.0
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
@@ -63,6 +63,7 @@ build_ignore:
   - .gitignore
   - .travis.yml
   - '*.tar.gz'
+  - changelogs
   - examples
   - misc
   - setup.cfg