Skip to content

fix(frontend_acl): write ACLs to ha_acls section for config generation #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
morey-tech merged 1 commit into from
Dec 19, 2025
Merged

fix(frontend_acl): write ACLs to ha_acls section for config generation #7

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions plugins/module_utils/haproxy_frontend_acl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ def __init__(self, module, pfsense=None):
self.module.fail_json(msg='Unable to find frontends (ha_backends) XML configuration entry. Are you sure haproxy is installed ?')

self.frontend = None
self.ha_acls_elt = None

##############################
# params processing
Expand Down Expand Up @@ -98,6 +99,12 @@ def _validate_params(self):
self.root_elt = self.pfsense.new_element('a_acl')
self.frontend.append(self.root_elt)

# setup the ha_acls container if we don't have it (required for haproxy.cfg generation)
self.ha_acls_elt = self.frontend.find('ha_acls')
if self.ha_acls_elt is None:
self.ha_acls_elt = self.pfsense.new_element('ha_acls')
self.frontend.append(self.ha_acls_elt)

##############################
# XML processing
#
Expand Down Expand Up @@ -126,6 +133,16 @@ def _find_target(self):
return item_elt
return None

def _find_ha_acl_target(self):
""" find the XML target in ha_acls section """
for item_elt in self.ha_acls_elt:
if item_elt.tag != 'item':
continue
name_elt = item_elt.find('name')
if name_elt is not None and name_elt.text == self.obj['name']:
return item_elt
return None

def _get_next_id(self):
""" get next free haproxy id """
max_id = 99
Expand All @@ -146,6 +163,42 @@ def _update(self):
return self.pfsense.phpshell('''require_once("haproxy/haproxy.inc");
$result = haproxy_check_and_run($savemsg, true); if ($result) unlink_if_exists($d_haproxyconfdirty_path);''')

def _add(self):
""" add the ACL to both a_acl and ha_acls sections """
# Let parent class handle a_acl section
super(PFSenseHaproxyFrontendAclModule, self)._add()

# Also add to ha_acls section
ha_acl_elt = self._find_ha_acl_target()
if ha_acl_elt is None:
ha_acl_elt = self.pfsense.new_element('item')
self.ha_acls_elt.append(ha_acl_elt)

# Copy relevant fields to ha_acls item
self.pfsense.copy_dict_to_element(self.obj, ha_acl_elt)

def _copy_and_update_target(self):
""" update both a_acl and ha_acls sections """
# Let parent handle a_acl
before = super(PFSenseHaproxyFrontendAclModule, self)._copy_and_update_target()

# Also update ha_acls
ha_acl_elt = self._find_ha_acl_target()
if ha_acl_elt is not None:
self.pfsense.copy_dict_to_element(self.obj, ha_acl_elt)

return before

def _remove(self):
""" remove the ACL from both sections """
# Remove from ha_acls first
ha_acl_elt = self._find_ha_acl_target()
if ha_acl_elt is not None:
self.ha_acls_elt.remove(ha_acl_elt)

# Let parent handle a_acl removal
super(PFSenseHaproxyFrontendAclModule, self)._remove()

##############################
# Logging
#
Expand Down