feat(frontend_server): add extaddr parameter validation (#5)

Add validation for the extaddr parameter to accept:
- Standard pfSense options: any_ipv4, localhost_ipv4, wan_ipv4, lan_ipv4,
  any_ipv6, localhost_ipv6, wan_ipv6, lan_ipv6
- Interface-specific options: opt<N>_ipv4 or opt<N>_ipv6
- Custom IPv4 and IPv6 addresses

Includes unit tests and updated documentation.

Author: morey-tech

docs/modules/pfsense_haproxy_frontend_server.md

@@ -11,26 +11,55 @@ Manage pfSense HAProxy frontend servers
 | Parameter | Type | Required | Default | Choices | Description |
 |-----------|------|----------|---------|---------|-------------|
 | frontend | str | yes | - | - | The frontend name. |
-| extaddr | str | no | - | - | External address to bind to. |
+| extaddr | str | no | - | See description | External address to bind to. Can be a standard pfSense address option, an interface-specific option, or a custom IP address. Standard options: `any_ipv4`, `localhost_ipv4`, `wan_ipv4`, `lan_ipv4`, `any_ipv6`, `localhost_ipv6`, `wan_ipv6`, `lan_ipv6`. Interface options: `opt<N>_ipv4` or `opt<N>_ipv6` where N is the interface number (e.g., `opt1_ipv4`, `opt2_ipv6`). Custom addresses: Any valid IPv4 or IPv6 address. |
 | extaddr_port | int | no | - | - | External port to bind to. |
 | extaddr_ssl | str | no | - | - | SSL configuration for external address. |
 | state | str | no | present | present, absent | State in which to leave the frontend server |
 
 ## Examples
 
 ```yaml
-- name: Add frontend server binding
+- name: Add frontend server binding with custom IPv4 address
   pfsensible.haproxy.pfsense_haproxy_frontend_server:
     frontend: web-frontend
-    extaddr: 0.0.0.0
+    extaddr: 192.168.1.100
     extaddr_port: 443
     extaddr_ssl: "yes"
     state: present
 
+- name: Bind to any IPv4 address
+  pfsensible.haproxy.pfsense_haproxy_frontend_server:
+    frontend: web-frontend
+    extaddr: any_ipv4
+    extaddr_port: 80
+    state: present
+
+- name: Bind to WAN interface address
+  pfsensible.haproxy.pfsense_haproxy_frontend_server:
+    frontend: web-frontend
+    extaddr: wan_ipv4
+    extaddr_port: 443
+    extaddr_ssl: "yes"
+    state: present
+
+- name: Bind to optional interface (e.g., LAB network)
+  pfsensible.haproxy.pfsense_haproxy_frontend_server:
+    frontend: internal-frontend
+    extaddr: opt1_ipv4
+    extaddr_port: 8080
+    state: present
+
+- name: Bind to IPv6 address
+  pfsensible.haproxy.pfsense_haproxy_frontend_server:
+    frontend: web-frontend
+    extaddr: any_ipv6
+    extaddr_port: 443
+    state: present
+
 - name: Remove frontend server binding
   pfsensible.haproxy.pfsense_haproxy_frontend_server:
     frontend: web-frontend
-    extaddr: 0.0.0.0
+    extaddr: wan_ipv4
     extaddr_port: 443
     state: absent
 ```

plugins/module_utils/haproxy_frontend_server.py

@@ -5,8 +5,25 @@
 
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
+import re
+import socket
 from ansible_collections.pfsensible.core.plugins.module_utils.module_base import PFSenseModuleBase
 
+# Standard pfSense address choices for external addresses
+EXTADDR_STANDARD_CHOICES = [
+    'any_ipv4',
+    'localhost_ipv4',
+    'wan_ipv4',
+    'lan_ipv4',
+    'any_ipv6',
+    'localhost_ipv6',
+    'wan_ipv6',
+    'lan_ipv6',
+]
+
+# Pattern for interface-specific options: opt<digits>_ipv4 or opt<digits>_ipv6
+EXTADDR_INTERFACE_PATTERN = re.compile(r'^opt\d+_ipv[46]$')
+
 HAPROXY_FRONTEND_SERVER_ARGUMENT_SPEC = dict(
     state=dict(default='present', choices=['present', 'absent']),
     frontend=dict(required=True, type='str'),
@@ -54,9 +71,46 @@ def _params_to_obj(self):
 
         return obj
 
+    def _validate_extaddr(self, extaddr):
+        """Validate the extaddr parameter value."""
+        if extaddr is None:
+            return  # Not provided, skip validation
+
+        # Check standard choices
+        if extaddr in EXTADDR_STANDARD_CHOICES:
+            return
+
+        # Check interface pattern (opt<N>_ipv4 or opt<N>_ipv6)
+        if EXTADDR_INTERFACE_PATTERN.match(extaddr):
+            return
+
+        # Check if valid IPv4 address
+        try:
+            socket.inet_pton(socket.AF_INET, extaddr)
+            return
+        except socket.error:
+            pass
+
+        # Check if valid IPv6 address
+        try:
+            socket.inet_pton(socket.AF_INET6, extaddr)
+            return
+        except socket.error:
+            pass
+
+        # Invalid value
+        self.module.fail_json(
+            msg="Invalid extaddr value '{0}'. Must be one of: {1}, "
+                "an interface option (opt<N>_ipv4 or opt<N>_ipv6), "
+                "or a valid IPv4/IPv6 address.".format(
+                    extaddr, ', '.join(EXTADDR_STANDARD_CHOICES)))
+
     def _validate_params(self):
         """ do some extra checks on input parameters """
 
+        # validate extaddr value
+        self._validate_extaddr(self.params.get('extaddr'))
+
         # get the frontend
         self.frontend = self._find_frontend(self.params['frontend'])
         if self.frontend is None:

plugins/modules/pfsense_haproxy_frontend_server.py

@@ -26,7 +26,12 @@
     required: true
     type: str
   extaddr:
-    description: External address to bind to.
+    description:
+      - External address to bind to.
+      - Can be a standard pfSense address option, an interface-specific option, or a custom IP address.
+      - "Standard options: any_ipv4, localhost_ipv4, wan_ipv4, lan_ipv4, any_ipv6, localhost_ipv6, wan_ipv6, lan_ipv6"
+      - "Interface options: opt<N>_ipv4 or opt<N>_ipv6 where N is the interface number (e.g., opt1_ipv4, opt2_ipv6)"
+      - "Custom addresses: Any valid IPv4 or IPv6 address (e.g., 192.168.1.1, 2001:db8::1)"
     required: false
     type: str
   extaddr_port:
@@ -45,18 +50,47 @@
 """
 
 EXAMPLES = """
-- name: Add frontend server binding
+- name: Add frontend server binding with custom IPv4 address
   pfsensible.haproxy.pfsense_haproxy_frontend_server:
     frontend: web-frontend
-    extaddr: 0.0.0.0
+    extaddr: 192.168.1.100
     extaddr_port: 443
     extaddr_ssl: "yes"
     state: present
 
+- name: Bind to any IPv4 address
+  pfsensible.haproxy.pfsense_haproxy_frontend_server:
+    frontend: web-frontend
+    extaddr: any_ipv4
+    extaddr_port: 80
+    state: present
+
+- name: Bind to WAN interface address
+  pfsensible.haproxy.pfsense_haproxy_frontend_server:
+    frontend: web-frontend
+    extaddr: wan_ipv4
+    extaddr_port: 443
+    extaddr_ssl: "yes"
+    state: present
+
+- name: Bind to optional interface (e.g., LAB network)
+  pfsensible.haproxy.pfsense_haproxy_frontend_server:
+    frontend: internal-frontend
+    extaddr: opt1_ipv4
+    extaddr_port: 8080
+    state: present
+
+- name: Bind to IPv6 address
+  pfsensible.haproxy.pfsense_haproxy_frontend_server:
+    frontend: web-frontend
+    extaddr: any_ipv6
+    extaddr_port: 443
+    state: present
+
 - name: Remove frontend server binding
   pfsensible.haproxy.pfsense_haproxy_frontend_server:
     frontend: web-frontend
-    extaddr: 0.0.0.0
+    extaddr: wan_ipv4
     extaddr_port: 443
     state: absent
 """

tests/unit/plugins/modules/fixtures/pfsense_haproxy_frontend_server_config.xml

@@ -0,0 +1,55 @@
+<pfsense>
+	<version>18.9</version>
+	<lastchange></lastchange>
+	<revision>
+		<time>1545602758</time>
+		<description>test</description>
+		<username></username>
+	</revision>
+	<system>
+		<optimization>normal</optimization>
+		<hostname>pfSense</hostname>
+		<domain>acme.com</domain>
+	</system>
+	<interfaces>
+		<wan>
+			<enable></enable>
+			<if>vmx0</if>
+			<descr>wan</descr>
+			<ipaddr>192.168.240.137</ipaddr>
+			<subnet>24</subnet>
+		</wan>
+		<lan>
+			<enable></enable>
+			<if>vmx1</if>
+			<descr>lan</descr>
+			<ipaddr>192.168.1.242</ipaddr>
+			<subnet>24</subnet>
+		</lan>
+	</interfaces>
+	<installedpackages>
+		<haproxy>
+			<ha_backends>
+				<item>
+					<name>test-frontend</name>
+					<id>100</id>
+					<type>http</type>
+					<a_extaddr>
+						<item>
+							<name>'wan_ipv4_443'</name>
+							<extaddr>wan_ipv4</extaddr>
+							<extaddr_port>443</extaddr_port>
+							<extaddr_ssl>yes</extaddr_ssl>
+						</item>
+					</a_extaddr>
+				</item>
+			</ha_backends>
+			<ha_pools>
+				<item>
+					<name>test-backend</name>
+					<id>101</id>
+				</item>
+			</ha_pools>
+		</haproxy>
+	</installedpackages>
+</pfsense>