From 633cb3160be6924aa813b9eb1c8adc7386fc1a7c Mon Sep 17 00:00:00 2001
From: Orion Poplawski <orion@nwra.com>
Date: Mon, 8 Apr 2024 20:01:40 -0600
Subject: [PATCH] [pfsensible_openvpn_server] Allow ``Local Database`` for
 ``authmode`` fixes #125.

---
 changelogs/fragments/openvpn_localdb.yml  | 2 ++
 plugins/module_utils/openvpn_server.py    | 2 +-
 plugins/modules/pfsense_openvpn_server.py | 4 +++-
 3 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 changelogs/fragments/openvpn_localdb.yml

diff --git a/changelogs/fragments/openvpn_localdb.yml b/changelogs/fragments/openvpn_localdb.yml
new file mode 100644
index 00000000..2b682f9f
--- /dev/null
+++ b/changelogs/fragments/openvpn_localdb.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - 'pfsensible_openvpn_server - Allow ``Local Database`` for ``authmode`` parameter (https://github.com/pfsensible/core/issues/125).'
diff --git a/plugins/module_utils/openvpn_server.py b/plugins/module_utils/openvpn_server.py
index 403369e2..e347df4e 100644
--- a/plugins/module_utils/openvpn_server.py
+++ b/plugins/module_utils/openvpn_server.py
@@ -213,7 +213,7 @@ def _validate_params(self):
         if len(params['authmode']) > 0:
             system = self.pfsense.get_element('system')
             for authsrv in params['authmode']:
-                if len(system.findall("authserver[name='{0}']".format(authsrv))) == 0:
+                if authsrv != 'Local Database' and len(system.findall("authserver[name='{0}']".format(authsrv))) == 0:
                     self.module.fail_json(msg='Cannot find authentication server {0}.'.format(authsrv))
 
         # validate key
diff --git a/plugins/modules/pfsense_openvpn_server.py b/plugins/modules/pfsense_openvpn_server.py
index 91047b59..89bc513c 100644
--- a/plugins/modules/pfsense_openvpn_server.py
+++ b/plugins/modules/pfsense_openvpn_server.py
@@ -30,7 +30,9 @@
     choices: ["p2p_tls", "p2p_shared_key", "server_tls", "server_tls_user", "server_user"]
     type: str
   authmode:
-    description: Authentication servers. This list will be put into alphabetical order.  Required if mode == server_tls_user.
+    description:
+      - Authentication servers. This list will be put into alphabetical order.  Required if mode == server_tls_user.
+      - Use 'Local Database' for authentication against the local pfSense user database.
     default: []
     type: list
     elements: str