diff options
Diffstat (limited to 'ansible_collections/check_point')
305 files changed, 46235 insertions, 0 deletions
diff --git a/ansible_collections/check_point/mgmt/CHANGELOG.rst b/ansible_collections/check_point/mgmt/CHANGELOG.rst new file mode 100644 index 00000000..f81db85a --- /dev/null +++ b/ansible_collections/check_point/mgmt/CHANGELOG.rst @@ -0,0 +1,274 @@ +============================== +Check_Point.Mgmt Release Notes +============================== + +.. contents:: Topics + + +v4.0.0 +====== + +Release Summary +--------------- + +This is release 4.0.0 of ``check_point.mgmt``, released on 2022-09-14. + +Major Changes +------------- + +- plugins/httpapi/checkpoint - Support for Smart-1 Cloud with new variable 'ansible_cloud_mgmt_id' + +Breaking Changes / Porting Guide +-------------------------------- + +- cp_mgmt_access_role - the 'machines' parameter now accepts a single str and a new parameter 'machines_list' of type dict has been added. the 'users' parameter now accepts a single str and a new parameter 'users_list' of type dict has been added. +- cp_mgmt_access_rule - the 'vpn' parameter now accepts a single str and a new parameter 'vpn_list' of type dict has been added. the 'position_by_rule' parameter has been changed to 'relative_position' with support of positioning above/below a section (and not just a rule). the 'relative_position' parameter has also 'top' and 'bottom' suboptions which allows positioning a rule at the top and bottom of a section respectively. a new parameter 'search_entire_rulebase' has been added to allow the relative positioning to be unlimited (was previously limited to 50 rules) +- cp_mgmt_administrator - the 'permissions_profile' parameter now accepts a single str and a new parameter 'permissions_profile_list' of type dict has been added. +- cp_mgmt_publish - the 'uid' parameter has been removed. + +Bugfixes +-------- + +- cp_mgmt_access_rule - support for relative positioning for rulebase with more than 50 rules (https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/issues/69) +- cp_mgmt_administrator - specifying the administartor's permissions profile now works for both SMC and MDS (https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/issues/83) +- meta/runtime.yml - update value of minimum ansible version and remove redirect (https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/issues/84) + +v3.2.0 +====== + +Release Summary +--------------- + +This is release 3.2.0 of ``check_point.mgmt``, released on 2022-08-09. + +v3.1.0 +====== + +Release Summary +--------------- + +This is release 3.1.0 of ``check_point.mgmt``, released on 2022-07-04. + +v3.0.0 +====== + +Release Summary +--------------- + +This is release 3.0.0 of ``check_point.mgmt``, released on 2022-06-07. + +New Modules +----------- + +- check_point.mgmt.cp_mgmt_add_rules_batch - Creates new rules in batch. Use this API to achieve optimum performance when adding more than one rule. +- check_point.mgmt.cp_mgmt_approve_session - Workflow feature - Approve and Publish the session. +- check_point.mgmt.cp_mgmt_check_network_feed - Check if a target can reach or parse a network feed; can work with an existing feed object or with a new one (by providing all relevant feed parameters). +- check_point.mgmt.cp_mgmt_check_threat_ioc_feed - Check if a target can reach or parse a threat IOC feed; can work with an existing feed object or with a new one (by providing all relevant feed parameters). +- check_point.mgmt.cp_mgmt_cluster_members_facts - Retrieve all existing cluster members in domain. +- check_point.mgmt.cp_mgmt_connect_cloud_services - Securely connect the Management Server to Check Point's Infinity Portal. <br>This is a preliminary operation so that the management server can use various Check Point cloud-based security services hosted in the Infinity Portal. +- check_point.mgmt.cp_mgmt_delete_rules_batch - Delete rules in batch from the same layer. Use this API to achieve optimum performance when removing more than one rule. +- check_point.mgmt.cp_mgmt_disconnect_cloud_services - Disconnect the Management Server from Check Point's Infinity Portal. +- check_point.mgmt.cp_mgmt_domain_permissions_profile - Manages domain-permissions-profile objects on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_domain_permissions_profile_facts - Get domain-permissions-profile objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_get_platform - Get actual platform (Hardware, Version, OS) from gateway, cluster or Check Point host. +- check_point.mgmt.cp_mgmt_idp_administrator_group - Manages idp-administrator-group objects on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_idp_administrator_group_facts - Get idp-administrator-group objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_idp_to_domain_assignment_facts - Get idp-to-domain-assignment objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_import_outbound_inspection_certificate - Import Outbound Inspection certificate for HTTPS inspection. +- check_point.mgmt.cp_mgmt_install_lsm_policy - Executes the lsm-install-policy on a given list of targets. Install the LSM policy that defined on the attached LSM profile on the targets devices. +- check_point.mgmt.cp_mgmt_install_lsm_settings - Executes the lsm-install-settings on a given list of targets. Install the provisioning settings that defined on the object on the targets devices. +- check_point.mgmt.cp_mgmt_interoperable_device - Manages interoperable-device objects on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_interoperable_device_facts - Get interoperable-device objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_lsm_cluster_profile_facts - Get lsm-cluster-profile objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_lsm_gateway_profile_facts - Get lsm-gateway-profile objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_lsm_run_script - Executes the lsm-run-script on a given list of targets. Run the given script on the targets devices. +- check_point.mgmt.cp_mgmt_md_permissions_profile - Manages md-permissions-profile objects on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_md_permissions_profile_facts - Get md-permissions-profile objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_network_feed - Manages network-feed objects on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_network_feed_facts - Get network-feed objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_objects_facts - Get objects objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_provisioning_profile_facts - Get provisioning-profile objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_reject_session - Workflow feature - Return the session to the submitter administrator. +- check_point.mgmt.cp_mgmt_repository_script - Manages repository-script objects on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_repository_script_facts - Get repository-script objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_reset_sic - Reset Secure Internal Communication (SIC). To complete the reset operation need also to reset the device in the Check Point Configuration Tool (by running cpconfig in Clish or Expert mode). Communication will not be possible until you reset and re-initialize the device properly. +- check_point.mgmt.cp_mgmt_set_global_properties - Edit Global Properties. +- check_point.mgmt.cp_mgmt_set_idp_default_assignment - Set default Identity Provider assignment to be use for Management server administrator access. +- check_point.mgmt.cp_mgmt_set_idp_to_domain_assignment - Set Identity Provider assignment to domain, to allow administrator login to that domain using that identity provider, if there is no Identity Provider assigned to the domain the 'idp-default-assignment' will be used. This command only available for Multi-Domain server. +- check_point.mgmt.cp_mgmt_set_outbound_inspection_certificate - Create or update a certificate to be used as outbound certificate for HTTPS inspection. <br>The outbound CA certificate will be used by the Gateway to inspect SSL traffic. +- check_point.mgmt.cp_mgmt_set_threat_advanced_settings - Edit Threat Prevention's Blades' Settings. +- check_point.mgmt.cp_mgmt_show_cloud_services - Show the connection status of the Management Server to Check Point's Infinity Portal. +- check_point.mgmt.cp_mgmt_show_global_properties - Retrieve Global Properties. +- check_point.mgmt.cp_mgmt_show_idp_default_assignment - Retrieve default Identity Provider assignment that used for Management server administrator access. +- check_point.mgmt.cp_mgmt_show_outbound_inspection_certificate - Show outbound inspection certificate. +- check_point.mgmt.cp_mgmt_show_servers_and_processes - Shows the status of all processes in the current machine (Multi-Domain Server and all Domain Management / Log Servers). <br>This command is available only on Multi-Domain Server. +- check_point.mgmt.cp_mgmt_show_threat_advanced_settings - Show Threat Prevention's Blades' Settings. +- check_point.mgmt.cp_mgmt_simple_cluster - Manages simple-cluster objects on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_simple_cluster_facts - Get simple-cluster objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_smtp_server - Manages smtp-server objects on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_smtp_server_facts - Get smtp-server objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_submit_session - Workflow feature - Submit the session for approval. +- check_point.mgmt.cp_mgmt_test_sic_status - Test SIC Status reflects the state of the gateway after it has received the certificate issued by the ICA. If the SIC status is Unknown then there is no connection between the gateway and the Security Management Server. If the SIC status is No Communication, an error message will appear. It may contain specific instructions on how to fix the situation. +- check_point.mgmt.cp_mgmt_update_provisioned_satellites - Executes the update-provisioned-satellites on center gateways of VPN communities. + +v2.3.0 +====== + +New Modules +----------- + +- check_point.mgmt.cp_mgmt_lsm_cluster - Manages lsm-cluster objects on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_lsm_cluster_facts - Get lsm-cluster objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_lsm_gateway - Manages lsm-gateway objects on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_lsm_gateway_facts - Get lsm-gateway objects facts on Checkpoint over Web Services API + +v2.2.0 +====== + +New Modules +----------- + +- check_point.mgmt.cp_mgmt_access_rules - Manages access-rules objects on Check Point over Web Services API + +v2.1.0 +====== + +New Modules +----------- + +- check_point.mgmt.cp_mgmt_add_domain - Create new object +- check_point.mgmt.cp_mgmt_delete_domain - Delete existing object using object name or uid. +- check_point.mgmt.cp_mgmt_domain_facts - Get domain objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_identity_tag - Manages identity-tag objects on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_identity_tag_facts - Get identity-tag objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_install_database - Copies the user database and network objects information to specified targets. +- check_point.mgmt.cp_mgmt_mds - Manages mds objects on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_set_domain - Edit existing object using object name or uid. +- check_point.mgmt.cp_mgmt_trusted_client - Manages trusted-client objects on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_trusted_client_facts - Get trusted-client objects facts on Checkpoint over Web Services API + +v2.0.0 +====== + +New Modules +----------- + +- check_point.mgmt.cp_mgmt_access_section - Manages access-section objects on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_add_api_key - Add API key for administrator, to enable login with it. For the key to be valid publish is needed. +- check_point.mgmt.cp_mgmt_add_data_center_object - Imports a Data Center Object from a Data Center Server.<br> Data Center Object represents an object in the cloud environment. +- check_point.mgmt.cp_mgmt_add_nat_rule - Create new object. +- check_point.mgmt.cp_mgmt_data_center_object_facts - Get data-center-object objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_delete_api_key - Delete the API key. For the key to be invalid publish is needed. +- check_point.mgmt.cp_mgmt_delete_data_center_object - Delete existing object using object name or uid. +- check_point.mgmt.cp_mgmt_delete_nat_rule - Delete existing object using object name or uid. +- check_point.mgmt.cp_mgmt_https_section - Manages https-section objects on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_install_software_package - Installs the software package on target machines. +- check_point.mgmt.cp_mgmt_nat_rule_facts - Get nat-rule objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_nat_section - Manages nat-section objects on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_set_nat_rule - Edit existing object using object name or uid. +- check_point.mgmt.cp_mgmt_set_session - Edit user's current session. +- check_point.mgmt.cp_mgmt_show_access_section - Retrieve existing object using object name or uid. +- check_point.mgmt.cp_mgmt_show_https_section - Retrieve existing HTTPS Inspection section using section name or uid and layer name. +- check_point.mgmt.cp_mgmt_show_logs - Showing logs according to the given filter. +- check_point.mgmt.cp_mgmt_show_nat_section - Retrieve existing object using object name or uid. +- check_point.mgmt.cp_mgmt_show_software_package_details - Gets the software package information from the cloud. +- check_point.mgmt.cp_mgmt_show_task - Show task progress and details. +- check_point.mgmt.cp_mgmt_show_tasks - Retrieve all tasks and show their progress and details. +- check_point.mgmt.cp_mgmt_uninstall_software_package - Uninstalls the software package from target machines. +- check_point.mgmt.cp_mgmt_verify_software_package - Verifies the software package on target machines. + +v1.0.0 +====== + +New Modules +----------- + +- check_point.mgmt.cp_mgmt_access_layer - Manages access-layer objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_access_layer_facts - Get access-layer objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_access_role - Manages access-role objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_access_role_facts - Get access-role objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_access_rule - Manages access-rule objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_access_rule_facts - Get access-rule objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_address_range - Manages address-range objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_address_range_facts - Get address-range objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_administrator - Manages administrator objects on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_administrator_facts - Get administrator objects facts on Checkpoint over Web Services API +- check_point.mgmt.cp_mgmt_application_site - Manages application-site objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_application_site_category - Manages application-site-category objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_application_site_category_facts - Get application-site-category objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_application_site_facts - Get application-site objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_application_site_group - Manages application-site-group objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_application_site_group_facts - Get application-site-group objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_assign_global_assignment - assign global assignment on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_discard - All changes done by user are discarded and removed from database. +- check_point.mgmt.cp_mgmt_dns_domain - Manages dns-domain objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_dns_domain_facts - Get dns-domain objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_dynamic_object - Manages dynamic-object objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_dynamic_object_facts - Get dynamic-object objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_exception_group - Manages exception-group objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_exception_group_facts - Get exception-group objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_global_assignment - Manages global-assignment objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_global_assignment_facts - Get global-assignment objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_group - Manages group objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_group_facts - Get group objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_group_with_exclusion - Manages group-with-exclusion objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_group_with_exclusion_facts - Get group-with-exclusion objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_host - Manages host objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_host_facts - Get host objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_install_policy - install policy on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_mds_facts - Get Multi-Domain Server (mds) objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_multicast_address_range - Manages multicast-address-range objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_multicast_address_range_facts - Get multicast-address-range objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_network - Manages network objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_network_facts - Get network objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_package - Manages package objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_package_facts - Get package objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_publish - All the changes done by this user will be seen by all users only after publish is called. +- check_point.mgmt.cp_mgmt_put_file - put file on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_run_ips_update - Runs IPS database update. If "package-path" is not provided server will try to get the latest package from the User Center. +- check_point.mgmt.cp_mgmt_run_script - Executes the script on a given list of targets. +- check_point.mgmt.cp_mgmt_security_zone - Manages security-zone objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_security_zone_facts - Get security-zone objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_dce_rpc - Manages service-dce-rpc objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_dce_rpc_facts - Get service-dce-rpc objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_group - Manages service-group objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_group_facts - Get service-group objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_icmp - Manages service-icmp objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_icmp6 - Manages service-icmp6 objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_icmp6_facts - Get service-icmp6 objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_icmp_facts - Get service-icmp objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_other - Manages service-other objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_other_facts - Get service-other objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_rpc - Manages service-rpc objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_rpc_facts - Get service-rpc objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_sctp - Manages service-sctp objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_sctp_facts - Get service-sctp objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_tcp - Manages service-tcp objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_tcp_facts - Get service-tcp objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_udp - Manages service-udp objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_service_udp_facts - Get service-udp objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_session_facts - Get session objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_simple_gateway - Manages simple-gateway objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_simple_gateway_facts - Get simple-gateway objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_tag - Manages tag objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_tag_facts - Get tag objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_threat_exception - Manages threat-exception objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_threat_exception_facts - Get threat-exception objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_threat_indicator - Manages threat-indicator objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_threat_indicator_facts - Get threat-indicator objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_threat_layer - Manages threat-layer objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_threat_layer_facts - Get threat-layer objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_threat_profile - Manages threat-profile objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_threat_profile_facts - Get threat-profile objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_threat_protection_override - Edit existing object using object name or uid. +- check_point.mgmt.cp_mgmt_threat_rule - Manages threat-rule objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_threat_rule_facts - Get threat-rule objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_time - Manages time objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_time_facts - Get time objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_verify_policy - Verifies the policy of the selected package. +- check_point.mgmt.cp_mgmt_vpn_community_meshed - Manages vpn-community-meshed objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_vpn_community_meshed_facts - Get vpn-community-meshed objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_vpn_community_star - Manages vpn-community-star objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_vpn_community_star_facts - Get vpn-community-star objects facts on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_wildcard - Manages wildcard objects on Check Point over Web Services API +- check_point.mgmt.cp_mgmt_wildcard_facts - Get wildcard objects facts on Check Point over Web Services API diff --git a/ansible_collections/check_point/mgmt/FILES.json b/ansible_collections/check_point/mgmt/FILES.json new file mode 100644 index 00000000..d4ea0af0 --- /dev/null +++ b/ansible_collections/check_point/mgmt/FILES.json @@ -0,0 +1,2252 @@ +{ + "files": [ + { + "name": ".", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/units", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/units/plugins", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/units/plugins/httpapi", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/units/plugins/httpapi/test_checkpoint.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9d981290944de8e187b9925cdbb43d1373a870242c418606d4e14b6d65f68e26", + "format": 1 + }, + { + "name": "tests/units/modules", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_wildcard.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "96eb81fd4a4e7bd94c6b570ef68c9313912aac8f82cb67cdaa19cf8a1491012c", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_administrator_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a9231807f991a461cbd31f65a46460230bb2201b1a47c4cfbb94427d91af32be", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_publish.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e0fa6b28dd8308afeb9e5bc0d518597720ab5c7076ef34ec0c7fedc86abe555b", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_global_assignment.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9f7d954edf7974880e1e804169a4b72737f7e9beeff4907eb891ea5b9b1870cf", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_dns_domain.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e34d6da7d0cdc35a52a7b4f8319d2f03eefc43864290b2c0817fcac0b23704b9", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_assign_global_assignment.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "4430102bfa5445973e58af32efc0cffc60ab601d39525fa61b11808e78492462", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_application_site_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "64c40213f8e9b3f11ee3d796cebf174c88917dcbe6485da368a1ff2a246bd814", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_host_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e01ce4559932f611cb5f549e1ccd3c308aa3405705f46435ef432202109895ea", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_verify_software_package.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d74c8b4e8ef2fc36a16fd4a4ad4942fa02fde1ae9746e354fa0a16f50332ee46", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_security_zone_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "520795aa3ad4a70e589f04c19d14851b872899888d4b5d37fc10502ad52d346f", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_uninstall_software_package.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "59986dd3a1667bb8086341c9d8a08b5119215d93c761aa7db5caa64344629791", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_group_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e5cb39a06e81e52d98b509a463e352fd9215f94ad26f84d568a0aec4debc2ef2", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_application_site_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f1158d9aeed4aa7070106dcdcbb4f3e10a3380a75b814dc7fb7918f88fd12915", + "format": 1 + }, + { + "name": "tests/units/modules/test_checkpoint_host.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0defe75da109c1b68f8e7dfede9ee223ffafb6ef16eea7591b4ce4947e697d0b", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_threat_profile_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cd487926b42abc6f78ced447846e49e18f9c12a58c61504fd9c34e148cd9f523", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_application_site.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "db9e5d214da32046310500e2e5c53fa9f22961403a24bff1775b3c5989be0df5", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_access_layer.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "068c1590cd6ca7721c889cbb51c9038875190354a7dfcfc65974ebf33f7d3f10", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_icmp_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2e99a97ca39c3d496bb07130583e4ce851f89a374614c1e4a60cbbebfa96520d", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_vpn_community_star.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a5c934382e013b02d862e6ca41b40520a860bdb3435ac4225b349e84f0cd5502", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_threat_indicator.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d6f6891ec4c80bf907ca777525bf2eedfc0ebade770d40f634213bbcd91adb1e", + "format": 1 + }, + { + "name": "tests/units/modules/test_checkpoint_task_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0defe75da109c1b68f8e7dfede9ee223ffafb6ef16eea7591b4ce4947e697d0b", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_udp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "40c0ae507ced4abe95526b3bc579106563dabf6a4780456e2d4a8063e6248f05", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_session_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "4843417f873b63efd2748eec3287e6300d56aa824869d46c027d877cfb304057", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_icmp6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "48caf7f6e4332dd89b6e5b975591b2abdd7741bf15e852aea9f2d0a07102662a", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_access_role_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "da6c7d554758a05fcefe60129ef8b3065d1eef1bf41105b759c13518deea238a", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_add_data_center_object.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "4b54eb105d9690dcd5c6db7ab8494fcf755643fc81f43bc4bf63f26c22e47257", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_show_logs.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f4694fcb372e5cd7059429149391ab62c67e8378aa1ccd0be552ac6539f5d4df", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_show_https_section.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "21d8d4df3d2786737a25441ca85dad8ddffbd47242bff03c6fad3ca682593b00", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_simple_gateway_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8c8e5758620daef40a5d496cd7590fc4d5ae4bf6ab543037f867b9b2d532de34", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_sctp_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1a1e89bf0059dc5895e8cb129ba49e4b2a30d643d861937a0ae470256c773825", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_threat_rule_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "65c6f41255267a579f38318110536a5bf1e681081ce8d884349b54741eb71411", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c75216ed17dec454be7b1eb16f79faef177140c8a14406ccafee80351d6496ed", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_host.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "75ed1b841d3b6220170715e2a584e03f935a3715eb13d435086cfeb58370065b", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_access_layer_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2e3b4731b4f63d81cbe6faf70b8ff3f12d6314e40a17b240656c3675b763c0a7", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_mds_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ef54911d3cf6acce025de758e403a0ce8ad527d906128f6fa542b9f7caaff14d", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_application_site_group_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2a0cabcec0ba0636cee32bfb9ab6998592229c341a33a691ecedef4edefa7f96", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_rpc.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ed91f508b2ccfd02d1e32eb610fa3f8363ebe131f2c14f7859a301415e363b59", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_network.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3adf34f93d4caaa9fe51a8430a4933b4a198a982f3eb0c2c993d02ed324044c7", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_vpn_community_meshed_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ac1bb8819f21fc45c6549ce81db5b7c4cd52d5f6bcd2697516a287f672fc6a94", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_discard.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0f9ccfc11b4e4b0915748c9ac22bdef9d81a34d45bb595f18b344f5f2810a96e", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_network_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5a488220df3d23305ff88f3793eb5962d655d8e4e65d1ca0e55047541c0e398c", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_dce_rpc.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9afdffbdc1371928f649857f8adc30c129e65304154e4e40b75d1f1472e15522", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_delete_nat_rule.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "87d7f8a5c4080b1d0079f52659ab04ef7ebb5cebf3dc797b781ff4598ca2c414", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_nat_section.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "717df66aabecf9096e09c99c6f099335758222d0b9e4c44cbe8da9e6e0a7fa40", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_simple_gateway.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6b1a432e9367ced489918799411d243906f72214ee843c6a97ca168d674444ab", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_udp_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8eb00e3b48b5f559ce223c7fffb332164621ebb76e5281255cb23c2dd247733f", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_icmp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "92759d20c19223d9f496ca0ef2823b27f7bede8f46bf6a77128efba4368bdcd2", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_exception_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "18a7350ad42e193fab24fdf4501fefae04a87dc702ef9c2ba5a96be0c9b45cd5", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_https_section.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "200b553690c44dacdbf6a4ace5049f1427f4226ce5d8f7f797629640a13f9b63", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_global_assignment_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ef4fadacc4a896dfc81bc870fd7298fba3d4f6007a93e2d0a129d9c13b2651ef", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_delete_api_key.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3f16dcc30d79476a959870d7e9e476fc9a7e2ecbe38153f11b2cf1f40865b2a1", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_time.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "80dd3a4635ee333c2ad50c1382a884a90d0dea6d1c8ddeaf3598eea4305a1df6", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_multicast_address_range_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b124c26770a7c980d937afc7c5bd660c4795c6ddbdf5f547b0522dbbbc6a3aae", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_other_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "069588c702d7bea017fd511f42495dad9dfca24da44e78d654baaf4c49c2fb90", + "format": 1 + }, + { + "name": "tests/units/modules/test_checkpoint_access_rule.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f0bf1522c73ee4c935dbe2d060f3d01a924d01d68dbaf7e3bba1a1ea3cac9105", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_time_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a67fd09f696dd5b6970e6d450bcda75410d8d4f55b73b1a4c3dd27c63961d09d", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_run_script.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "162ddb7ed025aadededafba936658bf3d63ec15c1dc69109320dbb1c7ad06961", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_threat_exception.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "245c066ec06f608db240bc0036e7699147cef10d0ceb8374836c906827dcc889", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_delete_data_center_object.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8a5f61be541d51f3d9514f0672787f7c6332b7b6d2ecdf62eecf31f5acc1ae3e", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_access_role.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1098f3b942332481807ec91847b750993ae9129f31c657ca2fa37761e0fbbf25", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_other.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f09a4a88b7b4b6d3ef334cbd44cd2f33279670cb2579c28e3546cef95f111edd", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_rpc_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7c0a17572b2fdd30c9affe4c5ba35825bb6050a9b5dbfea5ccc9327234c3f82b", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_vpn_community_meshed.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "405a29342f78872d022b355e6f05db43861dd77e26cf8da288ed01ac43994ca2", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_group_with_exclusion.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3adb58c7044e4981326f4e71de40712966b66e92959439910299ecc25f21aaf8", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_group_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c4c4a695d3872a75ffed983de9121405bc3544da6c35f6e5b0644de291aa1251", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_group_with_exclusion_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "bfe829ebc865e32628a6c0e3ef9789bc662e3d416acd989c51d2e5a71739ad63", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_set_nat_rule.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7c93ded0f03e9f11f49a34a5ad75abb58d9cc3b8ded956ffb9c2522f2f85199f", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_vpn_community_star_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d69f484bff5c827d08d044dfecbe739dc083a3168b76ca0c09d985804bff7fda", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_show_access_section.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7180520502b5bbede8a14f2c2521e1d5b0eb1146a47550b99cf4cc388e0a2dbd", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_icmp6_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "83ac6d89a1b004dd527020e8ddcd295a1411818ab47c465407d17d88d98aefe1", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_threat_layer_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7153d9ab9fa164d9977768888e50b8557cd78a82ef89e4c744a2c246f6a10ad8", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_show_nat_section.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "77f6179900d0ebd641e6e8488771efd914ba55ffc31614f268da2ecdc78baac4", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_dce_rpc_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c77d4695f5a9381ce03c2e22b14cd7b45fd8ce69a67657fd48a24758ea1b068b", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_show_software_package_details.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e154ff5aa62d14d4dadd1af860bb6c98a0e6bac57565104969a48719080d3387", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_access_section.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "053ab71fa6b25ae7a209b58810c4cc885179ce883d3a0434708592993039482e", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_address_range.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "23a73381edc1497d0998c01fba4ff7e192c497a3cc876073b7195ab4a1a28919", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_add_nat_rule.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c00fe6d07d01e0f9e83461049e3a1c87201c9811b39c80ad24dd2f988a625795", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_tag.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c106c27905c62edf3daf4c5f0484db755314b8f7ef98873eb32ca838b95d08d4", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_put_file.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8bb70eefe9a9f68959ba3d19b450da60612cd8b43c382d05d78b7d5a9c678a49", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_dns_domain_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8db6362f60b09d870e5284fc55be4c60862a6686b0d12d9bf442cd6537e6d6b5", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_threat_indicator_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f432265160fb643bbac5f4710deb80c99fa9f2438e080286dc9ffcbf03379531", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_address_range_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "eefdbe1a87fec458d0aad4222957e03bfd7230fbf597f8dabe533248eb7a1490", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_tcp_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "76f8d81afb8d231b68ce75b6d0bedf8e4ebc24c972d78cd209ac7124823e180c", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_exception_group_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "02500aba47b7bdbb230bfe763edfa96cab3d0e074162d5a0f28e3f69060751ab", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_package.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1ccf35ad77b6a2e696bbdbb0179dfc0126e4dd81c22ee504e9e3ba8b12c1c382", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_threat_rule.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a3a2e8d3a00d1b1c6e3f35de7fa4429c564507c0579460270ccaf52bb40e498d", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_data_center_object_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "4ecae15f5095db12e5359ac3ac3b3645a79ee6e680995d099c731c32da2a35bd", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_dynamic_object_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ed7c096c6950ce9ce2427bbe87fe814bc3249571c57b6b7e3c14cc6cad374a9b", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_security_zone.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "be9529986d7679ad4d6ff9f08d0c30fb09258ebf155e5a09fff2a4e9f78303ae", + "format": 1 + }, + { + "name": "tests/units/modules/test_checkpoint_session.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "797ae7d20104b0c375d9bf92c8853738bc7af2f16fd56676092efdc4e19336e1", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_multicast_address_range.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3181a16700f16f0ba80f5e53a6a8be4c8a4c871531a0dfeef3fdead2b87c942c", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_tag_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "83c42a3f0768045c007eb0a105465d70a8e5948b3b11b75a02d8ca62b0888d53", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_threat_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8dffb75f6f197924a8e8ad9bbc1772ff502397a52d4f79523c86c07fb2a62804", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_wildcard_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a3c769bd27f15eb7bfb88c2dbcf6f97c85fcc4656252404640d5cee8ae54f300", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_application_site_category.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "83c76df7dd974023b094ed7db58f502f2fa2217fda3f6f870d679f4c67764e67", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_administrator.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3780c2ea79f38c29e9c35072fb7d44751f0adf208d7bfe1a6d4b2cb7ae34614b", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_package_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c7be2f9616779d41b1220331ff5c2ac9bfc7e1c9f45a95d19db2b02417b7de3e", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_application_site_category_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8de549b08b9e33864235fb28b3d77fd0389ceb61483c77899fd13a83bb77ea62", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_threat_layer.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "37d60a438848cb3410bcf3d9cd11b1723516ae2c622af2752d919ecab8089b3b", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_install_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "eee9b103c215050cef25eddd0fea8de54abe40be02a06ee28c80888b4a26b0ea", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_access_rule.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7fdbec735156a21036a6efdbeac5f739bb16f428966f4ad219d63628cccf1ceb", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_set_session.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a71f9152685c76ef04e81199413b84a6d36cb4bec2c3b02e3175e8bc8e73088b", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_run_ips_update.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e63d017c4e434e00ad5a2aec67d79e62f25850f231a33632929c7dd0e4264eb4", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_threat_protection_override.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "020825ee4b7fb37c4f421391eaccffb8f3a8f53fb0eb5a2f4d1ae2849f57498f", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_access_rule_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b9bfbe5bd3dee964bb71094498d6c7cbfac7215b0c6777a889503ffa522129ff", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_tcp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ee294d8627c0a636fa15e90f08616582e81cb2e30d98e72b4602086f267110a3", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_threat_exception_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "646d9e49be52cb3bf4697839b10e553a915971754dd32e7db19051428e99d6a2", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_dynamic_object.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9b4cb8301ccf0b9026a40df58f12629662ed589a80e57a4c354b22e985189c99", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_verify_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "24e9eb33ee2dc0c431d97186931ff98e51b4262b3952eb86e7205f638caf6378", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_install_software_package.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f6dde7f737e4efa372d1e3af3fca3b04c7cb20037581dd9fb2d7567b3124a309", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_add_api_key.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e1297d7ba1c62f880d52cf5d7bc2bf45e11f15a39baf293d563ccb71f1b17cc4", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_nat_rule_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ea95691323673cb5c61290c0e61175720ae7ccdf062e63f88bca65123f2cc96f", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_service_sctp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5e7ce1866a5b956d4b0ec0cce00c059a1992c4dfa46f3266e1d624fb3d7d0c69", + "format": 1 + }, + { + "name": "tests/units/modules/test_cp_mgmt_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "fb7bd5f23e514014f41130ef9355a23373afa54c856d79c3b3bde559ee6fd6d9", + "format": 1 + }, + { + "name": "tests/integration", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "README.md", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6c68d7a6ace4b5724523c6a5cdea22a235512b870cde9d9d735455e68c8e8fd5", + "format": 1 + }, + { + "name": "plugins", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/action", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/action/cp_mgmt_access_rules.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b386b9c34c317f8b768dd14b38685f192193133eacbc697b438efcac7b010bc4", + "format": 1 + }, + { + "name": "plugins/modules", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_delete_rules_batch.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a9d83471198cd03b7020e76694e954517f1c917ae232fadbf27a0b5a34e40832", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_access_layer_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "171fb23fb1f749e07026ca70e4fb09325da903bf304456bfd87de96546a95383", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_submit_session.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e36b0c9f11b584be7746a6ebdfee6621c50e690d24af9f849f55790e1d495862", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_application_site_category.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0a81499ee688826a7704465c0bb1b886baa28f6238a30e883b664808c7e5844d", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_lsm_gateway_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "13a319e643726327d88ae244f0b8972c5813d1d0e582e5d541eb4d77109252b0", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_check_network_feed.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "49d6701ba6a1169040083343ad5c54ead30cd4a734e7d603ff28b19da8841c1c", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_delete_domain.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "fdc29f6ffc08f2391ecc2c5b9b659f31dc143dc130bfe365a61725c1d7b4d790", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_threat_indicator.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9f3c37894d82c804c315f34d1f7c93bfaf8b501db2020bdd4edee1b9418f255f", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_lsm_cluster_profile_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "943b7657a6b4bd190609dcdf75b428a5745e969db504e185da983c40c0e77000", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_show_access_section.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2aae40870d885035fcfb2ebfb86853374bb5e05bde0b6808275c10f3a188e443", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_vpn_community_meshed.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1cefd4b3ee98d390ec2098d144fe4931be0e2eb3474f3237303577dfad652b46", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_add_data_center_object.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3789b741b55996e79a35e2624afa414532c8c0d14a63c57679ad4c07cb488a9b", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_simple_gateway.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b429e06323dee772402e16a45d559c56fe305a35c0c11884b6d103a176677770", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_vpn_community_star.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "db3208d4d7e744690cd05104387f054eb52f675f2d9780c224df1d5aeb55e4c4", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_add_rules_batch.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "324163f65fa5213654e5d92a3d269888f7498a93ee6f0dc9ef9540157b2de9f0", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_show_task.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "887aef1feb38dcea3be44505478a08f74d8c1084e9af7d0aa140dcc620710f7f", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_time.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "facd05735105a9ae3b42c400ad31e389a2d56d0624613a1c131a7ade64158686", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_show_cloud_services.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "937630770fd80f547eb0b70152fb2bd2bff19cd7f4cb23c1b623d053d1524bb0", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_domain_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f454659c5ffe5d2204df4621319e9c16f5eb8d3d1e30d73981056d1aaad6c790", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_access_rule_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7d992bd6c92526d132ff6e35ec402cc4de2f29771d69f05a8d2c378b5985759f", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_dns_domain.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "fcaa237d703eab5714df13f579fed1c046440fadfb32a2109a4c8feaf9b466f0", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_application_site_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f3f6f3398649bb7f1583340dcd08fac981befd12fe02fe64a61d60bd9b004177", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_connect_cloud_services.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ef415a624b9e1b0bcaa96b79dbe291c88482386a8bec0ec377bd52509b42c226", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_trusted_client.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7b0ebba6c2a135f1fff36f9d9fb111d4c38a5594d2cbbdd6e12796040dfec95c", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_identity_tag.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a8b06561ba01ff62197816937d060cc347ba7898143e3959da49870821ca24f5", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_rpc_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c53ad5563ec27506f8432578551ba5020063fa886ab3c88155cb3e97e5a2addc", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_icmp_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f373977a06b500b5f30a205f84fd0440516a627adeec24e0f2e26ae4f99d7b9e", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_interoperable_device.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "4509992188a282f02c8543b5594a818aa7182590a06575ebab3fa2115b3e70f7", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_mds.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "39000d01da0a99362adad5c0babe4e9d5d00d0aebab1eee22931cbd1a090d601", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_threat_protection_override.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5f214163d14d8d23a16ac5aff7df1705dd35b8e14aa8bc31bf35fc0a9bee22fa", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_https_section.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "99e0d77cffcd9264e1ed40201a59d87de1cd69adeee1594b72af34ffb2873101", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_threat_layer_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "dc34062e8e99ee489e3b36486456c8ddb87aab04f4f2a4f1e3eae75af2a6f40b", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_show_software_package_details.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1edd3b8bed16d1638ea941c5bc458ec57840a191839bd7b8fd17411c7aaba344", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_show_servers_and_processes.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b3a973f93391605949875cabbbbda8e352e3c5e7e42023d917ccf12eb45b260a", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_access_role.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d4bdefb6b276b657bd52568e90cb7e5a576fafe8cd227a38db3554dd78399f7f", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_application_site_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "90c780e061bd8ede6c2fb8e35507327de04db7400dcd973a79e1cab1a51c2470", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_smtp_server_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e27c103f2ff7e7f1d2fb57f9f4b88e5ad70f963a42ca59a9dcb0864b18d5e576", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_lsm_cluster_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9a4dd3d63972084aa639317710269d59345fa0c73201434568016da392c2c485", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_update_provisioned_satellites.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "405b74f7329de41ee71b9a534a717b9ac05b333512ade3a86716ac915cf12d8f", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_dce_rpc.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2e7e9b8823fa8e88f375e710f95f5f61a7504f525eb21d1fc4852ae511ee2b8d", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_install_software_package.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1181b5848be267ee218a0343b7ec3a94641bbf29c78e8deb073279a2d2e5b512", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_put_file.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d6b98967cecb76370f6b27474bd93512cb642552f466232c2932078cf430b41a", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_threat_layer.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f6ccd6ebbfb487519f2b0fbdc436c739e8724bf5d2c71ae9af56668e0a7906f6", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_show_https_section.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9e590c8c797522518ba099e4d78ebede56d8cb4dd62321ba954350ebe4fa66b7", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_application_site_category_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "471733c95c7aa301b32a51f95ef1dff11ec1094435faf0ac8ad9b7aac2fa63a9", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_vpn_community_star_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ad9eb05411dbd700a29609ed58252e3ddb4d12b07f278b5ed88dfe71e76ab5bd", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_provisioning_profile_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ea81e2e2f98cc359bd6762565b4f2ec953214e092b9598fcd57b4d5bb2188629", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_other.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2371819d17334ff79681e6c733cdf4e20817e5c87cb738cbf0cbe1e10a0ef898", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_dce_rpc_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e22c1b3dc454955774796a0383bf90ee58935c492c7ee36444d9ce5c4c01a045", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_wildcard.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "97f5782289fa3b6ee576f225d72709d0f20451d221156dfcffff835acee86519", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_tcp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c69f230c24d4a1f19da1cb8464a4810caf7bdf8f8d10bfd1699d2ca29852f912", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_nat_rule_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9fc75780ee76dab171c8e4999c6c0db35cb618207885f7568cc0fab0132a5378", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_add_api_key.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "21f8715183dbe63307ae9463d9075599381f40f38b86823d456205610c4d1c45", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_udp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "73a4754e213ea6b36d420806b52e63e399a20142c655141415ea8d8364b87222", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_approve_session.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "26dd50335aef9167b738cbe532761d4fca92ac21ac10f93c1a5230d15adf033e", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_add_domain.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a90fa661a89fe72b6e83e9c7f76c619d791577076d63bb4f1e33bfadbee4d55f", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_application_site.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7de337599b184979c37915a4471949790cb6b5bbfe6a280fcdcfd1b223fcba1e", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_threat_indicator_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "96f753e4b63adc4c23f49828ca30448f71d2fc88199b18139723f745d7a86c12", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_run_script.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "21e82c83f76dfb742a70e1cc7aade6480cbdd5ad581ca80782ad09922a724a26", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_threat_profile_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "97e2bd74ed4d347eaf0c582e70477df8b21f623805487b5eecb895fbfeda3006", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_set_idp_default_assignment.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8f0811c34cfdf8ac6cf0c7778465a9b1de69a1848c68b3996f81c0c12dc21508", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_rpc.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "60b84b152bc7dff5e532667f2e8a7fb658bc642b357b1a248334f3d24a08f85f", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_md_permissions_profile_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a420f27c17fcc4c503db294f860d8c95b6eee217581e6f4e63213bfe89b08305", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_exception_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "98e86f55c1fa6bb6a5ea6cde6ef6731e476798371782324b9d3416041b6da534", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_access_layer.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b9ea2b1e98702a956b0eaf3e3de8148c9dd8720248ef1fefeff1870613cfbcb6", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_application_site_group_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3576fa51958dfbcf9de7eb6248a89c597dcd0138339d53c86c2a48ee1a17d7d2", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_repository_script.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7a2f78ab5e73756f71d1f80e262d90071b9aeface2aca37a27748e7e06fcfa96", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_tag.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "45071e35d9a8672afa852a9964cda9a185623898adda4ce5401e5367ed78e788", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_show_global_properties.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f1c04a6cfff4c4c89bf04157a523dd8659082ba8276a36741bf5a85e70065a53", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_mds_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "bd7aa7bafebf5b1e4d31982c54a9daf0116beafe49f10a66cbca2e0d456355b4", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_multicast_address_range_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "bf8d2a039d275729920d7af312af3f6b3c9cf22b9b895d94307fd354b0625930", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_package.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f578b392753fbec21c225ebf3ae56164b429536a5adda6da49ee33eaa28a202e", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_security_zone.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "048b79a48219d72258aced34a87ef8bc1b40a83d3f9b22466f5801a7362e6d86", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_group_with_exclusion_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ef23cdfad8413831010494cebd79674272db2c8296e2c7e361e38e8a23354296", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_nat_section.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "8cc60a79299e73274e9973ce90f3ac099f324417343e66eb1cfe92bc09b51597", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_reject_session.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2db9e2727025cacd6a9352aaa937a9b8c4f07f2743adda4fd6f6129164a2d3bb", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_disconnect_cloud_services.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a84fa7756b95b80c7729f0d6a71d735889f4d72d36c7ec2e966144a625ec59be", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_udp_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "bfcb35e740e202460e81d3a93a67bcd68a4c8db8b77d24be59a4137f37eec05e", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_package_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "841bd096b54b76a0e0dd470292ea24c084fc152ceca370e9c415bc89fdb826db", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_exception_group_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2944e2f363609b4e6a90ce10be20badeb8552e3b6ad4382a8024c9a791e4a40c", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_simple_cluster.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "53b2a521b0348d4c606fdf27ef1fb5ba55fe83fec79dae8a35fedd5163576706", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_access_section.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "72dd6cd6fc94f2fb3bfffb244bf3908d4d3737a4375bfd7f3f767769a89d002f", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_icmp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "94f13f1d8566386e3062c0264edd12f77bf4495b6df09411d61791ff477b43bf", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_set_idp_to_domain_assignment.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7b63d509fb4d823dac6027016833e717bf984b9d5cf666c1a058bc46d7cf7438", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "51c02c1f02895bbe4ae9293cd9e7866ce498d253fd1939f0d4b54ff387570520", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_set_threat_advanced_settings.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7a98029951b04c0821dc14fd22c5c384754f62059a70e4402409ba0c880ce247", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_interoperable_device_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b39d497b2e1448fa4aa8efd17f8daa15342700531f25e71b2e17b1204f670f82", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_group_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b7f763c5f4927f038b6e25427412f97c358101b9a8352563a079a4f80374d264", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_group_with_exclusion.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a0261b665775df84382da05f8be5dbd6f5d4b56409c27be01b40dc4c84650afb", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_dynamic_object.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ee1a62e868ad7ba5df96680a7b57f93798fde3c81d9b79c11a1d52fd3426cde3", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_publish.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ba82cdef88bb83faecf71c4dac7fe810db7a4ef473e6ae48adb61aea95daaf94", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_host_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9ae3bf5f65a631ede05fc0306138e4be4981bb803862f153351edbf2ba6d3ccc", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_lsm_gateway_profile_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ea19f0f8f803339136d2988cada8619a2676dbc1a0da075394fe4233a02557de", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_smtp_server.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d5ab1fcfb0ba69384baafecfc3c1d222973fa70008a5df4f06b7e8e8a221bb19", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_discard.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9a8e67f783b97b1274127b1ffa5bbf249ffaec2294fb2ba8ed2b8ff1c5099042", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_simple_cluster_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "4260fe6b13a6616efe130eacb008bc45d36f115d42b3d74382d5ee5f958968a4", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_administrator_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5ff399e430177d2d365e722f80057ab5cd27ec1835cff3fe747d9b6e991196c3", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_check_threat_ioc_feed.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "53541e0c6452fd38085273fd75904c778e03990f545c1f485d6648a9db43de24", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_set_session.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ab849840591afc7ffaf577ff153f19a732d36ed4014ded6ba3624e120a6798e6", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_threat_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f7a797ad2c11a6aef0cb07ade9c4584ff36f3a58cb5604ce2095e253eb122364", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_uninstall_software_package.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "fbbec07c3f792b3b0cd8eb02e824d3037371ce35200eb65019cf3e0aeace6329", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_lsm_gateway.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c18e23576612a2d0534188bb106c3abb1defc41b00bdef4898bf64abca492d4f", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_install_database.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1bea96e1221b931ce21ded6e7fde15cb1ed4e0d0789e9df7a4bf2003d674c5d8", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_host.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c41329540db77bc17576d17d1d9ab75fc2ae55af4f2a8a365fcc9660d922c78f", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_administrator.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f3895645e44528aa74ca07a5db3ba7b5de83aac65d6c200749ab486c2134fe59", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_install_lsm_settings.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "16349ef732256500716ce5ff12519b245b29c63c991cb3dd114a644537dd28ad", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_reset_sic.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "66dead32556ca9fa4c81eec169c9453b56713a2757e491fa1a073fcecc07b52b", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_icmp6_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ac9e3938a4e3ff4104295ea83eda76dd543934fd1d667b46d5907ae379f1119c", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_address_range_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e0caf28ac8be6724706b1de016aeda9cf12e6f136324eda258c170d73b8643bf", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_objects_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "aa1e7f01027282e78ca79660680ce8974792a37e391cab2ef94b933649f02d88", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_network.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cf2afff948f871d2cffa288a4f559df867d5910679b63d17cd5f32c50ddd25d1", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_threat_exception.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "88e016a715be2f1afa7e437561006144f3995a9f4ef32a57fe0e44232eddab71", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_show_threat_advanced_settings.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "59b1ae0976426033fe8322e78c86ba4abd5bce2e497b5f55936a705437ecc55d", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_simple_gateway_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "03084ad8d70f19219a10c4b2bcb315f410a55b568eb627148c3819568743354b", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_delete_nat_rule.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c4ccfeb4e6b4979e799038bbe2d10dbb6435cdb49f573004dc39e1b61d1c2172", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_sctp_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6c36ba47121fb51f2f7801a3f19f30945ef689992b46cf1825fbcf329ab767bf", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_set_global_properties.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b4821d269d27dc05ecbdd60e35f4fcf5d55f72c0ff9980309f90cfed03bcecc7", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "baabd9ca347233f669312f5e970641a84143ce40cc710f8fd1a01b9f86080f51", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_verify_software_package.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cba4e5708c365a4247150fdc19aaa927f6e57e9dd794db4192eacb9c984967ba", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_other_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "78f53f2519b42994e3167b003880fa955a8fd80e4bf10c0df7965f4d1c4e693d", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_group_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "03f768632d4aa85ff6dab26547272568b685af1cd39ade02e35eb25dcc6bfa49", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_show_tasks.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7240e150287b5791a09af3551047b8034c4e6a69fb888c6cbb5e9008589ec9fa", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_add_nat_rule.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cf758d48a1c074397015f83d1e9ada7617ea623007e09a750d9a5eca3f0d77a0", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_tag_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "273dccfd755525d7950cc4258a388b43da0e2b27888b81e141a7c90195f06e63", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_idp_to_domain_assignment_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9abcbe1296760ffc0f506e7bf5a1e487cd25c80e42aa3217747f667ec973c2a6", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_dns_domain_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5c06f5a95513dc459fb8a4f5c0afdb917d0e64e5ac974fd503c965cbfefd5848", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_test_sic_status.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "408f3ceef29304e05094aea5eccba41a5d7998b64537c5e9ae93e48d41727f3f", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_security_zone_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "90733d338fe0ebdd9a649f074ea463f86e42ed3059adca6b6e6dbcc435d3ab9c", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_global_assignment_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a9ae0807a77a6d34eaf1f16b9c3c77925915f41d8c704d7df1c6ce3820db0895", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_cluster_members_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "fcf0d5bbc1fe22a3b5261b1eeb6ebac991f3458392e04c727542440ca9a37932", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_set_domain.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "490075b99b71b9b71cc6b69043698fe1b26043037802fe3e3e7e081f8fe6bbd9", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_assign_global_assignment.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3ae16d3eb7af55242ea7abe04efad06cae94efad912582b05d37fbc531fa46a7", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_multicast_address_range.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b2df4111d8c376b8695890fe49e7894eb789ed701c5ba66d1c4c101a8fb7c2d6", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_show_nat_section.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "86587dbdc126e8ad016556c2d5aac427ebb90060006b46a0ee7f793df971d6af", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_idp_administrator_group_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "61c48850c8cf3de48b3661784288dbf1cde646d8120080f52fc1940ceb307013", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_lsm_run_script.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "7365251d4211be7ad3e8bd94efc61acb14456101e5d8734c84eb9d8395bf8161", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_show_idp_default_assignment.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b319a1df599ddaa23752898e60768b5dc7b6c238caf14e9a44c227cc96aee8bc", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_access_rule.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9dfa89e622be7418f167b6b64d0e733363ddf36c5497f3a2a65644cf2fb8343b", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_data_center_object_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "c3c75bbab1199dc2e8a60ba78d607ea04429bc94bac517feb12ae345f235b7eb", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_md_permissions_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "ceee5ef6a93564e0e302156240a7a2eb1f8d6200716213ff9abfa6087c770381", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_network_feed_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "936f5b155cfcd381d6c786219e1ae055e9d29393e062ebf170b79bf806568d46", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_wildcard_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5008b06a930c36ef38da577915f1ed762b1acd5e5a45b895592c3ab086899a55", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_threat_rule.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "447a5aff781500736d020f53360356c8c17aff620ae1ffabe05ea457e12eb87b", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_set_nat_rule.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2863773d2b55242ff06f883011d469ceec6b425729e27f2dffc5013d7441a9e1", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_get_platform.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1f5ac101d8c4cbd21600429fcb5967c3e02ef39bc7de2b0f94a1d5cbc222183e", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_delete_data_center_object.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "4e3cbdee4de6b34b6aec470ece5fbcfa51111087da5660cf3ae2eb27c1ce33ec", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_threat_exception_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6736ecbe1cdef972336fc133137f325995b14388094dcc4c90b2fd5f36718a9e", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_global_assignment.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "175d1713c4d9e1a3ea5a5285341865e23b705084dc7e9b9573c974211dd344f5", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_identity_tag_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f5177646186798331570ecad9525440d640dd70580dc4d34c8417d242cb1f314", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_install_lsm_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1bb3beeb03e0fa53ae64034e5fd953dde2abe3671fccdd2bc0b6a3b71daa70bf", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_time_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b1183b6f51322cc2ca8775b9a41899fa9a2ca3fce9fdee91fea1c222a5f43ae4", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_trusted_client_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1ab62179565f1dbb575020c1fbf8bf5d88d07adcf2632b3081e81c34fb48dbe6", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_network_feed.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "d8a22dfef235dff512885e6ac51c5a162305c138e4ec91efdc7a0db873be344a", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_delete_api_key.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b48cc95c585bd5f45341ba27db65364eccc578e47ec257c7bae7e29a2918a50f", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_tcp_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a251d18bae7171a9703884ac201b6e8e3d2561367886123958d79743d108ffe4", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_lsm_cluster.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "089e1ecc21fa7f28b917ff15a829dc3871a3e0aa459e85700032684000aa1b8f", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_access_role_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f9f41fec5c6290f05916ac397817403bc77927ad6f279fc7069ed79e8a6c8734", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_idp_administrator_group.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1e4a6a4337380cb501ccf78f02339651fec9fd809440713678b2b8d83d9bb917", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_access_rules.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1c0984a03d59d9070480b9907aef3c17810685ce4d5f373ccb0bf1ca747f89db", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_run_ips_update.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "df2897b279a396a9e7503055aff2e5e0e51cf210f879a290da5f63975c371f74", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_network_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2b5294d0e55651df53bd19eec3ff842e3ecffdfc9422a5a2a083c27d70e8ba6a", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_vpn_community_meshed_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "f1a22cfbeaecaa3aabd58eb6e94b349d2026da7f72661d2946d1e8767b711878", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_domain_permissions_profile_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e756f35bb731bb2fe905b441f8ef0f936d13e75eadb3a914ad0b9b9296c96cd7", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_session_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "52d983273391e6bb9c27e9048689a849cbeba88a32d957ea78b072b38e807fe8", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_threat_rule_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "289c42d6bdd3f1f89fb9322bec4ff01934c97120488824cd7bd4dce8ee22fa8b", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_sctp.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "90c51821e4b8ee48ba76d1752b9c778d753543b51dedddad9de549a9c0c1e226", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_verify_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a36dc6811733d555ec1eabda7e14f47f9b8cf0fa3a61abcdbfdbe85720fd6845", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_show_logs.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e8e707e814732c2a0a65eb74c0f7930ec3aef16c848252c188e9e9ec7ededede", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_repository_script_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "13c57263953e1701cde3a96f3144353614feeff74cd2b61249e87077927b9013", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_service_icmp6.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "2db1883cc9b10bcb8ddb1507f1a112e5889bc9bbf7f763e2c415c99a174d4508", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_dynamic_object_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "87d7513db087fbbc08381c5fdb1496e8636354ea46ee5548df4ac6a0a634d63d", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_domain_permissions_profile.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3b5a225b0957326204eef01e23b1547fd07942860e31dc5df2ef8bb0668ad250", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_install_policy.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "59301e4f3270be713e931a2e5c68d9fa5bd7bbbadc04d9002cd0bfd609ec3764", + "format": 1 + }, + { + "name": "plugins/modules/cp_mgmt_address_range.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3c3abddfba4299961b6f6dcc57d00201138d05618251c7afb132692d2c088e9a", + "format": 1 + }, + { + "name": "plugins/module_utils", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/module_utils/checkpoint.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5ccdc4a20d4a68b269068cb2d97f9016c0d2919ef7c099105551f8641b9c6c80", + "format": 1 + }, + { + "name": "plugins/doc_fragments", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/doc_fragments/checkpoint_commands.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "1898e90c2a136d31c91a62bab1063323dd82890423ad0d703a947807c0ac1f02", + "format": 1 + }, + { + "name": "plugins/doc_fragments/checkpoint_objects_action_module.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "12ddf56afb6239b7d9fdea8d36fea786ad1bbea10a907b95577f0717d6e6d440", + "format": 1 + }, + { + "name": "plugins/doc_fragments/checkpoint_objects.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5f473f8543cb465b06c45373a6d1df1accabdd5d601a582e096cc447cc4b17e9", + "format": 1 + }, + { + "name": "plugins/doc_fragments/checkpoint_facts.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5f569611d1e5b9b7a5de375b0f2de41c1537c39d4f6068a3cd4088b6c26a0da9", + "format": 1 + }, + { + "name": "plugins/httpapi", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "plugins/httpapi/checkpoint.py", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "56ac92bbb5ac2bf13d7cd8898f46a23d9738bf9f6022045a462dcaa6bc3177bd", + "format": 1 + }, + { + "name": "roles", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "changelogs", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "changelogs/.plugin-cache.yaml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "a26bf0e084655d42f21faf5a600b85f62e792ef0f19e5d3c60e81872d7e27f20", + "format": 1 + }, + { + "name": "changelogs/fragments", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "changelogs/changelog.yaml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "9e147a0b5cd4ebdc583fedd2794bbdcfd157defcca7441b497dabcd5ec0f11b8", + "format": 1 + }, + { + "name": "changelogs/config.yaml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "3feb24c62630d3fd948c56ef6383147d592dee262a7ee0a92733ba256b0ad261", + "format": 1 + }, + { + "name": "meta", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "meta/execution-environment.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "681641544005d9d504d94237ba485399d5de2fa39ed52c98f9e39f83612c90d9", + "format": 1 + }, + { + "name": "meta/runtime.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "860967add82d9c273d9d15780a0c1e58fe6fd17658464a704853249f84c0eecf", + "format": 1 + }, + { + "name": "docs", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "CHANGELOG.rst", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "b6c9947e9112a42ed69ff2f1880019f48520adc3162f7d4f767ab4ca44495991", + "format": 1 + } + ], + "format": 1 +}
\ No newline at end of file diff --git a/ansible_collections/check_point/mgmt/MANIFEST.json b/ansible_collections/check_point/mgmt/MANIFEST.json new file mode 100644 index 00000000..acdcba72 --- /dev/null +++ b/ansible_collections/check_point/mgmt/MANIFEST.json @@ -0,0 +1,34 @@ +{ + "collection_info": { + "namespace": "check_point", + "name": "mgmt", + "version": "4.0.0", + "authors": [ + "Or Soffer <orso@checkpoint.com>", + "Shiran Golzar <shirango@checkpoint.com>", + "Eden Brillant <edenbr@checkpoint.com>" + ], + "readme": "README.md", + "tags": [ + "security" + ], + "description": "Check Point collection for the Management Server", + "license": [ + "GPL-2.0-or-later" + ], + "license_file": null, + "dependencies": {}, + "repository": "https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection", + "documentation": "https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/index.html", + "homepage": "https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection", + "issues": "https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/issues" + }, + "file_manifest_file": { + "name": "FILES.json", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5f71b816bee0abfef6e2a291b00f28b42e32ca12cc7ec01812bc246644fad321", + "format": 1 + }, + "format": 1 +}
\ No newline at end of file diff --git a/ansible_collections/check_point/mgmt/README.md b/ansible_collections/check_point/mgmt/README.md new file mode 100644 index 00000000..10373f5c --- /dev/null +++ b/ansible_collections/check_point/mgmt/README.md @@ -0,0 +1,188 @@ +# Check Point Ansible Mgmt Collection +This Ansible collection provides control over a Check Point Management server using +Check Point's web-services APIs. + +The Ansible Check Point modules reference can be found here: +https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/index.html#plugins-in-check-point-mgmt +<br>Note - look only at the `cp_mgmt_*` modules, cause the `checkpoint_*` will be deprecated. + +This is the repository of the mgmt collection which can be found here - https://galaxy.ansible.com/check_point/mgmt + +Installation instructions +------------------------- +Run `ansible-galaxy collection install check_point.mgmt` + +Requirements +------------ +* Ansible 2.9+ is required. +* The Check Point server should be using the versions detailed in this SK: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk114661 +* The Check Point server should be open for API communication from the Ansible server. + Open SmartConsole and check "Manage & Settings > Blades > Management API > Advanced settings". + +Usage +----- +1. Edit the `hosts` so that it will contain a section similar to this one: +``` +[check_point] +%CHECK_POINT_MANAGEMENT_SERVER_IP% +[check_point:vars] +ansible_httpapi_use_ssl=True +ansible_httpapi_validate_certs=False +ansible_user=%CHECK_POINT_MANAGEMENT_SERVER_USER% +ansible_password=%CHECK_POINT_MANAGEMENT_SERVER_PASSWORD% +ansible_network_os=check_point.mgmt.checkpoint +``` +Note - If you want to run against Ansible version 2.9 instead of the collection, just replace `ansible_network_os=check_point.mgmt.checkpoint` with `ansible_network_os=checkpoint` +<br><br>2. Run a playbook: +```sh +ansible-playbook your_ansible_playbook.yml +``` +or + +Run a playbook in "check mode": +```sh +ansible-playbook -C your_ansible_playbook.yml +``` +Example playbook: +``` +--- +- name: playbook name + hosts: check_point + connection: httpapi + tasks: + - name: task to have network + check_point.mgmt.cp_mgmt_network: + name: "network name" + subnet: "4.1.76.0" + mask_length: 24 + auto_publish_session: true + + vars: + ansible_checkpoint_domain: "SMC User" +``` +Note - If you want to run against Ansible version 2.9 instead of the collection, just replace `check_point.mgmt.cp_mgmt_network` with `cp_mgmt_network` + +### Notes: + 1. Because this Ansible module is controlling the management server remotely via the web API, + the Ansible server needs to have access to the Check Point API server. + Open `SmartConsole`, navigate to "Manage & Settings > Blades > Management API > Advanced settings" + and check the API server's accessibility set + 2. Ansible has a feature called "Check Mode" that enables you to test the + changes without actually changing anything. + 3. The login and logout happens automatically. + 4. If you want to login to a specific domain, in the playbook above in the `vars`secion change the domain name to + `ansible_checkpoint_domain` + 5. There are two ways to publish changes: + a. Set the `auto_publish_session` to `true` as displayed in the example playbook above. + This option will publish only the task which this parameter belongs to. + b. Add the task to publish to the `cp_mgmt_publish` module. + This option will publish all the tasks above this task. + 6. It is recommended by Check Point to use this collection over the modules of Ansible version 2.9 + 7. If you still want to use Ansible version 2.9 instead of this collection (not recommended): + a. In the `hosts` file replace `ansible_network_os=check_point.mgmt.checkpoint` with `ansible_network_os=checkpoint` + b. In the task in the playbook replace the module `check_point.mgmt.cp_mgmt_*` with the module `cp_mgmt_*` + 8. Starting from version 1.0.6, when running a command which returns a task-id, and the user chooses to wait for that task to finish + (the default is to wait), then the output of the command will be the output of the show-task command (instead of the task-id). + +Modules +------- +* `cp_mgmt_access_layer` – Manages access-layer objects on Check Point over Web Services API +* `cp_mgmt_access_layer_facts` – Get access-layer objects facts on Check Point over Web Services API +* `cp_mgmt_access_role` – Manages access-role objects on Check Point over Web Services API +* `cp_mgmt_access_role_facts` – Get access-role objects facts on Check Point over Web Services API +* `cp_mgmt_access_rule` – Manages access-rule objects on Check Point over Web Services API +* `cp_mgmt_access_rules` – Manages a list of access rules objects on Check Point over Web Services API +* `cp_mgmt_access_rule_facts` – Get access-rule objects facts on Check Point over Web Services API +* `cp_mgmt_address_range` – Manages address-range objects on Check Point over Web Services API +* `cp_mgmt_address_range_facts` – Get address-range objects facts on Check Point over Web Services API +* `cp_mgmt_administrator` – Manages administrator objects on Check Point over Web Services API +* `cp_mgmt_administrator_facts` – Get administrator objects facts on Check Point over Web Services API +* `cp_mgmt_application_site` – Manages application-site objects on Check Point over Web Services API +* `cp_mgmt_application_site_category` – Manages application-site-category objects on Check Point over Web Services API +* `cp_mgmt_application_site_category_facts` – Get application-site-category objects facts on Check Point over Web Services API +* `cp_mgmt_application_site_facts` – Get application-site objects facts on Check Point over Web Services API +* `cp_mgmt_application_site_group` – Manages application-site-group objects on Check Point over Web Services API +* `cp_mgmt_application_site_group_facts` – Get application-site-group objects facts on Check Point over Web Services API +* `cp_mgmt_assign_global_assignment` – assign global assignment on Check Point over Web Services API +* `cp_mgmt_discard` – All changes done by user are discarded and removed from database +* `cp_mgmt_dns_domain` – Manages dns-domain objects on Check Point over Web Services API +* `cp_mgmt_dns_domain_facts` – Get dns-domain objects facts on Check Point over Web Services API +* `cp_mgmt_dynamic_object` – Manages dynamic-object objects on Check Point over Web Services API +* `cp_mgmt_dynamic_object_facts` – Get dynamic-object objects facts on Check Point over Web Services API +* `cp_mgmt_exception_group` – Manages exception-group objects on Check Point over Web Services API +* `cp_mgmt_exception_group_facts` – Get exception-group objects facts on Check Point over Web Services API +* `cp_mgmt_global_assignment` – Manages global-assignment objects on Check Point over Web Services API +* `cp_mgmt_global_assignment_facts` – Get global-assignment objects facts on Check Point over Web Services API +* `cp_mgmt_group` – Manages group objects on Check Point over Web Services API +* `cp_mgmt_group_facts` – Get group objects facts on Check Point over Web Services API +* `cp_mgmt_group_with_exclusion` – Manages group-with-exclusion objects on Check Point over Web Services API +* `cp_mgmt_group_with_exclusion_facts` – Get group-with-exclusion objects facts on Check Point over Web Services API +* `cp_mgmt_host` – Manages host objects on Check Point over Web Services API +* `cp_mgmt_host_facts` – Get host objects facts on Check Point over Web Services API +* `cp_mgmt_install_policy` – install policy on Check Point over Web Services API +* `cp_mgmt_install_database` – install database on Check Point over Web Services API +* `cp_mgmt_mds` – Multi-Domain Server (mds) objects on Check Point over Web Services API +* `cp_mgmt_mds_facts` – Get Multi-Domain Server (mds) objects facts on Check Point over Web Services API +* `cp_mgmt_multicast_address_range` – Manages multicast-address-range objects on Check Point over Web Services API +* `cp_mgmt_multicast_address_range_facts` – Get multicast-address-range objects facts on Check Point over Web Services API +* `cp_mgmt_network` – Manages network objects on Check Point over Web Services API +* `cp_mgmt_network_facts` – Get network objects facts on Check Point over Web Services API +* `cp_mgmt_package` – Manages package objects on Check Point over Web Services API +* `cp_mgmt_package_facts` – Get package objects facts on Check Point over Web Services API +* `cp_mgmt_publish` – All the changes done by this user will be seen by all users only after publish is called +* `cp_mgmt_put_file` – put file on Check Point over Web Services API +* `cp_mgmt_run_ips_update` – Runs IPS database update. If "package-path" is not provided server will try to get the latest package from the User Center +* `cp_mgmt_run_script` – Executes the script on a given list of targets +* `cp_mgmt_security_zone` – Manages security-zone objects on Check Point over Web Services API +* `cp_mgmt_security_zone_facts` – Get security-zone objects facts on Check Point over Web Services API +* `cp_mgmt_service_dce_rpc` – Manages service-dce-rpc objects on Check Point over Web Services API +* `cp_mgmt_service_dce_rpc_facts` – Get service-dce-rpc objects facts on Check Point over Web Services API +* `cp_mgmt_service_group` – Manages service-group objects on Check Point over Web Services API +* `cp_mgmt_service_group_facts` – Get service-group objects facts on Check Point over Web Services API +* `cp_mgmt_service_icmp` – Manages service-icmp objects on Check Point over Web Services API +* `cp_mgmt_service_icmp6` – Manages service-icmp6 objects on Check Point over Web Services API +* `cp_mgmt_service_icmp6_facts` – Get service-icmp6 objects facts on Check Point over Web Services API +* `cp_mgmt_service_icmp_facts` – Get service-icmp objects facts on Check Point over Web Services API +* `cp_mgmt_service_other` – Manages service-other objects on Check Point over Web Services API +* `cp_mgmt_service_other_facts` – Get service-other objects facts on Check Point over Web Services API +* `cp_mgmt_service_rpc` – Manages service-rpc objects on Check Point over Web Services API +* `cp_mgmt_service_rpc_facts` – Get service-rpc objects facts on Check Point over Web Services API +* `cp_mgmt_service_sctp` – Manages service-sctp objects on Check Point over Web Services API +* `cp_mgmt_service_sctp_facts` – Get service-sctp objects facts on Check Point over Web Services API +* `cp_mgmt_service_tcp` – Manages service-tcp objects on Check Point over Web Services API +* `cp_mgmt_service_tcp_facts` – Get service-tcp objects facts on Check Point over Web Services API +* `cp_mgmt_service_udp` – Manages service-udp objects on Check Point over Web Services API +* `cp_mgmt_service_udp_facts` – Get service-udp objects facts on Check Point over Web Services API +* `cp_mgmt_session_facts` – Get session objects facts on Check Point over Web Services API +* `cp_mgmt_simple_gateway` – Manages simple-gateway objects on Check Point over Web Services API +* `cp_mgmt_simple_gateway_facts` – Get simple-gateway objects facts on Check Point over Web Services API +* `cp_mgmt_tag` – Manages tag objects on Check Point over Web Services API +* `cp_mgmt_tag_facts` – Get tag objects facts on Check Point over Web Services API +* `cp_mgmt_threat_exception` – Manages threat-exception objects on Check Point over Web Services API +* `cp_mgmt_threat_exception_facts` – Get threat-exception objects facts on Check Point over Web Services API +* `cp_mgmt_threat_indicator` – Manages threat-indicator objects on Check Point over Web Services API +* `cp_mgmt_threat_indicator_facts` – Get threat-indicator objects facts on Check Point over Web Services API +* `cp_mgmt_threat_layer` – Manages threat-layer objects on Check Point over Web Services API +* `cp_mgmt_threat_layer_facts` – Get threat-layer objects facts on Check Point over Web Services API +* `cp_mgmt_threat_profile` – Manages threat-profile objects on Check Point over Web Services API +* `cp_mgmt_threat_profile_facts` – Get threat-profile objects facts on Check Point over Web Services API +* `cp_mgmt_threat_protection_override` – Edit existing object using object name or uid +* `cp_mgmt_threat_rule` – Manages threat-rule objects on Check Point over Web Services API +* `cp_mgmt_threat_rule_facts` – Get threat-rule objects facts on Check Point over Web Services API +* `cp_mgmt_time` – Manages time objects on Check Point over Web Services API +* `cp_mgmt_time_facts` – Get time objects facts on Check Point over Web Services API +* `cp_mgmt_verify_policy` – Verifies the policy of the selected package +* `cp_mgmt_vpn_community_meshed` – Manages vpn-community-meshed objects on Check Point over Web Services API +* `cp_mgmt_vpn_community_meshed_facts` – Get vpn-community-meshed objects facts on Check Point over Web Services API +* `cp_mgmt_vpn_community_star` – Manages vpn-community-star objects on Check Point over Web Services API +* `cp_mgmt_vpn_community_star_facts` – Get vpn-community-star objects facts on Check Point over Web Services API +* `cp_mgmt_wildcard` – Manages wildcard objects on Check Point over Web Services API +* `cp_mgmt_wildcard_facts` – Get wildcard objects facts on Check Point over Web Services API +* `cp_mgmt_add_domain` – Add new domain on Check Point over Web Services API +* `cp_mgmt_set_domain` – Edit existing domain on Check Point over Web Services API +* `cp_mgmt_delete_domain` – Delete existing domain on Check Point over Web Services API +* `cp_mgmt_domain_facts` – Get domain objects on Check Point over Web Services API +* `cp_mgmt_trusted_client` – Trusted client objects on Check Point over Web Services API +* `cp_mgmt_trusted_client_facts` – Get trusted client objects facts on Check Point over Web Services API +* `cp_mgmt_identity_tag` – Identity tag objects on Check Point over Web Services API +* `cp_mgmt_identity_tag_facts` – Get identity tag objects facts on Check Point over Web Services API diff --git a/ansible_collections/check_point/mgmt/changelogs/.plugin-cache.yaml b/ansible_collections/check_point/mgmt/changelogs/.plugin-cache.yaml new file mode 100644 index 00000000..49a22147 --- /dev/null +++ b/ansible_collections/check_point/mgmt/changelogs/.plugin-cache.yaml @@ -0,0 +1,1000 @@ +objects: + role: {} +plugins: + become: {} + cache: {} + callback: {} + cliconf: {} + connection: {} + httpapi: + checkpoint: + description: HttpApi Plugin for Checkpoint devices + name: checkpoint + version_added: 2.8.0 + inventory: {} + lookup: {} + module: + cp_mgmt_access_layer: + description: Manages access-layer objects on Check Point over Web Services API + name: cp_mgmt_access_layer + namespace: '' + version_added: 1.0.0 + cp_mgmt_access_layer_facts: + description: Get access-layer objects facts on Check Point over Web Services + API + name: cp_mgmt_access_layer_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_access_role: + description: Manages access-role objects on Check Point over Web Services API + name: cp_mgmt_access_role + namespace: '' + version_added: 1.0.0 + cp_mgmt_access_role_facts: + description: Get access-role objects facts on Check Point over Web Services + API + name: cp_mgmt_access_role_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_access_rule: + description: Manages access-rule objects on Check Point over Web Services API + name: cp_mgmt_access_rule + namespace: '' + version_added: 1.0.0 + cp_mgmt_access_rule_facts: + description: Get access-rule objects facts on Check Point over Web Services + API + name: cp_mgmt_access_rule_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_access_rules: + description: Manages access-rules objects on Check Point over Web Services API + name: cp_mgmt_access_rules + namespace: '' + version_added: 2.2.0 + cp_mgmt_access_section: + description: Manages access-section objects on Checkpoint over Web Services + API + name: cp_mgmt_access_section + namespace: '' + version_added: 2.0.0 + cp_mgmt_add_api_key: + description: Add API key for administrator, to enable login with it. For the + key to be valid publish is needed. + name: cp_mgmt_add_api_key + namespace: '' + version_added: 2.0.0 + cp_mgmt_add_data_center_object: + description: Imports a Data Center Object from a Data Center Server.<br> Data + Center Object represents an object in the cloud environment. + name: cp_mgmt_add_data_center_object + namespace: '' + version_added: 2.0.0 + cp_mgmt_add_domain: + description: Create new object + name: cp_mgmt_add_domain + namespace: '' + version_added: 2.1.0 + cp_mgmt_add_nat_rule: + description: Create new object. + name: cp_mgmt_add_nat_rule + namespace: '' + version_added: 2.0.0 + cp_mgmt_add_rules_batch: + description: Creates new rules in batch. Use this API to achieve optimum performance + when adding more than one rule. + name: cp_mgmt_add_rules_batch + namespace: '' + version_added: 3.0.0 + cp_mgmt_address_range: + description: Manages address-range objects on Check Point over Web Services + API + name: cp_mgmt_address_range + namespace: '' + version_added: 1.0.0 + cp_mgmt_address_range_facts: + description: Get address-range objects facts on Check Point over Web Services + API + name: cp_mgmt_address_range_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_administrator: + description: Manages administrator objects on Checkpoint over Web Services API + name: cp_mgmt_administrator + namespace: '' + version_added: 1.0.0 + cp_mgmt_administrator_facts: + description: Get administrator objects facts on Checkpoint over Web Services + API + name: cp_mgmt_administrator_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_application_site: + description: Manages application-site objects on Check Point over Web Services + API + name: cp_mgmt_application_site + namespace: '' + version_added: 1.0.0 + cp_mgmt_application_site_category: + description: Manages application-site-category objects on Check Point over Web + Services API + name: cp_mgmt_application_site_category + namespace: '' + version_added: 1.0.0 + cp_mgmt_application_site_category_facts: + description: Get application-site-category objects facts on Check Point over + Web Services API + name: cp_mgmt_application_site_category_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_application_site_facts: + description: Get application-site objects facts on Check Point over Web Services + API + name: cp_mgmt_application_site_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_application_site_group: + description: Manages application-site-group objects on Check Point over Web + Services API + name: cp_mgmt_application_site_group + namespace: '' + version_added: 1.0.0 + cp_mgmt_application_site_group_facts: + description: Get application-site-group objects facts on Check Point over Web + Services API + name: cp_mgmt_application_site_group_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_approve_session: + description: Workflow feature - Approve and Publish the session. + name: cp_mgmt_approve_session + namespace: '' + version_added: 3.0.0 + cp_mgmt_assign_global_assignment: + description: assign global assignment on Check Point over Web Services API + name: cp_mgmt_assign_global_assignment + namespace: '' + version_added: 1.0.0 + cp_mgmt_check_network_feed: + description: Check if a target can reach or parse a network feed; can work with + an existing feed object or with a new one (by providing all relevant feed + parameters). + name: cp_mgmt_check_network_feed + namespace: '' + version_added: 3.0.0 + cp_mgmt_check_threat_ioc_feed: + description: Check if a target can reach or parse a threat IOC feed; can work + with an existing feed object or with a new one (by providing all relevant + feed parameters). + name: cp_mgmt_check_threat_ioc_feed + namespace: '' + version_added: 3.0.0 + cp_mgmt_cluster_members_facts: + description: Retrieve all existing cluster members in domain. + name: cp_mgmt_cluster_members_facts + namespace: '' + version_added: 3.0.0 + cp_mgmt_connect_cloud_services: + description: Securely connect the Management Server to Check Point's Infinity + Portal. <br>This is a preliminary operation so that the management server + can use various Check Point cloud-based security services hosted in the Infinity + Portal. + name: cp_mgmt_connect_cloud_services + namespace: '' + version_added: 3.0.0 + cp_mgmt_data_center_object_facts: + description: Get data-center-object objects facts on Checkpoint over Web Services + API + name: cp_mgmt_data_center_object_facts + namespace: '' + version_added: 2.0.0 + cp_mgmt_delete_api_key: + description: Delete the API key. For the key to be invalid publish is needed. + name: cp_mgmt_delete_api_key + namespace: '' + version_added: 2.0.0 + cp_mgmt_delete_data_center_object: + description: Delete existing object using object name or uid. + name: cp_mgmt_delete_data_center_object + namespace: '' + version_added: 2.0.0 + cp_mgmt_delete_domain: + description: Delete existing object using object name or uid. + name: cp_mgmt_delete_domain + namespace: '' + version_added: 2.1.0 + cp_mgmt_delete_nat_rule: + description: Delete existing object using object name or uid. + name: cp_mgmt_delete_nat_rule + namespace: '' + version_added: 2.0.0 + cp_mgmt_delete_rules_batch: + description: Delete rules in batch from the same layer. Use this API to achieve + optimum performance when removing more than one rule. + name: cp_mgmt_delete_rules_batch + namespace: '' + version_added: 3.0.0 + cp_mgmt_discard: + description: All changes done by user are discarded and removed from database. + name: cp_mgmt_discard + namespace: '' + version_added: 1.0.0 + cp_mgmt_disconnect_cloud_services: + description: Disconnect the Management Server from Check Point's Infinity Portal. + name: cp_mgmt_disconnect_cloud_services + namespace: '' + version_added: 3.0.0 + cp_mgmt_dns_domain: + description: Manages dns-domain objects on Check Point over Web Services API + name: cp_mgmt_dns_domain + namespace: '' + version_added: 1.0.0 + cp_mgmt_dns_domain_facts: + description: Get dns-domain objects facts on Check Point over Web Services API + name: cp_mgmt_dns_domain_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_domain_facts: + description: Get domain objects facts on Checkpoint over Web Services API + name: cp_mgmt_domain_facts + namespace: '' + version_added: 2.1.0 + cp_mgmt_domain_permissions_profile: + description: Manages domain-permissions-profile objects on Checkpoint over Web + Services API + name: cp_mgmt_domain_permissions_profile + namespace: '' + version_added: 3.0.0 + cp_mgmt_domain_permissions_profile_facts: + description: Get domain-permissions-profile objects facts on Checkpoint over + Web Services API + name: cp_mgmt_domain_permissions_profile_facts + namespace: '' + version_added: 3.0.0 + cp_mgmt_dynamic_object: + description: Manages dynamic-object objects on Check Point over Web Services + API + name: cp_mgmt_dynamic_object + namespace: '' + version_added: 1.0.0 + cp_mgmt_dynamic_object_facts: + description: Get dynamic-object objects facts on Check Point over Web Services + API + name: cp_mgmt_dynamic_object_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_exception_group: + description: Manages exception-group objects on Check Point over Web Services + API + name: cp_mgmt_exception_group + namespace: '' + version_added: 1.0.0 + cp_mgmt_exception_group_facts: + description: Get exception-group objects facts on Check Point over Web Services + API + name: cp_mgmt_exception_group_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_get_platform: + description: Get actual platform (Hardware, Version, OS) from gateway, cluster + or Check Point host. + name: cp_mgmt_get_platform + namespace: '' + version_added: 3.0.0 + cp_mgmt_global_assignment: + description: Manages global-assignment objects on Check Point over Web Services + API + name: cp_mgmt_global_assignment + namespace: '' + version_added: 1.0.0 + cp_mgmt_global_assignment_facts: + description: Get global-assignment objects facts on Check Point over Web Services + API + name: cp_mgmt_global_assignment_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_group: + description: Manages group objects on Check Point over Web Services API + name: cp_mgmt_group + namespace: '' + version_added: 1.0.0 + cp_mgmt_group_facts: + description: Get group objects facts on Check Point over Web Services API + name: cp_mgmt_group_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_group_with_exclusion: + description: Manages group-with-exclusion objects on Check Point over Web Services + API + name: cp_mgmt_group_with_exclusion + namespace: '' + version_added: 1.0.0 + cp_mgmt_group_with_exclusion_facts: + description: Get group-with-exclusion objects facts on Check Point over Web + Services API + name: cp_mgmt_group_with_exclusion_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_host: + description: Manages host objects on Check Point over Web Services API + name: cp_mgmt_host + namespace: '' + version_added: 1.0.0 + cp_mgmt_host_facts: + description: Get host objects facts on Check Point over Web Services API + name: cp_mgmt_host_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_https_section: + description: Manages https-section objects on Checkpoint over Web Services API + name: cp_mgmt_https_section + namespace: '' + version_added: 2.0.0 + cp_mgmt_identity_tag: + description: Manages identity-tag objects on Checkpoint over Web Services API + name: cp_mgmt_identity_tag + namespace: '' + version_added: 2.1.0 + cp_mgmt_identity_tag_facts: + description: Get identity-tag objects facts on Checkpoint over Web Services + API + name: cp_mgmt_identity_tag_facts + namespace: '' + version_added: 2.1.0 + cp_mgmt_idp_administrator_group: + description: Manages idp-administrator-group objects on Checkpoint over Web + Services API + name: cp_mgmt_idp_administrator_group + namespace: '' + version_added: 3.0.0 + cp_mgmt_idp_administrator_group_facts: + description: Get idp-administrator-group objects facts on Checkpoint over Web + Services API + name: cp_mgmt_idp_administrator_group_facts + namespace: '' + version_added: 3.0.0 + cp_mgmt_idp_to_domain_assignment_facts: + description: Get idp-to-domain-assignment objects facts on Checkpoint over Web + Services API + name: cp_mgmt_idp_to_domain_assignment_facts + namespace: '' + version_added: 3.0.0 + cp_mgmt_install_database: + description: Copies the user database and network objects information to specified + targets. + name: cp_mgmt_install_database + namespace: '' + version_added: 2.1.0 + cp_mgmt_install_lsm_policy: + description: Executes the lsm-install-policy on a given list of targets. Install + the LSM policy that defined on the attached LSM profile on the targets devices. + name: cp_mgmt_install_lsm_policy + namespace: '' + version_added: 3.0.0 + cp_mgmt_install_lsm_settings: + description: Executes the lsm-install-settings on a given list of targets. Install + the provisioning settings that defined on the object on the targets devices. + name: cp_mgmt_install_lsm_settings + namespace: '' + version_added: 3.0.0 + cp_mgmt_install_policy: + description: install policy on Check Point over Web Services API + name: cp_mgmt_install_policy + namespace: '' + version_added: 1.0.0 + cp_mgmt_install_software_package: + description: Installs the software package on target machines. + name: cp_mgmt_install_software_package + namespace: '' + version_added: 2.0.0 + cp_mgmt_interoperable_device: + description: Manages interoperable-device objects on Checkpoint over Web Services + API + name: cp_mgmt_interoperable_device + namespace: '' + version_added: 3.0.0 + cp_mgmt_interoperable_device_facts: + description: Get interoperable-device objects facts on Checkpoint over Web Services + API + name: cp_mgmt_interoperable_device_facts + namespace: '' + version_added: 3.0.0 + cp_mgmt_lsm_cluster: + description: Manages lsm-cluster objects on Checkpoint over Web Services API + name: cp_mgmt_lsm_cluster + namespace: '' + version_added: 2.3.0 + cp_mgmt_lsm_cluster_facts: + description: Get lsm-cluster objects facts on Checkpoint over Web Services API + name: cp_mgmt_lsm_cluster_facts + namespace: '' + version_added: 2.3.0 + cp_mgmt_lsm_cluster_profile_facts: + description: Get lsm-cluster-profile objects facts on Checkpoint over Web Services + API + name: cp_mgmt_lsm_cluster_profile_facts + namespace: '' + version_added: 3.0.0 + cp_mgmt_lsm_gateway: + description: Manages lsm-gateway objects on Checkpoint over Web Services API + name: cp_mgmt_lsm_gateway + namespace: '' + version_added: 2.3.0 + cp_mgmt_lsm_gateway_facts: + description: Get lsm-gateway objects facts on Checkpoint over Web Services API + name: cp_mgmt_lsm_gateway_facts + namespace: '' + version_added: 2.3.0 + cp_mgmt_lsm_gateway_profile_facts: + description: Get lsm-gateway-profile objects facts on Checkpoint over Web Services + API + name: cp_mgmt_lsm_gateway_profile_facts + namespace: '' + version_added: 3.0.0 + cp_mgmt_lsm_run_script: + description: Executes the lsm-run-script on a given list of targets. Run the + given script on the targets devices. + name: cp_mgmt_lsm_run_script + namespace: '' + version_added: 3.0.0 + cp_mgmt_md_permissions_profile: + description: Manages md-permissions-profile objects on Checkpoint over Web Services + API + name: cp_mgmt_md_permissions_profile + namespace: '' + version_added: 3.0.0 + cp_mgmt_md_permissions_profile_facts: + description: Get md-permissions-profile objects facts on Checkpoint over Web + Services API + name: cp_mgmt_md_permissions_profile_facts + namespace: '' + version_added: 3.0.0 + cp_mgmt_mds: + description: Manages mds objects on Checkpoint over Web Services API + name: cp_mgmt_mds + namespace: '' + version_added: 2.1.0 + cp_mgmt_mds_facts: + description: Get Multi-Domain Server (mds) objects facts on Check Point over + Web Services API + name: cp_mgmt_mds_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_multicast_address_range: + description: Manages multicast-address-range objects on Check Point over Web + Services API + name: cp_mgmt_multicast_address_range + namespace: '' + version_added: 1.0.0 + cp_mgmt_multicast_address_range_facts: + description: Get multicast-address-range objects facts on Check Point over Web + Services API + name: cp_mgmt_multicast_address_range_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_nat_rule_facts: + description: Get nat-rule objects facts on Checkpoint over Web Services API + name: cp_mgmt_nat_rule_facts + namespace: '' + version_added: 2.0.0 + cp_mgmt_nat_section: + description: Manages nat-section objects on Checkpoint over Web Services API + name: cp_mgmt_nat_section + namespace: '' + version_added: 2.0.0 + cp_mgmt_network: + description: Manages network objects on Check Point over Web Services API + name: cp_mgmt_network + namespace: '' + version_added: 1.0.0 + cp_mgmt_network_facts: + description: Get network objects facts on Check Point over Web Services API + name: cp_mgmt_network_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_network_feed: + description: Manages network-feed objects on Checkpoint over Web Services API + name: cp_mgmt_network_feed + namespace: '' + version_added: 3.0.0 + cp_mgmt_network_feed_facts: + description: Get network-feed objects facts on Checkpoint over Web Services + API + name: cp_mgmt_network_feed_facts + namespace: '' + version_added: 3.0.0 + cp_mgmt_objects_facts: + description: Get objects objects facts on Checkpoint over Web Services API + name: cp_mgmt_objects_facts + namespace: '' + version_added: 3.0.0 + cp_mgmt_package: + description: Manages package objects on Check Point over Web Services API + name: cp_mgmt_package + namespace: '' + version_added: 1.0.0 + cp_mgmt_package_facts: + description: Get package objects facts on Check Point over Web Services API + name: cp_mgmt_package_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_provisioning_profile_facts: + description: Get provisioning-profile objects facts on Checkpoint over Web Services + API + name: cp_mgmt_provisioning_profile_facts + namespace: '' + version_added: 3.0.0 + cp_mgmt_publish: + description: All the changes done by this user will be seen by all users only + after publish is called. + name: cp_mgmt_publish + namespace: '' + version_added: 1.0.0 + cp_mgmt_put_file: + description: put file on Check Point over Web Services API + name: cp_mgmt_put_file + namespace: '' + version_added: 1.0.0 + cp_mgmt_reject_session: + description: Workflow feature - Return the session to the submitter administrator. + name: cp_mgmt_reject_session + namespace: '' + version_added: 3.0.0 + cp_mgmt_repository_script: + description: Manages repository-script objects on Checkpoint over Web Services + API + name: cp_mgmt_repository_script + namespace: '' + version_added: 3.0.0 + cp_mgmt_repository_script_facts: + description: Get repository-script objects facts on Checkpoint over Web Services + API + name: cp_mgmt_repository_script_facts + namespace: '' + version_added: 3.0.0 + cp_mgmt_reset_sic: + description: Reset Secure Internal Communication (SIC). To complete the reset + operation need also to reset the device in the Check Point Configuration Tool + (by running cpconfig in Clish or Expert mode). Communication will not be possible + until you reset and re-initialize the device properly. + name: cp_mgmt_reset_sic + namespace: '' + version_added: 3.0.0 + cp_mgmt_run_ips_update: + description: Runs IPS database update. If "package-path" is not provided server + will try to get the latest package from the User Center. + name: cp_mgmt_run_ips_update + namespace: '' + version_added: 1.0.0 + cp_mgmt_run_script: + description: Executes the script on a given list of targets. + name: cp_mgmt_run_script + namespace: '' + version_added: 1.0.0 + cp_mgmt_security_zone: + description: Manages security-zone objects on Check Point over Web Services + API + name: cp_mgmt_security_zone + namespace: '' + version_added: 1.0.0 + cp_mgmt_security_zone_facts: + description: Get security-zone objects facts on Check Point over Web Services + API + name: cp_mgmt_security_zone_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_dce_rpc: + description: Manages service-dce-rpc objects on Check Point over Web Services + API + name: cp_mgmt_service_dce_rpc + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_dce_rpc_facts: + description: Get service-dce-rpc objects facts on Check Point over Web Services + API + name: cp_mgmt_service_dce_rpc_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_group: + description: Manages service-group objects on Check Point over Web Services + API + name: cp_mgmt_service_group + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_group_facts: + description: Get service-group objects facts on Check Point over Web Services + API + name: cp_mgmt_service_group_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_icmp: + description: Manages service-icmp objects on Check Point over Web Services API + name: cp_mgmt_service_icmp + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_icmp6: + description: Manages service-icmp6 objects on Check Point over Web Services + API + name: cp_mgmt_service_icmp6 + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_icmp6_facts: + description: Get service-icmp6 objects facts on Check Point over Web Services + API + name: cp_mgmt_service_icmp6_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_icmp_facts: + description: Get service-icmp objects facts on Check Point over Web Services + API + name: cp_mgmt_service_icmp_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_other: + description: Manages service-other objects on Check Point over Web Services + API + name: cp_mgmt_service_other + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_other_facts: + description: Get service-other objects facts on Check Point over Web Services + API + name: cp_mgmt_service_other_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_rpc: + description: Manages service-rpc objects on Check Point over Web Services API + name: cp_mgmt_service_rpc + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_rpc_facts: + description: Get service-rpc objects facts on Check Point over Web Services + API + name: cp_mgmt_service_rpc_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_sctp: + description: Manages service-sctp objects on Check Point over Web Services API + name: cp_mgmt_service_sctp + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_sctp_facts: + description: Get service-sctp objects facts on Check Point over Web Services + API + name: cp_mgmt_service_sctp_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_tcp: + description: Manages service-tcp objects on Check Point over Web Services API + name: cp_mgmt_service_tcp + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_tcp_facts: + description: Get service-tcp objects facts on Check Point over Web Services + API + name: cp_mgmt_service_tcp_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_udp: + description: Manages service-udp objects on Check Point over Web Services API + name: cp_mgmt_service_udp + namespace: '' + version_added: 1.0.0 + cp_mgmt_service_udp_facts: + description: Get service-udp objects facts on Check Point over Web Services + API + name: cp_mgmt_service_udp_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_session_facts: + description: Get session objects facts on Check Point over Web Services API + name: cp_mgmt_session_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_set_domain: + description: Edit existing object using object name or uid. + name: cp_mgmt_set_domain + namespace: '' + version_added: 2.1.0 + cp_mgmt_set_global_properties: + description: Edit Global Properties. + name: cp_mgmt_set_global_properties + namespace: '' + version_added: 3.0.0 + cp_mgmt_set_idp_default_assignment: + description: Set default Identity Provider assignment to be use for Management + server administrator access. + name: cp_mgmt_set_idp_default_assignment + namespace: '' + version_added: 3.0.0 + cp_mgmt_set_idp_to_domain_assignment: + description: Set Identity Provider assignment to domain, to allow administrator + login to that domain using that identity provider, if there is no Identity + Provider assigned to the domain the 'idp-default-assignment' will be used. + This command only available for Multi-Domain server. + name: cp_mgmt_set_idp_to_domain_assignment + namespace: '' + version_added: 3.0.0 + cp_mgmt_set_nat_rule: + description: Edit existing object using object name or uid. + name: cp_mgmt_set_nat_rule + namespace: '' + version_added: 2.0.0 + cp_mgmt_set_session: + description: Edit user's current session. + name: cp_mgmt_set_session + namespace: '' + version_added: 2.0.0 + cp_mgmt_set_threat_advanced_settings: + description: Edit Threat Prevention's Blades' Settings. + name: cp_mgmt_set_threat_advanced_settings + namespace: '' + version_added: 3.0.0 + cp_mgmt_show_access_section: + description: Retrieve existing object using object name or uid. + name: cp_mgmt_show_access_section + namespace: '' + version_added: 2.0.0 + cp_mgmt_show_cloud_services: + description: Show the connection status of the Management Server to Check Point's + Infinity Portal. + name: cp_mgmt_show_cloud_services + namespace: '' + version_added: 3.0.0 + cp_mgmt_show_global_properties: + description: Retrieve Global Properties. + name: cp_mgmt_show_global_properties + namespace: '' + version_added: 3.0.0 + cp_mgmt_show_https_section: + description: Retrieve existing HTTPS Inspection section using section name or + uid and layer name. + name: cp_mgmt_show_https_section + namespace: '' + version_added: 2.0.0 + cp_mgmt_show_idp_default_assignment: + description: Retrieve default Identity Provider assignment that used for Management + server administrator access. + name: cp_mgmt_show_idp_default_assignment + namespace: '' + version_added: 3.0.0 + cp_mgmt_show_logs: + description: Showing logs according to the given filter. + name: cp_mgmt_show_logs + namespace: '' + version_added: 2.0.0 + cp_mgmt_show_nat_section: + description: Retrieve existing object using object name or uid. + name: cp_mgmt_show_nat_section + namespace: '' + version_added: 2.0.0 + cp_mgmt_show_servers_and_processes: + description: Shows the status of all processes in the current machine (Multi-Domain + Server and all Domain Management / Log Servers). <br>This command is available + only on Multi-Domain Server. + name: cp_mgmt_show_servers_and_processes + namespace: '' + version_added: 3.0.0 + cp_mgmt_show_software_package_details: + description: Gets the software package information from the cloud. + name: cp_mgmt_show_software_package_details + namespace: '' + version_added: 2.0.0 + cp_mgmt_show_task: + description: Show task progress and details. + name: cp_mgmt_show_task + namespace: '' + version_added: 2.0.0 + cp_mgmt_show_tasks: + description: Retrieve all tasks and show their progress and details. + name: cp_mgmt_show_tasks + namespace: '' + version_added: 2.0.0 + cp_mgmt_show_threat_advanced_settings: + description: Show Threat Prevention's Blades' Settings. + name: cp_mgmt_show_threat_advanced_settings + namespace: '' + version_added: 3.0.0 + cp_mgmt_simple_cluster: + description: Manages simple-cluster objects on Checkpoint over Web Services + API + name: cp_mgmt_simple_cluster + namespace: '' + version_added: 3.0.0 + cp_mgmt_simple_cluster_facts: + description: Get simple-cluster objects facts on Checkpoint over Web Services + API + name: cp_mgmt_simple_cluster_facts + namespace: '' + version_added: 3.0.0 + cp_mgmt_simple_gateway: + description: Manages simple-gateway objects on Check Point over Web Services + API + name: cp_mgmt_simple_gateway + namespace: '' + version_added: 1.0.0 + cp_mgmt_simple_gateway_facts: + description: Get simple-gateway objects facts on Check Point over Web Services + API + name: cp_mgmt_simple_gateway_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_smtp_server: + description: Manages smtp-server objects on Checkpoint over Web Services API + name: cp_mgmt_smtp_server + namespace: '' + version_added: 3.0.0 + cp_mgmt_smtp_server_facts: + description: Get smtp-server objects facts on Checkpoint over Web Services API + name: cp_mgmt_smtp_server_facts + namespace: '' + version_added: 3.0.0 + cp_mgmt_submit_session: + description: Workflow feature - Submit the session for approval. + name: cp_mgmt_submit_session + namespace: '' + version_added: 3.0.0 + cp_mgmt_tag: + description: Manages tag objects on Check Point over Web Services API + name: cp_mgmt_tag + namespace: '' + version_added: 1.0.0 + cp_mgmt_tag_facts: + description: Get tag objects facts on Check Point over Web Services API + name: cp_mgmt_tag_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_test_sic_status: + description: Test SIC Status reflects the state of the gateway after it has + received the certificate issued by the ICA. If the SIC status is Unknown then + there is no connection between the gateway and the Security Management Server. + If the SIC status is No Communication, an error message will appear. It may + contain specific instructions on how to fix the situation. + name: cp_mgmt_test_sic_status + namespace: '' + version_added: 3.0.0 + cp_mgmt_threat_exception: + description: Manages threat-exception objects on Check Point over Web Services + API + name: cp_mgmt_threat_exception + namespace: '' + version_added: 1.0.0 + cp_mgmt_threat_exception_facts: + description: Get threat-exception objects facts on Check Point over Web Services + API + name: cp_mgmt_threat_exception_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_threat_indicator: + description: Manages threat-indicator objects on Check Point over Web Services + API + name: cp_mgmt_threat_indicator + namespace: '' + version_added: 1.0.0 + cp_mgmt_threat_indicator_facts: + description: Get threat-indicator objects facts on Check Point over Web Services + API + name: cp_mgmt_threat_indicator_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_threat_layer: + description: Manages threat-layer objects on Check Point over Web Services API + name: cp_mgmt_threat_layer + namespace: '' + version_added: 1.0.0 + cp_mgmt_threat_layer_facts: + description: Get threat-layer objects facts on Check Point over Web Services + API + name: cp_mgmt_threat_layer_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_threat_profile: + description: Manages threat-profile objects on Check Point over Web Services + API + name: cp_mgmt_threat_profile + namespace: '' + version_added: 1.0.0 + cp_mgmt_threat_profile_facts: + description: Get threat-profile objects facts on Check Point over Web Services + API + name: cp_mgmt_threat_profile_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_threat_protection_override: + description: Edit existing object using object name or uid. + name: cp_mgmt_threat_protection_override + namespace: '' + version_added: 1.0.0 + cp_mgmt_threat_rule: + description: Manages threat-rule objects on Check Point over Web Services API + name: cp_mgmt_threat_rule + namespace: '' + version_added: 1.0.0 + cp_mgmt_threat_rule_facts: + description: Get threat-rule objects facts on Check Point over Web Services + API + name: cp_mgmt_threat_rule_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_time: + description: Manages time objects on Check Point over Web Services API + name: cp_mgmt_time + namespace: '' + version_added: 1.0.0 + cp_mgmt_time_facts: + description: Get time objects facts on Check Point over Web Services API + name: cp_mgmt_time_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_trusted_client: + description: Manages trusted-client objects on Checkpoint over Web Services + API + name: cp_mgmt_trusted_client + namespace: '' + version_added: 2.1.0 + cp_mgmt_trusted_client_facts: + description: Get trusted-client objects facts on Checkpoint over Web Services + API + name: cp_mgmt_trusted_client_facts + namespace: '' + version_added: 2.1.0 + cp_mgmt_uninstall_software_package: + description: Uninstalls the software package from target machines. + name: cp_mgmt_uninstall_software_package + namespace: '' + version_added: 2.0.0 + cp_mgmt_update_provisioned_satellites: + description: Executes the update-provisioned-satellites on center gateways of + VPN communities. + name: cp_mgmt_update_provisioned_satellites + namespace: '' + version_added: 3.0.0 + cp_mgmt_verify_policy: + description: Verifies the policy of the selected package. + name: cp_mgmt_verify_policy + namespace: '' + version_added: 1.0.0 + cp_mgmt_verify_software_package: + description: Verifies the software package on target machines. + name: cp_mgmt_verify_software_package + namespace: '' + version_added: 2.0.0 + cp_mgmt_vpn_community_meshed: + description: Manages vpn-community-meshed objects on Check Point over Web Services + API + name: cp_mgmt_vpn_community_meshed + namespace: '' + version_added: 1.0.0 + cp_mgmt_vpn_community_meshed_facts: + description: Get vpn-community-meshed objects facts on Check Point over Web + Services API + name: cp_mgmt_vpn_community_meshed_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_vpn_community_star: + description: Manages vpn-community-star objects on Check Point over Web Services + API + name: cp_mgmt_vpn_community_star + namespace: '' + version_added: 1.0.0 + cp_mgmt_vpn_community_star_facts: + description: Get vpn-community-star objects facts on Check Point over Web Services + API + name: cp_mgmt_vpn_community_star_facts + namespace: '' + version_added: 1.0.0 + cp_mgmt_wildcard: + description: Manages wildcard objects on Check Point over Web Services API + name: cp_mgmt_wildcard + namespace: '' + version_added: 1.0.0 + cp_mgmt_wildcard_facts: + description: Get wildcard objects facts on Check Point over Web Services API + name: cp_mgmt_wildcard_facts + namespace: '' + version_added: 1.0.0 + netconf: {} + shell: {} + strategy: {} + vars: {} +version: 4.0.0 diff --git a/ansible_collections/check_point/mgmt/changelogs/changelog.yaml b/ansible_collections/check_point/mgmt/changelogs/changelog.yaml new file mode 100644 index 00000000..600d23a1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/changelogs/changelog.yaml @@ -0,0 +1,714 @@ +ancestor: null +releases: + 1.0.0: + modules: + - description: Manages access-layer objects on Check Point over Web Services API + name: cp_mgmt_access_layer + namespace: '' + - description: Get access-layer objects facts on Check Point over Web Services + API + name: cp_mgmt_access_layer_facts + namespace: '' + - description: Manages access-role objects on Check Point over Web Services API + name: cp_mgmt_access_role + namespace: '' + - description: Get access-role objects facts on Check Point over Web Services + API + name: cp_mgmt_access_role_facts + namespace: '' + - description: Manages access-rule objects on Check Point over Web Services API + name: cp_mgmt_access_rule + namespace: '' + - description: Get access-rule objects facts on Check Point over Web Services + API + name: cp_mgmt_access_rule_facts + namespace: '' + - description: Manages address-range objects on Check Point over Web Services + API + name: cp_mgmt_address_range + namespace: '' + - description: Get address-range objects facts on Check Point over Web Services + API + name: cp_mgmt_address_range_facts + namespace: '' + - description: Manages administrator objects on Checkpoint over Web Services API + name: cp_mgmt_administrator + namespace: '' + - description: Get administrator objects facts on Checkpoint over Web Services + API + name: cp_mgmt_administrator_facts + namespace: '' + - description: Manages application-site objects on Check Point over Web Services + API + name: cp_mgmt_application_site + namespace: '' + - description: Manages application-site-category objects on Check Point over Web + Services API + name: cp_mgmt_application_site_category + namespace: '' + - description: Get application-site-category objects facts on Check Point over + Web Services API + name: cp_mgmt_application_site_category_facts + namespace: '' + - description: Get application-site objects facts on Check Point over Web Services + API + name: cp_mgmt_application_site_facts + namespace: '' + - description: Manages application-site-group objects on Check Point over Web + Services API + name: cp_mgmt_application_site_group + namespace: '' + - description: Get application-site-group objects facts on Check Point over Web + Services API + name: cp_mgmt_application_site_group_facts + namespace: '' + - description: assign global assignment on Check Point over Web Services API + name: cp_mgmt_assign_global_assignment + namespace: '' + - description: All changes done by user are discarded and removed from database. + name: cp_mgmt_discard + namespace: '' + - description: Manages dns-domain objects on Check Point over Web Services API + name: cp_mgmt_dns_domain + namespace: '' + - description: Get dns-domain objects facts on Check Point over Web Services API + name: cp_mgmt_dns_domain_facts + namespace: '' + - description: Manages dynamic-object objects on Check Point over Web Services + API + name: cp_mgmt_dynamic_object + namespace: '' + - description: Get dynamic-object objects facts on Check Point over Web Services + API + name: cp_mgmt_dynamic_object_facts + namespace: '' + - description: Manages exception-group objects on Check Point over Web Services + API + name: cp_mgmt_exception_group + namespace: '' + - description: Get exception-group objects facts on Check Point over Web Services + API + name: cp_mgmt_exception_group_facts + namespace: '' + - description: Manages global-assignment objects on Check Point over Web Services + API + name: cp_mgmt_global_assignment + namespace: '' + - description: Get global-assignment objects facts on Check Point over Web Services + API + name: cp_mgmt_global_assignment_facts + namespace: '' + - description: Manages group objects on Check Point over Web Services API + name: cp_mgmt_group + namespace: '' + - description: Get group objects facts on Check Point over Web Services API + name: cp_mgmt_group_facts + namespace: '' + - description: Manages group-with-exclusion objects on Check Point over Web Services + API + name: cp_mgmt_group_with_exclusion + namespace: '' + - description: Get group-with-exclusion objects facts on Check Point over Web + Services API + name: cp_mgmt_group_with_exclusion_facts + namespace: '' + - description: Manages host objects on Check Point over Web Services API + name: cp_mgmt_host + namespace: '' + - description: Get host objects facts on Check Point over Web Services API + name: cp_mgmt_host_facts + namespace: '' + - description: install policy on Check Point over Web Services API + name: cp_mgmt_install_policy + namespace: '' + - description: Get Multi-Domain Server (mds) objects facts on Check Point over + Web Services API + name: cp_mgmt_mds_facts + namespace: '' + - description: Manages multicast-address-range objects on Check Point over Web + Services API + name: cp_mgmt_multicast_address_range + namespace: '' + - description: Get multicast-address-range objects facts on Check Point over Web + Services API + name: cp_mgmt_multicast_address_range_facts + namespace: '' + - description: Manages network objects on Check Point over Web Services API + name: cp_mgmt_network + namespace: '' + - description: Get network objects facts on Check Point over Web Services API + name: cp_mgmt_network_facts + namespace: '' + - description: Manages package objects on Check Point over Web Services API + name: cp_mgmt_package + namespace: '' + - description: Get package objects facts on Check Point over Web Services API + name: cp_mgmt_package_facts + namespace: '' + - description: All the changes done by this user will be seen by all users only + after publish is called. + name: cp_mgmt_publish + namespace: '' + - description: put file on Check Point over Web Services API + name: cp_mgmt_put_file + namespace: '' + - description: Runs IPS database update. If "package-path" is not provided server + will try to get the latest package from the User Center. + name: cp_mgmt_run_ips_update + namespace: '' + - description: Executes the script on a given list of targets. + name: cp_mgmt_run_script + namespace: '' + - description: Manages security-zone objects on Check Point over Web Services + API + name: cp_mgmt_security_zone + namespace: '' + - description: Get security-zone objects facts on Check Point over Web Services + API + name: cp_mgmt_security_zone_facts + namespace: '' + - description: Manages service-dce-rpc objects on Check Point over Web Services + API + name: cp_mgmt_service_dce_rpc + namespace: '' + - description: Get service-dce-rpc objects facts on Check Point over Web Services + API + name: cp_mgmt_service_dce_rpc_facts + namespace: '' + - description: Manages service-group objects on Check Point over Web Services + API + name: cp_mgmt_service_group + namespace: '' + - description: Get service-group objects facts on Check Point over Web Services + API + name: cp_mgmt_service_group_facts + namespace: '' + - description: Manages service-icmp objects on Check Point over Web Services API + name: cp_mgmt_service_icmp + namespace: '' + - description: Manages service-icmp6 objects on Check Point over Web Services + API + name: cp_mgmt_service_icmp6 + namespace: '' + - description: Get service-icmp6 objects facts on Check Point over Web Services + API + name: cp_mgmt_service_icmp6_facts + namespace: '' + - description: Get service-icmp objects facts on Check Point over Web Services + API + name: cp_mgmt_service_icmp_facts + namespace: '' + - description: Manages service-other objects on Check Point over Web Services + API + name: cp_mgmt_service_other + namespace: '' + - description: Get service-other objects facts on Check Point over Web Services + API + name: cp_mgmt_service_other_facts + namespace: '' + - description: Manages service-rpc objects on Check Point over Web Services API + name: cp_mgmt_service_rpc + namespace: '' + - description: Get service-rpc objects facts on Check Point over Web Services + API + name: cp_mgmt_service_rpc_facts + namespace: '' + - description: Manages service-sctp objects on Check Point over Web Services API + name: cp_mgmt_service_sctp + namespace: '' + - description: Get service-sctp objects facts on Check Point over Web Services + API + name: cp_mgmt_service_sctp_facts + namespace: '' + - description: Manages service-tcp objects on Check Point over Web Services API + name: cp_mgmt_service_tcp + namespace: '' + - description: Get service-tcp objects facts on Check Point over Web Services + API + name: cp_mgmt_service_tcp_facts + namespace: '' + - description: Manages service-udp objects on Check Point over Web Services API + name: cp_mgmt_service_udp + namespace: '' + - description: Get service-udp objects facts on Check Point over Web Services + API + name: cp_mgmt_service_udp_facts + namespace: '' + - description: Get session objects facts on Check Point over Web Services API + name: cp_mgmt_session_facts + namespace: '' + - description: Manages simple-gateway objects on Check Point over Web Services + API + name: cp_mgmt_simple_gateway + namespace: '' + - description: Get simple-gateway objects facts on Check Point over Web Services + API + name: cp_mgmt_simple_gateway_facts + namespace: '' + - description: Manages tag objects on Check Point over Web Services API + name: cp_mgmt_tag + namespace: '' + - description: Get tag objects facts on Check Point over Web Services API + name: cp_mgmt_tag_facts + namespace: '' + - description: Manages threat-exception objects on Check Point over Web Services + API + name: cp_mgmt_threat_exception + namespace: '' + - description: Get threat-exception objects facts on Check Point over Web Services + API + name: cp_mgmt_threat_exception_facts + namespace: '' + - description: Manages threat-indicator objects on Check Point over Web Services + API + name: cp_mgmt_threat_indicator + namespace: '' + - description: Get threat-indicator objects facts on Check Point over Web Services + API + name: cp_mgmt_threat_indicator_facts + namespace: '' + - description: Manages threat-layer objects on Check Point over Web Services API + name: cp_mgmt_threat_layer + namespace: '' + - description: Get threat-layer objects facts on Check Point over Web Services + API + name: cp_mgmt_threat_layer_facts + namespace: '' + - description: Manages threat-profile objects on Check Point over Web Services + API + name: cp_mgmt_threat_profile + namespace: '' + - description: Get threat-profile objects facts on Check Point over Web Services + API + name: cp_mgmt_threat_profile_facts + namespace: '' + - description: Edit existing object using object name or uid. + name: cp_mgmt_threat_protection_override + namespace: '' + - description: Manages threat-rule objects on Check Point over Web Services API + name: cp_mgmt_threat_rule + namespace: '' + - description: Get threat-rule objects facts on Check Point over Web Services + API + name: cp_mgmt_threat_rule_facts + namespace: '' + - description: Manages time objects on Check Point over Web Services API + name: cp_mgmt_time + namespace: '' + - description: Get time objects facts on Check Point over Web Services API + name: cp_mgmt_time_facts + namespace: '' + - description: Verifies the policy of the selected package. + name: cp_mgmt_verify_policy + namespace: '' + - description: Manages vpn-community-meshed objects on Check Point over Web Services + API + name: cp_mgmt_vpn_community_meshed + namespace: '' + - description: Get vpn-community-meshed objects facts on Check Point over Web + Services API + name: cp_mgmt_vpn_community_meshed_facts + namespace: '' + - description: Manages vpn-community-star objects on Check Point over Web Services + API + name: cp_mgmt_vpn_community_star + namespace: '' + - description: Get vpn-community-star objects facts on Check Point over Web Services + API + name: cp_mgmt_vpn_community_star_facts + namespace: '' + - description: Manages wildcard objects on Check Point over Web Services API + name: cp_mgmt_wildcard + namespace: '' + - description: Get wildcard objects facts on Check Point over Web Services API + name: cp_mgmt_wildcard_facts + namespace: '' + release_date: '2022-06-01' + 2.0.0: + modules: + - description: Manages access-section objects on Checkpoint over Web Services + API + name: cp_mgmt_access_section + namespace: '' + - description: Add API key for administrator, to enable login with it. For the + key to be valid publish is needed. + name: cp_mgmt_add_api_key + namespace: '' + - description: Imports a Data Center Object from a Data Center Server.<br> Data + Center Object represents an object in the cloud environment. + name: cp_mgmt_add_data_center_object + namespace: '' + - description: Create new object. + name: cp_mgmt_add_nat_rule + namespace: '' + - description: Get data-center-object objects facts on Checkpoint over Web Services + API + name: cp_mgmt_data_center_object_facts + namespace: '' + - description: Delete the API key. For the key to be invalid publish is needed. + name: cp_mgmt_delete_api_key + namespace: '' + - description: Delete existing object using object name or uid. + name: cp_mgmt_delete_data_center_object + namespace: '' + - description: Delete existing object using object name or uid. + name: cp_mgmt_delete_nat_rule + namespace: '' + - description: Manages https-section objects on Checkpoint over Web Services API + name: cp_mgmt_https_section + namespace: '' + - description: Installs the software package on target machines. + name: cp_mgmt_install_software_package + namespace: '' + - description: Get nat-rule objects facts on Checkpoint over Web Services API + name: cp_mgmt_nat_rule_facts + namespace: '' + - description: Manages nat-section objects on Checkpoint over Web Services API + name: cp_mgmt_nat_section + namespace: '' + - description: Edit existing object using object name or uid. + name: cp_mgmt_set_nat_rule + namespace: '' + - description: Edit user's current session. + name: cp_mgmt_set_session + namespace: '' + - description: Retrieve existing object using object name or uid. + name: cp_mgmt_show_access_section + namespace: '' + - description: Retrieve existing HTTPS Inspection section using section name or + uid and layer name. + name: cp_mgmt_show_https_section + namespace: '' + - description: Showing logs according to the given filter. + name: cp_mgmt_show_logs + namespace: '' + - description: Retrieve existing object using object name or uid. + name: cp_mgmt_show_nat_section + namespace: '' + - description: Gets the software package information from the cloud. + name: cp_mgmt_show_software_package_details + namespace: '' + - description: Show task progress and details. + name: cp_mgmt_show_task + namespace: '' + - description: Retrieve all tasks and show their progress and details. + name: cp_mgmt_show_tasks + namespace: '' + - description: Uninstalls the software package from target machines. + name: cp_mgmt_uninstall_software_package + namespace: '' + - description: Verifies the software package on target machines. + name: cp_mgmt_verify_software_package + namespace: '' + release_date: '2022-06-01' + 2.1.0: + modules: + - description: Create new object + name: cp_mgmt_add_domain + namespace: '' + - description: Delete existing object using object name or uid. + name: cp_mgmt_delete_domain + namespace: '' + - description: Get domain objects facts on Checkpoint over Web Services API + name: cp_mgmt_domain_facts + namespace: '' + - description: Manages identity-tag objects on Checkpoint over Web Services API + name: cp_mgmt_identity_tag + namespace: '' + - description: Get identity-tag objects facts on Checkpoint over Web Services + API + name: cp_mgmt_identity_tag_facts + namespace: '' + - description: Copies the user database and network objects information to specified + targets. + name: cp_mgmt_install_database + namespace: '' + - description: Manages mds objects on Checkpoint over Web Services API + name: cp_mgmt_mds + namespace: '' + - description: Edit existing object using object name or uid. + name: cp_mgmt_set_domain + namespace: '' + - description: Manages trusted-client objects on Checkpoint over Web Services + API + name: cp_mgmt_trusted_client + namespace: '' + - description: Get trusted-client objects facts on Checkpoint over Web Services + API + name: cp_mgmt_trusted_client_facts + namespace: '' + release_date: '2022-06-01' + 2.2.0: + modules: + - description: Manages access-rules objects on Check Point over Web Services API + name: cp_mgmt_access_rules + namespace: '' + release_date: '2022-06-01' + 2.3.0: + modules: + - description: Manages lsm-cluster objects on Checkpoint over Web Services API + name: cp_mgmt_lsm_cluster + namespace: '' + - description: Get lsm-cluster objects facts on Checkpoint over Web Services API + name: cp_mgmt_lsm_cluster_facts + namespace: '' + - description: Manages lsm-gateway objects on Checkpoint over Web Services API + name: cp_mgmt_lsm_gateway + namespace: '' + - description: Get lsm-gateway objects facts on Checkpoint over Web Services API + name: cp_mgmt_lsm_gateway_facts + namespace: '' + release_date: '2022-06-01' + 3.0.0: + changes: + release_summary: This is release 3.0.0 of ``check_point.mgmt``, released on + 2022-06-07. + fragments: + - 3.0.0.yml + modules: + - description: Creates new rules in batch. Use this API to achieve optimum performance + when adding more than one rule. + name: cp_mgmt_add_rules_batch + namespace: '' + - description: Workflow feature - Approve and Publish the session. + name: cp_mgmt_approve_session + namespace: '' + - description: Check if a target can reach or parse a network feed; can work with + an existing feed object or with a new one (by providing all relevant feed + parameters). + name: cp_mgmt_check_network_feed + namespace: '' + - description: Check if a target can reach or parse a threat IOC feed; can work + with an existing feed object or with a new one (by providing all relevant + feed parameters). + name: cp_mgmt_check_threat_ioc_feed + namespace: '' + - description: Retrieve all existing cluster members in domain. + name: cp_mgmt_cluster_members_facts + namespace: '' + - description: Securely connect the Management Server to Check Point's Infinity + Portal. <br>This is a preliminary operation so that the management server + can use various Check Point cloud-based security services hosted in the Infinity + Portal. + name: cp_mgmt_connect_cloud_services + namespace: '' + - description: Delete rules in batch from the same layer. Use this API to achieve + optimum performance when removing more than one rule. + name: cp_mgmt_delete_rules_batch + namespace: '' + - description: Disconnect the Management Server from Check Point's Infinity Portal. + name: cp_mgmt_disconnect_cloud_services + namespace: '' + - description: Manages domain-permissions-profile objects on Checkpoint over Web + Services API + name: cp_mgmt_domain_permissions_profile + namespace: '' + - description: Get domain-permissions-profile objects facts on Checkpoint over + Web Services API + name: cp_mgmt_domain_permissions_profile_facts + namespace: '' + - description: Get actual platform (Hardware, Version, OS) from gateway, cluster + or Check Point host. + name: cp_mgmt_get_platform + namespace: '' + - description: Manages idp-administrator-group objects on Checkpoint over Web + Services API + name: cp_mgmt_idp_administrator_group + namespace: '' + - description: Get idp-administrator-group objects facts on Checkpoint over Web + Services API + name: cp_mgmt_idp_administrator_group_facts + namespace: '' + - description: Get idp-to-domain-assignment objects facts on Checkpoint over Web + Services API + name: cp_mgmt_idp_to_domain_assignment_facts + namespace: '' + - description: Import Outbound Inspection certificate for HTTPS inspection. + name: cp_mgmt_import_outbound_inspection_certificate + namespace: '' + - description: Executes the lsm-install-policy on a given list of targets. Install + the LSM policy that defined on the attached LSM profile on the targets devices. + name: cp_mgmt_install_lsm_policy + namespace: '' + - description: Executes the lsm-install-settings on a given list of targets. Install + the provisioning settings that defined on the object on the targets devices. + name: cp_mgmt_install_lsm_settings + namespace: '' + - description: Manages interoperable-device objects on Checkpoint over Web Services + API + name: cp_mgmt_interoperable_device + namespace: '' + - description: Get interoperable-device objects facts on Checkpoint over Web Services + API + name: cp_mgmt_interoperable_device_facts + namespace: '' + - description: Get lsm-cluster-profile objects facts on Checkpoint over Web Services + API + name: cp_mgmt_lsm_cluster_profile_facts + namespace: '' + - description: Get lsm-gateway-profile objects facts on Checkpoint over Web Services + API + name: cp_mgmt_lsm_gateway_profile_facts + namespace: '' + - description: Executes the lsm-run-script on a given list of targets. Run the + given script on the targets devices. + name: cp_mgmt_lsm_run_script + namespace: '' + - description: Manages md-permissions-profile objects on Checkpoint over Web Services + API + name: cp_mgmt_md_permissions_profile + namespace: '' + - description: Get md-permissions-profile objects facts on Checkpoint over Web + Services API + name: cp_mgmt_md_permissions_profile_facts + namespace: '' + - description: Manages network-feed objects on Checkpoint over Web Services API + name: cp_mgmt_network_feed + namespace: '' + - description: Get network-feed objects facts on Checkpoint over Web Services + API + name: cp_mgmt_network_feed_facts + namespace: '' + - description: Get objects objects facts on Checkpoint over Web Services API + name: cp_mgmt_objects_facts + namespace: '' + - description: Get provisioning-profile objects facts on Checkpoint over Web Services + API + name: cp_mgmt_provisioning_profile_facts + namespace: '' + - description: Workflow feature - Return the session to the submitter administrator. + name: cp_mgmt_reject_session + namespace: '' + - description: Manages repository-script objects on Checkpoint over Web Services + API + name: cp_mgmt_repository_script + namespace: '' + - description: Get repository-script objects facts on Checkpoint over Web Services + API + name: cp_mgmt_repository_script_facts + namespace: '' + - description: Reset Secure Internal Communication (SIC). To complete the reset + operation need also to reset the device in the Check Point Configuration Tool + (by running cpconfig in Clish or Expert mode). Communication will not be possible + until you reset and re-initialize the device properly. + name: cp_mgmt_reset_sic + namespace: '' + - description: Edit Global Properties. + name: cp_mgmt_set_global_properties + namespace: '' + - description: Set default Identity Provider assignment to be use for Management + server administrator access. + name: cp_mgmt_set_idp_default_assignment + namespace: '' + - description: Set Identity Provider assignment to domain, to allow administrator + login to that domain using that identity provider, if there is no Identity + Provider assigned to the domain the 'idp-default-assignment' will be used. + This command only available for Multi-Domain server. + name: cp_mgmt_set_idp_to_domain_assignment + namespace: '' + - description: Create or update a certificate to be used as outbound certificate + for HTTPS inspection. <br>The outbound CA certificate will be used by the + Gateway to inspect SSL traffic. + name: cp_mgmt_set_outbound_inspection_certificate + namespace: '' + - description: Edit Threat Prevention's Blades' Settings. + name: cp_mgmt_set_threat_advanced_settings + namespace: '' + - description: Show the connection status of the Management Server to Check Point's + Infinity Portal. + name: cp_mgmt_show_cloud_services + namespace: '' + - description: Retrieve Global Properties. + name: cp_mgmt_show_global_properties + namespace: '' + - description: Retrieve default Identity Provider assignment that used for Management + server administrator access. + name: cp_mgmt_show_idp_default_assignment + namespace: '' + - description: Show outbound inspection certificate. + name: cp_mgmt_show_outbound_inspection_certificate + namespace: '' + - description: Shows the status of all processes in the current machine (Multi-Domain + Server and all Domain Management / Log Servers). <br>This command is available + only on Multi-Domain Server. + name: cp_mgmt_show_servers_and_processes + namespace: '' + - description: Show Threat Prevention's Blades' Settings. + name: cp_mgmt_show_threat_advanced_settings + namespace: '' + - description: Manages simple-cluster objects on Checkpoint over Web Services + API + name: cp_mgmt_simple_cluster + namespace: '' + - description: Get simple-cluster objects facts on Checkpoint over Web Services + API + name: cp_mgmt_simple_cluster_facts + namespace: '' + - description: Manages smtp-server objects on Checkpoint over Web Services API + name: cp_mgmt_smtp_server + namespace: '' + - description: Get smtp-server objects facts on Checkpoint over Web Services API + name: cp_mgmt_smtp_server_facts + namespace: '' + - description: Workflow feature - Submit the session for approval. + name: cp_mgmt_submit_session + namespace: '' + - description: Test SIC Status reflects the state of the gateway after it has + received the certificate issued by the ICA. If the SIC status is Unknown then + there is no connection between the gateway and the Security Management Server. + If the SIC status is No Communication, an error message will appear. It may + contain specific instructions on how to fix the situation. + name: cp_mgmt_test_sic_status + namespace: '' + - description: Executes the update-provisioned-satellites on center gateways of + VPN communities. + name: cp_mgmt_update_provisioned_satellites + namespace: '' + release_date: '2022-05-31' + 3.1.0: + changes: + release_summary: This is release 3.1.0 of ``check_point.mgmt``, released on + 2022-07-04. + fragments: + - 3.1.0.yml + release_date: '2022-07-04' + 3.2.0: + changes: + release_summary: This is release 3.2.0 of ``check_point.mgmt``, released on + 2022-08-09. + fragments: + - 3.2.0.yml + release_date: '2022-06-09' + 4.0.0: + changes: + breaking_changes: + - cp_mgmt_access_role - the 'machines' parameter now accepts a single str and + a new parameter 'machines_list' of type dict has been added. the 'users' parameter + now accepts a single str and a new parameter 'users_list' of type dict has + been added. + - cp_mgmt_access_rule - the 'vpn' parameter now accepts a single str and a new + parameter 'vpn_list' of type dict has been added. the 'position_by_rule' parameter + has been changed to 'relative_position' with support of positioning above/below + a section (and not just a rule). the 'relative_position' parameter has also + 'top' and 'bottom' suboptions which allows positioning a rule at the top and + bottom of a section respectively. a new parameter 'search_entire_rulebase' + has been added to allow the relative positioning to be unlimited (was previously + limited to 50 rules) + - cp_mgmt_administrator - the 'permissions_profile' parameter now accepts a + single str and a new parameter 'permissions_profile_list' of type dict has + been added. + - cp_mgmt_publish - the 'uid' parameter has been removed. + bugfixes: + - cp_mgmt_access_rule - support for relative positioning for rulebase with more + than 50 rules (https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/issues/69) + - cp_mgmt_administrator - specifying the administartor's permissions profile + now works for both SMC and MDS (https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/issues/83) + - meta/runtime.yml - update value of minimum ansible version and remove redirect + (https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/issues/84) + major_changes: + - plugins/httpapi/checkpoint - Support for Smart-1 Cloud with new variable 'ansible_cloud_mgmt_id' + release_summary: This is release 4.0.0 of ``check_point.mgmt``, released on + 2022-09-14. + fragments: + - 4.0.0.yml + release_date: '2022-06-09' diff --git a/ansible_collections/check_point/mgmt/changelogs/config.yaml b/ansible_collections/check_point/mgmt/changelogs/config.yaml new file mode 100644 index 00000000..359f5e69 --- /dev/null +++ b/ansible_collections/check_point/mgmt/changelogs/config.yaml @@ -0,0 +1,32 @@ +changelog_filename_template: ../CHANGELOG.rst +changelog_filename_version_depth: 0 +changes_file: changelog.yaml +changes_format: combined +ignore_other_fragment_extensions: true +keep_fragments: false +mention_ancestor: true +new_plugins_after_name: removed_features +notesdir: fragments +prelude_section_name: release_summary +prelude_section_title: Release Summary +sanitize_changelog: true +sections: +- - major_changes + - Major Changes +- - minor_changes + - Minor Changes +- - breaking_changes + - Breaking Changes / Porting Guide +- - deprecated_features + - Deprecated Features +- - removed_features + - Removed Features (previously deprecated) +- - security_fixes + - Security Fixes +- - bugfixes + - Bugfixes +- - known_issues + - Known Issues +title: Check_Point.Mgmt +trivial_section_name: trivial +use_fqcn: true diff --git a/ansible_collections/check_point/mgmt/meta/execution-environment.yml b/ansible_collections/check_point/mgmt/meta/execution-environment.yml new file mode 100644 index 00000000..ea607057 --- /dev/null +++ b/ansible_collections/check_point/mgmt/meta/execution-environment.yml @@ -0,0 +1,5 @@ +--- +version: 1 + +dependencies: + galaxy: requirements.yml
\ No newline at end of file diff --git a/ansible_collections/check_point/mgmt/meta/runtime.yml b/ansible_collections/check_point/mgmt/meta/runtime.yml new file mode 100644 index 00000000..30a544b7 --- /dev/null +++ b/ansible_collections/check_point/mgmt/meta/runtime.yml @@ -0,0 +1 @@ +requires_ansible: '>=2.9.10'
\ No newline at end of file diff --git a/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_access_rules.py b/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_access_rules.py new file mode 100644 index 00000000..3a06797d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_access_rules.py @@ -0,0 +1,60 @@ +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + + +from ansible.errors import AnsibleActionFail +from ansible.plugins.action import ActionBase +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import \ + prepare_rule_params_for_execute_module, check_if_to_publish_for_action + + +class ActionModule(ActionBase): + + def run(self, tmp=None, task_vars=None): + + module = super(ActionModule, self).run(tmp, task_vars) + + result = self._execute_module(module_name='check_point.mgmt.cp_mgmt_access_rules', module_args=self._task.args, + task_vars=task_vars, tmp=tmp) + + if 'msg' in result.keys(): + raise AnsibleActionFail(result['msg']) + + module_args = self._task.args + + fields = {'position', 'layer', 'auto_publish_session'} + rules_list = module_args['rules'] + for rule in rules_list: + for field in fields: + if field in rule.keys(): + raise AnsibleActionFail('Unsupported parameter ' + field + ' for rule') + # check_fields_for_rule_action_module(module_args) + rules_list = self._task.args['rules'] + position = 1 + below_rule_name = None + + for rule in rules_list: + rule, position, below_rule_name = prepare_rule_params_for_execute_module(rule=rule, module_args=module_args, + position=position, + below_rule_name=below_rule_name) + + result['rule: ' + rule['name']] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_access_rule', + module_args=rule, + task_vars=task_vars, tmp=tmp, wrap_async=False) + if 'changed' in result['rule: ' + rule['name']].keys() and \ + result['rule: ' + rule['name']]['changed'] is True: + result['changed'] = True + if 'failed' in result['rule: ' + rule['name']].keys() and result['rule: ' + rule['name']]['failed'] is True: + temp = result['rule: ' + rule['name']].copy() + result = {} + result['rule: ' + rule['name']] = temp + result['failed'] = True + result['discard:'] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_discard', + module_args={}, task_vars=task_vars, tmp=tmp) + break + if check_if_to_publish_for_action(result, module_args): + result['publish:'] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_publish', module_args={}, + task_vars=task_vars, tmp=tmp) + + return result diff --git a/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_commands.py b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_commands.py new file mode 100644 index 00000000..19e13ffa --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_commands.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +class ModuleDocFragment(object): + + # Standard files documentation fragment + DOCUMENTATION = r''' +options: + wait_for_task: + description: + - Wait for the task to end. Such as publish task. + type: bool + default: True + wait_for_task_timeout: + description: + - How many minutes to wait until throwing a timeout error. + type: int + default: 30 + version: + description: + - Version of checkpoint. If not given one, the latest version taken. + type: str +''' diff --git a/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_facts.py b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_facts.py new file mode 100644 index 00000000..08a6b895 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_facts.py @@ -0,0 +1,21 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +class ModuleDocFragment(object): + + # Standard files documentation fragment + DOCUMENTATION = r''' +options: + version: + description: + - Version of checkpoint. If not given one, the latest version taken. + type: str +''' diff --git a/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects.py b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects.py new file mode 100644 index 00000000..6df1f2f8 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects.py @@ -0,0 +1,42 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +class ModuleDocFragment(object): + + # Standard files documentation fragment + DOCUMENTATION = r''' +options: + state: + description: + - State of the access rule (present or absent). Defaults to present. + type: str + default: present + choices: + - 'present' + - 'absent' + auto_publish_session: + description: + - Publish the current session if changes have been performed + after task completes. + type: bool + wait_for_task: + description: + - Wait for the task to end. Such as publish task. + type: bool + default: True + wait_for_task_timeout: + description: + - How many minutes to wait until throwing a timeout error. + type: int + default: 30 + version: + description: + - Version of checkpoint. If not given one, the latest version taken. + type: str +''' diff --git a/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects_action_module.py b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects_action_module.py new file mode 100644 index 00000000..992428bb --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects_action_module.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2019, Or Soffer <orso@checkpoint.com> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +class ModuleDocFragment(object): + + # Standard files documentation fragment + DOCUMENTATION = r''' +options: + auto_publish_session: + description: + - Publish the current session if changes have been performed + after task completes. + type: bool + wait_for_task_timeout: + description: + - How many minutes to wait until throwing a timeout error. + type: int + default: 30 + version: + description: + - Version of checkpoint. If not given one, the latest version taken. + type: str +''' diff --git a/ansible_collections/check_point/mgmt/plugins/httpapi/checkpoint.py b/ansible_collections/check_point/mgmt/plugins/httpapi/checkpoint.py new file mode 100644 index 00000000..ade89cb0 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/httpapi/checkpoint.py @@ -0,0 +1,114 @@ +# (c) 2018 Red Hat Inc. +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +DOCUMENTATION = """ +--- +author: Ansible Networking Team (@rcarrillocruz) +name: checkpoint +short_description: HttpApi Plugin for Checkpoint devices +description: + - This HttpApi plugin provides methods to connect to Checkpoint + devices over a HTTP(S)-based api. +version_added: "2.8.0" +options: + domain: + type: str + description: + - Specifies the domain of the Check Point device + vars: + - name: ansible_checkpoint_domain + api_key: + type: str + description: + - Login with api-key instead of user & password + vars: + - name: ansible_api_key + cloud_mgmt_id: + type: str + description: + - The Cloud Management ID + vars: + - name: ansible_cloud_mgmt_id +""" + +import json + +from ansible.module_utils.basic import to_text +from ansible.errors import AnsibleConnectionFailure +from ansible.module_utils.six.moves.urllib.error import HTTPError +from ansible.plugins.httpapi import HttpApiBase +from ansible.module_utils.connection import ConnectionError + +BASE_HEADERS = { + 'Content-Type': 'application/json', + 'User-Agent': 'Ansible', +} + + +class HttpApi(HttpApiBase): + def login(self, username, password): + payload = {} + cp_domain = self.get_option('domain') + cp_api_key = self.get_option('api_key') + if cp_domain: + payload['domain'] = cp_domain + if username and password and not cp_api_key: + payload['user'] = username + payload['password'] = password + elif cp_api_key and not username and not password: + payload['api-key'] = cp_api_key + else: + raise AnsibleConnectionFailure('[Username and password] or api_key are required for login') + url = '/web_api/login' + response, response_data = self.send_request(url, payload) + + try: + self.connection._auth = {'X-chkp-sid': response_data['sid']} + except KeyError: + raise ConnectionError( + 'Server returned response without token info during connection authentication: %s' % response) + # Case of read-only + if 'uid' in response_data.keys(): + self.connection._session_uid = response_data['uid'] + + def logout(self): + url = '/web_api/logout' + + response, dummy = self.send_request(url, None) + + def get_session_uid(self): + return self.connection._session_uid + + def send_request(self, path, body_params): + data = json.dumps(body_params) if body_params else '{}' + cp_cloud_mgmt_id = self.get_option('cloud_mgmt_id') + if cp_cloud_mgmt_id: + path = '/' + cp_cloud_mgmt_id + path + try: + self._display_request() + response, response_data = self.connection.send(path, data, method='POST', headers=BASE_HEADERS) + value = self._get_response_value(response_data) + + return response.getcode(), self._response_to_json(value) + except AnsibleConnectionFailure as e: + return 404, e.message + except HTTPError as e: + error = json.loads(e.read()) + return e.code, error + + def _display_request(self): + self.connection.queue_message('vvvv', 'Web Services: %s %s' % ('POST', self.connection._url)) + + def _get_response_value(self, response_data): + return to_text(response_data.getvalue()) + + def _response_to_json(self, response_text): + try: + return json.loads(response_text) if response_text else {} + # JSONDecodeError only available on Python 3.5+ + except ValueError: + raise ConnectionError('Invalid JSON response: %s' % response_text) diff --git a/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py b/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py new file mode 100644 index 00000000..476e56f1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py @@ -0,0 +1,807 @@ +# This code is part of Ansible, but is an independent component. +# This particular file snippet, and this file snippet only, is BSD licensed. +# Modules you write using this snippet, which is embedded dynamically by Ansible +# still belong to the author of the module, and may assign their own license +# to the complete work. +# +# (c) 2018 Red Hat Inc. +# +# Redistribution and use in source and binary forms, with or without modification, +# are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +import time + +from ansible.module_utils.connection import Connection + +checkpoint_argument_spec_for_action_module = dict( + auto_publish_session=dict(type='bool'), + wait_for_task_timeout=dict(type='int', default=30), + version=dict(type='str') +) + +checkpoint_argument_spec_for_objects = dict( + auto_publish_session=dict(type='bool'), + wait_for_task=dict(type='bool', default=True), + wait_for_task_timeout=dict(type='int', default=30), + state=dict(type='str', choices=['present', 'absent'], default='present'), + version=dict(type='str') +) + +checkpoint_argument_spec_for_facts = dict( + version=dict(type='str') +) + +checkpoint_argument_spec_for_commands = dict( + wait_for_task=dict(type='bool', default=True), + wait_for_task_timeout=dict(type='int', default=30), + version=dict(type='str') +) + +delete_params = ['name', 'uid', 'layer', 'exception-group-name', 'rule-name', 'package'] + +remove_from_set_payload = {'lsm-cluster': ['security-profile', 'name-prefix', 'name-suffix', 'main-ip-address'], + 'md-permissions-profile': ['permission-level']} + +remove_from_add_payload = {'lsm-cluster': ['name']} + + +# parse failure message with code and response +def parse_fail_message(code, response): + return 'Checkpoint device returned error {0} with message {1}'.format(code, response) + + +# send the request to checkpoint +def send_request(connection, version, url, payload=None): + code, response = connection.send_request('/web_api/' + version + url, payload) + + return code, response + + +# get the payload from the user parameters +def is_checkpoint_param(parameter): + if parameter == 'auto_publish_session' or \ + parameter == 'state' or \ + parameter == 'wait_for_task' or \ + parameter == 'wait_for_task_timeout' or \ + parameter == 'version': + return False + return True + + +def contains_show_identifier_param(payload): + identifier_params = ["name", "uid", "assigned-domain"] + for param in identifier_params: + if payload.get(param) is not None: + return True + return False + + +# build the payload from the parameters which has value (not None), and they are parameter of checkpoint API as well +def get_payload_from_parameters(params): + payload = {} + for parameter in params: + parameter_value = params[parameter] + if parameter_value is not None and is_checkpoint_param(parameter): + if isinstance(parameter_value, dict): + payload[parameter.replace("_", "-")] = get_payload_from_parameters(parameter_value) + elif isinstance(parameter_value, list) and len(parameter_value) != 0 and isinstance(parameter_value[0], dict): + payload_list = [] + for element_dict in parameter_value: + payload_list.append(get_payload_from_parameters(element_dict)) + payload[parameter.replace("_", "-")] = payload_list + else: + # special handle for this param in order to avoid two params called "version" + if parameter == "gateway_version" or parameter == "cluster_version": + parameter = "version" + + payload[parameter.replace("_", "-")] = parameter_value + + return payload + + +# wait for task +def wait_for_task(module, version, connection, task_id): + task_id_payload = {'task-id': task_id, 'details-level': 'full'} + task_complete = False + minutes_until_timeout = 30 + if module.params['wait_for_task_timeout'] is not None and module.params['wait_for_task_timeout'] >= 0: + minutes_until_timeout = module.params['wait_for_task_timeout'] + max_num_iterations = minutes_until_timeout * 30 + current_iteration = 0 + + # As long as there is a task in progress + while not task_complete and current_iteration < max_num_iterations: + current_iteration += 1 + # Check the status of the task + code, response = send_request(connection, version, 'show-task', task_id_payload) + + attempts_counter = 0 + while code != 200: + if attempts_counter < 5: + attempts_counter += 1 + time.sleep(2) + code, response = send_request(connection, version, 'show-task', task_id_payload) + else: + response['message'] = "ERROR: Failed to handle asynchronous tasks as synchronous, tasks result is" \ + " undefined. " + response['message'] + module.fail_json(msg=parse_fail_message(code, response)) + + # Count the number of tasks that are not in-progress + completed_tasks = 0 + for task in response['tasks']: + if task['status'] == 'failed': + status_description, comments = get_status_description_and_comments(task) + if comments and status_description: + module.fail_json( + msg='Task {0} with task id {1} failed. Message: {2} with description: {3} - ' + 'Look at the logs for more details ' + .format(task['task-name'], task['task-id'], comments, status_description)) + elif comments: + module.fail_json(msg='Task {0} with task id {1} failed. Message: {2} - Look at the logs for more details ' + .format(task['task-name'], task['task-id'], comments)) + elif status_description: + module.fail_json(msg='Task {0} with task id {1} failed. Message: {2} - Look at the logs for more ' + 'details ' + .format(task['task-name'], task['task-id'], status_description)) + else: + module.fail_json(msg='Task {0} with task id {1} failed. Look at the logs for more details' + .format(task['task-name'], task['task-id'])) + if task['status'] == 'in progress': + break + completed_tasks += 1 + + # Are we done? check if all tasks are completed + if completed_tasks == len(response["tasks"]) and completed_tasks != 0: + task_complete = True + else: + time.sleep(2) # Wait for two seconds + if not task_complete: + module.fail_json(msg="ERROR: Timeout. Task-id: {0}.".format(task_id_payload['task-id'])) + else: + return response + + +# Getting a status description and comments of task failure details +def get_status_description_and_comments(task): + status_description = None + comments = None + if 'comments' in task and task['comments']: + comments = task['comments'] + if 'task-details' in task and task['task-details']: + task_details = task['task-details'][0] + if 'statusDescription' in task_details: + status_description = task_details['statusDescription'] + return status_description, comments + + +# if failed occurred, in some cases we want to discard changes before exiting. We also notify the user about the `discard` +def discard_and_fail(module, code, response, connection, version): + discard_code, discard_response = send_request(connection, version, 'discard') + if discard_code != 200: + try: + module.fail_json(msg=parse_fail_message(code, response) + ' Failed to discard session {0}' + ' with error {1} with message {2}'.format(connection.get_session_uid(), + discard_code, discard_response)) + except Exception: + # Read-only mode without UID + module.fail_json(msg=parse_fail_message(code, response) + ' Failed to discard session' + ' with error {0} with message {1}'.format(discard_code, discard_response)) + + module.fail_json(msg=parse_fail_message(code, response) + ' Unpublished changes were discarded') + + +# handle publish command, and wait for it to end if the user asked so +def handle_publish(module, connection, version): + if 'auto_publish_session' in module.params and module.params['auto_publish_session']: + publish_code, publish_response = send_request(connection, version, 'publish') + if publish_code != 200: + discard_and_fail(module, publish_code, publish_response, connection, version) + if module.params['wait_for_task']: + wait_for_task(module, version, connection, publish_response['task-id']) + + +# if user insert a specific version, we add it to the url +def get_version(module): + return ('v' + module.params['version'] + '/') if module.params.get('version') else '' + + +# if code is 400 (bad request) or 500 (internal error) - fail +def handle_equals_failure(module, equals_code, equals_response): + if equals_code == 400 or equals_code == 500: + module.fail_json(msg=parse_fail_message(equals_code, equals_response)) + if equals_code == 404 and equals_response['code'] == 'generic_err_command_not_found': + module.fail_json(msg='Relevant hotfix is not installed on Check Point server. See sk114661 on Check Point Support Center.') + + +# handle call +def handle_call(connection, version, call, payload, module, to_publish, to_discard_on_failure): + code, response = send_request(connection, version, call, payload) + if code != 200: + if to_discard_on_failure: + discard_and_fail(module, code, response, connection, version) + else: + module.fail_json(msg=parse_fail_message(code, response)) + else: + if 'wait_for_task' in module.params and module.params['wait_for_task']: + if 'task-id' in response: + response = wait_for_task(module, version, connection, response['task-id']) + elif 'tasks' in response: + for task in response['tasks']: + if 'task-id' in task: + task_id = task['task-id'] + response[task_id] = wait_for_task(module, version, connection, task['task-id']) + del response['tasks'] + if to_publish: + handle_publish(module, connection, version) + return response + + +# handle a command +def api_command(module, command): + payload = get_payload_from_parameters(module.params) + connection = Connection(module._socket_path) + version = get_version(module) + + code, response = send_request(connection, version, command, payload) + result = {'changed': True} + + if code == 200: + if module.params['wait_for_task']: + if 'task-id' in response: + response = wait_for_task(module, version, connection, response['task-id']) + elif 'tasks' in response: + for task in response['tasks']: + if 'task-id' in task: + task_id = task['task-id'] + response[task_id] = wait_for_task(module, version, connection, task['task-id']) + del response['tasks'] + + result[command] = response + + handle_publish(module, connection, version) + else: + discard_and_fail(module, code, response, connection, version) + + return result + + +# handle api call facts +def api_call_facts(module, api_call_object, api_call_object_plural_version): + payload = get_payload_from_parameters(module.params) + connection = Connection(module._socket_path) + version = get_version(module) + + # if there isn't an identifier param, the API command will be in plural version (e.g. show-hosts instead of show-host) + if not contains_show_identifier_param(payload): + api_call_object = api_call_object_plural_version + + response = handle_call(connection, version, 'show-' + api_call_object, payload, module, False, False) + result = {api_call_object: response} + return result + + +# handle delete +def handle_delete(equals_code, payload, delete_params, connection, version, api_call_object, module, result): + # else equals_code is 404 and no need to delete because he doesn't exist + if equals_code == 200: + payload_for_delete = extract_payload_with_some_params(payload, delete_params) + response = handle_call(connection, version, 'delete-' + api_call_object, payload_for_delete, module, True, True) + result['changed'] = True + + +# handle the call and set the result with 'changed' and teh response +def handle_call_and_set_result(connection, version, call, payload, module, result): + response = handle_call(connection, version, call, payload, module, True, True) + result['changed'] = True + result[call] = response + + +# handle api call +def api_call(module, api_call_object): + payload = get_payload_from_parameters(module.params) + connection = Connection(module._socket_path) + version = get_version(module) + + result = {'changed': False} + if module.check_mode: + return result + + payload_for_equals = {'type': api_call_object, 'params': payload} + equals_code, equals_response = send_request(connection, version, 'equals', payload_for_equals) + result['checkpoint_session_uid'] = connection.get_session_uid() + handle_equals_failure(module, equals_code, equals_response) + + if module.params['state'] == 'present': + if equals_code == 200: + # else objects are equals and there is no need for set request + if not equals_response['equals']: + build_payload(api_call_object, payload, remove_from_set_payload) + handle_call_and_set_result(connection, version, 'set-' + api_call_object, payload, module, result) + elif equals_code == 404: + build_payload(api_call_object, payload, remove_from_add_payload) + handle_call_and_set_result(connection, version, 'add-' + api_call_object, payload, module, result) + elif module.params['state'] == 'absent': + handle_delete(equals_code, payload, delete_params, connection, version, api_call_object, module, result) + + return result + + +# returns a generator of the entire rulebase +def get_rulebase_generator(connection, version, layer, show_rulebase_command, rules_amount): + offset = 0 + limit = 100 + while True: + payload_for_show_rulebase = { + 'name': layer, + 'limit': limit, + 'offset': offset, + } + # in case there are empty sections after the last rule, we need them to appear in the reply and the limit might + # cut them out + if offset + limit >= rules_amount: + del payload_for_show_rulebase['limit'] + code, response = send_request(connection, version, show_rulebase_command, payload_for_show_rulebase) + offset = response['to'] + total = response['total'] + rulebase = response['rulebase'] + yield rulebase + if total <= offset: + return + + +# get 'to' or 'from' of given section +def get_edge_position_in_section(connection, version, layer, section_name, edge): + code, response = send_request(connection, version, "show-layer-structure", {'name': layer, 'details-level': 'uid'}) + if response['code'] == 'generic_err_command_not_found': + raise ValueError("The use of the relative_position field with a section as its value is available only for" + " version 1.7.1 with JHF take 42 and above") + sections_in_layer = response['root-section']['children'] + for section in sections_in_layer: + if section['name'] == section_name: + return int(section[edge + '-rule']) + + return None + + +# return the total amount of rules in the rulebase of the given layer +def get_rules_amount(connection, version, layer, show_rulebase_command): + payload_for_show_obj_rulebase = {'name': layer, 'limit': 0} + code, response = send_request(connection, version, show_rulebase_command, payload_for_show_obj_rulebase) + return int(response['total']) + + +def keep_searching_rulebase(position, current_section, relative_position, relative_position_is_section): + position_not_found = position is None + if relative_position_is_section and 'above' not in relative_position: + # if 'above' in relative_position then get_number_and_section_from_relative_position returns the previous section + # so there isn't a need to further search for the relative section + relative_section = list(relative_position.values())[0] + return position_not_found or current_section != relative_section + # if relative position is a rule then get_number_and_section_from_relative_position has already entered the section + # (if exists) that the relative rule is in + return position_not_found + + +def relative_position_is_section(connection, version, layer, relative_position): + if 'top' in relative_position or 'bottom' in relative_position: + return True + + relative_position_value = list(relative_position.values())[0] + code, response = send_request(connection, version, "show-access-section", {'layer': layer, 'name': relative_position_value}) + if code == 200: + return True + return False + + +def get_number_and_section_from_relative_position(payload, connection, version, rulebase, above_relative_position, pos_before_relative_empty_section): + section_name = None + position = None + for rules in rulebase: + if 'rulebase' in rules: + # cases relevant for relative-position=section + if 'above' in payload['position'] and rules['name'] == payload['position']['above']: + if len(rules['rulebase']) == 0: + position = pos_before_relative_empty_section if above_relative_position else pos_before_relative_empty_section + 1 + else: + # if the entire section isn't present in rulebase, the 'from' value of the section might not be + # the first position in the section, which is why we use get_edge_position_in_section + from_value = get_edge_position_in_section(connection, version, payload['layer'], rules['name'], "from") + if from_value is not None: # section exists in rulebase + position = max(from_value - 1, 1) if above_relative_position else from_value + return position, section_name, above_relative_position, pos_before_relative_empty_section + + # we update this only after the 'above' case since the section that should be returned in that case isn't + # the one we are currently iterating over (but the one beforehand) + section_name = rules['name'] + + if 'bottom' in payload['position'] and rules['name'] == payload['position']['bottom']: + if len(rules['rulebase']) == 0: + position = pos_before_relative_empty_section if above_relative_position else pos_before_relative_empty_section + 1 + else: + # if the entire section isn't present in rulebase, the 'to' value of the section might not be the + # last position in the section, which is why we use get_edge_position_in_section + to_value = get_edge_position_in_section(connection, version, payload['layer'], section_name, "to") + if to_value is not None and to_value == int(rules['to']): # meaning the entire section is present in rulebase + # is the rule already at the bottom of the section. Can infer this only if the entire section is + # present in rulebase + is_bottom = rules['rulebase'][-1]['name'] == payload['name'] + position = to_value if (above_relative_position or is_bottom) else to_value + 1 + # else: need to keep searching the rulebase, so position=None is returned + return position, section_name, above_relative_position, pos_before_relative_empty_section + + # setting a rule 'below' a section is equivalent to setting the rule at the top of that section + if ('below' in payload['position'] and section_name == payload['position']['below']) or \ + ('top' in payload['position'] and section_name == payload['position']['top']): + if len(rules['rulebase']) == 0: + position = pos_before_relative_empty_section if above_relative_position else pos_before_relative_empty_section + 1 + else: + # is the rule already at the top of the section + is_top = rules['rulebase'][0]['name'] == payload['name'] + position = max(int(rules['from']) - 1, 1) if (above_relative_position or not is_top) else int(rules['from']) + return position, section_name, above_relative_position, pos_before_relative_empty_section + + if len(rules['rulebase']) != 0: + # if search_entire_rulebase=True: even if rules['rulebase'] is cut (due to query limit) this will + # eventually be updated to the correct value in further calls + pos_before_relative_empty_section = int(rules['to']) + + rules = rules['rulebase'] + for rule in rules: + if payload['name'] == rule['name']: + above_relative_position = True + # cases relevant for relative-position=rule + if 'below' in payload['position'] and rule['name'] == payload['position']['below']: + position = int(rule['rule-number']) if above_relative_position else int(rule['rule-number']) + 1 + return position, section_name, above_relative_position, pos_before_relative_empty_section + elif 'above' in payload['position'] and rule['name'] == payload['position']['above']: + position = max(int(rule['rule-number']) - 1, 1) if above_relative_position else int(rule['rule-number']) + return position, section_name, above_relative_position, pos_before_relative_empty_section + + else: # cases relevant for relative-position=rule + if payload['name'] == rules['name']: + above_relative_position = True + if 'below' in payload['position'] and rules['name'] == payload['position']['below']: + position = int(rules['rule-number']) if above_relative_position else int(rules['rule-number']) + 1 + return position, section_name, above_relative_position, pos_before_relative_empty_section + elif 'above' in payload['position'] and rules['name'] == payload['position']['above']: + position = max(int(rules['rule-number']) - 1, 1) if above_relative_position else int(rules['rule-number']) + return position, section_name, above_relative_position, pos_before_relative_empty_section + + return position, section_name, above_relative_position, pos_before_relative_empty_section # None, None, False/True, x>=1 + + +# get the position in integer format and the section it is. +def get_number_and_section_from_position(payload, connection, version, api_call_object): + show_rulebase_command = get_relevant_show_rulebase_command(api_call_object) + if 'position' in payload: + section_name = None + if type(payload['position']) is not dict: + position = payload['position'] + if position == 'top': + position = 1 + return position, section_name + elif position == 'bottom': + position = get_rules_amount(connection, version, payload['layer'], show_rulebase_command) + code, response = send_request(connection, version, show_rulebase_command, {'name': payload['layer'], 'offset': position - 1}) + rulebase = reversed(response['rulebase']) + else: # is a number so we need to get the section (if exists) of the rule in that position + position = int(position) + payload_for_show_obj_rulebase = build_rulebase_payload(api_call_object, payload, position) + code, response = send_request(connection, version, show_rulebase_command, payload_for_show_obj_rulebase) + rulebase = response['rulebase'] + if position > response['total']: + raise ValueError("The given position " + str(position) + " of rule " + payload['name'] + + "exceeds the total amount of rules in the rulebase") + # in case position=1 and there are empty sections at the beginning of the rulebase we want to skip them + i = 0 + for rules in rulebase: + if 'rulebase' in rules and len(rules['rulebase']) == 0: + i += 1 + rulebase = rulebase[i:] + + for rules in rulebase: + if 'rulebase' in rules: + section_name = rules['name'] + return position, section_name + else: + return position, section_name # section = None + + else: + search_entire_rulebase = payload['search-entire-rulebase'] + position = None + # is the rule we're getting its position number above the rule it is relatively positioned to + above_relative_position = False + # no from-to in empty sections so can't infer the position from them -> need to keep track of the position + # before the empty relative section + pos_before_relative_empty_section = 1 + if not search_entire_rulebase: + code, response = send_request(connection, version, show_rulebase_command, {'name': payload['layer']}) + rulebase = response['rulebase'] + position, section_name, above_relative_position, pos_before_relative_empty_section = \ + get_number_and_section_from_relative_position(payload, connection, version, rulebase, + above_relative_position, pos_before_relative_empty_section) + else: + rules_amount = get_rules_amount(connection, version, payload['layer'], show_rulebase_command) + relative_pos_is_section = relative_position_is_section(connection, version, payload['layer'], payload['position']) + rulebase_generator = get_rulebase_generator(connection, version, payload['layer'], show_rulebase_command, rules_amount) + for rulebase in rulebase_generator: + position, section_name, above_relative_position, pos_before_relative_empty_section = \ + get_number_and_section_from_relative_position(payload, connection, version, rulebase, + above_relative_position, pos_before_relative_empty_section) + if not keep_searching_rulebase(position, section_name, payload['position'], relative_pos_is_section): + break + + return position, section_name + return None, None + + +# build the show rulebase payload +def build_rulebase_payload(api_call_object, payload, position_number): + rulebase_payload = {'name': payload['layer'], 'offset': position_number - 1, 'limit': 1} + + if api_call_object == 'threat-exception': + rulebase_payload['rule-name'] = payload['rule-name'] + + return rulebase_payload + + +def build_rulebase_command(api_call_object): + rulebase_command = 'show-' + api_call_object.split('-')[0] + '-rulebase' + + if api_call_object == 'threat-exception': + rulebase_command = 'show-threat-rule-exception-rulebase' + + return rulebase_command + + +# remove from payload unrecognized params (used for cases where add payload differs from that of a set) +def build_payload(api_call_object, payload, params_to_remove): + if api_call_object in params_to_remove: + for param in params_to_remove[api_call_object]: + del payload[param] + return payload + + +# extract first rule from given rulebase response and the section it is in. +def extract_rule_and_section_from_rulebase_response(response): + section_name = None + rule = response['rulebase'][0] + i = 0 + # skip empty sections (possible when offset=0) + while 'rulebase' in rule and len(rule['rulebase']) == 0: + i += 1 + rule = response['rulebase'][i] + + while 'rulebase' in rule: + section_name = rule['name'] + rule = rule['rulebase'][0] + + return rule, section_name + + +def get_relevant_show_rulebase_command(api_call_object): + if api_call_object == 'access-rule': + return 'show-access-rulebase' + elif api_call_object == "threat-rule": + return 'show-threat-rulebase' + elif api_call_object == "threat-exception": + return 'show-threat-rule-exception-rulebase' +# uncomment code below when https & nat modules are added as crud modules + # elif api_call_object == 'nat-rule': + # return 'show-nat-rulebase' + # elif api_call_object == 'https-rule': + # return 'show-https-rulebase' + + +# is the param position (if the user inserted it) equals between the object and the user input, as well as the section the rule is in +def is_equals_with_position_param(payload, connection, version, api_call_object): + + position_number, section_according_to_position = get_number_and_section_from_position(payload, connection, version, api_call_object) + + # In this case the one of the following has occurred: + # 1) There is no position param, then it's equals in vacuous truth + # 2) search_entire_rulebase = False so it's possible the relative rule wasn't found in the default limit or maybe doesn't even exist + # 3) search_entire_rulebase = True and the relative rule/section doesn't exist + if position_number is None: + return True + + rulebase_payload = build_rulebase_payload(api_call_object, payload, position_number) + rulebase_command = build_rulebase_command(api_call_object) + + code, response = send_request(connection, version, rulebase_command, rulebase_payload) + rule, section = extract_rule_and_section_from_rulebase_response(response) + + # if the names of the exist rule and the user input rule are equals, as well as the section they're in, then it + # means that their positions are equals so I return True. and there is no way that there is another rule with this + # name cause otherwise the 'equals' command would fail + if rule['name'] == payload['name'] and section_according_to_position == section: + return True + else: + return False + + +# get copy of the payload without some of the params +def extract_payload_without_some_params(payload, params_to_remove): + copy_payload = dict(payload) + for param in params_to_remove: + if param in copy_payload: + del copy_payload[param] + return copy_payload + + +# get copy of the payload with only some of the params +def extract_payload_with_some_params(payload, params_to_insert): + copy_payload = {} + for param in params_to_insert: + if param in payload: + copy_payload[param] = payload[param] + return copy_payload + + +# is equals with all the params including action and position +def is_equals_with_all_params(payload, connection, version, api_call_object, is_access_rule): + if is_access_rule and 'action' in payload: + payload_for_show = extract_payload_with_some_params(payload, ['name', 'uid', 'layer']) + code, response = send_request(connection, version, 'show-' + api_call_object, payload_for_show) + exist_action = response['action']['name'] + if exist_action.lower() != payload['action'].lower(): + if payload['action'].lower() != 'Apply Layer'.lower() or\ + exist_action.lower() != 'Inner Layer'.lower(): + return False + + # here the action is equals, so check the position param + if not is_equals_with_position_param(payload, connection, version, api_call_object): + return False + + return True + + +# handle api call for rule +def api_call_for_rule(module, api_call_object): + is_access_rule = True if 'access' in api_call_object else False + payload = get_payload_from_parameters(module.params) + connection = Connection(module._socket_path) + version = get_version(module) + + result = {'changed': False} + if module.check_mode: + return result + + if is_access_rule: + copy_payload_without_some_params = extract_payload_without_some_params(payload, ['action', 'position', 'search_entire_rulebase']) + else: + copy_payload_without_some_params = extract_payload_without_some_params(payload, ['position']) + payload_for_equals = {'type': api_call_object, 'params': copy_payload_without_some_params} + equals_code, equals_response = send_request(connection, version, 'equals', payload_for_equals) + result['checkpoint_session_uid'] = connection.get_session_uid() + handle_equals_failure(module, equals_code, equals_response) + + if module.params['state'] == 'present': + if equals_code == 200: + if equals_response['equals']: + if not is_equals_with_all_params(payload, connection, version, api_call_object, is_access_rule): + equals_response['equals'] = False + # else objects are equals and there is no need for set request + if not equals_response['equals']: + # if user insert param 'position' and needed to use the 'set' command, change the param name to 'new-position' + if 'position' in payload: + payload['new-position'] = payload['position'] + del payload['position'] + if 'search-entire-rulebase' in payload: + del payload['search-entire-rulebase'] + handle_call_and_set_result(connection, version, 'set-' + api_call_object, payload, module, result) + elif equals_code == 404: + if 'search-entire-rulebase' in payload: + del payload['search-entire-rulebase'] + handle_call_and_set_result(connection, version, 'add-' + api_call_object, payload, module, result) + elif module.params['state'] == 'absent': + handle_delete(equals_code, payload, delete_params, connection, version, api_call_object, module, result) + + return result + + +# check if call is in plural form +def call_is_plural(api_call_object, payload): + is_plural = False + if 'access' in api_call_object and payload.get("layer") is None: + is_plural = True + elif 'threat' in api_call_object and payload.get("layer") is None: + is_plural = True + elif 'nat' in api_call_object \ + and payload.get("name") is None \ + and payload.get("uid") is None \ + and payload.get("rule-number") is None: + is_plural = True + return is_plural + + +# handle api call facts for rule +def api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version): + payload = get_payload_from_parameters(module.params) + connection = Connection(module._socket_path) + version = get_version(module) + + # if there is no layer, the API command will be in plural version (e.g. show-hosts instead of show-host) + if call_is_plural(api_call_object, payload): + api_call_object = api_call_object_plural_version + + response = handle_call(connection, version, 'show-' + api_call_object, payload, module, False, False) + result = {api_call_object: response} + return result + + +# The code from here till EOF will be deprecated when Rikis' modules will be deprecated +checkpoint_argument_spec = dict(auto_publish_session=dict(type='bool', default=True), + policy_package=dict(type='str', default='standard'), + auto_install_policy=dict(type='bool', default=True), + targets=dict(type='list') + ) + + +def publish(connection, uid=None): + payload = None + + if uid: + payload = {'uid': uid} + + connection.send_request('/web_api/publish', payload) + + +def discard(connection, uid=None): + payload = None + + if uid: + payload = {'uid': uid} + + connection.send_request('/web_api/discard', payload) + + +def install_policy(connection, policy_package, targets): + payload = {'policy-package': policy_package, + 'targets': targets} + + connection.send_request('/web_api/install-policy', payload) + + +def prepare_rule_params_for_execute_module(rule, module_args, position, below_rule_name): + rule['layer'] = module_args['layer'] + if 'details_level' in module_args.keys(): + rule['details_level'] = module_args['details_level'] + if 'state' not in rule.keys() or ('state' in rule.keys() and rule['state'] != 'absent'): + if below_rule_name: + relative_position = {'relative_position': {'below': below_rule_name}} + rule.update(relative_position) + else: + rule['position'] = position + position = position + 1 + below_rule_name = rule['name'] + + return rule, position, below_rule_name + + +def check_if_to_publish_for_action(result, module_args): + to_publish = ('auto_publish_session' in module_args.keys() and module_args['auto_publish_session']) and \ + ('changed' in result.keys() and result['changed'] is True) and ('failed' not in result.keys() or + result['failed'] is False) + return to_publish diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer.py new file mode 100644 index 00000000..dde5b24b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer.py @@ -0,0 +1,171 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_layer +short_description: Manages access-layer objects on Check Point over Web Services API +description: + - Manages access-layer objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + add_default_rule: + description: + - Indicates whether to include a cleanup rule in the new layer. + type: bool + applications_and_url_filtering: + description: + - Whether to enable Applications & URL Filtering blade on the layer. + type: bool + content_awareness: + description: + - Whether to enable Content Awareness blade on the layer. + type: bool + detect_using_x_forward_for: + description: + - Whether to use X-Forward-For HTTP header, which is added by the proxy server to keep track of the original source IP. + type: bool + firewall: + description: + - Whether to enable Firewall blade on the layer. + type: bool + implicit_cleanup_action: + description: + - The default "catch-all" action for traffic that does not match any explicit or implied rules in the layer. + type: str + choices: ['drop', 'accept'] + mobile_access: + description: + - Whether to enable Mobile Access blade on the layer. + type: bool + shared: + description: + - Whether this layer is shared. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-access-layer + cp_mgmt_access_layer: + name: New Layer 1 + state: present + +- name: set-access-layer + cp_mgmt_access_layer: + applications_and_url_filtering: false + data_awareness: true + name: New Layer 1 + state: present + +- name: delete-access-layer + cp_mgmt_access_layer: + name: New Layer 2 + state: absent +""" + +RETURN = """ +cp_mgmt_access_layer: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + add_default_rule=dict(type='bool'), + applications_and_url_filtering=dict(type='bool'), + content_awareness=dict(type='bool'), + detect_using_x_forward_for=dict(type='bool'), + firewall=dict(type='bool'), + implicit_cleanup_action=dict(type='str', choices=['drop', 'accept']), + mobile_access=dict(type='bool'), + shared=dict(type='bool'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'access-layer' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer_facts.py new file mode 100644 index 00000000..40e98e99 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_layer_facts +short_description: Get access-layer objects facts on Check Point over Web Services API +description: + - Get access-layer objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-access-layer + cp_mgmt_access_layer_facts: + name: New Layer 1 + +- name: show-access-layers + cp_mgmt_access_layer_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "access-layer" + api_call_object_plural_version = "access-layers" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role.py new file mode 100644 index 00000000..1c911448 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role.py @@ -0,0 +1,217 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_role +short_description: Manages access-role objects on Check Point over Web Services API +description: + - Manages access-role objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + machines_list: + description: + - Machines that can access the system. + type: list + elements: dict + suboptions: + source: + description: + - Active Directory name or UID or Identity Tag. + type: str + selection: + description: + - Name or UID of an object selected from source. + type: list + elements: str + base_dn: + description: + - When source is "Active Directory" use "base-dn" to refine the query in AD database. + type: str + machines: + description: + - Any or All Identified. + type: str + choices: ['any', 'all identified'] + networks: + description: + - Collection of Network objects identified by the name or UID that can access the system. + type: list + elements: str + remote_access_clients: + description: + - Remote access clients identified by name or UID. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + users_list: + description: + - Users that can access the system. + type: list + elements: dict + suboptions: + source: + description: + - Active Directory name or UID or Identity Tag or Internal User Groups or LDAP groups or Guests. + type: str + selection: + description: + - Name or UID of an object selected from source. + type: list + elements: str + base_dn: + description: + - When source is "Active Directory" use "base-dn" to refine the query in AD database. + type: str + users: + description: + - Any or All Identified. + type: str + choices: ['any', 'all identified'] + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-access-role + cp_mgmt_access_role: + name: New Access Role 1 + networks: any + remote_access_clients: any + state: present + users: any + +- name: set-access-role + cp_mgmt_access_role: + users_list: + - source: "Internal User Groups" + selection: usersGroup + name: New Access Role 1 + state: present + +- name: delete-access-role + cp_mgmt_access_role: + name: New Access Role 1 + state: absent +""" + +RETURN = """ +cp_mgmt_access_role: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + machines_list=dict(type='list', elements='dict', options=dict( + source=dict(type='str'), + selection=dict(type='list', elements='str'), + base_dn=dict(type='str') + )), + machines=dict(type='str', choices=['any', 'all identified']), + networks=dict(type='list', elements='str'), + remote_access_clients=dict(type='str'), + tags=dict(type='list', elements='str'), + users_list=dict(type='list', elements='dict', options=dict( + source=dict(type='str'), + selection=dict(type='list', elements='str'), + base_dn=dict(type='str') + )), + users=dict(type='str', choices=['any', 'all identified']), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'access-role' + + if module.params["machines_list"] is not None: + if module.params["machines"] is not None: + raise AssertionError("The use of both 'machines_list' and 'machines' arguments isn't allowed") + module.params["machines"] = module.params["machines_list"] + module.params.pop("machines_list") + + if module.params["users_list"] is not None: + if module.params["users"] is not None: + raise AssertionError("The use of both 'users_list' and 'users' arguments isn't allowed") + module.params["users"] = module.params["users_list"] + module.params.pop("users_list") + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role_facts.py new file mode 100644 index 00000000..6a8805e8 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role_facts.py @@ -0,0 +1,125 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_role_facts +short_description: Get access-role objects facts on Check Point over Web Services API +description: + - Get access-role objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-access-role + cp_mgmt_access_role_facts: + name: New Access Role 1 + +- name: show-access-roles + cp_mgmt_access_role_facts: + details_level: full +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "access-role" + api_call_object_plural_version = "access-roles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule.py new file mode 100644 index 00000000..11f359fe --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule.py @@ -0,0 +1,423 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_rule +short_description: Manages access-rule objects on Check Point over Web Services API +description: + - Manages access-rule objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + position: + description: + - Position in the rulebase. The use of values "top" and "bottom" may not be idempotent. + type: str + relative_position: + description: + - Position in the rulebase. + - Use of this field may not be idempotent. + type: dict + suboptions: + below: + description: + - Add rule below specific rule/section identified by name (limited to 50 rules if + search_entire_rulebase is False). + type: str + above: + description: + - Add rule above specific rule/section identified by name (limited to 50 rules if + search_entire_rulebase is False). + type: str + top: + description: + - Add rule to the top of a specific section identified by name (limited to 50 rules if + search_entire_rulebase is False). + type: str + bottom: + description: + - Add rule to the bottom of a specific section identified by name (limited to 50 rules if + search_entire_rulebase is False). + type: str + search_entire_rulebase: + description: + - Whether to search the entire rulebase for a rule that's been edited in its relative_position field to make sure + there indeed has been a change in its position or the section it might be in. + type: bool + default: False + name: + description: + - Object name. + type: str + required: True + action: + description: + - a "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer". + type: str + action_settings: + description: + - Action settings. + type: dict + suboptions: + enable_identity_captive_portal: + description: + - N/A + type: bool + limit: + description: + - N/A + type: str + content: + description: + - List of processed file types that this rule applies on. + type: list + elements: dict + content_direction: + description: + - On which direction the file types processing is applied. + type: str + choices: ['any', 'up', 'down'] + content_negate: + description: + - True if negate is set for data. + type: bool + custom_fields: + description: + - Custom fields. + type: dict + suboptions: + field_1: + description: + - First custom field. + type: str + field_2: + description: + - Second custom field. + type: str + field_3: + description: + - Third custom field. + type: str + destination: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + destination_negate: + description: + - True if negate is set for destination. + type: bool + enabled: + description: + - Enable/Disable the rule. + type: bool + inline_layer: + description: + - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer". + type: str + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + elements: str + service: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + service_negate: + description: + - True if negate is set for service. + type: bool + source: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + source_negate: + description: + - True if negate is set for source. + type: bool + time: + description: + - List of time objects. For example, "Weekend", "Off-Work", "Every-Day". + type: list + elements: str + track: + description: + - Track Settings. + type: dict + suboptions: + accounting: + description: + - Turns accounting for track on and off. + type: bool + alert: + description: + - Type of alert for the track. + type: str + choices: ['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3'] + enable_firewall_session: + description: + - Determine whether to generate session log to firewall only connections. + type: bool + per_connection: + description: + - Determines whether to perform the log per connection. + type: bool + per_session: + description: + - Determines whether to perform the log per session. + type: bool + type: + description: + - a "Log", "Extended Log", "Detailed Log", "None". + type: str + user_check: + description: + - User check settings. + type: dict + suboptions: + confirm: + description: + - N/A + type: str + choices: ['per rule', 'per category', 'per application/site', 'per data type'] + custom_frequency: + description: + - N/A + type: dict + suboptions: + every: + description: + - N/A + type: int + unit: + description: + - N/A + type: str + choices: ['hours', 'days', 'weeks', 'months'] + frequency: + description: + - N/A + type: str + choices: ['once a day', 'once a week', 'once a month', 'custom frequency...'] + interaction: + description: + - N/A + type: str + vpn_list: + description: + - Communities or Directional. + type: list + elements: dict + suboptions: + community: + description: + - List of community name or UID. + type: list + elements: str + directional: + description: + - Communities directional match condition. + type: list + elements: dict + suboptions: + from: + description: + - From community name or UID. + type: str + to: + description: + - To community name or UID. + type: str + vpn: + description: + - Any or All_GwToGw. + type: str + choices: ['Any', 'All_GwToGw'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-access-rule + cp_mgmt_access_rule: + layer: Network + name: Rule 1 + position: 1 + service: + - SMTP + - AOL + vpn: All_GwToGw + state: present + +- name: set-access-rule + cp_mgmt_access_rule: + action: Ask + action_settings: + enable_identity_captive_portal: true + limit: Upload_1Gbps + layer: Network + name: Rule 1 + state: present + +- name: delete-access-rule + cp_mgmt_access_rule: + layer: Network + name: Rule 2 + state: absent +""" + +RETURN = """ +cp_mgmt_access_rule: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule + + +def main(): + argument_spec = dict( + layer=dict(type='str'), + position=dict(type='str'), + relative_position=dict(type='dict', options=dict( + below=dict(type='str'), + above=dict(type='str'), + top=dict(type='str'), + bottom=dict(type='str') + )), + search_entire_rulebase=dict(type='bool', default=False), + name=dict(type='str', required=True), + action=dict(type='str'), + action_settings=dict(type='dict', options=dict( + enable_identity_captive_portal=dict(type='bool'), + limit=dict(type='str') + )), + content=dict(type='list', elements='dict'), + content_direction=dict(type='str', choices=['any', 'up', 'down']), + content_negate=dict(type='bool'), + custom_fields=dict(type='dict', options=dict( + field_1=dict(type='str'), + field_2=dict(type='str'), + field_3=dict(type='str') + )), + destination=dict(type='list', elements='str'), + destination_negate=dict(type='bool'), + enabled=dict(type='bool'), + inline_layer=dict(type='str'), + install_on=dict(type='list', elements='str'), + service=dict(type='list', elements='str'), + service_negate=dict(type='bool'), + source=dict(type='list', elements='str'), + source_negate=dict(type='bool'), + time=dict(type='list', elements='str'), + track=dict(type='dict', options=dict( + accounting=dict(type='bool'), + alert=dict(type='str', choices=['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3']), + enable_firewall_session=dict(type='bool'), + per_connection=dict(type='bool'), + per_session=dict(type='bool'), + type=dict(type='str') + )), + user_check=dict(type='dict', options=dict( + confirm=dict(type='str', choices=['per rule', 'per category', 'per application/site', 'per data type']), + custom_frequency=dict(type='dict', options=dict( + every=dict(type='int'), + unit=dict(type='str', choices=['hours', 'days', 'weeks', 'months']) + )), + frequency=dict(type='str', choices=['once a day', 'once a week', 'once a month', 'custom frequency...']), + interaction=dict(type='str') + )), + vpn_list=dict(type='list', elements='dict', options=dict( + community=dict(type='list', elements='str'), + directional=dict(type='list', elements='dict', options=dict( + to=dict(type='str') + )) + )), + vpn=dict(type='str', choices=['Any', 'All_GwToGw']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec['vpn_list']['options']['directional']['options']['from'] = dict(type='str') + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'access-rule' + + if module.params["vpn_list"] is not None: + if module.params["vpn"] is not None: + raise AssertionError("The use of both 'vpn_list' and 'vpn' arguments isn't allowed") + module.params["vpn"] = module.params["vpn_list"] + module.params.pop("vpn_list") + + if module.params["relative_position"] is not None: + if module.params["position"] is not None: + raise AssertionError("The use of both 'relative_position' and 'position' arguments isn't allowed") + module.params["position"] = module.params["relative_position"] + module.params.pop("relative_position") + + if module.params['action'] is None and module.params['position'] is None: + module.params.pop("search_entire_rulebase") + result = api_call(module, api_call_object) + else: + result = api_call_for_rule(module, api_call_object) + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule_facts.py new file mode 100644 index 00000000..3519e6ba --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule_facts.py @@ -0,0 +1,245 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_rule_facts +short_description: Get access-rule objects facts on Check Point over Web Services API +description: + - Get access-rule objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. Should be unique in the domain. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + show_as_ranges: + description: + - When true, the source, destination and services & applications parameters are displayed as ranges of IP addresses and port numbers rather than + network objects.<br /> Objects that are not represented using IP addresses or port numbers are presented as objects.<br /> In addition, the response + of each rule does not contain the parameters, source, source-negate, destination, destination-negate, service and service-negate, but instead it + contains the parameters, source-ranges, destination-ranges and service-ranges.<br /><br /> Note, Requesting to show rules as ranges is limited up to + 20 rules per request, otherwise an error is returned. If you wish to request more rules, use the offset and limit parameters to limit your request. + type: bool + show_hits: + description: + - N/A + type: bool + hits_settings: + description: + - N/A + type: dict + suboptions: + from_date: + description: + - Format, 'YYYY-MM-DD', 'YYYY-mm-ddThh:mm:ss'. + type: str + target: + description: + - Target gateway name or UID. + type: str + to_date: + description: + - Format, 'YYYY-MM-DD', 'YYYY-mm-ddThh:mm:ss'. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical + operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies. + type: str + filter_settings: + description: + - Sets filter preferences. + type: dict + suboptions: + search_mode: + description: + - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any' + object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell + or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior. + type: str + choices: ['general', 'packet'] + packet_search_settings: + description: + - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences. + type: dict + suboptions: + expand_group_members: + description: + - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at + least one member of the group. + type: bool + expand_group_with_exclusion_members: + description: + - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that + match at least one member of the "include" part and is not a member of the "except" part. + type: bool + match_on_any: + description: + - Whether to match on 'Any' object. + type: bool + match_on_group_with_exclusion: + description: + - Whether to match on a group-with-exclusion. + type: bool + match_on_negate: + description: + - Whether to match on a negated cell. + type: bool + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + package: + description: + - Name of the package. + type: str + use_object_dictionary: + description: + - N/A + type: bool + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-access-rule + cp_mgmt_access_rule_facts: + layer: Network + name: Rule 1 + +- name: show-access-rulebase + cp_mgmt_access_rule_facts: + details_level: standard + limit: 20 + name: Network + offset: 0 + use_object_dictionary: true +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule + + +def main(): + argument_spec = dict( + name=dict(type='str'), + layer=dict(type='str'), + show_as_ranges=dict(type='bool'), + show_hits=dict(type='bool'), + hits_settings=dict(type='dict', options=dict( + from_date=dict(type='str'), + target=dict(type='str'), + to_date=dict(type='str') + )), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + filter_settings=dict(type='dict', options=dict( + search_mode=dict(type='str', choices=['general', 'packet']), + packet_search_settings=dict(type='dict', options=dict( + expand_group_members=dict(type='bool'), + expand_group_with_exclusion_members=dict(type='bool'), + match_on_any=dict(type='bool'), + match_on_group_with_exclusion=dict(type='bool'), + match_on_negate=dict(type='bool') + )) + )), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + package=dict(type='str'), + use_object_dictionary=dict(type='bool'), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "access-rule" + api_call_object_plural_version = "access-rulebase" + + result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rules.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rules.py new file mode 100644 index 00000000..1597ab28 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rules.py @@ -0,0 +1,373 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_rules +short_description: Manages access-rules objects on Check Point over Web Services API +description: + - Manages access-rules objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.2.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + required: true + rules: + description: + - List of rules. + type: list + elements: dict + required: true + suboptions: + name: + description: + - Object name. + type: str + required: True + action: + description: + - a "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer". + type: str + action_settings: + description: + - Action settings. + type: dict + suboptions: + enable_identity_captive_portal: + description: + - N/A + type: bool + limit: + description: + - N/A + type: str + content: + description: + - List of processed file types that this rule applies on. + type: list + elements: dict + content_direction: + description: + - On which direction the file types processing is applied. + type: str + choices: ['any', 'up', 'down'] + content_negate: + description: + - True if negate is set for data. + type: bool + custom_fields: + description: + - Custom fields. + type: dict + suboptions: + field_1: + description: + - First custom field. + type: str + field_2: + description: + - Second custom field. + type: str + field_3: + description: + - Third custom field. + type: str + destination: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + destination_negate: + description: + - True if negate is set for destination. + type: bool + enabled: + description: + - Enable/Disable the rule. + type: bool + inline_layer: + description: + - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer". + type: str + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + elements: str + service: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + service_negate: + description: + - True if negate is set for service. + type: bool + source: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + source_negate: + description: + - True if negate is set for source. + type: bool + time: + description: + - List of time objects. For example, "Weekend", "Off-Work", "Every-Day". + type: list + elements: str + track: + description: + - Track Settings. + type: dict + suboptions: + accounting: + description: + - Turns accounting for track on and off. + type: bool + alert: + description: + - Type of alert for the track. + type: str + choices: ['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3'] + enable_firewall_session: + description: + - Determine whether to generate session log to firewall only connections. + type: bool + per_connection: + description: + - Determines whether to perform the log per connection. + type: bool + per_session: + description: + - Determines whether to perform the log per session. + type: bool + type: + description: + - a "Log", "Extended Log", "Detailed Log", "None". + type: str + user_check: + description: + - User check settings. + type: dict + suboptions: + confirm: + description: + - N/A + type: str + choices: ['per rule', 'per category', 'per application/site', 'per data type'] + custom_frequency: + description: + - N/A + type: dict + suboptions: + every: + description: + - N/A + type: int + unit: + description: + - N/A + type: str + choices: ['hours', 'days', 'weeks', 'months'] + frequency: + description: + - N/A + type: str + choices: ['once a day', 'once a week', 'once a month', 'custom frequency...'] + interaction: + description: + - N/A + type: str + vpn: + description: + - Communities or Directional. + type: list + elements: dict + suboptions: + community: + description: + - List of community name or UID. + type: list + elements: dict + directional: + description: + - Communities directional match condition. + type: list + elements: dict + suboptions: + from: + description: + - From community name or UID. + type: str + to: + description: + - To community name or UID. + type: str + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + state: + description: + - State of the access rule (present or absent). Defaults to present. + type: str + default: present + choices: + - 'present' + - 'absent' + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_objects_action_module +""" + +EXAMPLES = """ +- name: add-access-rules + cp_mgmt_access_rules: + rules: + - name: Rule 1 + service: + - SMTP + - AOL + state: present + - name: Rule 2 + service: + - SMTP + state: present + layer: Network + auto_publish_session: true +""" + +RETURN = """ +cp_mgmt_access_rules: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.connection import Connection +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import \ + checkpoint_argument_spec_for_action_module + + +def main(): + argument_spec = dict( + rules=dict(type='list', required=True, elements='dict', options=dict( + name=dict(type='str', required=True), + action=dict(type='str'), + action_settings=dict(type='dict', options=dict( + enable_identity_captive_portal=dict(type='bool'), + limit=dict(type='str') + )), + content=dict(type='list', elements='dict'), + content_direction=dict(type='str', choices=['any', 'up', 'down']), + content_negate=dict(type='bool'), + custom_fields=dict(type='dict', options=dict( + field_1=dict(type='str'), + field_2=dict(type='str'), + field_3=dict(type='str') + )), + destination=dict(type='list', elements='str'), + destination_negate=dict(type='bool'), + enabled=dict(type='bool'), + inline_layer=dict(type='str'), + install_on=dict(type='list', elements='str'), + service=dict(type='list', elements='str'), + service_negate=dict(type='bool'), + source=dict(type='list', elements='str'), + source_negate=dict(type='bool'), + time=dict(type='list', elements='str'), + track=dict(type='dict', options=dict( + accounting=dict(type='bool'), + alert=dict(type='str', + choices=['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3']), + enable_firewall_session=dict(type='bool'), + per_connection=dict(type='bool'), + per_session=dict(type='bool'), + type=dict(type='str') + )), + user_check=dict(type='dict', options=dict( + confirm=dict(type='str', choices=['per rule', 'per category', 'per application/site', 'per data type']), + custom_frequency=dict(type='dict', options=dict( + every=dict(type='int'), + unit=dict(type='str', choices=['hours', 'days', 'weeks', 'months']) + )), + frequency=dict(type='str', + choices=['once a day', 'once a week', 'once a month', 'custom frequency...']), + interaction=dict(type='str') + )), + vpn=dict(type='list', elements='dict', options=dict( + community=dict(type='list', elements='dict'), + directional=dict(type='list', elements='dict', options=dict( + to=dict(type='str') + )) + )), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + state=dict(type='str', choices=['present', 'absent'], default='present') + + )), + layer=dict(type='str', required=True), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + + argument_spec['rules']['options']['vpn']['options']['directional']['options']['from'] = dict(type='str') + argument_spec.update(checkpoint_argument_spec_for_action_module) + + module = AnsibleModule(argument_spec=argument_spec) + + module.exit_json() + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_section.py new file mode 100644 index 00000000..01a47a50 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_section.py @@ -0,0 +1,119 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_section +short_description: Manages access-section objects on Checkpoint over Web Services API +description: + - Manages access-section objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + position: + description: + - Position in the rulebase. + type: str + name: + description: + - Object name. + type: str + required: True + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-access-section + cp_mgmt_access_section: + layer: Network + name: New Section 1 + position: 1 + state: present + +- name: set-access-section + cp_mgmt_access_section: + layer: Network + name: New Section 1 + state: present + +- name: delete-access-section + cp_mgmt_access_section: + layer: Network + name: New Section 2 + state: absent +""" + +RETURN = """ +cp_mgmt_access_section: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + layer=dict(type='str'), + position=dict(type='str'), + name=dict(type='str', required=True), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'access-section' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_api_key.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_api_key.py new file mode 100644 index 00000000..641cea5e --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_api_key.py @@ -0,0 +1,84 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_api_key +short_description: Add API key for administrator, to enable login with it. For the key to be valid publish is needed. +description: + - Add API key for administrator, to enable login with it. For the key to be valid publish is needed. <br>When using mgmt_cli tool, add -f json to get + the key in the command's output. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + admin_uid: + description: + - Administrator uid to generate API key for. + type: str + admin_name: + description: + - Administrator name to generate API key for. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-api-key + cp_mgmt_add_api_key: + admin_name: admin + state: present +""" + +RETURN = """ +cp_mgmt_add_api_key: + description: The checkpoint add-api-key output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + admin_uid=dict(type='str'), + admin_name=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "add-api-key" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_data_center_object.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_data_center_object.py new file mode 100644 index 00000000..c4ad1d16 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_data_center_object.py @@ -0,0 +1,147 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_data_center_object +short_description: Imports a Data Center Object from a Data Center Server.<br> Data Center Object represents an object in the cloud environment. +description: + - Imports a Data Center Object from a Data Center Server.<br> Data Center Object represents an object in the cloud environment, e.g. a virtual machine, + cluster, network and more.<br> Use the show-data-center-content command to see the Data Center Objects that can be imported from a Data Center Server. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + data_center_name: + description: + - Name of the Data Center Server the object is in. + type: str + data_center_uid: + description: + - Unique identifier of the Data Center Server the object is in. + type: str + uri: + description: + - URI of the object in the Data Center Server. + type: str + uid_in_data_center: + description: + - Unique identifier of the object in the Data Center Server. + type: str + name: + description: + - Override default name on data-center. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-data-center-object + cp_mgmt_add_data_center_object: + data_center_name: vCenter 1 + name: VM1 mgmt name + state: present + uri: /Datacenters/VMs/My VM1 +""" + +RETURN = """ +cp_mgmt_add_data_center_object: + description: The checkpoint add-data-center-object output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + data_center_name=dict(type='str'), + data_center_uid=dict(type='str'), + uri=dict(type='str'), + uid_in_data_center=dict(type='str'), + name=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "add-data-center-object" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_domain.py new file mode 100644 index 00000000..bde1d9f4 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_domain.py @@ -0,0 +1,164 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_domain +short_description: Create new object +description: + - Create new object + - All operations are performed over Web Services API. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + servers: + description: + - Domain servers. When this field is provided, 'set-domain' command is executed asynchronously. + type: list + elements: dict + suboptions: + name: + description: + - Object name. Must be unique in the domain. + type: str + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + multi_domain_server: + description: + - Multi Domain server name or UID. + type: str + active: + description: + - Activate domain server. Only one domain server is allowed to be active + type: bool + skip_start_domain_server: + description: + - Set this value to be true to prevent starting the new created domain. + type: bool + type: + description: + - Domain server type. + type: str + choices: ['management server', 'log server', 'smc'] + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-domain + cp_mgmt_add_domain: + name: domain1 + servers: + ip_address: 192.0.2.1 + multi_domain_server: MDM_Server + name: domain1_ManagementServer_1 +""" + +RETURN = """ +cp_mgmt_domain: + description: The checkpoint add-domain output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + servers=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + multi_domain_server=dict(type='str'), + active=dict(type='bool'), + skip_start_domain_server=dict(type='bool'), + type=dict(type='str', choices=['management server', 'log server', 'smc']) + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + command = 'add-domain' + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_nat_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_nat_rule.py new file mode 100644 index 00000000..8b1151bd --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_nat_rule.py @@ -0,0 +1,159 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_nat_rule +short_description: Create new object. +description: + - Create new object. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + package: + description: + - Name of the package. + type: str + position: + description: + - Position in the rulebase. + type: str + enabled: + description: + - Enable/Disable the rule. + type: bool + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + elements: str + method: + description: + - Nat method. + type: str + choices: ['static', 'hide', 'nat64', 'nat46'] + original_destination: + description: + - Original destination. + type: str + original_service: + description: + - Original service. + type: str + original_source: + description: + - Original source. + type: str + translated_destination: + description: + - Translated destination. + type: str + translated_service: + description: + - Translated service. + type: str + translated_source: + description: + - Translated source. + type: str + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-nat-rule + cp_mgmt_add_nat_rule: + comments: comment example1 nat999 + enabled: false + install_on: + - Policy Targets + original_destination: All_Internet + original_source: Any + package: standard + position: 1 + state: present +""" + +RETURN = """ +cp_mgmt_add_nat_rule: + description: The checkpoint add-nat-rule output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + package=dict(type='str'), + position=dict(type='str'), + enabled=dict(type='bool'), + install_on=dict(type='list', elements='str'), + method=dict(type='str', choices=['static', 'hide', 'nat64', 'nat46']), + original_destination=dict(type='str'), + original_service=dict(type='str'), + original_source=dict(type='str'), + translated_destination=dict(type='str'), + translated_service=dict(type='str'), + translated_source=dict(type='str'), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "add-nat-rule" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_rules_batch.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_rules_batch.py new file mode 100644 index 00000000..58f7bb3b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_rules_batch.py @@ -0,0 +1,136 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_rules_batch +short_description: Creates new rules in batch. Use this API to achieve optimum performance when adding more than one rule. +description: + - Creates new rules in batch. Use this API to achieve optimum performance when adding more than one rule. + - Add multiple rules to a layer in a specific position, incrementing position by one for each rule. + - Errors and warnings are ignored when using this API, operation will apply changes while ignoring errors. It is not + possible to publish changes that contain validations errors. You must use the "show-validations" API to see any + validation errors and warnings caused by the batch creation. Supported rules types are access-rule, nat-rule, + https-rule and threat-exception. + - This module is not idempotent. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + objects: + description: + - Batch of rules separated by types. + type: list + elements: dict + suboptions: + layer: + description: + - Layer name or uid. + type: str + type: + description: + - Type of rules to be created. <br>Only types from above are supported. + type: str + first_position: + description: + - First rule position. + type: str + list: + description: + - List of rules from the same type to be created on the same layer. <br>Use the "add" API reference documentation for a single rule + command to find the expected fields for the request. <br>For example, to add access-rules, use the "add-access-rule" command found in the API + reference documentation (under Access Control & NAT). <br>Note, "set-if-exists", "ignore-errors", "ignore-warnings" and "details-level" options + are not supported when adding a batch of rules. + type: list + elements: dict + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-rules-batch + cp_mgmt_add_rules_batch: + objects: + - first_position: top + layer: Network + list: + - action: accept + name: access rule 1 + - action: accept + name: access rule 2 + type: access-rule + - first_position: top + layer: Standard + list: + - name: nat rule 1 + - name: nat rule 2 + type: nat-rule + - first_position: top + layer: Default Layer + list: + - name: https rule 1 + - name: https rule 2 + type: https-rule + +""" + +RETURN = """ +cp_mgmt_add_rules_batch: + description: The checkpoint add-rules-batch output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + objects=dict(type='list', elements='dict', options=dict( + layer=dict(type='str'), + type=dict(type='str'), + first_position=dict(type='str'), + list=dict(type='list', elements='dict') + )), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "add-rules-batch" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range.py new file mode 100644 index 00000000..c678eb83 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range.py @@ -0,0 +1,215 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_address_range +short_description: Manages address-range objects on Check Point over Web Services API +description: + - Manages address-range objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address_first: + description: + - First IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead. + type: str + ipv4_address_first: + description: + - First IPv4 address in the range. + type: str + ipv6_address_first: + description: + - First IPv6 address in the range. + type: str + ip_address_last: + description: + - Last IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead. + type: str + ipv4_address_last: + description: + - Last IPv4 address in the range. + type: str + ipv6_address_last: + description: + - Last IPv6 address in the range. + type: str + nat_settings: + description: + - NAT settings. + type: dict + suboptions: + auto_rule: + description: + - Whether to add automatic address translation rules. + type: bool + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not + required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway". + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + hide_behind: + description: + - Hide behind method. This parameter is not required in case "method" parameter is "static". + type: str + choices: ['gateway', 'ip-address'] + install_on: + description: + - Which gateway should apply the NAT translation. + type: str + method: + description: + - NAT translation method. + type: str + choices: ['hide', 'static'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-address-range + cp_mgmt_address_range: + ip_address_first: 192.0.2.1 + ip_address_last: 192.0.2.10 + name: New Address Range 1 + state: present + +- name: set-address-range + cp_mgmt_address_range: + color: green + ip_address_first: 192.0.2.1 + ip_address_last: 192.0.2.1 + name: New Address Range 1 + new_name: New Address Range 2 + state: present + +- name: delete-address-range + cp_mgmt_address_range: + name: New Address Range 2 + state: absent +""" + +RETURN = """ +cp_mgmt_address_range: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address_first=dict(type='str'), + ipv4_address_first=dict(type='str'), + ipv6_address_first=dict(type='str'), + ip_address_last=dict(type='str'), + ipv4_address_last=dict(type='str'), + ipv6_address_last=dict(type='str'), + nat_settings=dict(type='dict', options=dict( + auto_rule=dict(type='bool'), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + hide_behind=dict(type='str', choices=['gateway', 'ip-address']), + install_on=dict(type='str'), + method=dict(type='str', choices=['hide', 'static']) + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'address-range' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range_facts.py new file mode 100644 index 00000000..f9032eef --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_address_range_facts +short_description: Get address-range objects facts on Check Point over Web Services API +description: + - Get address-range objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-address-range + cp_mgmt_address_range_facts: + name: New Address Range 1 + +- name: show-address-ranges + cp_mgmt_address_range_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "address-range" + api_call_object_plural_version = "address-ranges" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py new file mode 100644 index 00000000..7568f742 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py @@ -0,0 +1,231 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_administrator +short_description: Manages administrator objects on Checkpoint over Web Services API +description: + - Manages administrator objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + authentication_method: + description: + - Authentication method. + type: str + choices: ['undefined', 'check point password', 'os password', 'securid', 'radius', 'tacacs', 'ad authentication', 'api key'] + email: + description: + - Administrator email. + type: str + expiration_date: + description: + - Format, YYYY-MM-DD, YYYY-mm-ddThh,mm,ss. + type: str + multi_domain_profile: + description: + - Administrator multi-domain profile. + type: str + must_change_password: + description: + - True if administrator must change password on the next login. + type: bool + password: + description: + - Administrator password. + type: str + password_hash: + description: + - Administrator password hash. + type: str + permissions_profile: + description: + - Permission profile + type: str + permissions_profile_list: + description: + - Administrator permissions profile. Permissions profile should not be provided when multi-domain-profile is set to "Multi-Domain Super User" or + "Domain Super User". Used only in MDS. + type: list + elements: dict + suboptions: + profile: + description: + - Permission profile. + type: str + domain: + description: + - Domain. + type: str + phone_number: + description: + - Administrator phone number. + type: str + radius_server: + description: + - RADIUS server object identified by the name or UID. Must be set when "authentication-method" was selected to be "RADIUS". + type: str + tacacs_server: + description: + - TACACS server object identified by the name or UID. Must be set when "authentication-method" was selected to be "TACACS". + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-administrator + cp_mgmt_administrator: + authentication_method: check point password + email: admin@gmail.com + must_change_password: false + name: admin + password: secret + permissions_profile: read write all + phone_number: 1800-800-800 + state: present + +- name: set-administrator + cp_mgmt_administrator: + name: admin + password: new secret + permissions_profile: read only profile + state: present + +- name: delete-administrator + cp_mgmt_administrator: + name: admin + state: absent + +- name: add-administrator-in-MDS + cp_mgmt_administrator: + authentication_method: check point password + email: admin@gmail.com + must_change_password: false + name: admin + password: secret + permissions_profile_list: + profile: read write all + domain: dom1 + phone_number: 1800-800-800 + state: present +""" + +RETURN = """ +cp_mgmt_administrator: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + authentication_method=dict(type='str', choices=['undefined', 'check point password', + 'os password', 'securid', 'radius', 'tacacs', 'ad authentication', 'api key']), + email=dict(type='str'), + expiration_date=dict(type='str'), + multi_domain_profile=dict(type='str'), + must_change_password=dict(type='bool'), + password=dict(type='str', no_log=True), + password_hash=dict(type='str', no_log=True), + permissions_profile=dict(type='str'), + permissions_profile_list=dict(type='list', elements='dict', options=dict( + profile=dict(type='str'), + domain=dict(type='str') + )), + phone_number=dict(type='str'), + radius_server=dict(type='str'), + tacacs_server=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'administrator' + + if module.params["permissions_profile_list"] is not None: + if module.params["permissions_profile"] is not None: + raise AssertionError("The use of both 'permissions_profile_list' and 'permissions_profile' arguments isn't allowed") + module.params["permissions_profile"] = module.params["permissions_profile_list"] + module.params.pop("permissions_profile_list") + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator_facts.py new file mode 100644 index 00000000..affd2feb --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_administrator_facts +short_description: Get administrator objects facts on Checkpoint over Web Services API +description: + - Get administrator objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-administrator + cp_mgmt_administrator_facts: + name: admin + +- name: show-administrators + cp_mgmt_administrator_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "administrator" + api_call_object_plural_version = "administrators" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site.py new file mode 100644 index 00000000..36b042a1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site.py @@ -0,0 +1,180 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site +short_description: Manages application-site objects on Check Point over Web Services API +description: + - Manages application-site objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + primary_category: + description: + - Each application is assigned to one primary category based on its most defining aspect. + type: str + url_list: + description: + - URLs that determine this particular application. + type: list + elements: str + application_signature: + description: + - Application signature generated by <a + href="https,//supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103051">Signature Tool</a>. + type: str + additional_categories: + description: + - Used to configure or edit the additional categories of a custom application / site used in the Application and URL Filtering or Threat Prevention. + type: list + elements: str + description: + description: + - A description for the application. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + urls_defined_as_regular_expression: + description: + - States whether the URL is defined as a Regular Expression or not. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-application-site + cp_mgmt_application_site: + additional_categories: + - Instant Chat + - Supports Streaming + - New Application Site Category 1 + description: My Application Site + name: New Application Site 1 + primary_category: Social Networking + state: present + url_list: + - www.cnet.com + - www.stackoverflow.com + urls_defined_as_regular_expression: false + +- name: set-application-site + cp_mgmt_application_site: + description: My New Application Site + name: New Application Site 1 + primary_category: Instant Chat + state: present + urls_defined_as_regular_expression: true + +- name: delete-application-site + cp_mgmt_application_site: + name: New Application Site 2 + state: absent +""" + +RETURN = """ +cp_mgmt_application_site: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + primary_category=dict(type='str'), + url_list=dict(type='list', elements='str'), + application_signature=dict(type='str'), + additional_categories=dict(type='list', elements='str'), + description=dict(type='str'), + tags=dict(type='list', elements='str'), + urls_defined_as_regular_expression=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'application-site' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category.py new file mode 100644 index 00000000..4c3d94d1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site_category +short_description: Manages application-site-category objects on Check Point over Web Services API +description: + - Manages application-site-category objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + description: + description: + - N/A + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-application-site-category + cp_mgmt_application_site_category: + description: My Application Site category + name: New Application Site Category 1 + state: present + +- name: set-application-site-category + cp_mgmt_application_site_category: + description: My new Application Site category + name: New Application Site Category 1 + state: present + +- name: delete-application-site-category + cp_mgmt_application_site_category: + name: New Application Site Category 2 + state: absent +""" + +RETURN = """ +cp_mgmt_application_site_category: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + description=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'application-site-category' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category_facts.py new file mode 100644 index 00000000..3c3653b5 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site_category_facts +short_description: Get application-site-category objects facts on Check Point over Web Services API +description: + - Get application-site-category objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-application-site-category + cp_mgmt_application_site_category_facts: + name: Social Networking + +- name: show-application-site-categories + cp_mgmt_application_site_category_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "application-site-category" + api_call_object_plural_version = "application-site-categories" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_facts.py new file mode 100644 index 00000000..2618cf6f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_facts.py @@ -0,0 +1,137 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site_facts +short_description: Get application-site objects facts on Check Point over Web Services API +description: + - Get application-site objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + application_id: + description: + - Object application identifier. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-application-site + cp_mgmt_application_site_facts: + name: facebook + +- name: show-application-sites + cp_mgmt_application_site_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + application_id=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "application-site" + api_call_object_plural_version = "application-sites" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group.py new file mode 100644 index 00000000..58c07277 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group.py @@ -0,0 +1,147 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site_group +short_description: Manages application-site-group objects on Check Point over Web Services API +description: + - Manages application-site-group objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + members: + description: + - Collection of application and URL filtering objects identified by the name or UID. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-application-site-group + cp_mgmt_application_site_group: + members: + - facebook + - Social Networking + - New Application Site 1 + - New Application Site Category 1 + name: New Application Site Group 1 + state: present + +- name: set-application-site-group + cp_mgmt_application_site_group: + name: New Application Site Group 1 + members: + - AliveProxy + state: present + +- name: delete-application-site-group + cp_mgmt_application_site_group: + name: New Application Site Group 1 + state: absent +""" + +RETURN = """ +cp_mgmt_application_site_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + members=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'application-site-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group_facts.py new file mode 100644 index 00000000..8a7ac74d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group_facts.py @@ -0,0 +1,137 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_application_site_group_facts +short_description: Get application-site-group objects facts on Check Point over Web Services API +description: + - Get application-site-group objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-application-site-group + cp_mgmt_application_site_group_facts: + name: New Application Site Group 1 + +- name: show-application-site-groups + cp_mgmt_application_site_group_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "application-site-group" + api_call_object_plural_version = "application-site-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_approve_session.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_approve_session.py new file mode 100644 index 00000000..d87b5738 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_approve_session.py @@ -0,0 +1,77 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_approve_session +short_description: Workflow feature - Approve and Publish the session. +description: + - Workflow feature - Approve and Publish the session. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + uid: + description: + - Session unique identifier. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: approve-session + cp_mgmt_approve_session: + uid: 41e821a0-3720-11e3-aa6e-0800200c9fde +""" + +RETURN = """ +cp_mgmt_approve_session: + description: The checkpoint approve-session output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + uid=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "approve-session" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_assign_global_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_assign_global_assignment.py new file mode 100644 index 00000000..f1b1df75 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_assign_global_assignment.py @@ -0,0 +1,92 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_assign_global_assignment +short_description: assign global assignment on Check Point over Web Services API +description: + - assign global assignment on Check Point over Web Services API + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + dependent_domains: + description: + - N/A + type: list + elements: str + global_domains: + description: + - N/A + type: list + elements: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: assign-global-assignment + cp_mgmt_assign_global_assignment: + dependent_domains: domain1 + global_domains: Global2 +""" + +RETURN = """ +cp_mgmt_assign_global_assignment: + description: The checkpoint assign-global-assignment output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + dependent_domains=dict(type='list', elements='str'), + global_domains=dict(type='list', elements='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "assign-global-assignment" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_network_feed.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_network_feed.py new file mode 100644 index 00000000..8c93bf16 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_network_feed.py @@ -0,0 +1,203 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_check_network_feed +short_description: Check if a target can reach or parse a network feed; can work with an existing feed object or with a + new one (by providing all relevant feed parameters). +description: + - Check if a target can reach or parse a network feed; can work with an existing feed object or with a new one (by providing all relevant feed parameters). + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str + network_feed: + description: + - network feed parameters. + type: dict + suboptions: + name: + description: + - Object name. + type: str + feed_url: + description: + - URL of the feed. URL should be written as http or https. + type: str + certificate_id: + description: + - Certificate SHA-1 fingerprint to access the feed. + type: str + feed_format: + description: + - Feed file format. + type: str + choices: ['Flat List', 'JSON'] + feed_type: + description: + - Feed type to be enforced. + type: str + choices: ['Domain', 'IP Address', 'IP Address/Domain'] + password: + description: + - password for authenticating with the URL. + type: str + username: + description: + - username for authenticating with the URL. + type: str + custom_header: + description: + - Headers to allow different authentication methods with the URL. + type: list + elements: dict + suboptions: + header_name: + description: + - The name of the HTTP header we wish to add. + type: str + header_value: + description: + - The name of the HTTP value we wish to add. + type: str + update_interval: + description: + - Interval in minutes for updating the feed on the Security Gateway. + type: int + data_column: + description: + - Number of the column that contains the feed's data. + type: int + fields_delimiter: + description: + - The delimiter that separates between the columns in the feed. + type: str + ignore_lines_that_start_with: + description: + - A prefix that will determine which lines to ignore. + type: str + json_query: + description: + - JQ query to be parsed. + type: str + use_gateway_proxy: + description: + - Use the gateway's proxy for retrieving the feed. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain + only and with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: check-network-feed + cp_mgmt_check_network_feed: + network_feed: + name: existing_feed + targets: corporate-gateway +""" + +RETURN = """ +cp_mgmt_check_network_feed: + description: The checkpoint check-network-feed output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + targets=dict(type='list', elements='str'), + network_feed=dict(type='dict', options=dict( + name=dict(type='str'), + feed_url=dict(type='str'), + certificate_id=dict(type='str'), + feed_format=dict(type='str', choices=['Flat List', 'JSON']), + feed_type=dict(type='str', choices=['Domain', 'IP Address', 'IP Address/Domain']), + password=dict(type='str', no_log=True), + username=dict(type='str'), + custom_header=dict(type='list', elements='dict', options=dict( + header_name=dict(type='str'), + header_value=dict(type='str') + )), + update_interval=dict(type='int'), + data_column=dict(type='int'), + fields_delimiter=dict(type='str'), + ignore_lines_that_start_with=dict(type='str'), + json_query=dict(type='str'), + use_gateway_proxy=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + )), + auto_publish_session=dict(type='bool') + + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "check-network-feed" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_threat_ioc_feed.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_threat_ioc_feed.py new file mode 100644 index 00000000..933349c9 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_threat_ioc_feed.py @@ -0,0 +1,223 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_check_threat_ioc_feed +short_description: Check if a target can reach or parse a threat IOC feed; can work with an existing feed object or with + a new one (by providing all relevant feed parameters). +description: + - Check if a target can reach or parse a threat IOC feed; can work with an existing feed object or with a new one (by providing all relevant feed + parameters). + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + ioc_feed: + description: + - threat ioc feed parameters. + type: dict + suboptions: + name: + description: + - Object name. + type: str + feed_url: + description: + - URL of the feed. URL should be written as http or https. + type: str + action: + description: + - The feed indicator's action. + type: str + choices: ['Prevent', 'Detect'] + certificate_id: + description: + - Certificate SHA-1 fingerprint to access the feed. + type: str + custom_comment: + description: + - Custom IOC feed - the column number of comment. + type: int + custom_confidence: + description: + - Custom IOC feed - the column number of confidence. + type: int + custom_header: + description: + - Custom HTTP headers. + type: list + elements: dict + suboptions: + header_name: + description: + - The name of the HTTP header we wish to add. + type: str + header_value: + description: + - The name of the HTTP value we wish to add. + type: str + custom_name: + description: + - Custom IOC feed - the column number of name. + type: int + custom_severity: + description: + - Custom IOC feed - the column number of severity. + type: int + custom_type: + description: + - Custom IOC feed - the column number of type in case a specific type is not chosen. + type: int + custom_value: + description: + - Custom IOC feed - the column number of value in case a specific type is chosen. + type: int + enabled: + description: + - Sets whether this indicator feed is enabled. + type: bool + feed_type: + description: + - Feed type to be enforced. + type: str + choices: ['any type', 'domain', 'ip address', 'md5', 'url', 'ip range', 'mail subject', 'mail from', 'mail to', 'mail reply to', + 'mail cc', 'sha1', 'sha256'] + password: + description: + - password for authenticating with the URL. + type: str + use_custom_feed_settings: + description: + - Set in order to configure a custom indicator feed. + type: bool + username: + description: + - username for authenticating with the URL. + type: str + fields_delimiter: + description: + - The delimiter that separates between the columns in the feed. + type: str + ignore_lines_that_start_with: + description: + - A prefix that will determine which lines to ignore. + type: str + use_gateway_proxy: + description: + - Use the gateway's proxy for retrieving the feed. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: check-threat-ioc-feed + cp_mgmt_check_threat_ioc_feed: + ioc_feed: + name: existing_feed + targets: corporate-gateway +""" + +RETURN = """ +cp_mgmt_check_threat_ioc_feed: + description: The checkpoint check-threat-ioc-feed output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ioc_feed=dict(type='dict', options=dict( + name=dict(type='str'), + feed_url=dict(type='str'), + action=dict(type='str', choices=['Prevent', 'Detect']), + certificate_id=dict(type='str'), + custom_comment=dict(type='int'), + custom_confidence=dict(type='int'), + custom_header=dict(type='list', elements='dict', options=dict( + header_name=dict(type='str'), + header_value=dict(type='str') + )), + custom_name=dict(type='int'), + custom_severity=dict(type='int'), + custom_type=dict(type='int'), + custom_value=dict(type='int'), + enabled=dict(type='bool'), + feed_type=dict(type='str', choices=['any type', 'domain', 'ip address', 'md5', 'url', 'ip range', + 'mail subject', 'mail from', 'mail to', 'mail reply to', 'mail cc', 'sha1', 'sha256']), + password=dict(type='str', no_log=True), + use_custom_feed_settings=dict(type='bool'), + username=dict(type='str'), + fields_delimiter=dict(type='str'), + ignore_lines_that_start_with=dict(type='str'), + use_gateway_proxy=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + targets=dict(type='list', elements='str'), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "check-threat-ioc-feed" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_cluster_members_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_cluster_members_facts.py new file mode 100644 index 00000000..203ce487 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_cluster_members_facts.py @@ -0,0 +1,147 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_cluster_members_facts +short_description: Retrieve all existing cluster members in domain. +description: + - Retrieve all existing cluster members in domain. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + uid: + description: + - Cluster member unique identifier. + type: str + limit_interfaces: + description: + - Limit number of cluster member interfaces to show. + type: int + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-cluster-member + cp_mgmt_cluster_members_facts: + uid: 871a47b9-0000-4444-555-593c2111111 + +- name: show-cluster-members + cp_mgmt_cluster_members_facts: + details_level: standard + limit: 5 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + uid=dict(type='str'), + limit_interfaces=dict(type='int'), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "cluster-member" + api_call_object_plural_version = "cluster-members" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_connect_cloud_services.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_connect_cloud_services.py new file mode 100644 index 00000000..9194f9a0 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_connect_cloud_services.py @@ -0,0 +1,82 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_connect_cloud_services +short_description: Securely connect the Management Server to Check Point's Infinity Portal. <br>This is a preliminary operation so that the management server + can use various Check Point cloud-based security services hosted in the Infinity Portal. +description: + - Securely connect the Management Server to Check Point's Infinity Portal. <br>This is a preliminary operation so that the management server can use + various Check Point cloud-based security services hosted in the Infinity Portal. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + auth_token: + description: + - Copy the authentication token from the Smart-1 cloud service hosted in the Infinity Portal. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: connect-cloud-services + cp_mgmt_connect_cloud_services: + #sgignore next_line + auth_token: aHR0cHM6Ly9kZXYtY2xvdWRpbmZyYS1ndy5rdWJlMS5pYWFzLmNoZWNrcG9pbnQuY29tL2FwcC9tYWFzL2FwaS92Mi9tYW5hZ2VtZW50 + cy9hZmJlYWRlYS04Y2U2LTRlYTUtOTI4OS00ZTQ0N2M0ZjgyMTvY2xvdWRBY2Nlc3MvP290cD02ZWIzNThlOS1hMzkxLTQxOGQtYjlmZ + i0xOGIxOTQwOGJlN2Y= +""" + +RETURN = """ +cp_mgmt_connect_cloud_services: + description: The checkpoint connect-cloud-services output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + auth_token=dict(type='str', no_log=True) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "connect-cloud-services" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_data_center_object_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_data_center_object_facts.py new file mode 100644 index 00000000..41400cf0 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_data_center_object_facts.py @@ -0,0 +1,129 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_data_center_object_facts +short_description: Get data-center-object objects facts on Checkpoint over Web Services API +description: + - Get data-center-object objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-data-center-object + cp_mgmt_data_center_object_facts: + name: VM1 mgmt name + +- name: show-data-center-objects + cp_mgmt_data_center_object_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "data-center-object" + api_call_object_plural_version = "data-center-objects" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_api_key.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_api_key.py new file mode 100644 index 00000000..4839a1f2 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_api_key.py @@ -0,0 +1,89 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_api_key +short_description: Delete the API key. For the key to be invalid publish is needed. +description: + - Delete the API key. For the key to be invalid publish is needed. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + api_key: + description: + - API key to be deleted. + type: str + admin_uid: + description: + - Administrator uid to generate API key for. + type: str + admin_name: + description: + - Administrator name to generate API key for. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-api-key + cp_mgmt_delete_api_key: + #sgignore next_line + api_key: eea3be76f4a8eb740ee872bcedc692748ff256a2d21c9ffd2754facbde046d00 + state: absent +""" + +RETURN = """ +cp_mgmt_delete_api_key: + description: The checkpoint delete-api-key output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + api_key=dict(type='str', no_log=True), + admin_uid=dict(type='str'), + admin_name=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "delete-api-key" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_data_center_object.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_data_center_object.py new file mode 100644 index 00000000..52f4b663 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_data_center_object.py @@ -0,0 +1,95 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_data_center_object +short_description: Delete existing object using object name or uid. +description: + - Delete existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-data-center-object + cp_mgmt_delete_data_center_object: + name: VM1 mgmt name + state: absent +""" + +RETURN = """ +cp_mgmt_delete_data_center_object: + description: The checkpoint delete-data-center-object output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "delete-data-center-object" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_domain.py new file mode 100644 index 00000000..4b356fd4 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_domain.py @@ -0,0 +1,94 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_domain +short_description: Delete existing object using object name or uid. +description: + - Delete existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-domain + cp_mgmt_delete_domain: + name: domain1 +""" + +RETURN = """ +cp_mgmt_domain: + description: The checkpoint delete-domain output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + command = 'delete-domain' + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_nat_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_nat_rule.py new file mode 100644 index 00000000..2915667f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_nat_rule.py @@ -0,0 +1,90 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_nat_rule +short_description: Delete existing object using object name or uid. +description: + - Delete existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + rule_number: + description: + - Rule number. + type: str + package: + description: + - Name of the package. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-nat-rule + cp_mgmt_delete_nat_rule: + package: standard + state: absent +""" + +RETURN = """ +cp_mgmt_delete_nat_rule: + description: The checkpoint delete-nat-rule output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + rule_number=dict(type='str'), + package=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "delete-nat-rule" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_rules_batch.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_rules_batch.py new file mode 100644 index 00000000..8e17898b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_rules_batch.py @@ -0,0 +1,123 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_rules_batch +short_description: Delete rules in batch from the same layer. Use this API to achieve optimum performance when removing more than one rule. +description: + - Delete rules in batch from the same layer. Use this API to achieve optimum performance when removing more than one rule. + - Warnings are ignored when using this API, operation will apply changes while ignoring warnings. + - Supported rules types are access-rule, nat-rule, https-rule and threat-exception. + - This module is not idempotent. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + objects: + description: + - Batch of rules separated by types. + type: list + elements: dict + suboptions: + layer: + description: + - Layer name or uid. + type: str + type: + description: + - Type of rules to be deleted. <br>Only types from above are supported. + type: str + list: + description: + - List of rules from the same type to be deleted. <br>Use the "delete" API reference documentation for a single rule command to find the + expected fields for the request.<br>For example, to delete access-rule, use the "delete-access-rule" command found in the API reference + documentation (under Access Control & NAT). <br>Note, "ignore-errors", "ignore-warnings" and "details-level" options are not supported when + deleting a batch of objects. + type: list + elements: dict + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-rules-batch + cp_mgmt_delete_rules_batch: + objects: + - layer: Network + list: + - rule_number: 1 + - rule_number: 2 + type: access-rule + - layer: Standard + list: + - rule_number: 1 + - rule_number: 2 + type: nat-rule + - layer: Default Layer + list: + - rule_number: 1 + - rule_number: 2 + type: https-rule + state: absent +""" + +RETURN = """ +cp_mgmt_delete_rules_batch: + description: The checkpoint delete-rules-batch output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + objects=dict(type='list', elements='dict', options=dict( + layer=dict(type='str'), + type=dict(type='str'), + list=dict(type='list', elements='dict') + )), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "delete-rules-batch" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_discard.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_discard.py new file mode 100644 index 00000000..7dc4844e --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_discard.py @@ -0,0 +1,76 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_discard +short_description: All changes done by user are discarded and removed from database. +description: + - All changes done by user are discarded and removed from database. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + uid: + description: + - Session unique identifier. Specify it to discard a different session than the one you currently use. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: discard + cp_mgmt_discard: +""" + +RETURN = """ +cp_mgmt_discard: + description: The checkpoint discard output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + uid=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "discard" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_disconnect_cloud_services.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_disconnect_cloud_services.py new file mode 100644 index 00000000..82073cc7 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_disconnect_cloud_services.py @@ -0,0 +1,78 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_disconnect_cloud_services +short_description: Disconnect the Management Server from Check Point's Infinity Portal. +description: + - Disconnect the Management Server from Check Point's Infinity Portal. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + force: + description: + - Disconnect the Management Server from Check Point Infinity Portal, and reset the connection locally, regardless of the result in the Infinity + Portal. This flag can be used if the disconnect-cloud-services command failed. Since with this flag this command affects only the local configuration, + make sure to disconnect the Management Server in the Infinity Portal as well. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: disconnect-cloud-services + cp_mgmt_disconnect_cloud_services: +""" + +RETURN = """ +cp_mgmt_disconnect_cloud_services: + description: The checkpoint disconnect-cloud-services output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + force=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "disconnect-cloud-services" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain.py new file mode 100644 index 00000000..127dce06 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain.py @@ -0,0 +1,135 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_dns_domain +short_description: Manages dns-domain objects on Check Point over Web Services API +description: + - Manages dns-domain objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + is_sub_domain: + description: + - Whether to match sub-domains in addition to the domain itself. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-dns-domain + cp_mgmt_dns_domain: + is_sub_domain: false + name: .www.example.com + state: present + +- name: set-dns-domain + cp_mgmt_dns_domain: + is_sub_domain: true + name: .www.example.com + state: present + +- name: delete-dns-domain + cp_mgmt_dns_domain: + name: .example.com + state: absent +""" + +RETURN = """ +cp_mgmt_dns_domain: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + is_sub_domain=dict(type='bool'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'dns-domain' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain_facts.py new file mode 100644 index 00000000..87ab82c4 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_dns_domain_facts +short_description: Get dns-domain objects facts on Check Point over Web Services API +description: + - Get dns-domain objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-dns-domain + cp_mgmt_dns_domain_facts: + name: .www.example.com + +- name: show-dns-domains + cp_mgmt_dns_domain_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "dns-domain" + api_call_object_plural_version = "dns-domains" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_facts.py new file mode 100644 index 00000000..e6fab144 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_facts.py @@ -0,0 +1,134 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_domain_facts +short_description: Get domain objects facts on Checkpoint over Web Services API +description: + - Get domain objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: checkpoint_facts +""" + +EXAMPLES = """ +- name: show-domain + cp_mgmt_domain_facts: + name: domain1 + +- name: show-domains + cp_mgmt_domain_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "domain" + api_call_object_plural_version = "domains" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile.py new file mode 100644 index 00000000..d327f30f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile.py @@ -0,0 +1,598 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_domain_permissions_profile +short_description: Manages domain-permissions-profile objects on Checkpoint over Web Services API +description: + - Manages domain-permissions-profile objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + permission_type: + description: + - The type of the Permissions Profile. + type: str + choices: ['read write all', 'read only all', 'customized'] + edit_common_objects: + description: + - Define and manage objects in the Check Point database, Network Objects, Services, Custom Application Site, VPN Community, Users, Servers, + Resources, Time, UserCheck, and Limit.<br>Only a 'Customized' permission-type profile can edit this permission. + type: bool + access_control: + description: + - Access Control permissions.<br>Only a 'Customized' permission-type profile can edit these permissions. + type: dict + suboptions: + show_policy: + description: + - Select to let administrators work with Access Control rules and NAT rules. If not selected, administrators cannot see these rules. + type: bool + policy_layers: + description: + - Layer editing permissions.<br>Available only if show-policy is set to true. + type: dict + suboptions: + edit_layers: + description: + - a "By Software Blades" - Edit Access Control layers that contain the blades enabled in the Permissions Profile.<br>"By + Selected Profile In A Layer Editor" - Administrators can only edit the layer if the Access Control layer editor gives editing permission to + their profiles. + type: str + choices: ['By Software Blades', 'By Selected Profile In A Layer Editor'] + app_control_and_url_filtering: + description: + - Use Application and URL Filtering in Access Control rules.<br>Available only if edit-layers is set to "By Software Blades". + type: bool + content_awareness: + description: + - Use specified data types in Access Control rules.<br>Available only if edit-layers is set to "By Software Blades". + type: bool + firewall: + description: + - Work with Access Control and other Software Blades that do not have their own Policies.<br>Available only if edit-layers is + set to "By Software Blades". + type: bool + mobile_access: + description: + - Work with Mobile Access rules.<br>Available only if edit-layers is set to "By Software Blades". + type: bool + dlp_policy: + description: + - Configure DLP rules and Policies. + type: str + choices: ['read', 'write', 'disabled'] + geo_control_policy: + description: + - Work with Access Control rules that control traffic to and from specified countries. + type: str + choices: ['read', 'write', 'disabled'] + nat_policy: + description: + - Work with NAT in Access Control rules. + type: str + choices: ['read', 'write', 'disabled'] + qos_policy: + description: + - Work with QoS Policies and rules. + type: str + choices: ['read', 'write', 'disabled'] + access_control_objects_and_settings: + description: + - Allow editing of the following objet types, VPN Community, Access Role, Custom application group,Custom application, Custom category, + Limit, Application - Match Settings, Application Category - Match Settings,Override Categorization, Application and URL filtering blade - Advanced + Settings, Content Awareness blade - Advanced Settings. + type: str + choices: ['read', 'write', 'disabled'] + app_control_and_url_filtering_update: + description: + - Install Application and URL Filtering updates. + type: bool + install_policy: + description: + - Install Access Control Policies. + type: bool + endpoint: + description: + - Endpoint permissions. Not supported for Multi-Domain Servers.<br>Only a 'Customized' permission-type profile can edit these permissions. + type: dict + suboptions: + manage_policies_and_software_deployment: + description: + - The administrator can work with policies, rules and actions. + type: bool + edit_endpoint_policies: + description: + - Available only if manage-policies-and-software-deployment is set to true. + type: bool + policies_installation: + description: + - The administrator can install policies on endpoint computers. + type: bool + edit_software_deployment: + description: + - The administrator can define deployment rules, create packages for export, and configure advanced package settings.<br>Available only + if manage-policies-and-software-deployment is set to true. + type: bool + software_deployment_installation: + description: + - The administrator can deploy packages and install endpoint clients. + type: bool + allow_executing_push_operations: + description: + - The administrator can start operations that the Security Management Server pushes directly to client computers with no policy + installation required. + type: bool + authorize_preboot_users: + description: + - The administrator can add and remove the users who are permitted to log on to Endpoint Security client computers with Full Disk Encryption. + type: bool + recovery_media: + description: + - The administrator can create recovery media on endpoint computers and devices. + type: bool + remote_help: + description: + - The administrator can use the Remote Help feature to reset user passwords and give access to locked out users. + type: bool + reset_computer_data: + description: + - The administrator can reset a computer, which deletes all information about the computer from the Security Management Server. + type: bool + events_and_reports: + description: + - Events and Reports permissions.<br>Only a 'Customized' permission-type profile can edit these permissions. + type: dict + suboptions: + smart_event: + description: + - a 'Custom' - Configure SmartEvent permissions. + type: str + choices: ['custom', 'app control and url filtering reports only'] + events: + description: + - Work with event queries on the Events tab. Create custom event queries.<br>Available only if smart-event is set to 'Custom'. + type: str + choices: ['read', 'write', 'disabled'] + policy: + description: + - Configure SmartEvent Policy rules and install SmartEvent Policies.<br>Available only if smart-event is set to 'Custom'. + type: str + choices: ['read', 'write', 'disabled'] + reports: + description: + - Create and run SmartEvent reports.<br>Available only if smart-event is set to 'Custom'. + type: bool + gateways: + description: + - Gateways permissions. <br>Only a 'Customized' permission-type profile can edit these permissions. + type: dict + suboptions: + smart_update: + description: + - Install, update and delete Check Point licenses. This includes permissions to use SmartUpdate to manage licenses. + type: str + choices: ['read', 'write', 'disabled'] + lsm_gw_db: + description: + - Access to objects defined in LSM gateway tables. These objects are managed in the SmartProvisioning GUI or LSMcli + command-line.<br>Note, 'Write' permission on lsm-gw-db allows administrator to run a script on SmartLSM gateway in Expert mode. + type: str + choices: ['read', 'write', 'disabled'] + manage_provisioning_profiles: + description: + - Administrator can add, edit, delete, and assign provisioning profiles to gateways (both LSM and non-LSM).<br>Available for edit only + if lsm-gw-db is set with 'Write' permission.<br>Note, 'Read' permission on lsm-gw-db enables 'Read' permission for manage-provisioning-profiles. + type: str + choices: ['read', 'write', 'disabled'] + vsx_provisioning: + description: + - Create and configure Virtual Systems and other VSX virtual objects. + type: bool + system_backup: + description: + - Backup Security Gateways. + type: bool + system_restore: + description: + - Restore Security Gateways from saved backups. + type: bool + open_shell: + description: + - Use the SmartConsole CLI to run commands. + type: bool + run_one_time_script: + description: + - Run user scripts from the command line. + type: bool + run_repository_script: + description: + - Run scripts from the repository. + type: bool + manage_repository_scripts: + description: + - Add, change and remove scripts in the repository. + type: str + choices: ['read', 'write', 'disabled'] + management: + description: + - Management permissions. + type: dict + suboptions: + cme_operations: + description: + - Permission to read / edit the Cloud Management Extension (CME) configuration.<br>Not supported for Multi-Domain Servers. + type: str + choices: ['read', 'write', 'disabled'] + manage_admins: + description: + - Controls the ability to manage Administrators, Permission Profiles, Trusted clients,API settings and Policy settings.<br>Only a "Read + Write All" permission-type profile can edit this permission.<br>Not supported for Multi-Domain Servers. + type: bool + management_api_login: + description: + - Permission to log in to the Security Management Server and run API commands using thesetools, mgmt_cli (Linux and Windows binaries), + Gaia CLI (clish) and Web Services (REST). Useful if you want to prevent administrators from running automatic scripts on the Management.<br>Note, + This permission is not required to run commands from within the API terminal in SmartConsole.<br>Not supported for Multi-Domain Servers. + type: bool + manage_sessions: + description: + - Lets you disconnect, discard, publish, or take over other administrator sessions.<br>Only a "Read Write All" permission-type profile + can edit this permission. + type: bool + high_availability_operations: + description: + - Configure and work with Domain High Availability.<br>Only a 'Customized' permission-type profile can edit this permission. + type: bool + approve_or_reject_sessions: + description: + - Approve / reject other sessions. + type: bool + publish_sessions: + description: + - Allow session publishing without an approval. + type: bool + manage_integration_with_cloud_services: + description: + - Manage integration with Cloud Services. + type: bool + monitoring_and_logging: + description: + - Monitoring and Logging permissions.<br>'Customized' permission-type profile can edit all these permissions. "Read Write All" permission-type + can edit only dlp-logs-including-confidential-fields and manage-dlp-messages permissions. + type: dict + suboptions: + monitoring: + description: + - See monitoring views and reports. + type: str + choices: ['read', 'write', 'disabled'] + management_logs: + description: + - See Multi-Domain Server audit logs. + type: str + choices: ['read', 'write', 'disabled'] + track_logs: + description: + - Use the log tracking features in SmartConsole. + type: str + choices: ['read', 'write', 'disabled'] + app_and_url_filtering_logs: + description: + - Work with Application and URL Filtering logs. + type: bool + https_inspection_logs: + description: + - See logs generated by HTTPS Inspection. + type: bool + packet_capture_and_forensics: + description: + - See logs generated by the IPS and Forensics features. + type: bool + show_packet_capture_by_default: + description: + - Enable packet capture by default. + type: bool + identities: + description: + - Show user and computer identity information in logs. + type: bool + show_identities_by_default: + description: + - Show user and computer identity information in logs by default. + type: bool + dlp_logs_including_confidential_fields: + description: + - Show DLP logs including confidential fields. + type: bool + manage_dlp_messages: + description: + - View/Release/Discard DLP messages.<br>Available only if dlp-logs-including-confidential-fields is set to true. + type: bool + threat_prevention: + description: + - Threat Prevention permissions.<br>Only a 'Customized' permission-type profile can edit these permissions. + type: dict + suboptions: + policy_layers: + description: + - Configure Threat Prevention Policy rules.<br>Note, To have policy-layers permissions you must set policy-exceptionsand profiles + permissions. To have 'Write' permissions for policy-layers, policy-exceptions must be set with 'Write' permission as well. + type: str + choices: ['read', 'write', 'disabled'] + edit_layers: + description: + - a 'ALL' - Gives permission to edit all layers.<br>"By Selected Profile In A Layer Editor" - Administrators can only edit the layer + if the Threat Prevention layer editor gives editing permission to their profiles.<br>Available only if policy-layers is set to 'Write'. + type: str + choices: ['By Selected Profile In A Layer Editor', 'All'] + edit_settings: + description: + - Work with general Threat Prevention settings. + type: bool + policy_exceptions: + description: + - Configure exceptions to Threat Prevention rules.<br>Note, To have policy-exceptions you must set the protections permission. + type: str + choices: ['read', 'write', 'disabled'] + profiles: + description: + - Configure Threat Prevention profiles. + type: str + choices: ['read', 'write', 'disabled'] + protections: + description: + - Work with malware protections. + type: str + choices: ['read', 'write', 'disabled'] + install_policy: + description: + - Install Policies. + type: bool + ips_update: + description: + - Update IPS protections.<br>Note, You do not have to log into the User Center to receive IPS updates. + type: bool + others: + description: + - Additional permissions.<br>Only a 'Customized' permission-type profile can edit these permissions. + type: dict + suboptions: + client_certificates: + description: + - Create and manage client certificates for Mobile Access. + type: bool + edit_cp_users_db: + description: + - Work with user accounts and groups. + type: bool + https_inspection: + description: + - Enable and configure HTTPS Inspection rules. + type: str + choices: ['read', 'write', 'disabled'] + ldap_users_db: + description: + - Work with the LDAP database and user accounts, groups and OUs. + type: str + choices: ['read', 'write', 'disabled'] + user_authority_access: + description: + - Work with Check Point User Authority authentication. + type: str + choices: ['read', 'write', 'disabled'] + user_device_mgmt_conf: + description: + - Gives access to the UDM (User & Device Management) web-based application that handles security challenges in a "bring your own device" + (BYOD) workspace. + type: str + choices: ['read', 'write', 'disabled'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-domain-permissions-profile + cp_mgmt_domain_permissions_profile: + name: customized profile + state: present + +- name: set-domain-permissions-profile + cp_mgmt_domain_permissions_profile: + access_control.policy_layers: By Selected Profile In A Layer Editor + name: read profile + permission_type: customized + state: present + +- name: delete-domain-permissions-profile + cp_mgmt_domain_permissions_profile: + name: profile + state: absent +""" + +RETURN = """ +cp_mgmt_domain_permissions_profile: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + permission_type=dict(type='str', choices=['read write all', 'read only all', 'customized']), + edit_common_objects=dict(type='bool'), + access_control=dict(type='dict', options=dict( + show_policy=dict(type='bool'), + policy_layers=dict(type='dict', options=dict( + edit_layers=dict(type='str', choices=['By Software Blades', 'By Selected Profile In A Layer Editor']), + app_control_and_url_filtering=dict(type='bool'), + content_awareness=dict(type='bool'), + firewall=dict(type='bool'), + mobile_access=dict(type='bool') + )), + dlp_policy=dict(type='str', choices=['read', 'write', 'disabled']), + geo_control_policy=dict(type='str', choices=['read', 'write', 'disabled']), + nat_policy=dict(type='str', choices=['read', 'write', 'disabled']), + qos_policy=dict(type='str', choices=['read', 'write', 'disabled']), + access_control_objects_and_settings=dict(type='str', choices=['read', 'write', 'disabled']), + app_control_and_url_filtering_update=dict(type='bool'), + install_policy=dict(type='bool') + )), + endpoint=dict(type='dict', options=dict( + manage_policies_and_software_deployment=dict(type='bool'), + edit_endpoint_policies=dict(type='bool'), + policies_installation=dict(type='bool'), + edit_software_deployment=dict(type='bool'), + software_deployment_installation=dict(type='bool'), + allow_executing_push_operations=dict(type='bool'), + authorize_preboot_users=dict(type='bool'), + recovery_media=dict(type='bool'), + remote_help=dict(type='bool'), + reset_computer_data=dict(type='bool') + )), + events_and_reports=dict(type='dict', options=dict( + smart_event=dict(type='str', choices=['custom', 'app control and url filtering reports only']), + events=dict(type='str', choices=['read', 'write', 'disabled']), + policy=dict(type='str', choices=['read', 'write', 'disabled']), + reports=dict(type='bool') + )), + gateways=dict(type='dict', options=dict( + smart_update=dict(type='str', choices=['read', 'write', 'disabled']), + lsm_gw_db=dict(type='str', choices=['read', 'write', 'disabled']), + manage_provisioning_profiles=dict(type='str', choices=['read', 'write', 'disabled']), + vsx_provisioning=dict(type='bool'), + system_backup=dict(type='bool'), + system_restore=dict(type='bool'), + open_shell=dict(type='bool'), + run_one_time_script=dict(type='bool'), + run_repository_script=dict(type='bool'), + manage_repository_scripts=dict(type='str', choices=['read', 'write', 'disabled']) + )), + management=dict(type='dict', options=dict( + cme_operations=dict(type='str', choices=['read', 'write', 'disabled']), + manage_admins=dict(type='bool'), + management_api_login=dict(type='bool'), + manage_sessions=dict(type='bool'), + high_availability_operations=dict(type='bool'), + approve_or_reject_sessions=dict(type='bool'), + publish_sessions=dict(type='bool'), + manage_integration_with_cloud_services=dict(type='bool') + )), + monitoring_and_logging=dict(type='dict', options=dict( + monitoring=dict(type='str', choices=['read', 'write', 'disabled']), + management_logs=dict(type='str', choices=['read', 'write', 'disabled']), + track_logs=dict(type='str', choices=['read', 'write', 'disabled']), + app_and_url_filtering_logs=dict(type='bool'), + https_inspection_logs=dict(type='bool'), + packet_capture_and_forensics=dict(type='bool'), + show_packet_capture_by_default=dict(type='bool'), + identities=dict(type='bool'), + show_identities_by_default=dict(type='bool'), + dlp_logs_including_confidential_fields=dict(type='bool'), + manage_dlp_messages=dict(type='bool') + )), + threat_prevention=dict(type='dict', options=dict( + policy_layers=dict(type='str', choices=['read', 'write', 'disabled']), + edit_layers=dict(type='str', choices=['By Selected Profile In A Layer Editor', 'All']), + edit_settings=dict(type='bool'), + policy_exceptions=dict(type='str', choices=['read', 'write', 'disabled']), + profiles=dict(type='str', choices=['read', 'write', 'disabled']), + protections=dict(type='str', choices=['read', 'write', 'disabled']), + install_policy=dict(type='bool'), + ips_update=dict(type='bool') + )), + others=dict(type='dict', options=dict( + client_certificates=dict(type='bool'), + edit_cp_users_db=dict(type='bool'), + https_inspection=dict(type='str', choices=['read', 'write', 'disabled']), + ldap_users_db=dict(type='str', choices=['read', 'write', 'disabled']), + user_authority_access=dict(type='str', choices=['read', 'write', 'disabled']), + user_device_mgmt_conf=dict(type='str', choices=['read', 'write', 'disabled']) + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'domain-permissions-profile' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile_facts.py new file mode 100644 index 00000000..b923f393 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile_facts.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_domain_permissions_profile_facts +short_description: Get domain-permissions-profile objects facts on Checkpoint over Web Services API +description: + - Get domain-permissions-profile objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-domain-permissions-profile + cp_mgmt_domain_permissions_profile_facts: + name: profile + +- name: show-domain-permissions-profiles + cp_mgmt_domain_permissions_profile_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "domain-permissions-profile" + api_call_object_plural_version = "domain-permissions-profiles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object.py new file mode 100644 index 00000000..1a7ce5fa --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object.py @@ -0,0 +1,125 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_dynamic_object +short_description: Manages dynamic-object objects on Check Point over Web Services API +description: + - Manages dynamic-object objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-dynamic-object + cp_mgmt_dynamic_object: + color: yellow + comments: My Dynamic Object 1 + name: Dynamic_Object_1 + state: present + +- name: delete-dynamic-object + cp_mgmt_dynamic_object: + name: Dynamic_Object_2 + state: absent +""" + +RETURN = """ +cp_mgmt_dynamic_object: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'dynamic-object' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object_facts.py new file mode 100644 index 00000000..c049e040 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object_facts.py @@ -0,0 +1,129 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_dynamic_object_facts +short_description: Get dynamic-object objects facts on Check Point over Web Services API +description: + - Get dynamic-object objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-dynamic-object + cp_mgmt_dynamic_object_facts: + name: Dynamic_Object_1 + +- name: show-dynamic-objects + cp_mgmt_dynamic_object_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "dynamic-object" + api_call_object_plural_version = "dynamic-objects" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group.py new file mode 100644 index 00000000..025061d7 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group.py @@ -0,0 +1,179 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_exception_group +short_description: Manages exception-group objects on Check Point over Web Services API +description: + - Manages exception-group objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + applied_profile: + description: + - The threat profile to apply this group to in the case of apply-on threat-rules-with-specific-profile. + type: str + applied_threat_rules: + description: + - The threat rules to apply this group on in the case of apply-on manually-select-threat-rules. + type: dict + suboptions: + add: + description: + - Adds to collection of values + type: list + elements: dict + suboptions: + layer: + description: + - The layer of the threat rule to which the group is to be attached. + type: str + name: + description: + - The name of the threat rule to which the group is to be attached. + type: str + rule_number: + description: + - The rule-number of the threat rule to which the group is to be attached. + type: str + position: + description: + - Position in the rulebase. + type: str + apply_on: + description: + - An exception group can be set to apply on all threat rules, all threat rules which have a specific profile, or those rules manually chosen by the user. + type: str + choices: ['all-threat-rules', 'all-threat-rules-with-specific-profile', 'manually-select-threat-rules'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-exception-group + cp_mgmt_exception_group: + applied_threat_rules.0.layer: MyLayer + applied_threat_rules.0.name: MyThreatRule + apply_on: manually-select-threat-rules + name: exception_group_2 + state: present + +- name: set-exception-group + cp_mgmt_exception_group: + apply_on: all-threat-rules + name: exception_group_2 + state: present + tags: tag3 + +- name: delete-exception-group + cp_mgmt_exception_group: + name: exception_group_2 + state: absent +""" + +RETURN = """ +cp_mgmt_exception_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + applied_profile=dict(type='str'), + applied_threat_rules=dict(type='dict', options=dict( + add=dict(type='list', elements='dict', options=dict( + layer=dict(type='str'), + name=dict(type='str'), + rule_number=dict(type='str'), + position=dict(type='str') + )) + )), + apply_on=dict(type='str', choices=['all-threat-rules', 'all-threat-rules-with-specific-profile', 'manually-select-threat-rules']), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'exception-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group_facts.py new file mode 100644 index 00000000..cc88a3ab --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_exception_group_facts +short_description: Get exception-group objects facts on Check Point over Web Services API +description: + - Get exception-group objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-exception-group + cp_mgmt_exception_group_facts: + name: exception_group_2 + +- name: show-exception-groups + cp_mgmt_exception_group_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "exception-group" + api_call_object_plural_version = "exception-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_platform.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_platform.py new file mode 100644 index 00000000..21c5fb23 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_platform.py @@ -0,0 +1,82 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_get_platform +short_description: Get actual platform (Hardware, Version, OS) from gateway, cluster or Check Point host. +description: + - Get actual platform (Hardware, Version, OS) from gateway, cluster or Check Point host. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Gateway, cluster or Check Point host name. + type: str + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: get-platform + cp_mgmt_get_platform: + name: gw1 +""" + +RETURN = """ +cp_mgmt_get_platform: + description: The checkpoint get-platform output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "get-platform" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment.py new file mode 100644 index 00000000..08bce2b9 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_global_assignment +short_description: Manages global-assignment objects on Check Point over Web Services API +description: + - Manages global-assignment objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + dependent_domain: + description: + - N/A + type: str + global_access_policy: + description: + - Global domain access policy that is assigned to a dependent domain. + type: str + global_domain: + description: + - N/A + type: str + global_threat_prevention_policy: + description: + - Global domain threat prevention policy that is assigned to a dependent domain. + type: str + manage_protection_actions: + description: + - N/A + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-global-assignment + cp_mgmt_global_assignment: + dependent_domain: domain2 + global_access_policy: standard + global_domain: Global + global_threat_prevention_policy: standard + manage_protection_actions: true + state: present + +- name: set-global-assignment + cp_mgmt_global_assignment: + dependent_domain: domain1 + global_domain: Global2 + global_threat_prevention_policy: '' + manage_protection_actions: false + state: present + +- name: delete-global-assignment + cp_mgmt_global_assignment: + dependent_domain: domain1 + global_domain: Global2 + state: absent +""" + +RETURN = """ +cp_mgmt_global_assignment: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + dependent_domain=dict(type='str'), + global_access_policy=dict(type='str'), + global_domain=dict(type='str'), + global_threat_prevention_policy=dict(type='str'), + manage_protection_actions=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'global-assignment' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment_facts.py new file mode 100644 index 00000000..be5c1178 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_global_assignment_facts +short_description: Get global-assignment objects facts on Check Point over Web Services API +description: + - Get global-assignment objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + dependent_domain: + description: + - N/A + type: str + global_domain: + description: + - N/A + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-global-assignment + cp_mgmt_global_assignment_facts: + dependent_domain: domain1 + global_domain: Global2 + +- name: show-global-assignments + cp_mgmt_global_assignment_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + dependent_domain=dict(type='str'), + global_domain=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "global-assignment" + api_call_object_plural_version = "global-assignments" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group.py new file mode 100644 index 00000000..fd134ff1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group.py @@ -0,0 +1,143 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_group +short_description: Manages group objects on Check Point over Web Services API +description: + - Manages group objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + members: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-group + cp_mgmt_group: + members: + - New Host 1 + - My Test Host 3 + name: New Group 5 + state: present + +- name: set-group + cp_mgmt_group: + name: New Group 1 + state: present + +- name: delete-group + cp_mgmt_group: + name: New Group 1 + state: absent +""" + +RETURN = """ +cp_mgmt_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + members=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_facts.py new file mode 100644 index 00000000..baa5b276 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_facts.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_group_facts +short_description: Get group objects facts on Check Point over Web Services API +description: + - Get group objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + show_as_ranges: + description: + - When true, the group's matched content is displayed as ranges of IP addresses rather than network objects.<br />Objects that are not + represented using IP addresses are presented as objects.<br />The 'members' parameter is omitted from the response and instead the 'ranges' parameter + is displayed. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-group + cp_mgmt_group_facts: + name: Demo_Group + +- name: show-groups + cp_mgmt_group_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + show_as_ranges=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "group" + api_call_object_plural_version = "groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion.py new file mode 100644 index 00000000..8497cd60 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion.py @@ -0,0 +1,148 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_group_with_exclusion +short_description: Manages group-with-exclusion objects on Check Point over Web Services API +description: + - Manages group-with-exclusion objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + except: + description: + - Name or UID of an object which the group excludes. + type: str + include: + description: + - Name or UID of an object which the group includes. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-group-with-exclusion + cp_mgmt_group_with_exclusion: + except: New Group 2 + include: New Group 1 + name: Group with exclusion + state: present + +- name: set-group-with-exclusion + cp_mgmt_group_with_exclusion: + except: New Group 1 + include: New Group 2 + name: Group with exclusion + state: present + +- name: delete-group-with-exclusion + cp_mgmt_group_with_exclusion: + name: Group with exclusion + state: absent +""" + +RETURN = """ +cp_mgmt_group_with_exclusion: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + include=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec['except'] = dict(type='str') + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'group-with-exclusion' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion_facts.py new file mode 100644 index 00000000..d2443e1c --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion_facts.py @@ -0,0 +1,134 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_group_with_exclusion_facts +short_description: Get group-with-exclusion objects facts on Check Point over Web Services API +description: + - Get group-with-exclusion objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + show_as_ranges: + description: + - When true, the group with exclusion's matched content is displayed as ranges of IP addresses rather than network objects.<br />Objects that + are not represented using IP addresses are presented as objects.<br />The 'include' and 'except' parameters are omitted from the response and instead + the 'ranges' parameter is displayed. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-group-with-exclusion + cp_mgmt_group_with_exclusion_facts: + name: Group with exclusion + +- name: show-groups-with-exclusion + cp_mgmt_group_with_exclusion_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + show_as_ranges=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "group-with-exclusion" + api_call_object_plural_version = "groups-with-exclusion" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host.py new file mode 100644 index 00000000..5ec16c1f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host.py @@ -0,0 +1,338 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_host +short_description: Manages host objects on Check Point over Web Services API +description: + - Manages host objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + interfaces: + description: + - Host interfaces. + type: list + elements: dict + suboptions: + name: + description: + - Interface name. + type: str + subnet: + description: + - IPv4 or IPv6 network address. If both addresses are required use subnet4 and subnet6 fields explicitly. + type: str + subnet4: + description: + - IPv4 network address. + type: str + subnet6: + description: + - IPv6 network address. + type: str + mask_length: + description: + - IPv4 or IPv6 network mask length. If both masks are required use mask-length4 and mask-length6 fields explicitly. Instead of IPv4 mask + length it is possible to specify IPv4 mask itself in subnet-mask field. + type: int + mask_length4: + description: + - IPv4 network mask length. + type: int + mask_length6: + description: + - IPv6 network mask length. + type: int + subnet_mask: + description: + - IPv4 network mask. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', + 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', + 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + nat_settings: + description: + - NAT settings. + type: dict + suboptions: + auto_rule: + description: + - Whether to add automatic address translation rules. + type: bool + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not + required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway". + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + hide_behind: + description: + - Hide behind method. This parameter is not required in case "method" parameter is "static". + type: str + choices: ['gateway', 'ip-address'] + install_on: + description: + - Which gateway should apply the NAT translation. + type: str + method: + description: + - NAT translation method. + type: str + choices: ['hide', 'static'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + host_servers: + description: + - Servers Configuration. + type: dict + suboptions: + dns_server: + description: + - Gets True if this server is a DNS Server. + type: bool + mail_server: + description: + - Gets True if this server is a Mail Server. + type: bool + web_server: + description: + - Gets True if this server is a Web Server. + type: bool + web_server_config: + description: + - Web Server configuration. + type: dict + suboptions: + additional_ports: + description: + - Server additional ports. + type: list + elements: str + application_engines: + description: + - Application engines of this web server. + type: list + elements: str + listen_standard_port: + description: + - Whether server listens to standard port. + type: bool + operating_system: + description: + - Operating System. + type: str + choices: ['sparc linux', 'windows', 'other', 'x86 linux', 'sparc solaris'] + protected_by: + description: + - Network object which protects this server identified by the name or UID. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-host + cp_mgmt_host: + ip_address: 192.0.2.1 + name: New Host 1 + state: present + +- name: set-host + cp_mgmt_host: + color: green + ipv4_address: 192.0.2.2 + name: New Host 1 + state: present + +- name: delete-host + cp_mgmt_host: + name: New Host 1 + state: absent +""" + +RETURN = """ +cp_mgmt_host: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + interfaces=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + subnet=dict(type='str'), + subnet4=dict(type='str'), + subnet6=dict(type='str'), + mask_length=dict(type='int'), + mask_length4=dict(type='int'), + mask_length6=dict(type='int'), + subnet_mask=dict(type='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', + 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', + 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', + 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', + 'sienna', 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + nat_settings=dict(type='dict', options=dict( + auto_rule=dict(type='bool'), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + hide_behind=dict(type='str', choices=['gateway', 'ip-address']), + install_on=dict(type='str'), + method=dict(type='str', choices=['hide', 'static']) + )), + tags=dict(type='list', elements='str'), + host_servers=dict(type='dict', options=dict( + dns_server=dict(type='bool'), + mail_server=dict(type='bool'), + web_server=dict(type='bool'), + web_server_config=dict(type='dict', options=dict( + additional_ports=dict(type='list', elements='str'), + application_engines=dict(type='list', elements='str'), + listen_standard_port=dict(type='bool'), + operating_system=dict(type='str', choices=['sparc linux', 'windows', 'other', 'x86 linux', 'sparc solaris']), + protected_by=dict(type='str') + )) + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'host' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py new file mode 100644 index 00000000..597b817f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_host_facts +short_description: Get host objects facts on Check Point over Web Services API +description: + - Get host objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-host + cp_mgmt_host_facts: + name: New Host 1 + +- name: show-hosts + cp_mgmt_host_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "host" + api_call_object_plural_version = "hosts" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_section.py new file mode 100644 index 00000000..aba2a6a8 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_section.py @@ -0,0 +1,119 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_https_section +short_description: Manages https-section objects on Checkpoint over Web Services API +description: + - Manages https-section objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + layer: + description: + - Layer that holds the Object. Identified by the Name or UID. + type: str + position: + description: + - Position in the rulebase. + type: str + name: + description: + - Object name. + type: str + required: True + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-https-section + cp_mgmt_https_section: + layer: Default Layer + name: New Section 1 + position: 1 + state: present + +- name: set-https-section + cp_mgmt_https_section: + layer: Default Layer + name: New Section 1 + state: present + +- name: delete-https-section + cp_mgmt_https_section: + layer: Default Layer + name: New Section 2 + state: absent +""" + +RETURN = """ +cp_mgmt_https_section: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + layer=dict(type='str'), + position=dict(type='str'), + name=dict(type='str', required=True), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'https-section' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag.py new file mode 100644 index 00000000..782375d6 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag.py @@ -0,0 +1,135 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_identity_tag +short_description: Manages identity-tag objects on Checkpoint over Web Services API +description: + - Manages identity-tag objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + external_identifier: + description: + - External identifier. For example, Cisco ISE security group tag. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-identity-tag + cp_mgmt_identity_tag: + external_identifier: some external identifier + name: mytag + state: present + +- name: set-identity-tag + cp_mgmt_identity_tag: + external_identifier: Cisco ISE security group tag + name: mytag + state: present + +- name: delete-identity-tag + cp_mgmt_identity_tag: + name: myidentitytag + state: absent +""" + +RETURN = """ +cp_mgmt_identity_tag: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + external_identifier=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'identity-tag' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag_facts.py new file mode 100644 index 00000000..07618264 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag_facts.py @@ -0,0 +1,139 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_identity_tag_facts +short_description: Get identity-tag objects facts on Checkpoint over Web Services API +description: + - Get identity-tag objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-identity-tag + cp_mgmt_identity_tag_facts: + name: myidentitytag + +- name: show-identity-tags + cp_mgmt_identity_tag_facts: + details_level: full +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "identity-tag" + api_call_object_plural_version = "identity-tags" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group.py new file mode 100644 index 00000000..ec08c8f3 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group.py @@ -0,0 +1,160 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_idp_administrator_group +short_description: Manages idp-administrator-group objects on Checkpoint over Web Services API +description: + - Manages idp-administrator-group objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + group_id: + description: + - Group ID or Name should be set base on the source attribute of 'groups' in the Saml Assertion. + type: str + multi_domain_profile: + description: + - Administrator multi-domain profile. + type: str + permissions_profile: + description: + - Administrator permissions profile. Permissions profile should not be provided when multi-domain-profile is set to "Multi-Domain Super User" or + "Domain Super User". + type: list + elements: dict + suboptions: + domain: + description: + - N/A + type: str + profile: + description: + - Permission profile. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-idp-administrator-group + cp_mgmt_idp_administrator_group: + group_id: it-team + multi_domain_profile: domain super user + name: my super group + state: present + +- name: set-idp-administrator-group + cp_mgmt_idp_administrator_group: + group_id: global-domain-checkpoint + name: my global group + state: present + +- name: delete-idp-administrator-group + cp_mgmt_idp_administrator_group: + name: my super group + state: absent +""" + +RETURN = """ +cp_mgmt_idp_administrator_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + group_id=dict(type='str'), + multi_domain_profile=dict(type='str'), + permissions_profile=dict(type='list', elements='dict', options=dict( + domain=dict(type='str'), + profile=dict(type='str') + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'idp-administrator-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group_facts.py new file mode 100644 index 00000000..bbe358d7 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_idp_administrator_group_facts +short_description: Get idp-administrator-group objects facts on Checkpoint over Web Services API +description: + - Get idp-administrator-group objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-idp-administrator-group + cp_mgmt_idp_administrator_group_facts: + name: my global group + +- name: show-idp-administrator-groups + cp_mgmt_idp_administrator_group_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "idp-administrator-group" + api_call_object_plural_version = "idp-administrator-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_to_domain_assignment_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_to_domain_assignment_facts.py new file mode 100644 index 00000000..41f30a52 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_to_domain_assignment_facts.py @@ -0,0 +1,124 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_idp_to_domain_assignment_facts +short_description: Get idp-to-domain-assignment objects facts on Checkpoint over Web Services API +description: + - Get idp-to-domain-assignment objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + assigned_domain: + description: + - Represents the Domain assigned by 'idp-to-domain-assignment', need to be domain name or UID. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-idp-to-domain-assignment + cp_mgmt_idp_to_domain_assignment_facts: + assigned_domain: SMS + +- name: show-idp-to-domain-assignments + cp_mgmt_idp_to_domain_assignment_facts: + details_level: full +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + assigned_domain=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "idp-to-domain-assignment" + api_call_object_plural_version = "idp-to-domain-assignments" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_database.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_database.py new file mode 100644 index 00000000..aba14911 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_database.py @@ -0,0 +1,80 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_install_database +short_description: Copies the user database and network objects information to specified targets. +description: + - Copies the user database and network objects information to specified targets. + - All operations are performed over Web Services API. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + targets: + description: + - Check Point host(s) with one or more Management Software Blades enabled. The targets can be identified by their name or unique identifier. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: install-database + cp_mgmt_install_database: + targets: + - checkpointhost1 + - checkpointhost2 +""" + +RETURN = """ +cp_mgmt_install_database: + description: The checkpoint install-database output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + targets=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "install-database" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_policy.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_policy.py new file mode 100644 index 00000000..60cc030d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_policy.py @@ -0,0 +1,80 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_install_lsm_policy +short_description: Executes the lsm-install-policy on a given list of targets. Install the LSM policy that defined on the attached LSM profile on the targets + devices. +description: + - Executes the lsm-install-policy on a given list of targets. Install the LSM policy that defined on the attached LSM profile on the targets devices. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: install-lsm-policy + cp_mgmt_install_lsm_policy: + targets: + - lsm_gateway +""" + +RETURN = """ +cp_mgmt_install_lsm_policy: + description: The checkpoint install-lsm-policy output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + targets=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "install-lsm-policy" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_settings.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_settings.py new file mode 100644 index 00000000..53fba12d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_settings.py @@ -0,0 +1,80 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_install_lsm_settings +short_description: Executes the lsm-install-settings on a given list of targets. Install the provisioning settings that defined on the object on the targets + devices. +description: + - Executes the lsm-install-settings on a given list of targets. Install the provisioning settings that defined on the object on the targets devices. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: install-lsm-settings + cp_mgmt_install_lsm_settings: + targets: + - lsm_gateway +""" + +RETURN = """ +cp_mgmt_install_lsm_settings: + description: The checkpoint install-lsm-settings output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + targets=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "install-lsm-settings" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py new file mode 100644 index 00000000..4a14111d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_install_policy +short_description: install policy on Check Point over Web Services API +description: + - install policy on Check Point over Web Services API + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + policy_package: + description: + - The name of the Policy Package to be installed. + type: str + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str + access: + description: + - Set to be true in order to install the Access Control policy. By default, the value is true if Access Control policy is enabled on the input + policy package, otherwise false. + type: bool + desktop_security: + description: + - Set to be true in order to install the Desktop Security policy. By default, the value is true if desktop security policy is enabled on the + input policy package, otherwise false. + type: bool + qos: + description: + - Set to be true in order to install the QoS policy. By default, the value is true if Quality-of-Service policy is enabled on the input policy + package, otherwise false. + type: bool + threat_prevention: + description: + - Set to be true in order to install the Threat Prevention policy. By default, the value is true if Threat Prevention policy is enabled on the + input policy package, otherwise false. + type: bool + install_on_all_cluster_members_or_fail: + description: + - Relevant for the gateway clusters. If true, the policy is installed on all the cluster members. If the installation on a cluster member fails, + don't install on that cluster. + type: bool + prepare_only: + description: + - If true, prepares the policy for the installation, but doesn't install it on an installation target. + type: bool + revision: + description: + - The UID of the revision of the policy to install. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: install-policy + cp_mgmt_install_policy: + access: true + policy_package: standard + targets: + - corporate-gateway + threat_prevention: true +""" + +RETURN = """ +cp_mgmt_install_policy: + description: The checkpoint install-policy output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + policy_package=dict(type='str'), + targets=dict(type='list', elements='str'), + access=dict(type='bool'), + desktop_security=dict(type='bool'), + qos=dict(type='bool'), + threat_prevention=dict(type='bool'), + install_on_all_cluster_members_or_fail=dict(type='bool'), + prepare_only=dict(type='bool'), + revision=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "install-policy" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_software_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_software_package.py new file mode 100644 index 00000000..3a967e6c --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_software_package.py @@ -0,0 +1,121 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_install_software_package +short_description: Installs the software package on target machines. +description: + - Installs the software package on target machines. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the software package. + type: str + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str + cluster_installation_settings: + description: + - Installation settings for cluster. + type: dict + suboptions: + cluster_delay: + description: + - The delay between end of installation on one cluster members and start of installation on the next cluster member. + type: int + cluster_strategy: + description: + - The cluster installation strategy. + type: str + concurrency_limit: + description: + - The number of targets, on which the same package is installed at the same time. + type: int + method: + description: + - NOTE, Supported from Check Point version R81 + - How we want to use the package. + type: str + choices: ['install', 'upgrade'] + package_location: + description: + - NOTE, Supported from Check Point version R81 + - The package repository. + type: str + choices: ['automatic', 'target-machine', 'central'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: install-software-package + cp_mgmt_install_software_package: + name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz + package_location: automatic + targets.1: corporate-gateway +""" + +RETURN = """ +cp_mgmt_install_software_package: + description: The checkpoint install-software-package output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + targets=dict(type='list', elements='str'), + cluster_installation_settings=dict(type='dict', options=dict( + cluster_delay=dict(type='int'), + cluster_strategy=dict(type='str') + )), + concurrency_limit=dict(type='int'), + method=dict(type='str', choices=['install', 'upgrade']), + package_location=dict(type='str', choices=['automatic', 'target-machine', 'central']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "install-software-package" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device.py new file mode 100644 index 00000000..9416e810 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device.py @@ -0,0 +1,319 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_interoperable_device +short_description: Manages interoperable-device objects on Checkpoint over Web Services API +description: + - Manages interoperable-device objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. + type: str + ipv4_address: + description: + - IPv4 address of the Interoperable Device. + type: str + ipv6_address: + description: + - IPv6 address of the Interoperable Device. + type: str + interfaces: + description: + - Network interfaces. + type: list + elements: dict + suboptions: + name: + description: + - Object name. Must be unique in the domain. + type: str + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + network_mask: + description: + - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of + providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use + ipv4-mask-length and ipv6-mask-length fields explicitly. + type: str + ipv4_network_mask: + description: + - IPv4 network address. + type: str + ipv6_network_mask: + description: + - IPv6 network address. + type: str + mask_length: + description: + - IPv4 or IPv6 network mask length. + type: str + ipv4_mask_length: + description: + - IPv4 network mask length. + type: str + ipv6_mask_length: + description: + - IPv6 network mask length. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + topology: + description: + - Topology configuration. + type: str + choices: ['external', 'internal'] + topology_settings: + description: + - Internal topology settings. + type: dict + suboptions: + interface_leads_to_dmz: + description: + - Whether this interface leads to demilitarized zone (perimeter network). + type: bool + ip_address_behind_this_interface: + description: + - Network settings behind this interface. + type: str + choices: ['not defined', 'network defined by the interface ip and net mask', 'network defined by routing', 'specific'] + specific_network: + description: + - Network behind this interface. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', + 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', + 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain + only and with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + vpn_settings: + description: + - VPN domain properties for the Interoperable Device. + type: dict + suboptions: + vpn_domain: + description: + - Network group representing the customized encryption domain. Must be set when vpn-domain-type is set to 'manual' option. + type: str + vpn_domain_exclude_external_ip_addresses: + description: + - Exclude the external IP addresses from the VPN domain of this Interoperable device. + type: bool + vpn_domain_type: + description: + - Indicates the encryption domain. + type: str + choices: ['manual', 'addresses_behind_gw'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-interoperable-device + cp_mgmt_interoperable_device: + ip_address: 192.168.1.6 + name: NewInteroperableDevice + state: present + +- name: set-interoperable-device + cp_mgmt_interoperable_device: + ip_address: 192.168.1.6 + name: NewInteroperableDevice + state: present + +- name: delete-interoperable-device + cp_mgmt_interoperable_device: + name: NewInteroperableDevice + state: absent +""" + +RETURN = """ +cp_mgmt_interoperable_device: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + interfaces=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + network_mask=dict(type='str'), + ipv4_network_mask=dict(type='str'), + ipv6_network_mask=dict(type='str'), + mask_length=dict(type='str'), + ipv4_mask_length=dict(type='str'), + ipv6_mask_length=dict(type='str'), + tags=dict(type='list', elements='str'), + topology=dict(type='str', choices=['external', 'internal']), + topology_settings=dict(type='dict', options=dict( + interface_leads_to_dmz=dict(type='bool'), + ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask', + 'network defined by routing', 'specific']), + specific_network=dict(type='str') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', + 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', + 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', + 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', + 'sienna', 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + vpn_settings=dict(type='dict', options=dict( + vpn_domain=dict(type='str'), + vpn_domain_exclude_external_ip_addresses=dict(type='bool'), + vpn_domain_type=dict(type='str', choices=['manual', 'addresses_behind_gw']) + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + groups=dict(type='list', elements='str'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'interoperable-device' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device_facts.py new file mode 100644 index 00000000..bbc70da9 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_interoperable_device_facts +short_description: Get interoperable-device objects facts on Checkpoint over Web Services API +description: + - Get interoperable-device objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-interoperable-device + cp_mgmt_interoperable_device_facts: + name: NewInteroperableDevice + +- name: show-interoperable-devices + cp_mgmt_interoperable_device_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "interoperable-device" + api_call_object_plural_version = "interoperable-devices" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster.py new file mode 100644 index 00000000..422d3142 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster.py @@ -0,0 +1,286 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_lsm_cluster +short_description: Manages lsm-cluster objects on Checkpoint over Web Services API +description: + - Manages lsm-cluster objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.3.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + main_ip_address: + description: + - Main IP address. + type: str + name_prefix: + description: + - A prefix added to the profile name and creates the LSM cluster name. + type: str + name_suffix: + description: + - A suffix added to the profile name and creates the LSM cluster name. + type: str + security_profile: + description: + - LSM profile. + type: str + required: True + interfaces: + description: + - Interfaces. + type: list + elements: dict + suboptions: + name: + description: + - Interface name. + type: str + ip_address_override: + description: + - IP address override. Net mask is defined by the attached LSM profile. + type: str + member_network_override: + description: + - Member network override. Net mask is defined by the attached LSM profile. + type: str + members: + description: + - Members. + type: list + elements: dict + suboptions: + name: + description: + - Object name. + type: str + provisioning_settings: + description: + - Provisioning settings. This field is relevant just for SMB clusters. + type: dict + suboptions: + provisioning_profile: + description: + - Provisioning profile. + type: str + provisioning_state: + description: + - Provisioning state. This field is relevant just for SMB clusters. By default the state is 'manual'- enable provisioning but not attach + to profile.If 'using-profile' state is provided a provisioning profile must be provided in provisioning-settings. + type: str + choices: ['off', 'manual', 'using-profile'] + sic: + description: + - Secure Internal Communication. + type: dict + suboptions: + ip_address: + description: + - IP address. When IP address is provided- initiate trusted communication immediately using this IP address. + type: str + one_time_password: + description: + - One-time password. When one-time password is provided without ip-address- trusted communication is + automatically initiated when the gateway connects to the Security Management server for the first time. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', + 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', + 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-lsm-cluster + cp_mgmt_lsm_cluster: + interfaces: + - ip_address_override: 192.168.8.197 + member_network_override: 192.168.8.0 + name: eth0 + new_name: WAN + - ip_address_override: 10.8.197.1 + member_network_override: 10.8.197.0 + name: eth1 + new_name: LAN1 + - member_network_override: 10.10.10.0 + name: eth2 + main_ip_address: 192.168.8.197 + members: + - name: Gaia_gw1 + sic: + ip_address: 192.168.8.200 + one_time_password: aaaa + - name: Gaia_gw2 + sic: + ip_address: 192.168.8.202 + one_time_password: aaaa + name_prefix: Gaia_ + security_profile: gaia_cluster + state: present + +- name: set-lsm-cluster + cp_mgmt_lsm_cluster: + interfaces: + - ip_address_override: 192.168.8.197 + member_network_override: 192.168.8.0 + name: eth0 + new_name: WAN + - ip_address_override: 10.8.197.1 + member_network_override: 10.8.197.0 + name: eth1 + new_name: LAN1 + - member_network_override: 10.10.10.0 + name: eth2 + members: + - name: Gaia_gw1 + sic: + ip_address: 192.168.8.200 + one_time_password: aaaa + - name: Gaia_gw2 + sic: + ip_address: 192.168.8.202 + one_time_password: aaaa + name: Gaia_gaia_cluster + state: present + +- name: delete-lsm-cluster + cp_mgmt_lsm_cluster: + name: lsm_cluster + state: absent +""" + +RETURN = """ +cp_mgmt_lsm_cluster: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + main_ip_address=dict(type='str'), + name_prefix=dict(type='str'), + name_suffix=dict(type='str'), + security_profile=dict(type='str', required=True), + interfaces=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + ip_address_override=dict(type='str'), + member_network_override=dict(type='str') + )), + members=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + provisioning_settings=dict(type='dict', options=dict( + provisioning_profile=dict(type='str') + )), + provisioning_state=dict(type='str', choices=['off', 'manual', 'using-profile']), + sic=dict(type='dict', options=dict( + ip_address=dict(type='str'), + one_time_password=dict(type='str', no_log=True) + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', + 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', + 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', + 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', + 'sienna', 'yellow']), + comments=dict(type='str') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + # Create lsm-cluster name + name = module.params['security_profile'] + + if module.params['name_prefix']: + name = module.params['name_prefix'] + name + if module.params['name_suffix']: + name = name + module.params['name_suffix'] + module.params['name'] = name + + api_call_object = 'lsm-cluster' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_facts.py new file mode 100644 index 00000000..1c7fbec4 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_facts.py @@ -0,0 +1,146 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_lsm_cluster_facts +short_description: Get lsm-cluster objects facts on Checkpoint over Web Services API +description: + - Get lsm-cluster objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.3.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-lsm-cluster + cp_mgmt_lsm_cluster_facts: + name: lsm_cluster + +- name: show-lsm-clusters + cp_mgmt_lsm_cluster_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "lsm-cluster" + api_call_object_plural_version = "lsm-clusters" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_profile_facts.py new file mode 100644 index 00000000..384c5b21 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_profile_facts.py @@ -0,0 +1,146 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_lsm_cluster_profile_facts +short_description: Get lsm-cluster-profile objects facts on Checkpoint over Web Services API +description: + - Get lsm-cluster-profile objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-lsm-cluster-profile + cp_mgmt_lsm_cluster_profile_facts: + name: cluster_profile + +- name: show-lsm-cluster-profiles + cp_mgmt_lsm_cluster_profile_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "lsm-cluster-profile" + api_call_object_plural_version = "lsm-cluster-profiles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway.py new file mode 100644 index 00000000..21fc7ce5 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway.py @@ -0,0 +1,178 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_lsm_gateway +short_description: Manages lsm-gateway objects on Checkpoint over Web Services API +description: + - Manages lsm-gateway objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.3.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - Object name. + type: str + required: True + security_profile: + description: + - LSM profile. + type: str + provisioning_settings: + description: + - Provisioning settings. + type: dict + suboptions: + provisioning_profile: + description: + - Provisioning profile. + type: str + provisioning_state: + description: + - Provisioning state. By default the state is 'manual'- enable provisioning but not attach to profile. + - If 'using-profile' state is provided a provisioning profile must be provided in provisioning-settings. + type: str + choices: ['off', 'manual', 'using-profile'] + sic: + description: + - Secure Internal Communication. + type: dict + suboptions: + ip_address: + description: + - IP address. When IP address is provided- initiate trusted communication immediately using this IP address. + type: str + one_time_password: + description: + - One-time password. When one-time password is provided without ip-address- trusted communication is automatically initiated when the + gateway connects to the Security Management server for the first time. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-lsm-gateway + cp_mgmt_lsm_gateway: + name: lsm_gateway + provisioning_settings: + provisioning_profile: prv_profile + provisioning_state: using-profile + security_profile: lsm_profile + sic: + ip_address: 1.2.3.4 + one_time_password: aaaa + state: present + +- name: set-lsm-gateway + cp_mgmt_lsm_gateway: + name: lsm_gateway + provisioning_settings: + provisioning_profile: prv_profile + provisioning_state: using-profile + security_profile: lsm_profile + sic: + ip_address: 1.2.3.4 + one_time_password: aaaa + state: present + +- name: delete-lsm-gateway + cp_mgmt_lsm_gateway: + name: lsm_gateway + state: absent +""" + +RETURN = """ +cp_mgmt_lsm_gateway: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + security_profile=dict(type='str'), + provisioning_settings=dict(type='dict', options=dict( + provisioning_profile=dict(type='str') + )), + provisioning_state=dict(type='str', choices=['off', 'manual', 'using-profile']), + sic=dict(type='dict', options=dict( + ip_address=dict(type='str'), + one_time_password=dict(type='str', no_log=True) + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'lsm-gateway' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_facts.py new file mode 100644 index 00000000..b13444e9 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_facts.py @@ -0,0 +1,146 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_lsm_gateway_facts +short_description: Get lsm-gateway objects facts on Checkpoint over Web Services API +description: + - Get lsm-gateway objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.3.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-lsm-gateway + cp_mgmt_lsm_gateway_facts: + name: lsm_gateway + +- name: show-lsm-gateways + cp_mgmt_lsm_gateway_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "lsm-gateway" + api_call_object_plural_version = "lsm-gateways" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_profile_facts.py new file mode 100644 index 00000000..6778f237 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_profile_facts.py @@ -0,0 +1,146 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_lsm_gateway_profile_facts +short_description: Get lsm-gateway-profile objects facts on Checkpoint over Web Services API +description: + - Get lsm-gateway-profile objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-lsm-gateway-profile + cp_mgmt_lsm_gateway_profile_facts: + name: gateway_profile + +- name: show-lsm-gateway-profiles + cp_mgmt_lsm_gateway_profile_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "lsm-gateway-profile" + api_call_object_plural_version = "lsm-gateway-profiles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_run_script.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_run_script.py new file mode 100644 index 00000000..d3828262 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_run_script.py @@ -0,0 +1,90 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_lsm_run_script +short_description: Executes the lsm-run-script on a given list of targets. Run the given script on the targets devices. +description: + - Executes the lsm-run-script on a given list of targets. Run the given script on the targets devices. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + script_base64: + description: + - The entire content of the script encoded in Base64. + type: str + script: + description: + - The entire content of the script. + type: str + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: lsm-run-script + cp_mgmt_lsm_run_script: + script: ls -l / + targets: + - lsm_gateway +""" + +RETURN = """ +cp_mgmt_lsm_run_script: + description: The checkpoint lsm-run-script output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + script_base64=dict(type='str'), + script=dict(type='str'), + targets=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "lsm-run-script" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile.py new file mode 100644 index 00000000..01f52aaf --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile.py @@ -0,0 +1,210 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_md_permissions_profile +short_description: Manages md-permissions-profile objects on Checkpoint over Web Services API +description: + - Manages md-permissions-profile objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + permission_level: + description: + - The level of the Multi Domain Permissions Profile.<br>The level cannot be changed after creation. + type: str + choices: ['super user', 'manager', 'domain level only'] + mds_provisioning: + description: + - Create and manage Multi-Domain Servers and Multi-Domain Log Servers.<br>Only a "Super User" permission-level profile can select this option. + type: bool + manage_admins: + description: + - Create and manage Multi-Domain Security Management administrators with the same or lower permission level. For example, a Domain manager + cannot create Superusers or global managers.<br>Only a 'Manager' permission-level profile can edit this permission. + type: bool + manage_sessions: + description: + - Connect/disconnect Domain sessions, publish changes, and delete other administrator sessions.<br>Only a 'Manager' permission-level profile can + edit this permission. + type: bool + management_api_login: + description: + - Permission to log in to the Security Management Server and run API commands using these tools, mgmt_cli (Linux and Windows binaries), Gaia CLI + (clish) and Web Services (REST). Useful if you want to prevent administrators from running automatic scripts on the Management.<br>Note, This + permission is not required to run commands from within the API terminal in SmartConsole. + type: bool + cme_operations: + description: + - Permission to read / edit the Cloud Management Extension (CME) configuration. + type: str + choices: ['read', 'write', 'disabled'] + global_vpn_management: + description: + - Lets the administrator select Enable global use for a Security Gateway shown in the MDS Gateways & Servers view.<br>Only a 'Manager' + permission-level profile can edit this permission. + type: bool + manage_global_assignments: + description: + - Controls the ability to create, edit and delete global assignment and not the ability to reassign, which is set according to the specific + Domain's permission profile. + type: bool + enable_default_profile_for_global_domains: + description: + - Enable the option to specify a default profile for all global domains. + type: bool + default_profile_global_domains: + description: + - Name or UID of the required default profile for all global domains. + type: str + view_global_objects_in_domain: + description: + - Lets an administrator with no global objects permissions view the global objects in the domain. This option is required for valid domain management. + type: bool + enable_default_profile_for_local_domains: + description: + - Enable the option to specify a default profile for all local domains. + type: bool + default_profile_local_domains: + description: + - Name or UID of the required default profile for all local domains. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-md-permissions-profile + cp_mgmt_md_permissions_profile: + name: manager profile + state: present + +- name: set-md-permissions-profile + cp_mgmt_md_permissions_profile: + default_profile_global_domains: read write all + name: manager profile + permission_level: domain level only + state: present + +- name: delete-md-permissions-profile + cp_mgmt_md_permissions_profile: + name: profile + state: absent +""" + +RETURN = """ +cp_mgmt_md_permissions_profile: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + permission_level=dict(type='str', choices=['super user', 'manager', 'domain level only']), + mds_provisioning=dict(type='bool'), + manage_admins=dict(type='bool'), + manage_sessions=dict(type='bool'), + management_api_login=dict(type='bool'), + cme_operations=dict(type='str', choices=['read', 'write', 'disabled']), + global_vpn_management=dict(type='bool'), + manage_global_assignments=dict(type='bool'), + enable_default_profile_for_global_domains=dict(type='bool'), + default_profile_global_domains=dict(type='str'), + view_global_objects_in_domain=dict(type='bool'), + enable_default_profile_for_local_domains=dict(type='bool'), + default_profile_local_domains=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'md-permissions-profile' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile_facts.py new file mode 100644 index 00000000..285752fd --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile_facts.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_md_permissions_profile_facts +short_description: Get md-permissions-profile objects facts on Checkpoint over Web Services API +description: + - Get md-permissions-profile objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-md-permissions-profile + cp_mgmt_md_permissions_profile_facts: + name: profile + +- name: show-md-permissions-profiles + cp_mgmt_md_permissions_profile_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "md-permissions-profile" + api_call_object_plural_version = "md-permissions-profiles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds.py new file mode 100644 index 00000000..726164ba --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds.py @@ -0,0 +1,208 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_mds +short_description: Manages mds objects on Checkpoint over Web Services API +description: + - Manages mds objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + hardware: + description: + - Hardware name. For example, Open server, Smart-1, Other. + type: str + os: + description: + - Operating system name. For example, Gaia, Linux, SecurePlatform. + type: str + version: + description: + - System version. + type: str + one_time_password: + description: + - Secure internal connection one time password. + type: str + server_type: + description: + - Type of the management server. + type: str + choices: ['multi-domain server', 'multi-domain log server'] + ip_pool_first: + description: + - First IP address in the range. + type: str + ipv4_pool_first: + description: + - First IPv4 address in the range. + type: str + ipv6_pool_first: + description: + - First IPv6 address in the range. + type: str + ip_pool_last: + description: + - Last IP address in the range. + type: str + ipv4_pool_last: + description: + - Last IPv4 address in the range. + type: str + ipv6_pool_last: + description: + - Last IPv6 address in the range. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-mds + cp_mgmt_mds: + hardware: open server + ip_address: 1.1.1.1 + ip_pool_first: 2.2.2.2 + ip_pool_last: 3.3.3.3 + name: mymds + os: gaia + server_type: multi-domain server + state: present + +- name: set-mds + cp_mgmt_mds: + hardware: Smart-1 + ip_address: 1.2.3.4 + name: mymds + os: linux + state: present + +- name: delete-mds + cp_mgmt_mds: + name: mymds + state: absent +""" + +RETURN = """ +cp_mgmt_mds: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + hardware=dict(type='str'), + os=dict(type='str'), + version=dict(type='str'), + one_time_password=dict(type='str', no_log=True), + server_type=dict(type='str', choices=['multi-domain server', 'multi-domain log server']), + ip_pool_first=dict(type='str'), + ipv4_pool_first=dict(type='str'), + ipv6_pool_first=dict(type='str'), + ip_pool_last=dict(type='str'), + ipv4_pool_last=dict(type='str'), + ipv6_pool_last=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'mds' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds_facts.py new file mode 100644 index 00000000..46bca5be --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds_facts.py @@ -0,0 +1,124 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_mds_facts +short_description: Get Multi-Domain Server (mds) objects facts on Check Point over Web Services API +description: + - Get mds objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-mds + cp_mgmt_mds_facts: + name: test_mds1 + +- name: show-mdss + cp_mgmt_mds_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "mds" + api_call_object_plural_version = "mdss" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range.py new file mode 100644 index 00000000..04cc7a72 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range.py @@ -0,0 +1,183 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_multicast_address_range +short_description: Manages multicast-address-range objects on Check Point over Web Services API +description: + - Manages multicast-address-range objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + ip_address_first: + description: + - First IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead. + type: str + ipv4_address_first: + description: + - First IPv4 address in the range. + type: str + ipv6_address_first: + description: + - First IPv6 address in the range. + type: str + ip_address_last: + description: + - Last IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead. + type: str + ipv4_address_last: + description: + - Last IPv4 address in the range. + type: str + ipv6_address_last: + description: + - Last IPv6 address in the range. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-multicast-address-range + cp_mgmt_multicast_address_range: + ip_address_first: 224.0.0.1 + ip_address_last: 224.0.0.4 + name: New Multicast Address Range + state: present + +- name: set-multicast-address-range + cp_mgmt_multicast_address_range: + ip_address_first: 224.0.0.7 + ip_address_last: 224.0.0.10 + name: New Multicast Address Range + state: present + +- name: delete-multicast-address-range + cp_mgmt_multicast_address_range: + name: New Multicast Address Range + state: absent +""" + +RETURN = """ +cp_mgmt_multicast_address_range: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + ip_address_first=dict(type='str'), + ipv4_address_first=dict(type='str'), + ipv6_address_first=dict(type='str'), + ip_address_last=dict(type='str'), + ipv4_address_last=dict(type='str'), + ipv6_address_last=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'multicast-address-range' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range_facts.py new file mode 100644 index 00000000..c32390e6 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range_facts.py @@ -0,0 +1,130 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_multicast_address_range_facts +short_description: Get multicast-address-range objects facts on Check Point over Web Services API +description: + - Get multicast-address-range objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-multicast-address-range + cp_mgmt_multicast_address_range_facts: + name: New Multicast Address Range + +- name: show-multicast-address-ranges + cp_mgmt_multicast_address_range_facts: + details_level: full +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "multicast-address-range" + api_call_object_plural_version = "multicast-address-ranges" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule_facts.py new file mode 100644 index 00000000..c1c4465b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule_facts.py @@ -0,0 +1,203 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_nat_rule_facts +short_description: Get nat-rule objects facts on Checkpoint over Web Services API +description: + - Get nat-rule objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + rule_number: + description: + - Rule number. + type: str + package: + description: + - Name of the package. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical + operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies. + type: str + filter_settings: + description: + - Sets filter preferences. + type: dict + suboptions: + search_mode: + description: + - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any' + object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell + or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior. + type: str + choices: ['general', 'packet'] + packet_search_settings: + description: + - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences. + type: dict + suboptions: + expand_group_members: + description: + - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at + least one member of the group. + type: bool + expand_group_with_exclusion_members: + description: + - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that + match at least one member of the "include" part and is not a member of the "except" part. + type: bool + match_on_any: + description: + - Whether to match on 'Any' object. + type: bool + match_on_group_with_exclusion: + description: + - Whether to match on a group-with-exclusion. + type: bool + match_on_negate: + description: + - Whether to match on a negated cell. + type: bool + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + use_object_dictionary: + description: + - N/A + type: bool + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-nat-rule + cp_mgmt_nat_rule_facts: + package: standard + +- name: show-nat-rulebase + cp_mgmt_nat_rule_facts: + details_level: standard + limit: 2 + offset: 1 + package: standard + use_object_dictionary: true +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule + + +def main(): + argument_spec = dict( + rule_number=dict(type='str'), + package=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + filter_settings=dict(type='dict', options=dict( + search_mode=dict(type='str', choices=['general', 'packet']), + packet_search_settings=dict(type='dict', options=dict( + expand_group_members=dict(type='bool'), + expand_group_with_exclusion_members=dict(type='bool'), + match_on_any=dict(type='bool'), + match_on_group_with_exclusion=dict(type='bool'), + match_on_negate=dict(type='bool') + )) + )), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + use_object_dictionary=dict(type='bool'), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "nat-rule" + api_call_object_plural_version = "nat-rulebase" + + result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_section.py new file mode 100644 index 00000000..d81d2609 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_section.py @@ -0,0 +1,119 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_nat_section +short_description: Manages nat-section objects on Checkpoint over Web Services API +description: + - Manages nat-section objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + package: + description: + - Name of the package. + type: str + position: + description: + - Position in the rulebase. + type: str + name: + description: + - Object name. + type: str + required: True + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-nat-section + cp_mgmt_nat_section: + name: New Section 1 + package: standard + position: 1 + state: present + +- name: set-nat-section + cp_mgmt_nat_section: + name: New Section 1 + package: standard + state: present + +- name: delete-nat-section + cp_mgmt_nat_section: + name: New Section 1 + package: standard + state: absent +""" + +RETURN = """ +cp_mgmt_nat_section: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + package=dict(type='str'), + position=dict(type='str'), + name=dict(type='str', required=True), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'nat-section' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py new file mode 100644 index 00000000..1fc5e048 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py @@ -0,0 +1,227 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_network +short_description: Manages network objects on Check Point over Web Services API +description: + - Manages network objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + subnet: + description: + - IPv4 or IPv6 network address. If both addresses are required use subnet4 and subnet6 fields explicitly. + type: str + subnet4: + description: + - IPv4 network address. + type: str + subnet6: + description: + - IPv6 network address. + type: str + mask_length: + description: + - IPv4 or IPv6 network mask length. If both masks are required use mask-length4 and mask-length6 fields explicitly. Instead of IPv4 mask length + it is possible to specify IPv4 mask itself in subnet-mask field. + type: int + mask_length4: + description: + - IPv4 network mask length. + type: int + mask_length6: + description: + - IPv6 network mask length. + type: int + subnet_mask: + description: + - IPv4 network mask. + type: str + nat_settings: + description: + - NAT settings. + type: dict + suboptions: + auto_rule: + description: + - Whether to add automatic address translation rules. + type: bool + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not + required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway". + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + hide_behind: + description: + - Hide behind method. This parameter is not required in case "method" parameter is "static". + type: str + choices: ['gateway', 'ip-address'] + install_on: + description: + - Which gateway should apply the NAT translation. + type: str + method: + description: + - NAT translation method. + type: str + choices: ['hide', 'static'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + broadcast: + description: + - Allow broadcast address inclusion. + type: str + choices: ['disallow', 'allow'] + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-network + cp_mgmt_network: + name: New Network 1 + state: present + subnet: 192.0.2.0 + subnet_mask: 255.255.255.0 + +- name: set-network + cp_mgmt_network: + color: green + mask_length: 16 + name: New Network 1 + new_name: New Network 2 + state: present + subnet: 192.0.0.0 + +- name: delete-network + cp_mgmt_network: + name: New Network 2 + state: absent +""" + +RETURN = """ +cp_mgmt_network: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + subnet=dict(type='str'), + subnet4=dict(type='str'), + subnet6=dict(type='str'), + mask_length=dict(type='int'), + mask_length4=dict(type='int'), + mask_length6=dict(type='int'), + subnet_mask=dict(type='str'), + nat_settings=dict(type='dict', options=dict( + auto_rule=dict(type='bool'), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + hide_behind=dict(type='str', choices=['gateway', 'ip-address']), + install_on=dict(type='str'), + method=dict(type='str', choices=['hide', 'static']) + )), + tags=dict(type='list', elements='str'), + broadcast=dict(type='str', choices=['disallow', 'allow']), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'network' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_facts.py new file mode 100644 index 00000000..9cb2382c --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_network_facts +short_description: Get network objects facts on Check Point over Web Services API +description: + - Get network objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-network + cp_mgmt_network_facts: + name: New Network 1 + +- name: show-networks + cp_mgmt_network_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "network" + api_call_object_plural_version = "networks" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed.py new file mode 100644 index 00000000..f00e2177 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed.py @@ -0,0 +1,243 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_network_feed +short_description: Manages network-feed objects on Checkpoint over Web Services API +description: + - Manages network-feed objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + feed_url: + description: + - URL of the feed. URL should be written as http or https. + type: str + certificate_id: + description: + - Certificate SHA-1 fingerprint to access the feed. + type: str + feed_format: + description: + - Feed file format. + type: str + choices: ['Flat List', 'JSON'] + feed_type: + description: + - Feed type to be enforced. + type: str + choices: ['Domain', 'IP Address', 'IP Address/Domain'] + password: + description: + - password for authenticating with the URL. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + username: + description: + - username for authenticating with the URL. + type: str + custom_header: + description: + - Headers to allow different authentication methods with the URL. + type: list + elements: dict + suboptions: + header_name: + description: + - The name of the HTTP header we wish to add. + type: str + header_value: + description: + - The name of the HTTP value we wish to add. + type: str + update_interval: + description: + - Interval in minutes for updating the feed on the Security Gateway. + type: int + data_column: + description: + - Number of the column that contains the feed's data. + type: int + fields_delimiter: + description: + - The delimiter that separates between the columns in the feed. + type: str + ignore_lines_that_start_with: + description: + - A prefix that will determine which lines to ignore. + type: str + json_query: + description: + - JQ query to be parsed. + type: str + use_gateway_proxy: + description: + - Use the gateway's proxy for retrieving the feed. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-network-feed + cp_mgmt_network_feed: + custom_header: + - header_name: header1 + header_value: value1 + - header_name: header2 + header_value: value2 + data_column: 1 + feed_format: Flat List + feed_type: IP Address + feed_url: https://www.feedsresource.com/resource + fields_delimiter: "\t" + ignore_lines_that_start_with: '!' + name: network_feed + password: feed_password + state: present + update_interval: 60 + use_gateway_proxy: false + username: feed_username + +- name: set-network-feed + cp_mgmt_network_feed: + custom_header: + - header_name: new_header + header_value: new_value + data_column: 1 + feed_format: Flat List + feed_type: IP Address + feed_url: https://www.feedsresource.com/new_resource + fields_delimiter: ',' + ignore_lines_that_start_with: '!' + name: network_feed + password: new_password + state: present + update_interval: 60 + use_gateway_proxy: false + username: new_username + +- name: delete-network-feed + cp_mgmt_network_feed: + name: network_feed + state: absent +""" + +RETURN = """ +cp_mgmt_network_feed: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + feed_url=dict(type='str'), + certificate_id=dict(type='str'), + feed_format=dict(type='str', choices=['Flat List', 'JSON']), + feed_type=dict(type='str', choices=['Domain', 'IP Address', 'IP Address/Domain']), + password=dict(type='str', no_log=True), + tags=dict(type='list', elements='str'), + username=dict(type='str'), + custom_header=dict(type='list', elements='dict', options=dict( + header_name=dict(type='str'), + header_value=dict(type='str') + )), + update_interval=dict(type='int'), + data_column=dict(type='int'), + fields_delimiter=dict(type='str'), + ignore_lines_that_start_with=dict(type='str'), + json_query=dict(type='str'), + use_gateway_proxy=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'network-feed' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed_facts.py new file mode 100644 index 00000000..e2aa53fb --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed_facts.py @@ -0,0 +1,143 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_network_feed_facts +short_description: Get network-feed objects facts on Checkpoint over Web Services API +description: + - Get network-feed objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-network-feed + cp_mgmt_network_feed_facts: + name: network_feed + +- name: show-network-feeds + cp_mgmt_network_feed_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "network-feed" + api_call_object_plural_version = "network-feeds" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_objects_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_objects_facts.py new file mode 100644 index 00000000..50f05905 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_objects_facts.py @@ -0,0 +1,181 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_objects_facts +short_description: Get objects objects facts on Checkpoint over Web Services API +description: + - Get objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + uid: + description: + - Object unique identifier. + type: str + uids: + description: + - List of UIDs of the objects to retrieve. + type: list + elements: str + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in Smart Console. The logical + operators in the expression ('AND', 'OR') should be provided in capital letters. By default, the search involves both a textual search and a IP + search. To use IP search only, set the "ip-only" parameter to true. + type: str + ip_only: + description: + - If using "filter", use this field to search objects by their IP address only, without involving the textual search.<br><br>IP search use + cases<br> <ul><li>Full IPv4 address matches for,<br> - Hosts, Check Point + Hosts and Gateways with exact IPv4 match or with interfaces which subnet contains the search + address<br> - IPv4 Networks and IPv4 Address Ranges that contain the search address</li> + <br> <li>Partial IPv4 address matches for,<br> - Hosts, Networks, Check Point + Hosts and Gateways with IPv4 address that starts from the search address<br> - Hosts, Check Point + Hosts and Gateways with interfaces which subnet address starts from the search address<br> - IPv4 + Address Ranges with first address or last address that starts from the search address<br> - IPv4 + Networks and IPv4 Address Ranges that contain the network derived from the search address supplemented with missing octets (all + zeroes)<br> - Hosts, Check Point Hosts and Gateways with interfaces which subnet contains the network + derived from the search address supplemented with missing octets (all zeroes)</li><br> <li>IPv6 + address,<br> - Not supported</li></ul><br><br> * Check Point Host is a server of type Network Policy + Management, Logging & Status, SmartEvent, etc.<br> * When one IP address is checked to start from another (partial) IP address - only full octets are + considered <br> * Check Examples part for IP search examples. + type: bool + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting a specific object. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting a specific object. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting a specific object. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + type: + description: + - The objects' type, e.g., host, service-tcp, network, address-range... + type: str + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-objects + cp_mgmt_objects_facts: + limit: 50 + offset: 0 + order: + - ASC: name + type: group + +- name: show-object + cp_mgmt_objects_facts: + uid: ef82887c-d08f-49a3-a18f-a376be633848 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + uid=dict(type='str'), + uids=dict(type='list', elements='str'), + filter=dict(type='str'), + ip_only=dict(type='bool'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + type=dict(type='str'), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "object" + api_call_object_plural_version = "objects" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package.py new file mode 100644 index 00000000..e8a403f9 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package.py @@ -0,0 +1,251 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_package +short_description: Manages package objects on Check Point over Web Services API +description: + - Manages package objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + access: + description: + - True - enables, False - disables access & NAT policies, empty - nothing is changed. + type: bool + desktop_security: + description: + - True - enables, False - disables Desktop security policy, empty - nothing is changed. + type: bool + installation_targets: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + elements: str + qos: + description: + - True - enables, False - disables QoS policy, empty - nothing is changed. + type: bool + qos_policy_type: + description: + - QoS policy type. + type: str + choices: ['recommended', 'express'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + threat_prevention: + description: + - True - enables, False - disables Threat policy, empty - nothing is changed. + type: bool + vpn_traditional_mode: + description: + - True - enables, False - disables VPN traditional mode, empty - nothing is changed. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + access_layers: + description: + - Access policy layers. + type: dict + suboptions: + add: + description: + - Collection of Access layer objects to be added identified by the name or UID. + type: list + elements: dict + suboptions: + name: + description: + - Layer name or UID. + type: str + position: + description: + - Layer position. + type: int + remove: + description: + - Collection of Access layer objects to be removed identified by the name or UID. + type: list + elements: str + value: + description: + - Collection of Access layer objects to be set identified by the name or UID. Replaces existing Access layers. + type: list + elements: str + threat_layers: + description: + - Threat policy layers. + type: dict + suboptions: + add: + description: + - Collection of Threat layer objects to be added identified by the name or UID. + type: list + elements: dict + suboptions: + name: + description: + - Layer name or UID. + type: str + position: + description: + - Layer position. + type: int + remove: + description: + - Collection of Threat layer objects to be removed identified by the name or UID. + type: list + elements: str + value: + description: + - Collection of Threat layer objects to be set identified by the name or UID. Replaces existing Threat layers. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-package + cp_mgmt_package: + access: true + color: green + comments: My Comments + name: New_Standard_Package_1 + state: present + threat_prevention: false + +- name: set-package + cp_mgmt_package: + access_layers: + add: + - name: New Access Layer 1 + position: 1 + name: Standard + state: present + threat_layers: + add: + - name: New Layer 1 + position: 2 + +- name: delete-package + cp_mgmt_package: + name: New Standard Package 1 + state: absent +""" + +RETURN = """ +cp_mgmt_package: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + access=dict(type='bool'), + desktop_security=dict(type='bool'), + installation_targets=dict(type='list', elements='str'), + qos=dict(type='bool'), + qos_policy_type=dict(type='str', choices=['recommended', 'express']), + tags=dict(type='list', elements='str'), + threat_prevention=dict(type='bool'), + vpn_traditional_mode=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + access_layers=dict(type='dict', options=dict( + add=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + position=dict(type='int') + )), + remove=dict(type='list', elements='str'), + value=dict(type='list', elements='str') + )), + threat_layers=dict(type='dict', options=dict( + add=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + position=dict(type='int') + )), + remove=dict(type='list', elements='str'), + value=dict(type='list', elements='str') + )) + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'package' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package_facts.py new file mode 100644 index 00000000..54c80e75 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_package_facts +short_description: Get package objects facts on Check Point over Web Services API +description: + - Get package objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-package + cp_mgmt_package_facts: + name: New_Standard_Package_1 + +- name: show-packages + cp_mgmt_package_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "package" + api_call_object_plural_version = "packages" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_provisioning_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_provisioning_profile_facts.py new file mode 100644 index 00000000..b77a9b14 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_provisioning_profile_facts.py @@ -0,0 +1,146 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_provisioning_profile_facts +short_description: Get provisioning-profile objects facts on Checkpoint over Web Services API +description: + - Get provisioning-profile objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-provisioning-profile + cp_mgmt_provisioning_profile_facts: + name: prv_gaia_profile + +- name: show-provisioning-profiles + cp_mgmt_provisioning_profile_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "provisioning-profile" + api_call_object_plural_version = "provisioning-profiles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_publish.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_publish.py new file mode 100644 index 00000000..c7dedd20 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_publish.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_publish +short_description: All the changes done by this user will be seen by all users only after publish is called. +description: + - All the changes done by this user will be seen by all users only after publish is called. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: publish + cp_mgmt_publish: +""" + +RETURN = """ +cp_mgmt_publish: + description: The checkpoint publish output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "publish" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_put_file.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_put_file.py new file mode 100644 index 00000000..8f7eaec4 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_put_file.py @@ -0,0 +1,102 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_put_file +short_description: put file on Check Point over Web Services API +description: + - put file on Check Point over Web Services API + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str + file_content: + description: + - N/A + type: str + file_name: + description: + - N/A + type: str + file_path: + description: + - N/A + type: str + comments: + description: + - Comments string. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: put-file + cp_mgmt_put_file: + file_content: 'vs ip 192.0.2.1\nvs2 ip 192.0.2.2' + file_name: vsx_conf + file_path: /home/admin/ + targets: + - corporate-gateway +""" + +RETURN = """ +cp_mgmt_put_file: + description: The checkpoint put-file output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + targets=dict(type='list', elements='str'), + file_content=dict(type='str'), + file_name=dict(type='str'), + file_path=dict(type='str'), + comments=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "put-file" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reject_session.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reject_session.py new file mode 100644 index 00000000..ab76c138 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reject_session.py @@ -0,0 +1,83 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_reject_session +short_description: Workflow feature - Return the session to the submitter administrator. +description: + - Workflow feature - Return the session to the submitter administrator. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + uid: + description: + - Session unique identifier. + type: str + comments: + description: + - Reject justification. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: reject-session + cp_mgmt_reject_session: + comments: Typo in host name + uid: 41e821a0-3720-11e3-aa6e-0800200c9fde +""" + +RETURN = """ +cp_mgmt_reject_session: + description: The checkpoint reject-session output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + uid=dict(type='str'), + comments=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "reject-session" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script.py new file mode 100644 index 00000000..62d48cc5 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_repository_script +short_description: Manages repository-script objects on Checkpoint over Web Services API +description: + - Manages repository-script objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + script_body: + description: + - The entire content of the script. + type: str + script_body_base64: + description: + - The entire content of the script encoded in Base64. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-repository-script + cp_mgmt_repository_script: + name: New Script 1 + script_body: ls -l / + state: present + +- name: set-repository-script + cp_mgmt_repository_script: + color: green + name: New Script 1 + script_body: cpstat os -f all + state: present + +- name: delete-repository-script + cp_mgmt_repository_script: + name: New Script 1 + state: absent +""" + +RETURN = """ +cp_mgmt_repository_script: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + script_body=dict(type='str'), + script_body_base64=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'repository-script' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script_facts.py new file mode 100644 index 00000000..67edad30 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_repository_script_facts +short_description: Get repository-script objects facts on Checkpoint over Web Services API +description: + - Get repository-script objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-repository-script + cp_mgmt_repository_script_facts: + name: New Script 1 + +- name: show-repository-scripts + cp_mgmt_repository_script_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "repository-script" + api_call_object_plural_version = "repository-scripts" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reset_sic.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reset_sic.py new file mode 100644 index 00000000..cb5b8d00 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reset_sic.py @@ -0,0 +1,84 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_reset_sic +short_description: Reset Secure Internal Communication (SIC). To complete the reset operation need also to reset the device in the Check Point Configuration + Tool (by running cpconfig in Clish or Expert mode). Communication will not be possible until you reset and re-initialize the device properly. +description: + - Reset Secure Internal Communication (SIC). To complete the reset operation need also to reset the device in the Check Point Configuration Tool (by + running cpconfig in Clish or Expert mode). Communication will not be possible until you reset and re-initialize the device properly. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Gateway, cluster member or Check Point host name. + type: str + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: reset-sic + cp_mgmt_reset_sic: + name: gw1 +""" + +RETURN = """ +cp_mgmt_reset_sic: + description: The checkpoint reset-sic output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "reset-sic" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_ips_update.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_ips_update.py new file mode 100644 index 00000000..2c9f9934 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_ips_update.py @@ -0,0 +1,76 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_run_ips_update +short_description: Runs IPS database update. If "package-path" is not provided server will try to get the latest package from the User Center. +description: + - Runs IPS database update. If "package-path" is not provided server will try to get the latest package from the User Center. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + package_path: + description: + - Offline update package path. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: run-ips-update + cp_mgmt_run_ips_update: +""" + +RETURN = """ +cp_mgmt_run_ips_update: + description: The checkpoint run-ips-update output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + package_path=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "run-ips-update" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py new file mode 100644 index 00000000..f4dabd98 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py @@ -0,0 +1,101 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_run_script +short_description: Executes the script on a given list of targets. +description: + - Executes the script on a given list of targets. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + script_name: + description: + - Script name. + type: str + script: + description: + - Script body. + type: str + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str + args: + description: + - Script arguments. + type: str + comments: + description: + - Comments string. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: run-script + cp_mgmt_run_script: + script: ls -l / + script_name: 'Script Example: List files under / dir' + targets: + - corporate-gateway +""" + +RETURN = """ +cp_mgmt_run_script: + description: The checkpoint run-script output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + script_name=dict(type='str'), + script=dict(type='str'), + targets=dict(type='list', elements='str'), + args=dict(type='str'), + comments=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "run-script" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone.py new file mode 100644 index 00000000..6c9cab11 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone.py @@ -0,0 +1,130 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_security_zone +short_description: Manages security-zone objects on Check Point over Web Services API +description: + - Manages security-zone objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-security-zone + cp_mgmt_security_zone: + color: yellow + comments: My Security Zone 1 + name: SZone1 + state: present + +- name: set-security-zone + cp_mgmt_security_zone: + name: SZone1 + state: present + +- name: delete-security-zone + cp_mgmt_security_zone: + name: SZone2 + state: absent +""" + +RETURN = """ +cp_mgmt_security_zone: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'security-zone' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone_facts.py new file mode 100644 index 00000000..90be7746 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone_facts.py @@ -0,0 +1,129 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_security_zone_facts +short_description: Get security-zone objects facts on Check Point over Web Services API +description: + - Get security-zone objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-security-zone + cp_mgmt_security_zone_facts: + name: SZone1 + +- name: show-security-zones + cp_mgmt_security_zone_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "security-zone" + api_call_object_plural_version = "security-zones" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc.py new file mode 100644 index 00000000..63941587 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc.py @@ -0,0 +1,149 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_dce_rpc +short_description: Manages service-dce-rpc objects on Check Point over Web Services API +description: + - Manages service-dce-rpc objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + interface_uuid: + description: + - Network interface UUID. + type: str + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-dce-rpc + cp_mgmt_service_dce_rpc: + interface_uuid: 97aeb460-9aea-11d5-bd16-0090272ccb30 + keep_connections_open_after_policy_installation: false + name: New_DCE-RPC_Service_1 + state: present + +- name: set-service-dce-rpc + cp_mgmt_service_dce_rpc: + color: green + interface_uuid: 44aeb460-9aea-11d5-bd16-009027266b30 + name: New_DCE-RPC_Service_1 + state: present + +- name: delete-service-dce-rpc + cp_mgmt_service_dce_rpc: + name: New_DCE-RPC_Service_2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_dce_rpc: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + interface_uuid=dict(type='str'), + keep_connections_open_after_policy_installation=dict(type='bool'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-dce-rpc' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc_facts.py new file mode 100644 index 00000000..b9419a93 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_dce_rpc_facts +short_description: Get service-dce-rpc objects facts on Check Point over Web Services API +description: + - Get service-dce-rpc objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-dce-rpc + cp_mgmt_service_dce_rpc_facts: + name: HP-OpCdistm + +- name: show-services-dce-rpc + cp_mgmt_service_dce_rpc_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-dce-rpc" + api_call_object_plural_version = "services-dce-rpc" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group.py new file mode 100644 index 00000000..1f78ac53 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group.py @@ -0,0 +1,149 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_group +short_description: Manages service-group objects on Check Point over Web Services API +description: + - Manages service-group objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + members: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-group + cp_mgmt_service_group: + members: + - https + - bootp + - nisplus + - HP-OpCdistm + name: New Service Group 1 + state: present + +- name: set-service-group + cp_mgmt_service_group: + name: New Service Group 1 + members: + - https + - bootp + - nisplus + state: present + +- name: delete-service-group + cp_mgmt_service_group: + name: New Service Group 1 + state: absent +""" + +RETURN = """ +cp_mgmt_service_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + members=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group_facts.py new file mode 100644 index 00000000..f04e0b96 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group_facts.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_group_facts +short_description: Get service-group objects facts on Check Point over Web Services API +description: + - Get service-group objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + show_as_ranges: + description: + - When true, the service group's matched content is displayed as ranges of port numbers rather than service objects.<br />Objects that are not + represented using port numbers are presented as objects.<br />The 'members' parameter is omitted from the response and instead the 'ranges' parameter + is displayed. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-group + cp_mgmt_service_group_facts: + name: New Service Group 1 + +- name: show-service-groups + cp_mgmt_service_group_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + show_as_ranges=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-group" + api_call_object_plural_version = "service-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp.py new file mode 100644 index 00000000..0cd0d4ca --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp.py @@ -0,0 +1,154 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_icmp +short_description: Manages service-icmp objects on Check Point over Web Services API +description: + - Manages service-icmp objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + icmp_code: + description: + - As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>. + type: int + icmp_type: + description: + - As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>. + type: int + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-icmp + cp_mgmt_service_icmp: + icmp_code: 7 + icmp_type: 5 + name: Icmp1 + state: present + +- name: set-service-icmp + cp_mgmt_service_icmp: + icmp_code: 13 + icmp_type: 45 + name: icmp1 + state: present + +- name: delete-service-icmp + cp_mgmt_service_icmp: + name: icmp3 + state: absent +""" + +RETURN = """ +cp_mgmt_service_icmp: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + icmp_code=dict(type='int'), + icmp_type=dict(type='int'), + keep_connections_open_after_policy_installation=dict(type='bool'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-icmp' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6.py new file mode 100644 index 00000000..fe845e60 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6.py @@ -0,0 +1,154 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_icmp6 +short_description: Manages service-icmp6 objects on Check Point over Web Services API +description: + - Manages service-icmp6 objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + icmp_code: + description: + - As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>. + type: int + icmp_type: + description: + - As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>. + type: int + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-icmp6 + cp_mgmt_service_icmp6: + icmp_code: 7 + icmp_type: 5 + name: Icmp1 + state: present + +- name: set-service-icmp6 + cp_mgmt_service_icmp6: + icmp_code: 13 + icmp_type: 45 + name: icmp1 + state: present + +- name: delete-service-icmp6 + cp_mgmt_service_icmp6: + name: icmp2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_icmp6: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + icmp_code=dict(type='int'), + icmp_type=dict(type='int'), + keep_connections_open_after_policy_installation=dict(type='bool'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-icmp6' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6_facts.py new file mode 100644 index 00000000..d94525f2 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6_facts.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_icmp6_facts +short_description: Get service-icmp6 objects facts on Check Point over Web Services API +description: + - Get service-icmp6 objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-icmp6 + cp_mgmt_service_icmp6_facts: + name: echo-reply6 + +- name: show-services-icmp6 + cp_mgmt_service_icmp6_facts: + limit: 2 + offset: 4 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-icmp6" + api_call_object_plural_version = "services-icmp6" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp_facts.py new file mode 100644 index 00000000..8d044c37 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp_facts.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_icmp_facts +short_description: Get service-icmp objects facts on Check Point over Web Services API +description: + - Get service-icmp objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-icmp + cp_mgmt_service_icmp_facts: + name: info-req + +- name: show-services-icmp + cp_mgmt_service_icmp_facts: + limit: 4 + offset: 3 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-icmp" + api_call_object_plural_version = "services-icmp" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other.py new file mode 100644 index 00000000..8e1766a5 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other.py @@ -0,0 +1,227 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_other +short_description: Manages service-other objects on Check Point over Web Services API +description: + - Manages service-other objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + accept_replies: + description: + - Specifies whether Other Service replies are to be accepted. + type: bool + action: + description: + - Contains an INSPECT expression that defines the action to take if a rule containing this service is matched. + Example, set r_mhandler &open_ssl_handler sets a handler on the connection. + type: str + aggressive_aging: + description: + - Sets short (aggressive) timeouts for idle connections. + type: dict + suboptions: + default_timeout: + description: + - Default aggressive aging timeout in seconds. + type: int + enable: + description: + - N/A + type: bool + timeout: + description: + - Aggressive aging timeout in seconds. + type: int + use_default_timeout: + description: + - N/A + type: bool + ip_protocol: + description: + - IP protocol number. + type: int + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + match: + description: + - Contains an INSPECT expression that defines the matching criteria. The connection is examined against the expression during the first packet. + Example, tcp, dport = 21, direction = 0 matches incoming FTP control connections. + type: str + match_for_any: + description: + - Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port + and protocol. + type: bool + override_default_settings: + description: + - Indicates whether this service is a Data Domain service which has been overridden. + type: bool + session_timeout: + description: + - Time (in seconds) before the session times out. + type: int + sync_connections_on_cluster: + description: + - Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + use_default_session_timeout: + description: + - Use default virtual session timeout. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-other + cp_mgmt_service_other: + aggressive_aging: + enable: true + timeout: 360 + use_default_timeout: false + ip_protocol: 51 + keep_connections_open_after_policy_installation: false + match_for_any: true + name: New_Service_1 + session_timeout: 0 + state: present + sync_connections_on_cluster: true + +- name: set-service-other + cp_mgmt_service_other: + aggressive_aging: + default_timeout: 3600 + color: green + name: New_Service_1 + state: present + +- name: delete-service-other + cp_mgmt_service_other: + name: New_Service_2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_other: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + accept_replies=dict(type='bool'), + action=dict(type='str'), + aggressive_aging=dict(type='dict', options=dict( + default_timeout=dict(type='int'), + enable=dict(type='bool'), + timeout=dict(type='int'), + use_default_timeout=dict(type='bool') + )), + ip_protocol=dict(type='int'), + keep_connections_open_after_policy_installation=dict(type='bool'), + match=dict(type='str'), + match_for_any=dict(type='bool'), + override_default_settings=dict(type='bool'), + session_timeout=dict(type='int'), + sync_connections_on_cluster=dict(type='bool'), + tags=dict(type='list', elements='str'), + use_default_session_timeout=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-other' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other_facts.py new file mode 100644 index 00000000..e7ad3da1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_other_facts +short_description: Get service-other objects facts on Check Point over Web Services API +description: + - Get service-other objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-other + cp_mgmt_service_other_facts: + name: New_Service_1 + +- name: show-services-other + cp_mgmt_service_other_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-other" + api_call_object_plural_version = "services-other" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc.py new file mode 100644 index 00000000..e9f917ca --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc.py @@ -0,0 +1,149 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_rpc +short_description: Manages service-rpc objects on Check Point over Web Services API +description: + - Manages service-rpc objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + program_number: + description: + - N/A + type: int + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-rpc + cp_mgmt_service_rpc: + keep_connections_open_after_policy_installation: false + name: New_RPC_Service_1 + program_number: 5669 + state: present + +- name: set-service-rpc + cp_mgmt_service_rpc: + color: green + name: New_RPC_Service_1 + program_number: 5656 + state: present + +- name: delete-service-rpc + cp_mgmt_service_rpc: + name: New_RPC_Service_2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_rpc: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + keep_connections_open_after_policy_installation=dict(type='bool'), + program_number=dict(type='int'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-rpc' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc_facts.py new file mode 100644 index 00000000..3ff1f3c0 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_rpc_facts +short_description: Get service-rpc objects facts on Check Point over Web Services API +description: + - Get service-rpc objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-rpc + cp_mgmt_service_rpc_facts: + name: nisplus + +- name: show-services-rpc + cp_mgmt_service_rpc_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-rpc" + api_call_object_plural_version = "services-rpc" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp.py new file mode 100644 index 00000000..624a8193 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp.py @@ -0,0 +1,211 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_sctp +short_description: Manages service-sctp objects on Check Point over Web Services API +description: + - Manages service-sctp objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + port: + description: + - Port number. To specify a port range add a hyphen between the lowest and the highest port numbers, for example 44-45. + type: str + aggressive_aging: + description: + - Sets short (aggressive) timeouts for idle connections. + type: dict + suboptions: + default_timeout: + description: + - Default aggressive aging timeout in seconds. + type: int + enable: + description: + - N/A + type: bool + timeout: + description: + - Aggressive aging timeout in seconds. + type: int + use_default_timeout: + description: + - N/A + type: bool + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + match_for_any: + description: + - Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port + and protocol. + type: bool + session_timeout: + description: + - Time (in seconds) before the session times out. + type: int + source_port: + description: + - Source port number. To specify a port range add a hyphen between the lowest and the highest port numbers, for example 44-45. + type: str + sync_connections_on_cluster: + description: + - Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + use_default_session_timeout: + description: + - Use default virtual session timeout. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-sctp + cp_mgmt_service_sctp: + aggressive_aging: + enable: true + timeout: 360 + use_default_timeout: false + keep_connections_open_after_policy_installation: false + match_for_any: true + name: New_SCTP_Service_1 + port: 5669 + session_timeout: 0 + state: present + sync_connections_on_cluster: true + +- name: set-service-sctp + cp_mgmt_service_sctp: + aggressive_aging: + default_timeout: 3600 + color: green + name: New_SCTP_Service_1 + port: 5656 + state: present + +- name: delete-service-sctp + cp_mgmt_service_sctp: + name: New_SCTP_Service_2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_sctp: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + port=dict(type='str'), + aggressive_aging=dict(type='dict', options=dict( + default_timeout=dict(type='int'), + enable=dict(type='bool'), + timeout=dict(type='int'), + use_default_timeout=dict(type='bool') + )), + keep_connections_open_after_policy_installation=dict(type='bool'), + match_for_any=dict(type='bool'), + session_timeout=dict(type='int'), + source_port=dict(type='str'), + sync_connections_on_cluster=dict(type='bool'), + tags=dict(type='list', elements='str'), + use_default_session_timeout=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-sctp' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp_facts.py new file mode 100644 index 00000000..852aacff --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_sctp_facts +short_description: Get service-sctp objects facts on Check Point over Web Services API +description: + - Get service-sctp objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-sctp + cp_mgmt_service_sctp_facts: + name: New_SCTP_Service_1 + +- name: show-services-sctp + cp_mgmt_service_sctp_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-sctp" + api_call_object_plural_version = "services-sctp" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp.py new file mode 100644 index 00000000..91b032b0 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp.py @@ -0,0 +1,231 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_tcp +short_description: Manages service-tcp objects on Check Point over Web Services API +description: + - Manages service-tcp objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + aggressive_aging: + description: + - Sets short (aggressive) timeouts for idle connections. + type: dict + suboptions: + default_timeout: + description: + - Default aggressive aging timeout in seconds. + type: int + enable: + description: + - N/A + type: bool + timeout: + description: + - Aggressive aging timeout in seconds. + type: int + use_default_timeout: + description: + - N/A + type: bool + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + match_by_protocol_signature: + description: + - A value of true enables matching by the selected protocol's signature - the signature identifies the protocol as genuine. Select this option + to limit the port to the specified protocol. If the selected protocol does not support matching by signature, this field cannot be set to true. + type: bool + match_for_any: + description: + - Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port + and protocol. + type: bool + override_default_settings: + description: + - Indicates whether this service is a Data Domain service which has been overridden. + type: bool + port: + description: + - The number of the port used to provide this service. To specify a port range, place a hyphen between the lowest and highest port numbers, for + example 44-55. + type: str + protocol: + description: + - Select the protocol type associated with the service, and by implication, the management server (if any) that enforces Content Security and + Authentication for the service. Selecting a Protocol Type invokes the specific protocol handlers for each protocol type, thus enabling higher level of + security by parsing the protocol, and higher level of connectivity by tracking dynamic actions (such as opening of ports). + type: str + session_timeout: + description: + - Time (in seconds) before the session times out. + type: int + source_port: + description: + - Port number for the client side service. If specified, only those Source port Numbers will be Accepted, Dropped, or Rejected during packet + inspection. Otherwise, the source port is not inspected. + type: str + sync_connections_on_cluster: + description: + - Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + use_default_session_timeout: + description: + - Use default virtual session timeout. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-tcp + cp_mgmt_service_tcp: + aggressive_aging: + enable: true + timeout: 360 + use_default_timeout: false + keep_connections_open_after_policy_installation: false + match_for_any: true + name: New_TCP_Service_1 + port: 5669 + session_timeout: 0 + state: present + sync_connections_on_cluster: true + +- name: set-service-tcp + cp_mgmt_service_tcp: + aggressive_aging: + default_timeout: 3600 + color: green + name: New_TCP_Service_1 + port: 5656 + state: present + +- name: delete-service-tcp + cp_mgmt_service_tcp: + name: New_TCP_Service_1 + state: absent +""" + +RETURN = """ +cp_mgmt_service_tcp: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + aggressive_aging=dict(type='dict', options=dict( + default_timeout=dict(type='int'), + enable=dict(type='bool'), + timeout=dict(type='int'), + use_default_timeout=dict(type='bool') + )), + keep_connections_open_after_policy_installation=dict(type='bool'), + match_by_protocol_signature=dict(type='bool'), + match_for_any=dict(type='bool'), + override_default_settings=dict(type='bool'), + port=dict(type='str'), + protocol=dict(type='str'), + session_timeout=dict(type='int'), + source_port=dict(type='str'), + sync_connections_on_cluster=dict(type='bool'), + tags=dict(type='list', elements='str'), + use_default_session_timeout=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-tcp' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp_facts.py new file mode 100644 index 00000000..55e0c16d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_tcp_facts +short_description: Get service-tcp objects facts on Check Point over Web Services API +description: + - Get service-tcp objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-tcp + cp_mgmt_service_tcp_facts: + name: https + +- name: show-services-tcp + cp_mgmt_service_tcp_facts: + details_level: standard + limit: 10 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-tcp" + api_call_object_plural_version = "services-tcp" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp.py new file mode 100644 index 00000000..31558754 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp.py @@ -0,0 +1,238 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_udp +short_description: Manages service-udp objects on Check Point over Web Services API +description: + - Manages service-udp objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + accept_replies: + description: + - N/A + type: bool + aggressive_aging: + description: + - Sets short (aggressive) timeouts for idle connections. + type: dict + suboptions: + default_timeout: + description: + - Default aggressive aging timeout in seconds. + type: int + enable: + description: + - N/A + type: bool + timeout: + description: + - Aggressive aging timeout in seconds. + type: int + use_default_timeout: + description: + - N/A + type: bool + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + match_by_protocol_signature: + description: + - A value of true enables matching by the selected protocol's signature - the signature identifies the protocol as genuine. Select this option + to limit the port to the specified protocol. If the selected protocol does not support matching by signature, this field cannot be set to true. + type: bool + match_for_any: + description: + - Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port + and protocol. + type: bool + override_default_settings: + description: + - Indicates whether this service is a Data Domain service which has been overridden. + type: bool + port: + description: + - The number of the port used to provide this service. To specify a port range, place a hyphen between the lowest and highest port numbers, for + example 44-55. + type: str + protocol: + description: + - Select the protocol type associated with the service, and by implication, the management server (if any) that enforces Content Security and + Authentication for the service. Selecting a Protocol Type invokes the specific protocol handlers for each protocol type, thus enabling higher level of + security by parsing the protocol, and higher level of connectivity by tracking dynamic actions (such as opening of ports). + type: str + session_timeout: + description: + - Time (in seconds) before the session times out. + type: int + source_port: + description: + - Port number for the client side service. If specified, only those Source port Numbers will be Accepted, Dropped, or Rejected during packet + inspection. Otherwise, the source port is not inspected. + type: str + sync_connections_on_cluster: + description: + - Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + use_default_session_timeout: + description: + - Use default virtual session timeout. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-udp + cp_mgmt_service_udp: + accept_replies: false + aggressive_aging: + enable: true + timeout: 360 + use_default_timeout: false + keep_connections_open_after_policy_installation: false + match_for_any: true + name: New_UDP_Service_1 + port: 5669 + session_timeout: 0 + state: present + sync_connections_on_cluster: true + +- name: set-service-udp + cp_mgmt_service_udp: + accept_replies: true + aggressive_aging: + default_timeout: 3600 + color: green + name: New_UDP_Service_1 + port: 5656 + state: present + +- name: delete-service-udp + cp_mgmt_service_udp: + name: New_UDP_Service_2 + state: absent +""" + +RETURN = """ +cp_mgmt_service_udp: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + accept_replies=dict(type='bool'), + aggressive_aging=dict(type='dict', options=dict( + default_timeout=dict(type='int'), + enable=dict(type='bool'), + timeout=dict(type='int'), + use_default_timeout=dict(type='bool') + )), + keep_connections_open_after_policy_installation=dict(type='bool'), + match_by_protocol_signature=dict(type='bool'), + match_for_any=dict(type='bool'), + override_default_settings=dict(type='bool'), + port=dict(type='str'), + protocol=dict(type='str'), + session_timeout=dict(type='int'), + source_port=dict(type='str'), + sync_connections_on_cluster=dict(type='bool'), + tags=dict(type='list', elements='str'), + use_default_session_timeout=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-udp' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp_facts.py new file mode 100644 index 00000000..1668739a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_udp_facts +short_description: Get service-udp objects facts on Check Point over Web Services API +description: + - Get service-udp objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-udp + cp_mgmt_service_udp_facts: + name: bootp + +- name: show-services-udp + cp_mgmt_service_udp_facts: + details_level: standard + limit: 10 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-udp" + api_call_object_plural_version = "services-udp" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_session_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_session_facts.py new file mode 100644 index 00000000..9b64722d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_session_facts.py @@ -0,0 +1,125 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_session_facts +short_description: Get session objects facts on Check Point over Web Services API +description: + - Get session objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the descending order by the session publish time. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + view_published_sessions: + description: + - Show a list of published sessions. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-session + cp_mgmt_session_facts: + +- name: show-sessions + cp_mgmt_session_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + view_published_sessions=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "session" + api_call_object_plural_version = "sessions" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_domain.py new file mode 100644 index 00000000..186bc4b2 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_domain.py @@ -0,0 +1,181 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_domain +short_description: Edit existing object using object name or uid. +description: + - Edit existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + servers: + description: + - Domain servers. When this field is provided, 'set-domain' command is executed asynchronously. + type: dict + suboptions: + add: + description: + - Adds to collection of values + type: list + elements: dict + suboptions: + name: + description: + - Object name. Must be unique in the domain. + type: str + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + multi_domain_server: + description: + - Multi Domain server name or UID. + type: str + skip_start_domain_server: + description: + - Set this value to be true to prevent starting the new created domain. + type: bool + type: + description: + - Domain server type. + type: str + choices: ['management server', 'log server', 'smc'] + remove: + description: + - Remove from collection of values + type: list + elements: str + suboptions: + name: + description: + - Object name. Must be unique in the domain. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + tags: + description: + - Collection of tag identifiers. Note, The list of tags can not be modified in a single command together with the domain servers. To modify + tags, please use the separate 'set-domain' command, without providing the list of domain servers. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-domain + cp_mgmt_set_domain: + comments: This is domain1 comment + name: domain1 +""" + +RETURN = """ +cp_mgmt_domain: + description: The checkpoint set-domain output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + servers=dict(type='dict', options=dict( + add=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + multi_domain_server=dict(type='str'), + skip_start_domain_server=dict(type='bool'), + type=dict(type='str', choices=['management server', 'log server', 'smc']) + )), + remove=dict(type='list', elements='str') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + tags=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + command = 'set-domain' + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_global_properties.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_global_properties.py new file mode 100644 index 00000000..12549bb8 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_global_properties.py @@ -0,0 +1,2044 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_global_properties +short_description: Edit Global Properties. +description: + - Edit Global Properties. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + firewall: + description: + - Add implied rules to or remove them from the Firewall Rule Base. Determine the position of the implied rules in the Rule Base, and whether or + not to log them. + type: dict + suboptions: + accept_control_connections: + description: + - Used for,<br> <ul><li> Installing the security policy from the Security Management server to the + gateways.</li><br> <li> Sending logs from the gateways to the Security Management server.</li><br> + <li> Communication between SmartConsole clients and the Security Management Server</li><br> <li> Communication between + Firewall daemons on different machines (Security Management Server, Security Gateway).</li><br> <li> Connecting to OPSEC + applications such as RADIUS and TACACS authentication servers.</li></ul>If you disable Accept Control Connections and you want Check Point + components to communicate with each other and with OPSEC components, you must explicitly allow these connections in the Rule Base. + type: bool + accept_ips1_management_connections: + description: + - Accepts IPS-1 connections.<br>Available only if accept-control-connections is true. + type: bool + accept_remote_access_control_connections: + description: + - Accepts Remote Access connections.<br>Available only if accept-control-connections is true. + type: bool + accept_smart_update_connections: + description: + - Accepts SmartUpdate connections. + type: bool + accept_outgoing_packets_originating_from_gw: + description: + - Accepts all packets from connections that originate at the Check Point Security Gateway. + type: bool + accept_outgoing_packets_originating_from_gw_position: + description: + - The position of the implied rules in the Rule Base.<br>Available only if accept-outgoing-packets-originating-from-gw is false. + type: str + choices: ['first', 'last', 'before last'] + accept_outgoing_packets_originating_from_connectra_gw: + description: + - Accepts outgoing packets originating from Connectra gateway.<br>Available only if accept-outgoing-packets-originating-from-gw is false. + type: bool + accept_outgoing_packets_to_cp_online_services: + description: + - Allow Security Gateways to access Check Point online services. Supported for R80.10 Gateway and higher.<br>Available only if + accept-outgoing-packets-originating-from-gw is false. + type: bool + accept_outgoing_packets_to_cp_online_services_position: + description: + - The position of the implied rules in the Rule Base.<br>Available only if accept-outgoing-packets-to-cp-online-services is true. + type: str + choices: ['first', 'last', 'before last'] + accept_domain_name_over_tcp: + description: + - Accepts Domain Name (DNS) queries and replies over TCP, to allow downloading of the domain name-resolving tables used for zone + transfers between servers. For clients, DNS over TCP is only used if the tables to be transferred are very large. + type: bool + accept_domain_name_over_tcp_position: + description: + - The position of the implied rules in the Rule Base.<br>Available only if accept-domain-name-over-tcp is true. + type: str + choices: ['first', 'last', 'before last'] + accept_domain_name_over_udp: + description: + - Accepts Domain Name (DNS) queries and replies over UDP. + type: bool + accept_domain_name_over_udp_position: + description: + - The position of the implied rules in the Rule Base.<br>Available only if accept-domain-name-over-udp is true. + type: str + choices: ['first', 'last', 'before last'] + accept_dynamic_addr_modules_outgoing_internet_connections: + description: + - Accept Dynamic Address modules' outgoing internet connections.Accepts DHCP traffic for DAIP (Dynamically Assigned IP Address) + gateways. In Small Office Appliance gateways, this rule allows outgoing DHCP, PPP, PPTP and L2TP Internet connections (regardless of whether it is + or is not a DAIP gateway). + type: bool + accept_icmp_requests: + description: + - Accepts Internet Control Message Protocol messages. + type: bool + accept_icmp_requests_position: + description: + - The position of the implied rules in the Rule Base.<br>Available only if accept-icmp-requests is true. + type: str + choices: ['first', 'last', 'before last'] + accept_identity_awareness_control_connections: + description: + - Accepts traffic between Security Gateways in distributed environment configurations of Identity Awareness. + type: bool + accept_identity_awareness_control_connections_position: + description: + - The position of the implied rules in the Rule Base.<br>Available only if accept-identity-awareness-control-connections is true. + type: str + choices: ['first', 'last', 'before last'] + accept_incoming_traffic_to_dhcp_and_dns_services_of_gws: + description: + - Allows the Small Office Appliance gateway to provide DHCP relay, DHCP server and DNS proxy services regardless of the rule base. + type: bool + accept_rip: + description: + - Accepts Routing Information Protocol (RIP), using UDP on port 520. + type: bool + accept_rip_position: + description: + - The position of the implied rules in the Rule Base.<br>Available only if accept-rip is true. + type: str + choices: ['first', 'last', 'before last'] + accept_vrrp_packets_originating_from_cluster_members: + description: + - Selecting this option creates an implied rule in the security policy Rule Base that accepts VRRP inbound and outbound traffic to and + from the members of the cluster. + type: bool + accept_web_and_ssh_connections_for_gw_administration: + description: + - Accepts Web and SSH connections for Small Office Appliance gateways. + type: bool + log_implied_rules: + description: + - Produces log records for communications that match the implied rules that are generated in the Rule Base from the properties defined + in this window. + type: bool + security_server: + description: + - Control the welcome messages that users will see when logging in to servers behind Check Point Security Gateways. + type: dict + suboptions: + client_auth_welcome_file: + description: + - Client authentication welcome file is the name of a file whose contents are to be displayed when a user begins a Client + Authenticated session (optional) using the Manual Sign On Method. Client Authenticated Sessions initiated by Manual Sign On are not mediated + by a security server. + type: str + ftp_welcome_msg_file: + description: + - FTP welcome message file is the name of a file whose contents are to be displayed when a user begins an Authenticated FTP session. + type: str + rlogin_welcome_msg_file: + description: + - Rlogin welcome message file is the name of a file whose contents are to be displayed when a user begins an Authenticated RLOGIN session. + type: str + telnet_welcome_msg_file: + description: + - Telnet welcome message file is the name of a file whose contents are to be displayed when a user begins an Authenticated Telnet session. + type: str + mdq_welcome_msg: + description: + - MDQ Welcome Message is the message to be displayed when a user begins an MDQ session. The MDQ Welcome Message should contain + characters according to RFC 1035 and it must follow the ARPANET host name rules,<br> - This message must begin with a number or letter. + After the first letter or number character the remaining characters can be a letter, number, space, tab or hyphen.<br> - This message must + not end with a space or a tab and is limited to 63 characters. + type: str + smtp_welcome_msg: + description: + - SMTP Welcome Message is the message to be displayed when a user begins an SMTP session. + type: str + http_next_proxy_host: + description: + - HTTP next proxy host is the host name of the HTTP proxy behind the Check Point Security Gateway HTTP security server (if there + is one). Changing the HTTP Next Proxy fields takes effect after the Security Gateway database is downloaded to the authenticating gateway, or + after the security policy is re-installed. <br>These settings apply only to firewalled gateways prior to NG. For later versions, these + settings should be defined in the Node Properties window. + type: str + http_next_proxy_port: + description: + - HTTP next proxy port is the port of the HTTP proxy behind the Check Point Security Gateway HTTP security server (if there is + one). Changing the HTTP Next Proxy fields takes effect after the Security Gateway database is downloaded to the authenticating gateway, or + after the security policy is re-installed. <br>These settings apply only to firewalled gateways prior to NG. For later versions, these + settings should be defined in the Node Properties window. + type: int + http_servers: + description: + - This list specifies the HTTP servers. Defining HTTP servers allows you to restrict incoming HTTP. + type: list + elements: dict + suboptions: + logical_name: + description: + - Unique Logical Name of the HTTP Server. + type: str + host: + description: + - Host name of the HTTP Server. + type: str + port: + description: + - Port number of the HTTP Server. + type: int + reauthentication: + description: + - Specify whether users must reauthenticate when accessing a specific server. + type: str + choices: ['standard', 'post request', 'every request'] + server_for_null_requests: + description: + - The Logical Name of a Null Requests Server from http-servers. + type: str + nat: + description: + - Configure settings that apply to all NAT connections. + type: dict + suboptions: + allow_bi_directional_nat: + description: + - Applies to automatic NAT rules in the NAT Rule Base, and allows two automatic NAT rules to match a connection. Without Bidirectional + NAT, only one automatic NAT rule can match a connection. + type: bool + auto_arp_conf: + description: + - Ensures that ARP requests for a translated (NATed) machine, network or address range are answered by the Check Point Security Gateway. + type: bool + merge_manual_proxy_arp_conf: + description: + - Merges the automatic and manual ARP configurations. Manual proxy ARP configuration is required for manual Static NAT + rules.<br>Available only if auto-arp-conf is true. + type: bool + auto_translate_dest_on_client_side: + description: + - Applies to packets originating at the client, with the server as its destination. Static NAT for the server is performed on the client side. + type: bool + manually_translate_dest_on_client_side: + description: + - Applies to packets originating at the client, with the server as its destination. Static NAT for the server is performed on the client side. + type: bool + enable_ip_pool_nat: + description: + - Applies to packets originating at the client, with the server as its destination. Static NAT for the server is performed on the client side. + type: bool + addr_alloc_and_release_track: + description: + - Specifies whether to log each allocation and release of an IP address from the IP Pool.<br>Available only if enable-ip-pool-nat is true. + type: str + choices: ['ip allocation log', 'none'] + addr_exhaustion_track: + description: + - Specifies the action to take if the IP Pool is exhausted.<br>Available only if enable-ip-pool-nat is true. + type: str + choices: ['ip exhaustion alert', 'none', 'ip exhaustion log'] + authentication: + description: + - Define Authentication properties that are common to all users and to the various ways that the Check Point Security Gateway asks for passwords + (User, Client and Session Authentication). + type: dict + suboptions: + auth_internal_users_with_specific_suffix: + description: + - Enforce suffix for internal users authentication. + type: bool + allowed_suffix_for_internal_users: + description: + - Suffix for internal users authentication. + type: str + max_days_before_expiration_of_non_pulled_user_certificates: + description: + - Users certificates which were initiated but not pulled will expire after the specified number of days. Any value from 1 to 60 days can + be entered in this field. + type: int + max_client_auth_attempts_before_connection_termination: + description: + - Allowed Number of Failed Client Authentication Attempts Before Session Termination. Any value from 1 to 800 attempts can be entered in this field. + type: int + max_rlogin_attempts_before_connection_termination: + description: + - Allowed Number of Failed rlogin Attempts Before Session Termination. Any value from 1 to 800 attempts can be entered in this field. + type: int + max_session_auth_attempts_before_connection_termination: + description: + - Allowed Number of Failed Session Authentication Attempts Before Session Termination. Any value from 1 to 800 attempts can be entered in this field. + type: int + max_telnet_attempts_before_connection_termination: + description: + - Allowed Number of Failed telnet Attempts Before Session Termination. Any value from 1 to 800 attempts can be entered in this field. + type: int + enable_delayed_auth: + description: + - all authentications other than certificate-based authentications will be delayed by the specified time. Applying this delay will stall + brute force authentication attacks. The delay is applied for both failed and successful authentication attempts. + type: bool + delay_each_auth_attempt_by: + description: + - Delay each authentication attempt by the specified number of milliseconds. Any value from 1 to 25000 can be entered in this field. + type: int + vpn: + description: + - Configure settings relevant to VPN. + type: dict + suboptions: + vpn_conf_method: + description: + - Decide on Simplified or Traditional mode for all new security policies or decide which mode to use on a policy by policy basis. + type: str + choices: ['simplified', 'traditional', 'per policy'] + domain_name_for_dns_resolving: + description: + - Enter the domain name that will be used for gateways DNS lookup. The DNS host name that is used is "gateway_name.domain_name". + type: str + enable_backup_gw: + description: + - Enable Backup Gateway. + type: bool + enable_decrypt_on_accept_for_gw_to_gw_traffic: + description: + - Enable decrypt on accept for gateway to gateway traffic. This is only relevant for policies in traditional mode. In Traditional Mode, + the 'Accept' action determines that a connection is allowed, while the 'Encrypt' action determines that a connection is allowed and encrypted. + Select whether VPN accepts an encrypted packet that matches a rule with an 'Accept' action or drops it. + type: bool + enable_load_distribution_for_mep_conf: + description: + - Enable load distribution for Multiple Entry Points configurations (Site To Site connections). The VPN Multiple Entry Point (MEP) + feature supplies high availability and load distribution for Check Point Security Gateways. MEP works in four modes,<br> + <ul><li> First to Respond, in which the first gateway to reply to the peer gateway is chosen. An organization would choose this option if, for + example, the organization has two gateways in a MEPed configuration - one in London, the other in New York. It makes sense for Check Point + Security Gateway peers located in England to try the London gateway first and the NY gateway second. Being geographically closer to Check Point + Security Gateway peers in England, the London gateway will be the first to respond, and becomes the entry point to the internal + network.</li><br> <li> VPN Domain, is when the destination IP belongs to a particular VPN domain, the gateway of that + domain becomes the chosen entry point. This gateway becomes the primary gateway while other gateways in the MEP configuration become its backup + gateways.</li><br> <li> Random Selection, in which the remote Check Point Security Gateway peer randomly selects a gateway + with which to open a VPN connection. For each IP source/destination address pair, a new gateway is randomly selected. An organization might have a + number of machines with equal performance abilities. In this case, it makes sense to enable load distribution. The machines are used in a random + and equal way.</li><br> <li> Manually set priority list, gateway priorities can be set manually for the entire community + or for individual satellite gateways.</li></ul>. + type: bool + enable_vpn_directional_match_in_vpn_column: + description: + - Enable VPN Directional Match in VPN Column.<br>Note, VPN Directional Match is supported only on Gaia, SecurePlatform, Linux and IPSO. + type: bool + grace_period_after_the_crl_is_not_valid: + description: + - When establishing VPN tunnels, the peer presents its certificate for authentication. The clock on the gateway machine must be + synchronized with the clock on the Certificate Authority machine. Otherwise, the Certificate Revocation List (CRL) used for validating the peer's + certificate may be considered invalid and thus the authentication fails. To resolve the issue of differing clock times, a Grace Period permits a + wider window for CRL validity. + type: int + grace_period_before_the_crl_is_valid: + description: + - When establishing VPN tunnels, the peer presents its certificate for authentication. The clock on the gateway machine must be + synchronized with the clock on the Certificate Authority machine. Otherwise, the Certificate Revocation List (CRL) used for validating the peer's + certificate may be considered invalid and thus the authentication fails. To resolve the issue of differing clock times, a Grace Period permits a + wider window for CRL validity. + type: int + grace_period_extension_for_secure_remote_secure_client: + description: + - When dealing with remote clients the Grace Period needs to be extended. The remote client sometimes relies on the peer gateway to + supply the CRL. If the client's clock is not synchronized with the gateway's clock, a CRL that is considered valid by the gateway may be + considered invalid by the client. + type: int + support_ike_dos_protection_from_identified_src: + description: + - When the number of IKE negotiations handled simultaneously exceeds a threshold above VPN's capacity, a gateway concludes that it is + either under a high load or experiencing a Denial of Service attack. VPN can filter out peers that are the probable source of the potential Denial + of Service attack. There are two kinds of protection,<br> <ul><li> Stateless - the peer has to respond to an IKE + notification in a way that proves the peer's IP address is not spoofed. If the peer cannot prove this, VPN does not allocate resources for the IKE + negotiation</li><br> <li> Puzzles - this is the same as Stateless, but in addition, the peer has to solve a mathematical + puzzle. Solving this puzzle consumes peer CPU resources in a way that makes it difficult to initiate multiple IKE negotiations + simultaneously.</li></ul>Puzzles is more secure then Stateless, but affects performance.<br>Since these kinds of attacks involve a new proprietary + addition to the IKE protocol, enabling these protection mechanisms may cause difficulties with non Check Point VPN products or older versions of + VPN. + type: str + choices: ['puzzles', 'stateless', 'none'] + support_ike_dos_protection_from_unidentified_src: + description: + - When the number of IKE negotiations handled simultaneously exceeds a threshold above VPN's capacity, a gateway concludes that it is + either under a high load or experiencing a Denial of Service attack. VPN can filter out peers that are the probable source of the potential Denial + of Service attack. There are two kinds of protection,<br> <ul><li> Stateless - the peer has to respond to an IKE + notification in a way that proves the peer's IP address is not spoofed. If the peer cannot prove this, VPN does not allocate resources for the IKE + negotiation</li><br> <li> Puzzles - this is the same as Stateless, but in addition, the peer has to solve a mathematical + puzzle. Solving this puzzle consumes peer CPU resources in a way that makes it difficult to initiate multiple IKE negotiations + simultaneously.</li></ul>Puzzles is more secure then Stateless, but affects performance.<br>Since these kinds of attacks involve a new proprietary + addition to the IKE protocol, enabling these protection mechanisms may cause difficulties with non Check Point VPN products or older versions of + VPN. + type: str + choices: ['puzzles', 'stateless', 'none'] + remote_access: + description: + - Configure Remote Access properties. + type: dict + suboptions: + enable_back_connections: + description: + - Usually communication with remote clients must be initialized by the clients. However, once a client has opened a connection, the + hosts behind VPN can open a return or back connection to the client. For a back connection, the client's details must be maintained on all the + devices between the client and the gateway, and on the gateway itself. Determine whether the back connection is enabled. + type: bool + keep_alive_packet_to_gw_interval: + description: + - Usually communication with remote clients must be initialized by the clients. However, once a client has opened a connection, the + hosts behind VPN can open a return or back connection to the client. For a back connection, the client's details must be maintained on all the + devices between the client and the gateway, and on the gateway itself. Determine frequency (in seconds) of the Keep Alive packets sent by the + client in order to maintain the connection with the gateway.<br>Available only if enable-back-connections is true. + type: int + encrypt_dns_traffic: + description: + - You can decide whether DNS queries sent by the remote client to a DNS server located on the corporate LAN are passed through the VPN + tunnel or not. Disable this option if the client has to make DNS queries to the DNS server on the corporate LAN while connecting to the + organization but without using the SecuRemote client. + type: bool + simultaneous_login_mode: + description: + - Select the simultaneous login mode. + type: str + choices: ['allowonlysinglelogintouser', 'allowseverallogintouser'] + vpn_authentication_and_encryption: + description: + - configure supported Encryption and Authentication methods for Remote Access clients. + type: dict + suboptions: + encryption_algorithms: + description: + - Select the methods negotiated in IKE phase 2 and used in IPSec connections. + type: dict + suboptions: + ike: + description: + - Configure the IKE Phase 1 settings. + type: dict + suboptions: + support_encryption_algorithms: + description: + - Select the encryption algorithms that will be supported with remote hosts. + type: dict + suboptions: + tdes: + description: + - Select whether the Triple DES encryption algorithm will be supported with remote hosts. + type: bool + aes_128: + description: + - Select whether the AES-128 encryption algorithm will be supported with remote hosts. + type: bool + aes_256: + description: + - Select whether the AES-256 encryption algorithm will be supported with remote hosts. + type: bool + des: + description: + - Select whether the DES encryption algorithm will be supported with remote hosts. + type: bool + use_encryption_algorithm: + description: + - Choose the encryption algorithm that will have the highest priority of the selected algorithms. If given a + choice of more that one encryption algorithm to use, the algorithm selected in this field will be used. + type: str + choices: ['AES-256', 'DES', 'AES-128', 'TDES'] + support_data_integrity: + description: + - Select the hash algorithms that will be supported with remote hosts to ensure data integrity. + type: dict + suboptions: + aes_xcbc: + description: + - Select whether the AES-XCBC hash algorithm will be supported with remote hosts to ensure data integrity. + type: bool + md5: + description: + - Select whether the MD5 hash algorithm will be supported with remote hosts to ensure data integrity. + type: bool + sha1: + description: + - Select whether the SHA1 hash algorithm will be supported with remote hosts to ensure data integrity. + type: bool + sha256: + description: + - Select whether the SHA256 hash algorithm will be supported with remote hosts to ensure data integrity. + type: bool + use_data_integrity: + description: + - The hash algorithm chosen here will be given the highest priority if more than one choice is offered. + type: str + choices: ['aes-xcbc', 'sha256', 'sha1', 'md5'] + support_diffie_hellman_groups: + description: + - Select the Diffie-Hellman groups that will be supported with remote hosts. + type: dict + suboptions: + group1: + description: + - Select whether Diffie-Hellman Group 1 (768 bit) will be supported with remote hosts. + type: bool + group14: + description: + - Select whether Diffie-Hellman Group 14 (2048 bit) will be supported with remote hosts. + type: bool + group2: + description: + - Select whether Diffie-Hellman Group 2 (1024 bit) will be supported with remote hosts. + type: bool + group5: + description: + - Select whether Diffie-Hellman Group 5 (1536 bit) will be supported with remote hosts. + type: bool + use_diffie_hellman_group: + description: + - SecureClient users utilize the Diffie-Hellman group selected in this field. + type: str + choices: ['group 1', 'group 2', 'group 5', 'group 14'] + ipsec: + description: + - Configure the IPSEC Phase 2 settings. + type: dict + suboptions: + support_encryption_algorithms: + description: + - Select the encryption algorithms that will be supported with remote hosts. + type: dict + suboptions: + tdes: + description: + - Select whether the Triple DES encryption algorithm will be supported with remote hosts. + type: bool + aes_128: + description: + - Select whether the AES-128 encryption algorithm will be supported with remote hosts. + type: bool + aes_256: + description: + - Select whether the AES-256 encryption algorithm will be supported with remote hosts. + type: bool + des: + description: + - Select whether the DES encryption algorithm will be supported with remote hosts. + type: bool + use_encryption_algorithm: + description: + - Choose the encryption algorithm that will have the highest priority of the selected algorithms. If given a + choice of more that one encryption algorithm to use, the algorithm selected in this field will be used. + type: str + choices: ['AES-256', 'DES', 'AES-128', 'TDES'] + support_data_integrity: + description: + - Select the hash algorithms that will be supported with remote hosts to ensure data integrity. + type: dict + suboptions: + aes_xcbc: + description: + - Select whether the AES-XCBC hash algorithm will be supported with remote hosts to ensure data integrity. + type: bool + md5: + description: + - Select whether the MD5 hash algorithm will be supported with remote hosts to ensure data integrity. + type: bool + sha1: + description: + - Select whether the SHA1 hash algorithm will be supported with remote hosts to ensure data integrity. + type: bool + sha256: + description: + - Select whether the SHA256 hash algorithm will be supported with remote hosts to ensure data integrity. + type: bool + use_data_integrity: + description: + - The hash algorithm chosen here will be given the highest priority if more than one choice is offered. + type: str + choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'sha512', 'md5'] + enforce_encryption_alg_and_data_integrity_on_all_users: + description: + - Enforce Encryption Algorithm and Data Integrity on all users. + type: bool + encryption_method: + description: + - Select the encryption method. + type: str + choices: ['prefer_ikev2_support_ikev1', 'ike_v2_only', 'ike_v1_only'] + pre_shared_secret: + description: + - the user password is specified in the Authentication tab in the user's IKE properties (in the user properties window, Encryption tab > Edit). + type: bool + support_legacy_auth_for_sc_l2tp_nokia_clients: + description: + - Support Legacy Authentication for SC (hybrid mode), L2TP (PAP) and Nokia clients (CRACK). + type: bool + support_legacy_eap: + description: + - Support Legacy EAP (Extensible Authentication Protocol). + type: bool + support_l2tp_with_pre_shared_key: + description: + - Use a centrally managed pre-shared key for IKE. + type: bool + l2tp_pre_shared_key: + description: + - Type in the pre-shared key.<br>Available only if support-l2tp-with-pre-shared-key is set to true. + type: str + vpn_advanced: + description: + - Configure encryption methods and interface resolution for remote access clients. + type: dict + suboptions: + allow_clear_traffic_to_encryption_domain_when_disconnected: + description: + - SecuRemote/SecureClient behavior while disconnected - How traffic to the VPN domain is handled when the Remote Access VPN + client is not connected to the site. Traffic can either be dropped or sent in clear without encryption. + type: bool + enable_load_distribution_for_mep_conf: + description: + - Load distribution for Multiple Entry Points configurations - Remote access clients will randomly select a gateway from the + list of entry points. Make sure to define the same VPN domain for all the Security Gateways you want to be entry points. + type: bool + use_first_allocated_om_ip_addr_for_all_conn_to_the_gws_of_the_site: + description: + - Use first allocated Office Mode IP Address for all connections to the Gateways of the site.After a remote user connects and + receives an Office Mode IP address from a gateway, every connection to that gateways encryption domain will go out with the Office Mode IP as + the internal source IP. The Office Mode IP is what hosts in the encryption domain will recognize as the remote user's IP address. The Office + Mode IP address assigned by a specific gateway can be used in its own encryption domain and in neighboring encryption domains as well. The + neighboring encryption domains should reside behind gateways that are members of the same VPN community as the assigning gateway. Since the + remote hosts connections are dependant on the Office Mode IP address it received, should the gateway that issued the IP become unavailable, + all the connections to the site will terminate. + type: bool + scv: + description: + - Define properties of the Secure Configuration Verification process. + type: dict + suboptions: + apply_scv_on_simplified_mode_fw_policies: + description: + - Determine whether the gateway verifies that remote access clients are securely configured. This is set here only if the + security policy is defined in the Simplified Mode. If the security policy is defined in the Traditional Mode, verification takes place per + rule. + type: bool + exceptions: + description: + - Specify the hosts that can be accessed using the selected services even if the client is not verified.<br>Available only if + apply-scv-on-simplified-mode-fw-policies is true. + type: list + elements: dict + suboptions: + hosts: + description: + - Specify the Hosts to be excluded from SCV. + type: list + elements: str + services: + description: + - Specify the services to be accessed. + type: list + elements: str + no_scv_for_unsupported_cp_clients: + description: + - Do not apply Secure Configuration Verification for connections from Check Point VPN clients that don't support it, such as SSL + Network Extender, GO, Capsule VPN / Connect, Endpoint Connects lower than R75, or L2TP clients.<br>Available only if + apply-scv-on-simplified-mode-fw-policies is true. + type: bool + upon_verification_accept_and_log_client_connection: + description: + - If the gateway verifies the client's configuration, decide how the gateway should handle connections with clients that fail + the Security Configuration Verification. It is possible to either drop the connection or Accept the connection and log it. + type: bool + only_tcp_ip_protocols_are_used: + description: + - Most SCV checks are configured via the SCV policy. Specify whether to verify that only TCP/IP protocols are used. + type: bool + policy_installed_on_all_interfaces: + description: + - Most SCV checks are configured via the SCV policy. Specify whether to verify that the Desktop Security Policy is installed on + all the interfaces of the client. + type: bool + generate_log: + description: + - If the client identifies that the secure configuration has been violated, select whether a log is generated by the remote + access client and sent to the Security Management server. + type: bool + notify_user: + description: + - If the client identifies that the secure configuration has been violated, select whether to user should be notified. + type: bool + ssl_network_extender: + description: + - Define properties for SSL Network Extender users. + type: dict + suboptions: + user_auth_method: + description: + - Wide Impact, Also applies for SecureClient Mobile devices and Check Point GO clients!<br>User authentication method indicates + how the user will be authenticated by the gateway. Changes made here will also apply for SSL clients.<br>Legacy - Username and password + only.<br>Certificate - Certificate only with an existing certificate.<br>Certificate with Enrollment - Allows you to obtain a new certificate + and then use certificate authentication only.<br>Mixed - Can use either username and password or certificate. + type: str + choices: ['certificate_with_enrollment', 'certificate', 'mixed', 'legacy'] + supported_encryption_methods: + description: + - Wide Impact, Also applies to SecureClient Mobile devices!<br>Select the encryption algorithms that will be supported for + remote users. Changes made here will also apply for all SSL clients. + type: str + choices: ['3des_or_rc4', '3des_only'] + client_upgrade_upon_connection: + description: + - When a client connects to the gateway with SSL Network Extender, the client automatically checks for upgrade. Select whether + the client should automatically upgrade. + type: str + choices: ['force_upgrade', 'ask_user', 'no_upgrade'] + client_uninstall_upon_disconnection: + description: + - Select whether the client should automatically uninstall SSL Network Extender when it disconnects from the gateway. + type: str + choices: ['force_uninstall', 'ask_user', 'dont_uninstall'] + re_auth_user_interval: + description: + - Wide Impact, Applies for the SecureClient Mobile!<br>Select the interval that users will need to reauthenticate. + type: int + scan_ep_machine_for_compliance_with_ep_compliance_policy: + description: + - Set to true if you want endpoint machines to be scanned for compliance with the Endpoint Compliance Policy. + type: bool + client_outgoing_keep_alive_packets_frequency: + description: + - Select the interval which the keep-alive packets are sent. + type: int + secure_client_mobile: + description: + - Define properties for SecureClient Mobile. + type: dict + suboptions: + user_auth_method: + description: + - Wide Impact, Also applies for SSL Network Extender clients and Check Point GO clients.<br>How the user will be authenticated by the gateway. + type: str + choices: ['certificate_with_enrollment', 'certificate', 'mixed', 'legacy'] + enable_password_caching: + description: + - If the password entered to authenticate is saved locally on the user's machine. + type: str + choices: ['client_decide', 'true', 'false'] + cache_password_timeout: + description: + - Cached password timeout (in minutes). + type: int + re_auth_user_interval: + description: + - Wide Impact, Also applies for SSL Network Extender clients!<br>The length of time (in minutes) until the user's credentials + are resent to the gateway to verify authorization. + type: int + connect_mode: + description: + - Methods by which a connection to the gateway will be initiated,<br>Configured On Endpoint Client - the method used for + initiating a connection to a gateway is determined by the endpoint client<br>Manual - VPN connections will not be initiated + automatically.<br>Always connected - SecureClient Mobile will automatically establish a connection to the last connected gateway under the + following circumstances, (a) the device has a valid IP address, (b) when the device "wakes up" from a low-power state or a soft-reset, or (c) + after a condition that caused the device to automatically disconnect ceases to exist (for example, Device is out of PC Sync, Disconnect is not + idle.).<br>On application request - Applications requiring access to resources through the VPN will be able to initiate a VPN connection. + type: str + choices: ['manual', 'always connected', 'on application request', 'configured on endpoint client'] + automatically_initiate_dialup: + description: + - When selected, the client will initiate a GPRS dialup connection before attempting to establish the VPN connection. Note that + if a local IP address is already available through another network interface, then the GPRS dialup is not initiated. + type: str + choices: ['client_decide', 'true', 'false'] + disconnect_when_device_is_idle: + description: + - Enabling this feature will disconnect users from the gateway if there is no traffic sent during the defined time period. + type: str + choices: ['client_decide', 'true', 'false'] + supported_encryption_methods: + description: + - Wide Impact, Also applies for SSL Network Extender clients!<br>Select the encryption algorithms that will be supported with remote users. + type: str + choices: ['3des_or_rc4', '3des_only'] + route_all_traffic_to_gw: + description: + - Operates the client in Hub Mode, sending all traffic to the VPN server for routing, filtering, and processing. + type: str + choices: ['client_decide', 'true', 'false'] + endpoint_connect: + description: + - Configure global settings for Endpoint Connect. These settings apply to all gateways. + type: dict + suboptions: + enable_password_caching: + description: + - If the password entered to authenticate is saved locally on the user's machine. + type: str + choices: ['client_decide', 'true', 'false'] + cache_password_timeout: + description: + - Cached password timeout (in minutes). + type: int + re_auth_user_interval: + description: + - The length of time (in minutes) until the user's credentials are resent to the gateway to verify authorization. + type: int + connect_mode: + description: + - Methods by which a connection to the gateway will be initiated,<br>Manual - VPN connections will not be initiated + automatically.<br>Always connected - Endpoint Connect will automatically establish a connection to the last connected gateway under the + following circumstances, (a) the device has a valid IP address, (b) when the device "wakes up" from a low-power state or a soft-reset, or (c) + after a condition that caused the device to automatically disconnect ceases to exist (for example, Device is out of PC Sync, Disconnect is not + idle.).<br>Configured on endpoint client - the method used for initiating a connection to a gateway is determined by the endpoint client. + type: str + choices: ['Manual', 'Always Connected', 'Configured On Endpoint Client'] + network_location_awareness: + description: + - Wide Impact, Also applies for Check Point GO clients!<br>Endpoint Connect intelligently detects whether it is inside or + outside of the VPN domain (Enterprise LAN), and automatically connects or disconnects as required. Select true and edit + network-location-awareness-conf to configure this capability. + type: str + choices: ['client_decide', 'true', 'false'] + network_location_awareness_conf: + description: + - Configure how the client determines its location in relation to the internal network. + type: dict + suboptions: + vpn_clients_are_considered_inside_the_internal_network_when_the_client: + description: + - When a VPN client is within the internal network, the internal resources are available and the VPN tunnel should be + disconnected. Determine when VPN clients are considered inside the internal network,<br>Connects to GW through internal interface - The + client connects to the gateway through one of its internal interfaces (recommended).<br>Connects from network or group - The client + connects from a network or group specified in network-or-group-of-conn-vpn-client.<br>Runs on computer with access to Active Directory + domain - The client runs on a computer that can access its Active Directory domain.<br>Note, The VPN tunnel will resume automatically when + the VPN client is no longer in the internal network and the client is set to "Always connected" mode. + type: str + choices: ['connects to gw through internal interface', 'connects from network or group', + 'runs on computer with access to active directory domain'] + network_or_group_of_conn_vpn_client: + description: + - Name or UID of Network or Group the VPN client is connected from.<br>Available only if + vpn-clients-are-considered-inside-the-internal-network-when-the-client is set to "Connects from network or group". + type: str + consider_wireless_networks_as_external: + description: + - The speed at which locations are classified as internal or external can be increased by creating a list of wireless + networks that are known to be external. A wireless network is identified by its Service Set Identifier (SSID) a name used to identify a + particular 802.11 wireless LAN. + type: bool + excluded_internal_wireless_networks: + description: + - Excludes the specified internal networks names (SSIDs).<br>Available only if consider-wireless-networks-as-external is set to true. + type: list + elements: str + consider_undefined_dns_suffixes_as_external: + description: + - The speed at which locations are classified as internal or external can be increased by creating a list of DNS + suffixes that are known to be external. Enable this to be able to define DNS suffixes which won't be considered external. + type: bool + dns_suffixes: + description: + - DNS suffixes not defined here will be considered as external. If this list is empty + consider-undefined-dns-suffixes-as-external will automatically be set to false.<br>Available only if + consider-undefined-dns-suffixes-as-external is set to true. + type: list + elements: str + remember_previously_detected_external_networks: + description: + - The speed at which locations are classified as internal or external can be increased by caching (on the client side) + names of networks that were previously determined to be external. + type: bool + disconnect_when_conn_to_network_is_lost: + description: + - Enabling this feature disconnects users from the gateway when connectivity to the network is lost. + type: str + choices: ['client_decide', 'true', 'false'] + disconnect_when_device_is_idle: + description: + - Enabling this feature will disconnect users from the gateway if there is no traffic sent during the defined time period. + type: str + choices: ['client_decide', 'true', 'false'] + route_all_traffic_to_gw: + description: + - Operates the client in Hub Mode, sending all traffic to the VPN server for routing, filtering, and processing. + type: str + choices: ['client_decide', 'true', 'false'] + client_upgrade_mode: + description: + - Select an option to determine how the client is upgraded. + type: str + choices: ['force_upgrade', 'ask_user', 'no_upgrade'] + hot_spot_and_hotel_registration: + description: + - Configure the settings for Wireless Hot Spot and Hotel Internet access registration. + type: dict + suboptions: + enable_registration: + description: + - Set Enable registration to true in order to configure settings. Set Enable registration to false in order to cancel + registration (the configurations below won't be available). When the feature is enabled, you have several minutes to complete registration. + type: bool + local_subnets_access_only: + description: + - Local subnets access only. + type: bool + registration_timeout: + description: + - Maximum time (in seconds) to complete registration. + type: int + track_log: + description: + - Track log. + type: bool + max_ip_access_during_registration: + description: + - Maximum number of addresses to allow access to during registration. + type: int + ports: + description: + - Ports to be opened during registration (up to 10 ports). + type: list + elements: str + user_directory: + description: + - User can enable LDAP User Directory as well as specify global parameters for LDAP. If LDAP User Directory is enabled, this means that users + are managed on an external LDAP server and not on the internal Check Point Security Gateway users databases. + type: dict + suboptions: + enable_password_change_when_user_active_directory_expires: + description: + - For organizations using MS Active Directory, this setting enables users whose passwords have expired to automatically create new passwords. + type: bool + cache_size: + description: + - The maximum number of cached users allowed. The cache is FIFO (first-in, first-out). When a new user is added to a full cache, the + first user is deleted to make room for the new user. The Check Point Security Gateway does not query the LDAP server for users already in the + cache, unless the cache has timed out. + type: int + enable_password_expiration_configuration: + description: + - Enable configuring of the number of days during which the password is valid.<br>If + enable-password-change-when-user-active-directory-expires is true, the password expiration time is determined by the Active Directory. In this + case it is recommended not to set this to true. + type: bool + password_expires_after: + description: + - Specifies the number of days during which the password is valid. Users are authenticated using a special LDAP password. Should this + password expire, a new password must be defined.<br>Available only if enable-password-expiration-configuration is true. + type: int + timeout_on_cached_users: + description: + - The period of time in which a cached user is timed out and will need to be fetched again from the LDAP server. + type: int + display_user_dn_at_login: + description: + - Decide whether or not you would like to display the user's DN when logging in. If you choose to display the user DN, you can select + whether to display it, when the user is prompted for the password at login, or on the request of the authentication scheme. This property is a + useful diagnostic tool when there is more than one user with the same name in an Account Unit. In this case, the first one is chosen and the + others are ignored. + type: str + choices: ['no display', 'display upon request', 'display'] + enforce_rules_for_user_mgmt_admins: + description: + - Enforces password strength rules on LDAP users when you create or modify a Check Point Password. + type: bool + min_password_length: + description: + - Specifies the minimum length (in characters) of the password. + type: int + password_must_include_a_digit: + description: + - Password must include a digit. + type: bool + password_must_include_a_symbol: + description: + - Password must include a symbol. + type: bool + password_must_include_lowercase_char: + description: + - Password must include a lowercase character. + type: bool + password_must_include_uppercase_char: + description: + - Password must include an uppercase character. + type: bool + qos: + description: + - Define the general parameters of Quality of Service (QoS) and apply them to QoS rules. + type: dict + suboptions: + default_weight_of_rule: + description: + - Define a Weight at which bandwidth will be guaranteed. Set a default weight for a rule.<br>Note, Value will be applied to new rules only. + type: int + max_weight_of_rule: + description: + - Define a Weight at which bandwidth will be guaranteed. Set a maximum weight for a rule. + type: int + unit_of_measure: + description: + - Define the Rate at which packets are transmitted, for which bandwidth will be guaranteed. Set a Unit of measure. + type: str + choices: ['bits-per-sec', 'bytes-per-sec', 'kbits-per-sec', 'kbytes-per-sec', 'mbits-per-sec', 'mbytes-per-sec'] + authenticated_ip_expiration: + description: + - Define the Authentication time-out for QoS. This timeout is set in minutes. In an Authenticated IP all connections which are open in a + specified time limit will be guaranteed bandwidth, but will not be guaranteed bandwidth after the time limit. + type: int + non_authenticated_ip_expiration: + description: + - Define the Authentication time-out for QoS. This timeout is set in minutes. + type: int + unanswered_queried_ip_expiration: + description: + - Define the Authentication time-out for QoS. This timeout is set in minutes. + type: int + carrier_security: + description: + - Specify system-wide properties. Select GTP intra tunnel inspection options, including anti-spoofing; tracking and logging options, and integrity tests. + type: dict + suboptions: + block_gtp_in_gtp: + description: + - Prevents GTP packets from being encapsulated inside GTP tunnels. When this option is checked, such packets are dropped and logged. + type: bool + enforce_gtp_anti_spoofing: + description: + - verifies that G-PDUs are using the end user IP address that has been agreed upon in the PDP context activation process. When this + option is checked, packets that do not use this IP address are dropped and logged. + type: bool + produce_extended_logs_on_unmatched_pdus: + description: + - logs GTP packets not matched by previous rules with Carrier Security's extended GTP-related log fields. These logs are brown and their + Action attribute is empty. The default setting is checked. + type: bool + produce_extended_logs_on_unmatched_pdus_position: + description: + - Choose to place this implicit rule Before Last or as the Last rule.<br>Available only if produce-extended-logs-on-unmatched-pdus is true. + type: str + choices: ['before last', 'last'] + protocol_violation_track_option: + description: + - Set the appropriate track or alert option to be used when a protocol violation (malformed packet) is detected. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + enable_g_pdu_seq_number_check_with_max_deviation: + description: + - If set to false, sequence checking is not enforced and all out-of-sequence G-PDUs will be accepted.<br>To enhance performance, disable + this extended integrity test. + type: bool + g_pdu_seq_number_check_max_deviation: + description: + - specifies that a G-PDU is accepted only if the difference between its sequence number and the expected sequence number is less than or + equal to the allowed deviation.<br>Available only ifenable-g-pdu-seq-number-check-with-max-deviation is true. + type: int + verify_flow_labels: + description: + - See that each packet's flow label matches the flow labels defined by GTP signaling. This option is relevant for GTP version 0 + only.<br>To enhance performance, disable this extended integrity test. + type: bool + allow_ggsn_replies_from_multiple_interfaces: + description: + - Allows GTP signaling replies from an IP address different from the IP address to which the requests are sent (Relevant only for + gateways below R80). + type: bool + enable_reverse_connections: + description: + - Allows Carrier Security gateways to accept PDUs sent from the GGSN to the SGSN, on a previously established PDP context, even if these + PDUs are sent over ports that do not match the ports of the established PDP context. + type: bool + gtp_signaling_rate_limit_sampling_interval: + description: + - Works in correlation with the property Enforce GTP Signal packet rate limit found in the Carrier Security window of the GSN network + object. For example, with the rate limit sampling interval default of 1 second, and the network object enforced a GTP signal packet rate limit of + the default 2048 PDU per second, sampling will occur one time per second, or 2048 signaling PDUs between two consecutive samplings. + type: int + one_gtp_echo_on_each_path_frequency: + description: + - sets the number of GTP Echo exchanges per path allowed per configured time period. Echo requests exceeding this rate are dropped and + logged. Setting the value to 0 disables the feature and allows an unlimited number of echo requests per path at any interval. + type: int + aggressive_aging: + description: + - If true, enables configuring aggressive aging thresholds and time out value. + type: bool + aggressive_timeout: + description: + - Aggressive timeout. Available only if aggressive-aging is true. + type: int + memory_activation_threshold: + description: + - Memory activation threshold. Available only if aggressive-aging is true. + type: int + memory_deactivation_threshold: + description: + - Memory deactivation threshold. Available only if aggressive-aging is true. + type: int + tunnel_activation_threshold: + description: + - Tunnel activation threshold. Available only if aggressive-aging is true. + type: int + tunnel_deactivation_threshold: + description: + - Tunnel deactivation threshold. Available only if aggressive-aging is true. + type: int + user_accounts: + description: + - Set the expiration for a user account and configure "about to expire" warnings. + type: dict + suboptions: + expiration_date_method: + description: + - Select an Expiration Date Method.<br>Expire at - Account expires on the date that you select.<br>Expire after - Account expires after + the number of days that you select. + type: str + choices: ['expire after', 'expire at'] + expiration_date: + description: + - Specify an Expiration Date in the following format, YYYY-MM-DD.<br>Available only if expiration-date-method is set to "expire at". + type: str + days_until_expiration: + description: + - Account expires after the number of days that you select.<br>Available only if expiration-date-method is set to "expire after". + type: int + show_accounts_expiration_indication_days_in_advance: + description: + - Activates the Expired Accounts link, to open the Expired Accounts window. + type: bool + user_authority: + description: + - Decide whether to display and access the WebAccess rule base. This policy defines which users (that is, which Windows Domains) have access to + the internal sites of the organization. + type: dict + suboptions: + display_web_access_view: + description: + - Specify whether or not to display the WebAccess rule base. This rule base is used for UserAuthority. + type: bool + windows_domains_to_trust: + description: + - When matching Firewall usernames to Windows Domains usernames for Single Sign on, selectwhether to trust all or specify which Windows + Domain should be trusted.<br>ALL - Enables you to allow all Windows domains to access the internal sites of the organization.<br>SELECTIVELY - + Enables you to specify which Windows domains will have access to the internal sites of the organization. + type: str + choices: ['selectively', 'all'] + trust_only_following_windows_domains: + description: + - Specify which Windows domains will have access to the internal sites of the organization.<br>Available only if + windows-domains-to-trust is set to SELECTIVELY. + type: list + elements: str + connect_control: + description: + - Configure settings that relate to ConnectControl server load balancing. + type: dict + suboptions: + load_agents_port: + description: + - Sets the port number on which load measuring agents communicate with ConnectControl. + type: int + load_measurement_interval: + description: + - sets how often (in seconds) the load measuring agents report their load status to ConnectControl. + type: int + persistence_server_timeout: + description: + - Sets the amount of time (in seconds) that a client, once directed to a particular server, will continue to be directed to that same server. + type: int + server_availability_check_interval: + description: + - Sets how often (in seconds) ConnectControl checks to make sure the load balanced servers are running and responding to service requests. + type: int + server_check_retries: + description: + - Sets how many times ConnectControl attempts to contact a server before ceasing to direct traffic to it. + type: int + stateful_inspection: + description: + - Adjust Stateful Inspection parameters. + type: dict + suboptions: + tcp_start_timeout: + description: + - A TCP connection will be timed out if the interval between the arrival of the first packet and establishment of the connection (TCP + three-way handshake) exceeds TCP start timeout seconds. + type: int + tcp_session_timeout: + description: + - The length of time (in seconds) an idle connection will remain in the Security Gateway connections table. + type: int + tcp_end_timeout: + description: + - A TCP connection will only terminate TCP end timeout seconds after two FIN packets (one in each direction, client-to-server, and + server-to-client) or an RST packet. When a TCP connection ends (FIN packets sent or connection reset) the Check Point Security Gateway will keep + the connection in the connections table for another TCP end timeout seconds, to allow for stray ACKs of the connection that arrive late. + type: int + tcp_end_timeout_r8020_gw_and_above: + description: + - A TCP connection will only terminate TCP end timeout seconds after two FIN packets (one in each direction, client-to-server, and + server-to-client) or an RST packet. When a TCP connection ends (FIN packets sent or connection reset) the Check Point Security Gateway will keep + the connection in the connections table for another TCP end timeout seconds, to allow for stray ACKs of the connection that arrive late. + type: int + udp_virtual_session_timeout: + description: + - Specifies the amount of time (in seconds) a UDP reply channel may remain open without any packets being returned. + type: int + icmp_virtual_session_timeout: + description: + - An ICMP virtual session will be considered to have timed out after this time period (in seconds). + type: int + other_ip_protocols_virtual_session_timeout: + description: + - A virtual session of services which are not explicitly configured here will be considered to have timed out after this time period (in seconds). + type: int + sctp_start_timeout: + description: + - SCTP connections will be timed out if the interval between the arrival of the first packet and establishment of the connection exceeds + this value (in seconds). + type: int + sctp_session_timeout: + description: + - Time (in seconds) an idle connection will remain in the Security Gateway connections table. + type: int + sctp_end_timeout: + description: + - SCTP connections end after this number of seconds, after the connection ends or is reset, to allow for stray ACKs of the connection + that arrive late. + type: int + accept_stateful_udp_replies_for_unknown_services: + description: + - Specifies if UDP replies are to be accepted for unknown services. + type: bool + accept_stateful_icmp_errors: + description: + - Accept ICMP error packets which refer to another non-ICMP connection (for example, to an ongoing TCP or UDP connection) that was + accepted by the Rule Base. + type: bool + accept_stateful_icmp_replies: + description: + - Accept ICMP reply packets for ICMP requests that were accepted by the Rule Base. + type: bool + accept_stateful_other_ip_protocols_replies_for_unknown_services: + description: + - Accept reply packets for other undefined services (that is, services which are not one of the following, TCP, UDP, ICMP). + type: bool + drop_out_of_state_tcp_packets: + description: + - Drop TCP packets which are not consistent with the current state of the connection. + type: bool + log_on_drop_out_of_state_tcp_packets: + description: + - Generates a log entry when these out of state TCP packets are dropped.<br>Available only if drop-out-of-state-tcp-packets is true. + type: bool + tcp_out_of_state_drop_exceptions: + description: + - Name or uid of the gateways and clusters for which Out of State packets are allowed. + type: list + elements: str + drop_out_of_state_icmp_packets: + description: + - Drop ICMP packets which are not consistent with the current state of the connection. + type: bool + log_on_drop_out_of_state_icmp_packets: + description: + - Generates a log entry when these out of state ICMP packets are dropped.<br>Available only if drop-out-of-state-icmp-packets is true. + type: bool + drop_out_of_state_sctp_packets: + description: + - Drop SCTP packets which are not consistent with the current state of the connection. + type: bool + log_on_drop_out_of_state_sctp_packets: + description: + - Generates a log entry when these out of state SCTP packets are dropped.<br>Available only if drop-out-of-state-sctp-packets is true. + type: bool + log_and_alert: + description: + - Define system-wide logging and alerting parameters. + type: dict + suboptions: + administrative_notifications: + description: + - Administrative notifications specifies the action to be taken when an administrative event (for example, when a certificate is about + to expire) occurs. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + connection_matched_by_sam: + description: + - Connection matched by SAM specifies the action to be taken when a connection is blocked by SAM (Suspicious Activities Monitoring). + type: str + choices: ['Popup Alert', 'Mail Alert', 'SNMP Trap Alert', 'User Defined Alert no.1', 'User Defined Alert no.2', 'User Defined Alert no.3'] + dynamic_object_resolution_failure: + description: + - Dynamic object resolution failure specifies the action to be taken when a dynamic object cannot be resolved. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + ip_options_drop: + description: + - IP Options drop specifies the action to take when a packet with IP Options is encountered. The Check Point Security Gateway always + drops these packets, but you can log them or issue an alert. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + packet_is_incorrectly_tagged: + description: + - Packet is incorrectly tagged. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + packet_tagging_brute_force_attack: + description: + - Packet tagging brute force attack. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + sla_violation: + description: + - SLA violation specifies the action to be taken when an SLA violation occurs, as defined in the Virtual Links window. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + vpn_conf_and_key_exchange_errors: + description: + - VPN configuration & key exchange errors specifies the action to be taken when logging configuration or key exchange errors occur, for + example, when attempting to establish encrypted communication with a network object inside the same encryption domain. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + vpn_packet_handling_error: + description: + - VPN packet handling errors specifies the action to be taken when encryption or decryption errors occurs. A log entry contains the + action performed (Drop or Reject) and a short description of the error cause, for example, scheme or method mismatch. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + vpn_successful_key_exchange: + description: + - VPN successful key exchange specifies the action to be taken when VPN keys are successfully exchanged. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + log_every_authenticated_http_connection: + description: + - Log every authenticated HTTP connection specifies that a log entry should be generated for every authenticated HTTP connection. + type: bool + log_traffic: + description: + - Log Traffic specifies whether or not to log traffic. + type: str + choices: ['none', 'log'] + alerts: + description: + - Define the behavior of alert logs and the type of alert used for System Alert logs. + type: dict + suboptions: + send_popup_alert_to_smartview_monitor: + description: + - Send popup alert to SmartView Monitor when an alert is issued, it is also sent to SmartView Monitor. + type: bool + popup_alert_script: + description: + - Run popup alert script the operating system script to be executed when an alert is issued. For example, set another form of + notification, such as an email or a user-defined command. + type: str + send_mail_alert_to_smartview_monitor: + description: + - Send mail alert to SmartView Monitor when a mail alert is issued, it is also sent to SmartView Monitor. + type: bool + mail_alert_script: + description: + - Run mail alert script the operating system script to be executed when Mail is specified as the Track in a rule. The default is + internal_sendmail, which is not a script but an internal Security Gateway command. + type: str + send_snmp_trap_alert_to_smartview_monitor: + description: + - Send SNMP trap alert to SmartView Monitor when an SNMP trap alert is issued, it is also sent to SmartView Monitor. + type: bool + snmp_trap_alert_script: + description: + - Run SNMP trap alert script command to be executed when SNMP Trap is specified as the Track in a rule. By default the + internal_snmp_trap is used. This command is executed by the fwd process. + type: str + send_user_defined_alert_num1_to_smartview_monitor: + description: + - Send user defined alert no. 1 to SmartView Monitor when an alert is issued, it is also sent to SmartView Monitor. + type: bool + user_defined_script_num1: + description: + - Run user defined script the operating system script to be run when User-Defined is specified as the Track in a rule, or when + User Defined Alert no. 1 is selected as a Track Option. + type: str + send_user_defined_alert_num2_to_smartview_monitor: + description: + - Send user defined alert no. 2 to SmartView Monitor when an alert is issued, it is also sent to SmartView Monitor. + type: bool + user_defined_script_num2: + description: + - Run user defined 2 script the operating system script to be run when User-Defined is specified as the Track in a rule, or when + User Defined Alert no. 2 is selected as a Track Option. + type: str + send_user_defined_alert_num3_to_smartview_monitor: + description: + - Send user defined alert no. 3 to SmartView Monitor when an alert is issued, it is also sent to SmartView Monitor. + type: bool + user_defined_script_num3: + description: + - Run user defined 3 script the operating system script to be run when User-Defined is specified as the Track in a rule, or when + User Defined Alert no. 3 is selected as a Track Option. + type: str + default_track_option_for_system_alerts: + description: + - Set the default track option for System Alerts. + type: str + choices: ['Popup Alert', 'Mail Alert', 'SNMP Trap Alert', 'User Defined Alert no.1', 'User Defined Alert no.2', 'User Defined Alert no.3'] + time_settings: + description: + - Configure the time settings associated with system-wide logging and alerting parameters. + type: dict + suboptions: + excessive_log_grace_period: + description: + - Specifies the minimum amount of time (in seconds) between consecutive logs of similar packets. Two packets are considered + similar if they have the same source address, source port, destination address, and destination port; and the same protocol was used. After + the first packet, similar packets encountered in the grace period will be acted upon according to the security policy, but only the first + packet generates a log entry or an alert. Any value from 0 to 90 seconds can be entered in this field.<br>Note, This option only applies for + DROP rules with logging. + type: int + logs_resolving_timeout: + description: + - Specifies the amount of time (in seconds), after which the log page is displayed without resolving names and while showing + only IP addresses. Any value from 0 to 90 seconds can be entered in this field. + type: int + status_fetching_interval: + description: + - Specifies the frequency at which the Security Management server queries the Check Point Security gateway, Check Point QoS and + other gateways it manages for status information. Any value from 30 to 900 seconds can be entered in this field. + type: int + virtual_link_statistics_logging_interval: + description: + - Specifies the frequency (in seconds) with which Virtual Link statistics will be logged. This parameter is relevant only for + Virtual Links defined with SmartView Monitor statistics enabled in the SLA Parameters tab of the Virtual Link window. Any value from 60 to + 3600 seconds can be entered in this field. + type: int + data_access_control: + description: + - Configure automatic downloads from Check Point and anonymously share product data. Options selected here apply to all Security Gateways, + Clusters and VSX devices managed by this management server. + type: dict + suboptions: + auto_download_important_data: + description: + - Automatically download and install Software Blade Contracts, security updates and other important data (highly recommended). + type: bool + auto_download_sw_updates_and_new_features: + description: + - Automatically download software updates and new features (highly recommended).<br>Available only if auto-download-important-data is set to true. + type: bool + send_anonymous_info: + description: + - Help Check Point improve the product by sending anonymous information. + type: bool + share_sensitive_info: + description: + - Approve sharing core dump files and other relevant crash data which might contain personal information. All shared data will be + processed in accordance with Check Point's Privacy Policy.<br>Available only if send-anonymous-info is set to true. + type: bool + non_unique_ip_address_ranges: + description: + - Specify Non Unique IP Address Ranges. + type: list + elements: dict + suboptions: + address_type: + description: + - The type of the IP Address. + type: str + choices: ['IPv4', 'IPv6'] + first_ipv4_address: + description: + - The first IPV4 Address in the range. + type: str + first_ipv6_address: + description: + - The first IPV6 Address in the range. + type: str + last_ipv4_address: + description: + - The last IPV4 Address in the range. + type: str + last_ipv6_address: + description: + - The last IPV6 Address in the range. + type: str + proxy: + description: + - Select whether a proxy server is used when servers, gateways, or clients need to access the internet for certain Check Point features and set + the default proxy server that will be used. + type: dict + suboptions: + use_proxy_server: + description: + - If set to true, a proxy server is used when features need to access the internet. + type: bool + proxy_address: + description: + - Specify the URL or IP address of the proxy server.<br>Available only if use-proxy-server is set to true. + type: str + proxy_port: + description: + - Specify the Port on which the server will be accessed.<br>Available only if use-proxy-server is set to true. + type: int + user_check: + description: + - Set a language for the UserCheck message if the language setting in the user's browser cannot be determined. + type: dict + suboptions: + preferred_language: + description: + - The preferred language for new UserCheck message. + type: str + choices: ['Afrikaans', 'Albanian', 'Amharic', 'Arabic', 'Armenian', 'Basque', 'Belarusian', 'Bosnian', 'Bulgarian', 'Catalan', + 'Chinese', 'Croatian', 'Czech', 'Danish', 'Dutch', 'English', 'Estonian', 'Finnish', 'French', 'Gaelic', 'Georgian', 'German', 'Greek', + 'Hebrew', 'Hindi', 'Hungarian', 'Icelandic', 'Indonesian', 'Irish', 'Italian', 'Japanese', 'Korean', 'Latvian', 'Lithuanian', 'Macedonia', + 'Maltese', 'Nepali', 'Norwegian', 'Polish', 'Portuguese', 'Romanian', 'Russian', 'Serbian', 'Slovak', 'Slovenian', 'Sorbian', 'Spanish', + 'Swahili', 'Swedish', 'Thai', 'Turkish', 'Ukrainian', 'Vietnamese', 'Welsh'] + send_emails_using_mail_server: + description: + - Name or UID of mail server to send emails to. + type: str + hit_count: + description: + - Enable the Hit Count feature that tracks the number of connections that each rule matches. + type: dict + suboptions: + enable_hit_count: + description: + - Select to enable or clear to disable all Security Gateways to monitor the number of connections each rule matches. + type: bool + keep_hit_count_data_up_to: + description: + - Select one of the time range options. Data is kept in the Security Management Server database for this period and is shown in the Hits column. + type: str + choices: ['3 months', '6 months', '1 year', '2 years'] + advanced_conf: + description: + - Configure advanced global attributes. It's highly recommended to consult with Check Point's Technical Support before modifying these values. + type: dict + suboptions: + certs_and_pki: + description: + - Configure Certificates and PKI properties. + type: dict + suboptions: + cert_validation_enforce_key_size: + description: + - Enforce key length in certificate validation (R80+ gateways only). + type: str + choices: ['off', 'alert', 'fail'] + host_certs_ecdsa_key_size: + description: + - Select the key size for ECDSA of the host certificate. + type: str + choices: ['p-256', 'p-384', 'p-521'] + host_certs_key_size: + description: + - Select the key size of the host certificate. + type: str + choices: ['4096', '1024', '2048'] + allow_remote_registration_of_opsec_products: + description: + - After installing an OPSEC application, the remote administration (RA) utility enables an OPSEC product to finish registering itself without + having to access the SmartConsole. If set to true, any host including the application host can run the utility. Otherwise, the RA utility can only be + run from the Security Management host. + type: bool + num_spoofing_errs_that_trigger_brute_force: + description: + - Indicates how many incorrectly signed packets will be tolerated before assuming that there is an attack on the packet tagging and revoking the + client's key. + type: int + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-global-properties + cp_mgmt_set_global_properties: + firewall: + security_server: + http_servers: + - host: host name of server + logical_name: unique logical name + port: 8080 + reauthentication: post request + state: present +""" + +RETURN = """ +cp_mgmt_set_global_properties: + description: The checkpoint set-global-properties output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + firewall=dict(type='dict', options=dict( + accept_control_connections=dict(type='bool'), + accept_ips1_management_connections=dict(type='bool'), + accept_remote_access_control_connections=dict(type='bool'), + accept_smart_update_connections=dict(type='bool'), + accept_outgoing_packets_originating_from_gw=dict(type='bool'), + accept_outgoing_packets_originating_from_gw_position=dict(type='str', choices=['first', 'last', 'before last']), + accept_outgoing_packets_originating_from_connectra_gw=dict(type='bool'), + accept_outgoing_packets_to_cp_online_services=dict(type='bool'), + accept_outgoing_packets_to_cp_online_services_position=dict(type='str', choices=['first', 'last', 'before last']), + accept_domain_name_over_tcp=dict(type='bool'), + accept_domain_name_over_tcp_position=dict(type='str', choices=['first', 'last', 'before last']), + accept_domain_name_over_udp=dict(type='bool'), + accept_domain_name_over_udp_position=dict(type='str', choices=['first', 'last', 'before last']), + accept_dynamic_addr_modules_outgoing_internet_connections=dict(type='bool'), + accept_icmp_requests=dict(type='bool'), + accept_icmp_requests_position=dict(type='str', choices=['first', 'last', 'before last']), + accept_identity_awareness_control_connections=dict(type='bool'), + accept_identity_awareness_control_connections_position=dict(type='str', choices=['first', 'last', 'before last']), + accept_incoming_traffic_to_dhcp_and_dns_services_of_gws=dict(type='bool'), + accept_rip=dict(type='bool'), + accept_rip_position=dict(type='str', choices=['first', 'last', 'before last']), + accept_vrrp_packets_originating_from_cluster_members=dict(type='bool'), + accept_web_and_ssh_connections_for_gw_administration=dict(type='bool'), + log_implied_rules=dict(type='bool'), + security_server=dict(type='dict', options=dict( + client_auth_welcome_file=dict(type='str'), + ftp_welcome_msg_file=dict(type='str'), + rlogin_welcome_msg_file=dict(type='str'), + telnet_welcome_msg_file=dict(type='str'), + mdq_welcome_msg=dict(type='str'), + smtp_welcome_msg=dict(type='str'), + http_next_proxy_host=dict(type='str'), + http_next_proxy_port=dict(type='int'), + http_servers=dict(type='list', elements='dict', options=dict( + logical_name=dict(type='str'), + host=dict(type='str'), + port=dict(type='int'), + reauthentication=dict(type='str', choices=['standard', 'post request', 'every request']) + )), + server_for_null_requests=dict(type='str') + )) + )), + nat=dict(type='dict', options=dict( + allow_bi_directional_nat=dict(type='bool'), + auto_arp_conf=dict(type='bool'), + merge_manual_proxy_arp_conf=dict(type='bool'), + auto_translate_dest_on_client_side=dict(type='bool'), + manually_translate_dest_on_client_side=dict(type='bool'), + enable_ip_pool_nat=dict(type='bool'), + addr_alloc_and_release_track=dict(type='str', choices=['ip allocation log', 'none']), + addr_exhaustion_track=dict(type='str', choices=['ip exhaustion alert', 'none', 'ip exhaustion log']) + )), + authentication=dict(type='dict', options=dict( + auth_internal_users_with_specific_suffix=dict(type='bool'), + allowed_suffix_for_internal_users=dict(type='str'), + max_days_before_expiration_of_non_pulled_user_certificates=dict(type='int'), + max_client_auth_attempts_before_connection_termination=dict(type='int'), + max_rlogin_attempts_before_connection_termination=dict(type='int'), + max_session_auth_attempts_before_connection_termination=dict(type='int'), + max_telnet_attempts_before_connection_termination=dict(type='int'), + enable_delayed_auth=dict(type='bool'), + delay_each_auth_attempt_by=dict(type='int') + )), + vpn=dict(type='dict', options=dict( + vpn_conf_method=dict(type='str', choices=['simplified', 'traditional', 'per policy']), + domain_name_for_dns_resolving=dict(type='str'), + enable_backup_gw=dict(type='bool'), + enable_decrypt_on_accept_for_gw_to_gw_traffic=dict(type='bool'), + enable_load_distribution_for_mep_conf=dict(type='bool'), + enable_vpn_directional_match_in_vpn_column=dict(type='bool'), + grace_period_after_the_crl_is_not_valid=dict(type='int'), + grace_period_before_the_crl_is_valid=dict(type='int'), + grace_period_extension_for_secure_remote_secure_client=dict(type='int'), + support_ike_dos_protection_from_identified_src=dict(type='str', choices=['puzzles', 'stateless', 'none']), + support_ike_dos_protection_from_unidentified_src=dict(type='str', choices=['puzzles', 'stateless', 'none']) + )), + remote_access=dict(type='dict', options=dict( + enable_back_connections=dict(type='bool'), + keep_alive_packet_to_gw_interval=dict(type='int'), + encrypt_dns_traffic=dict(type='bool'), + simultaneous_login_mode=dict(type='str', choices=['allowonlysinglelogintouser', 'allowseverallogintouser']), + vpn_authentication_and_encryption=dict(type='dict', options=dict( + encryption_algorithms=dict(type='dict', options=dict( + ike=dict(type='dict', options=dict( + support_encryption_algorithms=dict(type='dict', options=dict( + tdes=dict(type='bool'), + aes_128=dict(type='bool'), + aes_256=dict(type='bool'), + des=dict(type='bool') + )), + use_encryption_algorithm=dict(type='str', choices=['AES-256', 'DES', 'AES-128', 'TDES']), + support_data_integrity=dict(type='dict', options=dict( + aes_xcbc=dict(type='bool'), + md5=dict(type='bool'), + sha1=dict(type='bool'), + sha256=dict(type='bool') + )), + use_data_integrity=dict(type='str', choices=['aes-xcbc', 'sha256', 'sha1', 'md5']), + support_diffie_hellman_groups=dict(type='dict', options=dict( + group1=dict(type='bool'), + group14=dict(type='bool'), + group2=dict(type='bool'), + group5=dict(type='bool') + )), + use_diffie_hellman_group=dict(type='str', choices=['group 1', 'group 2', 'group 5', 'group 14']) + )), + ipsec=dict(type='dict', options=dict( + support_encryption_algorithms=dict(type='dict', options=dict( + tdes=dict(type='bool'), + aes_128=dict(type='bool'), + aes_256=dict(type='bool'), + des=dict(type='bool') + )), + use_encryption_algorithm=dict(type='str', choices=['AES-256', 'DES', 'AES-128', 'TDES']), + support_data_integrity=dict(type='dict', options=dict( + aes_xcbc=dict(type='bool'), + md5=dict(type='bool'), + sha1=dict(type='bool'), + sha256=dict(type='bool') + )), + use_data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'sha512', 'md5']), + enforce_encryption_alg_and_data_integrity_on_all_users=dict(type='bool') + )) + )), + encryption_method=dict(type='str', choices=['prefer_ikev2_support_ikev1', 'ike_v2_only', 'ike_v1_only']), + pre_shared_secret=dict(type='bool'), + support_legacy_auth_for_sc_l2tp_nokia_clients=dict(type='bool'), + support_legacy_eap=dict(type='bool'), + support_l2tp_with_pre_shared_key=dict(type='bool'), + l2tp_pre_shared_key=dict(type='str', no_log=True) + )), + vpn_advanced=dict(type='dict', options=dict( + allow_clear_traffic_to_encryption_domain_when_disconnected=dict(type='bool'), + enable_load_distribution_for_mep_conf=dict(type='bool'), + use_first_allocated_om_ip_addr_for_all_conn_to_the_gws_of_the_site=dict(type='bool') + )), + scv=dict(type='dict', options=dict( + apply_scv_on_simplified_mode_fw_policies=dict(type='bool'), + exceptions=dict(type='list', elements='dict', options=dict( + hosts=dict(type='list', elements='str'), + services=dict(type='list', elements='str') + )), + no_scv_for_unsupported_cp_clients=dict(type='bool'), + upon_verification_accept_and_log_client_connection=dict(type='bool'), + only_tcp_ip_protocols_are_used=dict(type='bool'), + policy_installed_on_all_interfaces=dict(type='bool'), + generate_log=dict(type='bool'), + notify_user=dict(type='bool') + )), + ssl_network_extender=dict(type='dict', options=dict( + user_auth_method=dict(type='str', choices=['certificate_with_enrollment', 'certificate', 'mixed', 'legacy']), + supported_encryption_methods=dict(type='str', choices=['3des_or_rc4', '3des_only']), + client_upgrade_upon_connection=dict(type='str', choices=['force_upgrade', 'ask_user', 'no_upgrade']), + client_uninstall_upon_disconnection=dict(type='str', choices=['force_uninstall', 'ask_user', 'dont_uninstall']), + re_auth_user_interval=dict(type='int'), + scan_ep_machine_for_compliance_with_ep_compliance_policy=dict(type='bool'), + client_outgoing_keep_alive_packets_frequency=dict(type='int') + )), + secure_client_mobile=dict(type='dict', options=dict( + user_auth_method=dict(type='str', choices=['certificate_with_enrollment', 'certificate', 'mixed', 'legacy']), + enable_password_caching=dict(type='str', choices=['client_decide', 'true', 'false']), + cache_password_timeout=dict(type='int'), + re_auth_user_interval=dict(type='int'), + connect_mode=dict(type='str', choices=['manual', 'always connected', 'on application request', 'configured on endpoint client']), + automatically_initiate_dialup=dict(type='str', choices=['client_decide', 'true', 'false']), + disconnect_when_device_is_idle=dict(type='str', choices=['client_decide', 'true', 'false']), + supported_encryption_methods=dict(type='str', choices=['3des_or_rc4', '3des_only']), + route_all_traffic_to_gw=dict(type='str', choices=['client_decide', 'true', 'false']) + )), + endpoint_connect=dict(type='dict', options=dict( + enable_password_caching=dict(type='str', choices=['client_decide', 'true', 'false']), + cache_password_timeout=dict(type='int'), + re_auth_user_interval=dict(type='int'), + connect_mode=dict(type='str', choices=['Manual', 'Always Connected', 'Configured On Endpoint Client']), + network_location_awareness=dict(type='str', choices=['client_decide', 'true', 'false']), + network_location_awareness_conf=dict(type='dict', options=dict( + vpn_clients_are_considered_inside_the_internal_network_when_the_client=dict( + type='str', + choices=['connects to gw through internal interface', + 'connects from network or group', + 'runs on computer with access to active directory domain']), + network_or_group_of_conn_vpn_client=dict(type='str'), + consider_wireless_networks_as_external=dict(type='bool'), + excluded_internal_wireless_networks=dict(type='list', elements='str'), + consider_undefined_dns_suffixes_as_external=dict(type='bool'), + dns_suffixes=dict(type='list', elements='str'), + remember_previously_detected_external_networks=dict(type='bool') + )), + disconnect_when_conn_to_network_is_lost=dict(type='str', choices=['client_decide', 'true', 'false']), + disconnect_when_device_is_idle=dict(type='str', choices=['client_decide', 'true', 'false']), + route_all_traffic_to_gw=dict(type='str', choices=['client_decide', 'true', 'false']), + client_upgrade_mode=dict(type='str', choices=['force_upgrade', 'ask_user', 'no_upgrade']) + )), + hot_spot_and_hotel_registration=dict(type='dict', options=dict( + enable_registration=dict(type='bool'), + local_subnets_access_only=dict(type='bool'), + registration_timeout=dict(type='int'), + track_log=dict(type='bool'), + max_ip_access_during_registration=dict(type='int'), + ports=dict(type='list', elements='str') + )) + )), + user_directory=dict(type='dict', options=dict( + enable_password_change_when_user_active_directory_expires=dict(type='bool'), + cache_size=dict(type='int'), + enable_password_expiration_configuration=dict(type='bool'), + password_expires_after=dict(type='int', no_log=False), + timeout_on_cached_users=dict(type='int'), + display_user_dn_at_login=dict(type='str', choices=['no display', 'display upon request', 'display']), + enforce_rules_for_user_mgmt_admins=dict(type='bool'), + min_password_length=dict(type='int', no_log=False), + password_must_include_a_digit=dict(type='bool'), + password_must_include_a_symbol=dict(type='bool'), + password_must_include_lowercase_char=dict(type='bool'), + password_must_include_uppercase_char=dict(type='bool') + )), + qos=dict(type='dict', options=dict( + default_weight_of_rule=dict(type='int'), + max_weight_of_rule=dict(type='int'), + unit_of_measure=dict(type='str', choices=['bits-per-sec', 'bytes-per-sec', 'kbits-per-sec', 'kbytes-per-sec', 'mbits-per-sec', 'mbytes-per-sec']), + authenticated_ip_expiration=dict(type='int'), + non_authenticated_ip_expiration=dict(type='int'), + unanswered_queried_ip_expiration=dict(type='int') + )), + carrier_security=dict(type='dict', options=dict( + block_gtp_in_gtp=dict(type='bool'), + enforce_gtp_anti_spoofing=dict(type='bool'), + produce_extended_logs_on_unmatched_pdus=dict(type='bool'), + produce_extended_logs_on_unmatched_pdus_position=dict(type='str', choices=['before last', 'last']), + protocol_violation_track_option=dict(type='str', choices=['none', 'log', + 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + enable_g_pdu_seq_number_check_with_max_deviation=dict(type='bool'), + g_pdu_seq_number_check_max_deviation=dict(type='int'), + verify_flow_labels=dict(type='bool'), + allow_ggsn_replies_from_multiple_interfaces=dict(type='bool'), + enable_reverse_connections=dict(type='bool'), + gtp_signaling_rate_limit_sampling_interval=dict(type='int'), + one_gtp_echo_on_each_path_frequency=dict(type='int'), + aggressive_aging=dict(type='bool'), + aggressive_timeout=dict(type='int'), + memory_activation_threshold=dict(type='int'), + memory_deactivation_threshold=dict(type='int'), + tunnel_activation_threshold=dict(type='int'), + tunnel_deactivation_threshold=dict(type='int') + )), + user_accounts=dict(type='dict', options=dict( + expiration_date_method=dict(type='str', choices=['expire after', 'expire at']), + expiration_date=dict(type='str'), + days_until_expiration=dict(type='int'), + show_accounts_expiration_indication_days_in_advance=dict(type='bool') + )), + user_authority=dict(type='dict', options=dict( + display_web_access_view=dict(type='bool'), + windows_domains_to_trust=dict(type='str', choices=['selectively', 'all']), + trust_only_following_windows_domains=dict(type='list', elements='str') + )), + connect_control=dict(type='dict', options=dict( + load_agents_port=dict(type='int'), + load_measurement_interval=dict(type='int'), + persistence_server_timeout=dict(type='int'), + server_availability_check_interval=dict(type='int'), + server_check_retries=dict(type='int') + )), + stateful_inspection=dict(type='dict', options=dict( + tcp_start_timeout=dict(type='int'), + tcp_session_timeout=dict(type='int'), + tcp_end_timeout=dict(type='int'), + tcp_end_timeout_r8020_gw_and_above=dict(type='int'), + udp_virtual_session_timeout=dict(type='int'), + icmp_virtual_session_timeout=dict(type='int'), + other_ip_protocols_virtual_session_timeout=dict(type='int'), + sctp_start_timeout=dict(type='int'), + sctp_session_timeout=dict(type='int'), + sctp_end_timeout=dict(type='int'), + accept_stateful_udp_replies_for_unknown_services=dict(type='bool'), + accept_stateful_icmp_errors=dict(type='bool'), + accept_stateful_icmp_replies=dict(type='bool'), + accept_stateful_other_ip_protocols_replies_for_unknown_services=dict(type='bool'), + drop_out_of_state_tcp_packets=dict(type='bool'), + log_on_drop_out_of_state_tcp_packets=dict(type='bool'), + tcp_out_of_state_drop_exceptions=dict(type='list', elements='str'), + drop_out_of_state_icmp_packets=dict(type='bool'), + log_on_drop_out_of_state_icmp_packets=dict(type='bool'), + drop_out_of_state_sctp_packets=dict(type='bool'), + log_on_drop_out_of_state_sctp_packets=dict(type='bool') + )), + log_and_alert=dict(type='dict', options=dict( + administrative_notifications=dict(type='str', choices=['none', 'log', + 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + connection_matched_by_sam=dict(type='str', choices=['Popup Alert', 'Mail Alert', + 'SNMP Trap Alert', 'User Defined Alert no.1', 'User Defined Alert no.2', + 'User Defined Alert no.3']), + dynamic_object_resolution_failure=dict(type='str', choices=['none', 'log', + 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + ip_options_drop=dict(type='str', choices=['none', 'log', 'popup alert', 'mail alert', + 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', 'user defined alert no.3']), + packet_is_incorrectly_tagged=dict(type='str', choices=['none', 'log', + 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + packet_tagging_brute_force_attack=dict(type='str', choices=['none', 'log', + 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + sla_violation=dict(type='str', choices=['none', 'log', 'popup alert', 'mail alert', + 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', 'user defined alert no.3']), + vpn_conf_and_key_exchange_errors=dict(type='str', choices=['none', 'log', + 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + vpn_packet_handling_error=dict(type='str', choices=['none', 'log', 'popup alert', + 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3']), + vpn_successful_key_exchange=dict(type='str', choices=['none', 'log', + 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + log_every_authenticated_http_connection=dict(type='bool'), + log_traffic=dict(type='str', choices=['none', 'log']), + alerts=dict(type='dict', options=dict( + send_popup_alert_to_smartview_monitor=dict(type='bool'), + popup_alert_script=dict(type='str'), + send_mail_alert_to_smartview_monitor=dict(type='bool'), + mail_alert_script=dict(type='str'), + send_snmp_trap_alert_to_smartview_monitor=dict(type='bool'), + snmp_trap_alert_script=dict(type='str'), + send_user_defined_alert_num1_to_smartview_monitor=dict(type='bool'), + user_defined_script_num1=dict(type='str'), + send_user_defined_alert_num2_to_smartview_monitor=dict(type='bool'), + user_defined_script_num2=dict(type='str'), + send_user_defined_alert_num3_to_smartview_monitor=dict(type='bool'), + user_defined_script_num3=dict(type='str'), + default_track_option_for_system_alerts=dict(type='str', choices=['Popup Alert', 'Mail Alert', 'SNMP Trap Alert', + 'User Defined Alert no.1', 'User Defined Alert no.2', + 'User Defined Alert no.3']) + )), + time_settings=dict(type='dict', options=dict( + excessive_log_grace_period=dict(type='int'), + logs_resolving_timeout=dict(type='int'), + status_fetching_interval=dict(type='int'), + virtual_link_statistics_logging_interval=dict(type='int') + )) + )), + data_access_control=dict(type='dict', options=dict( + auto_download_important_data=dict(type='bool'), + auto_download_sw_updates_and_new_features=dict(type='bool'), + send_anonymous_info=dict(type='bool'), + share_sensitive_info=dict(type='bool') + )), + non_unique_ip_address_ranges=dict(type='list', elements='dict', options=dict( + address_type=dict(type='str', choices=['IPv4', 'IPv6']), + first_ipv4_address=dict(type='str'), + first_ipv6_address=dict(type='str'), + last_ipv4_address=dict(type='str'), + last_ipv6_address=dict(type='str') + )), + proxy=dict(type='dict', options=dict( + use_proxy_server=dict(type='bool'), + proxy_address=dict(type='str'), + proxy_port=dict(type='int') + )), + user_check=dict(type='dict', options=dict( + preferred_language=dict(type='str', choices=['Afrikaans', 'Albanian', 'Amharic', 'Arabic', + 'Armenian', 'Basque', 'Belarusian', 'Bosnian', 'Bulgarian', 'Catalan', 'Chinese', 'Croatian', 'Czech', + 'Danish', 'Dutch', 'English', 'Estonian', 'Finnish', 'French', 'Gaelic', 'Georgian', 'German', + 'Greek', 'Hebrew', 'Hindi', 'Hungarian', 'Icelandic', 'Indonesian', 'Irish', 'Italian', 'Japanese', + 'Korean', 'Latvian', 'Lithuanian', 'Macedonia', 'Maltese', 'Nepali', 'Norwegian', 'Polish', + 'Portuguese', 'Romanian', 'Russian', 'Serbian', 'Slovak', 'Slovenian', 'Sorbian', 'Spanish', + 'Swahili', 'Swedish', 'Thai', 'Turkish', 'Ukrainian', 'Vietnamese', 'Welsh']), + send_emails_using_mail_server=dict(type='str') + )), + hit_count=dict(type='dict', options=dict( + enable_hit_count=dict(type='bool'), + keep_hit_count_data_up_to=dict(type='str', choices=['3 months', '6 months', '1 year', '2 years']) + )), + advanced_conf=dict(type='dict', options=dict( + certs_and_pki=dict(type='dict', options=dict( + cert_validation_enforce_key_size=dict(type='str', choices=['off', 'alert', 'fail']), + host_certs_ecdsa_key_size=dict(type='str', choices=['p-256', 'p-384', 'p-521']), + host_certs_key_size=dict(type='str', choices=['4096', '1024', '2048']) + )) + )), + allow_remote_registration_of_opsec_products=dict(type='bool'), + num_spoofing_errs_that_trigger_brute_force=dict(type='int'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-global-properties" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_default_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_default_assignment.py new file mode 100644 index 00000000..c8b74f7f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_default_assignment.py @@ -0,0 +1,100 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_idp_default_assignment +short_description: Set default Identity Provider assignment to be use for Management server administrator access. +description: + - Set default Identity Provider assignment to be use for Management server administrator access. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + identity_provider: + description: + - Represents the Identity Provider to be used for Login by this assignment identified by the name or UID, to cancel existing assignment should + set to 'none'. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-idp-default-assignment + cp_mgmt_set_idp_default_assignment: + identity_provider: azure +""" + +RETURN = """ +cp_mgmt_set_idp_default_assignment: + description: The checkpoint set-idp-default-assignment output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + identity_provider=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-idp-default-assignment" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_to_domain_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_to_domain_assignment.py new file mode 100644 index 00000000..b14aca79 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_to_domain_assignment.py @@ -0,0 +1,112 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_idp_to_domain_assignment +short_description: Set Identity Provider assignment to domain, to allow administrator login to that domain using that identity provider, if there is no + Identity Provider assigned to the domain the 'idp-default-assignment' will be used. This command only available for Multi-Domain server. +description: + - Set Identity Provider assignment to domain, to allow administrator login to that domain using that identity provider, if there is no Identity Provider + assigned to the domain the 'idp-default-assignment' will be used. This command only available for Multi-Domain server. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + assigned_domain: + description: + - Represents the Domain assigned by 'idp-to-domain-assignment', need to be domain name or UID. + type: str + identity_provider: + description: + - Represents the Identity Provider to be used for Login by this assignment. Must be set when "using-default" was set to be false. + type: str + using_default: + description: + - Is this assignment override by 'idp-default-assignment'. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-idp-to-domain-assignment + cp_mgmt_set_idp_to_domain_assignment: + assigned_domain: BSMS + identity_provider: okta +""" + +RETURN = """ +cp_mgmt_set_idp_to_domain_assignment: + description: The checkpoint set-idp-to-domain-assignment output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + assigned_domain=dict(type='str'), + identity_provider=dict(type='str'), + using_default=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-idp-to-domain-assignment" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_nat_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_nat_rule.py new file mode 100644 index 00000000..01832640 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_nat_rule.py @@ -0,0 +1,161 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_nat_rule +short_description: Edit existing object using object name or uid. +description: + - Edit existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + rule_number: + description: + - Rule number. + type: str + package: + description: + - Name of the package. + type: str + enabled: + description: + - Enable/Disable the rule. + type: bool + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + elements: str + method: + description: + - Nat method. + type: str + choices: ['static', 'hide', 'nat64', 'nat46'] + new_position: + description: + - New position in the rulebase. + type: str + original_destination: + description: + - Original destination. + type: str + original_service: + description: + - Original service. + type: str + original_source: + description: + - Original source. + type: str + translated_destination: + description: + - Translated destination. + type: str + translated_service: + description: + - Translated service. + type: str + translated_source: + description: + - Translated source. + type: str + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-nat-rule + cp_mgmt_set_nat_rule: + comments: rule for RND members RNDNetwork-> RND to Internal Network + enabled: false + original_service: ssh_version_2 + original_source: Any + package: standard + state: present +""" + +RETURN = """ +cp_mgmt_set_nat_rule: + description: The checkpoint set-nat-rule output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + rule_number=dict(type='str'), + package=dict(type='str'), + enabled=dict(type='bool'), + install_on=dict(type='list', elements='str'), + method=dict(type='str', choices=['static', 'hide', 'nat64', 'nat46']), + new_position=dict(type='str'), + original_destination=dict(type='str'), + original_service=dict(type='str'), + original_source=dict(type='str'), + translated_destination=dict(type='str'), + translated_service=dict(type='str'), + translated_source=dict(type='str'), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-nat-rule" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_session.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_session.py new file mode 100644 index 00000000..9979860b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_session.py @@ -0,0 +1,123 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_session +short_description: Edit user's current session. +description: + - Edit user's current session. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + description: + description: + - Session description. + type: str + new_name: + description: + - New name of the object. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-session + cp_mgmt_set_session: + description: Session to work on ticket number CR00323665 + state: present +""" + +RETURN = """ +cp_mgmt_set_session: + description: The checkpoint set-session output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + description=dict(type='str'), + new_name=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-session" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_threat_advanced_settings.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_threat_advanced_settings.py new file mode 100644 index 00000000..15258f90 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_threat_advanced_settings.py @@ -0,0 +1,158 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_threat_advanced_settings +short_description: Edit Threat Prevention's Blades' Settings. +description: + - Edit Threat Prevention's Blades' Settings. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + feed_retrieving_interval: + description: + - Feed retrieving intervals of External Feed, in the form of HH,MM. + type: str + httpi_non_standard_ports: + description: + - Enable HTTP Inspection on non standard ports for Threat Prevention blades. + type: bool + internal_error_fail_mode: + description: + - In case of internal system error, allow or block all connections. + type: str + choices: ['allow connections', 'block connections'] + log_unification_timeout: + description: + - Session unification timeout for logs (minutes). + type: int + resource_classification: + description: + - Allow (Background) or Block (Hold) requests until categorization is complete. + type: dict + suboptions: + custom_settings: + description: + - On Custom mode, custom resources classification per service. + type: dict + suboptions: + anti_bot: + description: + - Custom Settings for Anti Bot Blade. + type: str + choices: ['background', 'hold'] + anti_virus: + description: + - Custom Settings for Anti Virus Blade. + type: str + choices: ['background', 'hold'] + zero_phishing: + description: + - Custom Settings for Zero Phishing Blade. + type: str + choices: ['background', 'hold'] + mode: + description: + - Set all services to the same mode or choose a custom mode. + type: str + choices: ['background', 'hold', 'custom'] + web_service_fail_mode: + description: + - Block connections when the web service is unavailable. + type: str + choices: ['allow connections', 'block connections'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-threat-advanced-settings + cp_mgmt_set_threat_advanced_settings: + feed_retrieving_interval: 00:05 + httpi_non_standard_ports: true + internal_error_fail_mode: allow connections + log_unification_timeout: 600 + resource_classification.mode: hold + resource_classification.web_service_fail_mode: block connections + state: present +""" + +RETURN = """ +cp_mgmt_set_threat_advanced_settings: + description: The checkpoint set-threat-advanced-settings output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + feed_retrieving_interval=dict(type='str'), + httpi_non_standard_ports=dict(type='bool'), + internal_error_fail_mode=dict(type='str', choices=['allow connections', 'block connections']), + log_unification_timeout=dict(type='int'), + resource_classification=dict(type='dict', options=dict( + custom_settings=dict(type='dict', options=dict( + anti_bot=dict(type='str', choices=['background', 'hold']), + anti_virus=dict(type='str', choices=['background', 'hold']), + zero_phishing=dict(type='str', choices=['background', 'hold']) + )), + mode=dict(type='str', choices=['background', 'hold', 'custom']), + web_service_fail_mode=dict(type='str', choices=['allow connections', 'block connections']) + )), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool'), + auto_publish_session=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-threat-advanced-settings" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_access_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_access_section.py new file mode 100644 index 00000000..dfa684fd --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_access_section.py @@ -0,0 +1,90 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_access_section +short_description: Retrieve existing object using object name or uid. +description: + - Retrieve existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-access-section + cp_mgmt_show_access_section: + layer: Network + name: New Section 1 +""" + +RETURN = """ +cp_mgmt_show_access_section: + description: The checkpoint show-access-section output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + layer=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-access-section" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_cloud_services.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_cloud_services.py new file mode 100644 index 00000000..91725ff5 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_cloud_services.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_cloud_services +short_description: Show the connection status of the Management Server to Check Point's Infinity Portal. +description: + - Show the connection status of the Management Server to Check Point's Infinity Portal. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-cloud-services + cp_mgmt_show_cloud_services: +""" + +RETURN = """ +cp_mgmt_show_cloud_services: + description: The checkpoint show-cloud-services output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-cloud-services" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_global_properties.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_global_properties.py new file mode 100644 index 00000000..24f40149 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_global_properties.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_global_properties +short_description: Retrieve Global Properties. +description: + - Retrieve Global Properties. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-global-properties + cp_mgmt_show_global_properties: +""" + +RETURN = """ +cp_mgmt_show_global_properties: + description: The checkpoint show-global-properties output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-global-properties" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_https_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_https_section.py new file mode 100644 index 00000000..e05e8b4b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_https_section.py @@ -0,0 +1,90 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_https_section +short_description: Retrieve existing HTTPS Inspection section using section name or uid and layer name. +description: + - Retrieve existing HTTPS Inspection section using section name or uid and layer name. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + layer: + description: + - Layer that holds the Object. Identified by the Name or UID. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-https-section + cp_mgmt_show_https_section: + layer: Default Layer + name: New Section 1 +""" + +RETURN = """ +cp_mgmt_show_https_section: + description: The checkpoint show-https-section output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + layer=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-https-section" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_idp_default_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_idp_default_assignment.py new file mode 100644 index 00000000..e6962ce9 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_idp_default_assignment.py @@ -0,0 +1,78 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_idp_default_assignment +short_description: Retrieve default Identity Provider assignment that used for Management server administrator access. +description: + - Retrieve default Identity Provider assignment that used for Management server administrator access. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-idp-default-assignment + cp_mgmt_show_idp_default_assignment: +""" + +RETURN = """ +cp_mgmt_show_idp_default_assignment: + description: The checkpoint show-idp-default-assignment output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-idp-default-assignment" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_logs.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_logs.py new file mode 100644 index 00000000..59ecccd3 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_logs.py @@ -0,0 +1,149 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_logs +short_description: Showing logs according to the given filter. +description: + - Showing logs according to the given filter. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + new_query: + description: + - Running a new query. + type: dict + suboptions: + filter: + description: + - The filter as entered in SmartConsole/SmartView. + type: str + time_frame: + description: + - Specify the time frame to query logs. + type: str + choices: ['last-7-days', 'last-hour', 'today', 'last-24-hours', 'yesterday', 'this-week', 'this-month', 'last-30-days', 'all-time', 'custom'] + custom_start: + description: + - This option is only applicable when using the custom time-frame option. + type: str + custom_end: + description: + - This option is only applicable when using the custom time-frame option. + type: str + max_logs_per_request: + description: + - Limit the number of logs to be retrieved. + type: int + top: + description: + - Top results configuration. + type: dict + suboptions: + field: + description: + - The field on which the top command is executed. + type: str + choices: ['sources', 'destinations', 'services', 'actions', 'blades' , 'origins', 'users', 'applications'] + count: + description: + - The number of results to retrieve. + type: int + type: + description: + - Type of logs to return. + type: str + choices: ['logs', 'audit'] + log_servers: + description: + - List of IP's of logs servers to query. + type: list + elements: str + query_id: + description: + - Get the next page of last run query with specified limit. + type: str + ignore_warnings: + description: + - Ignore warnings if exist. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-logs + cp_mgmt_show_logs: + new_query: + filter: blade:"Threat Emulation" + max_logs_per_request: '2' + time_frame: today +""" + +RETURN = """ +cp_mgmt_show_logs: + description: The checkpoint show-logs output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + new_query=dict(type='dict', options=dict( + filter=dict(type='str'), + time_frame=dict(type='str', choices=['last-7-days', 'last-hour', 'today', 'last-24-hours', 'yesterday', + 'this-week', 'this-month', 'last-30-days', 'all-time', 'custom']), + custom_start=dict(type='str'), + custom_end=dict(type='str'), + max_logs_per_request=dict(type='int'), + top=dict(type='dict', options=dict( + field=dict(type='str', choices=['sources', 'destinations', 'services', 'actions', 'blades', 'origins', 'users', 'applications']), + count=dict(type='int') + )), + type=dict(type='str', choices=['logs', 'audit']), + log_servers=dict(type='list', elements='str') + )), + query_id=dict(type='str'), + ignore_warnings=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-logs" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_nat_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_nat_section.py new file mode 100644 index 00000000..92809266 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_nat_section.py @@ -0,0 +1,90 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_nat_section +short_description: Retrieve existing object using object name or uid. +description: + - Retrieve existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + package: + description: + - Name of the package. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-nat-section + cp_mgmt_show_nat_section: + name: New Section 1 + package: standard +""" + +RETURN = """ +cp_mgmt_show_nat_section: + description: The checkpoint show-nat-section output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + package=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-nat-section" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_servers_and_processes.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_servers_and_processes.py new file mode 100644 index 00000000..6014b40a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_servers_and_processes.py @@ -0,0 +1,73 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_servers_and_processes +short_description: Shows the status of all processes in the current machine (Multi-Domain Server and all Domain Management / Log Servers). <br>This command is + available only on Multi-Domain Server. +description: + - Shows the status of all processes in the current machine (Multi-Domain Server and all Domain Management / Log Servers). <br>This command is available + only on Multi-Domain Server. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-servers-and-processes + cp_mgmt_show_servers_and_processes: +""" + +RETURN = """ +cp_mgmt_show_servers_and_processes: + description: The checkpoint show-servers-and-processes output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-servers-and-processes" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_package_details.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_package_details.py new file mode 100644 index 00000000..0b6ef90b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_package_details.py @@ -0,0 +1,77 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_software_package_details +short_description: Gets the software package information from the cloud. +description: + - Gets the software package information from the cloud. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the software package. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-software-package-details + cp_mgmt_show_software_package_details: + name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz +""" + +RETURN = """ +cp_mgmt_show_software_package_details: + description: The checkpoint show-software-package-details output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-software-package-details" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_task.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_task.py new file mode 100644 index 00000000..d90bc7bb --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_task.py @@ -0,0 +1,85 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_task +short_description: Show task progress and details. +description: + - Show task progress and details. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + task_id: + description: + - Unique identifier of one or more tasks. + type: list + elements: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-task + cp_mgmt_show_task: + task_id: 2eec70e5-78a8-4bdb-9a76-cfb5601d0bcb +""" + +RETURN = """ +cp_mgmt_show_task: + description: The checkpoint show-task output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + task_id=dict(type='list', elements='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-task" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_tasks.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_tasks.py new file mode 100644 index 00000000..a9fcdd87 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_tasks.py @@ -0,0 +1,134 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_tasks +short_description: Retrieve all tasks and show their progress and details. +description: + - Retrieve all tasks and show their progress and details. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + initiator: + description: + - Initiator's name. If name isn't specified, tasks from all initiators will be shown. + type: str + status: + description: + - Status. + type: str + choices: ['successful', 'failed', 'in-progress', 'all'] + from_date: + description: + - The date from which tracking tasks is to be performed, by the task's last update date. ISO 8601. If timezone isn't specified in the input, the + Management server's timezone is used. + type: str + to_date: + description: + - The date until which tracking tasks is to be performed, by the task's last update date. ISO 8601. If timezone isn't specified in the input, + the Management server's timezone is used. + type: str + limit: + description: + - The maximal number of returned results. + type: int + offset: + description: + - Number of the results to initially skip. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the descending order by the task's last update date. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-tasks + cp_mgmt_show_tasks: + from_date: '2018-05-23T08:00:00' + initiator: admin1 + status: successful +""" + +RETURN = """ +cp_mgmt_show_tasks: + description: The checkpoint show-tasks output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + initiator=dict(type='str'), + status=dict(type='str', choices=['successful', 'failed', 'in-progress', 'all']), + from_date=dict(type='str'), + to_date=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-tasks" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_threat_advanced_settings.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_threat_advanced_settings.py new file mode 100644 index 00000000..5af7329a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_threat_advanced_settings.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_threat_advanced_settings +short_description: Show Threat Prevention's Blades' Settings. +description: + - Show Threat Prevention's Blades' Settings. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-threat-advanced-settings + cp_mgmt_show_threat_advanced_settings: +""" + +RETURN = """ +cp_mgmt_show_threat_advanced_settings: + description: The checkpoint show-threat-advanced-settings output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-threat-advanced-settings" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster.py new file mode 100644 index 00000000..0742d248 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster.py @@ -0,0 +1,1287 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_simple_cluster +short_description: Manages simple-cluster objects on Checkpoint over Web Services API +description: + - Manages simple-cluster objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + anti_bot: + description: + - Anti-Bot blade enabled. + type: bool + anti_virus: + description: + - Anti-Virus blade enabled. + type: bool + application_control: + description: + - Application Control blade enabled. + type: bool + cluster_mode: + description: + - Cluster mode. + type: str + choices: ['cluster-xl-ha', 'cluster-ls-multicast', 'cluster-ls-unicast', 'opsec-ha', 'opsec-ls'] + content_awareness: + description: + - Content Awareness blade enabled. + type: bool + firewall: + description: + - Firewall blade enabled. + type: bool + firewall_settings: + description: + - N/A + type: dict + suboptions: + auto_calculate_connections_hash_table_size_and_memory_pool: + description: + - N/A + type: bool + auto_maximum_limit_for_concurrent_connections: + description: + - N/A + type: bool + connections_hash_size: + description: + - N/A + type: int + maximum_limit_for_concurrent_connections: + description: + - N/A + type: int + maximum_memory_pool_size: + description: + - N/A + type: int + memory_pool_size: + description: + - N/A + type: int + hardware: + description: + - Cluster platform hardware. + type: str + interfaces: + description: + - N/A + type: list + elements: dict + suboptions: + name: + description: + - Object name. + type: str + interface_type: + description: + - Cluster interface type. + type: str + choices: ['cluster', 'sync', 'cluster + sync', 'private'] + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + network_mask: + description: + - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of + providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use + ipv4-mask-length and ipv6-mask-length fields explicitly. + type: str + ipv4_network_mask: + description: + - IPv4 network address. + type: str + ipv6_network_mask: + description: + - IPv6 network address. + type: str + mask_length: + description: + - IPv4 or IPv6 network mask length. + type: str + ipv4_mask_length: + description: + - IPv4 network mask length. + type: str + ipv6_mask_length: + description: + - IPv6 network mask length. + type: str + anti_spoofing: + description: + - N/A + type: bool + anti_spoofing_settings: + description: + - N/A + type: dict + suboptions: + action: + description: + - If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option). + type: str + choices: ['prevent', 'detect'] + exclude_packets: + description: + - Don't check packets from excluded network. + type: bool + excluded_network_name: + description: + - Excluded network name. + type: str + excluded_network_uid: + description: + - Excluded network UID. + type: str + spoof_tracking: + description: + - Spoof tracking. + type: str + choices: ['none', 'log', 'alert'] + multicast_address: + description: + - Multicast IP Address. + type: str + multicast_address_type: + description: + - Multicast Address Type. + type: str + choices: ['manual', 'default'] + security_zone: + description: + - N/A + type: bool + security_zone_settings: + description: + - N/A + type: dict + suboptions: + auto_calculated: + description: + - Security Zone is calculated according to where the interface leads to. + type: bool + specific_zone: + description: + - Security Zone specified manually. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + topology: + description: + - N/A + type: str + choices: ['automatic', 'external', 'internal'] + topology_settings: + description: + - N/A + type: dict + suboptions: + interface_leads_to_dmz: + description: + - Whether this interface leads to demilitarized zone (perimeter network). + type: bool + ip_address_behind_this_interface: + description: + - Network settings behind this interface. + type: str + choices: ['not defined', 'network defined by the interface ip and net mask', 'network defined by routing', 'specific'] + specific_network: + description: + - Network behind this interface. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', + 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', + 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + ips: + description: + - Intrusion Prevention System blade enabled. + type: bool + members: + description: + - Cluster members list. Only new cluster member can be added. Adding existing gateway is not supported. + type: list + elements: dict + suboptions: + name: + description: + - Object name. + type: str + interfaces: + description: + - Cluster Member network interfaces. + type: list + elements: dict + suboptions: + name: + description: + - Object name. + type: str + anti_spoofing: + description: + - N/A + type: bool + anti_spoofing_settings: + description: + - N/A + type: dict + suboptions: + action: + description: + - If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option). + type: str + choices: ['prevent', 'detect'] + exclude_packets: + description: + - Don't check packets from excluded network. + type: bool + excluded_network_name: + description: + - Excluded network name. + type: str + excluded_network_uid: + description: + - Excluded network UID. + type: str + spoof_tracking: + description: + - Spoof tracking. + type: str + choices: ['none', 'log', 'alert'] + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + network_mask: + description: + - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead + of providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use + ipv4-mask-length and ipv6-mask-length fields explicitly. + type: str + ipv4_network_mask: + description: + - IPv4 network address. + type: str + ipv6_network_mask: + description: + - IPv6 network address. + type: str + mask_length: + description: + - IPv4 or IPv6 network mask length. + type: str + ipv4_mask_length: + description: + - IPv4 network mask length. + type: str + ipv6_mask_length: + description: + - IPv6 network mask length. + type: str + security_zone: + description: + - N/A + type: bool + security_zone_settings: + description: + - N/A + type: dict + suboptions: + auto_calculated: + description: + - Security Zone is calculated according to where the interface leads to. + type: bool + specific_zone: + description: + - Security Zone specified manually. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + topology: + description: + - N/A + type: str + choices: ['automatic', 'external', 'internal'] + topology_settings: + description: + - N/A + type: dict + suboptions: + interface_leads_to_dmz: + description: + - Whether this interface leads to demilitarized zone (perimeter network). + type: bool + ip_address_behind_this_interface: + description: + - Network settings behind this interface. + type: str + choices: ['not defined', 'network defined by the interface ip and net mask', 'network defined by routing', 'specific'] + specific_network: + description: + - Network behind this interface. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', + 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', + 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully + detailed representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings + will also be ignored. + type: bool + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + one_time_password: + description: + - N/A + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', + 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', + 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + os_name: + description: + - Cluster platform operating system. + type: str + platform_portal_settings: + description: + - Platform portal settings. + type: dict + suboptions: + portal_web_settings: + description: + - Configuration of the portal web settings. + type: dict + suboptions: + aliases: + description: + - List of URL aliases that are redirected to the main portal URL. + type: list + elements: str + ip_address: + description: + - Optional, IP address for the web portal to use, if your DNS server fails to resolve the main portal URL. + Note, If your DNS server resolves the main portal URL, this IP address is ignored. + type: str + main_url: + description: + - The main URL for the web portal. + type: str + certificate_settings: + description: + - Configuration of the portal certificate settings. + type: dict + suboptions: + base64_certificate: + description: + - The certificate file encoded in Base64 with padding. This file must be in the *.p12 format. + type: str + base64_password: + description: + - Password (encoded in Base64 with padding) for the certificate file. + type: str + accessibility: + description: + - Configuration of the portal access settings. + type: dict + suboptions: + allow_access_from: + description: + - Allowed access to the web portal (based on interfaces, or security policy). + type: str + choices: ['rule_base', 'internal_interfaces', 'all_interfaces'] + internal_access_settings: + description: + - Configuration of the additional portal access settings for internal interfaces only. + type: dict + suboptions: + undefined: + description: + - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'. + type: bool + dmz: + description: + - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'. + type: bool + vpn: + description: + - Controls portal access settings for interfaces that are part of a VPN Encryption Domain. + type: bool + send_alerts_to_server: + description: + - Server(s) to send alerts to. + type: list + elements: str + send_logs_to_backup_server: + description: + - Backup server(s) to send logs to. + type: list + elements: str + send_logs_to_server: + description: + - Server(s) to send logs to. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + threat_emulation: + description: + - Threat Emulation blade enabled. + type: bool + threat_extraction: + description: + - Threat Extraction blade enabled. + type: bool + threat_prevention_mode: + description: + - The mode of Threat Prevention to use. When using Autonomous Threat Prevention, disabling the Threat Prevention blades is not allowed. + type: str + choices: ['autonomous', 'custom'] + url_filtering: + description: + - URL Filtering blade enabled. + type: bool + usercheck_portal_settings: + description: + - UserCheck portal settings. + type: dict + suboptions: + enabled: + description: + - State of the web portal (enabled or disabled). The supported blades are, {'Application Control', 'URL Filtering', 'Data Loss + Prevention', 'Anti Virus', 'Anti Bot', 'Threat Emulation', 'Threat Extraction', 'Data Awareness'}. + type: bool + portal_web_settings: + description: + - Configuration of the portal web settings. + type: dict + suboptions: + aliases: + description: + - List of URL aliases that are redirected to the main portal URL. + type: list + elements: str + ip_address: + description: + - Optional, IP address for the web portal to use, if your DNS server fails to resolve the main portal URL. + Note, If your DNS server resolves the main portal URL, this IP address is ignored. + type: str + main_url: + description: + - The main URL for the web portal. + type: str + certificate_settings: + description: + - Configuration of the portal certificate settings. + type: dict + suboptions: + base64_certificate: + description: + - The certificate file encoded in Base64 with padding. This file must be in the *.p12 format. + type: str + base64_password: + description: + - Password (encoded in Base64 with padding) for the certificate file. + type: str + accessibility: + description: + - Configuration of the portal access settings. + type: dict + suboptions: + allow_access_from: + description: + - Allowed access to the web portal (based on interfaces, or security policy). + type: str + choices: ['rule_base', 'internal_interfaces', 'all_interfaces'] + internal_access_settings: + description: + - Configuration of the additional portal access settings for internal interfaces only. + type: dict + suboptions: + undefined: + description: + - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'. + type: bool + dmz: + description: + - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'. + type: bool + vpn: + description: + - Controls portal access settings for interfaces that are part of a VPN Encryption Domain. + type: bool + cluster_version: + description: + - Cluster platform version. + type: str + vpn: + description: + - VPN blade enabled. + type: bool + vpn_settings: + description: + - Gateway VPN settings. + type: dict + suboptions: + authentication: + description: + - Authentication. + type: dict + suboptions: + authentication_clients: + description: + - Collection of VPN Authentication clients identified by the name or UID. + type: list + elements: str + link_selection: + description: + - Link Selection. + type: dict + suboptions: + ip_selection: + description: + - N/A + type: str + choices: ['use-main-address', 'use-selected-address-from-topology', 'use-statically-nated-ip', + 'calculated-ip-based-on-topology', 'dns-resolving-from-hostname', 'dns-resolving-from-gateway-and-domain-name', + 'use-probing-with-high-availability', 'use-probing-with-load-sharing', 'use-one-time-probing'] + dns_resolving_hostname: + description: + - DNS Resolving Hostname. Must be set when "ip-selection" was selected to be "dns-resolving-from-hostname". + type: str + ip_address: + description: + - IP Address. Must be set when "ip-selection" was selected to be "use-selected-address-from-topology" or "use-statically-nated-ip". + type: str + maximum_concurrent_ike_negotiations: + description: + - N/A + type: int + maximum_concurrent_tunnels: + description: + - N/A + type: int + office_mode: + description: + - Office Mode. Notation Wide Impact - Office Mode apply IPSec VPN Software Blade clients and to the Mobile Access Software Blade clients. + type: dict + suboptions: + mode: + description: + - Office Mode Permissions.When selected to be "off", all the other definitions are irrelevant. + type: str + choices: ['off', 'specific-group', 'all-users'] + group: + description: + - Group. Identified by name or UID. Must be set when "office-mode-permissions" was selected to be "group". + type: str + allocate_ip_address_from: + description: + - Allocate IP address Method. + Allocate IP address by sequentially trying the given methods until success. + type: dict + suboptions: + radius_server: + description: + - Radius server used to authenticate the user. + type: bool + use_allocate_method: + description: + - Use Allocate Method. + type: bool + allocate_method: + description: + - Using either Manual (IP Pool) or Automatic (DHCP). + Must be set when "use-allocate-method" is true. + type: str + choices: ['manual', 'automatic'] + manual_network: + description: + - Manual Network. Identified by name or UID. + Must be set when "allocate-method" was selected to be "manual". + type: str + dhcp_server: + description: + - DHCP Server. Identified by name or UID. + Must be set when "allocate-method" was selected to be "automatic". + type: str + virtual_ip_address: + description: + - Virtual IPV4 address for DHCP server replies. + Must be set when "allocate-method" was selected to be "automatic". + type: str + dhcp_mac_address: + description: + - Calculated MAC address for DHCP allocation. + Must be set when "allocate-method" was selected to be "automatic". + type: str + choices: ['per-machine', 'per-user'] + optional_parameters: + description: + - This configuration applies to all Office Mode methods except Automatic (using DHCP) and ipassignment.conf entries which contain this data. + type: dict + suboptions: + use_primary_dns_server: + description: + - Use Primary DNS Server. + type: bool + primary_dns_server: + description: + - Primary DNS Server. Identified by name or UID. + Must be set when "use-primary-dns-server" is true and can not be set when "use-primary-dns-server" is false. + type: str + use_first_backup_dns_server: + description: + - Use First Backup DNS Server. + type: bool + first_backup_dns_server: + description: + - First Backup DNS Server. Identified by name or UID. + Must be set when "use-first-backup-dns-server" is true and can not be set when "use-first-backup-dns-server" is false. + type: str + use_second_backup_dns_server: + description: + - Use Second Backup DNS Server. + type: bool + second_backup_dns_server: + description: + - Second Backup DNS Server. Identified by name or UID. + Must be set when "use-second-backup-dns-server" is true and can not be set when "use-second-backup-dns-server" is false. + type: str + dns_suffixes: + description: + - DNS Suffixes. + type: str + use_primary_wins_server: + description: + - Use Primary WINS Server. + type: bool + primary_wins_server: + description: + - Primary WINS Server. Identified by name or UID. + Must be set when "use-primary-wins-server" is true and can not be set when "use-primary-wins-server" is false. + type: str + use_first_backup_wins_server: + description: + - Use First Backup WINS Server. + type: bool + first_backup_wins_server: + description: + - First Backup WINS Server. Identified by name or UID. + Must be set when "use-first-backup-wins-server" is true and can not be set when "use-first-backup-wins-server" is false. + type: str + use_second_backup_wins_server: + description: + - Use Second Backup WINS Server. + type: bool + second_backup_wins_server: + description: + - Second Backup WINS Server. Identified by name or UID. + Must be set when "use-second-backup-wins-server" is true and can not be set when "use-second-backup-wins-server" is false. + type: str + ip_lease_duration: + description: + - IP Lease Duration in Minutes. The value must be in the range 2-32767. + type: int + support_multiple_interfaces: + description: + - Support connectivity enhancement for gateways with multiple external interfaces. + type: bool + perform_anti_spoofing: + description: + - Perform Anti-Spoofing on Office Mode addresses. + type: bool + anti_spoofing_additional_addresses: + description: + - Additional IP Addresses for Anti-Spoofing. Identified by name or UID. + Must be set when "perform-anti-spoofings" is true. + type: str + remote_access: + description: + - Remote Access. + type: dict + suboptions: + support_l2tp: + description: + - Support L2TP (relevant only when office mode is active). + type: bool + l2tp_auth_method: + description: + - L2TP Authentication Method. + Must be set when "support-l2tp" is true. + type: str + choices: ['certificate', 'md5'] + l2tp_certificate: + description: + - L2TP Certificate. + Must be set when "l2tp-auth-method" was selected to be "certificate". + Insert "defaultCert" when you want to use the default certificate. + type: str + allow_vpn_clients_to_route_traffic: + description: + - Allow VPN clients to route traffic. + type: bool + support_nat_traversal_mechanism: + description: + - Support NAT traversal mechanism (UDP encapsulation). + type: bool + nat_traversal_service: + description: + - Allocated NAT traversal UDP service. Identified by name or UID. + Must be set when "support-nat-traversal-mechanism" is true. + type: str + support_visitor_mode: + description: + - Support Visitor Mode. + type: bool + visitor_mode_service: + description: + - TCP Service for Visitor Mode. Identified by name or UID. + Must be set when "support-visitor-mode" is true. + type: str + visitor_mode_interface: + description: + - Interface for Visitor Mode. + Must be set when "support-visitor-mode" is true. + Insert IPV4 Address of existing interface or "All IPs" when you want all interfaces. + type: str + vpn_domain: + description: + - Gateway VPN domain identified by the name or UID. + type: str + vpn_domain_type: + description: + - Gateway VPN domain type. + type: str + choices: ['manual', 'addresses_behind_gw'] + show_portals_certificate: + description: + - Indicates whether to show the portals certificate value in the reply. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-simple-cluster + cp_mgmt_simple_cluster: + cluster_mode: cluster-xl-ha + color: yellow + firewall: true + interfaces: + - anti_spoofing: true + interface_type: cluster + ip_address: 17.23.5.1 + name: eth0 + network_mask: 255.255.255.0 + topology: EXTERNAL + - interface_type: sync + name: eth1 + topology: INTERNAL + topology_settings: + interface_leads_to_dmz: false + ip_address_behind_this_interface: network defined by the interface ip and net + mask + - anti_spoofing: true + interface_type: cluster + ip_address: 192.168.1.1 + name: eth2 + network_mask: 255.255.255.0 + topology: INTERNAL + topology_settings: + interface_leads_to_dmz: false + ip_address_behind_this_interface: network defined by the interface ip and net + mask + ip_address: 17.23.5.1 + members: + - interfaces: + - ip_address: 17.23.5.2 + name: eth0 + network_mask: 255.255.255.0 + - ip_address: 1.1.2.4 + name: eth1 + network_mask: 255.255.255.0 + - ip_address: 192.168.1.2 + name: eth2 + network_mask: 255.255.255.0 + ip_address: 17.23.5.2 + name: member1 + one_time_password: abcd + - interfaces: + - ip_address: 17.23.5.3 + name: eth0 + network_mask: 255.255.255.0 + - ip_address: 1.1.2.5 + name: eth1 + network_mask: 255.255.255.0 + - ip_address: 192.168.1.3 + name: eth2 + network_mask: 255.255.255.0 + ip_address: 17.23.5.3 + name: member2 + one_time_password: abcd + name: cluster1 + os_name: Gaia + state: present + cluster_version: R80.30 + +- name: set-simple-cluster + cp_mgmt_simple_cluster: + name: cluster1 + state: present + +- name: delete-simple-cluster + cp_mgmt_simple_cluster: + name: cluster1 + state: absent +""" + +RETURN = """ +cp_mgmt_simple_cluster: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + anti_bot=dict(type='bool'), + anti_virus=dict(type='bool'), + application_control=dict(type='bool'), + cluster_mode=dict(type='str', choices=['cluster-xl-ha', 'cluster-ls-multicast', 'cluster-ls-unicast', 'opsec-ha', 'opsec-ls']), + content_awareness=dict(type='bool'), + firewall=dict(type='bool'), + firewall_settings=dict(type='dict', options=dict( + auto_calculate_connections_hash_table_size_and_memory_pool=dict(type='bool'), + auto_maximum_limit_for_concurrent_connections=dict(type='bool'), + connections_hash_size=dict(type='int'), + maximum_limit_for_concurrent_connections=dict(type='int'), + maximum_memory_pool_size=dict(type='int'), + memory_pool_size=dict(type='int') + )), + hardware=dict(type='str'), + interfaces=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + interface_type=dict(type='str', choices=['cluster', 'sync', 'cluster + sync', 'private']), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + network_mask=dict(type='str'), + ipv4_network_mask=dict(type='str'), + ipv6_network_mask=dict(type='str'), + mask_length=dict(type='str'), + ipv4_mask_length=dict(type='str'), + ipv6_mask_length=dict(type='str'), + anti_spoofing=dict(type='bool'), + anti_spoofing_settings=dict(type='dict', options=dict( + action=dict(type='str', choices=['prevent', 'detect']), + exclude_packets=dict(type='bool'), + excluded_network_name=dict(type='str'), + excluded_network_uid=dict(type='str'), + spoof_tracking=dict(type='str', choices=['none', 'log', 'alert']) + )), + multicast_address=dict(type='str'), + multicast_address_type=dict(type='str', choices=['manual', 'default']), + security_zone=dict(type='bool'), + security_zone_settings=dict(type='dict', options=dict( + auto_calculated=dict(type='bool'), + specific_zone=dict(type='str') + )), + tags=dict(type='list', elements='str'), + topology=dict(type='str', choices=['automatic', 'external', 'internal']), + topology_settings=dict(type='dict', options=dict( + interface_leads_to_dmz=dict(type='bool'), + ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask', + 'network defined by routing', 'specific']), + specific_network=dict(type='str') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', + 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', + 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', + 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', + 'sienna', 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + ips=dict(type='bool'), + members=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + interfaces=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + anti_spoofing=dict(type='bool'), + anti_spoofing_settings=dict(type='dict', options=dict( + action=dict(type='str', choices=['prevent', 'detect']), + exclude_packets=dict(type='bool'), + excluded_network_name=dict(type='str'), + excluded_network_uid=dict(type='str'), + spoof_tracking=dict(type='str', choices=['none', 'log', 'alert']) + )), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + network_mask=dict(type='str'), + ipv4_network_mask=dict(type='str'), + ipv6_network_mask=dict(type='str'), + mask_length=dict(type='str'), + ipv4_mask_length=dict(type='str'), + ipv6_mask_length=dict(type='str'), + security_zone=dict(type='bool'), + security_zone_settings=dict(type='dict', options=dict( + auto_calculated=dict(type='bool'), + specific_zone=dict(type='str') + )), + tags=dict(type='list', elements='str'), + topology=dict(type='str', choices=['automatic', 'external', 'internal']), + topology_settings=dict(type='dict', options=dict( + interface_leads_to_dmz=dict(type='bool'), + ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask', + 'network defined by routing', 'specific']), + specific_network=dict(type='str') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', + 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', + 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + one_time_password=dict(type='str', no_log=True), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', + 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', + 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', + 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', + 'sienna', 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + os_name=dict(type='str'), + platform_portal_settings=dict(type='dict', options=dict( + portal_web_settings=dict(type='dict', options=dict( + aliases=dict(type='list', elements='str'), + ip_address=dict(type='str'), + main_url=dict(type='str') + )), + certificate_settings=dict(type='dict', options=dict( + base64_certificate=dict(type='str'), + base64_password=dict(type='str', no_log=True) + )), + accessibility=dict(type='dict', options=dict( + allow_access_from=dict(type='str', choices=['rule_base', 'internal_interfaces', 'all_interfaces']), + internal_access_settings=dict(type='dict', options=dict( + undefined=dict(type='bool'), + dmz=dict(type='bool'), + vpn=dict(type='bool') + )) + )) + )), + send_alerts_to_server=dict(type='list', elements='str'), + send_logs_to_backup_server=dict(type='list', elements='str'), + send_logs_to_server=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + threat_emulation=dict(type='bool'), + threat_extraction=dict(type='bool'), + threat_prevention_mode=dict(type='str', choices=['autonomous', 'custom']), + url_filtering=dict(type='bool'), + usercheck_portal_settings=dict(type='dict', options=dict( + enabled=dict(type='bool'), + portal_web_settings=dict(type='dict', options=dict( + aliases=dict(type='list', elements='str'), + ip_address=dict(type='str'), + main_url=dict(type='str') + )), + certificate_settings=dict(type='dict', options=dict( + base64_certificate=dict(type='str'), + base64_password=dict(type='str', no_log=True) + )), + accessibility=dict(type='dict', options=dict( + allow_access_from=dict(type='str', choices=['rule_base', 'internal_interfaces', 'all_interfaces']), + internal_access_settings=dict(type='dict', options=dict( + undefined=dict(type='bool'), + dmz=dict(type='bool'), + vpn=dict(type='bool') + )) + )) + )), + cluster_version=dict(type='str'), + vpn=dict(type='bool'), + vpn_settings=dict(type='dict', options=dict( + authentication=dict(type='dict', options=dict( + authentication_clients=dict(type='list', elements='str') + )), + link_selection=dict(type='dict', options=dict( + ip_selection=dict(type='str', choices=['use-main-address', + 'use-selected-address-from-topology', 'use-statically-nated-ip', 'calculated-ip-based-on-topology', + 'dns-resolving-from-hostname', 'dns-resolving-from-gateway-and-domain-name', + 'use-probing-with-high-availability', 'use-probing-with-load-sharing', 'use-one-time-probing']), + dns_resolving_hostname=dict(type='str'), + ip_address=dict(type='str') + )), + maximum_concurrent_ike_negotiations=dict(type='int'), + maximum_concurrent_tunnels=dict(type='int'), + office_mode=dict(type='dict', options=dict( + mode=dict(type='str', choices=['off', 'specific-group', 'all-users']), + group=dict(type='str'), + allocate_ip_address_from=dict(type='dict', options=dict( + radius_server=dict(type='bool'), + use_allocate_method=dict(type='bool'), + allocate_method=dict(type='str', choices=['manual', 'automatic']), + manual_network=dict(type='str'), + dhcp_server=dict(type='str'), + virtual_ip_address=dict(type='str'), + dhcp_mac_address=dict(type='str', choices=['per-machine', 'per-user']), + optional_parameters=dict(type='dict', options=dict( + use_primary_dns_server=dict(type='bool'), + primary_dns_server=dict(type='str'), + use_first_backup_dns_server=dict(type='bool'), + first_backup_dns_server=dict(type='str'), + use_second_backup_dns_server=dict(type='bool'), + second_backup_dns_server=dict(type='str'), + dns_suffixes=dict(type='str'), + use_primary_wins_server=dict(type='bool'), + primary_wins_server=dict(type='str'), + use_first_backup_wins_server=dict(type='bool'), + first_backup_wins_server=dict(type='str'), + use_second_backup_wins_server=dict(type='bool'), + second_backup_wins_server=dict(type='str'), + ip_lease_duration=dict(type='int') + )) + )), + support_multiple_interfaces=dict(type='bool'), + perform_anti_spoofing=dict(type='bool'), + anti_spoofing_additional_addresses=dict(type='str') + )), + remote_access=dict(type='dict', options=dict( + support_l2tp=dict(type='bool'), + l2tp_auth_method=dict(type='str', choices=['certificate', 'md5']), + l2tp_certificate=dict(type='str'), + allow_vpn_clients_to_route_traffic=dict(type='bool'), + support_nat_traversal_mechanism=dict(type='bool'), + nat_traversal_service=dict(type='str'), + support_visitor_mode=dict(type='bool'), + visitor_mode_service=dict(type='str'), + visitor_mode_interface=dict(type='str') + )), + vpn_domain=dict(type='str'), + vpn_domain_type=dict(type='str', choices=['manual', 'addresses_behind_gw']) + )), + show_portals_certificate=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'simple-cluster' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster_facts.py new file mode 100644 index 00000000..c422eabf --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster_facts.py @@ -0,0 +1,156 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_simple_cluster_facts +short_description: Get simple-cluster objects facts on Checkpoint over Web Services API +description: + - Get simple-cluster objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + limit_interfaces: + description: + - Limit number of interfaces to show. Default is 50. + type: int + show_portals_certificate: + description: + - Indicates whether to show the portals certificate value in the reply. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-simple-cluster + cp_mgmt_simple_cluster_facts: + name: cluster1 + +- name: show-simple-clusters + cp_mgmt_simple_cluster_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + limit_interfaces=dict(type='int'), + show_portals_certificate=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "simple-cluster" + api_call_object_plural_version = "simple-clusters" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway.py new file mode 100644 index 00000000..ce530d3f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway.py @@ -0,0 +1,637 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_simple_gateway +short_description: Manages simple-gateway objects on Check Point over Web Services API +description: + - Manages simple-gateway objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + anti_bot: + description: + - Anti-Bot blade enabled. + type: bool + anti_virus: + description: + - Anti-Virus blade enabled. + type: bool + application_control: + description: + - Application Control blade enabled. + type: bool + content_awareness: + description: + - Content Awareness blade enabled. + type: bool + firewall: + description: + - Firewall blade enabled. + type: bool + firewall_settings: + description: + - N/A + type: dict + suboptions: + auto_calculate_connections_hash_table_size_and_memory_pool: + description: + - N/A + type: bool + auto_maximum_limit_for_concurrent_connections: + description: + - N/A + type: bool + connections_hash_size: + description: + - N/A + type: int + maximum_limit_for_concurrent_connections: + description: + - N/A + type: int + maximum_memory_pool_size: + description: + - N/A + type: int + memory_pool_size: + description: + - N/A + type: int + interfaces: + description: + - Network interfaces. When a gateway is updated with a new interfaces, the existing interfaces are removed. + type: list + elements: dict + suboptions: + name: + description: + - Object name. + type: str + anti_spoofing: + description: + - N/A + type: bool + anti_spoofing_settings: + description: + - N/A + type: dict + suboptions: + action: + description: + - If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option). + type: str + choices: ['prevent', 'detect'] + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + network_mask: + description: + - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of + providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use + ipv4-mask-length and ipv6-mask-length fields explicitly. + type: str + ipv4_network_mask: + description: + - IPv4 network address. + type: str + ipv6_network_mask: + description: + - IPv6 network address. + type: str + mask_length: + description: + - IPv4 or IPv6 network mask length. + type: str + ipv4_mask_length: + description: + - IPv4 network mask length. + type: str + ipv6_mask_length: + description: + - IPv6 network mask length. + type: str + security_zone: + description: + - N/A + type: bool + security_zone_settings: + description: + - N/A + type: dict + suboptions: + auto_calculated: + description: + - Security Zone is calculated according to where the interface leads to. + type: bool + specific_zone: + description: + - Security Zone specified manually. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + topology: + description: + - N/A + type: str + choices: ['automatic', 'external', 'internal'] + topology_settings: + description: + - N/A + type: dict + suboptions: + interface_leads_to_dmz: + description: + - Whether this interface leads to demilitarized zone (perimeter network). + type: bool + ip_address_behind_this_interface: + description: + - N/A + type: str + choices: ['not defined', 'network defined by the interface ip and net mask', 'network defined by routing', 'specific'] + specific_network: + description: + - Network behind this interface. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', + 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', + 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + ips: + description: + - Intrusion Prevention System blade enabled. + type: bool + logs_settings: + description: + - N/A + type: dict + suboptions: + alert_when_free_disk_space_below: + description: + - N/A + type: bool + alert_when_free_disk_space_below_threshold: + description: + - N/A + type: int + alert_when_free_disk_space_below_type: + description: + - N/A + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + before_delete_keep_logs_from_the_last_days: + description: + - N/A + type: bool + before_delete_keep_logs_from_the_last_days_threshold: + description: + - N/A + type: int + before_delete_run_script: + description: + - N/A + type: bool + before_delete_run_script_command: + description: + - N/A + type: str + delete_index_files_older_than_days: + description: + - N/A + type: bool + delete_index_files_older_than_days_threshold: + description: + - N/A + type: int + delete_index_files_when_index_size_above: + description: + - N/A + type: bool + delete_index_files_when_index_size_above_threshold: + description: + - N/A + type: int + delete_when_free_disk_space_below: + description: + - N/A + type: bool + delete_when_free_disk_space_below_threshold: + description: + - N/A + type: int + detect_new_citrix_ica_application_names: + description: + - N/A + type: bool + forward_logs_to_log_server: + description: + - N/A + type: bool + forward_logs_to_log_server_name: + description: + - N/A + type: str + forward_logs_to_log_server_schedule_name: + description: + - N/A + type: str + free_disk_space_metrics: + description: + - N/A + type: str + choices: ['mbytes', 'percent'] + perform_log_rotate_before_log_forwarding: + description: + - N/A + type: bool + reject_connections_when_free_disk_space_below_threshold: + description: + - N/A + type: bool + reserve_for_packet_capture_metrics: + description: + - N/A + type: str + choices: ['percent', 'mbytes'] + reserve_for_packet_capture_threshold: + description: + - N/A + type: int + rotate_log_by_file_size: + description: + - N/A + type: bool + rotate_log_file_size_threshold: + description: + - N/A + type: int + rotate_log_on_schedule: + description: + - N/A + type: bool + rotate_log_schedule_name: + description: + - N/A + type: str + stop_logging_when_free_disk_space_below: + description: + - N/A + type: bool + stop_logging_when_free_disk_space_below_threshold: + description: + - N/A + type: int + turn_on_qos_logging: + description: + - N/A + type: bool + update_account_log_every: + description: + - N/A + type: int + one_time_password: + description: + - N/A + type: str + os_name: + description: + - Gateway platform operating system. + type: str + save_logs_locally: + description: + - Save logs locally on the gateway. + type: bool + send_alerts_to_server: + description: + - Server(s) to send alerts to. + type: list + elements: str + send_logs_to_backup_server: + description: + - Backup server(s) to send logs to. + type: list + elements: str + send_logs_to_server: + description: + - Server(s) to send logs to. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + threat_emulation: + description: + - Threat Emulation blade enabled. + type: bool + threat_extraction: + description: + - Threat Extraction blade enabled. + type: bool + url_filtering: + description: + - URL Filtering blade enabled. + type: bool + gateway_version: + description: + - Gateway platform version. + type: str + vpn: + description: + - VPN blade enabled. + type: bool + vpn_settings: + description: + - Gateway VPN settings. + type: dict + suboptions: + maximum_concurrent_ike_negotiations: + description: + - N/A + type: int + maximum_concurrent_tunnels: + description: + - N/A + type: int + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-simple-gateway + cp_mgmt_simple_gateway: + ip_address: 192.0.2.1 + name: gw1 + state: present + +- name: set-simple-gateway + cp_mgmt_simple_gateway: + anti_bot: true + anti_virus: true + application_control: true + ips: true + name: test_gateway + state: present + threat_emulation: true + url_filtering: true + +- name: delete-simple-gateway + cp_mgmt_simple_gateway: + name: gw1 + state: absent +""" + +RETURN = """ +cp_mgmt_simple_gateway: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + anti_bot=dict(type='bool'), + anti_virus=dict(type='bool'), + application_control=dict(type='bool'), + content_awareness=dict(type='bool'), + firewall=dict(type='bool'), + firewall_settings=dict(type='dict', options=dict( + auto_calculate_connections_hash_table_size_and_memory_pool=dict(type='bool'), + auto_maximum_limit_for_concurrent_connections=dict(type='bool'), + connections_hash_size=dict(type='int'), + maximum_limit_for_concurrent_connections=dict(type='int'), + maximum_memory_pool_size=dict(type='int'), + memory_pool_size=dict(type='int') + )), + interfaces=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + anti_spoofing=dict(type='bool'), + anti_spoofing_settings=dict(type='dict', options=dict( + action=dict(type='str', choices=['prevent', 'detect']) + )), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + network_mask=dict(type='str'), + ipv4_network_mask=dict(type='str'), + ipv6_network_mask=dict(type='str'), + mask_length=dict(type='str'), + ipv4_mask_length=dict(type='str'), + ipv6_mask_length=dict(type='str'), + security_zone=dict(type='bool'), + security_zone_settings=dict(type='dict', options=dict( + auto_calculated=dict(type='bool'), + specific_zone=dict(type='str') + )), + tags=dict(type='list', elements='str'), + topology=dict(type='str', choices=['automatic', 'external', 'internal']), + topology_settings=dict(type='dict', options=dict( + interface_leads_to_dmz=dict(type='bool'), + ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask', + 'network defined by routing', 'specific']), + specific_network=dict(type='str') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', + 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', + 'firebrick', + 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', + 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', + 'red', + 'sienna', 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + ips=dict(type='bool'), + logs_settings=dict(type='dict', options=dict( + alert_when_free_disk_space_below=dict(type='bool'), + alert_when_free_disk_space_below_threshold=dict(type='int'), + alert_when_free_disk_space_below_type=dict(type='str', choices=['none', + 'log', 'popup alert', 'mail alert', 'snmp trap alert', + 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + before_delete_keep_logs_from_the_last_days=dict(type='bool'), + before_delete_keep_logs_from_the_last_days_threshold=dict(type='int'), + before_delete_run_script=dict(type='bool'), + before_delete_run_script_command=dict(type='str'), + delete_index_files_older_than_days=dict(type='bool'), + delete_index_files_older_than_days_threshold=dict(type='int'), + delete_index_files_when_index_size_above=dict(type='bool'), + delete_index_files_when_index_size_above_threshold=dict(type='int'), + delete_when_free_disk_space_below=dict(type='bool'), + delete_when_free_disk_space_below_threshold=dict(type='int'), + detect_new_citrix_ica_application_names=dict(type='bool'), + forward_logs_to_log_server=dict(type='bool'), + forward_logs_to_log_server_name=dict(type='str'), + forward_logs_to_log_server_schedule_name=dict(type='str'), + free_disk_space_metrics=dict(type='str', choices=['mbytes', 'percent']), + perform_log_rotate_before_log_forwarding=dict(type='bool'), + reject_connections_when_free_disk_space_below_threshold=dict(type='bool'), + reserve_for_packet_capture_metrics=dict(type='str', choices=['percent', 'mbytes']), + reserve_for_packet_capture_threshold=dict(type='int'), + rotate_log_by_file_size=dict(type='bool'), + rotate_log_file_size_threshold=dict(type='int'), + rotate_log_on_schedule=dict(type='bool'), + rotate_log_schedule_name=dict(type='str'), + stop_logging_when_free_disk_space_below=dict(type='bool'), + stop_logging_when_free_disk_space_below_threshold=dict(type='int'), + turn_on_qos_logging=dict(type='bool'), + update_account_log_every=dict(type='int') + )), + one_time_password=dict(type='str', no_log=True), + os_name=dict(type='str'), + save_logs_locally=dict(type='bool'), + send_alerts_to_server=dict(type='list', elements='str'), + send_logs_to_backup_server=dict(type='list', elements='str'), + send_logs_to_server=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + threat_emulation=dict(type='bool'), + threat_extraction=dict(type='bool'), + url_filtering=dict(type='bool'), + gateway_version=dict(type='str'), + vpn=dict(type='bool'), + vpn_settings=dict(type='dict', options=dict( + maximum_concurrent_ike_negotiations=dict(type='int'), + maximum_concurrent_tunnels=dict(type='int') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', + 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'simple-gateway' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway_facts.py new file mode 100644 index 00000000..cdccabb1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway_facts.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_simple_gateway_facts +short_description: Get simple-gateway objects facts on Check Point over Web Services API +description: + - Get simple-gateway objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-simple-gateway + cp_mgmt_simple_gateway_facts: + name: gw1 + +- name: show-simple-gateways + cp_mgmt_simple_gateway_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "simple-gateway" + api_call_object_plural_version = "simple-gateways" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server.py new file mode 100644 index 00000000..7feb0b7e --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server.py @@ -0,0 +1,171 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_smtp_server +short_description: Manages smtp-server objects on Checkpoint over Web Services API +description: + - Manages smtp-server objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + port: + description: + - The SMTP port to use. + type: int + server: + description: + - The SMTP server address. + type: str + password: + description: + - A password for the SMTP server. + type: str + username: + description: + - A username for the SMTP server. + type: str + authentication: + description: + - Does the mail server requires authentication. + type: bool + encryption: + description: + - Encryption type. + type: str + choices: ['none', 'ssl', 'tls'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-smtp-server + cp_mgmt_smtp_server: + encryption: none + name: SMTP1 + port: '25' + server: smtp.example.com + state: present + +- name: set-smtp-server + cp_mgmt_smtp_server: + name: SMTP + port: '25' + server: smtp.example.com + state: present + +- name: delete-smtp-server + cp_mgmt_smtp_server: + name: SMTP + state: absent +""" + +RETURN = """ +cp_mgmt_smtp_server: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + port=dict(type='int'), + server=dict(type='str'), + password=dict(type='str', no_log=True), + username=dict(type='str'), + authentication=dict(type='bool'), + encryption=dict(type='str', choices=['none', 'ssl', 'tls']), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'smtp-server' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server_facts.py new file mode 100644 index 00000000..b574885f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server_facts.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_smtp_server_facts +short_description: Get smtp-server objects facts on Checkpoint over Web Services API +description: + - Get smtp-server objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-smtp-server + cp_mgmt_smtp_server_facts: + name: SMTP + +- name: show-smtp-servers + cp_mgmt_smtp_server_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "smtp-server" + api_call_object_plural_version = "smtp-servers" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_submit_session.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_submit_session.py new file mode 100644 index 00000000..0dfdd0f5 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_submit_session.py @@ -0,0 +1,77 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_submit_session +short_description: Workflow feature - Submit the session for approval. +description: + - Workflow feature - Submit the session for approval. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + uid: + description: + - Session unique identifier. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: submit-session + cp_mgmt_submit_session: + uid: 41e821a0-3720-11e3-aa6e-0800200c9fde +""" + +RETURN = """ +cp_mgmt_submit_session: + description: The checkpoint submit-session output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + uid=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "submit-session" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag.py new file mode 100644 index 00000000..07bc150c --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag.py @@ -0,0 +1,126 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_tag +short_description: Manages tag objects on Check Point over Web Services API +description: + - Manages tag objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-tag + cp_mgmt_tag: + name: My New Tag1 + state: present + tags: + - tag1 + - tag2 + +- name: delete-tag + cp_mgmt_tag: + name: My New Tag1 + state: absent +""" + +RETURN = """ +cp_mgmt_tag: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'tag' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag_facts.py new file mode 100644 index 00000000..942e1415 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag_facts.py @@ -0,0 +1,124 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_tag_facts +short_description: Get tag objects facts on Check Point over Web Services API +description: + - Get tag objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-tag + cp_mgmt_tag_facts: + name: f96b37ec-e22e-4945-8bbf-d37b117914e0 + +- name: show-tags + cp_mgmt_tag_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "tag" + api_call_object_plural_version = "tags" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_test_sic_status.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_test_sic_status.py new file mode 100644 index 00000000..2eb7dbf0 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_test_sic_status.py @@ -0,0 +1,82 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_test_sic_status +short_description: Test SIC Status reflects the state of the gateway after it has received the certificate issued by the + ICA. If the SIC status is Unknown then there is no connection between the gateway and the Security + Management Server. If the SIC status is No Communication, an error message will appear. It may + contain specific instructions on how to fix the situation. +description: + - Test SIC Status reflects the state of the gateway after it has received the certificate issued by the ICA. If the SIC status is Unknown then there is + no connection between the gateway and the Security Management Server. If the SIC status is No Communication, an error message will appear. It may contain + specific instructions on how to fix the situation. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Gateway, cluster member or Check Point host name. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: test-sic-status + cp_mgmt_test_sic_status: + name: gw1 +""" + +RETURN = """ +cp_mgmt_test_sic_status: + description: The checkpoint test-sic-status output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "test-sic-status" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception.py new file mode 100644 index 00000000..b6ea57f6 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception.py @@ -0,0 +1,219 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_exception +short_description: Manages threat-exception objects on Check Point over Web Services API +description: + - Manages threat-exception objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the exception. + type: str + required: True + position: + description: + - Position in the rulebase. The use of values "top" and "bottom" may not be idempotent. + type: str + exception_group_uid: + description: + - The UID of the exception-group. + type: str + exception_group_name: + description: + - The name of the exception-group. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + rule_name: + description: + - The name of the parent rule. + type: str + action: + description: + - Action-the enforced profile. + type: str + destination: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + destination_negate: + description: + - True if negate is set for destination. + type: bool + enabled: + description: + - Enable/Disable the rule. + type: bool + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + elements: str + protected_scope: + description: + - Collection of objects defining Protected Scope identified by the name or UID. + type: list + elements: str + protected_scope_negate: + description: + - True if negate is set for Protected Scope. + type: bool + protection_or_site: + description: + - Name of the protection or site. + type: list + elements: str + service: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + service_negate: + description: + - True if negate is set for Service. + type: bool + source: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + source_negate: + description: + - True if negate is set for source. + type: bool + track: + description: + - Packet tracking. + type: str + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-threat-exception + cp_mgmt_threat_exception: + layer: New Layer 1 + name: Exception Rule + position: 1 + protected_scope: All_Internet + rule_name: Threat Rule 1 + state: present + track: Log + +- name: set-threat-exception + cp_mgmt_threat_exception: + layer: New Layer 1 + name: Exception Rule + rule_name: Threat Rule 1 + state: present + +- name: delete-threat-exception + cp_mgmt_threat_exception: + name: Exception Rule + layer: New Layer 1 + rule_name: Threat Rule 1 + state: absent +""" + +RETURN = """ +cp_mgmt_threat_exception: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + position=dict(type='str'), + exception_group_uid=dict(type='str'), + exception_group_name=dict(type='str'), + layer=dict(type='str'), + rule_name=dict(type='str'), + action=dict(type='str'), + destination=dict(type='list', elements='str'), + destination_negate=dict(type='bool'), + enabled=dict(type='bool'), + install_on=dict(type='list', elements='str'), + protected_scope=dict(type='list', elements='str'), + protected_scope_negate=dict(type='bool'), + protection_or_site=dict(type='list', elements='str'), + service=dict(type='list', elements='str'), + service_negate=dict(type='bool'), + source=dict(type='list', elements='str'), + source_negate=dict(type='bool'), + track=dict(type='str'), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'threat-exception' + + if module.params['position'] is None: + result = api_call(module, api_call_object) + else: + result = api_call_for_rule(module, api_call_object) + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception_facts.py new file mode 100644 index 00000000..1455df23 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception_facts.py @@ -0,0 +1,223 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_exception_facts +short_description: Get threat-exception objects facts on Check Point over Web Services API +description: + - Get threat-exception objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the layer containing the parent threat rule. + This parameter is relevant only for getting few objects. + type: str + exception_group_uid: + description: + - The UID of the exception-group. + type: str + exception_group_name: + description: + - The name of the exception-group. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + rule_name: + description: + - The name of the parent rule. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical + operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies. + type: str + filter_settings: + description: + - Sets filter preferences. + type: dict + suboptions: + search_mode: + description: + - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any' + object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell + or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior. + type: str + choices: ['general', 'packet'] + packet_search_settings: + description: + - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences. + type: dict + suboptions: + expand_group_members: + description: + - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at + least one member of the group. + type: bool + expand_group_with_exclusion_members: + description: + - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that + match at least one member of the "include" part and is not a member of the "except" part. + type: bool + match_on_any: + description: + - Whether to match on 'Any' object. + type: bool + match_on_group_with_exclusion: + description: + - Whether to match on a group-with-exclusion. + type: bool + match_on_negate: + description: + - Whether to match on a negated cell. + type: bool + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + package: + description: + - Name of the package. + type: str + use_object_dictionary: + description: + - N/A + type: bool + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-threat-exception + cp_mgmt_threat_exception_facts: + name: Exception Rule + layer: New Layer 1 + rule_name: Threat Rule 1 + +- name: show-threat-rule-exception-rulebase + cp_mgmt_threat_exception_facts: + name: Standard Threat Prevention + rule_name: Threat Rule 1 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + exception_group_uid=dict(type='str'), + exception_group_name=dict(type='str'), + layer=dict(type='str'), + rule_name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + filter_settings=dict(type='dict', options=dict( + search_mode=dict(type='str', choices=['general', 'packet']), + packet_search_settings=dict(type='dict', options=dict( + expand_group_members=dict(type='bool'), + expand_group_with_exclusion_members=dict(type='bool'), + match_on_any=dict(type='bool'), + match_on_group_with_exclusion=dict(type='bool'), + match_on_negate=dict(type='bool') + )) + )), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + package=dict(type='str'), + use_object_dictionary=dict(type='bool'), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "threat-exception" + api_call_object_plural_version = "threat-rule-exception-rulebase" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator.py new file mode 100644 index 00000000..67772aef --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator.py @@ -0,0 +1,274 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_indicator +short_description: Manages threat-indicator objects on Check Point over Web Services API +description: + - Manages threat-indicator objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + observables: + description: + - The indicator's observables. + type: list + elements: dict + suboptions: + name: + description: + - Object name. Should be unique in the domain. + type: str + md5: + description: + - A valid MD5 sequence. + type: str + url: + description: + - A valid URL. + type: str + ip_address: + description: + - A valid IP-Address. + type: str + ip_address_first: + description: + - A valid IP-Address, the beginning of the range. If you configure this parameter with a value, you must also configure the value of the + 'ip-address-last' parameter. + type: str + ip_address_last: + description: + - A valid IP-Address, the end of the range. If you configure this parameter with a value, you must also configure the value of the + 'ip-address-first' parameter. + type: str + domain: + description: + - The name of a domain. + type: str + mail_to: + description: + - A valid E-Mail address, recipient filed. + type: str + mail_from: + description: + - A valid E-Mail address, sender field. + type: str + mail_cc: + description: + - A valid E-Mail address, cc field. + type: str + mail_reply_to: + description: + - A valid E-Mail address, reply-to field. + type: str + mail_subject: + description: + - Subject of E-Mail. + type: str + confidence: + description: + - The confidence level the indicator has that a real threat has been uncovered. + type: str + choices: ['low', 'medium', 'high', 'critical'] + product: + description: + - The software blade that processes the observable, AV - AntiVirus, AB - AntiBot. + type: str + choices: ['AV', 'AB'] + severity: + description: + - The severity level of the threat. + type: str + choices: ['low', 'medium', 'high', 'critical'] + comments: + description: + - Comments string. + type: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + observables_raw_data: + description: + - The contents of a file containing the indicator's observables. + type: str + action: + description: + - The indicator's action. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + profile_overrides: + description: + - Profiles in which to override the indicator's default action. + type: list + elements: dict + suboptions: + action: + description: + - The indicator's action in this profile. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + profile: + description: + - The profile in which to override the indicator's action. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-threat-indicator + cp_mgmt_threat_indicator: + action: ask + ignore_warnings: true + name: My_Indicator + observables: + - confidence: medium + mail_to: someone@somewhere.com + name: My_Observable + product: AV + severity: low + profile_overrides: + - action: detect + profile: My_Profile + state: present + +- name: set-threat-indicator + cp_mgmt_threat_indicator: + action: prevent + ignore_warnings: true + name: My_Indicator + state: present + +- name: delete-threat-indicator + cp_mgmt_threat_indicator: + name: My_Indicator + state: absent +""" + +RETURN = """ +cp_mgmt_threat_indicator: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + observables=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + md5=dict(type='str'), + url=dict(type='str'), + ip_address=dict(type='str'), + ip_address_first=dict(type='str'), + ip_address_last=dict(type='str'), + domain=dict(type='str'), + mail_to=dict(type='str'), + mail_from=dict(type='str'), + mail_cc=dict(type='str'), + mail_reply_to=dict(type='str'), + mail_subject=dict(type='str'), + confidence=dict(type='str', choices=['low', 'medium', 'high', 'critical']), + product=dict(type='str', choices=['AV', 'AB']), + severity=dict(type='str', choices=['low', 'medium', 'high', 'critical']), + comments=dict(type='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + observables_raw_data=dict(type='str'), + action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + profile_overrides=dict(type='list', elements='dict', options=dict( + action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + profile=dict(type='str') + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'threat-indicator' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator_facts.py new file mode 100644 index 00000000..3d441c43 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator_facts.py @@ -0,0 +1,124 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_indicator_facts +short_description: Get threat-indicator objects facts on Check Point over Web Services API +description: + - Get threat-indicator objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-threat-indicator + cp_mgmt_threat_indicator_facts: + name: My_Indicator + +- name: show-threat-indicators + cp_mgmt_threat_indicator_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "threat-indicator" + api_call_object_plural_version = "threat-indicators" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer.py new file mode 100644 index 00000000..991b533e --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer.py @@ -0,0 +1,128 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_layer +short_description: Manages threat-layer objects on Check Point over Web Services API +description: + - Manages threat-layer objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + add_default_rule: + description: + - Indicates whether to include a default rule in the new layer. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-threat-layer + cp_mgmt_threat_layer: + name: New Layer 1 + state: present + +- name: delete-threat-layer + cp_mgmt_threat_layer: + name: New Layer 2 + state: absent +""" + +RETURN = """ +cp_mgmt_threat_layer: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + add_default_rule=dict(type='bool'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'threat-layer' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer_facts.py new file mode 100644 index 00000000..c432b56e --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_layer_facts +short_description: Get threat-layer objects facts on Check Point over Web Services API +description: + - Get threat-layer objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-threat-layer + cp_mgmt_threat_layer_facts: + name: New Layer 1 + +- name: show-threat-layers + cp_mgmt_threat_layer_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "threat-layer" + api_call_object_plural_version = "threat-layers" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile.py new file mode 100644 index 00000000..e41b82c8 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile.py @@ -0,0 +1,406 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_profile +short_description: Manages threat-profile objects on Check Point over Web Services API +description: + - Manages threat-profile objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + active_protections_performance_impact: + description: + - Protections with this performance impact only will be activated in the profile. + type: str + choices: ['high', 'medium', 'low', 'very_low'] + active_protections_severity: + description: + - Protections with this severity only will be activated in the profile. + type: str + choices: ['Critical', 'High', 'Medium or above', 'Low or above'] + confidence_level_high: + description: + - Action for protections with high confidence level. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + confidence_level_low: + description: + - Action for protections with low confidence level. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + confidence_level_medium: + description: + - Action for protections with medium confidence level. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + indicator_overrides: + description: + - Indicators whose action will be overridden in this profile. + type: list + elements: dict + suboptions: + action: + description: + - The indicator's action in this profile. + type: str + choices: ['Inactive', 'Ask', 'Prevent', 'Detect'] + indicator: + description: + - The indicator whose action is to be overridden. + type: str + ips_settings: + description: + - IPS blade settings. + type: dict + suboptions: + exclude_protection_with_performance_impact: + description: + - Whether to exclude protections depending on their level of performance impact. + type: bool + exclude_protection_with_performance_impact_mode: + description: + - Exclude protections with this level of performance impact. + type: str + choices: ['very low', 'low or lower', 'medium or lower', 'high or lower'] + exclude_protection_with_severity: + description: + - Whether to exclude protections depending on their level of severity. + type: bool + exclude_protection_with_severity_mode: + description: + - Exclude protections with this level of severity. + type: str + choices: ['low or above', 'medium or above', 'high or above', 'critical'] + newly_updated_protections: + description: + - Activation of newly updated protections. + type: str + choices: ['active', 'inactive', 'staging'] + malicious_mail_policy_settings: + description: + - Malicious Mail Policy for MTA Gateways. + type: dict + suboptions: + add_customized_text_to_email_body: + description: + - Add customized text to the malicious email body. + type: bool + add_email_subject_prefix: + description: + - Add a prefix to the malicious email subject. + type: bool + add_x_header_to_email: + description: + - Add an X-Header to the malicious email. + type: bool + email_action: + description: + - Block - block the entire malicious email<br>Allow - pass the malicious email and apply email changes (like, remove attachments and + links, add x-header, etc...). + type: str + choices: ['allow', 'block'] + email_body_customized_text: + description: + - Customized text for the malicious email body.<br> Available predefined fields,<br> $verdicts$ - the malicious/error attachments/links verdict. + type: str + email_subject_prefix_text: + description: + - Prefix for the malicious email subject. + type: str + failed_to_scan_attachments_text: + description: + - Replace attachments that failed to be scanned with this text.<br> Available predefined fields,<br> $filename$ - the malicious file + name.<br> $md5$ - MD5 of the malicious file. + type: str + malicious_attachments_text: + description: + - Replace malicious attachments with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ - + MD5 of the malicious file. + type: str + malicious_links_text: + description: + - Replace malicious links with this text.<br> Available predefined fields,<br> $neutralized_url$ - neutralized malicious link. + type: str + remove_attachments_and_links: + description: + - Remove attachments and links from the malicious email. + type: bool + send_copy: + description: + - Send a copy of the malicious email to the recipient list. + type: bool + send_copy_list: + description: + - Recipient list to send a copy of the malicious email. + type: list + elements: str + overrides: + description: + - Overrides per profile for this protection. + type: list + elements: dict + suboptions: + action: + description: + - Protection action. + type: str + choices: ['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept'] + protection: + description: + - IPS protection identified by name or UID. + type: str + capture_packets: + description: + - Capture packets. + type: bool + track: + description: + - Tracking method for protection. + type: str + choices: ['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2'] + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + use_indicators: + description: + - Indicates whether the profile should make use of indicators. + type: bool + anti_bot: + description: + - Is Anti-Bot blade activated. + type: bool + anti_virus: + description: + - Is Anti-Virus blade activated. + type: bool + ips: + description: + - Is IPS blade activated. + type: bool + threat_emulation: + description: + - Is Threat Emulation blade activated. + type: bool + activate_protections_by_extended_attributes: + description: + - Activate protections by these extended attributes. + type: list + elements: dict + suboptions: + name: + description: + - IPS tag name. + type: str + category: + description: + - IPS tag category name. + type: str + deactivate_protections_by_extended_attributes: + description: + - Deactivate protections by these extended attributes. + type: list + elements: dict + suboptions: + name: + description: + - IPS tag name. + type: str + category: + description: + - IPS tag category name. + type: str + use_extended_attributes: + description: + - Whether to activate/deactivate IPS protections according to the extended attributes. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-threat-profile + cp_mgmt_threat_profile: + active_protections_performance_impact: low + active_protections_severity: low or above + anti_bot: true + anti_virus: true + confidence_level_high: prevent + confidence_level_medium: prevent + ips: true + ips_settings: + exclude_protection_with_performance_impact: true + exclude_protection_with_performance_impact_mode: high or lower + newly_updated_protections: staging + name: New Profile 1 + state: present + threat_emulation: true + +- name: set-threat-profile + cp_mgmt_threat_profile: + active_protections_performance_impact: low + active_protections_severity: low or above + anti_bot: true + anti_virus: false + comments: update recommended profile + confidence_level_high: prevent + confidence_level_low: prevent + confidence_level_medium: prevent + ips: false + ips_settings: + exclude_protection_with_performance_impact: true + exclude_protection_with_performance_impact_mode: high or lower + newly_updated_protections: active + name: New Profile 1 + state: present + threat_emulation: true + +- name: delete-threat-profile + cp_mgmt_threat_profile: + name: New Profile 1 + state: absent +""" + +RETURN = """ +cp_mgmt_threat_profile: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + active_protections_performance_impact=dict(type='str', choices=['high', 'medium', 'low', 'very_low']), + active_protections_severity=dict(type='str', choices=['Critical', 'High', 'Medium or above', 'Low or above']), + confidence_level_high=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + confidence_level_low=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + confidence_level_medium=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + indicator_overrides=dict(type='list', elements='dict', options=dict( + action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), + indicator=dict(type='str') + )), + ips_settings=dict(type='dict', options=dict( + exclude_protection_with_performance_impact=dict(type='bool'), + exclude_protection_with_performance_impact_mode=dict(type='str', choices=['very low', 'low or lower', 'medium or lower', 'high or lower']), + exclude_protection_with_severity=dict(type='bool'), + exclude_protection_with_severity_mode=dict(type='str', choices=['low or above', 'medium or above', 'high or above', 'critical']), + newly_updated_protections=dict(type='str', choices=['active', 'inactive', 'staging']) + )), + malicious_mail_policy_settings=dict(type='dict', options=dict( + add_customized_text_to_email_body=dict(type='bool'), + add_email_subject_prefix=dict(type='bool'), + add_x_header_to_email=dict(type='bool'), + email_action=dict(type='str', choices=['allow', 'block']), + email_body_customized_text=dict(type='str'), + email_subject_prefix_text=dict(type='str'), + failed_to_scan_attachments_text=dict(type='str'), + malicious_attachments_text=dict(type='str'), + malicious_links_text=dict(type='str'), + remove_attachments_and_links=dict(type='bool'), + send_copy=dict(type='bool'), + send_copy_list=dict(type='list', elements='str') + )), + overrides=dict(type='list', elements='dict', options=dict( + action=dict(type='str', choices=['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']), + protection=dict(type='str'), + capture_packets=dict(type='bool'), + track=dict(type='str', choices=['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2']) + )), + tags=dict(type='list', elements='str'), + use_indicators=dict(type='bool'), + anti_bot=dict(type='bool'), + anti_virus=dict(type='bool'), + ips=dict(type='bool'), + threat_emulation=dict(type='bool'), + activate_protections_by_extended_attributes=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + category=dict(type='str') + )), + deactivate_protections_by_extended_attributes=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + category=dict(type='str') + )), + use_extended_attributes=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'threat-profile' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile_facts.py new file mode 100644 index 00000000..b3fcbaae --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_profile_facts +short_description: Get threat-profile objects facts on Check Point over Web Services API +description: + - Get threat-profile objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-threat-profile + cp_mgmt_threat_profile_facts: + name: Recommended_Profile + +- name: show-threat-profiles + cp_mgmt_threat_profile_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "threat-profile" + api_call_object_plural_version = "threat-profiles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_protection_override.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_protection_override.py new file mode 100644 index 00000000..22ce24a2 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_protection_override.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_protection_override +short_description: Edit existing object using object name or uid. +description: + - Edit existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + comments: + description: + - Protection comments. + type: str + follow_up: + description: + - Tag the protection with pre-defined follow-up flag. + type: bool + overrides: + description: + - Overrides per profile for this protection<br> Note, Remove override for Core protections removes only the action's override. Remove override + for Threat Cloud protections removes the action, track and packet captures. + type: list + elements: dict + suboptions: + action: + description: + - Protection action. + type: str + choices: ['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept'] + profile: + description: + - Profile name. + type: str + capture_packets: + description: + - Capture packets. + type: bool + track: + description: + - Tracking method for protection. + type: str + choices: ['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2'] + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: threat_protection_override + cp_mgmt_threat_protection_override: + name: FTP Commands + overrides: + - action: inactive + capture_packets: true + profile: New Profile 1 + track: None + state: present +""" + +RETURN = """ +cp_mgmt_threat_protection_override: + description: The checkpoint threat_protection_override output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + comments=dict(type='str'), + follow_up=dict(type='bool'), + overrides=dict(type='list', elements='dict', options=dict( + action=dict(type='str', choices=['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']), + profile=dict(type='str'), + capture_packets=dict(type='bool'), + track=dict(type='str', choices=['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2']) + )), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-threat-protection" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule.py new file mode 100644 index 00000000..a6928636 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule.py @@ -0,0 +1,214 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_rule +short_description: Manages threat-rule objects on Check Point over Web Services API +description: + - Manages threat-rule objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + position: + description: + - Position in the rulebase. The use of values "top" and "bottom" may not be idempotent. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + name: + description: + - Object name. + type: str + required: True + action: + description: + - Action-the enforced profile. + type: str + destination: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + destination_negate: + description: + - True if negate is set for destination. + type: bool + enabled: + description: + - Enable/Disable the rule. + type: bool + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + elements: str + protected_scope: + description: + - Collection of objects defining Protected Scope identified by the name or UID. + type: list + elements: str + protected_scope_negate: + description: + - True if negate is set for Protected Scope. + type: bool + service: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + service_negate: + description: + - True if negate is set for Service. + type: bool + source: + description: + - Collection of Network objects identified by the name or UID. + type: list + elements: str + source_negate: + description: + - True if negate is set for source. + type: bool + track: + description: + - Packet tracking. + type: str + track_settings: + description: + - Threat rule track settings. + type: dict + suboptions: + packet_capture: + description: + - Packet capture. + type: bool + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-threat-rule + cp_mgmt_threat_rule: + comments: '' + install_on: Policy Targets + layer: New Layer 1 + name: First threat rule + position: 1 + protected_scope: All_Internet + state: present + track: None + +- name: set-threat-rule + cp_mgmt_threat_rule: + action: New Profile 1 + comments: commnet for the first rule + install_on: Policy Targets + layer: New Layer 1 + name: Rule Name + position: 1 + protected_scope: All_Internet + state: present + +- name: delete-threat-rule + cp_mgmt_threat_rule: + layer: New Layer 1 + name: Rule Name + state: absent +""" + +RETURN = """ +cp_mgmt_threat_rule: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule + + +def main(): + argument_spec = dict( + position=dict(type='str'), + layer=dict(type='str'), + name=dict(type='str', required=True), + action=dict(type='str'), + destination=dict(type='list', elements='str'), + destination_negate=dict(type='bool'), + enabled=dict(type='bool'), + install_on=dict(type='list', elements='str'), + protected_scope=dict(type='list', elements='str'), + protected_scope_negate=dict(type='bool'), + service=dict(type='list', elements='str'), + service_negate=dict(type='bool'), + source=dict(type='list', elements='str'), + source_negate=dict(type='bool'), + track=dict(type='str'), + track_settings=dict(type='dict', options=dict( + packet_capture=dict(type='bool') + )), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'threat-rule' + + if module.params['position'] is None: + result = api_call(module, api_call_object) + else: + result = api_call_for_rule(module, api_call_object) + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule_facts.py new file mode 100644 index 00000000..683784bc --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule_facts.py @@ -0,0 +1,210 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_threat_rule_facts +short_description: Get threat-rule objects facts on Check Point over Web Services API +description: + - Get threat-rule objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. Should be unique in the domain. + type: str + layer: + description: + - Layer that the rule belongs to identified by the name or UID. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical + operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies. + type: str + filter_settings: + description: + - Sets filter preferences. + type: dict + suboptions: + search_mode: + description: + - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any' + object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell + or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior. + type: str + choices: ['general', 'packet'] + packet_search_settings: + description: + - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences. + type: dict + suboptions: + expand_group_members: + description: + - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at + least one member of the group. + type: bool + expand_group_with_exclusion_members: + description: + - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that + match at least one member of the "include" part and is not a member of the "except" part. + type: bool + match_on_any: + description: + - Whether to match on 'Any' object. + type: bool + match_on_group_with_exclusion: + description: + - Whether to match on a group-with-exclusion. + type: bool + match_on_negate: + description: + - Whether to match on a negated cell. + type: bool + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + package: + description: + - Name of the package. + type: str + use_object_dictionary: + description: + - N/A + type: bool + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-threat-rule + cp_mgmt_threat_rule_facts: + layer: New Layer 1 + name: Rule Name + +- name: show-threat-rulebase + cp_mgmt_threat_rule_facts: + details_level: standard + filter: '' + limit: 20 + name: Threat Prevention + offset: 0 + use_object_dictionary: false +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule + + +def main(): + argument_spec = dict( + name=dict(type='str'), + layer=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + filter_settings=dict(type='dict', options=dict( + search_mode=dict(type='str', choices=['general', 'packet']), + packet_search_settings=dict(type='dict', options=dict( + expand_group_members=dict(type='bool'), + expand_group_with_exclusion_members=dict(type='bool'), + match_on_any=dict(type='bool'), + match_on_group_with_exclusion=dict(type='bool'), + match_on_negate=dict(type='bool') + )) + )), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + package=dict(type='str'), + use_object_dictionary=dict(type='bool'), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "threat-rule" + api_call_object_plural_version = "threat-rulebase" + + result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time.py new file mode 100644 index 00000000..aa0af5e9 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time.py @@ -0,0 +1,285 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_time +short_description: Manages time objects on Check Point over Web Services API +description: + - Manages time objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + end: + description: + - End time. Note, Each gateway may interpret this time differently according to its time zone. + type: dict + suboptions: + date: + description: + - Date in format dd-MMM-yyyy. + type: str + iso_8601: + description: + - Date and time represented in international ISO 8601 format. Time zone information is ignored. + type: str + posix: + description: + - Number of milliseconds that have elapsed since 00,00,00, 1 January 1970. + type: int + time: + description: + - Time in format HH,mm. + type: str + end_never: + description: + - End never. + type: bool + hours_ranges: + description: + - Hours recurrence. Note, Each gateway may interpret this time differently according to its time zone. + type: list + elements: dict + suboptions: + enabled: + description: + - Is hour range enabled. + type: bool + from: + description: + - Time in format HH,MM. + type: str + index: + description: + - Hour range index. + type: int + to: + description: + - Time in format HH,MM. + type: str + start: + description: + - Starting time. Note, Each gateway may interpret this time differently according to its time zone. + type: dict + suboptions: + date: + description: + - Date in format dd-MMM-yyyy. + type: str + iso_8601: + description: + - Date and time represented in international ISO 8601 format. Time zone information is ignored. + type: str + posix: + description: + - Number of milliseconds that have elapsed since 00,00,00, 1 January 1970. + type: int + time: + description: + - Time in format HH,mm. + type: str + start_now: + description: + - Start immediately. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + recurrence: + description: + - Days recurrence. + type: dict + suboptions: + days: + description: + - Valid on specific days. Multiple options, support range of days in months. Example,["1","3","9-20"]. + type: list + elements: str + month: + description: + - Valid on month. Example, "1", "2","12","Any". + type: str + pattern: + description: + - Valid on "Daily", "Weekly", "Monthly" base. + type: str + weekdays: + description: + - Valid on weekdays. Example, "Sun", "Mon"..."Sat". + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-time + cp_mgmt_time: + end: + date: 24-Nov-2014 + time: '21:22' + end_never: 'false' + hours_ranges: + - enabled: true + from: 00:00 + index: 1 + to: 00:00 + - enabled: false + from: 00:00 + index: 2 + to: 00:00 + name: timeObject1 + recurrence: + days: + - '1' + month: Any + pattern: Daily + weekdays: + - Sun + - Mon + start_now: 'true' + state: present + +- name: set-time + cp_mgmt_time: + hours_ranges: + - from: 00:22 + to: 00:33 + name: timeObject1 + recurrence: + month: Any + pattern: Weekly + weekdays: + - Fri + state: present + +- name: delete-time + cp_mgmt_time: + name: timeObject1 + state: absent +""" + +RETURN = """ +cp_mgmt_time: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + end=dict(type='dict', options=dict( + date=dict(type='str'), + iso_8601=dict(type='str'), + posix=dict(type='int'), + time=dict(type='str') + )), + end_never=dict(type='bool'), + hours_ranges=dict(type='list', elements='dict', options=dict( + enabled=dict(type='bool'), + index=dict(type='int'), + to=dict(type='str') + )), + start=dict(type='dict', options=dict( + date=dict(type='str'), + iso_8601=dict(type='str'), + posix=dict(type='int'), + time=dict(type='str') + )), + start_now=dict(type='bool'), + tags=dict(type='list', elements='str'), + recurrence=dict(type='dict', options=dict( + days=dict(type='list', elements='str'), + month=dict(type='str'), + pattern=dict(type='str'), + weekdays=dict(type='list', elements='str') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec['hours_ranges']['options']['from'] = dict(type='str') + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'time' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_facts.py new file mode 100644 index 00000000..40eb8802 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_time_facts +short_description: Get time objects facts on Check Point over Web Services API +description: + - Get time objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-time + cp_mgmt_time_facts: + name: timeObject1 + +- name: show-times + cp_mgmt_time_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "time" + api_call_object_plural_version = "times" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client.py new file mode 100644 index 00000000..9b885f83 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client.py @@ -0,0 +1,216 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_trusted_client +short_description: Manages trusted-client objects on Checkpoint over Web Services API +description: + - Manages trusted-client objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + domains_assignment: + description: + - Domains to be added to this profile. Use domain name only. See example below, "add-trusted-client (with domain)". + type: list + elements: str + ip_address_first: + description: + - First IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead. + type: str + ipv4_address_first: + description: + - First IPv4 address in the range. + type: str + ipv6_address_first: + description: + - First IPv6 address in the range. + type: str + ip_address_last: + description: + - Last IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead. + type: str + ipv4_address_last: + description: + - Last IPv4 address in the range. + type: str + ipv6_address_last: + description: + - Last IPv6 address in the range. + type: str + mask_length: + description: + - IPv4 or IPv6 mask length. If both masks are required use mask-length4 and mask-length6 fields explicitly. + type: int + mask_length4: + description: + - IPv4 mask length. + type: int + mask_length6: + description: + - IPv6 mask length. + type: int + multi_domain_server_trusted_client: + description: + - Let this trusted client connect to all Multi-Domain Servers in the deployment. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + type: + description: + - Trusted client type. + type: str + choices: ['any', 'domain', 'ipv4 address', 'ipv4 address range', 'ipv4 netmask', 'ipv6 address', 'ipv6 address range', 'ipv6 netmask', 'name', + 'wild cards (ip only)'] + wild_card: + description: + - IP wild card (e.g. 192.0.2.*). + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-trusted-client + cp_mgmt_trusted_client: + name: my client + state: present + type: ANY + +- name: set-trusted-client + cp_mgmt_trusted_client: + ip_address: 192.0.2.1 + mask_length: '24' + name: my client + state: present + type: NETMASK + +- name: delete-trusted-client + cp_mgmt_trusted_client: + name: my client + state: absent +""" + +RETURN = """ +cp_mgmt_trusted_client: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + domains_assignment=dict(type='list', elements='str'), + ip_address_first=dict(type='str'), + ipv4_address_first=dict(type='str'), + ipv6_address_first=dict(type='str'), + ip_address_last=dict(type='str'), + ipv4_address_last=dict(type='str'), + ipv6_address_last=dict(type='str'), + mask_length=dict(type='int'), + mask_length4=dict(type='int'), + mask_length6=dict(type='int'), + multi_domain_server_trusted_client=dict(type='bool'), + tags=dict(type='list', elements='str'), + type=dict(type='str', choices=['any', 'domain', 'ipv4 address', 'ipv4 address range', 'ipv4 netmask', + 'ipv6 address', 'ipv6 address range', 'ipv6 netmask', 'name', 'wild cards (ip only)']), + wild_card=dict(type='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'trusted-client' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client_facts.py new file mode 100644 index 00000000..8991e112 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client_facts.py @@ -0,0 +1,134 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_trusted_client_facts +short_description: Get trusted-client objects facts on Checkpoint over Web Services API +description: + - Get trusted-client objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "2.1.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-trusted-client + cp_mgmt_trusted_client_facts: + name: anyHost + +- name: show-trusted-clients + cp_mgmt_trusted_client_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "trusted-client" + api_call_object_plural_version = "trusted-clients" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_uninstall_software_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_uninstall_software_package.py new file mode 100644 index 00000000..1ddb16d7 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_uninstall_software_package.py @@ -0,0 +1,106 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_uninstall_software_package +short_description: Uninstalls the software package from target machines. +description: + - Uninstalls the software package from target machines. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the software package. + type: str + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str + cluster_installation_settings: + description: + - Installation settings for cluster. + type: dict + suboptions: + cluster_delay: + description: + - The delay between end of installation on one cluster members and start of installation on the next cluster member. + type: int + cluster_strategy: + description: + - The cluster installation strategy. + type: str + concurrency_limit: + description: + - The number of targets, on which the same package is installed at the same time. + type: int +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: uninstall-software-package + cp_mgmt_uninstall_software_package: + name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz + targets.1: corporate-gateway +""" + +RETURN = """ +cp_mgmt_uninstall_software_package: + description: The checkpoint uninstall-software-package output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + targets=dict(type='list', elements='str'), + cluster_installation_settings=dict(type='dict', options=dict( + cluster_delay=dict(type='int'), + cluster_strategy=dict(type='str') + )), + concurrency_limit=dict(type='int') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "uninstall-software-package" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_update_provisioned_satellites.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_update_provisioned_satellites.py new file mode 100644 index 00000000..5202c95b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_update_provisioned_satellites.py @@ -0,0 +1,80 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_update_provisioned_satellites +short_description: Executes the update-provisioned-satellites on center gateways of VPN communities. +description: + - Executes the update-provisioned-satellites on center gateways of VPN communities. + - All operations are performed over Web Services API. +version_added: "3.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + vpn_center_gateways: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. The targets should be a + corporate gateways. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: update-provisioned-satellites + cp_mgmt_update_provisioned_satellites: + vpn_center_gateways: + - co_gateway +""" + +RETURN = """ +cp_mgmt_update_provisioned_satellites: + description: The checkpoint update-provisioned-satellites output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + vpn_center_gateways=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "update-provisioned-satellites" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_policy.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_policy.py new file mode 100644 index 00000000..77a4fc6e --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_policy.py @@ -0,0 +1,77 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_verify_policy +short_description: Verifies the policy of the selected package. +description: + - Verifies the policy of the selected package. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + policy_package: + description: + - Policy package identified by the name or UID. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: verify-policy + cp_mgmt_verify_policy: + policy_package: standard +""" + +RETURN = """ +cp_mgmt_verify_policy: + description: The checkpoint verify-policy output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + policy_package=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "verify-policy" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_software_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_software_package.py new file mode 100644 index 00000000..8f1d8381 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_software_package.py @@ -0,0 +1,104 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_verify_software_package +short_description: Verifies the software package on target machines. +description: + - Verifies the software package on target machines. + - All operations are performed over Web Services API. +version_added: "2.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - The name of the software package. + type: str + targets: + description: + - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. + type: list + elements: str + concurrency_limit: + description: + - The number of targets, on which the same package is installed at the same time. + type: int + download_package: + description: + - NOTE, Supported from Check Point version R81 + - Should the package be downloaded before verification. + type: bool + download_package_from: + description: + - NOTE, Supported from Check Point version R81 + - Where is the package located. + type: str + choices: ['automatic', 'central', 'target-machine'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: verify-software-package + cp_mgmt_verify_software_package: + download_package: 'true' + download_package_from: target-machine + name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz + targets.1: corporate-gateway +""" + +RETURN = """ +cp_mgmt_verify_software_package: + description: The checkpoint verify-software-package output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + targets=dict(type='list', elements='str'), + concurrency_limit=dict(type='int'), + download_package=dict(type='bool'), + download_package_from=dict(type='str', choices=['automatic', 'central', 'target-machine']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "verify-software-package" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed.py new file mode 100644 index 00000000..8ccc016e --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed.py @@ -0,0 +1,232 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_vpn_community_meshed +short_description: Manages vpn-community-meshed objects on Check Point over Web Services API +description: + - Manages vpn-community-meshed objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + encryption_method: + description: + - The encryption method to be used. + type: str + choices: ['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only'] + encryption_suite: + description: + - The encryption suite to be used. + type: str + choices: ['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128'] + gateways: + description: + - Collection of Gateway objects identified by the name or UID. + type: list + elements: str + ike_phase_1: + description: + - Ike Phase 1 settings. Only applicable when the encryption-suite is set to [custom]. + type: dict + suboptions: + data_integrity: + description: + - The hash algorithm to be used. + type: str + choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5'] + diffie_hellman_group: + description: + - The Diffie-Hellman group to be used. + type: str + choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20'] + encryption_algorithm: + description: + - The encryption algorithm to be used. + type: str + choices: ['cast', 'aes-256', 'des', 'aes-128', '3des'] + ike_phase_2: + description: + - Ike Phase 2 settings. Only applicable when the encryption-suite is set to [custom]. + type: dict + suboptions: + data_integrity: + description: + - The hash algorithm to be used. + type: str + choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5'] + encryption_algorithm: + description: + - The encryption algorithm to be used. + type: str + choices: ['cast', 'aes-gcm-256', 'cast-40', 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none'] + shared_secrets: + description: + - Shared secrets for external gateways. + type: list + elements: dict + suboptions: + external_gateway: + description: + - External gateway identified by the name or UID. + type: str + shared_secret: + description: + - Shared secret. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + use_shared_secret: + description: + - Indicates whether the shared secret should be used for all external gateways. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-vpn-community-meshed + cp_mgmt_vpn_community_meshed: + encryption_method: prefer ikev2 but support ikev1 + encryption_suite: custom + ike_phase_1: + data_integrity: sha1 + diffie_hellman_group: group 19 + encryption_algorithm: aes-128 + ike_phase_2: + data_integrity: aes-xcbc + encryption_algorithm: aes-gcm-128 + name: New_VPN_Community_Meshed_1 + state: present + +- name: set-vpn-community-meshed + cp_mgmt_vpn_community_meshed: + encryption_method: ikev2 only + encryption_suite: custom + ike_phase_1: + data_integrity: sha1 + diffie_hellman_group: group 19 + encryption_algorithm: aes-128 + ike_phase_2: + data_integrity: aes-xcbc + encryption_algorithm: aes-gcm-128 + name: New_VPN_Community_Meshed_1 + state: present + +- name: delete-vpn-community-meshed + cp_mgmt_vpn_community_meshed: + name: New_VPN_Community_Meshed_1 + state: absent +""" + +RETURN = """ +cp_mgmt_vpn_community_meshed: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + encryption_method=dict(type='str', choices=['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']), + encryption_suite=dict(type='str', choices=['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']), + gateways=dict(type='list', elements='str'), + ike_phase_1=dict(type='dict', options=dict( + data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']), + diffie_hellman_group=dict(type='str', choices=['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']), + encryption_algorithm=dict(type='str', choices=['cast', 'aes-256', 'des', 'aes-128', '3des']) + )), + ike_phase_2=dict(type='dict', options=dict( + data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']), + encryption_algorithm=dict(type='str', choices=['cast', 'aes-gcm-256', 'cast-40', + 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none']) + )), + shared_secrets=dict(type='list', elements='dict', no_log=True, options=dict( + external_gateway=dict(type='str'), + shared_secret=dict(type='str', no_log=True) + )), + tags=dict(type='list', elements='str'), + use_shared_secret=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'vpn-community-meshed' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed_facts.py new file mode 100644 index 00000000..9ea3882a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_vpn_community_meshed_facts +short_description: Get vpn-community-meshed objects facts on Check Point over Web Services API +description: + - Get vpn-community-meshed objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-vpn-community-meshed + cp_mgmt_vpn_community_meshed_facts: + name: New_VPN_Community_Meshed_1 + +- name: show-vpn-communities-meshed + cp_mgmt_vpn_community_meshed_facts: + details_level: full + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "vpn-community-meshed" + api_call_object_plural_version = "vpn-communities-meshed" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star.py new file mode 100644 index 00000000..0073a60d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star.py @@ -0,0 +1,244 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_vpn_community_star +short_description: Manages vpn-community-star objects on Check Point over Web Services API +description: + - Manages vpn-community-star objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + center_gateways: + description: + - Collection of Gateway objects representing center gateways identified by the name or UID. + type: list + elements: str + encryption_method: + description: + - The encryption method to be used. + type: str + choices: ['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only'] + encryption_suite: + description: + - The encryption suite to be used. + type: str + choices: ['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128'] + ike_phase_1: + description: + - Ike Phase 1 settings. Only applicable when the encryption-suite is set to [custom]. + type: dict + suboptions: + data_integrity: + description: + - The hash algorithm to be used. + type: str + choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5'] + diffie_hellman_group: + description: + - The Diffie-Hellman group to be used. + type: str + choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20'] + encryption_algorithm: + description: + - The encryption algorithm to be used. + type: str + choices: ['cast', 'aes-256', 'des', 'aes-128', '3des'] + ike_phase_2: + description: + - Ike Phase 2 settings. Only applicable when the encryption-suite is set to [custom]. + type: dict + suboptions: + data_integrity: + description: + - The hash algorithm to be used. + type: str + choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5'] + encryption_algorithm: + description: + - The encryption algorithm to be used. + type: str + choices: ['cast', 'aes-gcm-256', 'cast-40', 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none'] + mesh_center_gateways: + description: + - Indicates whether the meshed community is in center. + type: bool + satellite_gateways: + description: + - Collection of Gateway objects representing satellite gateways identified by the name or UID. + type: list + elements: str + shared_secrets: + description: + - Shared secrets for external gateways. + type: list + elements: dict + suboptions: + external_gateway: + description: + - External gateway identified by the name or UID. + type: str + shared_secret: + description: + - Shared secret. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + use_shared_secret: + description: + - Indicates whether the shared secret should be used for all external gateways. + type: bool + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-vpn-community-star + cp_mgmt_vpn_community_star: + center_gateways: Second_Security_Gateway + encryption_method: prefer ikev2 but support ikev1 + encryption_suite: custom + ike_phase_1: + data_integrity: sha1 + diffie_hellman_group: group 19 + encryption_algorithm: aes-128 + ike_phase_2: + data_integrity: aes-xcbc + encryption_algorithm: aes-gcm-128 + name: New_VPN_Community_Star_1 + state: present + +- name: set-vpn-community-star + cp_mgmt_vpn_community_star: + encryption_method: ikev2 only + encryption_suite: custom + ike_phase_1: + data_integrity: sha1 + diffie_hellman_group: group 19 + encryption_algorithm: aes-128 + ike_phase_2: + data_integrity: aes-xcbc + encryption_algorithm: aes-gcm-128 + name: New_VPN_Community_Star_1 + state: present + +- name: delete-vpn-community-star + cp_mgmt_vpn_community_star: + name: New_VPN_Community_Star_1 + state: absent +""" + +RETURN = """ +cp_mgmt_vpn_community_star: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + center_gateways=dict(type='list', elements='str'), + encryption_method=dict(type='str', choices=['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']), + encryption_suite=dict(type='str', choices=['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']), + ike_phase_1=dict(type='dict', options=dict( + data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']), + diffie_hellman_group=dict(type='str', choices=['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']), + encryption_algorithm=dict(type='str', choices=['cast', 'aes-256', 'des', 'aes-128', '3des']) + )), + ike_phase_2=dict(type='dict', options=dict( + data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']), + encryption_algorithm=dict(type='str', choices=['cast', 'aes-gcm-256', 'cast-40', + 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none']) + )), + mesh_center_gateways=dict(type='bool'), + satellite_gateways=dict(type='list', elements='str'), + shared_secrets=dict(type='list', elements='dict', no_log=True, options=dict( + external_gateway=dict(type='str'), + shared_secret=dict(type='str', no_log=True) + )), + tags=dict(type='list', elements='str'), + use_shared_secret=dict(type='bool'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'vpn-community-star' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star_facts.py new file mode 100644 index 00000000..09fbd90a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_vpn_community_star_facts +short_description: Get vpn-community-star objects facts on Check Point over Web Services API +description: + - Get vpn-community-star objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-vpn-community-star + cp_mgmt_vpn_community_star_facts: + name: New_VPN_Community_Meshed_1 + +- name: show-vpn-communities-star + cp_mgmt_vpn_community_star_facts: + details_level: full + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "vpn-community-star" + api_call_object_plural_version = "vpn-communities-star" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard.py new file mode 100644 index 00000000..54739fdf --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard.py @@ -0,0 +1,159 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_wildcard +short_description: Manages wildcard objects on Check Point over Web Services API +description: + - Manages wildcard objects on Check Point devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + type: str + required: True + ipv4_address: + description: + - IPv4 address. + type: str + ipv4_mask_wildcard: + description: + - IPv4 mask wildcard. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + ipv6_mask_wildcard: + description: + - IPv6 mask wildcard. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-wildcard + cp_mgmt_wildcard: + ipv4_address: 192.168.2.1 + ipv4_mask_wildcard: 0.0.0.128 + name: New Wildcard 1 + state: present + +- name: set-wildcard + cp_mgmt_wildcard: + color: green + ipv6_address: 2001:db8::1111 + ipv6_mask_wildcard: ffff:ffff::f0f0 + name: New Wildcard 1 + state: present + +- name: delete-wildcard + cp_mgmt_wildcard: + name: New Wildcard 1 + state: absent +""" + +RETURN = """ +cp_mgmt_wildcard: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ipv4_address=dict(type='str'), + ipv4_mask_wildcard=dict(type='str'), + ipv6_address=dict(type='str'), + ipv6_mask_wildcard=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'wildcard' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard_facts.py new file mode 100644 index 00000000..474776b4 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard_facts.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage Check Point Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_wildcard_facts +short_description: Get wildcard objects facts on Check Point over Web Services API +description: + - Get wildcard objects facts on Check Point devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "1.0.0" +author: "Or Soffer (@chkp-orso)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - No more than that many results will be returned. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Skip that many results before beginning to return them. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-wildcard + cp_mgmt_wildcard_facts: + name: New Wildcard 1 + +- name: show-wildcards + cp_mgmt_wildcard_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "wildcard" + api_call_object_plural_version = "wildcards" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_access_rule.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_access_rule.py new file mode 100644 index 00000000..e5f70bdb --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_access_rule.py @@ -0,0 +1,107 @@ +# Copyright (c) 2018 Red Hat +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleFailJson, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import _checkpoint_access_rule + +OBJECT = {'layer': 'foo', 'position': 'bar', 'name': 'baz', + 'source': [{'name': 'lol'}], 'destination': [{'name': 'Any'}], + 'action': {'name': 'drop'}, 'enabled': True} +PAYLOAD = {'layer': 'foo', 'position': 'bar', 'name': 'baz'} + + +class TestCheckpointAccessRule(object): + module = _checkpoint_access_rule + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_access_rule.Connection') + return connection_class_mock.return_value + + @pytest.fixture + def get_access_rule_200(self, mocker): + mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_access_rule.get_access_rule') + mock_function.return_value = (200, OBJECT) + return mock_function.return_value + + @pytest.fixture + def get_access_rule_404(self, mocker): + mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_access_rule.get_access_rule') + mock_function.return_value = (404, 'Object not found') + return mock_function.return_value + + def test_create(self, get_access_rule_404, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert 'checkpoint_access_rules' in result + + def test_create_idempotent(self, get_access_rule_200, connection_mock): + connection_mock.send_request.return_value = (200, PAYLOAD) + result = self._run_module(PAYLOAD) + + assert not result['changed'] + + def test_update(self, get_access_rule_200, connection_mock): + payload_for_update = {'enabled': False} + payload_for_update.update(PAYLOAD) + connection_mock.send_request.return_value = (200, payload_for_update) + result = self._run_module(payload_for_update) + + assert result['changed'] + assert not result['checkpoint_access_rules']['enabled'] + + def test_delete(self, get_access_rule_200, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + payload_for_delete = {'state': 'absent'} + payload_for_delete.update(PAYLOAD) + result = self._run_module(payload_for_delete) + + assert result['changed'] + + def test_delete_idempotent(self, get_access_rule_404, connection_mock): + payload = {'name': 'baz', 'state': 'absent'} + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(payload) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] + + def _run_module_with_fail_json(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleFailJson) as exc: + self.module.main() + result = exc.value.args[0] + return result diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_host.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_host.py new file mode 100644 index 00000000..b5720c5d --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_host.py @@ -0,0 +1,101 @@ +# Copyright (c) 2018 Red Hat +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleFailJson, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import _checkpoint_host + +OBJECT = {'name': 'foo', 'ipv4-address': '192.168.0.15'} +CREATE_PAYLOAD = {'name': 'foo', 'ip_address': '192.168.0.15'} +UPDATE_PAYLOAD = {'name': 'foo', 'ip_address': '192.168.0.16'} +DELETE_PAYLOAD = {'name': 'foo', 'state': 'absent'} + + +class TestCheckpointHost(object): + module = _checkpoint_host + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.Connection') + return connection_class_mock.return_value + + @pytest.fixture + def get_host_200(self, mocker): + mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.get_host') + mock_function.return_value = (200, OBJECT) + return mock_function.return_value + + @pytest.fixture + def get_host_404(self, mocker): + mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.get_host') + mock_function.return_value = (404, 'Object not found') + return mock_function.return_value + + def test_create(self, get_host_404, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert 'checkpoint_hosts' in result + + def test_create_idempotent(self, get_host_200, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, get_host_200, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + + def test_delete(self, get_host_200, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, get_host_404, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] + + def _run_module_with_fail_json(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleFailJson) as exc: + self.module.main() + result = exc.value.args[0] + return result diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_session.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_session.py new file mode 100644 index 00000000..f0ca8358 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_session.py @@ -0,0 +1,69 @@ +# Copyright (c) 2018 Red Hat +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleFailJson, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import _checkpoint_session + +OBJECT = {'uid': '1234'} +PAYLOAD = {} + + +class TestCheckpointAccessRule(object): + module = _checkpoint_session + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_session.Connection') + return connection_class_mock.return_value + + @pytest.fixture + def get_session_200(self, mocker): + mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_session.get_session') + mock_function.return_value = (200, OBJECT) + return mock_function.return_value + + def test_publish(self, get_session_200, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert 'checkpoint_session' in result + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] + + def _run_module_with_fail_json(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleFailJson) as exc: + self.module.main() + result = exc.value.args[0] + return result diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_task_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_task_facts.py new file mode 100644 index 00000000..b5720c5d --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_checkpoint_task_facts.py @@ -0,0 +1,101 @@ +# Copyright (c) 2018 Red Hat +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleFailJson, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import _checkpoint_host + +OBJECT = {'name': 'foo', 'ipv4-address': '192.168.0.15'} +CREATE_PAYLOAD = {'name': 'foo', 'ip_address': '192.168.0.15'} +UPDATE_PAYLOAD = {'name': 'foo', 'ip_address': '192.168.0.16'} +DELETE_PAYLOAD = {'name': 'foo', 'state': 'absent'} + + +class TestCheckpointHost(object): + module = _checkpoint_host + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.Connection') + return connection_class_mock.return_value + + @pytest.fixture + def get_host_200(self, mocker): + mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.get_host') + mock_function.return_value = (200, OBJECT) + return mock_function.return_value + + @pytest.fixture + def get_host_404(self, mocker): + mock_function = mocker.patch('ansible_collections.check_point.mgmt.plugins.modules._checkpoint_host.get_host') + mock_function.return_value = (404, 'Object not found') + return mock_function.return_value + + def test_create(self, get_host_404, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert 'checkpoint_hosts' in result + + def test_create_idempotent(self, get_host_200, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, get_host_200, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + + def test_delete(self, get_host_200, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, get_host_404, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] + + def _run_module_with_fail_json(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleFailJson) as exc: + self.module.main() + result = exc.value.args[0] + return result diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_layer.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_layer.py new file mode 100644 index 00000000..7dc292f7 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_layer.py @@ -0,0 +1,110 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_access_layer + +OBJECT = { + "name": "New Layer 1" +} + +CREATE_PAYLOAD = { + "name": "New Layer 1" +} + +UPDATE_PAYLOAD = { + "name": "New Layer 1", + "applications_and_url_filtering": False +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Layer 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_access_layer.api_call' +api_call_object = 'access-layer' + + +class TestCheckpointAccessLayer(object): + module = cp_mgmt_access_layer + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_layer_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_layer_facts.py new file mode 100644 index 00000000..e7a4d5f1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_layer_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_access_layer_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'access-layer' +api_call_object_plural_version = 'access-layers' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointAccessLayerFacts(object): + module = cp_mgmt_access_layer_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_role.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_role.py new file mode 100644 index 00000000..ad5194b1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_role.py @@ -0,0 +1,119 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_access_role + +OBJECT = { + "name": "New Access Role 1", + "networks": "any", + "users": "any", + "machines": "all identified", + "remote_access_clients": "any" +} + +CREATE_PAYLOAD = { + "name": "New Access Role 1", + "networks": "any", + "users": "any", + "machines": "all identified", + "remote_access_clients": "any" +} + +UPDATE_PAYLOAD = { + "name": "New Access Role 1", + "users": "all identified", + "machines": "any" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Access Role 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_access_role.api_call' +api_call_object = 'access-role' + + +class TestCheckpointAccessRole(object): + module = cp_mgmt_access_role + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_role_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_role_facts.py new file mode 100644 index 00000000..55416777 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_role_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_access_role_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'access-role' +api_call_object_plural_version = 'access-roles' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointAccessRoleFacts(object): + module = cp_mgmt_access_role_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_rule.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_rule.py new file mode 100644 index 00000000..b0163d70 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_rule.py @@ -0,0 +1,124 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_access_rule + +OBJECT = { + "layer": "Network", + "name": "Rule 1", + "service": [ + "SMTP", + "AOL" + ] +} + +CREATE_PAYLOAD = { + "layer": "Network", + "name": "Rule 1", + "service": [ + "SMTP", + "AOL" + ] +} + +UPDATE_PAYLOAD = { + "name": "Rule 1", + "layer": "Network", + "action_settings": { + "limit": "Upload_1Gbps", + "enable_identity_captive_portal": True + } +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "Rule 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_access_rule.api_call' +api_call_object = 'access-rule' + + +class TestCheckpointAccessRule(object): + module = cp_mgmt_access_rule + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_rule_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_rule_facts.py new file mode 100644 index 00000000..87f532c4 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_rule_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_access_rule_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'access-rule' +api_call_object_plural_version = 'access-rulebase' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointAccessRuleFacts(object): + module = cp_mgmt_access_rule_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_section.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_section.py new file mode 100644 index 00000000..1adc7d5e --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_access_section.py @@ -0,0 +1,114 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_access_section + +OBJECT = { + "layer": "Network", + "position": 1, + "name": "New Section 1" +} + +CREATE_PAYLOAD = { + "layer": "Network", + "position": 1, + "name": "New Section 1" +} + +UPDATE_PAYLOAD = { + "layer": "Network", + "name": "New Section 1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Section 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_access_section.api_call' +api_call_object = 'access-section' + + +class TestCheckpointAccessSection(object): + module = cp_mgmt_access_section + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_api_key.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_api_key.py new file mode 100644 index 00000000..a3977c56 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_api_key.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_add_api_key + +PAYLOAD = { + "admin_name": "admin", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'add-api-key' +failure_msg = '{command failed}' + + +class TestCheckpointAddApiKey(object): + module = cp_mgmt_add_api_key + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_data_center_object.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_data_center_object.py new file mode 100644 index 00000000..63e65675 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_data_center_object.py @@ -0,0 +1,73 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_add_data_center_object + +PAYLOAD = { + "uri": "/Datacenters/VMs/My VM1", + "name": "VM1 mgmt name", + "data_center_name": "vCenter 1", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'add-data-center-object' +failure_msg = '{command failed}' + + +class TestCheckpointAddDataCenterObject(object): + module = cp_mgmt_add_data_center_object + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_nat_rule.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_nat_rule.py new file mode 100644 index 00000000..dc5dbbf8 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_add_nat_rule.py @@ -0,0 +1,79 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_add_nat_rule + +PAYLOAD = { + "package": "standard", + "position": 1, + "comments": "comment example1 nat999", + "enabled": False, + "install_on": [ + "Policy Targets" + ], + "original_source": "Any", + "original_destination": "All_Internet", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'add-nat-rule' +failure_msg = '{command failed}' + + +class TestCheckpointAddNatRule(object): + module = cp_mgmt_add_nat_rule + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_address_range.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_address_range.py new file mode 100644 index 00000000..42f494e0 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_address_range.py @@ -0,0 +1,116 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_address_range + +OBJECT = { + "name": "New Address Range 1", + "ip_address_first": "192.0.2.1", + "ip_address_last": "192.0.2.10" +} + +CREATE_PAYLOAD = { + "name": "New Address Range 1", + "ip_address_first": "192.0.2.1", + "ip_address_last": "192.0.2.10" +} + +UPDATE_PAYLOAD = { + "name": "New Address Range 1", + "color": "blue", + "ip_address_first": "192.0.2.1", + "ip_address_last": "192.0.2.1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Address Range 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_address_range.api_call' +api_call_object = 'address-range' + + +class TestCheckpointAddressRange(object): + module = cp_mgmt_address_range + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_address_range_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_address_range_facts.py new file mode 100644 index 00000000..9f8da537 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_address_range_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_address_range_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'address-range' +api_call_object_plural_version = 'address-ranges' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointAddressRangeFacts(object): + module = cp_mgmt_address_range_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_administrator.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_administrator.py new file mode 100644 index 00000000..1c1b2714 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_administrator.py @@ -0,0 +1,123 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_administrator + +OBJECT = { + "name": "admin", + "password": "secret", + "email": "admin@gmail.com", + "must_change_password": False, + "phone_number": "1800-800-800", + "authentication_method": "undefined", + "permissions_profile": "read write all" +} + +CREATE_PAYLOAD = { + "name": "admin", + "password": "secret", + "email": "admin@gmail.com", + "must_change_password": False, + "phone_number": "1800-800-800", + "authentication_method": "undefined", + "permissions_profile": "read write all" +} + +UPDATE_PAYLOAD = { + "name": "admin", + "password": "bew secret", + "permissions_profile": "read only profile" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "admin", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_administrator.api_call' +api_call_object = 'administrator' + + +class TestCheckpointAdministrator(object): + module = cp_mgmt_administrator + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_administrator_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_administrator_facts.py new file mode 100644 index 00000000..157e2373 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_administrator_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_administrator_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'administrator' +api_call_object_plural_version = 'administrators' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointAdministratorFacts(object): + module = cp_mgmt_administrator_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site.py new file mode 100644 index 00000000..7ddf93a2 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site.py @@ -0,0 +1,136 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_application_site + +OBJECT = { + "name": "New Application Site 1", + "description": "My Application Site", + "primary_category": "Social Networking", + "additional_categories": [ + "Instant Chat", + "Supports Streaming", + "New Application Site Category 1" + ], + "url_list": [ + "www.cnet.com", + "www.stackoverflow.com" + ], + "urls_defined_as_regular_expression": False +} + +CREATE_PAYLOAD = { + "name": "New Application Site 1", + "description": "My Application Site", + "primary_category": "Social Networking", + "additional_categories": [ + "Instant Chat", + "Supports Streaming", + "New Application Site Category 1" + ], + "url_list": [ + "www.cnet.com", + "www.stackoverflow.com" + ], + "urls_defined_as_regular_expression": False +} + +UPDATE_PAYLOAD = { + "name": "New Application Site 1", + "description": "My New Application Site", + "primary_category": "Instant Chat", + "urls_defined_as_regular_expression": True +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Application Site 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_application_site.api_call' +api_call_object = 'application-site' + + +class TestCheckpointApplicationSite(object): + module = cp_mgmt_application_site + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_category.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_category.py new file mode 100644 index 00000000..787e2107 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_category.py @@ -0,0 +1,112 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_application_site_category + +OBJECT = { + "name": "New Application Site Category 1", + "description": "My Application Site category" +} + +CREATE_PAYLOAD = { + "name": "New Application Site Category 1", + "description": "My Application Site category" +} + +UPDATE_PAYLOAD = { + "name": "New Application Site Category 1", + "description": "My new Application Site category" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Application Site Category 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_application_site_category.api_call' +api_call_object = 'application-site-category' + + +class TestCheckpointApplicationSiteCategory(object): + module = cp_mgmt_application_site_category + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_category_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_category_facts.py new file mode 100644 index 00000000..a46f05fe --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_category_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_application_site_category_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'application-site-category' +api_call_object_plural_version = 'application-site-categories' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointApplicationSiteCategoryFacts(object): + module = cp_mgmt_application_site_category_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_facts.py new file mode 100644 index 00000000..05f9fcfa --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_application_site_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'application-site' +api_call_object_plural_version = 'application-sites' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointApplicationSiteFacts(object): + module = cp_mgmt_application_site_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_group.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_group.py new file mode 100644 index 00000000..25c71bb0 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_group.py @@ -0,0 +1,121 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_application_site_group + +OBJECT = { + "name": "New Application Site Group 1", + "members": [ + "facebook", + "Social Networking", + "New Application Site 1", + "New Application Site Category 1" + ] +} + +CREATE_PAYLOAD = { + "name": "New Application Site Group 1", + "members": [ + "facebook", + "Social Networking", + "New Application Site 1", + "New Application Site Category 1" + ] +} + +UPDATE_PAYLOAD = { + "name": "New Application Site Group 1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Application Site Group 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_application_site_group.api_call' +api_call_object = 'application-site-group' + + +class TestCheckpointApplicationSiteGroup(object): + module = cp_mgmt_application_site_group + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_group_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_group_facts.py new file mode 100644 index 00000000..acc88017 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_application_site_group_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_application_site_group_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'application-site-group' +api_call_object_plural_version = 'application-site-groups' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointApplicationSiteGroupFacts(object): + module = cp_mgmt_application_site_group_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_assign_global_assignment.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_assign_global_assignment.py new file mode 100644 index 00000000..59b9245e --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_assign_global_assignment.py @@ -0,0 +1,72 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_assign_global_assignment + +PAYLOAD = { + "global_domains": "Global2", + "dependent_domains": "domain1", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'assign-global-assignment' +failure_msg = '{command failed}' + + +class TestCheckpointAssignGlobalAssignment(object): + module = cp_mgmt_assign_global_assignment + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_data_center_object_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_data_center_object_facts.py new file mode 100644 index 00000000..4a5ac2ec --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_data_center_object_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_data_center_object_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'data-center-object' +api_call_object_plural_version = 'data-center-objects' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointDataCenterObjectFacts(object): + module = cp_mgmt_data_center_object_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_api_key.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_api_key.py new file mode 100644 index 00000000..3fe6f254 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_api_key.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_delete_api_key + +PAYLOAD = { + "api_key": "eea3be76f4a8eb740ee872bcedc692748ff256a2d21c9ffd2754facbde046d00", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'delete-api-key' +failure_msg = '{command failed}' + + +class TestCheckpointDeleteApiKey(object): + module = cp_mgmt_delete_api_key + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_data_center_object.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_data_center_object.py new file mode 100644 index 00000000..19230772 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_data_center_object.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_delete_data_center_object + +PAYLOAD = { + "name": "VM1 mgmt name", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'delete-data-center-object' +failure_msg = '{command failed}' + + +class TestCheckpointDeleteDataCenterObject(object): + module = cp_mgmt_delete_data_center_object + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_nat_rule.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_nat_rule.py new file mode 100644 index 00000000..9fbfae56 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_delete_nat_rule.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_delete_nat_rule + +PAYLOAD = { + "package": "standard", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'delete-nat-rule' +failure_msg = '{command failed}' + + +class TestCheckpointDeleteNatRule(object): + module = cp_mgmt_delete_nat_rule + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_discard.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_discard.py new file mode 100644 index 00000000..052b482e --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_discard.py @@ -0,0 +1,70 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_discard + +PAYLOAD = { + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'discard' +failure_msg = '{command failed}' + + +class TestCheckpointDiscard(object): + module = cp_mgmt_discard + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dns_domain.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dns_domain.py new file mode 100644 index 00000000..09b03155 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dns_domain.py @@ -0,0 +1,112 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_dns_domain + +OBJECT = { + "name": ".www.example.com", + "is_sub_domain": False +} + +CREATE_PAYLOAD = { + "name": ".www.example.com", + "is_sub_domain": False +} + +UPDATE_PAYLOAD = { + "name": ".www.example.com", + "is_sub_domain": True +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": ".www.example.com", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_dns_domain.api_call' +api_call_object = 'dns-domain' + + +class TestCheckpointDnsDomain(object): + module = cp_mgmt_dns_domain + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dns_domain_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dns_domain_facts.py new file mode 100644 index 00000000..3cfbe62b --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dns_domain_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_dns_domain_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'dns-domain' +api_call_object_plural_version = 'dns-domains' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointDnsDomainFacts(object): + module = cp_mgmt_dns_domain_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dynamic_object.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dynamic_object.py new file mode 100644 index 00000000..f168d60d --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dynamic_object.py @@ -0,0 +1,113 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_dynamic_object + +OBJECT = { + "name": "Dynamic_Object_1", + "comments": "My Dynamic Object 1", + "color": "yellow" +} + +CREATE_PAYLOAD = { + "name": "Dynamic_Object_1", + "comments": "My Dynamic Object 1", + "color": "yellow" +} + +UPDATE_PAYLOAD = { + "name": "Dynamic_Object_1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "Dynamic_Object_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_dynamic_object.api_call' +api_call_object = 'dynamic-object' + + +class TestCheckpointDynamicObject(object): + module = cp_mgmt_dynamic_object + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dynamic_object_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dynamic_object_facts.py new file mode 100644 index 00000000..add11efd --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_dynamic_object_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_dynamic_object_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'dynamic-object' +api_call_object_plural_version = 'dynamic-objects' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointDynamicObjectFacts(object): + module = cp_mgmt_dynamic_object_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_exception_group.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_exception_group.py new file mode 100644 index 00000000..7fa127fd --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_exception_group.py @@ -0,0 +1,113 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_exception_group + +OBJECT = { + "name": "exception_group_2", + "apply_on": "manually-select-threat-rules" +} + +CREATE_PAYLOAD = { + "name": "exception_group_2", + "apply_on": "manually-select-threat-rules" +} + +UPDATE_PAYLOAD = { + "name": "exception_group_2", + "tags": "tag3", + "apply_on": "all-threat-rules" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "exception_group_2", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_exception_group.api_call' +api_call_object = 'exception-group' + + +class TestCheckpointExceptionGroup(object): + module = cp_mgmt_exception_group + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_exception_group_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_exception_group_facts.py new file mode 100644 index 00000000..dc3a56ba --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_exception_group_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_exception_group_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'exception-group' +api_call_object_plural_version = 'exception-groups' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointExceptionGroupFacts(object): + module = cp_mgmt_exception_group_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_global_assignment.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_global_assignment.py new file mode 100644 index 00000000..633059c8 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_global_assignment.py @@ -0,0 +1,117 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_global_assignment + +OBJECT = { + "global_domain": "Global", + "dependent_domain": "domain2", + "global_access_policy": "standard", + "global_threat_prevention_policy": "standard", + "manage_protection_actions": True +} + +CREATE_PAYLOAD = { + "global_domain": "Global", + "dependent_domain": "domain2", + "global_access_policy": "standard", + "global_threat_prevention_policy": "standard", + "manage_protection_actions": True +} + +UPDATE_PAYLOAD = { + "global_domain": "Global2", + "dependent_domain": "domain1", + "global_threat_prevention_policy": "", + "manage_protection_actions": False +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = {} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_global_assignment.api_call' +api_call_object = 'global-assignment' + + +class TestCheckpointGlobalAssignment(object): + module = cp_mgmt_global_assignment + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_global_assignment_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_global_assignment_facts.py new file mode 100644 index 00000000..a997ab8d --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_global_assignment_facts.py @@ -0,0 +1,80 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_global_assignment_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = {} + +api_call_object = 'global-assignment' +api_call_object_plural_version = 'global-assignments' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointGlobalAssignmentFacts(object): + module = cp_mgmt_global_assignment_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group.py new file mode 100644 index 00000000..07af4db9 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group.py @@ -0,0 +1,117 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_group + +OBJECT = { + "name": "New Group 5", + "members": [ + "New Host 1", + "My Test Host 3" + ] +} + +CREATE_PAYLOAD = { + "name": "New Group 5", + "members": [ + "New Host 1", + "My Test Host 3" + ] +} + +UPDATE_PAYLOAD = { + "name": "New Group 5" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Group 5", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_group.api_call' +api_call_object = 'group' + + +class TestCheckpointGroup(object): + module = cp_mgmt_group + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_facts.py new file mode 100644 index 00000000..e85b6b74 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_group_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'group' +api_call_object_plural_version = 'groups' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointGroupFacts(object): + module = cp_mgmt_group_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_with_exclusion.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_with_exclusion.py new file mode 100644 index 00000000..188fd75b --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_with_exclusion.py @@ -0,0 +1,115 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_group_with_exclusion + +OBJECT = { + "name": "Group with exclusion", + "include": "New Group 1", + "except": "New Group 2" +} + +CREATE_PAYLOAD = { + "name": "Group with exclusion", + "include": "New Group 1", + "except": "New Group 2" +} + +UPDATE_PAYLOAD = { + "name": "Group with exclusion", + "include": "New Group 2", + "except": "New Group 1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "Group with exclusion", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_group_with_exclusion.api_call' +api_call_object = 'group-with-exclusion' + + +class TestCheckpointGroupWithExclusion(object): + module = cp_mgmt_group_with_exclusion + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_with_exclusion_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_with_exclusion_facts.py new file mode 100644 index 00000000..e819625f --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_group_with_exclusion_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_group_with_exclusion_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'group-with-exclusion' +api_call_object_plural_version = 'groups-with-exclusion' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointGroupWithExclusionFacts(object): + module = cp_mgmt_group_with_exclusion_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_host.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_host.py new file mode 100644 index 00000000..abaa9e3b --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_host.py @@ -0,0 +1,113 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_host + +OBJECT = { + "name": "New Host 1", + "ip_address": "192.0.2.1" +} + +CREATE_PAYLOAD = { + "name": "New Host 1", + "ip_address": "192.0.2.1" +} + +UPDATE_PAYLOAD = { + "name": "New Host 1", + "color": "blue", + "ipv4_address": "192.0.2.2" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Host 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_host.api_call' +api_call_object = 'host' + + +class TestCheckpointHost(object): + module = cp_mgmt_host + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_host_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_host_facts.py new file mode 100644 index 00000000..182aa81e --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_host_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_host_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'host' +api_call_object_plural_version = 'hosts' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointHostFacts(object): + module = cp_mgmt_host_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_https_section.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_https_section.py new file mode 100644 index 00000000..3dc063a3 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_https_section.py @@ -0,0 +1,114 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_https_section + +OBJECT = { + "layer": "Default Layer", + "position": 1, + "name": "New Section 1" +} + +CREATE_PAYLOAD = { + "layer": "Default Layer", + "position": 1, + "name": "New Section 1" +} + +UPDATE_PAYLOAD = { + "layer": "Default Layer", + "name": "New Section 1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Section 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_https_section.api_call' +api_call_object = 'https-section' + + +class TestCheckpointHttpsSection(object): + module = cp_mgmt_https_section + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_install_policy.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_install_policy.py new file mode 100644 index 00000000..3086f5c9 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_install_policy.py @@ -0,0 +1,76 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_install_policy + +PAYLOAD = { + "access": True, + "targets": [ + "corporate-gateway" + ], + "policy_package": "standard", + "threat_prevention": True, + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'install-policy' +failure_msg = '{command failed}' + + +class TestCheckpointInstallPolicy(object): + module = cp_mgmt_install_policy + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_install_software_package.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_install_software_package.py new file mode 100644 index 00000000..4442abbc --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_install_software_package.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_install_software_package + +PAYLOAD = { + "name": "Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'install-software-package' +failure_msg = '{command failed}' + + +class TestCheckpointInstallSoftwarePackage(object): + module = cp_mgmt_install_software_package + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_mds_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_mds_facts.py new file mode 100644 index 00000000..938e4a49 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_mds_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_mds_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'mds' +api_call_object_plural_version = 'mdss' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointMdsFacts(object): + module = cp_mgmt_mds_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_multicast_address_range.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_multicast_address_range.py new file mode 100644 index 00000000..8a68f901 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_multicast_address_range.py @@ -0,0 +1,115 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_multicast_address_range + +OBJECT = { + "name": "New Multicast Address Range", + "ip_address_first": "224.0.0.1", + "ip_address_last": "224.0.0.4" +} + +CREATE_PAYLOAD = { + "name": "New Multicast Address Range", + "ip_address_first": "224.0.0.1", + "ip_address_last": "224.0.0.4" +} + +UPDATE_PAYLOAD = { + "name": "New Multicast Address Range", + "ip_address_first": "224.0.0.7", + "ip_address_last": "224.0.0.10" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Multicast Address Range", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_multicast_address_range.api_call' +api_call_object = 'multicast-address-range' + + +class TestCheckpointMulticastAddressRange(object): + module = cp_mgmt_multicast_address_range + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_multicast_address_range_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_multicast_address_range_facts.py new file mode 100644 index 00000000..3de8fa06 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_multicast_address_range_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_multicast_address_range_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'multicast-address-range' +api_call_object_plural_version = 'multicast-address-ranges' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointMulticastAddressRangeFacts(object): + module = cp_mgmt_multicast_address_range_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_nat_rule_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_nat_rule_facts.py new file mode 100644 index 00000000..eae9cf61 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_nat_rule_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_nat_rule_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'nat-rule' +api_call_object_plural_version = 'nat-rulebase' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointNatRuleFacts(object): + module = cp_mgmt_nat_rule_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_nat_section.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_nat_section.py new file mode 100644 index 00000000..d666ca88 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_nat_section.py @@ -0,0 +1,114 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_nat_section + +OBJECT = { + "package": "standard", + "name": "New Section 1", + "position": 1 +} + +CREATE_PAYLOAD = { + "package": "standard", + "name": "New Section 1", + "position": 1 +} + +UPDATE_PAYLOAD = { + "package": "standard", + "name": "New Section 1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Section 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_nat_section.api_call' +api_call_object = 'nat-section' + + +class TestCheckpointNatSection(object): + module = cp_mgmt_nat_section + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_network.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_network.py new file mode 100644 index 00000000..0935108f --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_network.py @@ -0,0 +1,116 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_network + +OBJECT = { + "name": "New Network 1", + "subnet": "192.0.2.0", + "subnet_mask": "255.255.255.0" +} + +CREATE_PAYLOAD = { + "name": "New Network 1", + "subnet": "192.0.2.0", + "subnet_mask": "255.255.255.0" +} + +UPDATE_PAYLOAD = { + "name": "New Network 1", + "color": "blue", + "subnet": "192.0.0.0", + "mask_length": 16 +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Network 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_network.api_call' +api_call_object = 'network' + + +class TestCheckpointNetwork(object): + module = cp_mgmt_network + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_network_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_network_facts.py new file mode 100644 index 00000000..1302dbba --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_network_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_network_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'network' +api_call_object_plural_version = 'networks' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointNetworkFacts(object): + module = cp_mgmt_network_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_package.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_package.py new file mode 100644 index 00000000..dd389dad --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_package.py @@ -0,0 +1,133 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_package + +OBJECT = { + "name": "New_Standard_Package_1", + "comments": "My Comments", + "color": "orange", + "access": True, + "threat_prevention": False +} + +CREATE_PAYLOAD = { + "name": "New_Standard_Package_1", + "comments": "My Comments", + "color": "orange", + "access": True, + "threat_prevention": False +} + +UPDATE_PAYLOAD = { + "name": "New_Standard_Package_1", + "access_layers": { + "add": [ + { + "name": "New Access Layer 1", + "position": 1 + } + ] + }, + "threat_layers": { + "add": [ + { + "name": "New Layer 1", + "position": 2 + } + ] + } +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_Standard_Package_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_package.api_call' +api_call_object = 'package' + + +class TestCheckpointPackage(object): + module = cp_mgmt_package + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_package_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_package_facts.py new file mode 100644 index 00000000..fbb825b3 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_package_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_package_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'package' +api_call_object_plural_version = 'packages' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointPackageFacts(object): + module = cp_mgmt_package_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_publish.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_publish.py new file mode 100644 index 00000000..bcce0851 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_publish.py @@ -0,0 +1,70 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_publish + +PAYLOAD = { + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'publish' +failure_msg = '{command failed}' + + +class TestCheckpointPublish(object): + module = cp_mgmt_publish + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_put_file.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_put_file.py new file mode 100644 index 00000000..7ad11efa --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_put_file.py @@ -0,0 +1,76 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_put_file + +PAYLOAD = { + "targets": [ + "corporate-gateway" + ], + "file_path": "/home/admin/", + "file_name": "vsx_conf", + "file_content": "vs ip 192.0.2.1\nvs2 ip 192.0.2.2", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'put-file' +failure_msg = '{command failed}' + + +class TestCheckpointPutFile(object): + module = cp_mgmt_put_file + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_run_ips_update.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_run_ips_update.py new file mode 100644 index 00000000..7202790a --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_run_ips_update.py @@ -0,0 +1,70 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_run_ips_update + +PAYLOAD = { + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'run-ips-update' +failure_msg = '{command failed}' + + +class TestCheckpointRunIpsUpdate(object): + module = cp_mgmt_run_ips_update + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_run_script.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_run_script.py new file mode 100644 index 00000000..730b5bff --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_run_script.py @@ -0,0 +1,75 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_run_script + +PAYLOAD = { + "script": "ls -l /", + "targets": [ + "corporate-gateway" + ], + "script_name": "Script Example: List files under / dir", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'run-script' +failure_msg = '{command failed}' + + +class TestCheckpointRunScript(object): + module = cp_mgmt_run_script + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_security_zone.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_security_zone.py new file mode 100644 index 00000000..13ef758b --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_security_zone.py @@ -0,0 +1,113 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_security_zone + +OBJECT = { + "name": "SZone1", + "comments": "My Security Zone 1", + "color": "yellow" +} + +CREATE_PAYLOAD = { + "name": "SZone1", + "comments": "My Security Zone 1", + "color": "yellow" +} + +UPDATE_PAYLOAD = { + "name": "SZone1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "SZone1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_security_zone.api_call' +api_call_object = 'security-zone' + + +class TestCheckpointSecurityZone(object): + module = cp_mgmt_security_zone + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_security_zone_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_security_zone_facts.py new file mode 100644 index 00000000..3fa95f4d --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_security_zone_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_security_zone_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'security-zone' +api_call_object_plural_version = 'security-zones' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointSecurityZoneFacts(object): + module = cp_mgmt_security_zone_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_dce_rpc.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_dce_rpc.py new file mode 100644 index 00000000..d8fd216a --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_dce_rpc.py @@ -0,0 +1,115 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_dce_rpc + +OBJECT = { + "name": "New_DCE-RPC_Service_1", + "interface_uuid": "97aeb460-9aea-11d5-bd16-0090272ccb30", + "keep_connections_open_after_policy_installation": False +} + +CREATE_PAYLOAD = { + "name": "New_DCE-RPC_Service_1", + "interface_uuid": "97aeb460-9aea-11d5-bd16-0090272ccb30", + "keep_connections_open_after_policy_installation": False +} + +UPDATE_PAYLOAD = { + "name": "New_DCE-RPC_Service_1", + "color": "blue", + "interface_uuid": "44aeb460-9aea-11d5-bd16-009027266b30" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_DCE-RPC_Service_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_dce_rpc.api_call' +api_call_object = 'service-dce-rpc' + + +class TestCheckpointServiceDceRpc(object): + module = cp_mgmt_service_dce_rpc + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_dce_rpc_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_dce_rpc_facts.py new file mode 100644 index 00000000..f06c615a --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_dce_rpc_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_dce_rpc_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-dce-rpc' +api_call_object_plural_version = 'services-dce-rpc' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceDceRpcFacts(object): + module = cp_mgmt_service_dce_rpc_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_group.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_group.py new file mode 100644 index 00000000..f325f873 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_group.py @@ -0,0 +1,121 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_group + +OBJECT = { + "name": "New Service Group 1", + "members": [ + "https", + "bootp", + "nisplus", + "HP-OpCdistm" + ] +} + +CREATE_PAYLOAD = { + "name": "New Service Group 1", + "members": [ + "https", + "bootp", + "nisplus", + "HP-OpCdistm" + ] +} + +UPDATE_PAYLOAD = { + "name": "New Service Group 1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Service Group 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_group.api_call' +api_call_object = 'service-group' + + +class TestCheckpointServiceGroup(object): + module = cp_mgmt_service_group + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_group_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_group_facts.py new file mode 100644 index 00000000..2457157c --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_group_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_group_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-group' +api_call_object_plural_version = 'service-groups' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceGroupFacts(object): + module = cp_mgmt_service_group_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp.py new file mode 100644 index 00000000..173dfec1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp.py @@ -0,0 +1,115 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_icmp + +OBJECT = { + "name": "Icmp1", + "icmp_type": 5, + "icmp_code": 7 +} + +CREATE_PAYLOAD = { + "name": "Icmp1", + "icmp_type": 5, + "icmp_code": 7 +} + +UPDATE_PAYLOAD = { + "name": "Icmp1", + "icmp_type": 45, + "icmp_code": 13 +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "Icmp1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_icmp.api_call' +api_call_object = 'service-icmp' + + +class TestCheckpointServiceIcmp(object): + module = cp_mgmt_service_icmp + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp6.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp6.py new file mode 100644 index 00000000..2194bed2 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp6.py @@ -0,0 +1,115 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_icmp6 + +OBJECT = { + "name": "Icmp1", + "icmp_type": 5, + "icmp_code": 7 +} + +CREATE_PAYLOAD = { + "name": "Icmp1", + "icmp_type": 5, + "icmp_code": 7 +} + +UPDATE_PAYLOAD = { + "name": "Icmp1", + "icmp_type": 45, + "icmp_code": 13 +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "Icmp1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_icmp6.api_call' +api_call_object = 'service-icmp6' + + +class TestCheckpointServiceIcmp6(object): + module = cp_mgmt_service_icmp6 + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp6_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp6_facts.py new file mode 100644 index 00000000..7ac4fd7a --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp6_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_icmp6_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-icmp6' +api_call_object_plural_version = 'services-icmp6' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceIcmp6Facts(object): + module = cp_mgmt_service_icmp6_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp_facts.py new file mode 100644 index 00000000..c5979e7f --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_icmp_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_icmp_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-icmp' +api_call_object_plural_version = 'services-icmp' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceIcmpFacts(object): + module = cp_mgmt_service_icmp_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_other.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_other.py new file mode 100644 index 00000000..993481cc --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_other.py @@ -0,0 +1,133 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_other + +OBJECT = { + "name": "New_Service_1", + "keep_connections_open_after_policy_installation": False, + "session_timeout": 0, + "match_for_any": True, + "sync_connections_on_cluster": True, + "ip_protocol": 51, + "aggressive_aging": { + "enable": True, + "timeout": 360, + "use_default_timeout": False + } +} + +CREATE_PAYLOAD = { + "name": "New_Service_1", + "keep_connections_open_after_policy_installation": False, + "session_timeout": 0, + "match_for_any": True, + "sync_connections_on_cluster": True, + "ip_protocol": 51, + "aggressive_aging": { + "enable": True, + "timeout": 360, + "use_default_timeout": False + } +} + +UPDATE_PAYLOAD = { + "name": "New_Service_1", + "color": "blue", + "aggressive_aging": { + "default_timeout": 3600 + } +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_Service_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_other.api_call' +api_call_object = 'service-other' + + +class TestCheckpointServiceOther(object): + module = cp_mgmt_service_other + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_other_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_other_facts.py new file mode 100644 index 00000000..ea8af4e1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_other_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_other_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-other' +api_call_object_plural_version = 'services-other' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceOtherFacts(object): + module = cp_mgmt_service_other_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_rpc.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_rpc.py new file mode 100644 index 00000000..da12b433 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_rpc.py @@ -0,0 +1,115 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_rpc + +OBJECT = { + "name": "New_RPC_Service_1", + "program_number": 5669, + "keep_connections_open_after_policy_installation": False +} + +CREATE_PAYLOAD = { + "name": "New_RPC_Service_1", + "program_number": 5669, + "keep_connections_open_after_policy_installation": False +} + +UPDATE_PAYLOAD = { + "name": "New_RPC_Service_1", + "color": "blue", + "program_number": 5656 +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_RPC_Service_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_rpc.api_call' +api_call_object = 'service-rpc' + + +class TestCheckpointServiceRpc(object): + module = cp_mgmt_service_rpc + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_rpc_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_rpc_facts.py new file mode 100644 index 00000000..88aa379e --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_rpc_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_rpc_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-rpc' +api_call_object_plural_version = 'services-rpc' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceRpcFacts(object): + module = cp_mgmt_service_rpc_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_sctp.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_sctp.py new file mode 100644 index 00000000..70296bc4 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_sctp.py @@ -0,0 +1,134 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_sctp + +OBJECT = { + "name": "New_SCTP_Service_1", + "port": 5669, + "keep_connections_open_after_policy_installation": False, + "session_timeout": 0, + "match_for_any": True, + "sync_connections_on_cluster": True, + "aggressive_aging": { + "enable": True, + "timeout": 360, + "use_default_timeout": False + } +} + +CREATE_PAYLOAD = { + "name": "New_SCTP_Service_1", + "port": 5669, + "keep_connections_open_after_policy_installation": False, + "session_timeout": 0, + "match_for_any": True, + "sync_connections_on_cluster": True, + "aggressive_aging": { + "enable": True, + "timeout": 360, + "use_default_timeout": False + } +} + +UPDATE_PAYLOAD = { + "name": "New_SCTP_Service_1", + "color": "blue", + "port": 5656, + "aggressive_aging": { + "default_timeout": 3600 + } +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_SCTP_Service_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_sctp.api_call' +api_call_object = 'service-sctp' + + +class TestCheckpointServiceSctp(object): + module = cp_mgmt_service_sctp + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_sctp_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_sctp_facts.py new file mode 100644 index 00000000..fe05693d --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_sctp_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_sctp_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-sctp' +api_call_object_plural_version = 'services-sctp' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceSctpFacts(object): + module = cp_mgmt_service_sctp_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_tcp.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_tcp.py new file mode 100644 index 00000000..347606f0 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_tcp.py @@ -0,0 +1,134 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_tcp + +OBJECT = { + "name": "New_TCP_Service_1", + "port": 5669, + "keep_connections_open_after_policy_installation": False, + "session_timeout": 0, + "match_for_any": True, + "sync_connections_on_cluster": True, + "aggressive_aging": { + "enable": True, + "timeout": 360, + "use_default_timeout": False + } +} + +CREATE_PAYLOAD = { + "name": "New_TCP_Service_1", + "port": 5669, + "keep_connections_open_after_policy_installation": False, + "session_timeout": 0, + "match_for_any": True, + "sync_connections_on_cluster": True, + "aggressive_aging": { + "enable": True, + "timeout": 360, + "use_default_timeout": False + } +} + +UPDATE_PAYLOAD = { + "name": "New_TCP_Service_1", + "color": "blue", + "port": 5656, + "aggressive_aging": { + "default_timeout": 3600 + } +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_TCP_Service_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_tcp.api_call' +api_call_object = 'service-tcp' + + +class TestCheckpointServiceTcp(object): + module = cp_mgmt_service_tcp + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_tcp_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_tcp_facts.py new file mode 100644 index 00000000..25c087db --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_tcp_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_tcp_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-tcp' +api_call_object_plural_version = 'services-tcp' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceTcpFacts(object): + module = cp_mgmt_service_tcp_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_udp.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_udp.py new file mode 100644 index 00000000..c8c80340 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_udp.py @@ -0,0 +1,137 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_udp + +OBJECT = { + "name": "New_UDP_Service_1", + "port": 5669, + "keep_connections_open_after_policy_installation": False, + "session_timeout": 0, + "match_for_any": True, + "sync_connections_on_cluster": True, + "aggressive_aging": { + "enable": True, + "timeout": 360, + "use_default_timeout": False + }, + "accept_replies": False +} + +CREATE_PAYLOAD = { + "name": "New_UDP_Service_1", + "port": 5669, + "keep_connections_open_after_policy_installation": False, + "session_timeout": 0, + "match_for_any": True, + "sync_connections_on_cluster": True, + "aggressive_aging": { + "enable": True, + "timeout": 360, + "use_default_timeout": False + }, + "accept_replies": False +} + +UPDATE_PAYLOAD = { + "name": "New_UDP_Service_1", + "color": "blue", + "port": 5656, + "aggressive_aging": { + "default_timeout": 3600 + }, + "accept_replies": True +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_UDP_Service_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_service_udp.api_call' +api_call_object = 'service-udp' + + +class TestCheckpointServiceUdp(object): + module = cp_mgmt_service_udp + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_udp_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_udp_facts.py new file mode 100644 index 00000000..f213be30 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_service_udp_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_service_udp_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'service-udp' +api_call_object_plural_version = 'services-udp' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointServiceUdpFacts(object): + module = cp_mgmt_service_udp_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_session_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_session_facts.py new file mode 100644 index 00000000..88485836 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_session_facts.py @@ -0,0 +1,80 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_session_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = {} + +api_call_object = 'session' +api_call_object_plural_version = 'sessions' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointSessionFacts(object): + module = cp_mgmt_session_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_set_nat_rule.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_set_nat_rule.py new file mode 100644 index 00000000..9defa2bc --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_set_nat_rule.py @@ -0,0 +1,75 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_set_nat_rule + +PAYLOAD = { + "package": "standard", + "enabled": False, + "comments": "rule for RND members RNDNetwork-> RND to Internal Network", + "original_service": "ssh_version_2", + "original_source": "Any", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'set-nat-rule' +failure_msg = '{command failed}' + + +class TestCheckpointSetNatRule(object): + module = cp_mgmt_set_nat_rule + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_set_session.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_set_session.py new file mode 100644 index 00000000..10886f46 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_set_session.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible.modules.network.check_point import cp_mgmt_set_session + +PAYLOAD = { + "description": "Session to work on ticket number CR00323665", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'set-session' +failure_msg = '{command failed}' + + +class TestCheckpointSetSession(object): + module = cp_mgmt_set_session + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_access_section.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_access_section.py new file mode 100644 index 00000000..78af3cde --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_access_section.py @@ -0,0 +1,72 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_show_access_section + +PAYLOAD = { + "layer": "Network", + "name": "New Section 1", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'show-access-section' +failure_msg = '{command failed}' + + +class TestCheckpointShowAccessSection(object): + module = cp_mgmt_show_access_section + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_https_section.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_https_section.py new file mode 100644 index 00000000..91080ea5 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_https_section.py @@ -0,0 +1,72 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_show_https_section + +PAYLOAD = { + "layer": "Default Layer", + "name": "New Section 1", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'show-https-section' +failure_msg = '{command failed}' + + +class TestCheckpointShowHttpsSection(object): + module = cp_mgmt_show_https_section + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_logs.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_logs.py new file mode 100644 index 00000000..ca87d46b --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_logs.py @@ -0,0 +1,75 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_show_logs + +PAYLOAD = { + "new_query": { + "filter": "blade:\"Threat Emulation\"", + "time_frame": "today", + "max_logs_per_request": "2" + }, + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'show-logs' +failure_msg = '{command failed}' + + +class TestCheckpointShowLogs(object): + module = cp_mgmt_show_logs + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_nat_section.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_nat_section.py new file mode 100644 index 00000000..41b0d22a --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_nat_section.py @@ -0,0 +1,72 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_show_nat_section + +PAYLOAD = { + "package": "standard", + "name": "New Section 1", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'show-nat-section' +failure_msg = '{command failed}' + + +class TestCheckpointShowNatSection(object): + module = cp_mgmt_show_nat_section + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_software_package_details.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_software_package_details.py new file mode 100644 index 00000000..71f58187 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_show_software_package_details.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_show_software_package_details + +PAYLOAD = { + "name": "Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'show-software-package-details' +failure_msg = '{command failed}' + + +class TestCheckpointShowSoftwarePackageDetails(object): + module = cp_mgmt_show_software_package_details + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_simple_gateway.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_simple_gateway.py new file mode 100644 index 00000000..7dce34d8 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_simple_gateway.py @@ -0,0 +1,117 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_simple_gateway + +OBJECT = { + "name": "gw1", + "ip_address": "192.0.2.1" +} + +CREATE_PAYLOAD = { + "name": "gw1", + "ip_address": "192.0.2.1" +} + +UPDATE_PAYLOAD = { + "name": "gw1", + "ips": True, + "application_control": True, + "url_filtering": True, + "anti_bot": True, + "anti_virus": True, + "threat_emulation": True +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "gw1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_simple_gateway.api_call' +api_call_object = 'simple-gateway' + + +class TestCheckpointSimpleGateway(object): + module = cp_mgmt_simple_gateway + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_simple_gateway_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_simple_gateway_facts.py new file mode 100644 index 00000000..f89d476d --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_simple_gateway_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_simple_gateway_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'simple-gateway' +api_call_object_plural_version = 'simple-gateways' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointSimpleGatewayFacts(object): + module = cp_mgmt_simple_gateway_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_tag.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_tag.py new file mode 100644 index 00000000..5f2e7c0e --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_tag.py @@ -0,0 +1,117 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_tag + +OBJECT = { + "name": "My New Tag1", + "tags": [ + "tag1", + "tag2" + ] +} + +CREATE_PAYLOAD = { + "name": "My New Tag1", + "tags": [ + "tag1", + "tag2" + ] +} + +UPDATE_PAYLOAD = { + "name": "My New Tag1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "My New Tag1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_tag.api_call' +api_call_object = 'tag' + + +class TestCheckpointTag(object): + module = cp_mgmt_tag + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_tag_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_tag_facts.py new file mode 100644 index 00000000..cb41722b --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_tag_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_tag_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'tag' +api_call_object_plural_version = 'tags' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointTagFacts(object): + module = cp_mgmt_tag_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_exception.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_exception.py new file mode 100644 index 00000000..d9f4e183 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_exception.py @@ -0,0 +1,119 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_exception + +OBJECT = { + "layer": "New Layer 1", + "name": "Exception Rule", + "track": "Log", + "rule_name": "First rule", + "protected_scope": "All_Internet" +} + +CREATE_PAYLOAD = { + "layer": "New Layer 1", + "name": "Exception Rule", + "track": "Log", + "rule_name": "First rule", + "protected_scope": "All_Internet" +} + +UPDATE_PAYLOAD = { + "name": "Exception Rule", + "layer": "New Layer 1", + "rule_name": "First rule", +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "Exception Rule", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_threat_exception.api_call' +api_call_object = 'threat-exception' + + +class TestCheckpointThreatException(object): + module = cp_mgmt_threat_exception + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_exception_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_exception_facts.py new file mode 100644 index 00000000..dd4881d0 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_exception_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_exception_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'threat-exception' +api_call_object_plural_version = 'threat-rule-exception-rulebase' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointThreatExceptionFacts(object): + module = cp_mgmt_threat_exception_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_indicator.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_indicator.py new file mode 100644 index 00000000..e004acc5 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_indicator.py @@ -0,0 +1,145 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_indicator + +OBJECT = { + "name": "My_Indicator", + "observables": [ + { + "name": "My_Observable", + "mail-to": "someone@somewhere.com", + "confidence": "medium", + "severity": "low", + "product": "AV" + } + ], + "action": "Inactive", + "profile_overrides": [ + { + "profile": "My_Profile", + "action": "detect" + } + ], + "ignore_warnings": True +} + +CREATE_PAYLOAD = { + "name": "My_Indicator", + "observables": [ + { + "name": "My_Observable", + "mail-to": "someone@somewhere.com", + "confidence": "medium", + "severity": "low", + "product": "AV" + } + ], + "action": "Inactive", + "profile_overrides": [ + { + "profile": "My_Profile", + "action": "detect" + } + ], + "ignore_warnings": True +} + +UPDATE_PAYLOAD = { + "name": "My_Indicator", + "action": "Inactive", + "ignore_warnings": True +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "My_Indicator", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_threat_indicator.api_call' +api_call_object = 'threat-indicator' + + +class TestCheckpointThreatIndicator(object): + module = cp_mgmt_threat_indicator + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_indicator_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_indicator_facts.py new file mode 100644 index 00000000..12ec3d5c --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_indicator_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_indicator_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'threat-indicator' +api_call_object_plural_version = 'threat-indicators' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointThreatIndicatorFacts(object): + module = cp_mgmt_threat_indicator_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_layer.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_layer.py new file mode 100644 index 00000000..c10c2584 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_layer.py @@ -0,0 +1,109 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_layer + +OBJECT = { + "name": "New Layer 1" +} + +CREATE_PAYLOAD = { + "name": "New Layer 1" +} + +UPDATE_PAYLOAD = { + "name": "New Layer 1" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Layer 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_threat_layer.api_call' +api_call_object = 'threat-layer' + + +class TestCheckpointThreatLayer(object): + module = cp_mgmt_threat_layer + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_layer_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_layer_facts.py new file mode 100644 index 00000000..25892596 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_layer_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_layer_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'threat-layer' +api_call_object_plural_version = 'threat-layers' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointThreatLayerFacts(object): + module = cp_mgmt_threat_layer_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_profile.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_profile.py new file mode 100644 index 00000000..b786d052 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_profile.py @@ -0,0 +1,150 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_profile + +OBJECT = { + "name": "New Profile 1", + "ips": True, + "active_protections_performance_impact": "low", + "active_protections_severity": "Critical", + "confidence_level_medium": "Inactive", + "confidence_level_high": "Inactive", + "threat_emulation": True, + "anti_virus": True, + "anti_bot": True, + "ips_settings": { + "newly_updated_protections": "staging", + "exclude_protection_with_performance_impact": True, + "exclude_protection_with_performance_impact_mode": "high or lower" + } +} + +CREATE_PAYLOAD = { + "name": "New Profile 1", + "ips": True, + "active_protections_performance_impact": "low", + "active_protections_severity": "Critical", + "confidence_level_medium": "Inactive", + "confidence_level_high": "Inactive", + "threat_emulation": True, + "anti_virus": True, + "anti_bot": True, + "ips_settings": { + "newly_updated_protections": "staging", + "exclude_protection_with_performance_impact": True, + "exclude_protection_with_performance_impact_mode": "high or lower" + } +} + +UPDATE_PAYLOAD = { + "name": "New Profile 1", + "comments": "update recommended profile", + "ips": False, + "active_protections_performance_impact": "low", + "active_protections_severity": "Critical", + "confidence_level_low": "Inactive", + "confidence_level_medium": "Inactive", + "confidence_level_high": "Inactive", + "threat_emulation": True, + "anti_virus": False, + "anti_bot": True, + "ips_settings": { + "newly_updated_protections": "active", + "exclude_protection_with_performance_impact": True, + "exclude_protection_with_performance_impact_mode": "high or lower" + } +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Profile 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_threat_profile.api_call' +api_call_object = 'threat-profile' + + +class TestCheckpointThreatProfile(object): + module = cp_mgmt_threat_profile + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_profile_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_profile_facts.py new file mode 100644 index 00000000..7ab8f8e3 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_profile_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_profile_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'threat-profile' +api_call_object_plural_version = 'threat-profiles' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointThreatProfileFacts(object): + module = cp_mgmt_threat_profile_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_protection_override.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_protection_override.py new file mode 100644 index 00000000..43572141 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_protection_override.py @@ -0,0 +1,79 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_protection_override + +PAYLOAD = { + "name": "FTP Commands", + "overrides": [ + { + "profile": "New Profile 1", + "action": "inactive", + "track": "None", + "capture-packets": True + } + ], + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'set-threat-protection' +failure_msg = '{command failed}' + + +class TestCheckpointThreatProtectionOverride(object): + module = cp_mgmt_threat_protection_override + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_rule.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_rule.py new file mode 100644 index 00000000..b300b024 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_rule.py @@ -0,0 +1,124 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_rule + +OBJECT = { + "layer": "New Layer 1", + "name": "First threat rule", + "comments": "", + "track": "None", + "protected_scope": "All_Internet", + "install_on": "Policy Targets" +} + +CREATE_PAYLOAD = { + "layer": "New Layer 1", + "name": "First threat rule", + "comments": "", + "track": "None", + "protected_scope": "All_Internet", + "install_on": "Policy Targets" +} + +UPDATE_PAYLOAD = { + "layer": "New Layer 1", + "comments": "commnet for the first rule", + "action": "New Profile 1", + "name": "First threat rule", + "protected_scope": "All_Internet", + "install_on": "Policy Targets" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "First threat rule", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_threat_rule.api_call' +api_call_object = 'threat-rule' + + +class TestCheckpointThreatRule(object): + module = cp_mgmt_threat_rule + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_rule_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_rule_facts.py new file mode 100644 index 00000000..13491cbe --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_threat_rule_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_threat_rule_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'threat-rule' +api_call_object_plural_version = 'threat-rulebase' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointThreatRuleFacts(object): + module = cp_mgmt_threat_rule_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_time.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_time.py new file mode 100644 index 00000000..c1f336d9 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_time.py @@ -0,0 +1,184 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_time + +OBJECT = { + "name": "timeObject1", + "end": { + "date": "24-Nov-2014", + "time": "21:22" + }, + "recurrence": { + "pattern": "Daily", + "month": "Any", + "weekdays": [ + "Sun", + "Mon" + ], + "days": [ + "1" + ] + }, + "start_now": True, + "end_never": False, + "hours_ranges": [ + { + "from": "00:00", + "to": "00:00", + "enabled": True, + "index": 1 + }, + { + "from": "00:00", + "to": "00:00", + "enabled": False, + "index": 2 + } + ] +} + +CREATE_PAYLOAD = { + "name": "timeObject1", + "end": { + "date": "24-Nov-2014", + "time": "21:22" + }, + "recurrence": { + "pattern": "Daily", + "month": "Any", + "weekdays": [ + "Sun", + "Mon" + ], + "days": [ + "1" + ] + }, + "start_now": True, + "end_never": False, + "hours_ranges": [ + { + "from": "00:00", + "to": "00:00", + "enabled": True, + "index": 1 + }, + { + "from": "00:00", + "to": "00:00", + "enabled": False, + "index": 2 + } + ] +} + +UPDATE_PAYLOAD = { + "name": "timeObject1", + "recurrence": { + "pattern": "Weekly", + "weekdays": [ + "Fri" + ], + "month": "Any" + }, + "hours_ranges": [ + { + "from": "00:22", + "to": "00:33" + } + ] +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "timeObject1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_time.api_call' +api_call_object = 'time' + + +class TestCheckpointTime(object): + module = cp_mgmt_time + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_time_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_time_facts.py new file mode 100644 index 00000000..c44c962e --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_time_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_time_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'time' +api_call_object_plural_version = 'times' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointTimeFacts(object): + module = cp_mgmt_time_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_uninstall_software_package.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_uninstall_software_package.py new file mode 100644 index 00000000..09bb5c37 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_uninstall_software_package.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_uninstall_software_package + +PAYLOAD = { + "name": "Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'uninstall-software-package' +failure_msg = '{command failed}' + + +class TestCheckpointUninstallSoftwarePackage(object): + module = cp_mgmt_uninstall_software_package + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_verify_policy.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_verify_policy.py new file mode 100644 index 00000000..bd708bff --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_verify_policy.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_verify_policy + +PAYLOAD = { + "policy_package": "standard", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'verify-policy' +failure_msg = '{command failed}' + + +class TestCheckpointVerifyPolicy(object): + module = cp_mgmt_verify_policy + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_verify_software_package.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_verify_software_package.py new file mode 100644 index 00000000..8a89e42f --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_verify_software_package.py @@ -0,0 +1,71 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_verify_software_package + +PAYLOAD = { + "name": "Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz", + "wait_for_task": False +} + +RETURN_PAYLOAD = { + "task-id": "53de74b7-8f19-4cbe-99fc-a81ef0759bad" +} + +command = 'verify-software-package' +failure_msg = '{command failed}' + + +class TestCheckpointVerifySoftwarePackage(object): + module = cp_mgmt_verify_software_package + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_command(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, RETURN_PAYLOAD) + result = self._run_module(PAYLOAD) + + assert result['changed'] + assert RETURN_PAYLOAD == result[command] + + def test_command_fail(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(PAYLOAD) + except Exception as e: + result = e.args[0] + + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_meshed.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_meshed.py new file mode 100644 index 00000000..82ce2929 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_meshed.py @@ -0,0 +1,142 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_vpn_community_meshed + +OBJECT = { + "name": "New_VPN_Community_Meshed_1", + "encryption_method": "prefer ikev2 but support ikev1", + "encryption_suite": "custom", + "ike_phase_1": { + "data_integrity": "sha1", + "encryption_algorithm": "aes-128", + "diffie_hellman_group": "group-1" + }, + "ike_phase_2": { + "data_integrity": "aes-xcbc", + "encryption_algorithm": "aes-gcm-128" + } +} + +CREATE_PAYLOAD = { + "name": "New_VPN_Community_Meshed_1", + "encryption_method": "prefer ikev2 but support ikev1", + "encryption_suite": "custom", + "ike_phase_1": { + "data_integrity": "sha1", + "encryption_algorithm": "aes-128", + "diffie_hellman_group": "group-1" + }, + "ike_phase_2": { + "data_integrity": "aes-xcbc", + "encryption_algorithm": "aes-gcm-128" + } +} + +UPDATE_PAYLOAD = { + "name": "New_VPN_Community_Meshed_1", + "encryption_method": "ikev2 only", + "encryption_suite": "custom", + "ike_phase_1": { + "data_integrity": "sha1", + "encryption_algorithm": "aes-128", + "diffie_hellman_group": "group-1" + }, + "ike_phase_2": { + "data_integrity": "aes-xcbc", + "encryption_algorithm": "aes-gcm-128" + } +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_VPN_Community_Meshed_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_vpn_community_meshed.api_call' +api_call_object = 'vpn-community-meshed' + + +class TestCheckpointVpnCommunityMeshed(object): + module = cp_mgmt_vpn_community_meshed + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_meshed_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_meshed_facts.py new file mode 100644 index 00000000..2b0b8404 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_meshed_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_vpn_community_meshed_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'vpn-community-meshed' +api_call_object_plural_version = 'vpn-communities-meshed' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointVpnCommunityMeshedFacts(object): + module = cp_mgmt_vpn_community_meshed_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_star.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_star.py new file mode 100644 index 00000000..5bea660f --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_star.py @@ -0,0 +1,148 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_vpn_community_star + +OBJECT = { + "name": "New_VPN_Community_Star_1", + "center_gateways": [ + "Second_Security_Gateway" + ], + "encryption_method": "prefer ikev2 but support ikev1", + "encryption_suite": "custom", + "ike_phase_1": { + "data_integrity": "sha1", + "encryption_algorithm": "aes-128", + "diffie_hellman_group": "group-1" + }, + "ike_phase_2": { + "data_integrity": "aes-xcbc", + "encryption_algorithm": "aes-gcm-128" + } +} + +CREATE_PAYLOAD = { + "name": "New_VPN_Community_Star_1", + "center_gateways": [ + "Second_Security_Gateway" + ], + "encryption_method": "prefer ikev2 but support ikev1", + "encryption_suite": "custom", + "ike_phase_1": { + "data_integrity": "sha1", + "encryption_algorithm": "aes-128", + "diffie_hellman_group": "group-1" + }, + "ike_phase_2": { + "data_integrity": "aes-xcbc", + "encryption_algorithm": "aes-gcm-128" + } +} + +UPDATE_PAYLOAD = { + "name": "New_VPN_Community_Star_1", + "encryption_method": "ikev2 only", + "encryption_suite": "custom", + "ike_phase_1": { + "data_integrity": "sha1", + "encryption_algorithm": "aes-128", + "diffie_hellman_group": "group-1" + }, + "ike_phase_2": { + "data_integrity": "aes-xcbc", + "encryption_algorithm": "aes-gcm-128" + } +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New_VPN_Community_Star_1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_vpn_community_star.api_call' +api_call_object = 'vpn-community-star' + + +class TestCheckpointVpnCommunityStar(object): + module = cp_mgmt_vpn_community_star + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_star_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_star_facts.py new file mode 100644 index 00000000..34a2d1dc --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_vpn_community_star_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_vpn_community_star_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'vpn-community-star' +api_call_object_plural_version = 'vpn-communities-star' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointVpnCommunityStarFacts(object): + module = cp_mgmt_vpn_community_star_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_wildcard.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_wildcard.py new file mode 100644 index 00000000..c0a5090e --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_wildcard.py @@ -0,0 +1,116 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_wildcard + +OBJECT = { + "name": "New Wildcard 1", + "ipv4_address": "192.168.2.1", + "ipv4_mask_wildcard": "0.0.0.128" +} + +CREATE_PAYLOAD = { + "name": "New Wildcard 1", + "ipv4_address": "192.168.2.1", + "ipv4_mask_wildcard": "0.0.0.128" +} + +UPDATE_PAYLOAD = { + "name": "New Wildcard 1", + "color": "blue", + "ipv6_address": "2001:db8::1111", + "ipv6_mask_wildcard": "ffff:ffff::f0f0" +} + +OBJECT_AFTER_UPDATE = UPDATE_PAYLOAD + +DELETE_PAYLOAD = { + "name": "New Wildcard 1", + "state": "absent" +} + +function_path = 'ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_wildcard.api_call' +api_call_object = 'wildcard' + + +class TestCheckpointWildcard(object): + module = cp_mgmt_wildcard + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_create(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert result['changed'] + assert OBJECT.items() == result[api_call_object].items() + + def test_create_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT} + result = self._run_module(CREATE_PAYLOAD) + + assert not result['changed'] + + def test_update(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert result['changed'] + assert OBJECT_AFTER_UPDATE.items() == result[api_call_object].items() + + def test_update_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False, api_call_object: OBJECT_AFTER_UPDATE} + result = self._run_module(UPDATE_PAYLOAD) + + assert not result['changed'] + + def test_delete(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': True} + result = self._run_module(DELETE_PAYLOAD) + + assert result['changed'] + + def test_delete_idempotent(self, mocker, connection_mock): + mock_function = mocker.patch(function_path) + mock_function.return_value = {'changed': False} + result = self._run_module(DELETE_PAYLOAD) + + assert not result['changed'] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_wildcard_facts.py b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_wildcard_facts.py new file mode 100644 index 00000000..a16c3fe8 --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/modules/test_cp_mgmt_wildcard_facts.py @@ -0,0 +1,82 @@ +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import pytest +from units.modules.utils import set_module_args, exit_json, fail_json, AnsibleExitJson + +from ansible.module_utils import basic +from ansible_collections.check_point.mgmt.plugins.modules import cp_mgmt_wildcard_facts + +OBJECT = { + "from": 1, + "to": 1, + "total": 6, + "objects": [ + "53de74b7-8f19-4cbe-99fc-a81ef0759bad" + ] +} + +SHOW_PLURAL_PAYLOAD = { + 'limit': 1, + 'details_level': 'uid' +} + +SHOW_SINGLE_PAYLOAD = { + 'name': 'object_which_is_not_exist' +} + +api_call_object = 'wildcard' +api_call_object_plural_version = 'wildcards' +failure_msg = '''{u'message': u'Requested object [object_which_is_not_exist] not found', u'code': u'generic_err_object_not_found'}''' + + +class TestCheckpointWildcardFacts(object): + module = cp_mgmt_wildcard_facts + + @pytest.fixture(autouse=True) + def module_mock(self, mocker): + return mocker.patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) + + @pytest.fixture + def connection_mock(self, mocker): + connection_class_mock = mocker.patch('ansible.module_utils.network.checkpoint.checkpoint.Connection') + return connection_class_mock.return_value + + def test_show_single_object_which_is_not_exist(self, mocker, connection_mock): + connection_mock.send_request.return_value = (404, failure_msg) + try: + result = self._run_module(SHOW_SINGLE_PAYLOAD) + except Exception as e: + result = e.args[0] + + assert result['failed'] + assert 'Checkpoint device returned error 404 with message ' + failure_msg == result['msg'] + + def test_show_few_objects(self, mocker, connection_mock): + connection_mock.send_request.return_value = (200, OBJECT) + result = self._run_module(SHOW_PLURAL_PAYLOAD) + + assert not result['changed'] + assert OBJECT == result['ansible_facts'][api_call_object_plural_version] + + def _run_module(self, module_args): + set_module_args(module_args) + with pytest.raises(AnsibleExitJson) as ex: + self.module.main() + return ex.value.args[0] diff --git a/ansible_collections/check_point/mgmt/tests/units/plugins/httpapi/test_checkpoint.py b/ansible_collections/check_point/mgmt/tests/units/plugins/httpapi/test_checkpoint.py new file mode 100644 index 00000000..32ac0b0f --- /dev/null +++ b/ansible_collections/check_point/mgmt/tests/units/plugins/httpapi/test_checkpoint.py @@ -0,0 +1,86 @@ +# (c) 2018 Red Hat Inc. +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +import json + +from ansible.module_utils.six.moves.urllib.error import HTTPError +from units.compat import mock +from units.compat import unittest + +from ansible.errors import AnsibleConnectionFailure +from ansible.module_utils.connection import ConnectionError +from ansible.module_utils.six import BytesIO, StringIO +from ansible_collections.check_point.mgmt.plugins.httpapi.checkpoint import HttpApi + +EXPECTED_BASE_HEADERS = { + 'Content-Type': 'application/json' +} + + +class FakeCheckpointHttpApiPlugin(HttpApi): + def __init__(self, conn): + super(FakeCheckpointHttpApiPlugin, self).__init__(conn) + self.hostvars = { + 'domain': None + } + + def get_option(self, option): + return self.hostvars[option] + + def set_option(self, option, value): + self.hostvars[option] = value + + +class TestCheckpointHttpApi(unittest.TestCase): + + def setUp(self): + self.connection_mock = mock.Mock() + self.checkpoint_plugin = FakeCheckpointHttpApiPlugin(self.connection_mock) + self.checkpoint_plugin._load_name = 'httpapi' + + def test_login_raises_exception_when_username_and_password_are_not_provided(self): + with self.assertRaises(AnsibleConnectionFailure) as res: + self.checkpoint_plugin.login(None, None) + assert 'Username and password are required' in str(res.exception) + + def test_login_raises_exception_when_invalid_response(self): + self.connection_mock.send.return_value = self._connection_response( + {'NOSIDKEY': 'NOSIDVALUE'} + ) + + with self.assertRaises(ConnectionError) as res: + self.checkpoint_plugin.login('foo', 'bar') + + assert 'Server returned response without token info during connection authentication' in str(res.exception) + + def test_send_request_should_return_error_info_when_http_error_raises(self): + self.connection_mock.send.side_effect = HTTPError('http://testhost.com', 500, '', {}, + StringIO('{"errorMessage": "ERROR"}')) + + resp = self.checkpoint_plugin.send_request('/test', None) + + assert resp == (500, {'errorMessage': 'ERROR'}) + + def test_login_to_global_domain(self): + temp_domain = self.checkpoint_plugin.hostvars['domain'] + self.checkpoint_plugin.hostvars['domain'] = 'test_domain' + self.connection_mock.send.return_value = self._connection_response( + {'sid': 'SID', 'uid': 'UID'} + ) + + self.checkpoint_plugin.login('USERNAME', 'PASSWORD') + + self.connection_mock.send.assert_called_once_with('/web_api/login', mock.ANY, headers=mock.ANY, + method=mock.ANY) + self.checkpoint_plugin.hostvars['domain'] = temp_domain + + @staticmethod + def _connection_response(response, status=200): + response_mock = mock.Mock() + response_mock.getcode.return_value = status + response_text = json.dumps(response) if type(response) is dict else response + response_data = BytesIO(response_text.encode() if response_text else ''.encode()) + return response_mock, response_data |