diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-18 05:52:22 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-18 05:52:22 +0000 |
commit | 38b7c80217c4e72b1d8988eb1e60bb6e77334114 (patch) | |
tree | 356e9fd3762877d07cde52d21e77070aeff7e789 /ansible_collections/check_point/mgmt/plugins | |
parent | Adding upstream version 7.7.0+dfsg. (diff) | |
download | ansible-38b7c80217c4e72b1d8988eb1e60bb6e77334114.tar.xz ansible-38b7c80217c4e72b1d8988eb1e60bb6e77334114.zip |
Adding upstream version 9.4.0+dfsg.upstream/9.4.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/check_point/mgmt/plugins')
274 files changed, 24577 insertions, 4810 deletions
diff --git a/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_access_layers.py b/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_access_layers.py new file mode 100644 index 000000000..f48a8b353 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_access_layers.py @@ -0,0 +1,268 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +""" +The module file for cp_mgmt_add_access_layers +""" + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from ansible.plugins.action import ActionBase +from ansible.module_utils.connection import Connection + +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( + utils, +) +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + CheckPointRequest, + map_params_to_obj, + map_obj_to_params, + sync_show_params_with_add_params, + remove_unwanted_key, + contains_show_identifier_param, +) +from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, +) +from ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_access_layers import ( + DOCUMENTATION, +) + + +class ActionModule(ActionBase): + """action module""" + + def __init__(self, *args, **kwargs): + super(ActionModule, self).__init__(*args, **kwargs) + self._result = None + self.api_call_object = "access-layer" + self.api_call_object_plural_version = "access-layers" + self.module_return = "mgmt_access_layers" + self.key_transform = { + "add_default_rule": "add-default-rule", + "applications_and_url_filtering": "applications-and-url-filtering", + "content_awareness": "content-awareness", + "detect_using_x_forward_for": "detect-using-x-forward-for", + "implicit_cleanup_action": "implicit-cleanup-action", + "mobile_access": "mobile-access", + "details_level": "details-level", + "ignore_warnings": "ignore-warnings", + "ignore_errors": "ignore-errors", + } + + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=DOCUMENTATION, + schema_format="doc", + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + self._result["failed"] = True + self._result["msg"] = errors + + def search_for_existing_rules( + self, conn_request, api_call_object, search_payload=None, state=None + ): + result = conn_request.post(api_call_object, state, data=search_payload) + return result + + def search_for_resource_name(self, conn_request, payload): + search_result = [] + round_trip = False + search_payload = utils.remove_empties(payload) + if search_payload.get("round_trip"): + round_trip = True + if search_payload.get("round_trip") is not None: + del search_payload["round_trip"] + + search_payload = map_params_to_obj(search_payload, self.key_transform) + if not contains_show_identifier_param(search_payload): + search_result = self.search_for_existing_rules( + conn_request, + self.api_call_object_plural_version, + search_payload, + "gathered", + ) + if search_result.get("code") == 200: + search_result = search_result["response"][ + self.api_call_object_plural_version + ] + return search_result + else: + search_result = self.search_for_existing_rules( + conn_request, self.api_call_object, search_payload, "gathered" + ) + if round_trip: + search_result = sync_show_params_with_add_params( + search_result["response"], self.key_transform + ) + elif search_result.get("code") and search_result["code"] == 200: + search_result = search_result["response"] + search_result = map_obj_to_params( + search_result, + self.key_transform, + self.module_return, + ) + if search_result.get("code") and search_result["code"] != 200: + if ( + search_result.get("response") + and "object_not_found" in search_result["response"]["code"] + and "not found" in search_result["response"]["message"] + ): + search_result = {} + elif "object_not_found" in search_result.get( + "code" + ) and "not found" in search_result.get("message"): + search_result = {} + return search_result + + def delete_module_api_config(self, conn_request, module_config_params): + config = {} + before = {} + after = {} + result = {} + changed = False + round_trip = False + ckp_session_uid = None + payload = utils.remove_empties(module_config_params) + if payload.get("round_trip"): + round_trip = True + del payload["round_trip"] + remove_from_response = ["uid", "read-only", "domain"] + if round_trip: + search_payload = {"name": payload["name"], "round_trip": True} + else: + search_payload = {"name": payload["name"]} + search_result = self.search_for_resource_name( + conn_request, search_payload + ) + if search_result: + if round_trip: + search_result = remove_unwanted_key( + search_result, remove_from_response + ) + before = search_result + result = conn_request.post( + self.api_call_object, self._task.args["state"], data=payload + ) + if before: + config.update({"before": before, "after": after}) + else: + config.update({"before": before}) + if result.get("changed"): + changed = True + ckp_session_uid = result["checkpoint_session_uid"] + return config, changed, ckp_session_uid + + def configure_module_api(self, conn_request, module_config_params): + config = {} + before = {} + after = {} + result = {} + changed = False + round_trip = False + ckp_session_uid = None + # Add to the THIS list for the value which needs to be excluded + # from HAVE params when compared to WANT param like 'ID' can be + # part of HAVE param but may not be part of your WANT param + remove_from_response = ["uid", "read-only", "domain"] + remove_from_set = ["add-default-rule"] + payload = utils.remove_empties(module_config_params) + if payload.get("round_trip"): + round_trip = True + del payload["round_trip"] + if payload.get("name"): + if round_trip: + search_payload = {"name": payload["name"], "round_trip": True} + else: + search_payload = {"name": payload["name"]} + search_result = self.search_for_resource_name( + conn_request, search_payload + ) + if search_result: + if round_trip: + search_result = remove_unwanted_key( + search_result, remove_from_response + ) + before = search_result + payload = map_params_to_obj(payload, self.key_transform) + delete_params = { + "name": payload["name"], + } + result = conn_request.post( + self.api_call_object, + self._task.args["state"], + data=payload, + remove_keys=remove_from_set, + delete_params=delete_params, + ) + if result.get("changed"): + if round_trip: + search_result = sync_show_params_with_add_params( + result["response"], self.key_transform + ) + else: + search_result = map_obj_to_params( + result["response"], + self.key_transform, + self.module_return, + ) + if round_trip: + search_result = remove_unwanted_key( + search_result, remove_from_response + ) + after = search_result + ckp_session_uid = result["checkpoint_session_uid"] + changed = True + config.update({"before": before, "after": after}) + + return config, changed, ckp_session_uid + + def run(self, tmp=None, task_vars=None): + self._supports_check_mode = True + self._result = super(ActionModule, self).run(tmp, task_vars) + self._check_argspec() + self._result["checkpoint_session_uid"] = None + if self._result.get("failed"): + return self._result + conn = Connection(self._connection.socket_path) + conn_request = CheckPointRequest(connection=conn, task_vars=task_vars) + if self._task.args["state"] == "gathered": + if self._task.args.get("config"): + self._result["gathered"] = self.search_for_resource_name( + conn_request, self._task.args["config"] + ) + else: + self._result["gathered"] = self.search_for_resource_name( + conn_request, dict() + ) + elif ( + self._task.args["state"] == "merged" + or self._task.args["state"] == "replaced" + ): + if self._task.args.get("config"): + ( + self._result[self.module_return], + self._result["changed"], + self._result["checkpoint_session_uid"], + ) = self.configure_module_api( + conn_request, self._task.args["config"] + ) + elif self._task.args["state"] == "deleted": + if self._task.args.get("config"): + ( + self._result[self.module_return], + self._result["changed"], + self._result["checkpoint_session_uid"], + ) = self.delete_module_api_config( + conn_request, self._task.args["config"] + ) + if self._result.get("checkpoint_session_uid") is None: + del self._result["checkpoint_session_uid"] + + return self._result diff --git a/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_access_rules.py b/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_access_rules.py index 3a06797d9..bee4770f5 100644 --- a/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_access_rules.py +++ b/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_access_rules.py @@ -1,60 +1,91 @@ -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type from ansible.errors import AnsibleActionFail from ansible.plugins.action import ActionBase -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import \ - prepare_rule_params_for_execute_module, check_if_to_publish_for_action +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + prepare_rule_params_for_execute_module, + check_if_to_publish_for_action, +) class ActionModule(ActionBase): - def run(self, tmp=None, task_vars=None): module = super(ActionModule, self).run(tmp, task_vars) - result = self._execute_module(module_name='check_point.mgmt.cp_mgmt_access_rules', module_args=self._task.args, - task_vars=task_vars, tmp=tmp) + result = self._execute_module( + module_name="check_point.mgmt.cp_mgmt_access_rules", + module_args=self._task.args, + task_vars=task_vars, + tmp=tmp, + ) - if 'msg' in result.keys(): - raise AnsibleActionFail(result['msg']) + if "msg" in result.keys(): + raise AnsibleActionFail(result["msg"]) module_args = self._task.args - fields = {'position', 'layer', 'auto_publish_session'} - rules_list = module_args['rules'] + fields = {"position", "layer", "auto_publish_session"} + rules_list = module_args["rules"] for rule in rules_list: for field in fields: if field in rule.keys(): - raise AnsibleActionFail('Unsupported parameter ' + field + ' for rule') + raise AnsibleActionFail( + "Unsupported parameter " + field + " for rule" + ) # check_fields_for_rule_action_module(module_args) - rules_list = self._task.args['rules'] + rules_list = self._task.args["rules"] position = 1 below_rule_name = None for rule in rules_list: - rule, position, below_rule_name = prepare_rule_params_for_execute_module(rule=rule, module_args=module_args, - position=position, - below_rule_name=below_rule_name) - - result['rule: ' + rule['name']] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_access_rule', - module_args=rule, - task_vars=task_vars, tmp=tmp, wrap_async=False) - if 'changed' in result['rule: ' + rule['name']].keys() and \ - result['rule: ' + rule['name']]['changed'] is True: - result['changed'] = True - if 'failed' in result['rule: ' + rule['name']].keys() and result['rule: ' + rule['name']]['failed'] is True: - temp = result['rule: ' + rule['name']].copy() + ( + rule, + position, + below_rule_name, + ) = prepare_rule_params_for_execute_module( + rule=rule, + module_args=module_args, + position=position, + below_rule_name=below_rule_name, + ) + + result["rule: " + rule["name"]] = self._execute_module( + module_name="check_point.mgmt.cp_mgmt_access_rule", + module_args=rule, + task_vars=task_vars, + tmp=tmp, + wrap_async=False, + ) + if ( + "changed" in result["rule: " + rule["name"]].keys() + and result["rule: " + rule["name"]]["changed"] is True + ): + result["changed"] = True + if ( + "failed" in result["rule: " + rule["name"]].keys() + and result["rule: " + rule["name"]]["failed"] is True + ): + temp = result["rule: " + rule["name"]].copy() result = {} - result['rule: ' + rule['name']] = temp - result['failed'] = True - result['discard:'] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_discard', - module_args={}, task_vars=task_vars, tmp=tmp) + result["rule: " + rule["name"]] = temp + result["failed"] = True + result["discard:"] = self._execute_module( + module_name="check_point.mgmt.cp_mgmt_discard", + module_args={}, + task_vars=task_vars, + tmp=tmp, + ) break if check_if_to_publish_for_action(result, module_args): - result['publish:'] = self._execute_module(module_name='check_point.mgmt.cp_mgmt_publish', module_args={}, - task_vars=task_vars, tmp=tmp) + result["publish:"] = self._execute_module( + module_name="check_point.mgmt.cp_mgmt_publish", + module_args={}, + task_vars=task_vars, + tmp=tmp, + ) return result diff --git a/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_hosts.py b/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_hosts.py new file mode 100644 index 000000000..9dc289d31 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_hosts.py @@ -0,0 +1,281 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +""" +The module file for cp_mgmt_hosts +""" + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from ansible.plugins.action import ActionBase +from ansible.module_utils.connection import Connection + +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( + utils, +) +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + CheckPointRequest, + map_params_to_obj, + map_obj_to_params, + sync_show_params_with_add_params, + remove_unwanted_key, + contains_show_identifier_param, +) +from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, +) +from ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_hosts import ( + DOCUMENTATION, +) + + +class ActionModule(ActionBase): + """action module""" + + def __init__(self, *args, **kwargs): + super(ActionModule, self).__init__(*args, **kwargs) + self._result = None + self.api_call_object = "host" + self.api_call_object_plural_version = "hosts" + self.module_return = "mgmt_hosts" + self.key_transform = { + "ip_address": "ip-address", + "ipv4_address": "ipv4-address", + "ipv6_address": "ipv6-address", + "interfaces": "interfaces", + "nat_settings": "nat-settings", + "hide_behind": "hide-behind", + "install_on": "install-on", + "host_servers": "host-servers", + "dns_server": "dns-server", + "mail_server": "mail-server", + "web_server": "web-server", + "web_server_config": "web-server-config", + "additional_ports": "additional-ports", + "application_engines": "application-engines", + "listen_standard_port": "listen-standard-port", + "operating_system": "operating-system", + "protected_by": "protected-by", + "details_level": "details-level", + "ignore_warnings": "ignore-warnings", + "ignore_errors": "ignore-errors", + "mask_length": "mask-length", + "mask_length4": "mask-length4", + "mask_length6": "mask-length4", + "subnet_mask": "subnet-mask", + } + + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=DOCUMENTATION, + schema_format="doc", + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + self._result["failed"] = True + self._result["msg"] = errors + + def search_for_existing_rules( + self, conn_request, api_call_object, search_payload=None, state=None + ): + result = conn_request.post(api_call_object, state, data=search_payload) + return result + + def search_for_resource_name(self, conn_request, payload): + search_result = [] + round_trip = False + + search_payload = utils.remove_empties(payload) + if search_payload.get("round_trip"): + round_trip = True + if search_payload.get("round_trip") is not None: + del search_payload["round_trip"] + search_payload = map_params_to_obj(search_payload, self.key_transform) + if not contains_show_identifier_param(search_payload): + search_result = self.search_for_existing_rules( + conn_request, + self.api_call_object_plural_version, + search_payload, + "gathered", + ) + if search_result.get("code") == 200: + search_result = search_result["response"]["objects"] + return search_result + else: + search_result = self.search_for_existing_rules( + conn_request, self.api_call_object, search_payload, "gathered" + ) + if round_trip: + search_result = sync_show_params_with_add_params( + search_result["response"], self.key_transform + ) + elif search_result.get("code") and search_result["code"] == 200: + search_result = search_result["response"] + search_result = map_obj_to_params( + search_result, + self.key_transform, + self.module_return, + ) + if search_result.get("code") and search_result["code"] != 200: + if ( + search_result.get("response") + and "object_not_found" in search_result["response"]["code"] + and "not found" in search_result["response"]["message"] + ): + search_result = {} + elif "object_not_found" in search_result.get( + "code" + ) and "not found" in search_result.get("message"): + search_result = {} + return search_result + + def delete_module_api_config(self, conn_request, module_config_params): + config = {} + before = {} + after = {} + result = {} + changed = False + round_trip = False + ckp_session_uid = None + payload = utils.remove_empties(module_config_params) + if payload.get("round_trip"): + round_trip = True + del payload["round_trip"] + remove_from_response = ["uid", "read-only", "domain"] + if round_trip: + search_payload = {"name": payload["name"], "round_trip": True} + else: + search_payload = {"name": payload["name"]} + search_result = self.search_for_resource_name( + conn_request, search_payload + ) + if search_result: + if round_trip: + search_result = remove_unwanted_key( + search_result, remove_from_response + ) + before = search_result + result = conn_request.post( + self.api_call_object, self._task.args["state"], data=payload + ) + if before: + config.update({"before": before, "after": after}) + else: + config.update({"before": before}) + if result.get("changed"): + changed = True + ckp_session_uid = result["checkpoint_session_uid"] + return config, changed, ckp_session_uid + + def configure_module_api(self, conn_request, module_config_params): + config = {} + before = {} + after = {} + result = {} + changed = False + round_trip = False + ckp_session_uid = None + # Add to the THIS list for the value which needs to be excluded + # from HAVE params when compared to WANT param like 'ID' can be + # part of HAVE param but may not be part of your WANT param + remove_from_response = ["uid", "read-only", "domain"] + remove_from_set = [] + payload = utils.remove_empties(module_config_params) + if payload.get("round_trip"): + round_trip = True + del payload["round_trip"] + if payload.get("name"): + if round_trip: + search_payload = {"name": payload["name"], "round_trip": True} + else: + search_payload = {"name": payload["name"]} + search_result = self.search_for_resource_name( + conn_request, search_payload + ) + if search_result: + if round_trip: + search_result = remove_unwanted_key( + search_result, remove_from_response + ) + before = search_result + payload = map_params_to_obj(payload, self.key_transform) + delete_params = { + "name": payload["name"], + } + result = conn_request.post( + self.api_call_object, + self._task.args["state"], + data=payload, + remove_keys=remove_from_set, + delete_params=delete_params, + ) + if result.get("changed"): + if round_trip: + search_result = sync_show_params_with_add_params( + result["response"], self.key_transform + ) + else: + search_result = map_obj_to_params( + result["response"], + self.key_transform, + self.module_return, + ) + if round_trip: + search_result = remove_unwanted_key( + search_result, remove_from_response + ) + after = search_result + ckp_session_uid = result["checkpoint_session_uid"] + changed = True + config.update({"before": before, "after": after}) + + return config, changed, ckp_session_uid + + def run(self, tmp=None, task_vars=None): + self._supports_check_mode = True + self._result = super(ActionModule, self).run(tmp, task_vars) + self._check_argspec() + self._result["checkpoint_session_uid"] = None + if self._result.get("failed"): + return self._result + conn = Connection(self._connection.socket_path) + conn_request = CheckPointRequest(connection=conn, task_vars=task_vars) + if self._task.args["state"] == "gathered": + if self._task.args.get("config"): + self._result["gathered"] = self.search_for_resource_name( + conn_request, self._task.args["config"] + ) + else: + self._result["gathered"] = self.search_for_resource_name( + conn_request, dict() + ) + elif ( + self._task.args["state"] == "merged" + or self._task.args["state"] == "replaced" + ): + if self._task.args.get("config"): + ( + self._result[self.module_return], + self._result["changed"], + self._result["checkpoint_session_uid"], + ) = self.configure_module_api( + conn_request, self._task.args["config"] + ) + elif self._task.args["state"] == "deleted": + if self._task.args.get("config"): + ( + self._result[self.module_return], + self._result["changed"], + self._result["checkpoint_session_uid"], + ) = self.delete_module_api_config( + conn_request, self._task.args["config"] + ) + if self._result.get("checkpoint_session_uid") is None: + del self._result["checkpoint_session_uid"] + + return self._result diff --git a/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_threat_layers.py b/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_threat_layers.py new file mode 100644 index 000000000..4e91ecfac --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/action/cp_mgmt_threat_layers.py @@ -0,0 +1,264 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +""" +The module file for cp_mgmt_threat_layers +""" + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from ansible.plugins.action import ActionBase +from ansible.module_utils.connection import Connection + +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( + utils, +) +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + CheckPointRequest, + map_params_to_obj, + map_obj_to_params, + sync_show_params_with_add_params, + remove_unwanted_key, + contains_show_identifier_param, +) +from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, +) +from ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_threat_layers import ( + DOCUMENTATION, +) + + +class ActionModule(ActionBase): + """action module""" + + def __init__(self, *args, **kwargs): + super(ActionModule, self).__init__(*args, **kwargs) + self._result = None + self.api_call_object = "threat-layer" + self.api_call_object_plural_version = "threat-layers" + self.module_return = "mgmt_threat_layers" + self.key_transform = { + "add_default_rule": "add-default-rule", + "details_level": "details-level", + "ignore_warnings": "ignore-warnings", + "ignore_errors": "ignore-errors", + } + + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=DOCUMENTATION, + schema_format="doc", + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + self._result["failed"] = True + self._result["msg"] = errors + + def search_for_existing_rules( + self, conn_request, api_call_object, search_payload=None, state=None + ): + result = conn_request.post(api_call_object, state, data=search_payload) + return result + + def search_for_resource_name(self, conn_request, payload): + search_result = [] + round_trip = False + + search_payload = utils.remove_empties(payload) + if search_payload.get("round_trip"): + round_trip = True + if search_payload.get("round_trip") is not None: + del search_payload["round_trip"] + search_payload = map_params_to_obj(search_payload, self.key_transform) + if not contains_show_identifier_param(search_payload): + search_result = self.search_for_existing_rules( + conn_request, + self.api_call_object_plural_version, + search_payload, + "gathered", + ) + if search_result.get("code") == 200: + search_result = search_result["response"][ + self.api_call_object_plural_version + ] + return search_result + else: + search_result = self.search_for_existing_rules( + conn_request, self.api_call_object, search_payload, "gathered" + ) + if round_trip: + search_result = sync_show_params_with_add_params( + search_result["response"], self.key_transform + ) + elif search_result.get("code") and search_result["code"] == 200: + search_result = search_result["response"] + search_result = map_obj_to_params( + search_result, + self.key_transform, + self.module_return, + ) + if search_result.get("code") and search_result["code"] != 200: + if ( + search_result.get("response") + and "object_not_found" in search_result["response"]["code"] + and "not found" in search_result["response"]["message"] + ): + search_result = {} + elif "object_not_found" in search_result.get( + "code" + ) and "not found" in search_result.get("message"): + search_result = {} + return search_result + + def delete_module_api_config(self, conn_request, module_config_params): + config = {} + before = {} + after = {} + result = {} + changed = False + round_trip = False + ckp_session_uid = None + payload = utils.remove_empties(module_config_params) + if payload.get("round_trip"): + round_trip = True + del payload["round_trip"] + remove_from_response = ["uid", "read-only", "domain"] + if round_trip: + search_payload = {"name": payload["name"], "round_trip": True} + else: + search_payload = {"name": payload["name"]} + search_result = self.search_for_resource_name( + conn_request, search_payload + ) + if search_result: + if round_trip: + search_result = remove_unwanted_key( + search_result, remove_from_response + ) + before = search_result + result = conn_request.post( + self.api_call_object, self._task.args["state"], data=payload + ) + if before: + config.update({"before": before, "after": after}) + else: + config.update({"before": before}) + if result.get("changed"): + changed = True + ckp_session_uid = result["checkpoint_session_uid"] + + return config, changed, ckp_session_uid + + def configure_module_api(self, conn_request, module_config_params): + config = {} + before = {} + after = {} + result = {} + changed = False + round_trip = False + ckp_session_uid = None + # Add to the THIS list for the value which needs to be excluded + # from HAVE params when compared to WANT param like 'ID' can be + # part of HAVE param but may not be part of your WANT param + remove_from_response = ["uid", "read-only", "domain"] + remove_from_set = ["add-default-rule"] + payload = utils.remove_empties(module_config_params) + if payload.get("round_trip"): + round_trip = True + del payload["round_trip"] + if payload.get("name"): + if round_trip: + search_payload = {"name": payload["name"], "round_trip": True} + else: + search_payload = {"name": payload["name"]} + search_result = self.search_for_resource_name( + conn_request, search_payload + ) + if search_result: + if round_trip: + search_result = remove_unwanted_key( + search_result, remove_from_response + ) + before = search_result + payload = map_params_to_obj(payload, self.key_transform) + delete_params = { + "name": payload["name"], + } + result = conn_request.post( + self.api_call_object, + self._task.args["state"], + data=payload, + remove_keys=remove_from_set, + delete_params=delete_params, + ) + if result.get("changed"): + if round_trip: + search_result = sync_show_params_with_add_params( + result["response"], self.key_transform + ) + else: + search_result = map_obj_to_params( + result["response"], + self.key_transform, + self.module_return, + ) + if round_trip: + search_result = remove_unwanted_key( + search_result, remove_from_response + ) + after = search_result + ckp_session_uid = result["checkpoint_session_uid"] + changed = True + config.update({"before": before, "after": after}) + + return config, changed, ckp_session_uid + + def run(self, tmp=None, task_vars=None): + self._supports_check_mode = True + self._result = super(ActionModule, self).run(tmp, task_vars) + self._check_argspec() + self._result["checkpoint_session_uid"] = None + if self._result.get("failed"): + return self._result + conn = Connection(self._connection.socket_path) + conn_request = CheckPointRequest(connection=conn, task_vars=task_vars) + if self._task.args["state"] == "gathered": + if self._task.args.get("config"): + self._result["gathered"] = self.search_for_resource_name( + conn_request, self._task.args["config"] + ) + else: + self._result["gathered"] = self.search_for_resource_name( + conn_request, dict() + ) + elif ( + self._task.args["state"] == "merged" + or self._task.args["state"] == "replaced" + ): + if self._task.args.get("config"): + ( + self._result[self.module_return], + self._result["changed"], + self._result["checkpoint_session_uid"], + ) = self.configure_module_api( + conn_request, self._task.args["config"] + ) + elif self._task.args["state"] == "deleted": + if self._task.args.get("config"): + ( + self._result[self.module_return], + self._result["changed"], + self._result["checkpoint_session_uid"], + ) = self.delete_module_api_config( + conn_request, self._task.args["config"] + ) + if self._result.get("checkpoint_session_uid") is None: + del self._result["checkpoint_session_uid"] + + return self._result diff --git a/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_commands.py b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_commands.py index 19e13ffac..a11749626 100644 --- a/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_commands.py +++ b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_commands.py @@ -3,14 +3,15 @@ # Copyright: (c) 2019, Or Soffer <orso@checkpoint.com> # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function + __metaclass__ = type class ModuleDocFragment(object): # Standard files documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: wait_for_task: description: @@ -26,4 +27,9 @@ options: description: - Version of checkpoint. If not given one, the latest version taken. type: str -''' + auto_publish_session: + description: + - Publish the current session if changes have been performed after task completes. + type: bool + default: False +""" diff --git a/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_facts.py b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_facts.py index 08a6b8954..7b520a7ae 100644 --- a/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_facts.py @@ -3,19 +3,18 @@ # Copyright: (c) 2019, Or Soffer <orso@checkpoint.com> # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function -from __future__ import (absolute_import, division, print_function) __metaclass__ = type class ModuleDocFragment(object): # Standard files documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: version: description: - Version of checkpoint. If not given one, the latest version taken. type: str -''' +""" diff --git a/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects.py b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects.py index 6df1f2f82..351656b4c 100644 --- a/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects.py +++ b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects.py @@ -3,28 +3,27 @@ # Copyright: (c) 2019, Or Soffer <orso@checkpoint.com> # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function + __metaclass__ = type class ModuleDocFragment(object): # Standard files documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: state: description: - - State of the access rule (present or absent). Defaults to present. + - State of the access rule (present or absent). type: str default: present - choices: - - 'present' - - 'absent' + choices: ['present', 'absent'] auto_publish_session: description: - - Publish the current session if changes have been performed - after task completes. + - Publish the current session if changes have been performed after task completes. type: bool + default: False wait_for_task: description: - Wait for the task to end. Such as publish task. @@ -39,4 +38,4 @@ options: description: - Version of checkpoint. If not given one, the latest version taken. type: str -''' +""" diff --git a/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects_action_module.py b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects_action_module.py index 992428bbe..62d8d5f60 100644 --- a/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects_action_module.py +++ b/ansible_collections/check_point/mgmt/plugins/doc_fragments/checkpoint_objects_action_module.py @@ -3,20 +3,22 @@ # Copyright: (c) 2019, Or Soffer <orso@checkpoint.com> # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function + __metaclass__ = type class ModuleDocFragment(object): # Standard files documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: auto_publish_session: description: - Publish the current session if changes have been performed after task completes. type: bool + default: False wait_for_task_timeout: description: - How many minutes to wait until throwing a timeout error. @@ -26,4 +28,4 @@ options: description: - Version of checkpoint. If not given one, the latest version taken. type: str -''' +""" diff --git a/ansible_collections/check_point/mgmt/plugins/httpapi/checkpoint.py b/ansible_collections/check_point/mgmt/plugins/httpapi/checkpoint.py index ade89cb00..606af77b1 100644 --- a/ansible_collections/check_point/mgmt/plugins/httpapi/checkpoint.py +++ b/ansible_collections/check_point/mgmt/plugins/httpapi/checkpoint.py @@ -1,7 +1,7 @@ # (c) 2018 Red Hat Inc. # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -44,39 +44,44 @@ from ansible.plugins.httpapi import HttpApiBase from ansible.module_utils.connection import ConnectionError BASE_HEADERS = { - 'Content-Type': 'application/json', - 'User-Agent': 'Ansible', + "Content-Type": "application/json", + "User-Agent": "Ansible", } class HttpApi(HttpApiBase): def login(self, username, password): payload = {} - cp_domain = self.get_option('domain') - cp_api_key = self.get_option('api_key') + cp_domain = self.get_option("domain") + cp_api_key = self.get_option("api_key") if cp_domain: - payload['domain'] = cp_domain + payload["domain"] = cp_domain if username and password and not cp_api_key: - payload['user'] = username - payload['password'] = password + payload["user"] = username + payload["password"] = password elif cp_api_key and not username and not password: - payload['api-key'] = cp_api_key + payload["api-key"] = cp_api_key else: - raise AnsibleConnectionFailure('[Username and password] or api_key are required for login') - url = '/web_api/login' + raise AnsibleConnectionFailure( + "[Username and password] or api_key are required for login" + ) + url = "/web_api/login" response, response_data = self.send_request(url, payload) - + if response != 200: + raise ConnectionError("Login to server failed: %s" % response_data) try: - self.connection._auth = {'X-chkp-sid': response_data['sid']} + self.connection._auth = {"X-chkp-sid": response_data["sid"]} except KeyError: raise ConnectionError( - 'Server returned response without token info during connection authentication: %s' % response) + "Server returned response without token info during connection authentication: %s" + % response + ) # Case of read-only - if 'uid' in response_data.keys(): - self.connection._session_uid = response_data['uid'] + if "uid" in response_data.keys(): + self.connection._session_uid = response_data["uid"] def logout(self): - url = '/web_api/logout' + url = "/web_api/logout" response, dummy = self.send_request(url, None) @@ -84,13 +89,15 @@ class HttpApi(HttpApiBase): return self.connection._session_uid def send_request(self, path, body_params): - data = json.dumps(body_params) if body_params else '{}' - cp_cloud_mgmt_id = self.get_option('cloud_mgmt_id') + data = json.dumps(body_params) if body_params else "{}" + cp_cloud_mgmt_id = self.get_option("cloud_mgmt_id") if cp_cloud_mgmt_id: - path = '/' + cp_cloud_mgmt_id + path + path = "/" + cp_cloud_mgmt_id + path try: self._display_request() - response, response_data = self.connection.send(path, data, method='POST', headers=BASE_HEADERS) + response, response_data = self.connection.send( + path, data, method="POST", headers=BASE_HEADERS + ) value = self._get_response_value(response_data) return response.getcode(), self._response_to_json(value) @@ -101,7 +108,9 @@ class HttpApi(HttpApiBase): return e.code, error def _display_request(self): - self.connection.queue_message('vvvv', 'Web Services: %s %s' % ('POST', self.connection._url)) + self.connection.queue_message( + "vvvv", "Web Services: %s %s" % ("POST", self.connection._url) + ) def _get_response_value(self, response_data): return to_text(response_data.getvalue()) @@ -111,4 +120,4 @@ class HttpApi(HttpApiBase): return json.loads(response_text) if response_text else {} # JSONDecodeError only available on Python 3.5+ except ValueError: - raise ConnectionError('Invalid JSON response: %s' % response_text) + raise ConnectionError("Invalid JSON response: %s" % response_text) diff --git a/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py b/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py index 476e56f16..12d5ea360 100644 --- a/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py +++ b/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py @@ -4,7 +4,7 @@ # still belong to the author of the module, and may assign their own license # to the complete work. # -# (c) 2018 Red Hat Inc. +# (c) 2022 Red Hat Inc. # # Redistribution and use in source and binary forms, with or without modification, # are permitted provided that the following conditions are met: @@ -26,71 +26,246 @@ # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type import time - +from ansible.module_utils.six import iteritems +from ansible.module_utils.urls import CertificateError +from ansible.module_utils.connection import ConnectionError from ansible.module_utils.connection import Connection +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( + utils, +) + + +BASE_HEADERS = { + "Content-Type": "application/json", + "User-Agent": "Ansible", +} checkpoint_argument_spec_for_action_module = dict( - auto_publish_session=dict(type='bool'), - wait_for_task_timeout=dict(type='int', default=30), - version=dict(type='str') + auto_publish_session=dict(type="bool", default=False), + wait_for_task_timeout=dict(type="int", default=30), + version=dict(type="str"), ) checkpoint_argument_spec_for_objects = dict( - auto_publish_session=dict(type='bool'), - wait_for_task=dict(type='bool', default=True), - wait_for_task_timeout=dict(type='int', default=30), - state=dict(type='str', choices=['present', 'absent'], default='present'), - version=dict(type='str') + auto_publish_session=dict(type="bool", default=False), + wait_for_task=dict(type="bool", default=True), + wait_for_task_timeout=dict(type="int", default=30), + state=dict(type="str", choices=["present", "absent"], default="present"), + version=dict(type="str"), ) -checkpoint_argument_spec_for_facts = dict( - version=dict(type='str') -) +checkpoint_argument_spec_for_facts = dict(version=dict(type="str")) checkpoint_argument_spec_for_commands = dict( - wait_for_task=dict(type='bool', default=True), - wait_for_task_timeout=dict(type='int', default=30), - version=dict(type='str') + wait_for_task=dict(type="bool", default=True), + wait_for_task_timeout=dict(type="int", default=30), + version=dict(type="str"), + auto_publish_session=dict(type="bool", default=False), ) -delete_params = ['name', 'uid', 'layer', 'exception-group-name', 'rule-name', 'package'] +delete_params = [ + "name", + "uid", + "layer", + "exception-group-name", + "rule-name", + "package", + "ignore-errors", + "ignore-warnings", + "gateway-uid" +] + +remove_from_set_payload = { + "lsm-cluster": [ + "security-profile", + "name-prefix", + "name-suffix", + "main-ip-address", + ], + "md-permissions-profile": ["permission-level"], +} + +remove_from_add_payload = {"lsm-cluster": ["name"]} + + +def _fail_json(msg): + """Replace the AnsibleModule fail_json here + :param msg: The message for the failure + :type msg: str + """ + raise Exception(msg) + + +def map_params_to_obj(module_params, key_transform): + """The fn to convert the api returned params to module params + :param module_params: Module params + :param key_transform: Dict with module equivalent API params + :rtype: A dict + :returns: dict with module prams transformed having API expected params + """ + obj = {} + for k, v in iteritems(key_transform): + if k in module_params and ( + module_params.get(k) + or module_params.get(k) == 0 + or module_params.get(k) is False + ): + val = module_params.pop(k) + if isinstance(val, list): + temp = [] + for each in val: + if isinstance(each, dict): + temp.append(map_params_to_obj(each, key_transform)) + if temp: + val = temp + if isinstance(val, dict): + temp_child = {} + for each_k, each_v in iteritems(val): + if "_" in each_k: + temp_param = "-".join(each_k.split("_")) + if isinstance(each_v, dict): + temp_dict = map_params_to_obj( + each_v, key_transform + ) + each_v = temp_dict + temp_child.update({temp_param: each_v}) + else: + temp_child.update({each_k: each_v}) + obj[v] = temp_child + else: + obj[v] = val + if module_params: + obj.update(module_params) + return obj + + +def map_obj_to_params(module_return_params, key_transform, return_param): + """The fn to convert the api returned params to module params + :param module_return_params: API returned response params + :param key_transform: Module params + :rtype: A dict + :returns: dict with api returned value to module param value + """ + temp = {} + if module_return_params.get(return_param): + temp[return_param] = [] + for each in module_return_params[return_param]: + api_temp = {} + for k, v in iteritems(key_transform): + if v in each and ( + each.get(v) or each.get(v) == 0 or each.get(v) is False + ): + api_temp[k] = each.pop(v) + if each: + api_temp.update(each) + temp[return_param].append(api_temp) + else: + for k, v in iteritems(key_transform): + if v in module_return_params and ( + module_return_params.get(v) + or module_return_params.get(v) == 0 + or module_return_params.get(v) is False + ): + if isinstance(module_return_params[v], dict): + temp_child = {} + for each_k, each_v in iteritems(module_return_params[v]): + if "-" in each_k: + temp_param = "_".join(each_k.split("-")) + if temp_param in key_transform: + temp_child.update({temp_param: each_v}) + else: + temp_child.update({each_k: each_v}) + temp[k] = temp_child + module_return_params.pop(v) + else: + temp[k] = module_return_params.pop(v) + if module_return_params: + temp.update(module_return_params) + return temp + -remove_from_set_payload = {'lsm-cluster': ['security-profile', 'name-prefix', 'name-suffix', 'main-ip-address'], - 'md-permissions-profile': ['permission-level']} +def verify_want_have_diff(want, have, remove_key_from_diff): + for each in remove_key_from_diff: + if each in want: + del want[each] + diff = utils.dict_diff(have, want) + return diff -remove_from_add_payload = {'lsm-cluster': ['name']} + +def remove_unwanted_key(payload, remove_keys): + for each in remove_keys: + if each in payload: + del payload[each] + return payload + + +def sync_show_params_with_add_params(search_result, key_transform): + temp = {} + remove_keys = ["type", "meta-info"] + for k, v in iteritems(search_result): + if k in remove_keys: + continue + if isinstance(v, dict): + if v.get("name"): + temp.update({k: v["name"]}) + else: + temp_child = {} + for each_k, each_v in iteritems(v): + if isinstance(each_v, dict): + if each_v.get("name"): + temp_child.update({each_k: each_v["name"]}) + else: + temp_child.update({each_k: each_v}) + temp.update({k: temp_child}) + elif isinstance(v, list): + temp[k] = [] + for each in v: + if each.get("name"): + temp[k].append(each["name"]) + else: + temp.update(each) + else: + temp.update({k: v}) + temp = map_obj_to_params(temp, key_transform, "") + return temp # parse failure message with code and response def parse_fail_message(code, response): - return 'Checkpoint device returned error {0} with message {1}'.format(code, response) + return "Checkpoint device returned error {0} with message {1}".format( + code, response + ) # send the request to checkpoint def send_request(connection, version, url, payload=None): - code, response = connection.send_request('/web_api/' + version + url, payload) + code, response = connection.send_request( + "/web_api/" + version + url, payload + ) return code, response # get the payload from the user parameters def is_checkpoint_param(parameter): - if parameter == 'auto_publish_session' or \ - parameter == 'state' or \ - parameter == 'wait_for_task' or \ - parameter == 'wait_for_task_timeout' or \ - parameter == 'version': + if ( + parameter == "auto_publish_session" + or parameter == "state" + or parameter == "wait_for_task" + or parameter == "wait_for_task_timeout" + or parameter == "version" + ): return False return True def contains_show_identifier_param(payload): - identifier_params = ["name", "uid", "assigned-domain"] + identifier_params = ["name", "uid", "assigned-domain", "task-id", "signature", "url"] for param in identifier_params: if payload.get(param) is not None: return True @@ -104,17 +279,36 @@ def get_payload_from_parameters(params): parameter_value = params[parameter] if parameter_value is not None and is_checkpoint_param(parameter): if isinstance(parameter_value, dict): - payload[parameter.replace("_", "-")] = get_payload_from_parameters(parameter_value) - elif isinstance(parameter_value, list) and len(parameter_value) != 0 and isinstance(parameter_value[0], dict): + payload[ + parameter.replace("_", "-") + ] = get_payload_from_parameters(parameter_value) + elif ( + isinstance(parameter_value, list) + and len(parameter_value) != 0 + and isinstance(parameter_value[0], dict) + ): payload_list = [] for element_dict in parameter_value: - payload_list.append(get_payload_from_parameters(element_dict)) + payload_list.append( + get_payload_from_parameters(element_dict) + ) payload[parameter.replace("_", "-")] = payload_list else: # special handle for this param in order to avoid two params called "version" - if parameter == "gateway_version" or parameter == "cluster_version": + if ( + parameter == "gateway_version" + or parameter == "cluster_version" + or parameter == "server_version" + or parameter == "check_point_host_version" + or parameter == "target_version" + or parameter == "vsx_version" + ): parameter = "version" + # message & syslog_facility are internally used by Ansible, so need to avoid param duplicity + elif parameter == "login_message": + parameter = "message" + payload[parameter.replace("_", "-")] = parameter_value return payload @@ -122,11 +316,14 @@ def get_payload_from_parameters(params): # wait for task def wait_for_task(module, version, connection, task_id): - task_id_payload = {'task-id': task_id, 'details-level': 'full'} + task_id_payload = {"task-id": task_id, "details-level": "full"} task_complete = False minutes_until_timeout = 30 - if module.params['wait_for_task_timeout'] is not None and module.params['wait_for_task_timeout'] >= 0: - minutes_until_timeout = module.params['wait_for_task_timeout'] + if ( + module.params["wait_for_task_timeout"] is not None + and module.params["wait_for_task_timeout"] >= 0 + ): + minutes_until_timeout = module.params["wait_for_task_timeout"] max_num_iterations = minutes_until_timeout * 30 current_iteration = 0 @@ -134,40 +331,65 @@ def wait_for_task(module, version, connection, task_id): while not task_complete and current_iteration < max_num_iterations: current_iteration += 1 # Check the status of the task - code, response = send_request(connection, version, 'show-task', task_id_payload) + code, response = send_request( + connection, version, "show-task", task_id_payload + ) attempts_counter = 0 while code != 200: if attempts_counter < 5: attempts_counter += 1 time.sleep(2) - code, response = send_request(connection, version, 'show-task', task_id_payload) + code, response = send_request( + connection, version, "show-task", task_id_payload + ) else: - response['message'] = "ERROR: Failed to handle asynchronous tasks as synchronous, tasks result is" \ - " undefined. " + response['message'] + response["message"] = ( + "ERROR: Failed to handle asynchronous tasks as synchronous, tasks result is" + " undefined. " + response["message"] + ) module.fail_json(msg=parse_fail_message(code, response)) # Count the number of tasks that are not in-progress completed_tasks = 0 - for task in response['tasks']: - if task['status'] == 'failed': - status_description, comments = get_status_description_and_comments(task) + for task in response["tasks"]: + if task["status"] == "failed": + ( + status_description, + comments, + ) = get_status_description_and_comments(task) if comments and status_description: module.fail_json( - msg='Task {0} with task id {1} failed. Message: {2} with description: {3} - ' - 'Look at the logs for more details ' - .format(task['task-name'], task['task-id'], comments, status_description)) + msg="Task {0} with task id {1} failed. Message: {2} with description: {3} - " + "Look at the logs for more details ".format( + task["task-name"], + task["task-id"], + comments, + status_description, + ) + ) elif comments: - module.fail_json(msg='Task {0} with task id {1} failed. Message: {2} - Look at the logs for more details ' - .format(task['task-name'], task['task-id'], comments)) + module.fail_json( + msg="Task {0} with task id {1} failed. Message: {2} - Look at the logs for more details ".format( + task["task-name"], task["task-id"], comments + ) + ) elif status_description: - module.fail_json(msg='Task {0} with task id {1} failed. Message: {2} - Look at the logs for more ' - 'details ' - .format(task['task-name'], task['task-id'], status_description)) + module.fail_json( + msg="Task {0} with task id {1} failed. Message: {2} - Look at the logs for more " + "details ".format( + task["task-name"], + task["task-id"], + status_description, + ) + ) else: - module.fail_json(msg='Task {0} with task id {1} failed. Look at the logs for more details' - .format(task['task-name'], task['task-id'])) - if task['status'] == 'in progress': + module.fail_json( + msg="Task {0} with task id {1} failed. Look at the logs for more details".format( + task["task-name"], task["task-id"] + ) + ) + if task["status"] == "in progress": break completed_tasks += 1 @@ -177,7 +399,11 @@ def wait_for_task(module, version, connection, task_id): else: time.sleep(2) # Wait for two seconds if not task_complete: - module.fail_json(msg="ERROR: Timeout. Task-id: {0}.".format(task_id_payload['task-id'])) + module.fail_json( + msg="ERROR: Timeout. Task-id: {0}.".format( + task_id_payload["task-id"] + ) + ) else: return response @@ -186,56 +412,98 @@ def wait_for_task(module, version, connection, task_id): def get_status_description_and_comments(task): status_description = None comments = None - if 'comments' in task and task['comments']: - comments = task['comments'] - if 'task-details' in task and task['task-details']: - task_details = task['task-details'][0] - if 'statusDescription' in task_details: - status_description = task_details['statusDescription'] + if "comments" in task and task["comments"]: + comments = task["comments"] + if "task-details" in task and task["task-details"]: + task_details = task["task-details"][0] + if "statusDescription" in task_details: + status_description = task_details["statusDescription"] return status_description, comments # if failed occurred, in some cases we want to discard changes before exiting. We also notify the user about the `discard` def discard_and_fail(module, code, response, connection, version): - discard_code, discard_response = send_request(connection, version, 'discard') + discard_code, discard_response = send_request( + connection, version, "discard" + ) if discard_code != 200: try: - module.fail_json(msg=parse_fail_message(code, response) + ' Failed to discard session {0}' - ' with error {1} with message {2}'.format(connection.get_session_uid(), - discard_code, discard_response)) + module.fail_json( + msg=parse_fail_message(code, response) + + " Failed to discard session {0}" + " with error {1} with message {2}".format( + connection.get_session_uid(), + discard_code, + discard_response, + ) + ) except Exception: # Read-only mode without UID - module.fail_json(msg=parse_fail_message(code, response) + ' Failed to discard session' - ' with error {0} with message {1}'.format(discard_code, discard_response)) + module.fail_json( + msg=parse_fail_message(code, response) + + " Failed to discard session" + " with error {0} with message {1}".format( + discard_code, discard_response + ) + ) - module.fail_json(msg=parse_fail_message(code, response) + ' Unpublished changes were discarded') + module.fail_json( + msg=parse_fail_message(code, response) + + " Unpublished changes were discarded" + ) # handle publish command, and wait for it to end if the user asked so def handle_publish(module, connection, version): - if 'auto_publish_session' in module.params and module.params['auto_publish_session']: - publish_code, publish_response = send_request(connection, version, 'publish') + if ( + "auto_publish_session" in module.params + and module.params["auto_publish_session"] + ): + publish_code, publish_response = send_request( + connection, version, "publish" + ) if publish_code != 200: - discard_and_fail(module, publish_code, publish_response, connection, version) - if module.params['wait_for_task']: - wait_for_task(module, version, connection, publish_response['task-id']) + discard_and_fail( + module, publish_code, publish_response, connection, version + ) + if module.params["wait_for_task"]: + wait_for_task( + module, version, connection, publish_response["task-id"] + ) # if user insert a specific version, we add it to the url def get_version(module): - return ('v' + module.params['version'] + '/') if module.params.get('version') else '' + return ( + ("v" + module.params["version"] + "/") + if module.params.get("version") + else "" + ) # if code is 400 (bad request) or 500 (internal error) - fail def handle_equals_failure(module, equals_code, equals_response): if equals_code == 400 or equals_code == 500: module.fail_json(msg=parse_fail_message(equals_code, equals_response)) - if equals_code == 404 and equals_response['code'] == 'generic_err_command_not_found': - module.fail_json(msg='Relevant hotfix is not installed on Check Point server. See sk114661 on Check Point Support Center.') + if ( + equals_code == 404 + and equals_response["code"] == "generic_err_command_not_found" + ): + module.fail_json( + msg="Relevant hotfix is not installed on Check Point server. See sk114661 on Check Point Support Center." + ) # handle call -def handle_call(connection, version, call, payload, module, to_publish, to_discard_on_failure): +def handle_call( + connection, + version, + call, + payload, + module, + to_publish, + to_discard_on_failure, +): code, response = send_request(connection, version, call, payload) if code != 200: if to_discard_on_failure: @@ -243,15 +511,19 @@ def handle_call(connection, version, call, payload, module, to_publish, to_disca else: module.fail_json(msg=parse_fail_message(code, response)) else: - if 'wait_for_task' in module.params and module.params['wait_for_task']: - if 'task-id' in response: - response = wait_for_task(module, version, connection, response['task-id']) - elif 'tasks' in response: - for task in response['tasks']: - if 'task-id' in task: - task_id = task['task-id'] - response[task_id] = wait_for_task(module, version, connection, task['task-id']) - del response['tasks'] + if "wait_for_task" in module.params and module.params["wait_for_task"]: + if "task-id" in response: + response = wait_for_task( + module, version, connection, response["task-id"] + ) + elif "tasks" in response: + for task in response["tasks"]: + if "task-id" in task: + task_id = task["task-id"] + response[task_id] = wait_for_task( + module, version, connection, task["task-id"] + ) + del response["tasks"] if to_publish: handle_publish(module, connection, version) return response @@ -264,18 +536,25 @@ def api_command(module, command): version = get_version(module) code, response = send_request(connection, version, command, payload) - result = {'changed': True} + result = {"changed": True} + + if command.startswith("show"): + result['changed'] = False if code == 200: - if module.params['wait_for_task']: - if 'task-id' in response: - response = wait_for_task(module, version, connection, response['task-id']) - elif 'tasks' in response: - for task in response['tasks']: - if 'task-id' in task: - task_id = task['task-id'] - response[task_id] = wait_for_task(module, version, connection, task['task-id']) - del response['tasks'] + if module.params["wait_for_task"]: + if "task-id" in response: + response = wait_for_task( + module, version, connection, response["task-id"] + ) + elif "tasks" in response: + for task in response["tasks"]: + if "task-id" in task: + task_id = task["task-id"] + response[task_id] = wait_for_task( + module, version, connection, task["task-id"] + ) + del response["tasks"] result[command] = response @@ -296,24 +575,55 @@ def api_call_facts(module, api_call_object, api_call_object_plural_version): if not contains_show_identifier_param(payload): api_call_object = api_call_object_plural_version - response = handle_call(connection, version, 'show-' + api_call_object, payload, module, False, False) - result = {api_call_object: response} + response = handle_call( + connection, + version, + "show-" + api_call_object, + payload, + module, + False, + False, + ) + result = {api_call_object.replace("-", "_"): response} return result # handle delete -def handle_delete(equals_code, payload, delete_params, connection, version, api_call_object, module, result): +def handle_delete( + equals_code, + payload, + delete_params, + connection, + version, + api_call_object, + module, + result, +): # else equals_code is 404 and no need to delete because he doesn't exist if equals_code == 200: - payload_for_delete = extract_payload_with_some_params(payload, delete_params) - response = handle_call(connection, version, 'delete-' + api_call_object, payload_for_delete, module, True, True) - result['changed'] = True - - -# handle the call and set the result with 'changed' and teh response -def handle_call_and_set_result(connection, version, call, payload, module, result): - response = handle_call(connection, version, call, payload, module, True, True) - result['changed'] = True + payload_for_delete = extract_payload_with_some_params( + payload, delete_params + ) + response = handle_call( + connection, + version, + "delete-" + api_call_object, + payload_for_delete, + module, + True, + True, + ) + result["changed"] = True + + +# handle the call and set the result with 'changed' and the response +def handle_call_and_set_result( + connection, version, call, payload, module, result +): + response = handle_call( + connection, version, call, payload, module, True, True + ) + result["changed"] = True result[call] = response @@ -323,77 +633,128 @@ def api_call(module, api_call_object): connection = Connection(module._socket_path) version = get_version(module) - result = {'changed': False} + result = {"changed": False} if module.check_mode: return result - payload_for_equals = {'type': api_call_object, 'params': payload} - equals_code, equals_response = send_request(connection, version, 'equals', payload_for_equals) - result['checkpoint_session_uid'] = connection.get_session_uid() + payload_for_equals = {"type": api_call_object, "params": payload} + equals_code, equals_response = send_request( + connection, version, "equals", payload_for_equals + ) + result["checkpoint_session_uid"] = connection.get_session_uid() handle_equals_failure(module, equals_code, equals_response) - if module.params['state'] == 'present': + if module.params["state"] == "present": if equals_code == 200: # else objects are equals and there is no need for set request - if not equals_response['equals']: - build_payload(api_call_object, payload, remove_from_set_payload) - handle_call_and_set_result(connection, version, 'set-' + api_call_object, payload, module, result) + if not equals_response["equals"]: + build_payload( + api_call_object, payload, remove_from_set_payload + ) + handle_call_and_set_result( + connection, + version, + "set-" + api_call_object, + payload, + module, + result, + ) elif equals_code == 404: build_payload(api_call_object, payload, remove_from_add_payload) - handle_call_and_set_result(connection, version, 'add-' + api_call_object, payload, module, result) - elif module.params['state'] == 'absent': - handle_delete(equals_code, payload, delete_params, connection, version, api_call_object, module, result) + handle_call_and_set_result( + connection, + version, + "add-" + api_call_object, + payload, + module, + result, + ) + elif module.params["state"] == "absent": + handle_delete( + equals_code, + payload, + delete_params, + connection, + version, + api_call_object, + module, + result, + ) return result -# returns a generator of the entire rulebase -def get_rulebase_generator(connection, version, layer, show_rulebase_command, rules_amount): +# returns a generator of the entire rulebase. show_rulebase_identifier_payload can be either package or layer +def get_rulebase_generator( + connection, version, show_rulebase_identifier_payload, show_rulebase_command, rules_amount +): offset = 0 limit = 100 while True: payload_for_show_rulebase = { - 'name': layer, - 'limit': limit, - 'offset': offset, + "limit": limit, + "offset": offset, } + payload_for_show_rulebase.update(show_rulebase_identifier_payload) # in case there are empty sections after the last rule, we need them to appear in the reply and the limit might # cut them out if offset + limit >= rules_amount: - del payload_for_show_rulebase['limit'] - code, response = send_request(connection, version, show_rulebase_command, payload_for_show_rulebase) - offset = response['to'] - total = response['total'] - rulebase = response['rulebase'] + del payload_for_show_rulebase["limit"] + code, response = send_request( + connection, + version, + show_rulebase_command, + payload_for_show_rulebase, + ) + offset = response["to"] + total = response["total"] + rulebase = response["rulebase"] yield rulebase if total <= offset: return # get 'to' or 'from' of given section -def get_edge_position_in_section(connection, version, layer, section_name, edge): - code, response = send_request(connection, version, "show-layer-structure", {'name': layer, 'details-level': 'uid'}) - if response['code'] == 'generic_err_command_not_found': - raise ValueError("The use of the relative_position field with a section as its value is available only for" - " version 1.7.1 with JHF take 42 and above") - sections_in_layer = response['root-section']['children'] +def get_edge_position_in_section( + connection, version, identifier, section_name, edge +): + code, response = send_request( + connection, + version, + "show-layer-structure", + {"name": identifier, "details-level": "uid"}, + ) + if 'code' in response and response["code"] == "generic_err_command_not_found": + raise ValueError( + "The use of the relative_position field with a section as its value is available only for" + " version 1.7.1 with JHF take 42 and above" + ) + sections_in_layer = response["root-section"]["children"] for section in sections_in_layer: - if section['name'] == section_name: - return int(section[edge + '-rule']) + if section["name"] == section_name: + return int(section[edge + "-rule"]) return None # return the total amount of rules in the rulebase of the given layer -def get_rules_amount(connection, version, layer, show_rulebase_command): - payload_for_show_obj_rulebase = {'name': layer, 'limit': 0} - code, response = send_request(connection, version, show_rulebase_command, payload_for_show_obj_rulebase) - return int(response['total']) - - -def keep_searching_rulebase(position, current_section, relative_position, relative_position_is_section): +def get_rules_amount(connection, version, show_rulebase_payload, show_rulebase_command): + payload = {"limit": 0} + payload.update(show_rulebase_payload) + code, response = send_request( + connection, + version, + show_rulebase_command, + payload, + ) + return int(response["total"]) + + +def keep_searching_rulebase( + position, current_section, relative_position, relative_position_is_section +): position_not_found = position is None - if relative_position_is_section and 'above' not in relative_position: + if relative_position_is_section and "above" not in relative_position: # if 'above' in relative_position then get_number_and_section_from_relative_position returns the previous section # so there isn't a need to further search for the relative section relative_section = list(relative_position.values())[0] @@ -403,153 +764,380 @@ def keep_searching_rulebase(position, current_section, relative_position, relati return position_not_found -def relative_position_is_section(connection, version, layer, relative_position): - if 'top' in relative_position or 'bottom' in relative_position: +def relative_position_is_section( + connection, version, api_call_object, layer_or_package_payload, relative_position +): + if "top" in relative_position or "bottom" in relative_position: return True + show_section_command = "show-access-section" if 'access' in api_call_object else "show-nat-section" relative_position_value = list(relative_position.values())[0] - code, response = send_request(connection, version, "show-access-section", {'layer': layer, 'name': relative_position_value}) + payload = {"name": relative_position_value} + payload.update(layer_or_package_payload) + code, response = send_request( + connection, + version, + show_section_command, + payload, + ) if code == 200: return True return False -def get_number_and_section_from_relative_position(payload, connection, version, rulebase, above_relative_position, pos_before_relative_empty_section): - section_name = None +def get_number_and_section_from_relative_position( + payload, + connection, + version, + rulebase, + above_relative_position, + pos_before_relative_empty_section, + api_call_object, + prev_section=None, + current_section=None, +): + section_name = current_section position = None for rules in rulebase: - if 'rulebase' in rules: + if "rulebase" in rules: # cases relevant for relative-position=section - if 'above' in payload['position'] and rules['name'] == payload['position']['above']: - if len(rules['rulebase']) == 0: - position = pos_before_relative_empty_section if above_relative_position else pos_before_relative_empty_section + 1 + if ( + "above" in payload["position"] + and rules["name"] == payload["position"]["above"] + ): + if len(rules["rulebase"]) == 0: + position = ( + pos_before_relative_empty_section + if above_relative_position + else pos_before_relative_empty_section + 1 + ) else: # if the entire section isn't present in rulebase, the 'from' value of the section might not be # the first position in the section, which is why we use get_edge_position_in_section - from_value = get_edge_position_in_section(connection, version, payload['layer'], rules['name'], "from") + from_value = get_edge_position_in_section( + connection, + version, + list(get_relevant_layer_or_package_identifier(api_call_object, payload).values())[0], + rules["name"], + "from", + ) if from_value is not None: # section exists in rulebase - position = max(from_value - 1, 1) if above_relative_position else from_value - return position, section_name, above_relative_position, pos_before_relative_empty_section + position = ( + max(from_value - 1, 1) + if above_relative_position + else from_value + ) + return ( + position, + section_name, + above_relative_position, + pos_before_relative_empty_section, + prev_section, + ) # we update this only after the 'above' case since the section that should be returned in that case isn't # the one we are currently iterating over (but the one beforehand) - section_name = rules['name'] - - if 'bottom' in payload['position'] and rules['name'] == payload['position']['bottom']: - if len(rules['rulebase']) == 0: - position = pos_before_relative_empty_section if above_relative_position else pos_before_relative_empty_section + 1 + prev_section = section_name + section_name = rules["name"] + + if ( + "bottom" in payload["position"] + and rules["name"] == payload["position"]["bottom"] + ): + if len(rules["rulebase"]) == 0: + position = ( + pos_before_relative_empty_section + if above_relative_position + else pos_before_relative_empty_section + 1 + ) else: # if the entire section isn't present in rulebase, the 'to' value of the section might not be the # last position in the section, which is why we use get_edge_position_in_section - to_value = get_edge_position_in_section(connection, version, payload['layer'], section_name, "to") - if to_value is not None and to_value == int(rules['to']): # meaning the entire section is present in rulebase + to_value = get_edge_position_in_section( + connection, + version, + list(get_relevant_layer_or_package_identifier(api_call_object, payload).values())[0], + section_name, + "to", + ) + if to_value is not None and to_value == int( + rules["to"] + ): # meaning the entire section is present in rulebase # is the rule already at the bottom of the section. Can infer this only if the entire section is # present in rulebase - is_bottom = rules['rulebase'][-1]['name'] == payload['name'] - position = to_value if (above_relative_position or is_bottom) else to_value + 1 + is_bottom = ( + rules["rulebase"][-1]["name"] == payload["name"] + ) + position = ( + to_value + if (above_relative_position or is_bottom) + else to_value + 1 + ) # else: need to keep searching the rulebase, so position=None is returned - return position, section_name, above_relative_position, pos_before_relative_empty_section + return ( + position, + section_name, + above_relative_position, + pos_before_relative_empty_section, + prev_section, + ) # setting a rule 'below' a section is equivalent to setting the rule at the top of that section - if ('below' in payload['position'] and section_name == payload['position']['below']) or \ - ('top' in payload['position'] and section_name == payload['position']['top']): - if len(rules['rulebase']) == 0: - position = pos_before_relative_empty_section if above_relative_position else pos_before_relative_empty_section + 1 + if ( + "below" in payload["position"] + and section_name == payload["position"]["below"] + ) or ( + "top" in payload["position"] + and section_name == payload["position"]["top"] + ): + if len(rules["rulebase"]) == 0: + position = ( + pos_before_relative_empty_section + if above_relative_position + else pos_before_relative_empty_section + 1 + ) else: # is the rule already at the top of the section - is_top = rules['rulebase'][0]['name'] == payload['name'] - position = max(int(rules['from']) - 1, 1) if (above_relative_position or not is_top) else int(rules['from']) - return position, section_name, above_relative_position, pos_before_relative_empty_section - - if len(rules['rulebase']) != 0: + is_top = rules["rulebase"][0]["name"] == payload["name"] + position = ( + max(int(rules["from"]) - 1, 1) + if (above_relative_position or not is_top) + else int(rules["from"]) + ) + return ( + position, + section_name, + above_relative_position, + pos_before_relative_empty_section, + prev_section, + ) + + if len(rules["rulebase"]) != 0: # if search_entire_rulebase=True: even if rules['rulebase'] is cut (due to query limit) this will # eventually be updated to the correct value in further calls - pos_before_relative_empty_section = int(rules['to']) + pos_before_relative_empty_section = int(rules["to"]) - rules = rules['rulebase'] + rules = rules["rulebase"] for rule in rules: - if payload['name'] == rule['name']: + if payload["name"] == rule["name"]: above_relative_position = True # cases relevant for relative-position=rule - if 'below' in payload['position'] and rule['name'] == payload['position']['below']: - position = int(rule['rule-number']) if above_relative_position else int(rule['rule-number']) + 1 - return position, section_name, above_relative_position, pos_before_relative_empty_section - elif 'above' in payload['position'] and rule['name'] == payload['position']['above']: - position = max(int(rule['rule-number']) - 1, 1) if above_relative_position else int(rule['rule-number']) - return position, section_name, above_relative_position, pos_before_relative_empty_section + if ( + "below" in payload["position"] + and rule["name"] == payload["position"]["below"] + ): + position = ( + int(rule["rule-number"]) + if above_relative_position + else int(rule["rule-number"]) + 1 + ) + return ( + position, + section_name, + above_relative_position, + pos_before_relative_empty_section, + prev_section, + ) + elif ( + "above" in payload["position"] + and rule["name"] == payload["position"]["above"] + ): + position = ( + max(int(rule["rule-number"]) - 1, 1) + if above_relative_position + else int(rule["rule-number"]) + ) + return ( + position, + section_name, + above_relative_position, + pos_before_relative_empty_section, + prev_section, + ) else: # cases relevant for relative-position=rule - if payload['name'] == rules['name']: + if payload["name"] == rules["name"]: above_relative_position = True - if 'below' in payload['position'] and rules['name'] == payload['position']['below']: - position = int(rules['rule-number']) if above_relative_position else int(rules['rule-number']) + 1 - return position, section_name, above_relative_position, pos_before_relative_empty_section - elif 'above' in payload['position'] and rules['name'] == payload['position']['above']: - position = max(int(rules['rule-number']) - 1, 1) if above_relative_position else int(rules['rule-number']) - return position, section_name, above_relative_position, pos_before_relative_empty_section - - return position, section_name, above_relative_position, pos_before_relative_empty_section # None, None, False/True, x>=1 + if ( + "below" in payload["position"] + and rules["name"] == payload["position"]["below"] + ): + position = ( + int(rules["rule-number"]) + if above_relative_position + else int(rules["rule-number"]) + 1 + ) + return ( + position, + section_name, + above_relative_position, + pos_before_relative_empty_section, + prev_section, + ) + elif ( + "above" in payload["position"] + and rules["name"] == payload["position"]["above"] + ): + position = ( + max(int(rules["rule-number"]) - 1, 1) + if above_relative_position + else int(rules["rule-number"]) + ) + return ( + position, + section_name, + above_relative_position, + pos_before_relative_empty_section, + prev_section, + ) + + return ( + position, + section_name, + above_relative_position, + pos_before_relative_empty_section, + prev_section, + ) # None, None, False/True, x>=1, None # get the position in integer format and the section it is. -def get_number_and_section_from_position(payload, connection, version, api_call_object): +def get_number_and_section_from_position( + payload, connection, version, api_call_object +): show_rulebase_command = get_relevant_show_rulebase_command(api_call_object) - if 'position' in payload: + if "position" in payload: section_name = None - if type(payload['position']) is not dict: - position = payload['position'] - if position == 'top': + if type(payload["position"]) is not dict: + position = payload["position"] + if position == "top": position = 1 return position, section_name - elif position == 'bottom': - position = get_rules_amount(connection, version, payload['layer'], show_rulebase_command) - code, response = send_request(connection, version, show_rulebase_command, {'name': payload['layer'], 'offset': position - 1}) - rulebase = reversed(response['rulebase']) + elif position == "bottom": + show_rulebase_payload = get_relevant_show_rulebase_identifier_payload(api_call_object, payload) + position = get_rules_amount( + connection, + version, + show_rulebase_payload, + show_rulebase_command, + ) + show_rulebase_payload.update({"offset": position - 1}) + code, response = send_request( + connection, + version, + show_rulebase_command, + show_rulebase_payload, + ) + rulebase = reversed(response["rulebase"]) else: # is a number so we need to get the section (if exists) of the rule in that position position = int(position) - payload_for_show_obj_rulebase = build_rulebase_payload(api_call_object, payload, position) - code, response = send_request(connection, version, show_rulebase_command, payload_for_show_obj_rulebase) - rulebase = response['rulebase'] - if position > response['total']: - raise ValueError("The given position " + str(position) + " of rule " + payload['name'] + - "exceeds the total amount of rules in the rulebase") + payload_for_show_obj_rulebase = build_rulebase_payload( + api_call_object, payload, position + ) + code, response = send_request( + connection, + version, + show_rulebase_command, + payload_for_show_obj_rulebase, + ) + rulebase = response["rulebase"] + if position > response["total"]: + raise ValueError( + "The given position " + + str(position) + + " of rule " + + payload["name"] + + "exceeds the total amount of rules in the rulebase" + ) # in case position=1 and there are empty sections at the beginning of the rulebase we want to skip them i = 0 for rules in rulebase: - if 'rulebase' in rules and len(rules['rulebase']) == 0: + if "rulebase" in rules and len(rules["rulebase"]) == 0: i += 1 rulebase = rulebase[i:] for rules in rulebase: - if 'rulebase' in rules: - section_name = rules['name'] + if "rulebase" in rules: + section_name = rules["name"] return position, section_name else: return position, section_name # section = None else: - search_entire_rulebase = payload['search-entire-rulebase'] + search_entire_rulebase = payload["search-entire-rulebase"] position = None # is the rule we're getting its position number above the rule it is relatively positioned to above_relative_position = False # no from-to in empty sections so can't infer the position from them -> need to keep track of the position # before the empty relative section pos_before_relative_empty_section = 1 + show_rulebase_payload = get_relevant_show_rulebase_identifier_payload(api_call_object, payload) if not search_entire_rulebase: - code, response = send_request(connection, version, show_rulebase_command, {'name': payload['layer']}) - rulebase = response['rulebase'] - position, section_name, above_relative_position, pos_before_relative_empty_section = \ - get_number_and_section_from_relative_position(payload, connection, version, rulebase, - above_relative_position, pos_before_relative_empty_section) + code, response = send_request( + connection, + version, + show_rulebase_command, + show_rulebase_payload, + ) + rulebase = response["rulebase"] + ( + position, + section_name, + above_relative_position, + pos_before_relative_empty_section, + ) = get_number_and_section_from_relative_position( + payload, + connection, + version, + rulebase, + above_relative_position, + pos_before_relative_empty_section, + api_call_object, + ) else: - rules_amount = get_rules_amount(connection, version, payload['layer'], show_rulebase_command) - relative_pos_is_section = relative_position_is_section(connection, version, payload['layer'], payload['position']) - rulebase_generator = get_rulebase_generator(connection, version, payload['layer'], show_rulebase_command, rules_amount) + layer_or_package_payload = get_relevant_layer_or_package_identifier(api_call_object, payload) + rules_amount = get_rules_amount( + connection, + version, + show_rulebase_payload, + show_rulebase_command, + ) + relative_pos_is_section = relative_position_is_section( + connection, version, api_call_object, layer_or_package_payload, payload["position"] + ) + rulebase_generator = get_rulebase_generator( + connection, + version, + show_rulebase_payload, + show_rulebase_command, + rules_amount, + ) + # need to keep track of the previous section in case the iteration starts with a new section and + # we want to set the rule above a section - so the section the rule should be at is the previous one + prev_section = None for rulebase in rulebase_generator: - position, section_name, above_relative_position, pos_before_relative_empty_section = \ - get_number_and_section_from_relative_position(payload, connection, version, rulebase, - above_relative_position, pos_before_relative_empty_section) - if not keep_searching_rulebase(position, section_name, payload['position'], relative_pos_is_section): + ( + position, + section_name, + above_relative_position, + pos_before_relative_empty_section, + prev_section, + ) = get_number_and_section_from_relative_position( + payload, + connection, + version, + rulebase, + above_relative_position, + pos_before_relative_empty_section, + api_call_object, + prev_section, + section_name, + ) + if not keep_searching_rulebase( + position, + section_name, + payload["position"], + relative_pos_is_section, + ): break return position, section_name @@ -558,19 +1146,16 @@ def get_number_and_section_from_position(payload, connection, version, api_call_ # build the show rulebase payload def build_rulebase_payload(api_call_object, payload, position_number): - rulebase_payload = {'name': payload['layer'], 'offset': position_number - 1, 'limit': 1} - - if api_call_object == 'threat-exception': - rulebase_payload['rule-name'] = payload['rule-name'] - - return rulebase_payload + show_rulebase_required_identifiers_payload = get_relevant_show_rulebase_identifier_payload(api_call_object, payload) + show_rulebase_required_identifiers_payload.update({'offset': position_number - 1, 'limit': 1}) + return show_rulebase_required_identifiers_payload def build_rulebase_command(api_call_object): - rulebase_command = 'show-' + api_call_object.split('-')[0] + '-rulebase' + rulebase_command = "show-" + api_call_object.split("-")[0] + "-rulebase" - if api_call_object == 'threat-exception': - rulebase_command = 'show-threat-rule-exception-rulebase' + if api_call_object == "threat-exception": + rulebase_command = "show-threat-rule-exception-rulebase" return rulebase_command @@ -580,44 +1165,77 @@ def build_payload(api_call_object, payload, params_to_remove): if api_call_object in params_to_remove: for param in params_to_remove[api_call_object]: del payload[param] + return payload # extract first rule from given rulebase response and the section it is in. def extract_rule_and_section_from_rulebase_response(response): section_name = None - rule = response['rulebase'][0] + rule = response["rulebase"][0] i = 0 # skip empty sections (possible when offset=0) - while 'rulebase' in rule and len(rule['rulebase']) == 0: + while "rulebase" in rule and len(rule["rulebase"]) == 0: i += 1 - rule = response['rulebase'][i] + rule = response["rulebase"][i] - while 'rulebase' in rule: - section_name = rule['name'] - rule = rule['rulebase'][0] + while "rulebase" in rule: + section_name = rule["name"] + rule = rule["rulebase"][0] return rule, section_name def get_relevant_show_rulebase_command(api_call_object): - if api_call_object == 'access-rule': - return 'show-access-rulebase' + if api_call_object == "access-rule": + return "show-access-rulebase" elif api_call_object == "threat-rule": - return 'show-threat-rulebase' + return "show-threat-rulebase" elif api_call_object == "threat-exception": - return 'show-threat-rule-exception-rulebase' -# uncomment code below when https & nat modules are added as crud modules - # elif api_call_object == 'nat-rule': - # return 'show-nat-rulebase' + return "show-threat-rule-exception-rulebase" + elif api_call_object == 'nat-rule': + return 'show-nat-rulebase' + # uncomment code below when https module is added as a crud module # elif api_call_object == 'https-rule': # return 'show-https-rulebase' +# returns the show rulebase payload with the relevant required identifiers params +def get_relevant_show_rulebase_identifier_payload(api_call_object, payload): + if api_call_object == 'nat-rule': + show_rulebase_payload = {'package': payload['package']} + + else: + show_rulebase_payload = {'name': payload['layer']} + + if api_call_object == 'threat-exception': + show_rulebase_payload['rule-name'] = payload['rule-name'] + + return show_rulebase_payload + + +# returns the show section/rule payload with the relevant required identifying package/layer +def get_relevant_layer_or_package_identifier(api_call_object, payload): + if 'nat' in api_call_object: + identifier = {'package': payload['package']} + + else: + identifier = {'layer': payload['layer']} + + return identifier + + # is the param position (if the user inserted it) equals between the object and the user input, as well as the section the rule is in -def is_equals_with_position_param(payload, connection, version, api_call_object): +def is_equals_with_position_param( + payload, connection, version, api_call_object +): - position_number, section_according_to_position = get_number_and_section_from_position(payload, connection, version, api_call_object) + ( + position_number, + section_according_to_position, + ) = get_number_and_section_from_position( + payload, connection, version, api_call_object + ) # In this case the one of the following has occurred: # 1) There is no position param, then it's equals in vacuous truth @@ -626,16 +1244,23 @@ def is_equals_with_position_param(payload, connection, version, api_call_object) if position_number is None: return True - rulebase_payload = build_rulebase_payload(api_call_object, payload, position_number) + rulebase_payload = build_rulebase_payload( + api_call_object, payload, position_number + ) rulebase_command = build_rulebase_command(api_call_object) - code, response = send_request(connection, version, rulebase_command, rulebase_payload) + code, response = send_request( + connection, version, rulebase_command, rulebase_payload + ) rule, section = extract_rule_and_section_from_rulebase_response(response) # if the names of the exist rule and the user input rule are equals, as well as the section they're in, then it # means that their positions are equals so I return True. and there is no way that there is another rule with this # name cause otherwise the 'equals' command would fail - if rule['name'] == payload['name'] and section_according_to_position == section: + if ( + rule["name"] == payload["name"] + and section_according_to_position == section + ): return True else: return False @@ -660,18 +1285,28 @@ def extract_payload_with_some_params(payload, params_to_insert): # is equals with all the params including action and position -def is_equals_with_all_params(payload, connection, version, api_call_object, is_access_rule): - if is_access_rule and 'action' in payload: - payload_for_show = extract_payload_with_some_params(payload, ['name', 'uid', 'layer']) - code, response = send_request(connection, version, 'show-' + api_call_object, payload_for_show) - exist_action = response['action']['name'] - if exist_action.lower() != payload['action'].lower(): - if payload['action'].lower() != 'Apply Layer'.lower() or\ - exist_action.lower() != 'Inner Layer'.lower(): +def is_equals_with_all_params( + payload, connection, version, api_call_object, is_access_rule +): + if is_access_rule and "action" in payload: + payload_for_show = extract_payload_with_some_params( + payload, ["name", "uid", "layer"] + ) + code, response = send_request( + connection, version, "show-" + api_call_object, payload_for_show + ) + exist_action = response["action"]["name"] + if exist_action.lower() != payload["action"].lower(): + if ( + payload["action"].lower() != "Apply Layer".lower() + or exist_action.lower() != "Inner Layer".lower() + ): return False # here the action is equals, so check the position param - if not is_equals_with_position_param(payload, connection, version, api_call_object): + if not is_equals_with_position_param( + payload, connection, version, api_call_object + ): return False return True @@ -679,44 +1314,82 @@ def is_equals_with_all_params(payload, connection, version, api_call_object, is_ # handle api call for rule def api_call_for_rule(module, api_call_object): - is_access_rule = True if 'access' in api_call_object else False + is_access_rule = True if "access" in api_call_object else False payload = get_payload_from_parameters(module.params) connection = Connection(module._socket_path) version = get_version(module) - result = {'changed': False} + result = {"changed": False} if module.check_mode: return result if is_access_rule: - copy_payload_without_some_params = extract_payload_without_some_params(payload, ['action', 'position', 'search_entire_rulebase']) + copy_payload_without_some_params = extract_payload_without_some_params( + payload, ["action", "position", "search_entire_rulebase"] + ) else: - copy_payload_without_some_params = extract_payload_without_some_params(payload, ['position']) - payload_for_equals = {'type': api_call_object, 'params': copy_payload_without_some_params} - equals_code, equals_response = send_request(connection, version, 'equals', payload_for_equals) - result['checkpoint_session_uid'] = connection.get_session_uid() + copy_payload_without_some_params = extract_payload_without_some_params( + payload, ["position"] + ) + payload_for_equals = { + "type": api_call_object, + "params": copy_payload_without_some_params, + } + equals_code, equals_response = send_request( + connection, version, "equals", payload_for_equals + ) + result["checkpoint_session_uid"] = connection.get_session_uid() handle_equals_failure(module, equals_code, equals_response) - if module.params['state'] == 'present': + if module.params["state"] == "present": if equals_code == 200: - if equals_response['equals']: - if not is_equals_with_all_params(payload, connection, version, api_call_object, is_access_rule): - equals_response['equals'] = False + if equals_response["equals"]: + if not is_equals_with_all_params( + payload, + connection, + version, + api_call_object, + is_access_rule, + ): + equals_response["equals"] = False # else objects are equals and there is no need for set request - if not equals_response['equals']: + if not equals_response["equals"]: # if user insert param 'position' and needed to use the 'set' command, change the param name to 'new-position' - if 'position' in payload: - payload['new-position'] = payload['position'] - del payload['position'] - if 'search-entire-rulebase' in payload: - del payload['search-entire-rulebase'] - handle_call_and_set_result(connection, version, 'set-' + api_call_object, payload, module, result) + if "position" in payload: + payload["new-position"] = payload["position"] + del payload["position"] + if "search-entire-rulebase" in payload: + del payload["search-entire-rulebase"] + handle_call_and_set_result( + connection, + version, + "set-" + api_call_object, + payload, + module, + result, + ) elif equals_code == 404: - if 'search-entire-rulebase' in payload: - del payload['search-entire-rulebase'] - handle_call_and_set_result(connection, version, 'add-' + api_call_object, payload, module, result) - elif module.params['state'] == 'absent': - handle_delete(equals_code, payload, delete_params, connection, version, api_call_object, module, result) + if "search-entire-rulebase" in payload: + del payload["search-entire-rulebase"] + handle_call_and_set_result( + connection, + version, + "add-" + api_call_object, + payload, + module, + result, + ) + elif module.params["state"] == "absent": + handle_delete( + equals_code, + payload, + delete_params, + connection, + version, + api_call_object, + module, + result, + ) return result @@ -724,20 +1397,23 @@ def api_call_for_rule(module, api_call_object): # check if call is in plural form def call_is_plural(api_call_object, payload): is_plural = False - if 'access' in api_call_object and payload.get("layer") is None: + if "access" in api_call_object and payload.get("layer") is None: is_plural = True - elif 'threat' in api_call_object and payload.get("layer") is None: + elif "threat" in api_call_object and payload.get("layer") is None: is_plural = True - elif 'nat' in api_call_object \ - and payload.get("name") is None \ - and payload.get("uid") is None \ - and payload.get("rule-number") is None: + elif ( + "nat" in api_call_object + and payload.get("name") is None + and payload.get("rule-number") is None + ): is_plural = True return is_plural # handle api call facts for rule -def api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version): +def api_call_facts_for_rule( + module, api_call_object, api_call_object_plural_version +): payload = get_payload_from_parameters(module.params) connection = Connection(module._socket_path) version = get_version(module) @@ -746,62 +1422,459 @@ def api_call_facts_for_rule(module, api_call_object, api_call_object_plural_vers if call_is_plural(api_call_object, payload): api_call_object = api_call_object_plural_version - response = handle_call(connection, version, 'show-' + api_call_object, payload, module, False, False) + response = handle_call( + connection, + version, + "show-" + api_call_object, + payload, + module, + False, + False, + ) result = {api_call_object: response} return result # The code from here till EOF will be deprecated when Rikis' modules will be deprecated -checkpoint_argument_spec = dict(auto_publish_session=dict(type='bool', default=True), - policy_package=dict(type='str', default='standard'), - auto_install_policy=dict(type='bool', default=True), - targets=dict(type='list') - ) +# checkpoint_argument_spec = dict( +# auto_publish_session=dict(type="bool", default=True), +# policy_package=dict(type="str", default="standard"), +# auto_install_policy=dict(type="bool", default=True), +# targets=dict(type="list"), +# ) def publish(connection, uid=None): payload = None if uid: - payload = {'uid': uid} + payload = {"uid": uid} - connection.send_request('/web_api/publish', payload) + connection.send_request("/web_api/publish", payload) def discard(connection, uid=None): payload = None if uid: - payload = {'uid': uid} + payload = {"uid": uid} - connection.send_request('/web_api/discard', payload) + connection.send_request("/web_api/discard", payload) def install_policy(connection, policy_package, targets): - payload = {'policy-package': policy_package, - 'targets': targets} + payload = {"policy-package": policy_package, "targets": targets} - connection.send_request('/web_api/install-policy', payload) + connection.send_request("/web_api/install-policy", payload) -def prepare_rule_params_for_execute_module(rule, module_args, position, below_rule_name): - rule['layer'] = module_args['layer'] - if 'details_level' in module_args.keys(): - rule['details_level'] = module_args['details_level'] - if 'state' not in rule.keys() or ('state' in rule.keys() and rule['state'] != 'absent'): +def prepare_rule_params_for_execute_module( + rule, module_args, position, below_rule_name +): + rule["layer"] = module_args["layer"] + if "details_level" in module_args.keys(): + rule["details_level"] = module_args["details_level"] + if "state" not in rule.keys() or ( + "state" in rule.keys() and rule["state"] != "absent" + ): if below_rule_name: - relative_position = {'relative_position': {'below': below_rule_name}} + relative_position = { + "relative_position": {"below": below_rule_name} + } rule.update(relative_position) else: - rule['position'] = position + rule["position"] = position position = position + 1 - below_rule_name = rule['name'] + below_rule_name = rule["name"] return rule, position, below_rule_name def check_if_to_publish_for_action(result, module_args): - to_publish = ('auto_publish_session' in module_args.keys() and module_args['auto_publish_session']) and \ - ('changed' in result.keys() and result['changed'] is True) and ('failed' not in result.keys() or - result['failed'] is False) + to_publish = ( + ( + "auto_publish_session" in module_args.keys() + and module_args["auto_publish_session"] + ) + and ("changed" in result.keys() and result["changed"] is True) + and ("failed" not in result.keys() or result["failed"] is False) + ) return to_publish + + +class CheckPointRequest(object): + def __init__( + self, + module=None, + connection=None, + headers=None, + not_rest_data_keys=None, + task_vars=None, + ): + self.module = module + if module: + # This will be removed, once all of the available modules + # are moved to use action plugin design, as otherwise test + # would start to complain without the implementation. + self.connection = Connection(self.module._socket_path) + elif connection: + self.connection = connection + try: + self.connection.load_platform_plugins( + "check_point.mgmt.checkpoint" + ) + self.connection.set_options(var_options=task_vars) + except ConnectionError: + raise + # This allows us to exclude specific argspec keys from being included by + # the rest data that don't follow the deepsec_* naming convention + if not_rest_data_keys: + self.not_rest_data_keys = not_rest_data_keys + else: + self.not_rest_data_keys = [] + self.not_rest_data_keys.append("validate_certs") + self.headers = headers if headers else BASE_HEADERS + + # wait for task + def wait_for_task(self, version, connection, task_id): + task_id_payload = {"task-id": task_id, "details-level": "full"} + task_complete = False + minutes_until_timeout = 30 + # if module.params['wait_for_task_timeout'] is not None and module.params['wait_for_task_timeout'] >= 0: + # minutes_until_timeout = module.params['wait_for_task_timeout'] + max_num_iterations = minutes_until_timeout * 30 + current_iteration = 0 + + # As long as there is a task in progress + while not task_complete and current_iteration < max_num_iterations: + current_iteration += 1 + # Check the status of the task + code, response = send_request( + connection, version, "show-task", task_id_payload + ) + + attempts_counter = 0 + while code != 200: + if attempts_counter < 5: + attempts_counter += 1 + time.sleep(2) + code, response = send_request( + connection, version, "show-task", task_id_payload + ) + else: + response["message"] = ( + "ERROR: Failed to handle asynchronous tasks as synchronous, tasks result is" + " undefined. " + response["message"] + ) + _fail_json(parse_fail_message(code, response)) + + # Count the number of tasks that are not in-progress + completed_tasks = 0 + for task in response["tasks"]: + if task["status"] == "failed": + _fail_json( + "Task {0} with task id {1} failed. Look at the logs for more details".format( + task["task-name"], task["task-id"] + ) + ) + if task["status"] == "in progress": + break + completed_tasks += 1 + + # Are we done? check if all tasks are completed + if completed_tasks == len(response["tasks"]): + task_complete = True + else: + time.sleep(2) # Wait for two seconds + if not task_complete: + _fail_json( + "ERROR: Timeout. Task-id: {0}.".format( + task_id_payload["task-id"] + ) + ) + else: + return response + + # if failed occurred, in some cases we want to discard changes before exiting. We also notify the user about the `discard` + def discard_and_fail( + self, code, response, connection, version, session_uid + ): + discard_code, discard_response = send_request( + connection, version, "discard" + ) + if discard_code != 200: + try: + _fail_json( + parse_fail_message(code, response) + + " Failed to discard session {0}" + " with error {1} with message {2}".format( + session_uid, + discard_code, + discard_response, + ) + ) + except Exception: + # Read-only mode without UID + _fail_json( + parse_fail_message(code, response) + + " Failed to discard session" + " with error {0} with message {1}".format( + discard_code, discard_response + ) + ) + + _fail_json( + "Checkpoint session with ID: {0}".format(session_uid) + + ", " + + parse_fail_message(code, response) + + " Unpublished changes were discarded" + ) + + # handle publish command, and wait for it to end if the user asked so + def handle_publish(self, connection, version, payload): + publish_code, publish_response = send_request( + connection, version, "publish" + ) + if publish_code != 200: + self.discard_and_fail( + publish_code, publish_response, connection, version + ) + if payload.get("wait_for_task"): + self.wait_for_task( + version, connection, publish_response["task-id"] + ) + + # handle call + def handle_call( + self, + connection, + version, + api_url, + payload, + to_discard_on_failure, + session_uid=None, + to_publish=False, + ): + code, response = send_request(connection, version, api_url, payload) + if code != 200: + if to_discard_on_failure: + self.discard_and_fail( + code, response, connection, version, session_uid + ) + elif "object_not_found" not in response.get( + "code" + ) and "not found" not in response.get("message"): + raise _fail_json( + "Checkpoint session with ID: {0}".format(session_uid) + + ", " + + parse_fail_message(code, response) + ) + else: + if "wait_for_task" in payload and payload["wait_for_task"]: + if "task-id" in response: + response = self.wait_for_task( + version, connection, response["task-id"] + ) + elif "tasks" in response: + for task in response["tasks"]: + if "task-id" in task: + task_id = task["task-id"] + response[task_id] = self.wait_for_task( + version, connection, task["task-id"] + ) + del response["tasks"] + + if to_publish: + self.handle_publish(connection, version, payload) + return code, response + + # handle the call and set the result with 'changed' and teh response + def handle_add_and_set_result( + self, + connection, + version, + api_url, + payload, + session_uid, + auto_publish_session=False, + ): + code, response = self.handle_call( + connection, + version, + api_url, + payload, + True, + session_uid, + auto_publish_session, + ) + result = {"code": code, "response": response, "changed": True} + return result + + # handle delete + def handle_delete(self, connection, payload, api_call_object, version): + auto_publish = False + payload_for_equals = {"type": api_call_object, "params": payload} + equals_code, equals_response = send_request( + connection, version, "equals", payload_for_equals + ) + session_uid = connection.get_session_uid() + if equals_code == 200: + if payload.get("auto_publish_session"): + auto_publish = payload["auto_publish_session"] + del payload["auto_publish_session"] + code, response = self.handle_call( + connection, + version, + "delete-" + api_call_object, + payload, + True, + session_uid, + auto_publish, + ) + result = {"code": code, "response": response, "changed": True} + else: + # else equals_code is 404 and no need to delete because object doesn't exist + result = {"changed": False} + if result.get("response"): + result["checkpoint_session_uid"] = session_uid + return result + + # handle api call facts + def api_call_facts(self, connection, payload, api_call_object, version): + if payload.get("auto_publish_session"): + del payload["auto_publish_session"] + code, response = self.handle_call( + connection, version, api_call_object, payload, False + ) + result = {"code": code, "response": response} + return result + + # handle api call + def api_call( + self, + connection, + payload, + remove_keys, + api_call_object, + state, + equals_response, + version, + delete_params, + ): + result = {} + auto_publish_session = False + if payload.get("auto_publish_session"): + auto_publish_session = payload["auto_publish_session"] + del payload["auto_publish_session"] + session_uid = connection.get_session_uid() + if state == "merged": + if equals_response and equals_response.get("equals") is False: + payload = remove_unwanted_key(payload, remove_keys) + result = self.handle_add_and_set_result( + connection, + version, + "set-" + api_call_object, + payload, + session_uid, + auto_publish_session, + ) + elif equals_response.get("code") or equals_response.get("message"): + result = self.handle_add_and_set_result( + connection, + version, + "add-" + api_call_object, + payload, + session_uid, + auto_publish_session, + ) + elif state == "replaced": + if equals_response and equals_response.get("equals") is False: + code, response = self.handle_call( + connection, + version, + "delete-" + api_call_object, + delete_params, + True, + session_uid, + auto_publish_session, + ) + result = self.handle_add_and_set_result( + connection, + version, + "add-" + api_call_object, + payload, + session_uid, + auto_publish_session, + ) + elif equals_response.get("code") or equals_response.get("message"): + result = self.handle_add_and_set_result( + connection, + version, + "add-" + api_call_object, + payload, + session_uid, + auto_publish_session, + ) + if result.get("response"): + result["checkpoint_session_uid"] = session_uid + + return result + + # if user insert a specific version, we add it to the url + def get_version(self, payload): + return ( + ("v" + payload["version"] + "/") if payload.get("version") else "" + ) + + def _httpapi_error_handle(self, api_obj, state, **kwargs): + # FIXME - make use of handle_httperror(self, exception) where applicable + # https://docs.ansible.com/ansible/latest/network/dev_guide/developing_plugins_network.html#developing-plugins-httpapi + try: + result = {} + version = self.get_version(kwargs["data"]) + if state == "gathered": + result = self.api_call_facts( + self.connection, kwargs["data"], "show-" + api_obj, version + ) + elif state == "deleted": + result = self.handle_delete( + self.connection, kwargs["data"], api_obj, version + ) + elif state == "merged" or state == "replaced": + payload_for_equals = { + "type": api_obj, + "params": kwargs["data"], + } + equals_code, equals_response = send_request( + self.connection, version, "equals", payload_for_equals + ) + if equals_response.get("equals"): + result = { + "code": equals_code, + "response": equals_response, + "changed": False, + } + else: + result = self.api_call( + self.connection, + kwargs["data"], + kwargs["remove_keys"], + api_obj, + state, + equals_response, + version, + kwargs["delete_params"], + ) + except ConnectionError as e: + raise _fail_json("connection error occurred: {0}".format(e)) + except CertificateError as e: + raise _fail_json("certificate error occurred: {0}".format(e)) + except ValueError as e: + raise _fail_json("certificate not found: {0}".format(e)) + # This fn. will return both code and response, once all of the available modules + # are moved to use action plugin design, as otherwise test + # would start to complain without the implementation. + return result + + def post(self, obj, state, **kwargs): + return self._httpapi_error_handle(obj, state, **kwargs) diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_abort_get_interfaces.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_abort_get_interfaces.py new file mode 100644 index 000000000..ae87643be --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_abort_get_interfaces.py @@ -0,0 +1,83 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_abort_get_interfaces +short_description: Attempt to abort an on-going "get-interfaces" operation. +description: + - Attempt to abort an on-going "get-interfaces" operation. + This API might fail if the "get-interfaces" operation is in its final stage. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + task_id: + description: + - get-interfaces task UID. + type: str + force_cleanup: + description: + - Forcefully abort the "get-interfaces" task. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: abort-get-interfaces + cp_mgmt_abort_get_interfaces: + task_id: 45b185e7-9ccd-4971-b74b-d212282f8f96 +""" + +RETURN = """ +cp_mgmt_abort_get_interfaces: + description: The checkpoint abort-get-interfaces output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + task_id=dict(type='str'), + force_cleanup=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "abort-get-interfaces" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer.py index dde5b24b6..46bdab564 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["deprecated"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -34,6 +36,10 @@ description: - All operations are performed over Web Services API. version_added: "1.0.0" author: "Or Soffer (@chkp-orso)" +deprecated: + alternative: cp_mgmt_access_layers + why: Newer and updated modules released with more functionality. + removed_at_date: '2024-11-01' options: name: description: @@ -133,39 +139,80 @@ cp_mgmt_access_layer: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - add_default_rule=dict(type='bool'), - applications_and_url_filtering=dict(type='bool'), - content_awareness=dict(type='bool'), - detect_using_x_forward_for=dict(type='bool'), - firewall=dict(type='bool'), - implicit_cleanup_action=dict(type='str', choices=['drop', 'accept']), - mobile_access=dict(type='bool'), - shared=dict(type='bool'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + add_default_rule=dict(type="bool"), + applications_and_url_filtering=dict(type="bool"), + content_awareness=dict(type="bool"), + detect_using_x_forward_for=dict(type="bool"), + firewall=dict(type="bool"), + implicit_cleanup_action=dict(type="str", choices=["drop", "accept"]), + mobile_access=dict(type="bool"), + shared=dict(type="bool"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'access-layer' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "access-layer" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer_facts.py index 40e98e990..999c9b8ff 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -98,30 +100,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "access-layer" api_call_object_plural_version = "access-layers" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layers.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layers.py new file mode 100644 index 000000000..78eeb2b70 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layers.py @@ -0,0 +1,456 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright 2022 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +""" +The module file for cp_mgmt_add_access_layers +""" + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = """ +module: cp_mgmt_access_layers +short_description: Manages ACCESS LAYERS resource module +description: + - This resource module allows for addition, deletion, or modification of CP Access Layers. + - This resource module also takes care of gathering Access layer config facts +version_added: "5.0.0" +author: Ansible Security Automation Team (@justjais) <https://github.com/ansible-security> +options: + config: + description: A dictionary of ACCESS LAYERS options + type: dict + suboptions: + name: + description: Object name. Must be unique in the domain. + type: str + add_default_rule: + description: Indicates whether to include a cleanup rule in the new layer. + type: bool + applications_and_url_filtering: + description: Whether to enable Applications & URL Filtering blade on the layer. + type: bool + content_awareness: + description: Whether to enable Content Awareness blade on the layer. + type: bool + detect_using_x_forward_for: + description: Whether to use X-Forward-For HTTP header, which is added by the proxy + server to keep track of the original source IP. + type: bool + firewall: + description: Whether to enable Firewall blade on the layer. + type: bool + implicit_cleanup_action: + description: The default "catch-all" action for traffic that does not match + any explicit or implied rules in the layer. + type: str + choices: + - drop + - accept + mobile_access: + description: Whether to enable Mobile Access blade on the layer. + type: bool + shared: + description: Whether this layer is shared. + type: bool + tags: + description: Collection of tag identifiers. + type: list + elements: str + color: + description: Color of the object. Should be one of existing colors. + type: str + choices: + - aquamarine + - black + - blue + - crete blue + - burlywood + - cyan + - dark green + - khaki + - orchid + - dark orange + - dark sea green + - pink + - turquoise + - dark blue + - firebrick + - brown + - forest green + - gold + - dark gold + - gray + - dark gray + - light green + - lemon chiffon + - coral + - sea green + - sky blue + - magenta + - purple + - slate blue + - violet red + - navy blue + - olive + - orange + - red + - sienna + - yellow + comments: + description: Comments string. + type: str + details_level: + description: The level of detail for some of the fields in the response can + vary from showing only the UID value of the object to a fully detailed representation + of the object. + type: str + choices: + - uid + - standard + - full + ignore_warnings: + description: Apply changes ignoring warnings. + type: bool + ignore_errors: + description: Apply changes ignoring errors. You won't be able to publish such + a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + limit: + description: + - The maximal number of returned results. + - NOTE, this parameter is a valid parameter only for the GATHERED state, for config states + like, MERGED, REPLACED, and DELETED state it won't be applicable. + type: int + offset: + description: + - Number of the results to initially skip. + - NOTE, this parameter is a valid parameter only for the GATHERED state, for config states + like, MERGED, REPLACED, and DELETED state it won't be applicable. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + - NOTE, this parameter is a valid parameter only for the GATHERED state, for config states + like, MERGED, REPLACED, and DELETED state it won't be applicable. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + DESC: + description: + - Sorts results by the given field in descending order. + type: str + round_trip: + description: + - If set to True, the round trip will filter out the module parameters from the response param, + which will enable the user to fire the config request using the structured gathered data. + - NOTE, this parameter makes relevance only with the GATHERED state, as for config states like, + MERGED, REPLACED, and DELETED state it won't make any config updates, + as it's not a module config parameter. + type: bool + auto_publish_session: + description: + - Publish the current session if changes have been performed + after task completes. + type: bool + version: + description: + - Version of checkpoint. If not given one, the latest version taken. + type: str + state: + description: + - The state the configuration should be left in + - The state I(gathered) will get the module API configuration from the device + and transform it into structured data in the format as per the module argspec + and the value is returned in the I(gathered) key within the result. + type: str + choices: + - merged + - replaced + - gathered + - deleted +""" + +EXAMPLES = """ + +# Using MERGED state +# ------------------- + +- name: Merge Access-layer config + cp_mgmt_access_layers: + state: merged + config: + name: New Layer 1 + add_default_rule: true + applications_and_url_filtering: true + content_awareness: true + detect_using_x_forward_for: false + firewall: true + implicit_cleanup_action: drop + mobile_access: true + shared: false + tags: + - test_layer + color: aquamarine + comments: test description + details_level: full + ignore_warnings: false + ignore_errors: false + round_trip: true + +# RUN output: +# ----------- + +# mgmt_access_layers: +# after: +# applications_and_url_filtering: true +# color: aquamarine +# comments: test description +# content_awareness: true +# detect_using_x_forward_for: false +# domain: SMC User +# firewall: true +# icon: ApplicationFirewall/rulebase +# implicit_cleanup_action: drop +# mobile_access: true +# name: New Layer 1 +# shared: false +# tags: +# - test_layer +# uid: eb74d7fe-81a6-4e6c-aedb-d2d6599f965e +# before: {} + +# Using REPLACED state +# -------------------- + +- name: Replace Access-layer config + cp_mgmt_access_layers: + state: replaced + config: + name: New Layer 1 + add_default_rule: true + applications_and_url_filtering: true + content_awareness: false + detect_using_x_forward_for: false + firewall: true + implicit_cleanup_action: drop + mobile_access: true + shared: true + tags: + - test_layer_replaced + color: cyan + comments: test REPLACE description + details_level: full + ignore_warnings: false + ignore_errors: false + round_trip: true + +# RUN output: +# ----------- + +# mgmt_access_layers: +# after: +# applications_and_url_filtering: true +# color: cyan +# comments: test REPLACE description +# content_awareness: false +# detect_using_x_forward_for: false +# domain: SMC User +# firewall: true +# icon: ApplicationFirewall/sharedrulebase +# implicit_cleanup_action: drop +# mobile_access: true +# name: New Layer 1 +# shared: true +# tags: +# - test_layer_replaced +# uid: a4e2bbc1-ec94-4b85-9b00-07ad1279ac12 +# before: +# applications_and_url_filtering: true +# color: aquamarine +# comments: test description +# content_awareness: true +# detect_using_x_forward_for: false +# firewall: true +# icon: ApplicationFirewall/rulebase +# implicit_cleanup_action: drop +# mobile_access: true +# name: New Layer 1 +# shared: false +# tags: +# - test_layer + +# Using GATHERED state +# -------------------- + +# 1. With Round Trip set to True + +- name: Gather Access-layers config by Name + cp_mgmt_access_layers: + state: gathered + config: + name: New Layer 1 + round_trip: true + +# RUN output: +# ----------- + +# gathered: +# applications_and_url_filtering: true +# color: aquamarine +# comments: test description +# content_awareness: true +# detect_using_x_forward_for: false +# domain: SMC User +# firewall: true +# icon: ApplicationFirewall/rulebase +# implicit_cleanup_action: drop +# mobile_access: true +# name: New Layer 1 +# shared: false +# tags: +# - test_layer +# uid: eb74d7fe-81a6-4e6c-aedb-d2d6599f965e + +# 2. With Round Trip set to False which is the default behaviour + +- name: Gather Access-layers config by Name + cp_mgmt_access_layers: + state: gathered + config: + name: New Layer 1 + +# RUN output: +# ----------- + +# gathered: +# applications_and_url_filtering: true +# color: turquoise +# comments: test description +# content_awareness: true +# detect_using_x_forward_for: false +# domain: +# domain-type: domain +# name: SMC User +# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde +# firewall: true +# icon: ApplicationFirewall/rulebase +# implicit_cleanup_action: drop +# meta-info: +# creation-time: +# iso-8601: 2022-11-21T07:34+0000 +# posix: 1669016073937 +# creator: admin +# last-modifier: admin +# last-modify-time: +# iso-8601: 2022-11-21T07:34+0000 +# posix: 1669016074765 +# lock: unlocked +# validation-state: ok +# mobile_access: true +# name: New Layer 1 +# read-only: false +# shared: false +# tags: +# - domain: +# domain-type: domain +# name: SMC User +# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde +# name: test_layer +# type: tag +# uid: 22cc8b0d-984f-47de-b1f6-276b3377eb0c +# type: access-layer +# uid: a54e47d3-22fc-4aff-90d9-f644aa4a1522 + +# 3. Gather ALL threat-layer config with DESC order filter + +- name: To Gather ALL access-layer and order by Name + cp_mgmt_access_layers: + config: + order: + - DESC: name + state: gathered + +# RUN output: +# ----------- + +# gathered: +# - domain: +# domain-type: domain +# name: SMC User +# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde +# name: New Layer 1 +# type: access-layer +# uid: a54e47d3-22fc-4aff-90d9-f644aa4a1522 +# - domain: +# domain-type: domain +# name: SMC User +# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde +# name: Network +# type: access-layer +# uid: 63b7fe60-76d2-4287-bca5-21af87337b0a + +# Using DELETED state +# ------------------- + +- name: Delete Access-layer config by Name + cp_mgmt_access_layers: + state: deleted + config: + name: New Layer 1 + +# RUN output: +# ----------- + +# mgmt_access_layers: +# after: {} +# before: +# applications_and_url_filtering: true +# color: cyan +# comments: test REPLACE description +# content_awareness: false +# detect_using_x_forward_for: false +# domain: SMC User +# firewall: true +# icon: ApplicationFirewall/sharedrulebase +# implicit_cleanup_action: drop +# mobile_access: true +# name: New Layer 1 +# shared: true +# tags: +# - test_layer_replaced +# uid: a4e2bbc1-ec94-4b85-9b00-07ad1279ac12 +""" + +RETURN = """ +before: + description: The configuration prior to the module execution. + returned: when state is I(merged), I(replaced), I(deleted) + type: dict + sample: > + This output will always be in the same format as the + module argspec. +after: + description: The resulting configuration after module execution. + returned: when changed + type: dict + sample: > + This output will always be in the same format as the + module argspec. +gathered: + description: Facts about the network resource gathered from the remote device as structured data. + returned: when state is I(gathered) + type: dict + sample: > + This output will always be in the same format as the + module argspec. +""" diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_point_name.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_point_name.py new file mode 100644 index 000000000..d32f0232d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_point_name.py @@ -0,0 +1,165 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_point_name +short_description: Manages access-point-name objects on Checkpoint over Web Services API +description: + - Manages access-point-name objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + apn: + description: + - APN name. + type: str + enforce_end_user_domain: + description: + - Enable enforce end user domain. + type: bool + block_traffic_other_end_user_domains: + description: + - Block MS to MS traffic between this and other APN end user domains. + type: bool + block_traffic_this_end_user_domain: + description: + - Block MS to MS traffic within this end user domain. + type: bool + end_user_domain: + description: + - End user domain name or UID. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-access-point-name + cp_mgmt_access_point_name: + name: myaccesspointname + apn: apnname + end_user_domain: All_Internet + enforce_end_user_domain: 'True' + state: present + +- name: set-access-point-name + cp_mgmt_access_point_name: + name: myaccesspointname + block_traffic_other_end_user_domains: 'False' + block_traffic_this_end_user_domain: 'False' + enforce_end_user_domain: 'True' + state: present + +- name: delete-access-point-name + cp_mgmt_access_point_name: + name: myaccesspointname + state: absent +""" + +RETURN = """ +cp_mgmt_access_point_name: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + apn=dict(type='str'), + enforce_end_user_domain=dict(type='bool'), + block_traffic_other_end_user_domains=dict(type='bool'), + block_traffic_this_end_user_domain=dict(type='bool'), + end_user_domain=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'access-point-name' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_point_name_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_point_name_facts.py new file mode 100644 index 000000000..7a242d8cd --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_point_name_facts.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_access_point_name_facts +short_description: Get access-point-name objects facts on Checkpoint over Web Services API +description: + - Get access-point-name objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-access-point-name + cp_mgmt_access_point_name_facts: + name: myaccesspointname + +- name: show-access-point-names + cp_mgmt_access_point_name_facts: + limit: 10 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements="dict", options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements="str") + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "access-point-name" + api_call_object_plural_version = "access-point-names" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role.py index 1c9114484..4f2a8259e 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -161,51 +163,104 @@ cp_mgmt_access_role: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - machines_list=dict(type='list', elements='dict', options=dict( - source=dict(type='str'), - selection=dict(type='list', elements='str'), - base_dn=dict(type='str') - )), - machines=dict(type='str', choices=['any', 'all identified']), - networks=dict(type='list', elements='str'), - remote_access_clients=dict(type='str'), - tags=dict(type='list', elements='str'), - users_list=dict(type='list', elements='dict', options=dict( - source=dict(type='str'), - selection=dict(type='list', elements='str'), - base_dn=dict(type='str') - )), - users=dict(type='str', choices=['any', 'all identified']), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + machines_list=dict( + type="list", + elements="dict", + options=dict( + source=dict(type="str"), + selection=dict(type="list", elements="str"), + base_dn=dict(type="str"), + ), + ), + machines=dict(type="str", choices=["any", "all identified"]), + networks=dict(type="list", elements="str"), + remote_access_clients=dict(type="str"), + tags=dict(type="list", elements="str"), + users_list=dict( + type="list", + elements="dict", + options=dict( + source=dict(type="str"), + selection=dict(type="list", elements="str"), + base_dn=dict(type="str"), + ), + ), + users=dict(type="str", choices=["any", "all identified"]), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'access-role' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "access-role" if module.params["machines_list"] is not None: if module.params["machines"] is not None: - raise AssertionError("The use of both 'machines_list' and 'machines' arguments isn't allowed") + raise AssertionError( + "The use of both 'machines_list' and 'machines' arguments isn't allowed" + ) module.params["machines"] = module.params["machines_list"] module.params.pop("machines_list") if module.params["users_list"] is not None: if module.params["users"] is not None: - raise AssertionError("The use of both 'users_list' and 'users' arguments isn't allowed") + raise AssertionError( + "The use of both 'users_list' and 'users' arguments isn't allowed" + ) module.params["users"] = module.params["users_list"] module.params.pop("users_list") @@ -213,5 +268,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role_facts.py index 6a8805e8c..37dfd4529 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -96,30 +98,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "access-role" api_call_object_plural_version = "access-roles" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule.py index 11f359fe0..ca26a2933 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -325,92 +327,158 @@ cp_mgmt_access_rule: from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.connection import Connection -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, + api_call_for_rule, +) def main(): argument_spec = dict( - layer=dict(type='str'), - position=dict(type='str'), - relative_position=dict(type='dict', options=dict( - below=dict(type='str'), - above=dict(type='str'), - top=dict(type='str'), - bottom=dict(type='str') - )), - search_entire_rulebase=dict(type='bool', default=False), - name=dict(type='str', required=True), - action=dict(type='str'), - action_settings=dict(type='dict', options=dict( - enable_identity_captive_portal=dict(type='bool'), - limit=dict(type='str') - )), - content=dict(type='list', elements='dict'), - content_direction=dict(type='str', choices=['any', 'up', 'down']), - content_negate=dict(type='bool'), - custom_fields=dict(type='dict', options=dict( - field_1=dict(type='str'), - field_2=dict(type='str'), - field_3=dict(type='str') - )), - destination=dict(type='list', elements='str'), - destination_negate=dict(type='bool'), - enabled=dict(type='bool'), - inline_layer=dict(type='str'), - install_on=dict(type='list', elements='str'), - service=dict(type='list', elements='str'), - service_negate=dict(type='bool'), - source=dict(type='list', elements='str'), - source_negate=dict(type='bool'), - time=dict(type='list', elements='str'), - track=dict(type='dict', options=dict( - accounting=dict(type='bool'), - alert=dict(type='str', choices=['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3']), - enable_firewall_session=dict(type='bool'), - per_connection=dict(type='bool'), - per_session=dict(type='bool'), - type=dict(type='str') - )), - user_check=dict(type='dict', options=dict( - confirm=dict(type='str', choices=['per rule', 'per category', 'per application/site', 'per data type']), - custom_frequency=dict(type='dict', options=dict( - every=dict(type='int'), - unit=dict(type='str', choices=['hours', 'days', 'weeks', 'months']) - )), - frequency=dict(type='str', choices=['once a day', 'once a week', 'once a month', 'custom frequency...']), - interaction=dict(type='str') - )), - vpn_list=dict(type='list', elements='dict', options=dict( - community=dict(type='list', elements='str'), - directional=dict(type='list', elements='dict', options=dict( - to=dict(type='str') - )) - )), - vpn=dict(type='str', choices=['Any', 'All_GwToGw']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + layer=dict(type="str"), + position=dict(type="str"), + relative_position=dict( + type="dict", + options=dict( + below=dict(type="str"), + above=dict(type="str"), + top=dict(type="str"), + bottom=dict(type="str"), + ), + ), + search_entire_rulebase=dict(type="bool", default=False), + name=dict(type="str", required=True), + action=dict(type="str"), + action_settings=dict( + type="dict", + options=dict( + enable_identity_captive_portal=dict(type="bool"), + limit=dict(type="str"), + ), + ), + content=dict(type="list", elements="dict"), + content_direction=dict(type="str", choices=["any", "up", "down"]), + content_negate=dict(type="bool"), + custom_fields=dict( + type="dict", + options=dict( + field_1=dict(type="str"), + field_2=dict(type="str"), + field_3=dict(type="str"), + ), + ), + destination=dict(type="list", elements="str"), + destination_negate=dict(type="bool"), + enabled=dict(type="bool"), + inline_layer=dict(type="str"), + install_on=dict(type="list", elements="str"), + service=dict(type="list", elements="str"), + service_negate=dict(type="bool"), + source=dict(type="list", elements="str"), + source_negate=dict(type="bool"), + time=dict(type="list", elements="str"), + track=dict( + type="dict", + options=dict( + accounting=dict(type="bool"), + alert=dict( + type="str", + choices=[ + "none", + "alert", + "snmp", + "mail", + "user alert 1", + "user alert 2", + "user alert 3", + ], + ), + enable_firewall_session=dict(type="bool"), + per_connection=dict(type="bool"), + per_session=dict(type="bool"), + type=dict(type="str"), + ), + ), + user_check=dict( + type="dict", + options=dict( + confirm=dict( + type="str", + choices=[ + "per rule", + "per category", + "per application/site", + "per data type", + ], + ), + custom_frequency=dict( + type="dict", + options=dict( + every=dict(type="int"), + unit=dict( + type="str", + choices=["hours", "days", "weeks", "months"], + ), + ), + ), + frequency=dict( + type="str", + choices=[ + "once a day", + "once a week", + "once a month", + "custom frequency...", + ], + ), + interaction=dict(type="str"), + ), + ), + vpn_list=dict( + type="list", + elements="dict", + options=dict( + community=dict(type="list", elements="str"), + directional=dict( + type="list", + elements="dict", + options=dict(to=dict(type="str")), + ), + ), + ), + vpn=dict(type="str", choices=["Any", "All_GwToGw"]), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) - argument_spec['vpn_list']['options']['directional']['options']['from'] = dict(type='str') + argument_spec["vpn_list"]["options"]["directional"]["options"][ + "from" + ] = dict(type="str") argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'access-rule' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "access-rule" if module.params["vpn_list"] is not None: if module.params["vpn"] is not None: - raise AssertionError("The use of both 'vpn_list' and 'vpn' arguments isn't allowed") + raise AssertionError( + "The use of both 'vpn_list' and 'vpn' arguments isn't allowed" + ) module.params["vpn"] = module.params["vpn_list"] module.params.pop("vpn_list") if module.params["relative_position"] is not None: if module.params["position"] is not None: - raise AssertionError("The use of both 'relative_position' and 'position' arguments isn't allowed") + raise AssertionError( + "The use of both 'relative_position' and 'position' arguments isn't allowed" + ) module.params["position"] = module.params["relative_position"] module.params.pop("relative_position") - if module.params['action'] is None and module.params['position'] is None: + if module.params["action"] is None and module.params["position"] is None: module.params.pop("search_entire_rulebase") result = api_call(module, api_call_object) else: @@ -419,5 +487,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule_facts.py index 3519e6ba1..0d536ad19 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -193,53 +195,73 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts_for_rule, +) def main(): argument_spec = dict( - name=dict(type='str'), - layer=dict(type='str'), - show_as_ranges=dict(type='bool'), - show_hits=dict(type='bool'), - hits_settings=dict(type='dict', options=dict( - from_date=dict(type='str'), - target=dict(type='str'), - to_date=dict(type='str') - )), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - filter_settings=dict(type='dict', options=dict( - search_mode=dict(type='str', choices=['general', 'packet']), - packet_search_settings=dict(type='dict', options=dict( - expand_group_members=dict(type='bool'), - expand_group_with_exclusion_members=dict(type='bool'), - match_on_any=dict(type='bool'), - match_on_group_with_exclusion=dict(type='bool'), - match_on_negate=dict(type='bool') - )) - )), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - package=dict(type='str'), - use_object_dictionary=dict(type='bool'), - dereference_group_members=dict(type='bool'), - show_membership=dict(type='bool') + name=dict(type="str"), + layer=dict(type="str"), + show_as_ranges=dict(type="bool"), + show_hits=dict(type="bool"), + hits_settings=dict( + type="dict", + options=dict( + from_date=dict(type="str"), + target=dict(type="str"), + to_date=dict(type="str"), + ), + ), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + filter_settings=dict( + type="dict", + options=dict( + search_mode=dict(type="str", choices=["general", "packet"]), + packet_search_settings=dict( + type="dict", + options=dict( + expand_group_members=dict(type="bool"), + expand_group_with_exclusion_members=dict(type="bool"), + match_on_any=dict(type="bool"), + match_on_group_with_exclusion=dict(type="bool"), + match_on_negate=dict(type="bool"), + ), + ), + ), + ), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + package=dict(type="str"), + use_object_dictionary=dict(type="bool"), + dereference_group_members=dict(type="bool"), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "access-rule" api_call_object_plural_version = "access-rulebase" - result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version) + result = api_call_facts_for_rule( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rules.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rules.py index 1597ab281..cdc1f8aae 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rules.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rules.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -208,7 +210,7 @@ options: description: - N/A type: str - vpn: + vpn_list: description: - Communities or Directional. type: list @@ -218,7 +220,7 @@ options: description: - List of community name or UID. type: list - elements: dict + elements: str directional: description: - Communities directional match condition. @@ -233,6 +235,11 @@ options: description: - To community name or UID. type: str + vpn: + description: + - Any or All_GwToGw. + type: str + choices: ['Any', 'All_GwToGw'] comments: description: - Comments string. @@ -294,74 +301,144 @@ cp_mgmt_access_rules: from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.connection import Connection -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import \ - checkpoint_argument_spec_for_action_module +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_action_module, +) def main(): argument_spec = dict( - rules=dict(type='list', required=True, elements='dict', options=dict( - name=dict(type='str', required=True), - action=dict(type='str'), - action_settings=dict(type='dict', options=dict( - enable_identity_captive_portal=dict(type='bool'), - limit=dict(type='str') - )), - content=dict(type='list', elements='dict'), - content_direction=dict(type='str', choices=['any', 'up', 'down']), - content_negate=dict(type='bool'), - custom_fields=dict(type='dict', options=dict( - field_1=dict(type='str'), - field_2=dict(type='str'), - field_3=dict(type='str') - )), - destination=dict(type='list', elements='str'), - destination_negate=dict(type='bool'), - enabled=dict(type='bool'), - inline_layer=dict(type='str'), - install_on=dict(type='list', elements='str'), - service=dict(type='list', elements='str'), - service_negate=dict(type='bool'), - source=dict(type='list', elements='str'), - source_negate=dict(type='bool'), - time=dict(type='list', elements='str'), - track=dict(type='dict', options=dict( - accounting=dict(type='bool'), - alert=dict(type='str', - choices=['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3']), - enable_firewall_session=dict(type='bool'), - per_connection=dict(type='bool'), - per_session=dict(type='bool'), - type=dict(type='str') - )), - user_check=dict(type='dict', options=dict( - confirm=dict(type='str', choices=['per rule', 'per category', 'per application/site', 'per data type']), - custom_frequency=dict(type='dict', options=dict( - every=dict(type='int'), - unit=dict(type='str', choices=['hours', 'days', 'weeks', 'months']) - )), - frequency=dict(type='str', - choices=['once a day', 'once a week', 'once a month', 'custom frequency...']), - interaction=dict(type='str') - )), - vpn=dict(type='list', elements='dict', options=dict( - community=dict(type='list', elements='dict'), - directional=dict(type='list', elements='dict', options=dict( - to=dict(type='str') - )) - )), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool'), - state=dict(type='str', choices=['present', 'absent'], default='present') - - )), - layer=dict(type='str', required=True), - details_level=dict(type='str', choices=['uid', 'standard', 'full']) + rules=dict( + type="list", + required=True, + elements="dict", + options=dict( + name=dict(type="str", required=True), + action=dict(type="str"), + action_settings=dict( + type="dict", + options=dict( + enable_identity_captive_portal=dict(type="bool"), + limit=dict(type="str"), + ), + ), + content=dict(type="list", elements="dict"), + content_direction=dict( + type="str", choices=["any", "up", "down"] + ), + content_negate=dict(type="bool"), + custom_fields=dict( + type="dict", + options=dict( + field_1=dict(type="str"), + field_2=dict(type="str"), + field_3=dict(type="str"), + ), + ), + destination=dict(type="list", elements="str"), + destination_negate=dict(type="bool"), + enabled=dict(type="bool"), + inline_layer=dict(type="str"), + install_on=dict(type="list", elements="str"), + service=dict(type="list", elements="str"), + service_negate=dict(type="bool"), + source=dict(type="list", elements="str"), + source_negate=dict(type="bool"), + time=dict(type="list", elements="str"), + track=dict( + type="dict", + options=dict( + accounting=dict(type="bool"), + alert=dict( + type="str", + choices=[ + "none", + "alert", + "snmp", + "mail", + "user alert 1", + "user alert 2", + "user alert 3", + ], + ), + enable_firewall_session=dict(type="bool"), + per_connection=dict(type="bool"), + per_session=dict(type="bool"), + type=dict(type="str"), + ), + ), + user_check=dict( + type="dict", + options=dict( + confirm=dict( + type="str", + choices=[ + "per rule", + "per category", + "per application/site", + "per data type", + ], + ), + custom_frequency=dict( + type="dict", + options=dict( + every=dict(type="int"), + unit=dict( + type="str", + choices=[ + "hours", + "days", + "weeks", + "months", + ], + ), + ), + ), + frequency=dict( + type="str", + choices=[ + "once a day", + "once a week", + "once a month", + "custom frequency...", + ], + ), + interaction=dict(type="str"), + ), + ), + vpn_list=dict( + type="list", + elements="dict", + options=dict( + community=dict(type="list", elements="str"), + directional=dict( + type="list", + elements="dict", + options=dict(to=dict(type="str")), + ), + ), + ), + vpn=dict(type="str", choices=["Any", "All_GwToGw"]), + comments=dict(type="str"), + details_level=dict( + type="str", choices=["uid", "standard", "full"] + ), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), + state=dict( + type="str", + choices=["present", "absent"], + default="present", + ), + ), + ), + layer=dict(type="str", required=True), + details_level=dict(type="str", choices=["uid", "standard", "full"]), ) - argument_spec['rules']['options']['vpn']['options']['directional']['options']['from'] = dict(type='str') + argument_spec["rules"]["options"]["vpn_list"]["options"]["directional"][ + "options" + ]["from"] = dict(type="str") argument_spec.update(checkpoint_argument_spec_for_action_module) module = AnsibleModule(argument_spec=argument_spec) @@ -369,5 +446,5 @@ def main(): module.exit_json() -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_section.py index 01a47a503..1a165cd89 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_section.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_section.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -94,26 +96,31 @@ cp_mgmt_access_section: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - layer=dict(type='str'), - position=dict(type='str'), - name=dict(type='str', required=True), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + layer=dict(type="str"), + position=dict(type="str"), + name=dict(type="str", required=True), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'access-section' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "access-section" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_api_key.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_api_key.py index 641cea5e9..a86ee2416 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_api_key.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_api_key.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -51,7 +53,6 @@ EXAMPLES = """ - name: add-api-key cp_mgmt_add_api_key: admin_name: admin - state: present """ RETURN = """ @@ -62,13 +63,15 @@ cp_mgmt_add_api_key: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - admin_uid=dict(type='str'), - admin_name=dict(type='str') + admin_uid=dict(type="str"), admin_name=dict(type="str") ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -80,5 +83,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_central_license.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_central_license.py new file mode 100644 index 000000000..909fcd333 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_central_license.py @@ -0,0 +1,78 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_central_license +short_description: Add central license. +description: + - Add central license. + - All operations are performed over Web Services API. +version_added: "5.2.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + license: + description: + - The license string received from the User Center - without 'cplic put'. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-central-license + cp_mgmt_add_central_license: + license: 192.168.1.2 never dTTTTTT-WWWWWW-SSSSSSS-QQQQQQ CPSG-VE+3 CPBS-BECE CPSB-DFW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA + CPSB-ADNC CPSB-SSLVWPN-5 CK-66666666 +""" + +RETURN = """ +cp_mgmt_add_central_license: + description: The checkpoint add-central-license output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + license=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "add-central-license" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_data_center_object.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_data_center_object.py index c4ad1d16f..f765cf8da 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_data_center_object.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_data_center_object.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -99,7 +101,6 @@ EXAMPLES = """ cp_mgmt_add_data_center_object: data_center_name: vCenter 1 name: VM1 mgmt name - state: present uri: /Datacenters/VMs/My VM1 """ @@ -111,27 +112,66 @@ cp_mgmt_add_data_center_object: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - data_center_name=dict(type='str'), - data_center_uid=dict(type='str'), - uri=dict(type='str'), - uid_in_data_center=dict(type='str'), - name=dict(type='str'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + data_center_name=dict(type="str"), + data_center_uid=dict(type="str"), + uri=dict(type="str"), + uid_in_data_center=dict(type="str"), + name=dict(type="str"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -143,5 +183,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_domain.py index bde1d9f4b..d6afde819 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_domain.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_domain.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -125,40 +127,86 @@ cp_mgmt_domain: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - servers=dict(type='list', elements='dict', options=dict( - name=dict(type='str'), - ip_address=dict(type='str'), - ipv4_address=dict(type='str'), - ipv6_address=dict(type='str'), - multi_domain_server=dict(type='str'), - active=dict(type='bool'), - skip_start_domain_server=dict(type='bool'), - type=dict(type='str', choices=['management server', 'log server', 'smc']) - )), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool'), + name=dict(type="str", required=True), + servers=dict( + type="list", + elements="dict", + options=dict( + name=dict(type="str"), + ip_address=dict(type="str"), + ipv4_address=dict(type="str"), + ipv6_address=dict(type="str"), + multi_domain_server=dict(type="str"), + active=dict(type="bool"), + skip_start_domain_server=dict(type="bool"), + type=dict( + type="str", + choices=["management server", "log server", "smc"], + ), + ), + ), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) - command = 'add-domain' + command = "add-domain" result = api_command(module, command) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_nat_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_nat_rule.py index 8b1151bd9..badb27822 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_nat_rule.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_nat_rule.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["deprecated"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -34,6 +36,10 @@ description: - All operations are performed over Web Services API. version_added: "2.0.0" author: "Or Soffer (@chkp-orso)" +deprecated: + alternative: cp_mgmt_nat_rule + why: Newer and updated module released with more functionality. + removed_at_date: '2024-11-01' options: package: description: @@ -113,7 +119,6 @@ EXAMPLES = """ original_source: Any package: standard position: 1 - state: present """ RETURN = """ @@ -124,26 +129,29 @@ cp_mgmt_add_nat_rule: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - package=dict(type='str'), - position=dict(type='str'), - enabled=dict(type='bool'), - install_on=dict(type='list', elements='str'), - method=dict(type='str', choices=['static', 'hide', 'nat64', 'nat46']), - original_destination=dict(type='str'), - original_service=dict(type='str'), - original_source=dict(type='str'), - translated_destination=dict(type='str'), - translated_service=dict(type='str'), - translated_source=dict(type='str'), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + package=dict(type="str"), + position=dict(type="str"), + enabled=dict(type="bool"), + install_on=dict(type="list", elements="str"), + method=dict(type="str", choices=["static", "hide", "nat64", "nat46"]), + original_destination=dict(type="str"), + original_service=dict(type="str"), + original_source=dict(type="str"), + translated_destination=dict(type="str"), + translated_service=dict(type="str"), + translated_source=dict(type="str"), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -155,5 +163,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_repository_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_repository_package.py new file mode 100644 index 000000000..ae6d4bd39 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_repository_package.py @@ -0,0 +1,92 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_repository_package +short_description: Add the software package to the central repository. +description: + - Add the software package to the central repository. + - On Multi-Domain Server this command is available only after logging in to the Global domain. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - The name of the repository package. + type: str + path: + description: + - The path of the repository package.<br><font color="red">Required only for</font> adding package from local. + type: str + source: + description: + - The source of the repository package. + type: str + choices: ['cloud', 'local'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-repository-package + cp_mgmt_add_repository_package: + name: Check_Point_R80_20_JUMBO_HF_Bundle_T118_sk137592_Security_Gateway_and_Standalone_2_6_18_FULL.tgz + path: /home/admin/ + source: local +""" + +RETURN = """ +cp_mgmt_add_repository_package: + description: The checkpoint add-repository-package output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, \ + api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + path=dict(type='str'), + source=dict(type='str', choices=['cloud', 'local']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "add-repository-package" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_rules_batch.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_rules_batch.py index 58f7bb3bd..3ce0c18d8 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_rules_batch.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_rules_batch.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -109,18 +111,25 @@ cp_mgmt_add_rules_batch: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - objects=dict(type='list', elements='dict', options=dict( - layer=dict(type='str'), - type=dict(type='str'), - first_position=dict(type='str'), - list=dict(type='list', elements='dict') - )), - auto_publish_session=dict(type='bool') + objects=dict( + type="list", + elements="dict", + options=dict( + layer=dict(type="str"), + type=dict(type="str"), + first_position=dict(type="str"), + list=dict(type="list", elements="dict"), + ), + ), + auto_publish_session=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -132,5 +141,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_updatable_object.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_updatable_object.py new file mode 100644 index 000000000..9b6190bd0 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_updatable_object.py @@ -0,0 +1,116 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_add_updatable_object +short_description: Import an updatable object from the repository to the management server. +description: + - Import an updatable object from the repository to the management server. This operation takes effect immediately and doesn't require publishing. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + uri: + description: + - URI of the updatable object in the Updatable Objects Repository. + type: str + uid_in_updatable_objects_repository: + description: + - Unique identifier of the updatable object in the Updatable Objects Repository. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: add-updatable-object + cp_mgmt_add_updatable_object: + uri: '{{uri}}' +""" + +RETURN = """ +cp_mgmt_add_updatable_object: + description: The checkpoint add-updatable-object output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + uri=dict(type='str'), + uid_in_updatable_objects_repository=dict(type='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "add-updatable-object" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range.py index c678eb832..44ef44a02 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -169,47 +171,93 @@ cp_mgmt_address_range: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - ip_address_first=dict(type='str'), - ipv4_address_first=dict(type='str'), - ipv6_address_first=dict(type='str'), - ip_address_last=dict(type='str'), - ipv4_address_last=dict(type='str'), - ipv6_address_last=dict(type='str'), - nat_settings=dict(type='dict', options=dict( - auto_rule=dict(type='bool'), - ip_address=dict(type='str'), - ipv4_address=dict(type='str'), - ipv6_address=dict(type='str'), - hide_behind=dict(type='str', choices=['gateway', 'ip-address']), - install_on=dict(type='str'), - method=dict(type='str', choices=['hide', 'static']) - )), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + ip_address_first=dict(type="str"), + ipv4_address_first=dict(type="str"), + ipv6_address_first=dict(type="str"), + ip_address_last=dict(type="str"), + ipv4_address_last=dict(type="str"), + ipv6_address_last=dict(type="str"), + nat_settings=dict( + type="dict", + options=dict( + auto_rule=dict(type="bool"), + ip_address=dict(type="str"), + ipv4_address=dict(type="str"), + ipv6_address=dict(type="str"), + hide_behind=dict( + type="str", choices=["gateway", "ip-address"] + ), + install_on=dict(type="str"), + method=dict(type="str", choices=["hide", "static"]), + ), + ), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'address-range' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "address-range" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range_facts.py index f9032eef1..2e41e94ba 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -102,31 +104,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "address-range" api_call_object_plural_version = "address-ranges" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py index 7568f742c..2b6cbba00 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -179,53 +181,110 @@ cp_mgmt_administrator: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - authentication_method=dict(type='str', choices=['undefined', 'check point password', - 'os password', 'securid', 'radius', 'tacacs', 'ad authentication', 'api key']), - email=dict(type='str'), - expiration_date=dict(type='str'), - multi_domain_profile=dict(type='str'), - must_change_password=dict(type='bool'), - password=dict(type='str', no_log=True), - password_hash=dict(type='str', no_log=True), - permissions_profile=dict(type='str'), - permissions_profile_list=dict(type='list', elements='dict', options=dict( - profile=dict(type='str'), - domain=dict(type='str') - )), - phone_number=dict(type='str'), - radius_server=dict(type='str'), - tacacs_server=dict(type='str'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + authentication_method=dict( + type="str", + choices=[ + "undefined", + "check point password", + "os password", + "securid", + "radius", + "tacacs", + "ad authentication", + "api key", + ], + ), + email=dict(type="str"), + expiration_date=dict(type="str"), + multi_domain_profile=dict(type="str"), + must_change_password=dict(type="bool", no_log=False), + password=dict(type="str", no_log=True), + password_hash=dict(type="str", no_log=True), + permissions_profile=dict(type="str"), + permissions_profile_list=dict( + type="list", + elements="dict", + options=dict(profile=dict(type="str"), domain=dict(type="str")), + ), + phone_number=dict(type="str"), + radius_server=dict(type="str"), + tacacs_server=dict(type="str"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'administrator' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "administrator" if module.params["permissions_profile_list"] is not None: if module.params["permissions_profile"] is not None: - raise AssertionError("The use of both 'permissions_profile_list' and 'permissions_profile' arguments isn't allowed") - module.params["permissions_profile"] = module.params["permissions_profile_list"] + raise AssertionError( + "The use of both 'permissions_profile_list' and 'permissions_profile' arguments isn't allowed" + ) + module.params["permissions_profile"] = module.params[ + "permissions_profile_list" + ] module.params.pop("permissions_profile_list") result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator_facts.py index affd2febe..995362860 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -98,30 +100,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "administrator" api_call_object_plural_version = "administrators" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site.py index 36b042a10..5b097cedf 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -143,38 +145,79 @@ cp_mgmt_application_site: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - primary_category=dict(type='str'), - url_list=dict(type='list', elements='str'), - application_signature=dict(type='str'), - additional_categories=dict(type='list', elements='str'), - description=dict(type='str'), - tags=dict(type='list', elements='str'), - urls_defined_as_regular_expression=dict(type='bool'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + primary_category=dict(type="str"), + url_list=dict(type="list", elements="str"), + application_signature=dict(type="str"), + additional_categories=dict(type="list", elements="str"), + description=dict(type="str"), + tags=dict(type="list", elements="str"), + urls_defined_as_regular_expression=dict(type="bool"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'application-site' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "application-site" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category.py index 4c3d94d13..de822141c 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -109,33 +111,74 @@ cp_mgmt_application_site_category: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - description=dict(type='str'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + description=dict(type="str"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'application-site-category' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "application-site-category" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category_facts.py index 3c3653b5b..cfdc977e9 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -98,30 +100,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "application-site-category" api_call_object_plural_version = "application-site-categories" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_facts.py index 2618cf6fb..d931dc1b5 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -106,32 +108,43 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - application_id=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + application_id=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "application-site" api_call_object_plural_version = "application-sites" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group.py index 58c072771..b39c33db8 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -115,33 +117,74 @@ cp_mgmt_application_site_group: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - members=dict(type='list', elements='str'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + members=dict(type="list", elements="str"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'application-site-group' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "application-site-group" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group_facts.py index 8a7ac74d4..aac26e00e 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -106,32 +108,43 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - dereference_group_members=dict(type='bool'), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + dereference_group_members=dict(type="bool"), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "application-site-group" api_call_object_plural_version = "application-site-groups" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_approve_session.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_approve_session.py index d87b5738d..29ab8695b 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_approve_session.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_approve_session.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -56,13 +58,14 @@ cp_mgmt_approve_session: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - uid=dict(type='str') - ) + argument_spec = dict(uid=dict(type="str")) argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -73,5 +76,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_assign_global_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_assign_global_assignment.py index f1b1df75d..96d3ff36a 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_assign_global_assignment.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_assign_global_assignment.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -69,14 +71,17 @@ cp_mgmt_assign_global_assignment: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - dependent_domains=dict(type='list', elements='str'), - global_domains=dict(type='list', elements='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']) + dependent_domains=dict(type="list", elements="str"), + global_domains=dict(type="list", elements="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -88,5 +93,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_central_license_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_central_license_facts.py new file mode 100644 index 000000000..d53212ce7 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_central_license_facts.py @@ -0,0 +1,86 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_central_license_facts +short_description: Get central-license objects facts on Checkpoint over Web Services API +description: + - Get central-license objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'signature'. +version_added: "5.2.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + signature: + description: + - The license's signature. This parameter is relevant only for getting a specific object. + type: str +extends_documentation_fragment: checkpoint_facts +""" + +EXAMPLES = """ +- name: show-central-license + cp_mgmt_central_license_facts: + signature: dLLLLL-WWWWWW-ZZZZZZ-QQQQQQ + +- name: show-central-licenses + cp_mgmt_show_central_licenses: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) + + +def main(): + argument_spec = dict( + signature=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "central-license" + api_call_object_plural_version = "central-licenses" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_network_feed.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_network_feed.py index 8c93bf16f..c29b9cdc7 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_network_feed.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_network_feed.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -157,37 +159,51 @@ cp_mgmt_check_network_feed: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - targets=dict(type='list', elements='str'), - network_feed=dict(type='dict', options=dict( - name=dict(type='str'), - feed_url=dict(type='str'), - certificate_id=dict(type='str'), - feed_format=dict(type='str', choices=['Flat List', 'JSON']), - feed_type=dict(type='str', choices=['Domain', 'IP Address', 'IP Address/Domain']), - password=dict(type='str', no_log=True), - username=dict(type='str'), - custom_header=dict(type='list', elements='dict', options=dict( - header_name=dict(type='str'), - header_value=dict(type='str') - )), - update_interval=dict(type='int'), - data_column=dict(type='int'), - fields_delimiter=dict(type='str'), - ignore_lines_that_start_with=dict(type='str'), - json_query=dict(type='str'), - use_gateway_proxy=dict(type='bool'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - domains_to_process=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool'), - )), - auto_publish_session=dict(type='bool') - + targets=dict(type="list", elements="str"), + network_feed=dict( + type="dict", + options=dict( + name=dict(type="str"), + feed_url=dict(type="str"), + certificate_id=dict(type="str"), + feed_format=dict(type="str", choices=["Flat List", "JSON"]), + feed_type=dict( + type="str", + choices=["Domain", "IP Address", "IP Address/Domain"], + ), + password=dict(type="str", no_log=True), + username=dict(type="str"), + custom_header=dict( + type="list", + elements="dict", + options=dict( + header_name=dict(type="str"), + header_value=dict(type="str"), + ), + ), + update_interval=dict(type="int"), + data_column=dict(type="int"), + fields_delimiter=dict(type="str"), + ignore_lines_that_start_with=dict(type="str"), + json_query=dict(type="str"), + use_gateway_proxy=dict(type="bool"), + details_level=dict( + type="str", choices=["uid", "standard", "full"] + ), + domains_to_process=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), + ), + ), + auto_publish_session=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -199,5 +215,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_threat_ioc_feed.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_threat_ioc_feed.py index 933349c9e..c85f1e421 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_threat_ioc_feed.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_threat_ioc_feed.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -173,41 +175,69 @@ cp_mgmt_check_threat_ioc_feed: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - ioc_feed=dict(type='dict', options=dict( - name=dict(type='str'), - feed_url=dict(type='str'), - action=dict(type='str', choices=['Prevent', 'Detect']), - certificate_id=dict(type='str'), - custom_comment=dict(type='int'), - custom_confidence=dict(type='int'), - custom_header=dict(type='list', elements='dict', options=dict( - header_name=dict(type='str'), - header_value=dict(type='str') - )), - custom_name=dict(type='int'), - custom_severity=dict(type='int'), - custom_type=dict(type='int'), - custom_value=dict(type='int'), - enabled=dict(type='bool'), - feed_type=dict(type='str', choices=['any type', 'domain', 'ip address', 'md5', 'url', 'ip range', - 'mail subject', 'mail from', 'mail to', 'mail reply to', 'mail cc', 'sha1', 'sha256']), - password=dict(type='str', no_log=True), - use_custom_feed_settings=dict(type='bool'), - username=dict(type='str'), - fields_delimiter=dict(type='str'), - ignore_lines_that_start_with=dict(type='str'), - use_gateway_proxy=dict(type='bool'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') - )), - targets=dict(type='list', elements='str'), - auto_publish_session=dict(type='bool') + ioc_feed=dict( + type="dict", + options=dict( + name=dict(type="str"), + feed_url=dict(type="str"), + action=dict(type="str", choices=["Prevent", "Detect"]), + certificate_id=dict(type="str"), + custom_comment=dict(type="int"), + custom_confidence=dict(type="int"), + custom_header=dict( + type="list", + elements="dict", + options=dict( + header_name=dict(type="str"), + header_value=dict(type="str"), + ), + ), + custom_name=dict(type="int"), + custom_severity=dict(type="int"), + custom_type=dict(type="int"), + custom_value=dict(type="int"), + enabled=dict(type="bool"), + feed_type=dict( + type="str", + choices=[ + "any type", + "domain", + "ip address", + "md5", + "url", + "ip range", + "mail subject", + "mail from", + "mail to", + "mail reply to", + "mail cc", + "sha1", + "sha256", + ], + ), + password=dict(type="str", no_log=True), + use_custom_feed_settings=dict(type="bool"), + username=dict(type="str"), + fields_delimiter=dict(type="str"), + ignore_lines_that_start_with=dict(type="str"), + use_gateway_proxy=dict(type="bool"), + details_level=dict( + type="str", choices=["uid", "standard", "full"] + ), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), + ), + ), + targets=dict(type="list", elements="str"), + auto_publish_session=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -219,5 +249,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_checkpoint_host.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_checkpoint_host.py new file mode 100644 index 000000000..5b3189c5f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_checkpoint_host.py @@ -0,0 +1,528 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_checkpoint_host +short_description: Manages checkpoint-host objects on Checkpoint over Web Services API +description: + - Manages checkpoint-host objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + interfaces: + description: + - Check Point host interfaces. + type: list + elements: dict + suboptions: + name: + description: + - Interface name. + type: str + subnet: + description: + - IPv4 or IPv6 network address. If both addresses are required use subnet4 and subnet6 fields explicitly. + type: str + subnet4: + description: + - IPv4 network address. + type: str + subnet6: + description: + - IPv6 network address. + type: str + mask_length: + description: + - IPv4 or IPv6 network mask length. If both masks are required use mask-length4 and mask-length6 fields explicitly. Instead of IPv4 mask + length it is possible to specify IPv4 mask itself in subnet-mask field. + type: int + mask_length4: + description: + - IPv4 network mask length. + type: int + mask_length6: + description: + - IPv6 network mask length. + type: int + subnet_mask: + description: + - IPv4 network mask. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', + 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', + 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', + 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + nat_settings: + description: + - NAT settings. + type: dict + suboptions: + auto_rule: + description: + - Whether to add automatic address translation rules. + type: bool + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not + required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway". + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + hide_behind: + description: + - Hide behind method. This parameter is forbidden in case "method" parameter is "static". + type: str + choices: ['gateway', 'ip-address'] + install_on: + description: + - Which gateway should apply the NAT translation. + type: str + method: + description: + - NAT translation method. + type: str + choices: ['hide', 'static'] + one_time_password: + description: + - Secure internal connection one time password. + type: str + hardware: + description: + - Hardware name. + type: str + os: + description: + - Operating system name. + type: str + check_point_host_version: + description: + - Check Point host platform version. + type: str + management_blades: + description: + - Management blades. + type: dict + suboptions: + network_policy_management: + description: + - Enable Network Policy Management. + type: bool + logging_and_status: + description: + - Enable Logging & Status. + type: bool + smart_event_server: + description: + - Enable SmartEvent server. </br>When activating SmartEvent server, blades 'logging-and-status' and 'smart-event-correlation' should be + set to True. </br>To complete SmartEvent configuration, perform Install Database or Install Policy on your Security Management servers and Log + servers. </br>Activating SmartEvent Server is not recommended in Management High Availability environment. For more information refer to sk25164. + type: bool + smart_event_correlation: + description: + - Enable SmartEvent Correlation Unit. + type: bool + endpoint_policy: + description: + - Enable Endpoint Policy. </br>To complete Endpoint Security Management configuration, perform Install Database on your Endpoint + Management Server. </br>Field is not supported on Multi Domain Server environment. + type: bool + compliance: + description: + - Compliance blade. Can be set when 'network-policy-management' was selected to be True. + type: bool + user_directory: + description: + - Enable User Directory. Can be set when 'network-policy-management' was selected to be True. + type: bool + logs_settings: + description: + - Logs settings. + type: dict + suboptions: + free_disk_space_metrics: + description: + - Free disk space metrics. + type: str + choices: ['mbytes', 'percent'] + accept_syslog_messages: + description: + - Enable accept syslog messages. + type: bool + alert_when_free_disk_space_below: + description: + - Enable alert when free disk space is below threshold. + type: bool + alert_when_free_disk_space_below_threshold: + description: + - Alert when free disk space below threshold. + type: int + alert_when_free_disk_space_below_type: + description: + - Alert when free disk space below type. + type: str + choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', + 'user defined alert no.3'] + before_delete_keep_logs_from_the_last_days: + description: + - Enable before delete keep logs from the last days. + type: bool + before_delete_keep_logs_from_the_last_days_threshold: + description: + - Before delete keep logs from the last days threshold. + type: int + before_delete_run_script: + description: + - Enable Before delete run script. + type: bool + before_delete_run_script_command: + description: + - Before delete run script command. + type: str + delete_index_files_older_than_days: + description: + - Enable delete index files older than days. + type: bool + delete_index_files_older_than_days_threshold: + description: + - Delete index files older than days threshold. + type: int + delete_when_free_disk_space_below: + description: + - Enable delete when free disk space below. + type: bool + delete_when_free_disk_space_below_threshold: + description: + - Delete when free disk space below threshold. + type: int + detect_new_citrix_ica_application_names: + description: + - Enable detect new Citrix ICA application names. + type: bool + distribute_logs_between_all_active_servers: + description: + - Distribute logs between all active servers. + type: bool + enable_log_indexing: + description: + - Enable log indexing. + type: bool + forward_logs_to_log_server: + description: + - Enable forward logs to log server. + type: bool + forward_logs_to_log_server_name: + description: + - Forward logs to log server name. + type: str + forward_logs_to_log_server_schedule_name: + description: + - Forward logs to log server schedule name. + type: str + rotate_log_by_file_size: + description: + - Enable rotate log by file size. + type: bool + rotate_log_file_size_threshold: + description: + - Log file size threshold. + type: int + rotate_log_on_schedule: + description: + - Enable rotate log on schedule. + type: bool + rotate_log_schedule_name: + description: + - Rotate log schedule name. + type: str + smart_event_intro_correletion_unit: + description: + - Enable SmartEvent intro correlation unit. + type: bool + stop_logging_when_free_disk_space_below: + description: + - Enable stop logging when free disk space below. + type: bool + stop_logging_when_free_disk_space_below_threshold: + description: + - Stop logging when free disk space below threshold. + type: int + turn_on_qos_logging: + description: + - Enable turn on QoS Logging. + type: bool + update_account_log_every: + description: + - Update account log in every amount of seconds. + type: int + save_logs_locally: + description: + - Enable save logs locally. + type: bool + send_alerts_to_server: + description: + - Collection of Server(s) to send alerts to identified by the name or UID. + type: list + elements: str + send_logs_to_backup_server: + description: + - Collection of Backup server(s) to send logs to identified by the name or UID. + type: list + elements: str + send_logs_to_server: + description: + - Collection of Server(s) to send logs to identified by the name or UID. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-checkpoint-host + cp_mgmt_checkpoint_host: + ipv4_address: 5.5.5.5 + management_blades: + logging_and_status: true + network_policy_management: true + name: secondarylogserver + state: present + +- name: set-checkpoint-host + cp_mgmt_checkpoint_host: + hardware: Smart-1 + management_blades: + compliance: true + network_policy_management: true + user_directory: true + name: secondarylogserver + os: Linux + state: present + +- name: delete-checkpoint-host + cp_mgmt_checkpoint_host: + name: secondarylogserver + state: absent +""" + +RETURN = """ +cp_mgmt_checkpoint_host: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + interfaces=dict(type='list', elements='dict', options=dict( + name=dict(type='str'), + subnet=dict(type='str'), + subnet4=dict(type='str'), + subnet6=dict(type='str'), + mask_length=dict(type='int'), + mask_length4=dict(type='int'), + mask_length6=dict(type='int'), + subnet_mask=dict(type='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', + 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', + 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', + 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', + 'sienna', 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + )), + nat_settings=dict(type='dict', options=dict( + auto_rule=dict(type='bool'), + ip_address=dict(type='str'), + ipv4_address=dict(type='str'), + ipv6_address=dict(type='str'), + hide_behind=dict(type='str', choices=['gateway', 'ip-address']), + install_on=dict(type='str'), + method=dict(type='str', choices=['hide', 'static']) + )), + one_time_password=dict(type='str', no_log=True), + hardware=dict(type='str'), + os=dict(type='str'), + check_point_host_version=dict(type='str'), + management_blades=dict(type='dict', options=dict( + network_policy_management=dict(type='bool'), + logging_and_status=dict(type='bool'), + smart_event_server=dict(type='bool'), + smart_event_correlation=dict(type='bool'), + endpoint_policy=dict(type='bool'), + compliance=dict(type='bool'), + user_directory=dict(type='bool') + )), + logs_settings=dict(type='dict', options=dict( + free_disk_space_metrics=dict(type='str', choices=['mbytes', 'percent']), + accept_syslog_messages=dict(type='bool'), + alert_when_free_disk_space_below=dict(type='bool'), + alert_when_free_disk_space_below_threshold=dict(type='int'), + alert_when_free_disk_space_below_type=dict(type='str', choices=['none', + 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', + 'user defined alert no.2', 'user defined alert no.3']), + before_delete_keep_logs_from_the_last_days=dict(type='bool'), + before_delete_keep_logs_from_the_last_days_threshold=dict(type='int'), + before_delete_run_script=dict(type='bool'), + before_delete_run_script_command=dict(type='str'), + delete_index_files_older_than_days=dict(type='bool'), + delete_index_files_older_than_days_threshold=dict(type='int'), + delete_when_free_disk_space_below=dict(type='bool'), + delete_when_free_disk_space_below_threshold=dict(type='int'), + detect_new_citrix_ica_application_names=dict(type='bool'), + distribute_logs_between_all_active_servers=dict(type='bool'), + enable_log_indexing=dict(type='bool'), + forward_logs_to_log_server=dict(type='bool'), + forward_logs_to_log_server_name=dict(type='str'), + forward_logs_to_log_server_schedule_name=dict(type='str'), + rotate_log_by_file_size=dict(type='bool'), + rotate_log_file_size_threshold=dict(type='int'), + rotate_log_on_schedule=dict(type='bool'), + rotate_log_schedule_name=dict(type='str'), + smart_event_intro_correletion_unit=dict(type='bool'), + stop_logging_when_free_disk_space_below=dict(type='bool'), + stop_logging_when_free_disk_space_below_threshold=dict(type='int'), + turn_on_qos_logging=dict(type='bool'), + update_account_log_every=dict(type='int') + )), + save_logs_locally=dict(type='bool'), + send_alerts_to_server=dict(type='list', elements='str'), + send_logs_to_backup_server=dict(type='list', elements='str'), + send_logs_to_server=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'checkpoint-host' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_checkpoint_host_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_checkpoint_host_facts.py new file mode 100644 index 000000000..2ec9f8809 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_checkpoint_host_facts.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_checkpoint_host_facts +short_description: Get checkpoint-host objects facts on Checkpoint over Web Services API +description: + - Get checkpoint-host objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-checkpoint-host + cp_mgmt_checkpoint_host_facts: + name: CP Host 1 + +- name: show-checkpoint-hosts + cp_mgmt_checkpoint_host_facts: + limit: 10 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "checkpoint-host" + api_call_object_plural_version = "checkpoint-hosts" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_cluster_members_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_cluster_members_facts.py index 203ce487e..a99e16634 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_cluster_members_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_cluster_members_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -114,34 +116,45 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - uid=dict(type='str'), - limit_interfaces=dict(type='int'), - filter=dict(type='str'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - domains_to_process=dict(type='list', elements='str') + uid=dict(type="str"), + limit_interfaces=dict(type="int"), + filter=dict(type="str"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + domains_to_process=dict(type="list", elements="str"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "cluster-member" api_call_object_plural_version = "cluster-members" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_connect_cloud_services.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_connect_cloud_services.py index 9194f9a0f..a19f1f57f 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_connect_cloud_services.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_connect_cloud_services.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -61,13 +63,14 @@ cp_mgmt_connect_cloud_services: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - auth_token=dict(type='str', no_log=True) - ) + argument_spec = dict(auth_token=dict(type="str", no_log=True)) argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -78,5 +81,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_data_center_object_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_data_center_object_facts.py index 41400cf0a..5489850bd 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_data_center_object_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_data_center_object_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -99,31 +101,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "data-center-object" api_call_object_plural_version = "data-center-objects" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_api_key.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_api_key.py index 4839a1f27..b590b7b8e 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_api_key.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_api_key.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -55,7 +57,6 @@ EXAMPLES = """ cp_mgmt_delete_api_key: #sgignore next_line api_key: eea3be76f4a8eb740ee872bcedc692748ff256a2d21c9ffd2754facbde046d00 - state: absent """ RETURN = """ @@ -66,14 +67,17 @@ cp_mgmt_delete_api_key: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - api_key=dict(type='str', no_log=True), - admin_uid=dict(type='str'), - admin_name=dict(type='str') + api_key=dict(type="str", no_log=True), + admin_uid=dict(type="str"), + admin_name=dict(type="str"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -85,5 +89,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_central_license.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_central_license.py new file mode 100644 index 000000000..e08a9f96a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_central_license.py @@ -0,0 +1,77 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_central_license +short_description: Delete central license. +description: + - Delete central license. + - All operations are performed over Web Services API. +version_added: "5.2.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + signature: + description: + - The license's signature to be deleted. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-central-license + cp_mgmt_delete_central_license: + signature: dTTTTTT-WWWWWW-SSSSSSS-QQQQQQ +""" + +RETURN = """ +cp_mgmt_delete_central_license: + description: The checkpoint delete-central-license output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + signature=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "delete-central-license" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_data_center_object.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_data_center_object.py index 52f4b6633..e3cdf8c78 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_data_center_object.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_data_center_object.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -60,7 +62,6 @@ EXAMPLES = """ - name: delete-data-center-object cp_mgmt_delete_data_center_object: name: VM1 mgmt name - state: absent """ RETURN = """ @@ -71,15 +72,18 @@ cp_mgmt_delete_data_center_object: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -91,5 +95,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_domain.py index 4b356fd49..550cb5009 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_domain.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_domain.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -71,24 +73,27 @@ cp_mgmt_domain: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool'), + name=dict(type="str", required=True), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) - command = 'delete-domain' + command = "delete-domain" result = api_command(module, command) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_nat_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_nat_rule.py index 2915667f3..88416c82f 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_nat_rule.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_nat_rule.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["deprecated"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -34,6 +36,10 @@ description: - All operations are performed over Web Services API. version_added: "2.0.0" author: "Or Soffer (@chkp-orso)" +deprecated: + alternative: cp_mgmt_nat_rule + why: Newer and updated module released with more functionality. + removed_at_date: '2024-11-01' options: rule_number: description: @@ -56,7 +62,6 @@ EXAMPLES = """ - name: delete-nat-rule cp_mgmt_delete_nat_rule: package: standard - state: absent """ RETURN = """ @@ -67,14 +72,17 @@ cp_mgmt_delete_nat_rule: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - rule_number=dict(type='str'), - package=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']) + rule_number=dict(type="str"), + package=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -86,5 +94,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_repository_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_repository_package.py new file mode 100644 index 000000000..6a8401022 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_repository_package.py @@ -0,0 +1,79 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_repository_package +short_description: Delete the repository software package from the central repository. +description: + - Delete the repository software package from the central repository. + - On Multi-Domain Server this command is available only after logging in to the Global domain. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - The name of the software package. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-repository-package + cp_mgmt_delete_repository_package: + name: Check_Point_R80_20_JUMBO_HF_Bundle_T118_sk137592_Security_Gateway_and_Standalone_2_6_18_FULL.tgz +""" + +RETURN = """ +cp_mgmt_delete_repository_package: + description: The checkpoint delete-repository-package output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, \ + api_command + + +def main(): + argument_spec = dict( + name=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "delete-repository-package" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_rules_batch.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_rules_batch.py index 8e17898be..6e9f632ce 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_rules_batch.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_rules_batch.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -86,7 +88,6 @@ EXAMPLES = """ - rule_number: 1 - rule_number: 2 type: https-rule - state: absent """ RETURN = """ @@ -97,17 +98,24 @@ cp_mgmt_delete_rules_batch: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - objects=dict(type='list', elements='dict', options=dict( - layer=dict(type='str'), - type=dict(type='str'), - list=dict(type='list', elements='dict') - )), - auto_publish_session=dict(type='bool') + objects=dict( + type="list", + elements="dict", + options=dict( + layer=dict(type="str"), + type=dict(type="str"), + list=dict(type="list", elements="dict"), + ), + ), + auto_publish_session=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -119,5 +127,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_updatable_object.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_updatable_object.py new file mode 100644 index 000000000..2310c6894 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_updatable_object.py @@ -0,0 +1,94 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_delete_updatable_object +short_description: Delete existing object using object name or uid. +description: + - Delete existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: delete-updatable-object + cp_mgmt_delete_updatable_object: + name: CodeBuild US East 1 +""" + +RETURN = """ +cp_mgmt_delete_updatable_object: + description: The checkpoint delete-updatable-object output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "delete-updatable-object" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_discard.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_discard.py index 7dc4844e9..4fe8d1051 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_discard.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_discard.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -55,13 +57,14 @@ cp_mgmt_discard: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - uid=dict(type='str') - ) + argument_spec = dict(uid=dict(type="str")) argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -72,5 +75,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_disconnect_cloud_services.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_disconnect_cloud_services.py index 82073cc7a..a6197cd09 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_disconnect_cloud_services.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_disconnect_cloud_services.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -57,13 +59,14 @@ cp_mgmt_disconnect_cloud_services: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - force=dict(type='bool') - ) + argument_spec = dict(force=dict(type="bool")) argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -74,5 +77,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_distribute_cloud_licenses.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_distribute_cloud_licenses.py new file mode 100644 index 000000000..a381ccc00 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_distribute_cloud_licenses.py @@ -0,0 +1,82 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_distribute_cloud_licenses +short_description: Distribute licenses to target CloudGuard gateways. +description: + - Distribute licenses to target CloudGuard gateways. For more information, see the <A HREF = + "https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Central_License_Tool_Admin_Guide/Content/Topics-Central-License-Tool/Overview.h + m?tocpath=Overview%7C_____0#Overview"><b>Central License Administration Guide</b></A>. + - All operations are performed over Web Services API. +version_added: "5.2.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + targets: + description: + - Targets are uid or name of the security gateway(s). In case no target specified, the license will be distributed to all CloudGuard security gateways. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: distribute-cloud-licenses + cp_mgmt_distribute_cloud_licenses: + targets: + - GW1 + - GW2 +""" + +RETURN = """ +cp_mgmt_distribute_cloud_licenses: + description: The checkpoint distribute-cloud-licenses output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + targets=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "distribute-cloud-licenses" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain.py index 127dce067..2a4bf5886 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -104,32 +106,73 @@ cp_mgmt_dns_domain: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - is_sub_domain=dict(type='bool'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + is_sub_domain=dict(type="bool"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'dns-domain' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "dns-domain" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain_facts.py index 87ab82c46..b716d5a21 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -102,31 +104,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "dns-domain" api_call_object_plural_version = "dns-domains" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_facts.py index e6fab1445..5072e60bc 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -104,31 +106,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "domain" api_call_object_plural_version = "domains" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile.py index d327f30f6..d3798798a 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -459,7 +461,8 @@ EXAMPLES = """ - name: set-domain-permissions-profile cp_mgmt_domain_permissions_profile: - access_control.policy_layers: By Selected Profile In A Layer Editor + access_control: + policy_layers: By Selected Profile In A Layer Editor name: read profile permission_type: customized state: present @@ -478,121 +481,249 @@ cp_mgmt_domain_permissions_profile: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - permission_type=dict(type='str', choices=['read write all', 'read only all', 'customized']), - edit_common_objects=dict(type='bool'), - access_control=dict(type='dict', options=dict( - show_policy=dict(type='bool'), - policy_layers=dict(type='dict', options=dict( - edit_layers=dict(type='str', choices=['By Software Blades', 'By Selected Profile In A Layer Editor']), - app_control_and_url_filtering=dict(type='bool'), - content_awareness=dict(type='bool'), - firewall=dict(type='bool'), - mobile_access=dict(type='bool') - )), - dlp_policy=dict(type='str', choices=['read', 'write', 'disabled']), - geo_control_policy=dict(type='str', choices=['read', 'write', 'disabled']), - nat_policy=dict(type='str', choices=['read', 'write', 'disabled']), - qos_policy=dict(type='str', choices=['read', 'write', 'disabled']), - access_control_objects_and_settings=dict(type='str', choices=['read', 'write', 'disabled']), - app_control_and_url_filtering_update=dict(type='bool'), - install_policy=dict(type='bool') - )), - endpoint=dict(type='dict', options=dict( - manage_policies_and_software_deployment=dict(type='bool'), - edit_endpoint_policies=dict(type='bool'), - policies_installation=dict(type='bool'), - edit_software_deployment=dict(type='bool'), - software_deployment_installation=dict(type='bool'), - allow_executing_push_operations=dict(type='bool'), - authorize_preboot_users=dict(type='bool'), - recovery_media=dict(type='bool'), - remote_help=dict(type='bool'), - reset_computer_data=dict(type='bool') - )), - events_and_reports=dict(type='dict', options=dict( - smart_event=dict(type='str', choices=['custom', 'app control and url filtering reports only']), - events=dict(type='str', choices=['read', 'write', 'disabled']), - policy=dict(type='str', choices=['read', 'write', 'disabled']), - reports=dict(type='bool') - )), - gateways=dict(type='dict', options=dict( - smart_update=dict(type='str', choices=['read', 'write', 'disabled']), - lsm_gw_db=dict(type='str', choices=['read', 'write', 'disabled']), - manage_provisioning_profiles=dict(type='str', choices=['read', 'write', 'disabled']), - vsx_provisioning=dict(type='bool'), - system_backup=dict(type='bool'), - system_restore=dict(type='bool'), - open_shell=dict(type='bool'), - run_one_time_script=dict(type='bool'), - run_repository_script=dict(type='bool'), - manage_repository_scripts=dict(type='str', choices=['read', 'write', 'disabled']) - )), - management=dict(type='dict', options=dict( - cme_operations=dict(type='str', choices=['read', 'write', 'disabled']), - manage_admins=dict(type='bool'), - management_api_login=dict(type='bool'), - manage_sessions=dict(type='bool'), - high_availability_operations=dict(type='bool'), - approve_or_reject_sessions=dict(type='bool'), - publish_sessions=dict(type='bool'), - manage_integration_with_cloud_services=dict(type='bool') - )), - monitoring_and_logging=dict(type='dict', options=dict( - monitoring=dict(type='str', choices=['read', 'write', 'disabled']), - management_logs=dict(type='str', choices=['read', 'write', 'disabled']), - track_logs=dict(type='str', choices=['read', 'write', 'disabled']), - app_and_url_filtering_logs=dict(type='bool'), - https_inspection_logs=dict(type='bool'), - packet_capture_and_forensics=dict(type='bool'), - show_packet_capture_by_default=dict(type='bool'), - identities=dict(type='bool'), - show_identities_by_default=dict(type='bool'), - dlp_logs_including_confidential_fields=dict(type='bool'), - manage_dlp_messages=dict(type='bool') - )), - threat_prevention=dict(type='dict', options=dict( - policy_layers=dict(type='str', choices=['read', 'write', 'disabled']), - edit_layers=dict(type='str', choices=['By Selected Profile In A Layer Editor', 'All']), - edit_settings=dict(type='bool'), - policy_exceptions=dict(type='str', choices=['read', 'write', 'disabled']), - profiles=dict(type='str', choices=['read', 'write', 'disabled']), - protections=dict(type='str', choices=['read', 'write', 'disabled']), - install_policy=dict(type='bool'), - ips_update=dict(type='bool') - )), - others=dict(type='dict', options=dict( - client_certificates=dict(type='bool'), - edit_cp_users_db=dict(type='bool'), - https_inspection=dict(type='str', choices=['read', 'write', 'disabled']), - ldap_users_db=dict(type='str', choices=['read', 'write', 'disabled']), - user_authority_access=dict(type='str', choices=['read', 'write', 'disabled']), - user_device_mgmt_conf=dict(type='str', choices=['read', 'write', 'disabled']) - )), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + permission_type=dict( + type="str", + choices=["read write all", "read only all", "customized"], + ), + edit_common_objects=dict(type="bool"), + access_control=dict( + type="dict", + options=dict( + show_policy=dict(type="bool"), + policy_layers=dict( + type="dict", + options=dict( + edit_layers=dict( + type="str", + choices=[ + "By Software Blades", + "By Selected Profile In A Layer Editor", + ], + ), + app_control_and_url_filtering=dict(type="bool"), + content_awareness=dict(type="bool"), + firewall=dict(type="bool"), + mobile_access=dict(type="bool"), + ), + ), + dlp_policy=dict( + type="str", choices=["read", "write", "disabled"] + ), + geo_control_policy=dict( + type="str", choices=["read", "write", "disabled"] + ), + nat_policy=dict( + type="str", choices=["read", "write", "disabled"] + ), + qos_policy=dict( + type="str", choices=["read", "write", "disabled"] + ), + access_control_objects_and_settings=dict( + type="str", choices=["read", "write", "disabled"] + ), + app_control_and_url_filtering_update=dict(type="bool"), + install_policy=dict(type="bool"), + ), + ), + endpoint=dict( + type="dict", + options=dict( + manage_policies_and_software_deployment=dict(type="bool"), + edit_endpoint_policies=dict(type="bool"), + policies_installation=dict(type="bool"), + edit_software_deployment=dict(type="bool"), + software_deployment_installation=dict(type="bool"), + allow_executing_push_operations=dict(type="bool"), + authorize_preboot_users=dict(type="bool"), + recovery_media=dict(type="bool"), + remote_help=dict(type="bool"), + reset_computer_data=dict(type="bool"), + ), + ), + events_and_reports=dict( + type="dict", + options=dict( + smart_event=dict( + type="str", + choices=[ + "custom", + "app control and url filtering reports only", + ], + ), + events=dict(type="str", choices=["read", "write", "disabled"]), + policy=dict(type="str", choices=["read", "write", "disabled"]), + reports=dict(type="bool"), + ), + ), + gateways=dict( + type="dict", + options=dict( + smart_update=dict( + type="str", choices=["read", "write", "disabled"] + ), + lsm_gw_db=dict( + type="str", choices=["read", "write", "disabled"] + ), + manage_provisioning_profiles=dict( + type="str", choices=["read", "write", "disabled"] + ), + vsx_provisioning=dict(type="bool"), + system_backup=dict(type="bool"), + system_restore=dict(type="bool"), + open_shell=dict(type="bool"), + run_one_time_script=dict(type="bool"), + run_repository_script=dict(type="bool"), + manage_repository_scripts=dict( + type="str", choices=["read", "write", "disabled"] + ), + ), + ), + management=dict( + type="dict", + options=dict( + cme_operations=dict( + type="str", choices=["read", "write", "disabled"] + ), + manage_admins=dict(type="bool"), + management_api_login=dict(type="bool"), + manage_sessions=dict(type="bool"), + high_availability_operations=dict(type="bool"), + approve_or_reject_sessions=dict(type="bool"), + publish_sessions=dict(type="bool"), + manage_integration_with_cloud_services=dict(type="bool"), + ), + ), + monitoring_and_logging=dict( + type="dict", + options=dict( + monitoring=dict( + type="str", choices=["read", "write", "disabled"] + ), + management_logs=dict( + type="str", choices=["read", "write", "disabled"] + ), + track_logs=dict( + type="str", choices=["read", "write", "disabled"] + ), + app_and_url_filtering_logs=dict(type="bool"), + https_inspection_logs=dict(type="bool"), + packet_capture_and_forensics=dict(type="bool"), + show_packet_capture_by_default=dict(type="bool"), + identities=dict(type="bool"), + show_identities_by_default=dict(type="bool"), + dlp_logs_including_confidential_fields=dict(type="bool"), + manage_dlp_messages=dict(type="bool"), + ), + ), + threat_prevention=dict( + type="dict", + options=dict( + policy_layers=dict( + type="str", choices=["read", "write", "disabled"] + ), + edit_layers=dict( + type="str", + choices=["By Selected Profile In A Layer Editor", "All"], + ), + edit_settings=dict(type="bool"), + policy_exceptions=dict( + type="str", choices=["read", "write", "disabled"] + ), + profiles=dict( + type="str", choices=["read", "write", "disabled"] + ), + protections=dict( + type="str", choices=["read", "write", "disabled"] + ), + install_policy=dict(type="bool"), + ips_update=dict(type="bool"), + ), + ), + others=dict( + type="dict", + options=dict( + client_certificates=dict(type="bool"), + edit_cp_users_db=dict(type="bool"), + https_inspection=dict( + type="str", choices=["read", "write", "disabled"] + ), + ldap_users_db=dict( + type="str", choices=["read", "write", "disabled"] + ), + user_authority_access=dict( + type="str", choices=["read", "write", "disabled"] + ), + user_device_mgmt_conf=dict( + type="str", choices=["read", "write", "disabled"] + ), + ), + ), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'domain-permissions-profile' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "domain-permissions-profile" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile_facts.py index b923f3939..b3e2e8368 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -110,32 +112,43 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - domains_to_process=dict(type='list', elements='str') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + domains_to_process=dict(type="list", elements="str"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "domain-permissions-profile" api_call_object_plural_version = "domain-permissions-profiles" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_global_network_object.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_global_network_object.py new file mode 100644 index 000000000..63d904ca0 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_global_network_object.py @@ -0,0 +1,136 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_dynamic_global_network_object +short_description: Manages dynamic-global-network-object objects on Checkpoint over Web Services API +description: + - Manages dynamic-global-network-object objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-dynamic-global-network-object + cp_mgmt_dynamic_global_network_object: + name: obj_global + state: present + +- name: set-dynamic-global-network-object + cp_mgmt_dynamic_global_network_object: + name: obj_global + tags: + - tag1 + state: present + +- name: delete-dynamic-global-network-object + cp_mgmt_dynamic_global_network_object: + name: obj_global + state: absent +""" + +RETURN = """ +cp_mgmt_dynamic_global_network_object: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'dynamic-global-network-object' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_global_network_object_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_global_network_object_facts.py new file mode 100644 index 000000000..c850a614a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_global_network_object_facts.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_dynamic_global_network_object_facts +short_description: Get dynamic-global-network-object objects facts on Checkpoint over Web Services API +description: + - Get dynamic-global-network-object objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-dynamic-global-network-object + cp_mgmt_dynamic_global_network_object_facts: + name: obj_global + +- name: show-dynamic-global-network-objects + cp_mgmt_dynamic_global_network_object_facts: + details_level: full +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "dynamic-global-network-object" + api_call_object_plural_version = "dynamic-global-network-objects" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object.py index 1a7ce5fa5..9c5f908be 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -95,31 +97,72 @@ cp_mgmt_dynamic_object: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'dynamic-object' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "dynamic-object" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object_facts.py index c049e0407..3cec1e3a9 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -99,31 +101,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "dynamic-object" api_call_object_plural_version = "dynamic-objects" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group.py index 025061d73..d7eda1482 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -139,41 +141,96 @@ cp_mgmt_exception_group: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - applied_profile=dict(type='str'), - applied_threat_rules=dict(type='dict', options=dict( - add=dict(type='list', elements='dict', options=dict( - layer=dict(type='str'), - name=dict(type='str'), - rule_number=dict(type='str'), - position=dict(type='str') - )) - )), - apply_on=dict(type='str', choices=['all-threat-rules', 'all-threat-rules-with-specific-profile', 'manually-select-threat-rules']), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + applied_profile=dict(type="str"), + applied_threat_rules=dict( + type="dict", + options=dict( + add=dict( + type="list", + elements="dict", + options=dict( + layer=dict(type="str"), + name=dict(type="str"), + rule_number=dict(type="str"), + position=dict(type="str"), + ), + ) + ), + ), + apply_on=dict( + type="str", + choices=[ + "all-threat-rules", + "all-threat-rules-with-specific-profile", + "manually-select-threat-rules", + ], + ), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'exception-group' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "exception-group" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group_facts.py index cc88a3ab5..4ac4b11ba 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -98,30 +100,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "exception-group" api_call_object_plural_version = "exception-groups" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_export_management.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_export_management.py new file mode 100644 index 000000000..b8e111911 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_export_management.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_export_management +short_description: Export the primary Security Management Server database or the primary Multi-Domain Server database or the single Domain database and the + applicable Check Point configuration. +description: + - Export the primary Security Management Server database or the primary Multi-Domain Server database or the single Domain database and the applicable + Check Point configuration. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + file_path: + description: + - Path in which the exported database file is saved.<br><font color="red">Required only</font> when not using pre-export-verification-only flag. + type: str + domain_name: + description: + - Domain name to be exported.<br><font color="red">Required only for</font> exporting a Domain from the Multi-Domain Server or backing up Domain. + type: str + target_version: + description: + - Target version. + type: str + include_logs: + description: + - Export logs without log indexes. + type: bool + include_logs_indexes: + description: + - Export logs with log indexes. + type: bool + include_endpoint_configuration: + description: + - Include export of the Endpoint Security Management configuration files. + type: bool + include_endpoint_database: + description: + - Include export of the Endpoint Security Management database. + type: bool + is_domain_backup: + description: + - If true, the exported Domain will be suitable for import on the same Multi-Domain Server only. + type: bool + is_smc_to_mds: + description: + - If true, the exported Security Management Server will be suitable for import on the Multi-Domain Server only. + type: bool + pre_export_verification_only: + description: + - If true, only runs the pre-export verifications instead of the full export. + type: bool + ignore_warnings: + description: + - Ignoring the verification warnings. By Setting this parameter to 'true' export will not be blocked by warnings. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: export-management + cp_mgmt_export_management: + domain_name: domain1 + file_path: /var/log/domain1_backup.tgz + is_domain_backup: true +""" + +RETURN = """ +cp_mgmt_export_management: + description: The checkpoint export-management output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + file_path=dict(type='str'), + domain_name=dict(type='str',), + target_version=dict(type='str'), + include_logs=dict(type='bool'), + include_logs_indexes=dict(type='bool'), + include_endpoint_configuration=dict(type='bool'), + include_endpoint_database=dict(type='bool'), + is_domain_backup=dict(type='bool'), + is_smc_to_mds=dict(type='bool'), + pre_export_verification_only=dict(type='bool'), + ignore_warnings=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "export-management" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_export_smart_task.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_export_smart_task.py new file mode 100644 index 000000000..e3cc8aee0 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_export_smart_task.py @@ -0,0 +1,85 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_export_smart_task +short_description: Export SmartTask to a file. +description: + - Export SmartTask to a file. <br>This command is available only in a Security Management environment or in Multi-Domain environment when logged into + local domain. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Name of task to be exported. + type: str + required: True + file_path: + description: + - Path to the SmartTask file to be exported. <br>Should be the full file path (example, "/home/admin/exported-smart-task.txt)".<br>If no path + was inserted the default will be, "/var/log/<task_name>.txt". + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: export-smart-task + cp_mgmt_export_smart_task: + name: Validate Session Name Before Publish +""" + +RETURN = """ +cp_mgmt_export_smart_task: + description: The checkpoint export-smart-task output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + file_path=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "export-smart-task" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_attachment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_attachment.py new file mode 100644 index 000000000..452d1cf6f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_attachment.py @@ -0,0 +1,82 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_get_attachment +short_description: Retrieves a packet capture or blob data, according to the attributes of a log record. +description: + - Retrieves a packet capture or blob data, according to the attributes of a log record. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + attachment_id: + description: + - Attachment identifier from a log record. + type: str + id: + description: + - Log id from a log record. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: get-attachment + cp_mgmt_get_attachment: + attachment_id: MjY5HlNtYXJ0RGVmZW5zZR5jbj1jcF9tZ210LG89aHVnbzEtYmxvYkFwaS1uZXctdGFrZS0yLmNoZWNrcG9pbnQuY29tLnM2MjdvMx57MHg1OTg4 +""" + +RETURN = """ +cp_mgmt_get_attachment: + description: The checkpoint get-attachment output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + attachment_id=dict(type='str'), + id=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "get-attachment" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_interfaces.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_interfaces.py new file mode 100644 index 000000000..ad40a78e6 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_interfaces.py @@ -0,0 +1,99 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_get_interfaces +short_description: Get physical interfaces with or without their topology from a Gaia Security Gateway or Cluster. +description: + - Get physical interfaces with or without their topology from a Gaia Security Gateway or Cluster. + - The fetched topology is based on static routes. + - SIC must be established in the Security Gateway or Cluster Member object. + - Security Gateway or Cluster Members must be up and running. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + target_name: + description: + - Target name. + type: str + group_interfaces_by_subnet: + description: + - Specify whether to group the cluster interfaces by a subnet. + Otherwise, group the cluster interfaces by their names. + type: bool + use_defined_by_routes: + description: + - Specify whether to configure the topology "Defined by Routes" where applicable. + Otherwise, configure the topology to "This Network" as default for internal interfaces. + type: bool + with_topology: + description: + - Specify whether to fetch the interfaces with their topology. Otherwise, the Management Server fetches + the interfaces without their topology. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: get-interfaces + cp_mgmt_get_interfaces: + target_name: gw1 + with_topology: true +""" + +RETURN = """ +cp_mgmt_get_interfaces: + description: The checkpoint get-interfaces output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + target_name=dict(type='str'), + group_interfaces_by_subnet=dict(type='bool'), + use_defined_by_routes=dict(type='bool'), + with_topology=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "get-interfaces" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_platform.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_platform.py index 21c5fb23b..c15f10cc2 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_platform.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_platform.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -60,13 +62,15 @@ cp_mgmt_get_platform: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - name=dict(type='str'), - auto_publish_session=dict(type='bool') + name=dict(type="str"), auto_publish_session=dict(type="bool") ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -78,5 +82,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment.py index 08bce2b9b..c92404847 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -105,28 +107,33 @@ cp_mgmt_global_assignment: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - dependent_domain=dict(type='str'), - global_access_policy=dict(type='str'), - global_domain=dict(type='str'), - global_threat_prevention_policy=dict(type='str'), - manage_protection_actions=dict(type='bool'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + dependent_domain=dict(type="str"), + global_access_policy=dict(type="str"), + global_domain=dict(type="str"), + global_threat_prevention_policy=dict(type="str"), + manage_protection_actions=dict(type="bool"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'global-assignment' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "global-assignment" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment_facts.py index be5c11788..e12fcbc48 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -102,31 +104,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - dependent_domain=dict(type='str'), - global_domain=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + dependent_domain=dict(type="str"), + global_domain=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "global-assignment" api_call_object_plural_version = "global-assignments" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group.py index fd134ff1a..ca6f2fbd5 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -111,33 +113,74 @@ cp_mgmt_group: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - members=dict(type='list', elements='str'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + members=dict(type="list", elements="str"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'group' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "group" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_facts.py index baa5b2763..99ba466f1 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -112,33 +114,44 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - show_as_ranges=dict(type='bool'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - dereference_group_members=dict(type='bool'), - show_membership=dict(type='bool') + name=dict(type="str"), + show_as_ranges=dict(type="bool"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + dereference_group_members=dict(type="bool"), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "group" api_call_object_plural_version = "groups" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion.py index 8497cd60d..ff9c6c561 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -115,34 +117,75 @@ cp_mgmt_group_with_exclusion: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - include=dict(type='str'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + include=dict(type="str"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) - argument_spec['except'] = dict(type='str') + argument_spec["except"] = dict(type="str") argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'group-with-exclusion' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "group-with-exclusion" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion_facts.py index d2443e1cc..fe64b95be 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -104,31 +106,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - show_as_ranges=dict(type='bool'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + show_as_ranges=dict(type="bool"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "group-with-exclusion" api_call_object_plural_version = "groups-with-exclusion" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_gsn_handover_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_gsn_handover_group.py new file mode 100644 index 000000000..8af0fee77 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_gsn_handover_group.py @@ -0,0 +1,155 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_gsn_handover_group +short_description: Manages gsn-handover-group objects on Checkpoint over Web Services API +description: + - Manages gsn-handover-group objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + enforce_gtp: + description: + - Enable enforce GTP signal packet rate limit from this group. + type: bool + gtp_rate: + description: + - Limit of the GTP rate in PDU/sec. + type: int + members: + description: + - Collection of GSN handover group members identified by the name or UID. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-gsn-handover-group + cp_mgmt_gsn_handover_group: + enforce_gtp: true + gtp_rate: 2048 + members: + - All_Internet + name: gsnhandovergroup + state: present + +- name: set-gsn-handover-group + cp_mgmt_gsn_handover_group: + enforce_gtp: false + name: gsnhandovergroup + state: present + +- name: delete-gsn-handover-group + cp_mgmt_gsn_handover_group: + name: gsnhandovergroup + state: absent +""" + +RETURN = """ +cp_mgmt_gsn_handover_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + enforce_gtp=dict(type='bool'), + gtp_rate=dict(type='int'), + members=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'gsn-handover-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_gsn_handover_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_gsn_handover_group_facts.py new file mode 100644 index 000000000..0d01bbf15 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_gsn_handover_group_facts.py @@ -0,0 +1,149 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_gsn_handover_group_facts +short_description: Get gsn-handover-group objects facts on Checkpoint over Web Services API +description: + - Get gsn-handover-group objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-gsn-handover-group + cp_mgmt_gsn_handover_group_facts: + name: gsnhandovergroup + +- name: show-gsn-handover-groups + cp_mgmt_gsn_handover_group_facts: + details_level: full +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "gsn-handover-group" + api_call_object_plural_version = "gsn-handover-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_ha_full_sync.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_ha_full_sync.py new file mode 100644 index 000000000..b53c45b42 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_ha_full_sync.py @@ -0,0 +1,83 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_ha_full_sync +short_description: Perform full sync from active server to standby peer. +description: + - Perform full sync from active server to standby peer. <br>Run this command from the active server. <br>When performing a full sync on the global + domain, use the Multi Domain Server name of the standby global domain. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Peer name (Multi Domain Server, Domain Server or Security Management Server). + type: str + ignore_errors: + description: + - Apply changes ignoring errors. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: ha-full-sync + cp_mgmt_ha_full_sync: + name: mypeer +""" + +RETURN = """ +cp_mgmt_ha_full_sync: + description: The checkpoint ha-full-sync output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "ha-full-sync" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host.py index 5ec16c1f7..acceffd16 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["deprecated"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -34,6 +36,10 @@ description: - All operations are performed over Web Services API. version_added: "1.0.0" author: "Or Soffer (@chkp-orso)" +deprecated: + alternative: cp_mgmt_hosts + why: Newer and updated modules released with more functionality. + removed_at_date: '2024-11-01' options: name: description: @@ -264,75 +270,178 @@ cp_mgmt_host: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - ip_address=dict(type='str'), - ipv4_address=dict(type='str'), - ipv6_address=dict(type='str'), - interfaces=dict(type='list', elements='dict', options=dict( - name=dict(type='str'), - subnet=dict(type='str'), - subnet4=dict(type='str'), - subnet6=dict(type='str'), - mask_length=dict(type='int'), - mask_length4=dict(type='int'), - mask_length6=dict(type='int'), - subnet_mask=dict(type='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', - 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', - 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', - 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', - 'sienna', 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') - )), - nat_settings=dict(type='dict', options=dict( - auto_rule=dict(type='bool'), - ip_address=dict(type='str'), - ipv4_address=dict(type='str'), - ipv6_address=dict(type='str'), - hide_behind=dict(type='str', choices=['gateway', 'ip-address']), - install_on=dict(type='str'), - method=dict(type='str', choices=['hide', 'static']) - )), - tags=dict(type='list', elements='str'), - host_servers=dict(type='dict', options=dict( - dns_server=dict(type='bool'), - mail_server=dict(type='bool'), - web_server=dict(type='bool'), - web_server_config=dict(type='dict', options=dict( - additional_ports=dict(type='list', elements='str'), - application_engines=dict(type='list', elements='str'), - listen_standard_port=dict(type='bool'), - operating_system=dict(type='str', choices=['sparc linux', 'windows', 'other', 'x86 linux', 'sparc solaris']), - protected_by=dict(type='str') - )) - )), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + ip_address=dict(type="str"), + ipv4_address=dict(type="str"), + ipv6_address=dict(type="str"), + interfaces=dict( + type="list", + elements="dict", + options=dict( + name=dict(type="str"), + subnet=dict(type="str"), + subnet4=dict(type="str"), + subnet6=dict(type="str"), + mask_length=dict(type="int"), + mask_length4=dict(type="int"), + mask_length6=dict(type="int"), + subnet_mask=dict(type="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict( + type="str", choices=["uid", "standard", "full"] + ), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), + ), + ), + nat_settings=dict( + type="dict", + options=dict( + auto_rule=dict(type="bool"), + ip_address=dict(type="str"), + ipv4_address=dict(type="str"), + ipv6_address=dict(type="str"), + hide_behind=dict( + type="str", choices=["gateway", "ip-address"] + ), + install_on=dict(type="str"), + method=dict(type="str", choices=["hide", "static"]), + ), + ), + tags=dict(type="list", elements="str"), + host_servers=dict( + type="dict", + options=dict( + dns_server=dict(type="bool"), + mail_server=dict(type="bool"), + web_server=dict(type="bool"), + web_server_config=dict( + type="dict", + options=dict( + additional_ports=dict(type="list", elements="str"), + application_engines=dict(type="list", elements="str"), + listen_standard_port=dict(type="bool"), + operating_system=dict( + type="str", + choices=[ + "sparc linux", + "windows", + "other", + "x86 linux", + "sparc solaris", + ], + ), + protected_by=dict(type="str"), + ), + ), + ), + ), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'host' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "host" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py index 597b817f6..fc54164d2 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -102,31 +104,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "host" api_call_object_plural_version = "hosts" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_hosts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_hosts.py new file mode 100644 index 000000000..61d0ae53e --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_hosts.py @@ -0,0 +1,581 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright 2022 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +""" +The module file for cp_mgmt_hosts +""" + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = """ +module: cp_mgmt_hosts +short_description: Manages HOSTS resource module +description: + - This resource module allows for addition, deletion, or modification of CP MGMT Hosts. + - This resource module also takes care of gathering Hosts config facts +version_added: "5.0.0" +author: Ansible Security Automation Team (@justjais) <https://github.com/ansible-security>- +options: + config: + description: A dictionary of HOSTS options + type: dict + suboptions: + name: + description: Object name. Must be unique in the domain. + type: str + ip_address: + description: IPv4 or IPv6 address. If both addresses are required use ipv4-address + and ipv6-address fields explicitly. + type: str + ipv4_address: + description: IPv4 address. + type: str + ipv6_address: + description: IPv4 address. + type: str + interfaces: + description: Host interfaces. + type: list + elements: dict + suboptions: + name: + description: + - Interface name. + type: str + subnet: + description: + - IPv4 or IPv6 network address. + - If both addresses are required use subnet4 and subnet6 fields explicitly. + type: str + subnet4: + description: + - IPv4 network address. + type: str + subnet6: + description: + - IPv6 network address. + type: str + mask_length: + description: + - IPv4 or IPv6 network mask length. If both masks are required use mask-length4 and + mask-length6 fields explicitly. + - Instead of IPv4 mask length it is possible to specify IPv4 mask itself in subnet-mask field. + type: int + mask_length4: + description: + - IPv4 network mask length. + type: int + mask_length6: + description: + - IPv6 network mask length. + type: int + subnet_mask: + description: + - IPv4 network mask. + type: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: + - 'aquamarine' + - 'black' + - 'blue' + - 'crete blue' + - 'burlywood' + - 'cyan' + - 'dark green' + - 'khaki' + - 'orchid' + - 'dark orange' + - 'dark sea green' + - 'pink' + - 'turquoise' + - 'dark blue' + - 'firebrick' + - 'brown' + - 'forest green' + - 'gold' + - 'dark gold' + - 'gray' + - 'dark gray' + - 'light green' + - 'lemon chiffon' + - 'coral' + - 'sea green' + - 'sky blue' + - 'magenta' + - 'purple' + - 'slate blue' + - 'violet red' + - 'navy blue' + - 'olive' + - 'orange' + - 'red' + - 'sienna' + - 'yellow' + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing + only the UID value of the object to a fully detailed representation of the object. + type: str + choices: + - 'uid' + - 'standard' + - 'full' + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. + - If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + nat_settings: + description: NAT settings. + type: dict + suboptions: + auto_rule: + description: + - Whether to add automatic address translation rules. + type: bool + ip_address: + description: + - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. + - This parameter is not required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway". + type: str + ipv4_address: + description: + - IPv4 address. + type: str + ipv6_address: + description: + - IPv6 address. + type: str + hide_behind: + description: + - Hide behind method. This parameter is not required in case "method" parameter is "static". + type: str + choices: + - 'gateway' + - 'ip-address' + install_on: + description: + - Which gateway should apply the NAT translation. + type: str + method: + description: + - NAT translation method. + type: str + choices: + - 'hide' + - 'static' + tags: + description: Collection of tag identifiers. + type: list + elements: str + host_servers: + description: Servers Configuration. + type: dict + suboptions: + dns_server: + description: Gets True if this server is a DNS Server. + type: bool + mail_server: + description: Gets True if this server is a Mail Server. + type: bool + web_server: + description: Gets True if this server is a Web Server. + type: bool + web_server_config: + description: Web Server configuration. + type: dict + suboptions: + additional_ports: + description: + - Server additional ports. + type: list + elements: str + application_engines: + description: + - Application engines of this web server. + type: list + elements: str + listen_standard_port: + description: + - Whether server listens to standard port. + type: bool + operating_system: + description: + - Operating System. + type: str + choices: + - 'sparc linux' + - 'windows' + - 'other' + - 'x86 linux' + - 'sparc solaris' + protected_by: + description: + - Network object which protects this server identified by the name or UID. + type: str + color: + description: Color of the object. Should be one of existing colors. + type: str + choices: + - aquamarine + - black + - blue + - crete blue + - burlywood + - cyan + - dark green + - khaki + - orchid + - dark orange + - dark sea green + - pink + - turquoise + - dark blue + - firebrick + - brown + - forest green + - gold + - dark gold + - gray + - dark gray + - light green + - lemon chiffon + - coral + - sea green + - sky blue + - magenta + - purple + - slate blue + - violet red + - navy blue + - olive + - orange + - red + - sienna + - yellow + comments: + description: Comments string. + type: str + details_level: + description: The level of detail for some of the fields in the response can + vary from showing only the UID value of the object to a fully detailed representation + of the object. + type: str + choices: + - uid + - standard + - full + groups: + description: Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: Apply changes ignoring warnings. + type: bool + ignore_errors: + description: Apply changes ignoring errors. You won't be able to publish such + a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + limit: + description: + - The maximal number of returned results. + - NOTE, this parameter is a valid parameter only for the GATHERED state, for config states + like, MERGED, REPLACED, and DELETED state it won't be applicable. + type: int + offset: + description: + - Number of the results to initially skip. + - NOTE, this parameter is a valid parameter only for the GATHERED state, for config states + like, MERGED, REPLACED, and DELETED state it won't be applicable. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + - NOTE, this parameter is a valid parameter only for the GATHERED state, for config states + like, MERGED, REPLACED, and DELETED state it won't be applicable. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + DESC: + description: + - Sorts results by the given field in descending order. + type: str + round_trip: + description: + - If set to True, the round trip will filter out the module parameters from the response param, + which will enable the user to fire the config request using the structured gathered data. + - NOTE, this parameter makes relevance only with the GATHERED state, as for config states like, + MERGED, REPLACED, and DELETED state it won't make any config updates, + as it's not a module config parameter. + type: bool + auto_publish_session: + description: + - Publish the current session if changes have been performed + after task completes. + type: bool + version: + description: + - Version of checkpoint. If not given one, the latest version taken. + type: str + state: + description: + - The state the configuration should be left in + - The state I(gathered) will get the module API configuration from the device + and transform it into structured data in the format as per the module argspec + and the value is returned in the I(gathered) key within the result. + type: str + choices: + - merged + - replaced + - gathered + - deleted +""" + +EXAMPLES = """ + +# Using MERGED state +# ------------------- + +- name: Merge MGMT Hosts config + cp_mgmt_hosts: + state: merged + config: + color: cyan + ip_address: 192.0.2.1 + name: New Host 1 + auto_publish_session: true + tags: + - New Host + round_trip: true + +# RUN output: +# ----------- + +# mgmt_hosts: +# after: +# color: cyan +# comments: '' +# groups: [] +# icon: Objects/host +# interfaces: [] +# ipv4-address: 192.0.2.1 +# name: New Host 1 +# nat_settings: {} +# tags: +# - New Host +# before: {} + +# Using REPLACED state +# -------------------- + +- name: Replace MGMT Host config + cp_mgmt_hosts: + state: replaced + config: + name: New Host 1 + tags: + - New Replaced Host + color: aquamarine + ip_address: 198.51.110.0 + comments: REPLACED description + ignore_warnings: true + ignore_errors: false + auto_publish_session: true + round_trip: true + +# RUN output: +# ----------- + +# mgmt_hosts: +# after: +# color: aquamarine +# comments: REPLACED description +# groups: [] +# icon: Objects/host +# interfaces: [] +# ipv4-address: 198.51.110.0 +# name: New Host 1 +# nat_settings: {} +# tags: +# - New Replaced Host +# before: +# color: cyan +# comments: '' +# groups: [] +# icon: Objects/host +# interfaces: [] +# ipv4-address: 192.0.2.1 +# name: New Host 1 +# nat_settings: {} +# tags: +# - New Host + +# Using GATHERED state +# -------------------- + +# 1. With Round Trip set to True + +- name: Gather MGMT Host config by Name + cp_mgmt_hosts: + state: gathered + config: + name: New Host 1 + +# RUN output: +# ----------- + +# gathered: +# color: cyan +# comments: REPLACED description +# domain: SMC User +# groups: [] +# icon: Objects/host +# interfaces: [] +# ipv4-address: 192.0.2.1 +# name: New Host 1 +# nat_settings: {} +# read-only: false +# tags: +# - New Host +# uid: 63b868bb-d300-47f4-b97a-c465a56fe9c7 + +# 2. With Round Trip set to False which is the default behaviour + +- name: Gather MGMT Host config by Name + cp_mgmt_hosts: + state: gathered + config: + name: New Host 1 + +# RUN output: +# ----------- + +# gathered: +# color: cyan +# comments: '' +# domain: +# domain-type: domain +# name: SMC User +# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde +# groups: [] +# icon: Objects/host +# interfaces: [] +# ipv4-address: 192.0.2.1 +# meta-info: +# creation-time: +# iso-8601: 2022-11-21T08:31+0000 +# posix: 1669019480328 +# creator: admin +# last-modifier: admin +# last-modify-time: +# iso-8601: 2022-11-21T08:31+0000 +# posix: 1669019480328 +# lock: unlocked +# validation-state: ok +# name: New Host 1 +# nat_settings: {} +# read-only: false +# tags: +# - domain: +# domain-type: domain +# name: SMC User +# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde +# name: New Host +# type: tag +# uid: 94d53896-3cee-4e1f-a83b-3abac80bf512 +# type: host +# uid: 8f23a44b-d9d2-4242-8a9e-2a4cbb6723ff + +# 3. Gather ALL threat-layer config with DESC order filter + +- name: Gather All hosts on the MGMT instance + cp_mgmt_hosts: + config: + details_level: full + state: gathered + +# RUN output: +# ----------- + +# gathered: +# - domain: +# domain-type: domain +# name: SMC User +# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde +# ipv4-address: 192.0.2.1 +# name: New Host 1 +# type: host +# uid: 8f23a44b-d9d2-4242-8a9e-2a4cbb6723ff + +# Using DELETED state +# ------------------- + +- name: Delete MGMT Host config by Name + cp_mgmt_hosts: + state: deleted + config: + name: New Host 1 + round_trip: true + +# RUN output: +# ----------- + +# mgmt_hosts: +# after: {} +# before: +# color: cyan +# comments: REPLACED description +# groups: [] +# icon: Objects/host +# interfaces: [] +# ipv4-address: 192.0.2.1 +# name: New Host 1 +# nat_settings: {} +# tags: +# - New Host +""" + +RETURN = """ +before: + description: The configuration prior to the module execution. + returned: when state is I(merged), I(replaced), I(deleted) + type: dict + sample: > + This output will always be in the same format as the + module argspec. +after: + description: The resulting configuration after module execution. + returned: when changed + type: dict + sample: > + This output will always be in the same format as the + module argspec. +gathered: + description: Facts about the network resource gathered from the remote device as structured data. + returned: when state is I(gathered) + type: dict + sample: > + This output will always be in the same format as the + module argspec. +""" diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_layer.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_layer.py new file mode 100644 index 000000000..697a922c1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_layer.py @@ -0,0 +1,134 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_https_layer +short_description: Manages https-layer objects on Checkpoint over Web Services API +description: + - Manages https-layer objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + shared: + description: + - Define the Layer as Shared (TRUE/FALSE). + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-https-layer + cp_mgmt_https_layer: + name: New Layer 1 + state: present + +- name: set-https-layer + cp_mgmt_https_layer: + name: New Layer 1 + shared: true + state: present + +- name: delete-https-layer + cp_mgmt_https_layer: + name: New Layer 2 + state: absent +""" + +RETURN = """ +cp_mgmt_https_layer: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + shared=dict(type='bool'), + tags=dict(type='list', elements="str"), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'https-layer' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_layer_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_layer_facts.py new file mode 100644 index 000000000..0b74766c3 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_layer_facts.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_https_layer_facts +short_description: Get https-layer objects facts on Checkpoint over Web Services API +description: + - Get https-layer objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-https-layer + cp_mgmt_https_layer_facts: + name: New Layer 1 + +- name: show-https-layers + cp_mgmt_https_layer_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements="dict", options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements="str") + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "https-layer" + api_call_object_plural_version = "https-layers" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_section.py index aba2a6a89..bdc3f3ff5 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_section.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_section.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -94,26 +96,31 @@ cp_mgmt_https_section: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - layer=dict(type='str'), - position=dict(type='str'), - name=dict(type='str', required=True), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + layer=dict(type="str"), + position=dict(type="str"), + name=dict(type="str", required=True), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'https-section' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "https-section" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag.py index 782375d67..b0f45a656 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -104,32 +106,73 @@ cp_mgmt_identity_tag: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - external_identifier=dict(type='str'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + external_identifier=dict(type="str"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'identity-tag' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "identity-tag" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag_facts.py index 07618264b..107d6cceb 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -108,32 +110,43 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - domains_to_process=dict(type='list', elements='str') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + domains_to_process=dict(type="list", elements="str"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "identity-tag" api_call_object_plural_version = "identity-tags" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group.py index ec08c8f3b..788111440 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -124,37 +126,79 @@ cp_mgmt_idp_administrator_group: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - group_id=dict(type='str'), - multi_domain_profile=dict(type='str'), - permissions_profile=dict(type='list', elements='dict', options=dict( - domain=dict(type='str'), - profile=dict(type='str') - )), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + group_id=dict(type="str"), + multi_domain_profile=dict(type="str"), + permissions_profile=dict( + type="list", + elements="dict", + options=dict(domain=dict(type="str"), profile=dict(type="str")), + ), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'idp-administrator-group' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "idp-administrator-group" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group_facts.py index bbe358d71..7df43f693 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -107,32 +109,43 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - domains_to_process=dict(type='list', elements='str') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + domains_to_process=dict(type="list", elements="str"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "idp-administrator-group" api_call_object_plural_version = "idp-administrator-groups" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_to_domain_assignment_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_to_domain_assignment_facts.py index 41f30a52e..a1fb64a98 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_to_domain_assignment_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_to_domain_assignment_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -95,30 +97,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - assigned_domain=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + assigned_domain=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "idp-to-domain-assignment" api_call_object_plural_version = "idp-to-domain-assignments" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_import_management.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_import_management.py new file mode 100644 index 000000000..fbc45a1b6 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_import_management.py @@ -0,0 +1,139 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_import_management +short_description: Import the primary Security Management Server database or the primary Multi-Domain Server database or the single Domain database and the + applicable Check Point configuration. +description: + - Import the primary Security Management Server database or the primary Multi-Domain Server database or the single Domain database and the applicable + Check Point configuration. <br/>After the import starts, the session expires and you must login again. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + file_path: + description: + - Path to the exported database file to be imported. + type: str + required: True + domain_name: + description: + - Domain name to be imported. Must be unique in the Multi-Domain Server.<br><font color="red">Required only for</font> importing the Security + Management Server into the Multi-Domain Server. + type: str + domain_ip_address: + description: + - IPv4 address for the imported Domain.<br><font color="red">Required only for</font> importing the Security Management Server into the + Multi-Domain Server. + type: str + domain_server_name: + description: + - Multi-Domain Server name for the imported Domain.<br><font color="red">Required only for</font> importing the Security Management Server into + the Multi-Domain Server. + type: str + include_logs: + description: + - Import logs without log indexes. + type: bool + include_logs_indexes: + description: + - Import logs with log indexes. + type: bool + keep_cloud_sharing: + description: + - Preserve the connection of the Management Server to Check Point's Infinity Portal.<br>Use this flag after ensuring that the original + Management Server does not communicate with Infinity Portal.<br>Note, resuming the connection is also possible after import with set-cloud-services. + type: bool + include_endpoint_configuration: + description: + - Include import of the Endpoint Security Management configuration files. + type: bool + include_endpoint_database: + description: + - Include import of the Endpoint Security Management database. + type: bool + verify_domain_restore: + description: + - If true, verify that the restore operation is valid for this input file and this environment. <br>Note, Restore operation will not be executed. + type: bool + pre_import_verification_only: + description: + - If true, only runs the pre-import verifications instead of the full import. + type: bool + ignore_warnings: + description: + - Ignoring the verification warnings. By Setting this parameter to 'true' import will not be blocked by warnings. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: import-management + cp_mgmt_import_management: + file_path: /var/log/domain1_exported.tgz +""" + +RETURN = """ +cp_mgmt_import_management: + description: The checkpoint import-management output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + file_path=dict(type='str', required=True), + domain_name=dict(type='str'), + domain_ip_address=dict(type='str'), + domain_server_name=dict(type='str'), + include_logs=dict(type='bool'), + include_logs_indexes=dict(type='bool'), + keep_cloud_sharing=dict(type='bool'), + include_endpoint_configuration=dict(type='bool'), + include_endpoint_database=dict(type='bool'), + verify_domain_restore=dict(type='bool'), + pre_import_verification_only=dict(type='bool'), + ignore_warnings=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "import-management" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_import_smart_task.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_import_smart_task.py new file mode 100644 index 000000000..712a8bdfd --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_import_smart_task.py @@ -0,0 +1,79 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_import_smart_task +short_description: Import SmartTask from a file. +description: + - Import SmartTask from a file. <br>This command is available only in a Security Management environment or in Multi-Domain environment when logged into + local domain. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + file_path: + description: + - Path to the SmartTask file to be imported. <br>Should be the full file path (example, "/home/admin/exported-smart-task.txt"). + type: str + required: True +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: import-smart-task + cp_mgmt_import_smart_task: + file_path: /home/admin/smart-task.txt +""" + +RETURN = """ +cp_mgmt_import_smart_task: + description: The checkpoint import-smart-task output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + file_path=dict(type='str', required=True) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "import-smart-task" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_database.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_database.py index aba149118..e256c7063 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_database.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_database.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -59,13 +61,14 @@ cp_mgmt_install_database: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - targets=dict(type='list', elements='str') - ) + argument_spec = dict(targets=dict(type="list", elements="str")) argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -76,5 +79,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_policy.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_policy.py index 60cc030dd..bc04c467e 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_policy.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_policy.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -59,13 +61,14 @@ cp_mgmt_install_lsm_policy: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - targets=dict(type='list', elements='str') - ) + argument_spec = dict(targets=dict(type="list", elements="str")) argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -76,5 +79,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_settings.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_settings.py index 53fba12d1..b3fd2e4f5 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_settings.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_settings.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -59,13 +61,14 @@ cp_mgmt_install_lsm_settings: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - targets=dict(type='list', elements='str') - ) + argument_spec = dict(targets=dict(type="list", elements="str")) argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -76,5 +79,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py index 4a14111d2..56c70b5ad 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -98,20 +100,23 @@ cp_mgmt_install_policy: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - policy_package=dict(type='str'), - targets=dict(type='list', elements='str'), - access=dict(type='bool'), - desktop_security=dict(type='bool'), - qos=dict(type='bool'), - threat_prevention=dict(type='bool'), - install_on_all_cluster_members_or_fail=dict(type='bool'), - prepare_only=dict(type='bool'), - revision=dict(type='str') + policy_package=dict(type="str"), + targets=dict(type="list", elements="str"), + access=dict(type="bool"), + desktop_security=dict(type="bool"), + qos=dict(type="bool"), + threat_prevention=dict(type="bool"), + install_on_all_cluster_members_or_fail=dict(type="bool"), + prepare_only=dict(type="bool"), + revision=dict(type="str"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -123,5 +128,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_software_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_software_package.py index 3a967e6cb..93bc9f371 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_software_package.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_software_package.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -92,20 +94,28 @@ cp_mgmt_install_software_package: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - name=dict(type='str'), - targets=dict(type='list', elements='str'), - cluster_installation_settings=dict(type='dict', options=dict( - cluster_delay=dict(type='int'), - cluster_strategy=dict(type='str') - )), - concurrency_limit=dict(type='int'), - method=dict(type='str', choices=['install', 'upgrade']), - package_location=dict(type='str', choices=['automatic', 'target-machine', 'central']) + name=dict(type="str"), + targets=dict(type="list", elements="str"), + cluster_installation_settings=dict( + type="dict", + options=dict( + cluster_delay=dict(type="int"), + cluster_strategy=dict(type="str"), + ), + ), + concurrency_limit=dict(type="int"), + method=dict(type="str", choices=["install", "upgrade"]), + package_location=dict( + type="str", choices=["automatic", "target-machine", "central"] + ), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -117,5 +127,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device.py index 9416e810e..cd3fd2636 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -249,71 +251,169 @@ cp_mgmt_interoperable_device: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - ip_address=dict(type='str'), - ipv4_address=dict(type='str'), - ipv6_address=dict(type='str'), - interfaces=dict(type='list', elements='dict', options=dict( - name=dict(type='str'), - ip_address=dict(type='str'), - ipv4_address=dict(type='str'), - ipv6_address=dict(type='str'), - network_mask=dict(type='str'), - ipv4_network_mask=dict(type='str'), - ipv6_network_mask=dict(type='str'), - mask_length=dict(type='str'), - ipv4_mask_length=dict(type='str'), - ipv6_mask_length=dict(type='str'), - tags=dict(type='list', elements='str'), - topology=dict(type='str', choices=['external', 'internal']), - topology_settings=dict(type='dict', options=dict( - interface_leads_to_dmz=dict(type='bool'), - ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask', - 'network defined by routing', 'specific']), - specific_network=dict(type='str') - )), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', - 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', - 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', - 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', - 'sienna', 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - domains_to_process=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') - )), - vpn_settings=dict(type='dict', options=dict( - vpn_domain=dict(type='str'), - vpn_domain_exclude_external_ip_addresses=dict(type='bool'), - vpn_domain_type=dict(type='str', choices=['manual', 'addresses_behind_gw']) - )), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - domains_to_process=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - groups=dict(type='list', elements='str'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + ip_address=dict(type="str"), + ipv4_address=dict(type="str"), + ipv6_address=dict(type="str"), + interfaces=dict( + type="list", + elements="dict", + options=dict( + name=dict(type="str"), + ip_address=dict(type="str"), + ipv4_address=dict(type="str"), + ipv6_address=dict(type="str"), + network_mask=dict(type="str"), + ipv4_network_mask=dict(type="str"), + ipv6_network_mask=dict(type="str"), + mask_length=dict(type="str"), + ipv4_mask_length=dict(type="str"), + ipv6_mask_length=dict(type="str"), + tags=dict(type="list", elements="str"), + topology=dict(type="str", choices=["external", "internal"]), + topology_settings=dict( + type="dict", + options=dict( + interface_leads_to_dmz=dict(type="bool"), + ip_address_behind_this_interface=dict( + type="str", + choices=[ + "not defined", + "network defined by the interface ip and net mask", + "network defined by routing", + "specific", + ], + ), + specific_network=dict(type="str"), + ), + ), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict( + type="str", choices=["uid", "standard", "full"] + ), + domains_to_process=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), + ), + ), + vpn_settings=dict( + type="dict", + options=dict( + vpn_domain=dict(type="str"), + vpn_domain_exclude_external_ip_addresses=dict(type="bool"), + vpn_domain_type=dict( + type="str", choices=["manual", "addresses_behind_gw"] + ), + ), + ), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + domains_to_process=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + groups=dict(type="list", elements="str"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'interoperable-device' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "interoperable-device" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device_facts.py index bbc70da9d..595e52ebe 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -107,32 +109,43 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - domains_to_process=dict(type='list', elements='str') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + domains_to_process=dict(type="list", elements="str"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "interoperable-device" api_call_object_plural_version = "interoperable-devices" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_ips_protection_extended_attribute_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_ips_protection_extended_attribute_facts.py new file mode 100644 index 000000000..de8103d69 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_ips_protection_extended_attribute_facts.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_ips_protection_extended_attribute_facts +short_description: Get ips-protection-extended-attribute objects facts on Checkpoint over Web Services API +description: + - Get ips-protection-extended-attribute objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-ips-protection-extended-attribute + cp_mgmt_ips_protection_extended_attribute_facts: + name: Vulnerability Effect + +- name: show-ips-protection-extended-attributes + cp_mgmt_ips_protection_extended_attribute_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "ips-protection-extended-attribute" + api_call_object_plural_version = "ips-protection-extended-attributes" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lock_object.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lock_object.py new file mode 100644 index 000000000..b55b50d6e --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lock_object.py @@ -0,0 +1,96 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_lock_object +short_description: Lock object using name and type. +description: + - Lock object using name and type. Can lock object only if the object is not locked by another session. + - The object can be unlocked by the unlock, publish or discard commands. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. Must be unique in the domain. + type: str + type: + description: + - Object type. + type: str + layer: + description: + - Object layer, need to specify the layer if the object is rule/section and uid is not supplied. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: lock-object + cp_mgmt_lock_object: + name: host5 + type: host +""" + +RETURN = """ +cp_mgmt_lock_object: + description: The checkpoint lock-object output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + type=dict(type='str'), + layer=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "lock-object" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster.py index 422d31424..3ba3fff11 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -221,66 +223,157 @@ cp_mgmt_lsm_cluster: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - main_ip_address=dict(type='str'), - name_prefix=dict(type='str'), - name_suffix=dict(type='str'), - security_profile=dict(type='str', required=True), - interfaces=dict(type='list', elements='dict', options=dict( - name=dict(type='str'), - ip_address_override=dict(type='str'), - member_network_override=dict(type='str') - )), - members=dict(type='list', elements='dict', options=dict( - name=dict(type='str'), - provisioning_settings=dict(type='dict', options=dict( - provisioning_profile=dict(type='str') - )), - provisioning_state=dict(type='str', choices=['off', 'manual', 'using-profile']), - sic=dict(type='dict', options=dict( - ip_address=dict(type='str'), - one_time_password=dict(type='str', no_log=True) - )), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', - 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', - 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', - 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', - 'sienna', 'yellow']), - comments=dict(type='str') - )), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool'), + main_ip_address=dict(type="str"), + name_prefix=dict(type="str"), + name_suffix=dict(type="str"), + security_profile=dict(type="str", required=True), + interfaces=dict( + type="list", + elements="dict", + options=dict( + name=dict(type="str"), + ip_address_override=dict(type="str"), + member_network_override=dict(type="str"), + ), + ), + members=dict( + type="list", + elements="dict", + options=dict( + name=dict(type="str"), + provisioning_settings=dict( + type="dict", + options=dict(provisioning_profile=dict(type="str")), + ), + provisioning_state=dict( + type="str", choices=["off", "manual", "using-profile"] + ), + sic=dict( + type="dict", + options=dict( + ip_address=dict(type="str"), + one_time_password=dict(type="str", no_log=True), + ), + ), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + ), + ), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) # Create lsm-cluster name - name = module.params['security_profile'] + name = module.params["security_profile"] - if module.params['name_prefix']: - name = module.params['name_prefix'] + name - if module.params['name_suffix']: - name = name + module.params['name_suffix'] - module.params['name'] = name + if module.params["name_prefix"]: + name = module.params["name_prefix"] + name + if module.params["name_suffix"]: + name = name + module.params["name_suffix"] + module.params["name"] = name - api_call_object = 'lsm-cluster' + api_call_object = "lsm-cluster" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_facts.py index 1c7fbec44..58816abfe 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -114,33 +116,44 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool'), - domains_to_process=dict(type='list', elements='str') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), + domains_to_process=dict(type="list", elements="str"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "lsm-cluster" api_call_object_plural_version = "lsm-clusters" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_profile_facts.py index 384c5b218..b87c92a0e 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_profile_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_profile_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -114,33 +116,44 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool'), - domains_to_process=dict(type='list', elements='str') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), + domains_to_process=dict(type="list", elements="str"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "lsm-cluster-profile" api_call_object_plural_version = "lsm-cluster-profiles" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway.py index 21fc7ce5a..704a0f74d 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -140,39 +142,85 @@ cp_mgmt_lsm_gateway: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - security_profile=dict(type='str'), - provisioning_settings=dict(type='dict', options=dict( - provisioning_profile=dict(type='str') - )), - provisioning_state=dict(type='str', choices=['off', 'manual', 'using-profile']), - sic=dict(type='dict', options=dict( - ip_address=dict(type='str'), - one_time_password=dict(type='str', no_log=True) - )), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + security_profile=dict(type="str"), + provisioning_settings=dict( + type="dict", options=dict(provisioning_profile=dict(type="str")) + ), + provisioning_state=dict( + type="str", choices=["off", "manual", "using-profile"] + ), + sic=dict( + type="dict", + options=dict( + ip_address=dict(type="str"), + one_time_password=dict(type="str", no_log=True), + ), + ), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'lsm-gateway' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "lsm-gateway" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_facts.py index b13444e96..150ca4b7e 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -114,33 +116,44 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool'), - domains_to_process=dict(type='list', elements='str') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), + domains_to_process=dict(type="list", elements="str"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "lsm-gateway" api_call_object_plural_version = "lsm-gateways" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_profile_facts.py index 6778f237c..e46f1f0ee 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_profile_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_profile_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -114,33 +116,44 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool'), - domains_to_process=dict(type='list', elements='str') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), + domains_to_process=dict(type="list", elements="str"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "lsm-gateway-profile" api_call_object_plural_version = "lsm-gateway-profiles" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_run_script.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_run_script.py index d3828262d..434e814d9 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_run_script.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_run_script.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -67,14 +69,17 @@ cp_mgmt_lsm_run_script: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - script_base64=dict(type='str'), - script=dict(type='str'), - targets=dict(type='list', elements='str') + script_base64=dict(type="str"), + script=dict(type="str"), + targets=dict(type="list", elements="str"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -86,5 +91,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsv_profile.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsv_profile.py new file mode 100644 index 000000000..eb43a20b6 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsv_profile.py @@ -0,0 +1,173 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_lsv_profile +short_description: Manages lsv-profile objects on Checkpoint over Web Services API +description: + - Manages lsv-profile objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + certificate_authority: + description: + - Trusted Certificate authority for establishing trust between VPN peers, identified by name or UID. + type: str + allowed_ip_addresses: + description: + - Collection of network objects identified by name or UID that represent IP addresses allowed in profile's VPN domain. + type: list + elements: str + restrict_allowed_addresses: + description: + - Indicate whether the IP addresses allowed in the VPN Domain will be restricted or not, according to allowed-ip-addresses field. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + vpn_domain: + description: + - peers' VPN Domain properties. + type: dict + suboptions: + limit_peer_domain_size: + description: + - Use this parameter to limit the number of IP addresses in the VPN Domain of each peer according to the value in the max-allowed-addresses field. + type: bool + max_allowed_addresses: + description: + - Maximum number of IP addresses in the VPN Domain of each peer. This value will be enforced only when limit-peer-domain-size field is + set to true. Select a value between 1 and 256. Default value is 256. + type: int + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-lsv-profile + cp_mgmt_lsv_profile: + certificate_authority: dedicated_profile_certificate + name: New lsv-profile + state: present + +- name: set-lsv-profile + cp_mgmt_lsv_profile: + certificate_authority: another CA + name: existing lsv-profile + restrict_allowed_addresses: 'false' + state: present + vpn_domain: + limit_peer_domain_size: 'false' + +- name: delete-lsv-profile + cp_mgmt_lsv_profile: + name: existing lsv-profile + state: absent +""" + +RETURN = """ +cp_mgmt_lsv_profile: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + certificate_authority=dict(type='str'), + allowed_ip_addresses=dict(type='list', elements='str'), + restrict_allowed_addresses=dict(type='bool'), + tags=dict(type='list', elements='str'), + vpn_domain=dict(type='dict', options=dict( + limit_peer_domain_size=dict(type='bool'), + max_allowed_addresses=dict(type='int') + )), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'lsv-profile' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsv_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsv_profile_facts.py new file mode 100644 index 000000000..d755a4a7f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsv_profile_facts.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_lsv_profile_facts +short_description: Get lsv-profile objects facts on Checkpoint over Web Services API +description: + - Get lsv-profile objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-lsv-profile + cp_mgmt_lsv_profile_facts: + name: existing lsv-profile + +- name: show-lsv-profiles + cp_mgmt_lsv_profile_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "lsv-profile" + api_call_object_plural_version = "lsv-profiles" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile.py index 01f52aafe..1439e06e7 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -166,45 +168,88 @@ cp_mgmt_md_permissions_profile: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - permission_level=dict(type='str', choices=['super user', 'manager', 'domain level only']), - mds_provisioning=dict(type='bool'), - manage_admins=dict(type='bool'), - manage_sessions=dict(type='bool'), - management_api_login=dict(type='bool'), - cme_operations=dict(type='str', choices=['read', 'write', 'disabled']), - global_vpn_management=dict(type='bool'), - manage_global_assignments=dict(type='bool'), - enable_default_profile_for_global_domains=dict(type='bool'), - default_profile_global_domains=dict(type='str'), - view_global_objects_in_domain=dict(type='bool'), - enable_default_profile_for_local_domains=dict(type='bool'), - default_profile_local_domains=dict(type='str'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - domains_to_process=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + permission_level=dict( + type="str", choices=["super user", "manager", "domain level only"] + ), + mds_provisioning=dict(type="bool"), + manage_admins=dict(type="bool"), + manage_sessions=dict(type="bool"), + management_api_login=dict(type="bool"), + cme_operations=dict(type="str", choices=["read", "write", "disabled"]), + global_vpn_management=dict(type="bool"), + manage_global_assignments=dict(type="bool"), + enable_default_profile_for_global_domains=dict(type="bool"), + default_profile_global_domains=dict(type="str"), + view_global_objects_in_domain=dict(type="bool"), + enable_default_profile_for_local_domains=dict(type="bool"), + default_profile_local_domains=dict(type="str"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + domains_to_process=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'md-permissions-profile' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "md-permissions-profile" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile_facts.py index 285752fd7..338ef5920 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -110,32 +112,43 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - domains_to_process=dict(type='list', elements='str') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + domains_to_process=dict(type="list", elements="str"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "md-permissions-profile" api_call_object_plural_version = "md-permissions-profiles" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds.py index 726164ba5..017d49857 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -164,45 +166,89 @@ cp_mgmt_mds: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - ip_address=dict(type='str'), - ipv4_address=dict(type='str'), - ipv6_address=dict(type='str'), - hardware=dict(type='str'), - os=dict(type='str'), - version=dict(type='str'), - one_time_password=dict(type='str', no_log=True), - server_type=dict(type='str', choices=['multi-domain server', 'multi-domain log server']), - ip_pool_first=dict(type='str'), - ipv4_pool_first=dict(type='str'), - ipv6_pool_first=dict(type='str'), - ip_pool_last=dict(type='str'), - ipv4_pool_last=dict(type='str'), - ipv6_pool_last=dict(type='str'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + ip_address=dict(type="str"), + ipv4_address=dict(type="str"), + ipv6_address=dict(type="str"), + hardware=dict(type="str"), + os=dict(type="str"), + version=dict(type="str"), + one_time_password=dict(type="str", no_log=True), + server_type=dict( + type="str", + choices=["multi-domain server", "multi-domain log server"], + ), + ip_pool_first=dict(type="str"), + ipv4_pool_first=dict(type="str"), + ipv6_pool_first=dict(type="str"), + ip_pool_last=dict(type="str"), + ipv4_pool_last=dict(type="str"), + ipv6_pool_last=dict(type="str"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'mds' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "mds" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds_facts.py index 46bca5be4..3cbaedda9 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -95,30 +97,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "mds" api_call_object_plural_version = "mdss" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range.py index 04cc7a72f..4441b0fce 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -143,41 +145,82 @@ cp_mgmt_multicast_address_range: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - ip_address=dict(type='str'), - ipv4_address=dict(type='str'), - ipv6_address=dict(type='str'), - ip_address_first=dict(type='str'), - ipv4_address_first=dict(type='str'), - ipv6_address_first=dict(type='str'), - ip_address_last=dict(type='str'), - ipv4_address_last=dict(type='str'), - ipv6_address_last=dict(type='str'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + ip_address=dict(type="str"), + ipv4_address=dict(type="str"), + ipv6_address=dict(type="str"), + ip_address_first=dict(type="str"), + ipv4_address_first=dict(type="str"), + ipv6_address_first=dict(type="str"), + ip_address_last=dict(type="str"), + ipv4_address_last=dict(type="str"), + ipv6_address_last=dict(type="str"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'multicast-address-range' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "multicast-address-range" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range_facts.py index c32390e6d..b98fa2525 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -100,31 +102,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "multicast-address-range" api_call_object_plural_version = "multicast-address-ranges" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule.py new file mode 100644 index 000000000..d187200f8 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule.py @@ -0,0 +1,227 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_nat_rule +short_description: Manages nat-rule objects on Checkpoint over Web Services API. +description: + - Manages nat-rule objects on Checkpoint devices including creating, updating and removing objects. + - Minimum version required is 1.7.1 and JHF with PMTR-88097. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + package: + description: + - Name of the package. + type: str + position: + description: + - Position in the rulebase. The use of values "top" and "bottom" may not be idempotent. + type: str + relative_position: + description: + - Position in the rulebase. + - Use of this field may not be idempotent. + type: dict + suboptions: + below: + description: + - Add rule below specific rule/section identified by name (limited to 50 rules if + search_entire_rulebase is False). + type: str + above: + description: + - Add rule above specific rule/section identified by name (limited to 50 rules if + search_entire_rulebase is False). + type: str + top: + description: + - Add rule to the top of a specific section identified by name (limited to 50 rules if + search_entire_rulebase is False). + type: str + bottom: + description: + - Add rule to the bottom of a specific section identified by name (limited to 50 rules if + search_entire_rulebase is False). + type: str + search_entire_rulebase: + description: + - Whether to search the entire rulebase for a rule that's been edited in its relative_position field to make sure + there indeed has been a change in its position or the section it might be in. + type: bool + default: False + name: + description: + - Rule name. + type: str + required: True + enabled: + description: + - Enable/Disable the rule. + type: bool + install_on: + description: + - Which Gateways identified by the name or UID to install the policy on. + type: list + elements: str + method: + description: + - Nat method. + type: str + choices: ['static', 'hide', 'nat64', 'nat46', 'cgnat'] + original_destination: + description: + - Original destination. + type: str + original_service: + description: + - Original service. + type: str + original_source: + description: + - Original source. + type: str + translated_destination: + description: + - Translated destination. + type: str + translated_service: + description: + - Translated service. + type: str + translated_source: + description: + - Translated source. + type: str + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-nat-rule + cp_mgmt_nat_rule: + name: nat_rule1 + comments: comment example1 nat999 + enabled: false + install_on: + - Policy Targets + original_destination: All_Internet + original_source: Any + package: standard + position: 1 + state: present + +- name: set-nat-rule + cp_mgmt_nat_rule: + name: nat_rule1 + comments: rule for RND members RNDNetwork-> RND to Internal Network + enabled: false + original_service: ssh_version_2 + original_source: Any + package: standard + state: present + +- name: delete-nat-rule + cp_mgmt_nat_rule: + name: nat_rule1 + package: standard + state: absent +""" + +RETURN = """ +cp_mgmt_nat_rule: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call_for_rule + + +def main(): + argument_spec = dict( + package=dict(type='str'), + position=dict(type='str'), + relative_position=dict(type='dict', options=dict( + below=dict(type='str'), + above=dict(type='str'), + top=dict(type='str'), + bottom=dict(type='str') + )), + search_entire_rulebase=dict(type='bool', default=False), + name=dict(type='str', required=True), + enabled=dict(type='bool'), + install_on=dict(type='list', elements='str'), + method=dict(type='str', choices=['static', 'hide', 'nat64', 'nat46', 'cgnat']), + original_destination=dict(type='str'), + original_service=dict(type='str'), + original_source=dict(type='str'), + translated_destination=dict(type='str'), + translated_service=dict(type='str'), + translated_source=dict(type='str'), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'nat-rule' + + if module.params["relative_position"] is not None: + if module.params["position"] is not None: + raise AssertionError("The use of both 'relative_position' and 'position' arguments isn't allowed") + module.params["position"] = module.params["relative_position"] + module.params.pop("relative_position") + + result = api_call_for_rule(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule_facts.py index c1c4465bd..6474b2af1 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -41,6 +43,11 @@ options: description: - Rule number. type: str + name: + description: + - Rule name. + This parameter is relevant only for getting a specific object. Minimum version required is 1.7.1. + type: str package: description: - Name of the package. @@ -141,6 +148,7 @@ EXAMPLES = """ - name: show-nat-rule cp_mgmt_nat_rule_facts: package: standard + name: nat_rule1 - name: show-nat-rulebase cp_mgmt_nat_rule_facts: @@ -159,45 +167,63 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts_for_rule, +) def main(): argument_spec = dict( - rule_number=dict(type='str'), - package=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - filter_settings=dict(type='dict', options=dict( - search_mode=dict(type='str', choices=['general', 'packet']), - packet_search_settings=dict(type='dict', options=dict( - expand_group_members=dict(type='bool'), - expand_group_with_exclusion_members=dict(type='bool'), - match_on_any=dict(type='bool'), - match_on_group_with_exclusion=dict(type='bool'), - match_on_negate=dict(type='bool') - )) - )), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - use_object_dictionary=dict(type='bool'), - dereference_group_members=dict(type='bool'), - show_membership=dict(type='bool') + rule_number=dict(type="str"), + name=dict(type='str'), + package=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + filter_settings=dict( + type="dict", + options=dict( + search_mode=dict(type="str", choices=["general", "packet"]), + packet_search_settings=dict( + type="dict", + options=dict( + expand_group_members=dict(type="bool"), + expand_group_with_exclusion_members=dict(type="bool"), + match_on_any=dict(type="bool"), + match_on_group_with_exclusion=dict(type="bool"), + match_on_negate=dict(type="bool"), + ), + ), + ), + ), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + use_object_dictionary=dict(type="bool"), + dereference_group_members=dict(type="bool"), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "nat-rule" api_call_object_plural_version = "nat-rulebase" - result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version) + result = api_call_facts_for_rule( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_section.py index d81d2609d..f59c4a803 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_section.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_section.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -94,26 +96,31 @@ cp_mgmt_nat_section: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - package=dict(type='str'), - position=dict(type='str'), - name=dict(type='str', required=True), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + package=dict(type="str"), + position=dict(type="str"), + name=dict(type="str", required=True), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'nat-section' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "nat-section" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py index 1fc5e0489..6faf9e6fd 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -179,49 +181,95 @@ cp_mgmt_network: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - subnet=dict(type='str'), - subnet4=dict(type='str'), - subnet6=dict(type='str'), - mask_length=dict(type='int'), - mask_length4=dict(type='int'), - mask_length6=dict(type='int'), - subnet_mask=dict(type='str'), - nat_settings=dict(type='dict', options=dict( - auto_rule=dict(type='bool'), - ip_address=dict(type='str'), - ipv4_address=dict(type='str'), - ipv6_address=dict(type='str'), - hide_behind=dict(type='str', choices=['gateway', 'ip-address']), - install_on=dict(type='str'), - method=dict(type='str', choices=['hide', 'static']) - )), - tags=dict(type='list', elements='str'), - broadcast=dict(type='str', choices=['disallow', 'allow']), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + subnet=dict(type="str"), + subnet4=dict(type="str"), + subnet6=dict(type="str"), + mask_length=dict(type="int"), + mask_length4=dict(type="int"), + mask_length6=dict(type="int"), + subnet_mask=dict(type="str"), + nat_settings=dict( + type="dict", + options=dict( + auto_rule=dict(type="bool"), + ip_address=dict(type="str"), + ipv4_address=dict(type="str"), + ipv6_address=dict(type="str"), + hide_behind=dict( + type="str", choices=["gateway", "ip-address"] + ), + install_on=dict(type="str"), + method=dict(type="str", choices=["hide", "static"]), + ), + ), + tags=dict(type="list", elements="str"), + broadcast=dict(type="str", choices=["disallow", "allow"]), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'network' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "network" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_facts.py index 9cb2382ca..cbb8f24da 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -102,31 +104,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "network" api_call_object_plural_version = "networks" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed.py index f00e21773..345df3dd1 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -196,48 +198,94 @@ cp_mgmt_network_feed: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - feed_url=dict(type='str'), - certificate_id=dict(type='str'), - feed_format=dict(type='str', choices=['Flat List', 'JSON']), - feed_type=dict(type='str', choices=['Domain', 'IP Address', 'IP Address/Domain']), - password=dict(type='str', no_log=True), - tags=dict(type='list', elements='str'), - username=dict(type='str'), - custom_header=dict(type='list', elements='dict', options=dict( - header_name=dict(type='str'), - header_value=dict(type='str') - )), - update_interval=dict(type='int'), - data_column=dict(type='int'), - fields_delimiter=dict(type='str'), - ignore_lines_that_start_with=dict(type='str'), - json_query=dict(type='str'), - use_gateway_proxy=dict(type='bool'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - domains_to_process=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + feed_url=dict(type="str"), + certificate_id=dict(type="str"), + feed_format=dict(type="str", choices=["Flat List", "JSON"]), + feed_type=dict( + type="str", choices=["Domain", "IP Address", "IP Address/Domain"] + ), + password=dict(type="str", no_log=True), + tags=dict(type="list", elements="str"), + username=dict(type="str"), + custom_header=dict( + type="list", + elements="dict", + options=dict( + header_name=dict(type="str"), header_value=dict(type="str") + ), + ), + update_interval=dict(type="int"), + data_column=dict(type="int"), + fields_delimiter=dict(type="str"), + ignore_lines_that_start_with=dict(type="str"), + json_query=dict(type="str"), + use_gateway_proxy=dict(type="bool"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + domains_to_process=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'network-feed' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "network-feed" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed_facts.py index e2aa53fbe..471c5dd43 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -111,33 +113,44 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool'), - domains_to_process=dict(type='list', elements='str') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), + domains_to_process=dict(type="list", elements="str"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "network-feed" api_call_object_plural_version = "network-feeds" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_objects_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_objects_facts.py index 50f059051..e16c8d532 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_objects_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_objects_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -145,37 +147,48 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - uid=dict(type='str'), - uids=dict(type='list', elements='str'), - filter=dict(type='str'), - ip_only=dict(type='bool'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - type=dict(type='str'), - dereference_group_members=dict(type='bool'), - show_membership=dict(type='bool'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - domains_to_process=dict(type='list', elements='str') + uid=dict(type="str"), + uids=dict(type="list", elements="str"), + filter=dict(type="str"), + ip_only=dict(type="bool"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + type=dict(type="str"), + dereference_group_members=dict(type="bool"), + show_membership=dict(type="bool"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + domains_to_process=dict(type="list", elements="str"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "object" api_call_object_plural_version = "objects" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package.py index e8a403f96..0e21be64f 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -198,54 +200,107 @@ cp_mgmt_package: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - access=dict(type='bool'), - desktop_security=dict(type='bool'), - installation_targets=dict(type='list', elements='str'), - qos=dict(type='bool'), - qos_policy_type=dict(type='str', choices=['recommended', 'express']), - tags=dict(type='list', elements='str'), - threat_prevention=dict(type='bool'), - vpn_traditional_mode=dict(type='bool'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool'), - access_layers=dict(type='dict', options=dict( - add=dict(type='list', elements='dict', options=dict( - name=dict(type='str'), - position=dict(type='int') - )), - remove=dict(type='list', elements='str'), - value=dict(type='list', elements='str') - )), - threat_layers=dict(type='dict', options=dict( - add=dict(type='list', elements='dict', options=dict( - name=dict(type='str'), - position=dict(type='int') - )), - remove=dict(type='list', elements='str'), - value=dict(type='list', elements='str') - )) + name=dict(type="str", required=True), + access=dict(type="bool"), + desktop_security=dict(type="bool"), + installation_targets=dict(type="list", elements="str"), + qos=dict(type="bool"), + qos_policy_type=dict(type="str", choices=["recommended", "express"]), + tags=dict(type="list", elements="str"), + threat_prevention=dict(type="bool"), + vpn_traditional_mode=dict(type="bool"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), + access_layers=dict( + type="dict", + options=dict( + add=dict( + type="list", + elements="dict", + options=dict( + name=dict(type="str"), position=dict(type="int") + ), + ), + remove=dict(type="list", elements="str"), + value=dict(type="list", elements="str"), + ), + ), + threat_layers=dict( + type="dict", + options=dict( + add=dict( + type="list", + elements="dict", + options=dict( + name=dict(type="str"), position=dict(type="int") + ), + ), + remove=dict(type="list", elements="str"), + value=dict(type="list", elements="str"), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'package' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "package" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package_facts.py index 54c80e754..c8ee9dc6d 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -98,30 +100,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "package" api_call_object_plural_version = "packages" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_provisioning_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_provisioning_profile_facts.py index b77a9b141..a6e721a3c 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_provisioning_profile_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_provisioning_profile_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -114,33 +116,44 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool'), - domains_to_process=dict(type='list', elements='str') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), + domains_to_process=dict(type="list", elements="str"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "provisioning-profile" api_call_object_plural_version = "provisioning-profiles" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_publish.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_publish.py index c7dedd20a..b488fd184 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_publish.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_publish.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -51,12 +53,14 @@ cp_mgmt_publish: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - ) + argument_spec = dict() argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -67,5 +71,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_put_file.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_put_file.py index 8f7eaec4c..9d0f8aa2f 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_put_file.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_put_file.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -77,16 +79,19 @@ cp_mgmt_put_file: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - targets=dict(type='list', elements='str'), - file_content=dict(type='str'), - file_name=dict(type='str'), - file_path=dict(type='str'), - comments=dict(type='str') + targets=dict(type="list", elements="str"), + file_content=dict(type="str"), + file_name=dict(type="str"), + file_path=dict(type="str"), + comments=dict(type="str"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -98,5 +103,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_radius_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_radius_group.py new file mode 100644 index 000000000..57b3ebd7f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_radius_group.py @@ -0,0 +1,150 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_radius_group +short_description: Manages radius-group objects on Checkpoint over Web Services API +description: + - Manages radius-group objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - Object name. + type: str + required: True + members: + description: + - Collection of radius servers identified by the name or UID. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-radius-group + cp_mgmt_radius_group: + members: + - t4 + - radgroup + name: radgroup + state: present + +- name: set-radius-group + cp_mgmt_radius_group: + members: + - t4 + name: radgroup + state: present + +- name: delete-radius-group + cp_mgmt_radius_group: + ignore_warnings: 'true' + name: testgroup + state: absent +""" + +RETURN = """ +cp_mgmt_radius_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, \ + api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + members=dict(type='list', elements='str'), + tags=dict(type='list', elements="str"), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', + 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', + 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', + 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'radius-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_radius_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_radius_group_facts.py new file mode 100644 index 000000000..af0ab8889 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_radius_group_facts.py @@ -0,0 +1,157 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_radius_group_facts +short_description: Get radius-group objects facts on Checkpoint over Web Services API +description: + - Get radius-group objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + async_response: + description: + - Run command in asynchronous mode and return task UID. Use show-task command to check the progress of the task. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-radius-group + cp_mgmt_radius_group_facts: + name: radgroup + +- name: show-radius-groups + cp_mgmt_radius_group_facts: + details_level: standard + limit: 4 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, \ + api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool'), + async_response=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "radius-group" + api_call_object_plural_version = "radius-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_radius_server.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_radius_server.py new file mode 100644 index 000000000..f1b0cfe5d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_radius_server.py @@ -0,0 +1,192 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_radius_server +short_description: Manages radius-server objects on Checkpoint over Web Services API +description: + - Manages radius-server objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - Object name. + type: str + required: True + server: + description: + - The UID or Name of the host that is the RADIUS Server. + type: str + shared_secret: + description: + - The secret between the RADIUS server and the Security Gateway. + type: str + service: + description: + - The UID or Name of the Service to which the RADIUS server listens. + type: str + server_version: + description: + - The version can be either RADIUS Version 1.0, which is RFC 2138 compliant, and RADIUS Version 2.0 which is RFC 2865 compliant. + type: str + choices: ['RADIUS Ver. 1.0', 'RADIUS Ver. 2.0'] + protocol: + description: + - The type of authentication protocol that will be used when authenticating the user to the RADIUS server. + type: str + choices: ['PAP', 'MS_CHAP2'] + priority: + description: + - The priority of the RADIUS Server in case it is a member of a RADIUS Group. + type: int + accounting: + description: + - Accounting settings. + type: dict + suboptions: + enable_ip_pool_management: + description: + - IP pool management, enables Accounting service. + type: bool + accounting_service: + description: + - The UID or Name of the the accounting interface to notify the server when users login and logout which will then lock and release the + IP addresses that the server allocated to those users. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-radius-server + cp_mgmt_radius_server: + name: radServer + server: hostRad + shared_secret: '123' + state: present + +- name: set-radius-server + cp_mgmt_radius_server: + name: t4 + server: hostRadius + state: present + +- name: delete-radius-server + cp_mgmt_radius_server: + ignore_warnings: 'true' + name: radiusServer + state: absent +""" + +RETURN = """ +cp_mgmt_radius_server: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, \ + api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + server=dict(type='str'), + shared_secret=dict(type='str', no_log=True), + service=dict(type='str'), + server_version=dict(type='str', choices=['RADIUS Ver. 1.0', 'RADIUS Ver. 2.0']), + protocol=dict(type='str', choices=['PAP', 'MS_CHAP2']), + priority=dict(type='int'), + accounting=dict(type='dict', options=dict( + enable_ip_pool_management=dict(type='bool'), + accounting_service=dict(type='str') + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', + 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', + 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', + 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'radius-server' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_radius_server_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_radius_server_facts.py new file mode 100644 index 000000000..988cd8858 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_radius_server_facts.py @@ -0,0 +1,147 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_radius_server_facts +short_description: Get radius-server objects facts on Checkpoint over Web Services API +description: + - Get radius-server objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-radius-server + cp_mgmt_radius_server_facts: + name: t4 + +- name: show-radius-servers + cp_mgmt_radius_server_facts: + details_level: standard + limit: 4 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, \ + api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "radius-server" + api_call_object_plural_version = "radius-servers" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reject_session.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reject_session.py index ab76c1389..967c83d43 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reject_session.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reject_session.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -61,14 +63,14 @@ cp_mgmt_reject_session: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - uid=dict(type='str'), - comments=dict(type='str') - ) + argument_spec = dict(uid=dict(type="str"), comments=dict(type="str")) argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -79,5 +81,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_package_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_package_facts.py new file mode 100644 index 000000000..a7c50e982 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_package_facts.py @@ -0,0 +1,135 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_repository_package_facts +short_description: Get repository-package objects facts on Checkpoint over Web Services API +description: + - Get repository-package objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-repository-package + cp_mgmt_repository_package_facts: + name: Check_Point_R80_20_JUMBO_HF_Bundle_T118_sk137592_Security_Gateway_and_Standalone_2_6_18_FULL.tgz + +- name: show-repository-packages + cp_mgmt_repository_package_facts: + details_level: standard + limit: 4 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, \ + api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "repository-package" + api_call_object_plural_version = "repository-packages" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script.py index 62d48cc56..113ffbe14 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -109,33 +111,74 @@ cp_mgmt_repository_script: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - script_body=dict(type='str'), - script_body_base64=dict(type='str'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']) + name=dict(type="str", required=True), + script_body=dict(type="str"), + script_body_base64=dict(type="str"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'repository-script' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "repository-script" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script_facts.py index 67edad307..15378c927 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -98,30 +100,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "repository-script" api_call_object_plural_version = "repository-scripts" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reset_sic.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reset_sic.py index cb5b8d00f..28f8e3567 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reset_sic.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reset_sic.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -62,13 +64,15 @@ cp_mgmt_reset_sic: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - name=dict(type='str'), - auto_publish_session=dict(type='bool') + name=dict(type="str"), auto_publish_session=dict(type="bool") ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -80,5 +84,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_ips_update.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_ips_update.py index 2c9f99347..aee311dbc 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_ips_update.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_ips_update.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -55,13 +57,14 @@ cp_mgmt_run_ips_update: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - package_path=dict(type='str') - ) + argument_spec = dict(package_path=dict(type="str")) argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -72,5 +75,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py index f4dabd98b..93259daeb 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -76,16 +78,19 @@ cp_mgmt_run_script: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - script_name=dict(type='str'), - script=dict(type='str'), - targets=dict(type='list', elements='str'), - args=dict(type='str'), - comments=dict(type='str') + script_name=dict(type="str"), + script=dict(type="str"), + targets=dict(type="list", elements="str"), + args=dict(type="str"), + comments=dict(type="str"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -97,5 +102,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone.py index 6c9cab11b..d1d77b1ae 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -100,31 +102,72 @@ cp_mgmt_security_zone: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'security-zone' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "security-zone" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone_facts.py index 90be77462..cf3dc2114 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -99,31 +101,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "security-zone" api_call_object_plural_version = "security-zones" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_citrix_tcp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_citrix_tcp.py new file mode 100644 index 000000000..8dcdfd796 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_citrix_tcp.py @@ -0,0 +1,135 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_citrix_tcp +short_description: Manages service-citrix-tcp objects on Checkpoint over Web Services API +description: + - Manages service-citrix-tcp objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + application: + description: + - Citrix application name. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-citrix-tcp + cp_mgmt_service_citrix_tcp: + application: My Citrix Application + name: mycitrixtcp + state: present + +- name: set-service-citrix-tcp + cp_mgmt_service_citrix_tcp: + application: My Citrix Application 2 + name: mycitrixtcp + state: present + +- name: delete-service-citrix-tcp + cp_mgmt_service_citrix_tcp: + name: mycitrixtcp + state: absent +""" + +RETURN = """ +cp_mgmt_service_citrix_tcp: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + application=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-citrix-tcp' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_citrix_tcp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_citrix_tcp_facts.py new file mode 100644 index 000000000..fd618014b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_citrix_tcp_facts.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_citrix_tcp_facts +short_description: Get service-citrix-tcp objects facts on Checkpoint over Web Services API +description: + - Get service-citrix-tcp objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-citrix-tcp + cp_mgmt_service_citrix_tcp_facts: + name: mycitrixtcp + +- name: show-services-citrix-tcp + cp_mgmt_service_citrix_tcp_facts: + limit: 10 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-citrix-tcp" + api_call_object_plural_version = "services-citrix-tcp" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_compound_tcp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_compound_tcp.py new file mode 100644 index 000000000..2d2a1831b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_compound_tcp.py @@ -0,0 +1,150 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_compound_tcp +short_description: Manages service-compound-tcp objects on Checkpoint over Web Services API +description: + - Manages service-compound-tcp objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + compound_service: + description: + - Compound service type. + type: str + choices: ['pointcast', 'netcaster', 'backweb', 'cdf'] + keep_connections_open_after_policy_installation: + description: + - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the + Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-service-compound-tcp + cp_mgmt_service_compound_tcp: + compound_service: pointcast + keep_connections_open_after_policy_installation: 'True' + name: mycompoundtcp + state: present + +- name: set-service-compound-tcp + cp_mgmt_service_compound_tcp: + compound_service: backweb + keep_connections_open_after_policy_installation: 'False' + name: mycompoundtcp + state: present + +- name: delete-service-compound-tcp + cp_mgmt_service_compound_tcp: + name: mycompoundtcp + state: absent +""" + +RETURN = """ +cp_mgmt_service_compound_tcp: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + compound_service=dict(type='str', choices=['pointcast', 'netcaster', 'backweb', 'cdf']), + keep_connections_open_after_policy_installation=dict(type='bool'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'service-compound-tcp' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_compound_tcp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_compound_tcp_facts.py new file mode 100644 index 000000000..d2b72a3b3 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_compound_tcp_facts.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_service_compound_tcp_facts +short_description: Get service-compound-tcp objects facts on Checkpoint over Web Services API +description: + - Get service-compound-tcp objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-service-compound-tcp + cp_mgmt_service_compound_tcp_facts: + name: mycompoundtcp + +- name: show-services-compound-tcp + cp_mgmt_service_compound_tcp_facts: + limit: 10 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "service-compound-tcp" + api_call_object_plural_version = "services-compound-tcp" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc.py index 63941587a..ec5ee67b0 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -116,34 +118,75 @@ cp_mgmt_service_dce_rpc: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - interface_uuid=dict(type='str'), - keep_connections_open_after_policy_installation=dict(type='bool'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + interface_uuid=dict(type="str"), + keep_connections_open_after_policy_installation=dict(type="bool"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'service-dce-rpc' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "service-dce-rpc" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc_facts.py index b9419a93a..59a0517ec 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -102,31 +104,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "service-dce-rpc" api_call_object_plural_version = "services-dce-rpc" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group.py index 1f78ac539..be7a969f5 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -117,33 +119,74 @@ cp_mgmt_service_group: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - members=dict(type='list', elements='str'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + members=dict(type="list", elements="str"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'service-group' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "service-group" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group_facts.py index f04e0b961..589849fe0 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -112,33 +114,44 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - show_as_ranges=dict(type='bool'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - dereference_group_members=dict(type='bool'), - show_membership=dict(type='bool') + name=dict(type="str"), + show_as_ranges=dict(type="bool"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + dereference_group_members=dict(type="bool"), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "service-group" api_call_object_plural_version = "service-groups" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp.py index 0cd0d4ca8..a5627f4a9 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -120,35 +122,76 @@ cp_mgmt_service_icmp: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - icmp_code=dict(type='int'), - icmp_type=dict(type='int'), - keep_connections_open_after_policy_installation=dict(type='bool'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + icmp_code=dict(type="int"), + icmp_type=dict(type="int"), + keep_connections_open_after_policy_installation=dict(type="bool"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'service-icmp' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "service-icmp" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6.py index fe845e609..4a5bec46a 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -120,35 +122,76 @@ cp_mgmt_service_icmp6: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - icmp_code=dict(type='int'), - icmp_type=dict(type='int'), - keep_connections_open_after_policy_installation=dict(type='bool'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + icmp_code=dict(type="int"), + icmp_type=dict(type="int"), + keep_connections_open_after_policy_installation=dict(type="bool"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'service-icmp6' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "service-icmp6" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6_facts.py index d94525f23..539569f3a 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -101,31 +103,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "service-icmp6" api_call_object_plural_version = "services-icmp6" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp_facts.py index 8d044c37f..e8a8f834d 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -101,31 +103,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "service-icmp" api_call_object_plural_version = "services-icmp" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other.py index 8e1766a58..455190ff4 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -180,48 +182,92 @@ cp_mgmt_service_other: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - accept_replies=dict(type='bool'), - action=dict(type='str'), - aggressive_aging=dict(type='dict', options=dict( - default_timeout=dict(type='int'), - enable=dict(type='bool'), - timeout=dict(type='int'), - use_default_timeout=dict(type='bool') - )), - ip_protocol=dict(type='int'), - keep_connections_open_after_policy_installation=dict(type='bool'), - match=dict(type='str'), - match_for_any=dict(type='bool'), - override_default_settings=dict(type='bool'), - session_timeout=dict(type='int'), - sync_connections_on_cluster=dict(type='bool'), - tags=dict(type='list', elements='str'), - use_default_session_timeout=dict(type='bool'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + accept_replies=dict(type="bool"), + action=dict(type="str"), + aggressive_aging=dict( + type="dict", + options=dict( + default_timeout=dict(type="int"), + enable=dict(type="bool"), + timeout=dict(type="int"), + use_default_timeout=dict(type="bool"), + ), + ), + ip_protocol=dict(type="int"), + keep_connections_open_after_policy_installation=dict(type="bool"), + match=dict(type="str"), + match_for_any=dict(type="bool"), + override_default_settings=dict(type="bool"), + session_timeout=dict(type="int"), + sync_connections_on_cluster=dict(type="bool"), + tags=dict(type="list", elements="str"), + use_default_session_timeout=dict(type="bool"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'service-other' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "service-other" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other_facts.py index e7ad3da11..0cca6ed9f 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -102,31 +104,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "service-other" api_call_object_plural_version = "services-other" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc.py index e9f917ca1..21c0739f2 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -116,34 +118,75 @@ cp_mgmt_service_rpc: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - keep_connections_open_after_policy_installation=dict(type='bool'), - program_number=dict(type='int'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + keep_connections_open_after_policy_installation=dict(type="bool"), + program_number=dict(type="int"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'service-rpc' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "service-rpc" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc_facts.py index 3ff1f3c0b..7df6d695c 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -102,31 +104,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "service-rpc" api_call_object_plural_version = "services-rpc" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp.py index 624a81939..e6d7ae333 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -167,45 +169,89 @@ cp_mgmt_service_sctp: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - port=dict(type='str'), - aggressive_aging=dict(type='dict', options=dict( - default_timeout=dict(type='int'), - enable=dict(type='bool'), - timeout=dict(type='int'), - use_default_timeout=dict(type='bool') - )), - keep_connections_open_after_policy_installation=dict(type='bool'), - match_for_any=dict(type='bool'), - session_timeout=dict(type='int'), - source_port=dict(type='str'), - sync_connections_on_cluster=dict(type='bool'), - tags=dict(type='list', elements='str'), - use_default_session_timeout=dict(type='bool'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + port=dict(type="str"), + aggressive_aging=dict( + type="dict", + options=dict( + default_timeout=dict(type="int"), + enable=dict(type="bool"), + timeout=dict(type="int"), + use_default_timeout=dict(type="bool"), + ), + ), + keep_connections_open_after_policy_installation=dict(type="bool"), + match_for_any=dict(type="bool"), + session_timeout=dict(type="int"), + source_port=dict(type="str"), + sync_connections_on_cluster=dict(type="bool"), + tags=dict(type="list", elements="str"), + use_default_session_timeout=dict(type="bool"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'service-sctp' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "service-sctp" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp_facts.py index 852aacff5..5e5a9c102 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -102,31 +104,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "service-sctp" api_call_object_plural_version = "services-sctp" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp.py index 91b032b05..de251efd2 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -184,48 +186,92 @@ cp_mgmt_service_tcp: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - aggressive_aging=dict(type='dict', options=dict( - default_timeout=dict(type='int'), - enable=dict(type='bool'), - timeout=dict(type='int'), - use_default_timeout=dict(type='bool') - )), - keep_connections_open_after_policy_installation=dict(type='bool'), - match_by_protocol_signature=dict(type='bool'), - match_for_any=dict(type='bool'), - override_default_settings=dict(type='bool'), - port=dict(type='str'), - protocol=dict(type='str'), - session_timeout=dict(type='int'), - source_port=dict(type='str'), - sync_connections_on_cluster=dict(type='bool'), - tags=dict(type='list', elements='str'), - use_default_session_timeout=dict(type='bool'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + aggressive_aging=dict( + type="dict", + options=dict( + default_timeout=dict(type="int"), + enable=dict(type="bool"), + timeout=dict(type="int"), + use_default_timeout=dict(type="bool"), + ), + ), + keep_connections_open_after_policy_installation=dict(type="bool"), + match_by_protocol_signature=dict(type="bool"), + match_for_any=dict(type="bool"), + override_default_settings=dict(type="bool"), + port=dict(type="str"), + protocol=dict(type="str"), + session_timeout=dict(type="int"), + source_port=dict(type="str"), + sync_connections_on_cluster=dict(type="bool"), + tags=dict(type="list", elements="str"), + use_default_session_timeout=dict(type="bool"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'service-tcp' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "service-tcp" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp_facts.py index 55e0c16d9..a9dc3e4ec 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -102,31 +104,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "service-tcp" api_call_object_plural_version = "services-tcp" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp.py index 31558754b..cb90ec034 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -190,49 +192,93 @@ cp_mgmt_service_udp: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - accept_replies=dict(type='bool'), - aggressive_aging=dict(type='dict', options=dict( - default_timeout=dict(type='int'), - enable=dict(type='bool'), - timeout=dict(type='int'), - use_default_timeout=dict(type='bool') - )), - keep_connections_open_after_policy_installation=dict(type='bool'), - match_by_protocol_signature=dict(type='bool'), - match_for_any=dict(type='bool'), - override_default_settings=dict(type='bool'), - port=dict(type='str'), - protocol=dict(type='str'), - session_timeout=dict(type='int'), - source_port=dict(type='str'), - sync_connections_on_cluster=dict(type='bool'), - tags=dict(type='list', elements='str'), - use_default_session_timeout=dict(type='bool'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + accept_replies=dict(type="bool"), + aggressive_aging=dict( + type="dict", + options=dict( + default_timeout=dict(type="int"), + enable=dict(type="bool"), + timeout=dict(type="int"), + use_default_timeout=dict(type="bool"), + ), + ), + keep_connections_open_after_policy_installation=dict(type="bool"), + match_by_protocol_signature=dict(type="bool"), + match_for_any=dict(type="bool"), + override_default_settings=dict(type="bool"), + port=dict(type="str"), + protocol=dict(type="str"), + session_timeout=dict(type="int"), + source_port=dict(type="str"), + sync_connections_on_cluster=dict(type="bool"), + tags=dict(type="list", elements="str"), + use_default_session_timeout=dict(type="bool"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'service-udp' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "service-udp" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp_facts.py index 1668739ab..14e0ea178 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -102,31 +104,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "service-udp" api_call_object_plural_version = "services-udp" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_session_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_session_facts.py index 9b64722da..67ea673f2 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_session_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_session_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -96,30 +98,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - view_published_sessions=dict(type='bool'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']) + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + view_published_sessions=dict(type="bool"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "session" api_call_object_plural_version = "sessions" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_api_settings.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_api_settings.py new file mode 100644 index 000000000..127eedb57 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_api_settings.py @@ -0,0 +1,78 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_api_settings +short_description: Edit API settings, the changes will be applied after publish followed by running 'api restart' command. +description: + - Edit API settings, the changes will be applied after publish followed by running 'api restart' command. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + accepted_api_calls_from: + description: + - Clients allowed to connect to the API Server. + type: str + choices: ['management server only', 'all ip addresses that can be used for gui clients', 'all ip addresses'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-api-settings + cp_mgmt_set_api_settings: + accepted_api_calls_from: 'all ip addresses' +""" + +RETURN = """ +cp_mgmt_set_api_settings: + description: The checkpoint set-api-settings output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + accepted_api_calls_from=dict(type='str', choices=['management server only', 'all ip addresses that can be used for gui clients', 'all ip addresses']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-api-settings" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_cloud_services.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_cloud_services.py new file mode 100644 index 000000000..f182e4cf5 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_cloud_services.py @@ -0,0 +1,114 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_cloud_services +short_description: Set the connection settings between the Management Server and Check Point's Infinity Portal. +description: + - Set the connection settings between the Management Server and Check Point's Infinity Portal. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + gateways_onboarding_settings: + description: + - Gateways on-boarding to Infinity Portal settings. + type: dict + suboptions: + connection_method: + description: + - Indicate whether Gateways will be connected to Infinity Portal automatically or only after policy installation. + type: str + choices: ['automatically', 'after install policy'] + participant_gateways: + description: + - Which Gateways will be connected to Infinity Portal. + type: str + choices: ['all', 'specific'] + specific_gateways: + description: + - Selection of targets identified by the name or UID which will be on-boarded to the cloud. Configuration will be applied only when + "participant-gateways" field is set to "specific". + type: list + elements: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + status: + description: + - Connection status. + type: str + choices: ['connected', 'disabled'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-cloud-services + cp_mgmt_set_cloud_services: + gateways_onboarding_settings: + connection_method: after install policy + participant_gateways: specific + specific_gateways: gw1 +""" + +RETURN = """ +cp_mgmt_set_cloud_services: + description: The checkpoint set-cloud-services output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + gateways_onboarding_settings=dict(type='dict', options=dict( + connection_method=dict(type='str', choices=['automatically', 'after install policy']), + participant_gateways=dict(type='str', choices=['all', 'specific']), + specific_gateways=dict(type='list', elements='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + )), + status=dict(type='str', choices=['connected', 'disabled']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-cloud-services" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_domain.py index 186bc4b2d..e9205b647 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_domain.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_domain.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -139,43 +141,92 @@ cp_mgmt_domain: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - servers=dict(type='dict', options=dict( - add=dict(type='list', elements='dict', options=dict( - name=dict(type='str'), - ip_address=dict(type='str'), - ipv4_address=dict(type='str'), - ipv6_address=dict(type='str'), - multi_domain_server=dict(type='str'), - skip_start_domain_server=dict(type='bool'), - type=dict(type='str', choices=['management server', 'log server', 'smc']) - )), - remove=dict(type='list', elements='str') - )), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool'), - tags=dict(type='list', elements='str') + name=dict(type="str", required=True), + servers=dict( + type="dict", + options=dict( + add=dict( + type="list", + elements="dict", + options=dict( + name=dict(type="str"), + ip_address=dict(type="str"), + ipv4_address=dict(type="str"), + ipv6_address=dict(type="str"), + multi_domain_server=dict(type="str"), + skip_start_domain_server=dict(type="bool"), + type=dict( + type="str", + choices=["management server", "log server", "smc"], + ), + ), + ), + remove=dict(type="list", elements="str"), + ), + ), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), + tags=dict(type="list", elements="str"), ) argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) - command = 'set-domain' + command = "set-domain" result = api_command(module, command) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_global_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_global_domain.py new file mode 100644 index 000000000..95a787d26 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_global_domain.py @@ -0,0 +1,143 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_global_domain +short_description: Edit Global domain object using domain name or UID. +description: + - Edit Global domain object using domain name or UID. When the list of Multi Domain Server is edited, the command is handled asynchronously. A list of + task identifiers is returned to a user. In this case, the changes to the Global domain object are done in a public session and so should not be published. + If the domain is changed in other parameters than the Multi Domain Servers, i.e. comments, color or tags, such changes are done in the user's private + session and therefore should be published. In this case, the returned command output is similar to the one of 'show-global-domain'. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + servers: + description: + - Multi Domain Servers. When the field is provided, 'set-global-domain' command is executed asynchronously. + type: dict + suboptions: + add: + description: + - Adds to collection of values + type: list + elements: str + remove: + description: + - Removes from collection of values + type: list + elements: str + tags: + description: + - Collection of tag identifiers. Note, The list of tags can not be modified in a single command together with the domain servers. To modify + tags, please use the separate 'set-global-domain' command, without providing the list of domain servers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-global-domain + cp_mgmt_set_global_domain: + name: Global + tags: + - tag1 + comments: "This is a Global domain" +""" + +RETURN = """ +cp_mgmt_set_global_domain: + description: The checkpoint set-global-domain output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + servers=dict(type='dict', options=dict( + add=dict(type='list', elements='str'), + remove=dict(type='list', elements='str') + )), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-global-domain" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_global_properties.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_global_properties.py index 12549bb8c..41740c9fd 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_global_properties.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_global_properties.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -1624,7 +1626,6 @@ EXAMPLES = """ logical_name: unique logical name port: 8080 reauthentication: post request - state: present """ RETURN = """ @@ -1635,400 +1636,987 @@ cp_mgmt_set_global_properties: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - firewall=dict(type='dict', options=dict( - accept_control_connections=dict(type='bool'), - accept_ips1_management_connections=dict(type='bool'), - accept_remote_access_control_connections=dict(type='bool'), - accept_smart_update_connections=dict(type='bool'), - accept_outgoing_packets_originating_from_gw=dict(type='bool'), - accept_outgoing_packets_originating_from_gw_position=dict(type='str', choices=['first', 'last', 'before last']), - accept_outgoing_packets_originating_from_connectra_gw=dict(type='bool'), - accept_outgoing_packets_to_cp_online_services=dict(type='bool'), - accept_outgoing_packets_to_cp_online_services_position=dict(type='str', choices=['first', 'last', 'before last']), - accept_domain_name_over_tcp=dict(type='bool'), - accept_domain_name_over_tcp_position=dict(type='str', choices=['first', 'last', 'before last']), - accept_domain_name_over_udp=dict(type='bool'), - accept_domain_name_over_udp_position=dict(type='str', choices=['first', 'last', 'before last']), - accept_dynamic_addr_modules_outgoing_internet_connections=dict(type='bool'), - accept_icmp_requests=dict(type='bool'), - accept_icmp_requests_position=dict(type='str', choices=['first', 'last', 'before last']), - accept_identity_awareness_control_connections=dict(type='bool'), - accept_identity_awareness_control_connections_position=dict(type='str', choices=['first', 'last', 'before last']), - accept_incoming_traffic_to_dhcp_and_dns_services_of_gws=dict(type='bool'), - accept_rip=dict(type='bool'), - accept_rip_position=dict(type='str', choices=['first', 'last', 'before last']), - accept_vrrp_packets_originating_from_cluster_members=dict(type='bool'), - accept_web_and_ssh_connections_for_gw_administration=dict(type='bool'), - log_implied_rules=dict(type='bool'), - security_server=dict(type='dict', options=dict( - client_auth_welcome_file=dict(type='str'), - ftp_welcome_msg_file=dict(type='str'), - rlogin_welcome_msg_file=dict(type='str'), - telnet_welcome_msg_file=dict(type='str'), - mdq_welcome_msg=dict(type='str'), - smtp_welcome_msg=dict(type='str'), - http_next_proxy_host=dict(type='str'), - http_next_proxy_port=dict(type='int'), - http_servers=dict(type='list', elements='dict', options=dict( - logical_name=dict(type='str'), - host=dict(type='str'), - port=dict(type='int'), - reauthentication=dict(type='str', choices=['standard', 'post request', 'every request']) - )), - server_for_null_requests=dict(type='str') - )) - )), - nat=dict(type='dict', options=dict( - allow_bi_directional_nat=dict(type='bool'), - auto_arp_conf=dict(type='bool'), - merge_manual_proxy_arp_conf=dict(type='bool'), - auto_translate_dest_on_client_side=dict(type='bool'), - manually_translate_dest_on_client_side=dict(type='bool'), - enable_ip_pool_nat=dict(type='bool'), - addr_alloc_and_release_track=dict(type='str', choices=['ip allocation log', 'none']), - addr_exhaustion_track=dict(type='str', choices=['ip exhaustion alert', 'none', 'ip exhaustion log']) - )), - authentication=dict(type='dict', options=dict( - auth_internal_users_with_specific_suffix=dict(type='bool'), - allowed_suffix_for_internal_users=dict(type='str'), - max_days_before_expiration_of_non_pulled_user_certificates=dict(type='int'), - max_client_auth_attempts_before_connection_termination=dict(type='int'), - max_rlogin_attempts_before_connection_termination=dict(type='int'), - max_session_auth_attempts_before_connection_termination=dict(type='int'), - max_telnet_attempts_before_connection_termination=dict(type='int'), - enable_delayed_auth=dict(type='bool'), - delay_each_auth_attempt_by=dict(type='int') - )), - vpn=dict(type='dict', options=dict( - vpn_conf_method=dict(type='str', choices=['simplified', 'traditional', 'per policy']), - domain_name_for_dns_resolving=dict(type='str'), - enable_backup_gw=dict(type='bool'), - enable_decrypt_on_accept_for_gw_to_gw_traffic=dict(type='bool'), - enable_load_distribution_for_mep_conf=dict(type='bool'), - enable_vpn_directional_match_in_vpn_column=dict(type='bool'), - grace_period_after_the_crl_is_not_valid=dict(type='int'), - grace_period_before_the_crl_is_valid=dict(type='int'), - grace_period_extension_for_secure_remote_secure_client=dict(type='int'), - support_ike_dos_protection_from_identified_src=dict(type='str', choices=['puzzles', 'stateless', 'none']), - support_ike_dos_protection_from_unidentified_src=dict(type='str', choices=['puzzles', 'stateless', 'none']) - )), - remote_access=dict(type='dict', options=dict( - enable_back_connections=dict(type='bool'), - keep_alive_packet_to_gw_interval=dict(type='int'), - encrypt_dns_traffic=dict(type='bool'), - simultaneous_login_mode=dict(type='str', choices=['allowonlysinglelogintouser', 'allowseverallogintouser']), - vpn_authentication_and_encryption=dict(type='dict', options=dict( - encryption_algorithms=dict(type='dict', options=dict( - ike=dict(type='dict', options=dict( - support_encryption_algorithms=dict(type='dict', options=dict( - tdes=dict(type='bool'), - aes_128=dict(type='bool'), - aes_256=dict(type='bool'), - des=dict(type='bool') - )), - use_encryption_algorithm=dict(type='str', choices=['AES-256', 'DES', 'AES-128', 'TDES']), - support_data_integrity=dict(type='dict', options=dict( - aes_xcbc=dict(type='bool'), - md5=dict(type='bool'), - sha1=dict(type='bool'), - sha256=dict(type='bool') - )), - use_data_integrity=dict(type='str', choices=['aes-xcbc', 'sha256', 'sha1', 'md5']), - support_diffie_hellman_groups=dict(type='dict', options=dict( - group1=dict(type='bool'), - group14=dict(type='bool'), - group2=dict(type='bool'), - group5=dict(type='bool') - )), - use_diffie_hellman_group=dict(type='str', choices=['group 1', 'group 2', 'group 5', 'group 14']) - )), - ipsec=dict(type='dict', options=dict( - support_encryption_algorithms=dict(type='dict', options=dict( - tdes=dict(type='bool'), - aes_128=dict(type='bool'), - aes_256=dict(type='bool'), - des=dict(type='bool') - )), - use_encryption_algorithm=dict(type='str', choices=['AES-256', 'DES', 'AES-128', 'TDES']), - support_data_integrity=dict(type='dict', options=dict( - aes_xcbc=dict(type='bool'), - md5=dict(type='bool'), - sha1=dict(type='bool'), - sha256=dict(type='bool') - )), - use_data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'sha512', 'md5']), - enforce_encryption_alg_and_data_integrity_on_all_users=dict(type='bool') - )) - )), - encryption_method=dict(type='str', choices=['prefer_ikev2_support_ikev1', 'ike_v2_only', 'ike_v1_only']), - pre_shared_secret=dict(type='bool'), - support_legacy_auth_for_sc_l2tp_nokia_clients=dict(type='bool'), - support_legacy_eap=dict(type='bool'), - support_l2tp_with_pre_shared_key=dict(type='bool'), - l2tp_pre_shared_key=dict(type='str', no_log=True) - )), - vpn_advanced=dict(type='dict', options=dict( - allow_clear_traffic_to_encryption_domain_when_disconnected=dict(type='bool'), - enable_load_distribution_for_mep_conf=dict(type='bool'), - use_first_allocated_om_ip_addr_for_all_conn_to_the_gws_of_the_site=dict(type='bool') - )), - scv=dict(type='dict', options=dict( - apply_scv_on_simplified_mode_fw_policies=dict(type='bool'), - exceptions=dict(type='list', elements='dict', options=dict( - hosts=dict(type='list', elements='str'), - services=dict(type='list', elements='str') - )), - no_scv_for_unsupported_cp_clients=dict(type='bool'), - upon_verification_accept_and_log_client_connection=dict(type='bool'), - only_tcp_ip_protocols_are_used=dict(type='bool'), - policy_installed_on_all_interfaces=dict(type='bool'), - generate_log=dict(type='bool'), - notify_user=dict(type='bool') - )), - ssl_network_extender=dict(type='dict', options=dict( - user_auth_method=dict(type='str', choices=['certificate_with_enrollment', 'certificate', 'mixed', 'legacy']), - supported_encryption_methods=dict(type='str', choices=['3des_or_rc4', '3des_only']), - client_upgrade_upon_connection=dict(type='str', choices=['force_upgrade', 'ask_user', 'no_upgrade']), - client_uninstall_upon_disconnection=dict(type='str', choices=['force_uninstall', 'ask_user', 'dont_uninstall']), - re_auth_user_interval=dict(type='int'), - scan_ep_machine_for_compliance_with_ep_compliance_policy=dict(type='bool'), - client_outgoing_keep_alive_packets_frequency=dict(type='int') - )), - secure_client_mobile=dict(type='dict', options=dict( - user_auth_method=dict(type='str', choices=['certificate_with_enrollment', 'certificate', 'mixed', 'legacy']), - enable_password_caching=dict(type='str', choices=['client_decide', 'true', 'false']), - cache_password_timeout=dict(type='int'), - re_auth_user_interval=dict(type='int'), - connect_mode=dict(type='str', choices=['manual', 'always connected', 'on application request', 'configured on endpoint client']), - automatically_initiate_dialup=dict(type='str', choices=['client_decide', 'true', 'false']), - disconnect_when_device_is_idle=dict(type='str', choices=['client_decide', 'true', 'false']), - supported_encryption_methods=dict(type='str', choices=['3des_or_rc4', '3des_only']), - route_all_traffic_to_gw=dict(type='str', choices=['client_decide', 'true', 'false']) - )), - endpoint_connect=dict(type='dict', options=dict( - enable_password_caching=dict(type='str', choices=['client_decide', 'true', 'false']), - cache_password_timeout=dict(type='int'), - re_auth_user_interval=dict(type='int'), - connect_mode=dict(type='str', choices=['Manual', 'Always Connected', 'Configured On Endpoint Client']), - network_location_awareness=dict(type='str', choices=['client_decide', 'true', 'false']), - network_location_awareness_conf=dict(type='dict', options=dict( - vpn_clients_are_considered_inside_the_internal_network_when_the_client=dict( - type='str', - choices=['connects to gw through internal interface', - 'connects from network or group', - 'runs on computer with access to active directory domain']), - network_or_group_of_conn_vpn_client=dict(type='str'), - consider_wireless_networks_as_external=dict(type='bool'), - excluded_internal_wireless_networks=dict(type='list', elements='str'), - consider_undefined_dns_suffixes_as_external=dict(type='bool'), - dns_suffixes=dict(type='list', elements='str'), - remember_previously_detected_external_networks=dict(type='bool') - )), - disconnect_when_conn_to_network_is_lost=dict(type='str', choices=['client_decide', 'true', 'false']), - disconnect_when_device_is_idle=dict(type='str', choices=['client_decide', 'true', 'false']), - route_all_traffic_to_gw=dict(type='str', choices=['client_decide', 'true', 'false']), - client_upgrade_mode=dict(type='str', choices=['force_upgrade', 'ask_user', 'no_upgrade']) - )), - hot_spot_and_hotel_registration=dict(type='dict', options=dict( - enable_registration=dict(type='bool'), - local_subnets_access_only=dict(type='bool'), - registration_timeout=dict(type='int'), - track_log=dict(type='bool'), - max_ip_access_during_registration=dict(type='int'), - ports=dict(type='list', elements='str') - )) - )), - user_directory=dict(type='dict', options=dict( - enable_password_change_when_user_active_directory_expires=dict(type='bool'), - cache_size=dict(type='int'), - enable_password_expiration_configuration=dict(type='bool'), - password_expires_after=dict(type='int', no_log=False), - timeout_on_cached_users=dict(type='int'), - display_user_dn_at_login=dict(type='str', choices=['no display', 'display upon request', 'display']), - enforce_rules_for_user_mgmt_admins=dict(type='bool'), - min_password_length=dict(type='int', no_log=False), - password_must_include_a_digit=dict(type='bool'), - password_must_include_a_symbol=dict(type='bool'), - password_must_include_lowercase_char=dict(type='bool'), - password_must_include_uppercase_char=dict(type='bool') - )), - qos=dict(type='dict', options=dict( - default_weight_of_rule=dict(type='int'), - max_weight_of_rule=dict(type='int'), - unit_of_measure=dict(type='str', choices=['bits-per-sec', 'bytes-per-sec', 'kbits-per-sec', 'kbytes-per-sec', 'mbits-per-sec', 'mbytes-per-sec']), - authenticated_ip_expiration=dict(type='int'), - non_authenticated_ip_expiration=dict(type='int'), - unanswered_queried_ip_expiration=dict(type='int') - )), - carrier_security=dict(type='dict', options=dict( - block_gtp_in_gtp=dict(type='bool'), - enforce_gtp_anti_spoofing=dict(type='bool'), - produce_extended_logs_on_unmatched_pdus=dict(type='bool'), - produce_extended_logs_on_unmatched_pdus_position=dict(type='str', choices=['before last', 'last']), - protocol_violation_track_option=dict(type='str', choices=['none', 'log', - 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', - 'user defined alert no.2', 'user defined alert no.3']), - enable_g_pdu_seq_number_check_with_max_deviation=dict(type='bool'), - g_pdu_seq_number_check_max_deviation=dict(type='int'), - verify_flow_labels=dict(type='bool'), - allow_ggsn_replies_from_multiple_interfaces=dict(type='bool'), - enable_reverse_connections=dict(type='bool'), - gtp_signaling_rate_limit_sampling_interval=dict(type='int'), - one_gtp_echo_on_each_path_frequency=dict(type='int'), - aggressive_aging=dict(type='bool'), - aggressive_timeout=dict(type='int'), - memory_activation_threshold=dict(type='int'), - memory_deactivation_threshold=dict(type='int'), - tunnel_activation_threshold=dict(type='int'), - tunnel_deactivation_threshold=dict(type='int') - )), - user_accounts=dict(type='dict', options=dict( - expiration_date_method=dict(type='str', choices=['expire after', 'expire at']), - expiration_date=dict(type='str'), - days_until_expiration=dict(type='int'), - show_accounts_expiration_indication_days_in_advance=dict(type='bool') - )), - user_authority=dict(type='dict', options=dict( - display_web_access_view=dict(type='bool'), - windows_domains_to_trust=dict(type='str', choices=['selectively', 'all']), - trust_only_following_windows_domains=dict(type='list', elements='str') - )), - connect_control=dict(type='dict', options=dict( - load_agents_port=dict(type='int'), - load_measurement_interval=dict(type='int'), - persistence_server_timeout=dict(type='int'), - server_availability_check_interval=dict(type='int'), - server_check_retries=dict(type='int') - )), - stateful_inspection=dict(type='dict', options=dict( - tcp_start_timeout=dict(type='int'), - tcp_session_timeout=dict(type='int'), - tcp_end_timeout=dict(type='int'), - tcp_end_timeout_r8020_gw_and_above=dict(type='int'), - udp_virtual_session_timeout=dict(type='int'), - icmp_virtual_session_timeout=dict(type='int'), - other_ip_protocols_virtual_session_timeout=dict(type='int'), - sctp_start_timeout=dict(type='int'), - sctp_session_timeout=dict(type='int'), - sctp_end_timeout=dict(type='int'), - accept_stateful_udp_replies_for_unknown_services=dict(type='bool'), - accept_stateful_icmp_errors=dict(type='bool'), - accept_stateful_icmp_replies=dict(type='bool'), - accept_stateful_other_ip_protocols_replies_for_unknown_services=dict(type='bool'), - drop_out_of_state_tcp_packets=dict(type='bool'), - log_on_drop_out_of_state_tcp_packets=dict(type='bool'), - tcp_out_of_state_drop_exceptions=dict(type='list', elements='str'), - drop_out_of_state_icmp_packets=dict(type='bool'), - log_on_drop_out_of_state_icmp_packets=dict(type='bool'), - drop_out_of_state_sctp_packets=dict(type='bool'), - log_on_drop_out_of_state_sctp_packets=dict(type='bool') - )), - log_and_alert=dict(type='dict', options=dict( - administrative_notifications=dict(type='str', choices=['none', 'log', - 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', - 'user defined alert no.2', 'user defined alert no.3']), - connection_matched_by_sam=dict(type='str', choices=['Popup Alert', 'Mail Alert', - 'SNMP Trap Alert', 'User Defined Alert no.1', 'User Defined Alert no.2', - 'User Defined Alert no.3']), - dynamic_object_resolution_failure=dict(type='str', choices=['none', 'log', - 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', - 'user defined alert no.2', 'user defined alert no.3']), - ip_options_drop=dict(type='str', choices=['none', 'log', 'popup alert', 'mail alert', - 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', 'user defined alert no.3']), - packet_is_incorrectly_tagged=dict(type='str', choices=['none', 'log', - 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', - 'user defined alert no.2', 'user defined alert no.3']), - packet_tagging_brute_force_attack=dict(type='str', choices=['none', 'log', - 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', - 'user defined alert no.2', 'user defined alert no.3']), - sla_violation=dict(type='str', choices=['none', 'log', 'popup alert', 'mail alert', - 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', 'user defined alert no.3']), - vpn_conf_and_key_exchange_errors=dict(type='str', choices=['none', 'log', - 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', - 'user defined alert no.2', 'user defined alert no.3']), - vpn_packet_handling_error=dict(type='str', choices=['none', 'log', 'popup alert', - 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', - 'user defined alert no.3']), - vpn_successful_key_exchange=dict(type='str', choices=['none', 'log', - 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', - 'user defined alert no.2', 'user defined alert no.3']), - log_every_authenticated_http_connection=dict(type='bool'), - log_traffic=dict(type='str', choices=['none', 'log']), - alerts=dict(type='dict', options=dict( - send_popup_alert_to_smartview_monitor=dict(type='bool'), - popup_alert_script=dict(type='str'), - send_mail_alert_to_smartview_monitor=dict(type='bool'), - mail_alert_script=dict(type='str'), - send_snmp_trap_alert_to_smartview_monitor=dict(type='bool'), - snmp_trap_alert_script=dict(type='str'), - send_user_defined_alert_num1_to_smartview_monitor=dict(type='bool'), - user_defined_script_num1=dict(type='str'), - send_user_defined_alert_num2_to_smartview_monitor=dict(type='bool'), - user_defined_script_num2=dict(type='str'), - send_user_defined_alert_num3_to_smartview_monitor=dict(type='bool'), - user_defined_script_num3=dict(type='str'), - default_track_option_for_system_alerts=dict(type='str', choices=['Popup Alert', 'Mail Alert', 'SNMP Trap Alert', - 'User Defined Alert no.1', 'User Defined Alert no.2', - 'User Defined Alert no.3']) - )), - time_settings=dict(type='dict', options=dict( - excessive_log_grace_period=dict(type='int'), - logs_resolving_timeout=dict(type='int'), - status_fetching_interval=dict(type='int'), - virtual_link_statistics_logging_interval=dict(type='int') - )) - )), - data_access_control=dict(type='dict', options=dict( - auto_download_important_data=dict(type='bool'), - auto_download_sw_updates_and_new_features=dict(type='bool'), - send_anonymous_info=dict(type='bool'), - share_sensitive_info=dict(type='bool') - )), - non_unique_ip_address_ranges=dict(type='list', elements='dict', options=dict( - address_type=dict(type='str', choices=['IPv4', 'IPv6']), - first_ipv4_address=dict(type='str'), - first_ipv6_address=dict(type='str'), - last_ipv4_address=dict(type='str'), - last_ipv6_address=dict(type='str') - )), - proxy=dict(type='dict', options=dict( - use_proxy_server=dict(type='bool'), - proxy_address=dict(type='str'), - proxy_port=dict(type='int') - )), - user_check=dict(type='dict', options=dict( - preferred_language=dict(type='str', choices=['Afrikaans', 'Albanian', 'Amharic', 'Arabic', - 'Armenian', 'Basque', 'Belarusian', 'Bosnian', 'Bulgarian', 'Catalan', 'Chinese', 'Croatian', 'Czech', - 'Danish', 'Dutch', 'English', 'Estonian', 'Finnish', 'French', 'Gaelic', 'Georgian', 'German', - 'Greek', 'Hebrew', 'Hindi', 'Hungarian', 'Icelandic', 'Indonesian', 'Irish', 'Italian', 'Japanese', - 'Korean', 'Latvian', 'Lithuanian', 'Macedonia', 'Maltese', 'Nepali', 'Norwegian', 'Polish', - 'Portuguese', 'Romanian', 'Russian', 'Serbian', 'Slovak', 'Slovenian', 'Sorbian', 'Spanish', - 'Swahili', 'Swedish', 'Thai', 'Turkish', 'Ukrainian', 'Vietnamese', 'Welsh']), - send_emails_using_mail_server=dict(type='str') - )), - hit_count=dict(type='dict', options=dict( - enable_hit_count=dict(type='bool'), - keep_hit_count_data_up_to=dict(type='str', choices=['3 months', '6 months', '1 year', '2 years']) - )), - advanced_conf=dict(type='dict', options=dict( - certs_and_pki=dict(type='dict', options=dict( - cert_validation_enforce_key_size=dict(type='str', choices=['off', 'alert', 'fail']), - host_certs_ecdsa_key_size=dict(type='str', choices=['p-256', 'p-384', 'p-521']), - host_certs_key_size=dict(type='str', choices=['4096', '1024', '2048']) - )) - )), - allow_remote_registration_of_opsec_products=dict(type='bool'), - num_spoofing_errs_that_trigger_brute_force=dict(type='int'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - domains_to_process=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool'), - auto_publish_session=dict(type='bool') + firewall=dict( + type="dict", + options=dict( + accept_control_connections=dict(type="bool"), + accept_ips1_management_connections=dict(type="bool"), + accept_remote_access_control_connections=dict(type="bool"), + accept_smart_update_connections=dict(type="bool"), + accept_outgoing_packets_originating_from_gw=dict(type="bool"), + accept_outgoing_packets_originating_from_gw_position=dict( + type="str", choices=["first", "last", "before last"] + ), + accept_outgoing_packets_originating_from_connectra_gw=dict( + type="bool" + ), + accept_outgoing_packets_to_cp_online_services=dict( + type="bool" + ), + accept_outgoing_packets_to_cp_online_services_position=dict( + type="str", choices=["first", "last", "before last"] + ), + accept_domain_name_over_tcp=dict(type="bool"), + accept_domain_name_over_tcp_position=dict( + type="str", choices=["first", "last", "before last"] + ), + accept_domain_name_over_udp=dict(type="bool"), + accept_domain_name_over_udp_position=dict( + type="str", choices=["first", "last", "before last"] + ), + accept_dynamic_addr_modules_outgoing_internet_connections=dict( + type="bool" + ), + accept_icmp_requests=dict(type="bool"), + accept_icmp_requests_position=dict( + type="str", choices=["first", "last", "before last"] + ), + accept_identity_awareness_control_connections=dict( + type="bool" + ), + accept_identity_awareness_control_connections_position=dict( + type="str", choices=["first", "last", "before last"] + ), + accept_incoming_traffic_to_dhcp_and_dns_services_of_gws=dict( + type="bool" + ), + accept_rip=dict(type="bool"), + accept_rip_position=dict( + type="str", choices=["first", "last", "before last"] + ), + accept_vrrp_packets_originating_from_cluster_members=dict( + type="bool" + ), + accept_web_and_ssh_connections_for_gw_administration=dict( + type="bool" + ), + log_implied_rules=dict(type="bool"), + security_server=dict( + type="dict", + options=dict( + client_auth_welcome_file=dict(type="str"), + ftp_welcome_msg_file=dict(type="str"), + rlogin_welcome_msg_file=dict(type="str"), + telnet_welcome_msg_file=dict(type="str"), + mdq_welcome_msg=dict(type="str"), + smtp_welcome_msg=dict(type="str"), + http_next_proxy_host=dict(type="str"), + http_next_proxy_port=dict(type="int"), + http_servers=dict( + type="list", + elements="dict", + options=dict( + logical_name=dict(type="str"), + host=dict(type="str"), + port=dict(type="int"), + reauthentication=dict( + type="str", + choices=[ + "standard", + "post request", + "every request", + ], + ), + ), + ), + server_for_null_requests=dict(type="str"), + ), + ), + ), + ), + nat=dict( + type="dict", + options=dict( + allow_bi_directional_nat=dict(type="bool"), + auto_arp_conf=dict(type="bool"), + merge_manual_proxy_arp_conf=dict(type="bool"), + auto_translate_dest_on_client_side=dict(type="bool"), + manually_translate_dest_on_client_side=dict(type="bool"), + enable_ip_pool_nat=dict(type="bool"), + addr_alloc_and_release_track=dict( + type="str", choices=["ip allocation log", "none"] + ), + addr_exhaustion_track=dict( + type="str", + choices=[ + "ip exhaustion alert", + "none", + "ip exhaustion log", + ], + ), + ), + ), + authentication=dict( + type="dict", + options=dict( + auth_internal_users_with_specific_suffix=dict(type="bool"), + allowed_suffix_for_internal_users=dict(type="str"), + max_days_before_expiration_of_non_pulled_user_certificates=dict( + type="int" + ), + max_client_auth_attempts_before_connection_termination=dict( + type="int" + ), + max_rlogin_attempts_before_connection_termination=dict( + type="int" + ), + max_session_auth_attempts_before_connection_termination=dict( + type="int" + ), + max_telnet_attempts_before_connection_termination=dict( + type="int" + ), + enable_delayed_auth=dict(type="bool"), + delay_each_auth_attempt_by=dict(type="int"), + ), + ), + vpn=dict( + type="dict", + options=dict( + vpn_conf_method=dict( + type="str", + choices=["simplified", "traditional", "per policy"], + ), + domain_name_for_dns_resolving=dict(type="str"), + enable_backup_gw=dict(type="bool"), + enable_decrypt_on_accept_for_gw_to_gw_traffic=dict( + type="bool" + ), + enable_load_distribution_for_mep_conf=dict(type="bool"), + enable_vpn_directional_match_in_vpn_column=dict(type="bool"), + grace_period_after_the_crl_is_not_valid=dict(type="int"), + grace_period_before_the_crl_is_valid=dict(type="int"), + grace_period_extension_for_secure_remote_secure_client=dict( + type="int" + ), + support_ike_dos_protection_from_identified_src=dict( + type="str", choices=["puzzles", "stateless", "none"] + ), + support_ike_dos_protection_from_unidentified_src=dict( + type="str", choices=["puzzles", "stateless", "none"] + ), + ), + ), + remote_access=dict( + type="dict", + options=dict( + enable_back_connections=dict(type="bool"), + keep_alive_packet_to_gw_interval=dict(type="int"), + encrypt_dns_traffic=dict(type="bool"), + simultaneous_login_mode=dict( + type="str", + choices=[ + "allowonlysinglelogintouser", + "allowseverallogintouser", + ], + ), + vpn_authentication_and_encryption=dict( + type="dict", + options=dict( + encryption_algorithms=dict( + type="dict", + options=dict( + ike=dict( + type="dict", + options=dict( + support_encryption_algorithms=dict( + type="dict", + options=dict( + tdes=dict(type="bool"), + aes_128=dict(type="bool"), + aes_256=dict(type="bool"), + des=dict(type="bool"), + ), + ), + use_encryption_algorithm=dict( + type="str", + choices=[ + "AES-256", + "DES", + "AES-128", + "TDES", + ], + ), + support_data_integrity=dict( + type="dict", + options=dict( + aes_xcbc=dict(type="bool"), + md5=dict(type="bool"), + sha1=dict(type="bool"), + sha256=dict(type="bool"), + ), + ), + use_data_integrity=dict( + type="str", + choices=[ + "aes-xcbc", + "sha256", + "sha1", + "md5", + ], + ), + support_diffie_hellman_groups=dict( + type="dict", + options=dict( + group1=dict(type="bool"), + group14=dict(type="bool"), + group2=dict(type="bool"), + group5=dict(type="bool"), + ), + ), + use_diffie_hellman_group=dict( + type="str", + choices=[ + "group 1", + "group 2", + "group 5", + "group 14", + ], + ), + ), + ), + ipsec=dict( + type="dict", + options=dict( + support_encryption_algorithms=dict( + type="dict", + options=dict( + tdes=dict(type="bool"), + aes_128=dict(type="bool"), + aes_256=dict(type="bool"), + des=dict(type="bool"), + ), + ), + use_encryption_algorithm=dict( + type="str", + choices=[ + "AES-256", + "DES", + "AES-128", + "TDES", + ], + ), + support_data_integrity=dict( + type="dict", + options=dict( + aes_xcbc=dict(type="bool"), + md5=dict(type="bool"), + sha1=dict(type="bool"), + sha256=dict(type="bool"), + ), + ), + use_data_integrity=dict( + type="str", + choices=[ + "aes-xcbc", + "sha1", + "sha256", + "sha384", + "sha512", + "md5", + ], + ), + enforce_encryption_alg_and_data_integrity_on_all_users=dict( + type="bool" + ), + ), + ), + ), + ), + encryption_method=dict( + type="str", + choices=[ + "prefer_ikev2_support_ikev1", + "ike_v2_only", + "ike_v1_only", + ], + ), + pre_shared_secret=dict(type="bool"), + support_legacy_auth_for_sc_l2tp_nokia_clients=dict( + type="bool" + ), + support_legacy_eap=dict(type="bool"), + support_l2tp_with_pre_shared_key=dict(type="bool"), + l2tp_pre_shared_key=dict(type="str", no_log=True), + ), + ), + vpn_advanced=dict( + type="dict", + options=dict( + allow_clear_traffic_to_encryption_domain_when_disconnected=dict( + type="bool" + ), + enable_load_distribution_for_mep_conf=dict( + type="bool" + ), + use_first_allocated_om_ip_addr_for_all_conn_to_the_gws_of_the_site=dict( + type="bool" + ), + ), + ), + scv=dict( + type="dict", + options=dict( + apply_scv_on_simplified_mode_fw_policies=dict( + type="bool" + ), + exceptions=dict( + type="list", + elements="dict", + options=dict( + hosts=dict(type="list", elements="str"), + services=dict(type="list", elements="str"), + ), + ), + no_scv_for_unsupported_cp_clients=dict(type="bool"), + upon_verification_accept_and_log_client_connection=dict( + type="bool" + ), + only_tcp_ip_protocols_are_used=dict(type="bool"), + policy_installed_on_all_interfaces=dict(type="bool"), + generate_log=dict(type="bool"), + notify_user=dict(type="bool"), + ), + ), + ssl_network_extender=dict( + type="dict", + options=dict( + user_auth_method=dict( + type="str", + choices=[ + "certificate_with_enrollment", + "certificate", + "mixed", + "legacy", + ], + ), + supported_encryption_methods=dict( + type="str", choices=["3des_or_rc4", "3des_only"] + ), + client_upgrade_upon_connection=dict( + type="str", + choices=[ + "force_upgrade", + "ask_user", + "no_upgrade", + ], + ), + client_uninstall_upon_disconnection=dict( + type="str", + choices=[ + "force_uninstall", + "ask_user", + "dont_uninstall", + ], + ), + re_auth_user_interval=dict(type="int"), + scan_ep_machine_for_compliance_with_ep_compliance_policy=dict( + type="bool" + ), + client_outgoing_keep_alive_packets_frequency=dict( + type="int" + ), + ), + ), + secure_client_mobile=dict( + type="dict", + options=dict( + user_auth_method=dict( + type="str", + choices=[ + "certificate_with_enrollment", + "certificate", + "mixed", + "legacy", + ], + ), + enable_password_caching=dict( + type="str", + choices=["client_decide", "true", "false"], + ), + cache_password_timeout=dict(type="int"), + re_auth_user_interval=dict(type="int"), + connect_mode=dict( + type="str", + choices=[ + "manual", + "always connected", + "on application request", + "configured on endpoint client", + ], + ), + automatically_initiate_dialup=dict( + type="str", + choices=["client_decide", "true", "false"], + ), + disconnect_when_device_is_idle=dict( + type="str", + choices=["client_decide", "true", "false"], + ), + supported_encryption_methods=dict( + type="str", choices=["3des_or_rc4", "3des_only"] + ), + route_all_traffic_to_gw=dict( + type="str", + choices=["client_decide", "true", "false"], + ), + ), + ), + endpoint_connect=dict( + type="dict", + options=dict( + enable_password_caching=dict( + type="str", + choices=["client_decide", "true", "false"], + ), + cache_password_timeout=dict(type="int"), + re_auth_user_interval=dict(type="int"), + connect_mode=dict( + type="str", + choices=[ + "Manual", + "Always Connected", + "Configured On Endpoint Client", + ], + ), + network_location_awareness=dict( + type="str", + choices=["client_decide", "true", "false"], + ), + network_location_awareness_conf=dict( + type="dict", + options=dict( + vpn_clients_are_considered_inside_the_internal_network_when_the_client=dict( + type="str", + choices=[ + "connects to gw through internal interface", + "connects from network or group", + "runs on computer with access to active directory domain", + ], + ), + network_or_group_of_conn_vpn_client=dict( + type="str" + ), + consider_wireless_networks_as_external=dict( + type="bool" + ), + excluded_internal_wireless_networks=dict( + type="list", elements="str" + ), + consider_undefined_dns_suffixes_as_external=dict( + type="bool" + ), + dns_suffixes=dict(type="list", elements="str"), + remember_previously_detected_external_networks=dict( + type="bool" + ), + ), + ), + disconnect_when_conn_to_network_is_lost=dict( + type="str", + choices=["client_decide", "true", "false"], + ), + disconnect_when_device_is_idle=dict( + type="str", + choices=["client_decide", "true", "false"], + ), + route_all_traffic_to_gw=dict( + type="str", + choices=["client_decide", "true", "false"], + ), + client_upgrade_mode=dict( + type="str", + choices=[ + "force_upgrade", + "ask_user", + "no_upgrade", + ], + ), + ), + ), + hot_spot_and_hotel_registration=dict( + type="dict", + options=dict( + enable_registration=dict(type="bool"), + local_subnets_access_only=dict(type="bool"), + registration_timeout=dict(type="int"), + track_log=dict(type="bool"), + max_ip_access_during_registration=dict(type="int"), + ports=dict(type="list", elements="str"), + ), + ), + ), + ), + user_directory=dict( + type="dict", + options=dict( + enable_password_change_when_user_active_directory_expires=dict( + type="bool" + ), + cache_size=dict(type="int"), + enable_password_expiration_configuration=dict(type="bool"), + password_expires_after=dict(type="int", no_log=False), + timeout_on_cached_users=dict(type="int"), + display_user_dn_at_login=dict( + type="str", + choices=["no display", "display upon request", "display"], + ), + enforce_rules_for_user_mgmt_admins=dict(type="bool"), + min_password_length=dict(type="int", no_log=False), + password_must_include_a_digit=dict(type="bool"), + password_must_include_a_symbol=dict(type="bool"), + password_must_include_lowercase_char=dict(type="bool"), + password_must_include_uppercase_char=dict(type="bool"), + ), + ), + qos=dict( + type="dict", + options=dict( + default_weight_of_rule=dict(type="int"), + max_weight_of_rule=dict(type="int"), + unit_of_measure=dict( + type="str", + choices=[ + "bits-per-sec", + "bytes-per-sec", + "kbits-per-sec", + "kbytes-per-sec", + "mbits-per-sec", + "mbytes-per-sec", + ], + ), + authenticated_ip_expiration=dict(type="int"), + non_authenticated_ip_expiration=dict(type="int"), + unanswered_queried_ip_expiration=dict(type="int"), + ), + ), + carrier_security=dict( + type="dict", + options=dict( + block_gtp_in_gtp=dict(type="bool"), + enforce_gtp_anti_spoofing=dict(type="bool"), + produce_extended_logs_on_unmatched_pdus=dict(type="bool"), + produce_extended_logs_on_unmatched_pdus_position=dict( + type="str", choices=["before last", "last"] + ), + protocol_violation_track_option=dict( + type="str", + choices=[ + "none", + "log", + "popup alert", + "mail alert", + "snmp trap alert", + "user defined alert no.1", + "user defined alert no.2", + "user defined alert no.3", + ], + ), + enable_g_pdu_seq_number_check_with_max_deviation=dict( + type="bool" + ), + g_pdu_seq_number_check_max_deviation=dict(type="int"), + verify_flow_labels=dict(type="bool"), + allow_ggsn_replies_from_multiple_interfaces=dict(type="bool"), + enable_reverse_connections=dict(type="bool"), + gtp_signaling_rate_limit_sampling_interval=dict(type="int"), + one_gtp_echo_on_each_path_frequency=dict(type="int"), + aggressive_aging=dict(type="bool"), + aggressive_timeout=dict(type="int"), + memory_activation_threshold=dict(type="int"), + memory_deactivation_threshold=dict(type="int"), + tunnel_activation_threshold=dict(type="int"), + tunnel_deactivation_threshold=dict(type="int"), + ), + ), + user_accounts=dict( + type="dict", + options=dict( + expiration_date_method=dict( + type="str", choices=["expire after", "expire at"] + ), + expiration_date=dict(type="str"), + days_until_expiration=dict(type="int"), + show_accounts_expiration_indication_days_in_advance=dict( + type="bool" + ), + ), + ), + user_authority=dict( + type="dict", + options=dict( + display_web_access_view=dict(type="bool"), + windows_domains_to_trust=dict( + type="str", choices=["selectively", "all"] + ), + trust_only_following_windows_domains=dict( + type="list", elements="str" + ), + ), + ), + connect_control=dict( + type="dict", + options=dict( + load_agents_port=dict(type="int"), + load_measurement_interval=dict(type="int"), + persistence_server_timeout=dict(type="int"), + server_availability_check_interval=dict(type="int"), + server_check_retries=dict(type="int"), + ), + ), + stateful_inspection=dict( + type="dict", + options=dict( + tcp_start_timeout=dict(type="int"), + tcp_session_timeout=dict(type="int"), + tcp_end_timeout=dict(type="int"), + tcp_end_timeout_r8020_gw_and_above=dict(type="int"), + udp_virtual_session_timeout=dict(type="int"), + icmp_virtual_session_timeout=dict(type="int"), + other_ip_protocols_virtual_session_timeout=dict(type="int"), + sctp_start_timeout=dict(type="int"), + sctp_session_timeout=dict(type="int"), + sctp_end_timeout=dict(type="int"), + accept_stateful_udp_replies_for_unknown_services=dict( + type="bool" + ), + accept_stateful_icmp_errors=dict(type="bool"), + accept_stateful_icmp_replies=dict(type="bool"), + accept_stateful_other_ip_protocols_replies_for_unknown_services=dict( + type="bool" + ), + drop_out_of_state_tcp_packets=dict(type="bool"), + log_on_drop_out_of_state_tcp_packets=dict(type="bool"), + tcp_out_of_state_drop_exceptions=dict( + type="list", elements="str" + ), + drop_out_of_state_icmp_packets=dict(type="bool"), + log_on_drop_out_of_state_icmp_packets=dict(type="bool"), + drop_out_of_state_sctp_packets=dict(type="bool"), + log_on_drop_out_of_state_sctp_packets=dict(type="bool"), + ), + ), + log_and_alert=dict( + type="dict", + options=dict( + administrative_notifications=dict( + type="str", + choices=[ + "none", + "log", + "popup alert", + "mail alert", + "snmp trap alert", + "user defined alert no.1", + "user defined alert no.2", + "user defined alert no.3", + ], + ), + connection_matched_by_sam=dict( + type="str", + choices=[ + "Popup Alert", + "Mail Alert", + "SNMP Trap Alert", + "User Defined Alert no.1", + "User Defined Alert no.2", + "User Defined Alert no.3", + ], + ), + dynamic_object_resolution_failure=dict( + type="str", + choices=[ + "none", + "log", + "popup alert", + "mail alert", + "snmp trap alert", + "user defined alert no.1", + "user defined alert no.2", + "user defined alert no.3", + ], + ), + ip_options_drop=dict( + type="str", + choices=[ + "none", + "log", + "popup alert", + "mail alert", + "snmp trap alert", + "user defined alert no.1", + "user defined alert no.2", + "user defined alert no.3", + ], + ), + packet_is_incorrectly_tagged=dict( + type="str", + choices=[ + "none", + "log", + "popup alert", + "mail alert", + "snmp trap alert", + "user defined alert no.1", + "user defined alert no.2", + "user defined alert no.3", + ], + ), + packet_tagging_brute_force_attack=dict( + type="str", + choices=[ + "none", + "log", + "popup alert", + "mail alert", + "snmp trap alert", + "user defined alert no.1", + "user defined alert no.2", + "user defined alert no.3", + ], + ), + sla_violation=dict( + type="str", + choices=[ + "none", + "log", + "popup alert", + "mail alert", + "snmp trap alert", + "user defined alert no.1", + "user defined alert no.2", + "user defined alert no.3", + ], + ), + vpn_conf_and_key_exchange_errors=dict( + type="str", + choices=[ + "none", + "log", + "popup alert", + "mail alert", + "snmp trap alert", + "user defined alert no.1", + "user defined alert no.2", + "user defined alert no.3", + ], + ), + vpn_packet_handling_error=dict( + type="str", + choices=[ + "none", + "log", + "popup alert", + "mail alert", + "snmp trap alert", + "user defined alert no.1", + "user defined alert no.2", + "user defined alert no.3", + ], + ), + vpn_successful_key_exchange=dict( + type="str", + choices=[ + "none", + "log", + "popup alert", + "mail alert", + "snmp trap alert", + "user defined alert no.1", + "user defined alert no.2", + "user defined alert no.3", + ], + ), + log_every_authenticated_http_connection=dict(type="bool"), + log_traffic=dict(type="str", choices=["none", "log"]), + alerts=dict( + type="dict", + options=dict( + send_popup_alert_to_smartview_monitor=dict( + type="bool" + ), + popup_alert_script=dict(type="str"), + send_mail_alert_to_smartview_monitor=dict(type="bool"), + mail_alert_script=dict(type="str"), + send_snmp_trap_alert_to_smartview_monitor=dict( + type="bool" + ), + snmp_trap_alert_script=dict(type="str"), + send_user_defined_alert_num1_to_smartview_monitor=dict( + type="bool" + ), + user_defined_script_num1=dict(type="str"), + send_user_defined_alert_num2_to_smartview_monitor=dict( + type="bool" + ), + user_defined_script_num2=dict(type="str"), + send_user_defined_alert_num3_to_smartview_monitor=dict( + type="bool" + ), + user_defined_script_num3=dict(type="str"), + default_track_option_for_system_alerts=dict( + type="str", + choices=[ + "Popup Alert", + "Mail Alert", + "SNMP Trap Alert", + "User Defined Alert no.1", + "User Defined Alert no.2", + "User Defined Alert no.3", + ], + ), + ), + ), + time_settings=dict( + type="dict", + options=dict( + excessive_log_grace_period=dict(type="int"), + logs_resolving_timeout=dict(type="int"), + status_fetching_interval=dict(type="int"), + virtual_link_statistics_logging_interval=dict( + type="int" + ), + ), + ), + ), + ), + data_access_control=dict( + type="dict", + options=dict( + auto_download_important_data=dict(type="bool"), + auto_download_sw_updates_and_new_features=dict(type="bool"), + send_anonymous_info=dict(type="bool"), + share_sensitive_info=dict(type="bool"), + ), + ), + non_unique_ip_address_ranges=dict( + type="list", + elements="dict", + options=dict( + address_type=dict(type="str", choices=["IPv4", "IPv6"]), + first_ipv4_address=dict(type="str"), + first_ipv6_address=dict(type="str"), + last_ipv4_address=dict(type="str"), + last_ipv6_address=dict(type="str"), + ), + ), + proxy=dict( + type="dict", + options=dict( + use_proxy_server=dict(type="bool"), + proxy_address=dict(type="str"), + proxy_port=dict(type="int"), + ), + ), + user_check=dict( + type="dict", + options=dict( + preferred_language=dict( + type="str", + choices=[ + "Afrikaans", + "Albanian", + "Amharic", + "Arabic", + "Armenian", + "Basque", + "Belarusian", + "Bosnian", + "Bulgarian", + "Catalan", + "Chinese", + "Croatian", + "Czech", + "Danish", + "Dutch", + "English", + "Estonian", + "Finnish", + "French", + "Gaelic", + "Georgian", + "German", + "Greek", + "Hebrew", + "Hindi", + "Hungarian", + "Icelandic", + "Indonesian", + "Irish", + "Italian", + "Japanese", + "Korean", + "Latvian", + "Lithuanian", + "Macedonia", + "Maltese", + "Nepali", + "Norwegian", + "Polish", + "Portuguese", + "Romanian", + "Russian", + "Serbian", + "Slovak", + "Slovenian", + "Sorbian", + "Spanish", + "Swahili", + "Swedish", + "Thai", + "Turkish", + "Ukrainian", + "Vietnamese", + "Welsh", + ], + ), + send_emails_using_mail_server=dict(type="str"), + ), + ), + hit_count=dict( + type="dict", + options=dict( + enable_hit_count=dict(type="bool"), + keep_hit_count_data_up_to=dict( + type="str", + choices=["3 months", "6 months", "1 year", "2 years"], + ), + ), + ), + advanced_conf=dict( + type="dict", + options=dict( + certs_and_pki=dict( + type="dict", + options=dict( + cert_validation_enforce_key_size=dict( + type="str", choices=["off", "alert", "fail"] + ), + host_certs_ecdsa_key_size=dict( + type="str", choices=["p-256", "p-384", "p-521"] + ), + host_certs_key_size=dict( + type="str", choices=["4096", "1024", "2048"] + ), + ), + ) + ), + ), + allow_remote_registration_of_opsec_products=dict(type="bool"), + num_spoofing_errs_that_trigger_brute_force=dict(type="int"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + domains_to_process=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), + auto_publish_session=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -2040,5 +2628,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_ha_state.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_ha_state.py new file mode 100644 index 000000000..a0889076f --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_ha_state.py @@ -0,0 +1,84 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_ha_state +short_description: Switch domain server high availability state. +description: + - Switch domain server high availability state. </br>After switching domain server to standby state, the session expires and you need to login again. + <br/>You can run this command from a user or global domain on Multi Domain Server and from the user domain on Security Management Server. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + new_state: + description: + - Domain server new state. + type: str + choices: ['active', 'standby'] + ignore_errors: + description: + - Apply changes ignoring errors. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-ha-state + cp_mgmt_set_ha_state: + new_state: active +""" + +RETURN = """ +cp_mgmt_set_ha_state: + description: The checkpoint set-ha-state output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + new_state=dict(type='str', choices=['active', 'standby']), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-ha-state" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_default_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_default_assignment.py index c8b74f7f7..00aed9d8b 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_default_assignment.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_default_assignment.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -75,16 +77,19 @@ cp_mgmt_set_idp_default_assignment: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - identity_provider=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool'), - auto_publish_session=dict(type='bool') + identity_provider=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), + auto_publish_session=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -96,5 +101,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_to_domain_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_to_domain_assignment.py index b14aca799..0de52a2cc 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_to_domain_assignment.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_to_domain_assignment.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -85,18 +87,21 @@ cp_mgmt_set_idp_to_domain_assignment: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - assigned_domain=dict(type='str'), - identity_provider=dict(type='str'), - using_default=dict(type='bool'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool'), - auto_publish_session=dict(type='bool') + assigned_domain=dict(type="str"), + identity_provider=dict(type="str"), + using_default=dict(type="bool"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), + auto_publish_session=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -108,5 +113,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_ips_update_schedule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_ips_update_schedule.py new file mode 100644 index 000000000..298d5f657 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_ips_update_schedule.py @@ -0,0 +1,114 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_ips_update_schedule +short_description: Edit IPS Update Schedule. +description: + - Edit IPS Update Schedule. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + enabled: + description: + - Enable/Disable IPS Update Schedule. + type: bool + time: + description: + - Time in format HH,mm. + type: str + recurrence: + description: + - Days recurrence. + type: dict + suboptions: + days: + description: + - Valid on specific days. Multiple options, support range of days in months. Example,["1","3","9-20"]. + type: list + elements: str + minutes: + description: + - Valid on interval. The length of time in minutes between updates. + type: int + pattern: + description: + - Valid on "Interval", "Daily", "Weekly", "Monthly" base. + type: str + weekdays: + description: + - Valid on weekdays. Example, "Sun", "Mon"..."Sat". + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-ips-update-schedule + cp_mgmt_set_ips_update_schedule: + enabled: true + recurrence: + minutes: 121 + pattern: interval +""" + +RETURN = """ +cp_mgmt_set_ips_update_schedule: + description: The checkpoint set-ips-update-schedule output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + enabled=dict(type='bool'), + time=dict(type='str'), + recurrence=dict(type='dict', options=dict( + days=dict(type='list', elements='str'), + minutes=dict(type='int'), + pattern=dict(type='str'), + weekdays=dict(type='list', elements='str') + )) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-ips-update-schedule" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_login_message.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_login_message.py new file mode 100644 index 000000000..8be27eeb3 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_login_message.py @@ -0,0 +1,102 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_login_message +short_description: Edit Login message. +description: + - Edit Login message. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + header: + description: + - Login message header. + type: str + login_message: + description: + - Login message body. + type: str + show_message: + description: + - Whether to show login message. + type: bool + warning: + description: + - Add warning sign. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-login-message + cp_mgmt_set_login_message: + header: Warning + login_message: Unauthorized access of this server is prohibited and punished by law + show_message: 'true' + warning: 'true' +""" + +RETURN = """ +cp_mgmt_set_login_message: + description: The checkpoint set-login-message output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + header=dict(type='str'), + login_message=dict(type='str'), + show_message=dict(type='bool'), + warning=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-login-message" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_nat_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_nat_rule.py index 01832640e..60204a8a9 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_nat_rule.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_nat_rule.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["deprecated"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -34,6 +36,10 @@ description: - All operations are performed over Web Services API. version_added: "2.0.0" author: "Or Soffer (@chkp-orso)" +deprecated: + alternative: cp_mgmt_nat_rule + why: Newer and updated module released with more functionality. + removed_at_date: '2024-11-01' options: rule_number: description: @@ -114,7 +120,6 @@ EXAMPLES = """ original_service: ssh_version_2 original_source: Any package: standard - state: present """ RETURN = """ @@ -125,27 +130,30 @@ cp_mgmt_set_nat_rule: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - rule_number=dict(type='str'), - package=dict(type='str'), - enabled=dict(type='bool'), - install_on=dict(type='list', elements='str'), - method=dict(type='str', choices=['static', 'hide', 'nat64', 'nat46']), - new_position=dict(type='str'), - original_destination=dict(type='str'), - original_service=dict(type='str'), - original_source=dict(type='str'), - translated_destination=dict(type='str'), - translated_service=dict(type='str'), - translated_source=dict(type='str'), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + rule_number=dict(type="str"), + package=dict(type="str"), + enabled=dict(type="bool"), + install_on=dict(type="list", elements="str"), + method=dict(type="str", choices=["static", "hide", "nat64", "nat46"]), + new_position=dict(type="str"), + original_destination=dict(type="str"), + original_service=dict(type="str"), + original_source=dict(type="str"), + translated_destination=dict(type="str"), + translated_service=dict(type="str"), + translated_source=dict(type="str"), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -157,5 +165,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_policy_settings.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_policy_settings.py new file mode 100644 index 000000000..ee7ca8e03 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_policy_settings.py @@ -0,0 +1,111 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_policy_settings +short_description: Edit Policy settings, the changes will be applied after publish. +description: + - Edit Policy settings, the changes will be applied after publish. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + last_in_cell: + description: + - Added object after removing the last object in cell. + type: str + choices: ['none', 'restore to default'] + none_object_behavior: + description: + - a 'None' object behavior. Rules with object 'None' will never be matched. + type: str + choices: ['warning', 'error', 'none'] + security_access_defaults: + description: + - Access Policy default values. + type: dict + suboptions: + destination: + description: + - Destination default value for new rule creation. Any or None. + type: str + service: + description: + - Service and Applications default value for new rule creation. Any or None. + type: str + source: + description: + - Source default value for new rule creation. Any or None. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-policy-settings + cp_mgmt_set_policy_settings: + last_in_cell: any + none_object_behavior: none + security_access_defaults: + destination: any + service: any + source: any +""" + +RETURN = """ +cp_mgmt_set_policy_settings: + description: The checkpoint set-policy-settings output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + last_in_cell=dict(type='str', choices=['none', 'restore to default']), + none_object_behavior=dict(type='str', choices=['warning', 'error', 'none']), + security_access_defaults=dict(type='dict', options=dict( + destination=dict(type='str'), + service=dict(type='str'), + source=dict(type='str') + )) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-policy-settings" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_session.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_session.py index 9979860b2..b47f4c280 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_session.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_session.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -80,7 +82,6 @@ EXAMPLES = """ - name: set-session cp_mgmt_set_session: description: Session to work on ticket number CR00323665 - state: present """ RETURN = """ @@ -91,23 +92,62 @@ cp_mgmt_set_session: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - description=dict(type='str'), - new_name=dict(type='str'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + description=dict(type="str"), + new_name=dict(type="str"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -119,5 +159,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_threat_advanced_settings.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_threat_advanced_settings.py index 15258f900..b1e3702fb 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_threat_advanced_settings.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_threat_advanced_settings.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -111,7 +113,6 @@ EXAMPLES = """ log_unification_timeout: 600 resource_classification.mode: hold resource_classification.web_service_fail_mode: block connections - state: present """ RETURN = """ @@ -122,27 +123,49 @@ cp_mgmt_set_threat_advanced_settings: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - feed_retrieving_interval=dict(type='str'), - httpi_non_standard_ports=dict(type='bool'), - internal_error_fail_mode=dict(type='str', choices=['allow connections', 'block connections']), - log_unification_timeout=dict(type='int'), - resource_classification=dict(type='dict', options=dict( - custom_settings=dict(type='dict', options=dict( - anti_bot=dict(type='str', choices=['background', 'hold']), - anti_virus=dict(type='str', choices=['background', 'hold']), - zero_phishing=dict(type='str', choices=['background', 'hold']) - )), - mode=dict(type='str', choices=['background', 'hold', 'custom']), - web_service_fail_mode=dict(type='str', choices=['allow connections', 'block connections']) - )), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool'), - auto_publish_session=dict(type='bool') + feed_retrieving_interval=dict(type="str"), + httpi_non_standard_ports=dict(type="bool"), + internal_error_fail_mode=dict( + type="str", choices=["allow connections", "block connections"] + ), + log_unification_timeout=dict(type="int"), + resource_classification=dict( + type="dict", + options=dict( + custom_settings=dict( + type="dict", + options=dict( + anti_bot=dict( + type="str", choices=["background", "hold"] + ), + anti_virus=dict( + type="str", choices=["background", "hold"] + ), + zero_phishing=dict( + type="str", choices=["background", "hold"] + ), + ), + ), + mode=dict( + type="str", choices=["background", "hold", "custom"] + ), + web_service_fail_mode=dict( + type="str", + choices=["allow connections", "block connections"], + ), + ), + ), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), + auto_publish_session=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -154,5 +177,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_vpn_community_remote_access.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_vpn_community_remote_access.py new file mode 100644 index 000000000..e7406f4b6 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_vpn_community_remote_access.py @@ -0,0 +1,133 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_set_vpn_community_remote_access +short_description: Edit existing Remote Access object. Using object name or uid is optional. +description: + - Edit existing Remote Access object. Using object name or uid is optional. + - Add and Delete API commands for this object are unavailable since there is single object per domain. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + gateways: + description: + - Collection of Gateway objects identified by the name or UID. + type: list + elements: str + user_groups: + description: + - Collection of User group objects identified by the name or UID. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: set-vpn-community-remote-access + cp_mgmt_set_vpn_community_remote_access: + gateways: + - mygateway + user_groups: + - myusergroup +""" + +RETURN = """ +cp_mgmt_set_vpn_community_remote_access: + description: The checkpoint set-vpn-community-remote-access output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + gateways=dict(type='list', elements='str'), + user_groups=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "set-vpn-community-remote-access" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_access_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_access_section.py index dfa684fda..fbb1336d4 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_access_section.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_access_section.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -67,14 +69,17 @@ cp_mgmt_show_access_section: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - name=dict(type='str'), - layer=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']) + name=dict(type="str"), + layer=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -86,5 +91,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_api_settings.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_api_settings.py new file mode 100644 index 000000000..eda38db60 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_api_settings.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_api_settings +short_description: Retrieve API Settings. +description: + - Retrieve API Settings. This command is available only after logging in to the System Data domain. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-api-settings + cp_mgmt_show_api_settings: +""" + +RETURN = """ +cp_mgmt_show_api_settings: + description: The checkpoint show-api-settings output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-api-settings" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_api_versions.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_api_versions.py new file mode 100644 index 000000000..24a535a78 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_api_versions.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_api_versions +short_description: Shows all supported API versions and current API version (the latest one). +description: + - Shows all supported API versions and current API version (the latest one). + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-api-versions + cp_mgmt_show_api_versions: +""" + +RETURN = """ +cp_mgmt_show_api_versions: + description: The checkpoint show-api-versions output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-api-versions" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_azure_ad_content.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_azure_ad_content.py new file mode 100644 index 000000000..a60a786ec --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_azure_ad_content.py @@ -0,0 +1,152 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_azure_ad_content +short_description: Retrieve AzureAD Objects from Azure AD Server. +description: + - Retrieve AzureAD Objects from Azure AD Server. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + azure_ad_name: + description: + - Name of the Azure AD Server where to search for objects. + type: str + azure_ad_uid: + description: + - Unique identifier of the Azure AD Server where to search for objects. + type: str + limit: + description: + - The maximal number of returned results. + type: int + offset: + description: + - Number of the results to initially skip. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + uid_in_azure_ad: + description: + - Return result matching the unique identifier of the object on the Azure AD Server. + type: str + filter: + description: + - Return results matching the specified filter. + type: dict + suboptions: + text: + description: + - Return results containing the specified text value. + type: str + uri: + description: + - Return results under the specified Data Center Object (identified by URI). + type: str + parent_uid_in_data_center: + description: + - Return results under the specified Data Center Object (identified by UID). + type: str + details_level: + description: + - Standard and Full description are the same. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-azure-ad-content + cp_mgmt_show_azure_ad_content: + name: my_azureAD +""" + +RETURN = """ +cp_mgmt_show_azure_ad_content: + description: The checkpoint show-azure-ad-content output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + azure_ad_name=dict(type='str'), + azure_ad_uid=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + uid_in_azure_ad=dict(type='str'), + filter=dict(type='dict', options=dict( + text=dict(type='str'), + uri=dict(type='str'), + parent_uid_in_data_center=dict(type='str') + )), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-azure-ad-content" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_changes.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_changes.py new file mode 100644 index 000000000..214e816c5 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_changes.py @@ -0,0 +1,125 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_changes +short_description: Show changes between two sessions. +description: + - Show changes between two sessions. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + from_date: + description: + - The date from which tracking changes is to be performed. ISO 8601. If timezone isn't specified in the input, the Management server's timezone is used. + type: str + from_session: + description: + - The session UID from which tracking changes is to be performed. + type: str + limit: + description: + - Maximum number of sessions to analyze. + type: int + offset: + description: + - Number of sessions to skip (beginning with from-session). + type: int + to_date: + description: + - The date until which tracking changes is to be performed. ISO 8601. If timezone isn't specified in the input, the Management server's timezone is used. + type: str + to_session: + description: + - The session UID until which tracking changes is to be performed. + type: str + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + dereference_max_depth: + description: + - When details level is full you can choose the number of levels in the API reply. + type: int + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-changes + cp_mgmt_show_changes: + from_date: '2017-02-01T08:20:50' + to_date: '2017-02-21' +""" + +RETURN = """ +cp_mgmt_show_changes: + description: The checkpoint show-changes output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + from_date=dict(type='str'), + from_session=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + to_date=dict(type='str'), + to_session=dict(type='str'), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool'), + dereference_max_depth=dict(type='int'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-changes" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_cloud_licenses_usage.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_cloud_licenses_usage.py new file mode 100644 index 000000000..10faf1ba7 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_cloud_licenses_usage.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_cloud_licenses_usage +short_description: Show attached licenses usage. +description: + - Show attached licenses usage. + - All operations are performed over Web Services API. +version_added: "5.2.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-cloud-licenses-usage + cp_mgmt_show_cloud_licenses_usage: +""" + +RETURN = """ +cp_mgmt_show_cloud_licenses_usage: + description: The checkpoint show-cloud-licenses-usage output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-cloud-licenses-usage" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_cloud_services.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_cloud_services.py index 91725ff53..bff5b92b9 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_cloud_services.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_cloud_services.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -51,12 +53,14 @@ cp_mgmt_show_cloud_services: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - ) + argument_spec = dict() argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -67,5 +71,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_commands.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_commands.py new file mode 100644 index 000000000..aae501fd3 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_commands.py @@ -0,0 +1,76 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_commands +short_description: Retrieve all of the supported Management API commands with their description. +description: + - Retrieve all of the supported Management API commands with their description. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + prefix: + description: + - The prefix of the desired commands to show. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-commands + cp_mgmt_show_commands: +""" + +RETURN = """ +cp_mgmt_show_commands: + description: The checkpoint show-commands output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + prefix=dict(type='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-commands" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_gateways_and_servers.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_gateways_and_servers.py new file mode 100644 index 000000000..5f4a23201 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_gateways_and_servers.py @@ -0,0 +1,119 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_gateways_and_servers +short_description: Shows list of Gateways & Servers sorted by name. +description: + - Shows list of Gateways & Servers sorted by name. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-gateways-and-servers + cp_mgmt_show_gateways_and_servers: + details_level: full +""" + +RETURN = """ +cp_mgmt_show_gateways_and_servers: + description: The checkpoint show-gateways-and-servers output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-gateways-and-servers" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_global_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_global_domain.py new file mode 100644 index 000000000..95d367eed --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_global_domain.py @@ -0,0 +1,85 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_global_domain +short_description: Retrieve existing object using object name or uid. +description: + - Retrieve existing object using object name or uid. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-global-domain + cp_mgmt_show_global_domain: + name: Global +""" + +RETURN = """ +cp_mgmt_show_global_domain: + description: The checkpoint show-global-domain output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-global-domain" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_global_properties.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_global_properties.py index 24f40149b..5234d39d4 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_global_properties.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_global_properties.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -51,12 +53,14 @@ cp_mgmt_show_global_properties: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - ) + argument_spec = dict() argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -67,5 +71,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_ha_state.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_ha_state.py new file mode 100644 index 000000000..6692efa83 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_ha_state.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_ha_state +short_description: Retrieve domain high availability state. +description: + - Retrieve domain high availability state. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-ha-state + cp_mgmt_show_ha_state: +""" + +RETURN = """ +cp_mgmt_show_ha_state: + description: The checkpoint show-ha-state output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-ha-state" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_ha_status.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_ha_status.py new file mode 100644 index 000000000..8ed957e98 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_ha_status.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_ha_status +short_description: Retrieve domain high availability status. +description: + - Retrieve domain high availability status. + - All operations are performed over Web Services API. +version_added: "5.2.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-ha-status + cp_mgmt_show_ha_status: +""" + +RETURN = """ +cp_mgmt_show_ha_status: + description: The checkpoint show-ha-status output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-ha-status" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_https_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_https_section.py index e05e8b4b3..14a8bba52 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_https_section.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_https_section.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -67,14 +69,17 @@ cp_mgmt_show_https_section: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - name=dict(type='str'), - layer=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']) + name=dict(type="str"), + layer=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -86,5 +91,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_idp_default_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_idp_default_assignment.py index e6962ce94..d0f18772f 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_idp_default_assignment.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_idp_default_assignment.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -57,12 +59,15 @@ cp_mgmt_show_idp_default_assignment: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - details_level=dict(type='str', choices=['uid', 'standard', 'full']) + details_level=dict(type="str", choices=["uid", "standard", "full"]) ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -74,5 +79,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_ips_status.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_ips_status.py new file mode 100644 index 000000000..608bd47b0 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_ips_status.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_ips_status +short_description: show ips status on Checkpoint over Web Services API +description: + - show ips status on Checkpoint over Web Services API + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-ips-status + cp_mgmt_show_ips_status: +""" + +RETURN = """ +cp_mgmt_show_ips_status: + description: The checkpoint show-ips-status output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-ips-status" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_ips_update_schedule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_ips_update_schedule.py new file mode 100644 index 000000000..31303974b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_ips_update_schedule.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_ips_update_schedule +short_description: Retrieve IPS Update Schedule. +description: + - Retrieve IPS Update Schedule. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-ips-update-schedule + cp_mgmt_show_ips_update_schedule: +""" + +RETURN = """ +cp_mgmt_show_ips_update_schedule: + description: The checkpoint show-ips-update-schedule output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-ips-update-schedule" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_layer_structure.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_layer_structure.py new file mode 100644 index 000000000..d3156cf7b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_layer_structure.py @@ -0,0 +1,104 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_layer_structure +short_description: Shows the entire layer structure. +description: + - Shows the entire layer structure. The layer structure is divided into sections and each section has its own entities. + - Supported layer types include Access Control, NAT, Custom Threat Prevention, Threat Exception and HTTPS Inspection. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. Must be unique in the domain. + type: str + required: True + package: + description: + - Name of the package. Must be set when want to receive the resolved rule instead of the place holder in global domain layer. + type: str + limit: + description: + - The maximal number of returned results. + type: int + offset: + description: + - Number of the results to initially skip. + type: int + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-layer-structure + cp_mgmt_show_layer_structure: + details_level: standard + limit: 20 + name: Network + offset: 0 +""" + +RETURN = """ +cp_mgmt_show_layer_structure: + description: The checkpoint show-layer-structure output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + package=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + details_level=dict(type='str', choices=['uid', 'standard']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-layer-structure" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_login_message.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_login_message.py new file mode 100644 index 000000000..51b5f673d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_login_message.py @@ -0,0 +1,79 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_login_message +short_description: Retrieve Login message. +description: + - Retrieve Login message. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-login-message + cp_mgmt_show_login_message: + details_level: full +""" + +RETURN = """ +cp_mgmt_show_login_message: + description: The checkpoint show-login-message output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-login-message" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_logs.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_logs.py index 59ecccd35..4508bba55 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_logs.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_logs.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -113,27 +115,61 @@ cp_mgmt_show_logs: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - new_query=dict(type='dict', options=dict( - filter=dict(type='str'), - time_frame=dict(type='str', choices=['last-7-days', 'last-hour', 'today', 'last-24-hours', 'yesterday', - 'this-week', 'this-month', 'last-30-days', 'all-time', 'custom']), - custom_start=dict(type='str'), - custom_end=dict(type='str'), - max_logs_per_request=dict(type='int'), - top=dict(type='dict', options=dict( - field=dict(type='str', choices=['sources', 'destinations', 'services', 'actions', 'blades', 'origins', 'users', 'applications']), - count=dict(type='int') - )), - type=dict(type='str', choices=['logs', 'audit']), - log_servers=dict(type='list', elements='str') - )), - query_id=dict(type='str'), - ignore_warnings=dict(type='bool') + new_query=dict( + type="dict", + options=dict( + filter=dict(type="str"), + time_frame=dict( + type="str", + choices=[ + "last-7-days", + "last-hour", + "today", + "last-24-hours", + "yesterday", + "this-week", + "this-month", + "last-30-days", + "all-time", + "custom", + ], + ), + custom_start=dict(type="str"), + custom_end=dict(type="str"), + max_logs_per_request=dict(type="int"), + top=dict( + type="dict", + options=dict( + field=dict( + type="str", + choices=[ + "sources", + "destinations", + "services", + "actions", + "blades", + "origins", + "users", + "applications", + ], + ), + count=dict(type="int"), + ), + ), + type=dict(type="str", choices=["logs", "audit"]), + log_servers=dict(type="list", elements="str"), + ), + ), + query_id=dict(type="str"), + ignore_warnings=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -145,5 +181,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_nat_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_nat_section.py index 92809266c..086e4b53b 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_nat_section.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_nat_section.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -67,14 +69,17 @@ cp_mgmt_show_nat_section: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - name=dict(type='str'), - package=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']) + name=dict(type="str"), + package=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -86,5 +91,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_place_holder.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_place_holder.py new file mode 100644 index 000000000..f1395f108 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_place_holder.py @@ -0,0 +1,84 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_place_holder +short_description: Retrieve existing object using object uid. +description: + - Retrieve existing object using object uid. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + uid: + description: + - Object unique identifier. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-place-holder + cp_mgmt_show_place_holder: + uid: 5df27676-83a6-4d38-beaa-0413838a7f85 +""" + +RETURN = """ +cp_mgmt_show_place_holder: + description: The checkpoint show-place-holder output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + uid=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-place-holder" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_policy_settings.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_policy_settings.py new file mode 100644 index 000000000..2b03c8272 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_policy_settings.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_policy_settings +short_description: Show Policy settings. +description: + - Show Policy settings. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-policy-settings + cp_mgmt_show_policy_settings: +""" + +RETURN = """ +cp_mgmt_show_policy_settings: + description: The checkpoint show-policy-settings output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-policy-settings" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_servers_and_processes.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_servers_and_processes.py index 6014b40a3..03a9b2e5a 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_servers_and_processes.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_servers_and_processes.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -53,12 +55,14 @@ cp_mgmt_show_servers_and_processes: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - ) + argument_spec = dict() argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -69,5 +73,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_package_details.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_package_details.py index 0b6ef90b7..d4ea50161 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_package_details.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_package_details.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -56,13 +58,14 @@ cp_mgmt_show_software_package_details: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - name=dict(type='str') - ) + argument_spec = dict(name=dict(type="str")) argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -73,5 +76,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_packages_per_targets.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_packages_per_targets.py new file mode 100644 index 000000000..c03850eac --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_packages_per_targets.py @@ -0,0 +1,109 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_software_packages_per_targets +short_description: Shows software packages on targets. +description: + - Shows software packages on targets. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Shiran Golzar (@chkp-shirango)" +options: + display: + description: + - Filter the displayed results. + type: dict + suboptions: + category: + description: + - The package categories to include in the results. + type: list + elements: str + installed: + description: + - Show installed packages, available packages, or both. + type: str + choices: ['yes', 'no', 'any'] + recommended: + description: + - Show only recommended packages, other packages, or both. + type: str + choices: ['yes', 'no', 'any'] + targets: + description: + - On what targets to execute this command. Targets may be identified by their object name, or object unique identifier. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-software-packages-per-targets + cp_mgmt_show_software_packages_per_targets: + display: + category: major + installed: 'no' + recommended: any + targets: + - corporate-gateway +""" + +RETURN = """ +cp_mgmt_show_software_packages_per_targets: + description: The checkpoint show-software-packages-per-targets output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, \ + api_command + + +def main(): + argument_spec = dict( + display=dict(type='dict', options=dict( + category=dict(type='list', elements='str'), + installed=dict(type='str', choices=['yes', 'no', 'any']), + recommended=dict(type='str', choices=['yes', 'no', 'any']) + )), + targets=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-software-packages-per-targets" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_task.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_task.py index d90bc7bbf..bf6cab246 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_task.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_task.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["deprecated"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -34,6 +36,10 @@ description: - All operations are performed over Web Services API. version_added: "2.0.0" author: "Or Soffer (@chkp-orso)" +deprecated: + alternative: cp_mgmt_task_facts + why: Newer single facts module released. + removed_at_date: '2024-11-01' options: task_id: description: @@ -63,13 +69,16 @@ cp_mgmt_show_task: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - task_id=dict(type='list', elements='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']) + task_id=dict(type="list", elements="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -81,5 +90,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_tasks.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_tasks.py index a9fcdd872..77a7a9171 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_tasks.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_tasks.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["deprecated"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -34,6 +36,10 @@ description: - All operations are performed over Web Services API. version_added: "2.0.0" author: "Or Soffer (@chkp-orso)" +deprecated: + alternative: cp_mgmt_task_facts + why: Newer single facts module released. + removed_at_date: '2024-11-01' options: initiator: description: @@ -103,22 +109,31 @@ cp_mgmt_show_tasks: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - initiator=dict(type='str'), - status=dict(type='str', choices=['successful', 'failed', 'in-progress', 'all']), - from_date=dict(type='str'), - to_date=dict(type='str'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - details_level=dict(type='str', choices=['uid', 'standard', 'full']) + initiator=dict(type="str"), + status=dict( + type="str", choices=["successful", "failed", "in-progress", "all"] + ), + from_date=dict(type="str"), + to_date=dict(type="str"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + details_level=dict(type="str", choices=["uid", "standard", "full"]), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -130,5 +145,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_threat_advanced_settings.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_threat_advanced_settings.py index 5af7329a7..72d1a549c 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_threat_advanced_settings.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_threat_advanced_settings.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -51,12 +53,14 @@ cp_mgmt_show_threat_advanced_settings: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - ) + argument_spec = dict() argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -67,5 +71,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_unused_objects.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_unused_objects.py new file mode 100644 index 000000000..53118916e --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_unused_objects.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_unused_objects +short_description: Retrieve all unused objects. +description: + - Retrieve all unused objects. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-unused-objects + cp_mgmt_show_unused_objects: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +cp_mgmt_show_unused_objects: + description: The checkpoint show-unused-objects output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-unused-objects" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_updatable_objects_repository_content.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_updatable_objects_repository_content.py new file mode 100644 index 000000000..59320df7a --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_updatable_objects_repository_content.py @@ -0,0 +1,143 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_updatable_objects_repository_content +short_description: Shows the content of the available updatable objects from the Check Point User Center. +description: + - Shows the content of the available updatable objects from the Check Point User Center. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + uid_in_updatable_objects_repository: + description: + - The object's unique identifier in the Updatable Objects repository. + type: str + filter: + description: + - Return results matching the specified filter. + type: dict + suboptions: + text: + description: + - Return results containing the specified text value. + type: str + uri: + description: + - Return results under the specified uri value. + type: str + parent_uid_in_updatable_objects_repository: + description: + - Return results under the specified Updatable Object. + type: str + limit: + description: + - The maximal number of returned results. + type: int + offset: + description: + - Number of the results to initially skip. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-updatable-objects-repository-content + cp_mgmt_show_updatable_objects_repository_content: + limit: 1 +""" + +RETURN = """ +cp_mgmt_show_updatable_objects_repository_content: + description: The checkpoint show-updatable-objects-repository-content output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + uid_in_updatable_objects_repository=dict(type='str'), + filter=dict(type='dict', options=dict( + text=dict(type='str'), + uri=dict(type='str'), + parent_uid_in_updatable_objects_repository=dict(type='str') + )), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-updatable-objects-repository-content" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_validations.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_validations.py new file mode 100644 index 000000000..c90a6d18d --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_validations.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_show_validations +short_description: Show all validation incidents limited to 500. +description: + - Show all validation incidents limited to 500. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: show-validations + cp_mgmt_show_validations: +""" + +RETURN = """ +cp_mgmt_show_validations: + description: The checkpoint show-validations output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "show-validations" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster.py index 0742d2489..11a2e5caa 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -1023,265 +1025,608 @@ cp_mgmt_simple_cluster: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - ip_address=dict(type='str'), - ipv4_address=dict(type='str'), - ipv6_address=dict(type='str'), - anti_bot=dict(type='bool'), - anti_virus=dict(type='bool'), - application_control=dict(type='bool'), - cluster_mode=dict(type='str', choices=['cluster-xl-ha', 'cluster-ls-multicast', 'cluster-ls-unicast', 'opsec-ha', 'opsec-ls']), - content_awareness=dict(type='bool'), - firewall=dict(type='bool'), - firewall_settings=dict(type='dict', options=dict( - auto_calculate_connections_hash_table_size_and_memory_pool=dict(type='bool'), - auto_maximum_limit_for_concurrent_connections=dict(type='bool'), - connections_hash_size=dict(type='int'), - maximum_limit_for_concurrent_connections=dict(type='int'), - maximum_memory_pool_size=dict(type='int'), - memory_pool_size=dict(type='int') - )), - hardware=dict(type='str'), - interfaces=dict(type='list', elements='dict', options=dict( - name=dict(type='str'), - interface_type=dict(type='str', choices=['cluster', 'sync', 'cluster + sync', 'private']), - ip_address=dict(type='str'), - ipv4_address=dict(type='str'), - ipv6_address=dict(type='str'), - network_mask=dict(type='str'), - ipv4_network_mask=dict(type='str'), - ipv6_network_mask=dict(type='str'), - mask_length=dict(type='str'), - ipv4_mask_length=dict(type='str'), - ipv6_mask_length=dict(type='str'), - anti_spoofing=dict(type='bool'), - anti_spoofing_settings=dict(type='dict', options=dict( - action=dict(type='str', choices=['prevent', 'detect']), - exclude_packets=dict(type='bool'), - excluded_network_name=dict(type='str'), - excluded_network_uid=dict(type='str'), - spoof_tracking=dict(type='str', choices=['none', 'log', 'alert']) - )), - multicast_address=dict(type='str'), - multicast_address_type=dict(type='str', choices=['manual', 'default']), - security_zone=dict(type='bool'), - security_zone_settings=dict(type='dict', options=dict( - auto_calculated=dict(type='bool'), - specific_zone=dict(type='str') - )), - tags=dict(type='list', elements='str'), - topology=dict(type='str', choices=['automatic', 'external', 'internal']), - topology_settings=dict(type='dict', options=dict( - interface_leads_to_dmz=dict(type='bool'), - ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask', - 'network defined by routing', 'specific']), - specific_network=dict(type='str') - )), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', - 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', - 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', - 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', - 'sienna', 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') - )), - ips=dict(type='bool'), - members=dict(type='list', elements='dict', options=dict( - name=dict(type='str'), - interfaces=dict(type='list', elements='dict', options=dict( - name=dict(type='str'), - anti_spoofing=dict(type='bool'), - anti_spoofing_settings=dict(type='dict', options=dict( - action=dict(type='str', choices=['prevent', 'detect']), - exclude_packets=dict(type='bool'), - excluded_network_name=dict(type='str'), - excluded_network_uid=dict(type='str'), - spoof_tracking=dict(type='str', choices=['none', 'log', 'alert']) - )), - ip_address=dict(type='str'), - ipv4_address=dict(type='str'), - ipv6_address=dict(type='str'), - network_mask=dict(type='str'), - ipv4_network_mask=dict(type='str'), - ipv6_network_mask=dict(type='str'), - mask_length=dict(type='str'), - ipv4_mask_length=dict(type='str'), - ipv6_mask_length=dict(type='str'), - security_zone=dict(type='bool'), - security_zone_settings=dict(type='dict', options=dict( - auto_calculated=dict(type='bool'), - specific_zone=dict(type='str') - )), - tags=dict(type='list', elements='str'), - topology=dict(type='str', choices=['automatic', 'external', 'internal']), - topology_settings=dict(type='dict', options=dict( - interface_leads_to_dmz=dict(type='bool'), - ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask', - 'network defined by routing', 'specific']), - specific_network=dict(type='str') - )), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', - 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', - 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', - 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', - 'orange', 'red', 'sienna', 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') - )), - ip_address=dict(type='str'), - ipv4_address=dict(type='str'), - ipv6_address=dict(type='str'), - one_time_password=dict(type='str', no_log=True), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', - 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', - 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', - 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', - 'sienna', 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') - )), - os_name=dict(type='str'), - platform_portal_settings=dict(type='dict', options=dict( - portal_web_settings=dict(type='dict', options=dict( - aliases=dict(type='list', elements='str'), - ip_address=dict(type='str'), - main_url=dict(type='str') - )), - certificate_settings=dict(type='dict', options=dict( - base64_certificate=dict(type='str'), - base64_password=dict(type='str', no_log=True) - )), - accessibility=dict(type='dict', options=dict( - allow_access_from=dict(type='str', choices=['rule_base', 'internal_interfaces', 'all_interfaces']), - internal_access_settings=dict(type='dict', options=dict( - undefined=dict(type='bool'), - dmz=dict(type='bool'), - vpn=dict(type='bool') - )) - )) - )), - send_alerts_to_server=dict(type='list', elements='str'), - send_logs_to_backup_server=dict(type='list', elements='str'), - send_logs_to_server=dict(type='list', elements='str'), - tags=dict(type='list', elements='str'), - threat_emulation=dict(type='bool'), - threat_extraction=dict(type='bool'), - threat_prevention_mode=dict(type='str', choices=['autonomous', 'custom']), - url_filtering=dict(type='bool'), - usercheck_portal_settings=dict(type='dict', options=dict( - enabled=dict(type='bool'), - portal_web_settings=dict(type='dict', options=dict( - aliases=dict(type='list', elements='str'), - ip_address=dict(type='str'), - main_url=dict(type='str') - )), - certificate_settings=dict(type='dict', options=dict( - base64_certificate=dict(type='str'), - base64_password=dict(type='str', no_log=True) - )), - accessibility=dict(type='dict', options=dict( - allow_access_from=dict(type='str', choices=['rule_base', 'internal_interfaces', 'all_interfaces']), - internal_access_settings=dict(type='dict', options=dict( - undefined=dict(type='bool'), - dmz=dict(type='bool'), - vpn=dict(type='bool') - )) - )) - )), - cluster_version=dict(type='str'), - vpn=dict(type='bool'), - vpn_settings=dict(type='dict', options=dict( - authentication=dict(type='dict', options=dict( - authentication_clients=dict(type='list', elements='str') - )), - link_selection=dict(type='dict', options=dict( - ip_selection=dict(type='str', choices=['use-main-address', - 'use-selected-address-from-topology', 'use-statically-nated-ip', 'calculated-ip-based-on-topology', - 'dns-resolving-from-hostname', 'dns-resolving-from-gateway-and-domain-name', - 'use-probing-with-high-availability', 'use-probing-with-load-sharing', 'use-one-time-probing']), - dns_resolving_hostname=dict(type='str'), - ip_address=dict(type='str') - )), - maximum_concurrent_ike_negotiations=dict(type='int'), - maximum_concurrent_tunnels=dict(type='int'), - office_mode=dict(type='dict', options=dict( - mode=dict(type='str', choices=['off', 'specific-group', 'all-users']), - group=dict(type='str'), - allocate_ip_address_from=dict(type='dict', options=dict( - radius_server=dict(type='bool'), - use_allocate_method=dict(type='bool'), - allocate_method=dict(type='str', choices=['manual', 'automatic']), - manual_network=dict(type='str'), - dhcp_server=dict(type='str'), - virtual_ip_address=dict(type='str'), - dhcp_mac_address=dict(type='str', choices=['per-machine', 'per-user']), - optional_parameters=dict(type='dict', options=dict( - use_primary_dns_server=dict(type='bool'), - primary_dns_server=dict(type='str'), - use_first_backup_dns_server=dict(type='bool'), - first_backup_dns_server=dict(type='str'), - use_second_backup_dns_server=dict(type='bool'), - second_backup_dns_server=dict(type='str'), - dns_suffixes=dict(type='str'), - use_primary_wins_server=dict(type='bool'), - primary_wins_server=dict(type='str'), - use_first_backup_wins_server=dict(type='bool'), - first_backup_wins_server=dict(type='str'), - use_second_backup_wins_server=dict(type='bool'), - second_backup_wins_server=dict(type='str'), - ip_lease_duration=dict(type='int') - )) - )), - support_multiple_interfaces=dict(type='bool'), - perform_anti_spoofing=dict(type='bool'), - anti_spoofing_additional_addresses=dict(type='str') - )), - remote_access=dict(type='dict', options=dict( - support_l2tp=dict(type='bool'), - l2tp_auth_method=dict(type='str', choices=['certificate', 'md5']), - l2tp_certificate=dict(type='str'), - allow_vpn_clients_to_route_traffic=dict(type='bool'), - support_nat_traversal_mechanism=dict(type='bool'), - nat_traversal_service=dict(type='str'), - support_visitor_mode=dict(type='bool'), - visitor_mode_service=dict(type='str'), - visitor_mode_interface=dict(type='str') - )), - vpn_domain=dict(type='str'), - vpn_domain_type=dict(type='str', choices=['manual', 'addresses_behind_gw']) - )), - show_portals_certificate=dict(type='bool'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + ip_address=dict(type="str"), + ipv4_address=dict(type="str"), + ipv6_address=dict(type="str"), + anti_bot=dict(type="bool"), + anti_virus=dict(type="bool"), + application_control=dict(type="bool"), + cluster_mode=dict( + type="str", + choices=[ + "cluster-xl-ha", + "cluster-ls-multicast", + "cluster-ls-unicast", + "opsec-ha", + "opsec-ls", + ], + ), + content_awareness=dict(type="bool"), + firewall=dict(type="bool"), + firewall_settings=dict( + type="dict", + options=dict( + auto_calculate_connections_hash_table_size_and_memory_pool=dict( + type="bool" + ), + auto_maximum_limit_for_concurrent_connections=dict( + type="bool" + ), + connections_hash_size=dict(type="int"), + maximum_limit_for_concurrent_connections=dict(type="int"), + maximum_memory_pool_size=dict(type="int"), + memory_pool_size=dict(type="int"), + ), + ), + hardware=dict(type="str"), + interfaces=dict( + type="list", + elements="dict", + options=dict( + name=dict(type="str"), + interface_type=dict( + type="str", + choices=["cluster", "sync", "cluster + sync", "private"], + ), + ip_address=dict(type="str"), + ipv4_address=dict(type="str"), + ipv6_address=dict(type="str"), + network_mask=dict(type="str"), + ipv4_network_mask=dict(type="str"), + ipv6_network_mask=dict(type="str"), + mask_length=dict(type="str"), + ipv4_mask_length=dict(type="str"), + ipv6_mask_length=dict(type="str"), + anti_spoofing=dict(type="bool"), + anti_spoofing_settings=dict( + type="dict", + options=dict( + action=dict(type="str", choices=["prevent", "detect"]), + exclude_packets=dict(type="bool"), + excluded_network_name=dict(type="str"), + excluded_network_uid=dict(type="str"), + spoof_tracking=dict( + type="str", choices=["none", "log", "alert"] + ), + ), + ), + multicast_address=dict(type="str"), + multicast_address_type=dict( + type="str", choices=["manual", "default"] + ), + security_zone=dict(type="bool"), + security_zone_settings=dict( + type="dict", + options=dict( + auto_calculated=dict(type="bool"), + specific_zone=dict(type="str"), + ), + ), + tags=dict(type="list", elements="str"), + topology=dict( + type="str", choices=["automatic", "external", "internal"] + ), + topology_settings=dict( + type="dict", + options=dict( + interface_leads_to_dmz=dict(type="bool"), + ip_address_behind_this_interface=dict( + type="str", + choices=[ + "not defined", + "network defined by the interface ip and net mask", + "network defined by routing", + "specific", + ], + ), + specific_network=dict(type="str"), + ), + ), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict( + type="str", choices=["uid", "standard", "full"] + ), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), + ), + ), + ips=dict(type="bool"), + members=dict( + type="list", + elements="dict", + options=dict( + name=dict(type="str"), + interfaces=dict( + type="list", + elements="dict", + options=dict( + name=dict(type="str"), + anti_spoofing=dict(type="bool"), + anti_spoofing_settings=dict( + type="dict", + options=dict( + action=dict( + type="str", choices=["prevent", "detect"] + ), + exclude_packets=dict(type="bool"), + excluded_network_name=dict(type="str"), + excluded_network_uid=dict(type="str"), + spoof_tracking=dict( + type="str", + choices=["none", "log", "alert"], + ), + ), + ), + ip_address=dict(type="str"), + ipv4_address=dict(type="str"), + ipv6_address=dict(type="str"), + network_mask=dict(type="str"), + ipv4_network_mask=dict(type="str"), + ipv6_network_mask=dict(type="str"), + mask_length=dict(type="str"), + ipv4_mask_length=dict(type="str"), + ipv6_mask_length=dict(type="str"), + security_zone=dict(type="bool"), + security_zone_settings=dict( + type="dict", + options=dict( + auto_calculated=dict(type="bool"), + specific_zone=dict(type="str"), + ), + ), + tags=dict(type="list", elements="str"), + topology=dict( + type="str", + choices=["automatic", "external", "internal"], + ), + topology_settings=dict( + type="dict", + options=dict( + interface_leads_to_dmz=dict(type="bool"), + ip_address_behind_this_interface=dict( + type="str", + choices=[ + "not defined", + "network defined by the interface ip and net mask", + "network defined by routing", + "specific", + ], + ), + specific_network=dict(type="str"), + ), + ), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict( + type="str", choices=["uid", "standard", "full"] + ), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), + ), + ), + ip_address=dict(type="str"), + ipv4_address=dict(type="str"), + ipv6_address=dict(type="str"), + one_time_password=dict(type="str", no_log=True), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict( + type="str", choices=["uid", "standard", "full"] + ), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), + ), + ), + os_name=dict(type="str"), + platform_portal_settings=dict( + type="dict", + options=dict( + portal_web_settings=dict( + type="dict", + options=dict( + aliases=dict(type="list", elements="str"), + ip_address=dict(type="str"), + main_url=dict(type="str"), + ), + ), + certificate_settings=dict( + type="dict", + options=dict( + base64_certificate=dict(type="str"), + base64_password=dict(type="str", no_log=True), + ), + ), + accessibility=dict( + type="dict", + options=dict( + allow_access_from=dict( + type="str", + choices=[ + "rule_base", + "internal_interfaces", + "all_interfaces", + ], + ), + internal_access_settings=dict( + type="dict", + options=dict( + undefined=dict(type="bool"), + dmz=dict(type="bool"), + vpn=dict(type="bool"), + ), + ), + ), + ), + ), + ), + send_alerts_to_server=dict(type="list", elements="str"), + send_logs_to_backup_server=dict(type="list", elements="str"), + send_logs_to_server=dict(type="list", elements="str"), + tags=dict(type="list", elements="str"), + threat_emulation=dict(type="bool"), + threat_extraction=dict(type="bool"), + threat_prevention_mode=dict( + type="str", choices=["autonomous", "custom"] + ), + url_filtering=dict(type="bool"), + usercheck_portal_settings=dict( + type="dict", + options=dict( + enabled=dict(type="bool"), + portal_web_settings=dict( + type="dict", + options=dict( + aliases=dict(type="list", elements="str"), + ip_address=dict(type="str"), + main_url=dict(type="str"), + ), + ), + certificate_settings=dict( + type="dict", + options=dict( + base64_certificate=dict(type="str"), + base64_password=dict(type="str", no_log=True), + ), + ), + accessibility=dict( + type="dict", + options=dict( + allow_access_from=dict( + type="str", + choices=[ + "rule_base", + "internal_interfaces", + "all_interfaces", + ], + ), + internal_access_settings=dict( + type="dict", + options=dict( + undefined=dict(type="bool"), + dmz=dict(type="bool"), + vpn=dict(type="bool"), + ), + ), + ), + ), + ), + ), + cluster_version=dict(type="str"), + vpn=dict(type="bool"), + vpn_settings=dict( + type="dict", + options=dict( + authentication=dict( + type="dict", + options=dict( + authentication_clients=dict( + type="list", elements="str" + ) + ), + ), + link_selection=dict( + type="dict", + options=dict( + ip_selection=dict( + type="str", + choices=[ + "use-main-address", + "use-selected-address-from-topology", + "use-statically-nated-ip", + "calculated-ip-based-on-topology", + "dns-resolving-from-hostname", + "dns-resolving-from-gateway-and-domain-name", + "use-probing-with-high-availability", + "use-probing-with-load-sharing", + "use-one-time-probing", + ], + ), + dns_resolving_hostname=dict(type="str"), + ip_address=dict(type="str"), + ), + ), + maximum_concurrent_ike_negotiations=dict(type="int"), + maximum_concurrent_tunnels=dict(type="int"), + office_mode=dict( + type="dict", + options=dict( + mode=dict( + type="str", + choices=["off", "specific-group", "all-users"], + ), + group=dict(type="str"), + allocate_ip_address_from=dict( + type="dict", + options=dict( + radius_server=dict(type="bool"), + use_allocate_method=dict(type="bool"), + allocate_method=dict( + type="str", choices=["manual", "automatic"] + ), + manual_network=dict(type="str"), + dhcp_server=dict(type="str"), + virtual_ip_address=dict(type="str"), + dhcp_mac_address=dict( + type="str", + choices=["per-machine", "per-user"], + ), + optional_parameters=dict( + type="dict", + options=dict( + use_primary_dns_server=dict( + type="bool" + ), + primary_dns_server=dict(type="str"), + use_first_backup_dns_server=dict( + type="bool" + ), + first_backup_dns_server=dict( + type="str" + ), + use_second_backup_dns_server=dict( + type="bool" + ), + second_backup_dns_server=dict( + type="str" + ), + dns_suffixes=dict(type="str"), + use_primary_wins_server=dict( + type="bool" + ), + primary_wins_server=dict(type="str"), + use_first_backup_wins_server=dict( + type="bool" + ), + first_backup_wins_server=dict( + type="str" + ), + use_second_backup_wins_server=dict( + type="bool" + ), + second_backup_wins_server=dict( + type="str" + ), + ip_lease_duration=dict(type="int"), + ), + ), + ), + ), + support_multiple_interfaces=dict(type="bool"), + perform_anti_spoofing=dict(type="bool"), + anti_spoofing_additional_addresses=dict(type="str"), + ), + ), + remote_access=dict( + type="dict", + options=dict( + support_l2tp=dict(type="bool"), + l2tp_auth_method=dict( + type="str", choices=["certificate", "md5"] + ), + l2tp_certificate=dict(type="str"), + allow_vpn_clients_to_route_traffic=dict(type="bool"), + support_nat_traversal_mechanism=dict(type="bool"), + nat_traversal_service=dict(type="str"), + support_visitor_mode=dict(type="bool"), + visitor_mode_service=dict(type="str"), + visitor_mode_interface=dict(type="str"), + ), + ), + vpn_domain=dict(type="str"), + vpn_domain_type=dict( + type="str", choices=["manual", "addresses_behind_gw"] + ), + ), + ), + show_portals_certificate=dict(type="bool"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'simple-cluster' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "simple-cluster" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster_facts.py index c422eabf1..23cf270a4 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -122,35 +124,46 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - limit_interfaces=dict(type='int'), - show_portals_certificate=dict(type='bool'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool'), - domains_to_process=dict(type='list', elements='str') + name=dict(type="str"), + limit_interfaces=dict(type="int"), + show_portals_certificate=dict(type="bool"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), + domains_to_process=dict(type="list", elements="str"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "simple-cluster" api_call_object_plural_version = "simple-clusters" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway.py index ce530d3f3..bd276c179 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -497,141 +499,272 @@ cp_mgmt_simple_gateway: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - ip_address=dict(type='str'), - ipv4_address=dict(type='str'), - ipv6_address=dict(type='str'), - anti_bot=dict(type='bool'), - anti_virus=dict(type='bool'), - application_control=dict(type='bool'), - content_awareness=dict(type='bool'), - firewall=dict(type='bool'), - firewall_settings=dict(type='dict', options=dict( - auto_calculate_connections_hash_table_size_and_memory_pool=dict(type='bool'), - auto_maximum_limit_for_concurrent_connections=dict(type='bool'), - connections_hash_size=dict(type='int'), - maximum_limit_for_concurrent_connections=dict(type='int'), - maximum_memory_pool_size=dict(type='int'), - memory_pool_size=dict(type='int') - )), - interfaces=dict(type='list', elements='dict', options=dict( - name=dict(type='str'), - anti_spoofing=dict(type='bool'), - anti_spoofing_settings=dict(type='dict', options=dict( - action=dict(type='str', choices=['prevent', 'detect']) - )), - ip_address=dict(type='str'), - ipv4_address=dict(type='str'), - ipv6_address=dict(type='str'), - network_mask=dict(type='str'), - ipv4_network_mask=dict(type='str'), - ipv6_network_mask=dict(type='str'), - mask_length=dict(type='str'), - ipv4_mask_length=dict(type='str'), - ipv6_mask_length=dict(type='str'), - security_zone=dict(type='bool'), - security_zone_settings=dict(type='dict', options=dict( - auto_calculated=dict(type='bool'), - specific_zone=dict(type='str') - )), - tags=dict(type='list', elements='str'), - topology=dict(type='str', choices=['automatic', 'external', 'internal']), - topology_settings=dict(type='dict', options=dict( - interface_leads_to_dmz=dict(type='bool'), - ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask', - 'network defined by routing', 'specific']), - specific_network=dict(type='str') - )), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', - 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', - 'firebrick', - 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', - 'coral', - 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', - 'red', - 'sienna', 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') - )), - ips=dict(type='bool'), - logs_settings=dict(type='dict', options=dict( - alert_when_free_disk_space_below=dict(type='bool'), - alert_when_free_disk_space_below_threshold=dict(type='int'), - alert_when_free_disk_space_below_type=dict(type='str', choices=['none', - 'log', 'popup alert', 'mail alert', 'snmp trap alert', - 'user defined alert no.1', - 'user defined alert no.2', 'user defined alert no.3']), - before_delete_keep_logs_from_the_last_days=dict(type='bool'), - before_delete_keep_logs_from_the_last_days_threshold=dict(type='int'), - before_delete_run_script=dict(type='bool'), - before_delete_run_script_command=dict(type='str'), - delete_index_files_older_than_days=dict(type='bool'), - delete_index_files_older_than_days_threshold=dict(type='int'), - delete_index_files_when_index_size_above=dict(type='bool'), - delete_index_files_when_index_size_above_threshold=dict(type='int'), - delete_when_free_disk_space_below=dict(type='bool'), - delete_when_free_disk_space_below_threshold=dict(type='int'), - detect_new_citrix_ica_application_names=dict(type='bool'), - forward_logs_to_log_server=dict(type='bool'), - forward_logs_to_log_server_name=dict(type='str'), - forward_logs_to_log_server_schedule_name=dict(type='str'), - free_disk_space_metrics=dict(type='str', choices=['mbytes', 'percent']), - perform_log_rotate_before_log_forwarding=dict(type='bool'), - reject_connections_when_free_disk_space_below_threshold=dict(type='bool'), - reserve_for_packet_capture_metrics=dict(type='str', choices=['percent', 'mbytes']), - reserve_for_packet_capture_threshold=dict(type='int'), - rotate_log_by_file_size=dict(type='bool'), - rotate_log_file_size_threshold=dict(type='int'), - rotate_log_on_schedule=dict(type='bool'), - rotate_log_schedule_name=dict(type='str'), - stop_logging_when_free_disk_space_below=dict(type='bool'), - stop_logging_when_free_disk_space_below_threshold=dict(type='int'), - turn_on_qos_logging=dict(type='bool'), - update_account_log_every=dict(type='int') - )), - one_time_password=dict(type='str', no_log=True), - os_name=dict(type='str'), - save_logs_locally=dict(type='bool'), - send_alerts_to_server=dict(type='list', elements='str'), - send_logs_to_backup_server=dict(type='list', elements='str'), - send_logs_to_server=dict(type='list', elements='str'), - tags=dict(type='list', elements='str'), - threat_emulation=dict(type='bool'), - threat_extraction=dict(type='bool'), - url_filtering=dict(type='bool'), - gateway_version=dict(type='str'), - vpn=dict(type='bool'), - vpn_settings=dict(type='dict', options=dict( - maximum_concurrent_ike_negotiations=dict(type='int'), - maximum_concurrent_tunnels=dict(type='int') - )), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', - 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + ip_address=dict(type="str"), + ipv4_address=dict(type="str"), + ipv6_address=dict(type="str"), + anti_bot=dict(type="bool"), + anti_virus=dict(type="bool"), + application_control=dict(type="bool"), + content_awareness=dict(type="bool"), + firewall=dict(type="bool"), + firewall_settings=dict( + type="dict", + options=dict( + auto_calculate_connections_hash_table_size_and_memory_pool=dict( + type="bool" + ), + auto_maximum_limit_for_concurrent_connections=dict( + type="bool" + ), + connections_hash_size=dict(type="int"), + maximum_limit_for_concurrent_connections=dict(type="int"), + maximum_memory_pool_size=dict(type="int"), + memory_pool_size=dict(type="int"), + ), + ), + interfaces=dict( + type="list", + elements="dict", + options=dict( + name=dict(type="str"), + anti_spoofing=dict(type="bool"), + anti_spoofing_settings=dict( + type="dict", + options=dict( + action=dict(type="str", choices=["prevent", "detect"]) + ), + ), + ip_address=dict(type="str"), + ipv4_address=dict(type="str"), + ipv6_address=dict(type="str"), + network_mask=dict(type="str"), + ipv4_network_mask=dict(type="str"), + ipv6_network_mask=dict(type="str"), + mask_length=dict(type="str"), + ipv4_mask_length=dict(type="str"), + ipv6_mask_length=dict(type="str"), + security_zone=dict(type="bool"), + security_zone_settings=dict( + type="dict", + options=dict( + auto_calculated=dict(type="bool"), + specific_zone=dict(type="str"), + ), + ), + tags=dict(type="list", elements="str"), + topology=dict( + type="str", choices=["automatic", "external", "internal"] + ), + topology_settings=dict( + type="dict", + options=dict( + interface_leads_to_dmz=dict(type="bool"), + ip_address_behind_this_interface=dict( + type="str", + choices=[ + "not defined", + "network defined by the interface ip and net mask", + "network defined by routing", + "specific", + ], + ), + specific_network=dict(type="str"), + ), + ), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict( + type="str", choices=["uid", "standard", "full"] + ), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), + ), + ), + ips=dict(type="bool"), + logs_settings=dict( + type="dict", + options=dict( + alert_when_free_disk_space_below=dict(type="bool"), + alert_when_free_disk_space_below_threshold=dict(type="int"), + alert_when_free_disk_space_below_type=dict( + type="str", + choices=[ + "none", + "log", + "popup alert", + "mail alert", + "snmp trap alert", + "user defined alert no.1", + "user defined alert no.2", + "user defined alert no.3", + ], + ), + before_delete_keep_logs_from_the_last_days=dict(type="bool"), + before_delete_keep_logs_from_the_last_days_threshold=dict( + type="int" + ), + before_delete_run_script=dict(type="bool"), + before_delete_run_script_command=dict(type="str"), + delete_index_files_older_than_days=dict(type="bool"), + delete_index_files_older_than_days_threshold=dict(type="int"), + delete_index_files_when_index_size_above=dict(type="bool"), + delete_index_files_when_index_size_above_threshold=dict( + type="int" + ), + delete_when_free_disk_space_below=dict(type="bool"), + delete_when_free_disk_space_below_threshold=dict(type="int"), + detect_new_citrix_ica_application_names=dict(type="bool"), + forward_logs_to_log_server=dict(type="bool"), + forward_logs_to_log_server_name=dict(type="str"), + forward_logs_to_log_server_schedule_name=dict(type="str"), + free_disk_space_metrics=dict( + type="str", choices=["mbytes", "percent"] + ), + perform_log_rotate_before_log_forwarding=dict(type="bool"), + reject_connections_when_free_disk_space_below_threshold=dict( + type="bool" + ), + reserve_for_packet_capture_metrics=dict( + type="str", choices=["percent", "mbytes"] + ), + reserve_for_packet_capture_threshold=dict(type="int"), + rotate_log_by_file_size=dict(type="bool"), + rotate_log_file_size_threshold=dict(type="int"), + rotate_log_on_schedule=dict(type="bool"), + rotate_log_schedule_name=dict(type="str"), + stop_logging_when_free_disk_space_below=dict(type="bool"), + stop_logging_when_free_disk_space_below_threshold=dict( + type="int" + ), + turn_on_qos_logging=dict(type="bool"), + update_account_log_every=dict(type="int"), + ), + ), + one_time_password=dict(type="str", no_log=True), + os_name=dict(type="str"), + save_logs_locally=dict(type="bool"), + send_alerts_to_server=dict(type="list", elements="str"), + send_logs_to_backup_server=dict(type="list", elements="str"), + send_logs_to_server=dict(type="list", elements="str"), + tags=dict(type="list", elements="str"), + threat_emulation=dict(type="bool"), + threat_extraction=dict(type="bool"), + url_filtering=dict(type="bool"), + gateway_version=dict(type="str"), + vpn=dict(type="bool"), + vpn_settings=dict( + type="dict", + options=dict( + maximum_concurrent_ike_negotiations=dict(type="int"), + maximum_concurrent_tunnels=dict(type="int"), + ), + ), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'simple-gateway' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "simple-gateway" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway_facts.py index cdccabb18..6df2d31c4 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -102,31 +104,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - show_membership=dict(type='bool') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "simple-gateway" api_call_object_plural_version = "simple-gateways" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smart_task.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smart_task.py new file mode 100644 index 000000000..c491bf72c --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smart_task.py @@ -0,0 +1,295 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_smart_task +short_description: Manages smart-task objects on Checkpoint over Web Services API +description: + - Manages smart-task objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + action: + description: + - The action to be run when the trigger is fired. + type: dict + suboptions: + send_web_request: + description: + - When the trigger is fired, sends an HTTPS POST web request to the configured URL.<br>The trigger data will be passed along with the + SmartTask's custom data in the request's payload. + type: dict + suboptions: + url: + description: + - URL used for the web request. + type: str + fingerprint: + description: + - The SHA1 fingerprint of the URL's SSL certificate. Used to trust servers with self-signed SSL certificates. + type: str + override_proxy: + description: + - Option to send to the web request via a proxy other than the Management's Server proxy (if defined). + type: bool + proxy_url: + description: + - URL of the proxy used to send the request. + type: str + shared_secret: + description: + - Shared secret that can be used by the target server to identify the Management Server.<br>The value will be sent as part of + the request in the "X-chkp-shared-secret" header. + type: str + time_out: + description: + - Web Request time-out in seconds. + type: int + run_script: + description: + - When the trigger is fired, runs the configured Repository Script on the defined targets.<br>The trigger data is then passed to the + script as the first parameter. The parameter is JSON encoded in Base64 format. + type: dict + suboptions: + repository_script: + description: + - Repository script that is executed when the trigger is fired., identified by the name or UID. + type: str + targets: + description: + - Targets to execute the script on. + type: list + elements: str + time_out: + description: + - Script execution time-out in seconds. + type: int + send_mail: + description: + - When the trigger is fired, sends the configured email to the defined recipients. + type: dict + suboptions: + mail_settings: + description: + - The required settings to send the mail by. + type: dict + suboptions: + recipients: + description: + - A comma separated list of recipient mail addresses. + type: str + sender_email: + description: + - An email address to send the mail from. + type: str + subject: + description: + - The email subject. + type: str + body: + description: + - The email body. + type: str + attachment: + description: + - What file should be attached to the mail. + type: str + choices: ['no attachment', 'changes report', 'policy installation report'] + bcc_recipients: + description: + - A comma separated list of bcc recipient mail addresses. + type: str + cc_recipients: + description: + - A comma separated list of cc recipient mail addresses. + type: str + smtp_server: + description: + - The UID or the name a preconfigured SMTP server object. + type: str + trigger: + description: + - Trigger type associated with the SmartTask. + type: str + custom_data: + description: + - Per SmartTask custom data in JSON format.<br>When the trigger is fired, the trigger data is converted to JSON. The custom data is then + concatenated to the trigger data JSON. + type: str + description: + description: + - Description of the SmartTask's functionality and options. + type: str + enabled: + description: + - Whether the SmartTask is enabled and will run when triggered. + type: bool + fail_open: + description: + - If the action fails to execute, whether to treat the execution failure as an error, or continue. + type: bool + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-smart-task + cp_mgmt_smart_task: + action: + run_script: + repository_script: Session Name Validation Script + time_out: 30 + custom_data: '{"session-name-format": "CR"}' + description: Run a validation script that ensures that the a session name matches the expected name format as described in the Custom Data field. + enabled: true + name: Validate Session Name Before Publish + state: present + trigger: Before Publish + +- name: set-smart-task + cp_mgmt_smart_task: + action: + send_web_request: + fingerprint: 3FDD902286DBF130EF4CEC7939EF81060AB0FEB6 + url: https://demo.example.com/policy-installation-reports + custom_data: '{"mail-address": "example-admin@example-corp.com"}' + description: Send policy installation results to the mail address specified in the Custom Data field using the corporate's dedicated web server. + enabled: true + name: Send Policy Installation Reports + state: present + trigger: After Install Policy + +- name: delete-smart-task + cp_mgmt_smart_task: + name: Validate Session Name Before Publish + state: absent +""" + +RETURN = """ +cp_mgmt_smart_task: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + action=dict(type='dict', options=dict( + send_web_request=dict(type='dict', options=dict( + url=dict(type='str'), + fingerprint=dict(type='str'), + override_proxy=dict(type='bool'), + proxy_url=dict(type='str'), + shared_secret=dict(type='str', no_log=True), + time_out=dict(type='int') + )), + run_script=dict(type='dict', options=dict( + repository_script=dict(type='str'), + targets=dict(type='list', elements='str'), + time_out=dict(type='int') + )), + send_mail=dict(type='dict', options=dict( + mail_settings=dict(type='dict', options=dict( + recipients=dict(type='str'), + sender_email=dict(type='str'), + subject=dict(type='str'), + body=dict(type='str'), + attachment=dict(type='str', choices=['no attachment', 'changes report', 'policy installation report']), + bcc_recipients=dict(type='str'), + cc_recipients=dict(type='str') + )), + smtp_server=dict(type='str') + )) + )), + trigger=dict(type='str'), + custom_data=dict(type='str'), + description=dict(type='str'), + enabled=dict(type='bool'), + fail_open=dict(type='bool'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'smart-task' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smart_task_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smart_task_facts.py new file mode 100644 index 000000000..ee5abdead --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smart_task_facts.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_smart_task_facts +short_description: Get smart-task objects facts on Checkpoint over Web Services API +description: + - Get smart-task objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-smart-task + cp_mgmt_smart_task_facts: + name: Validate Session Name Before Publish + +- name: show-smart-tasks + cp_mgmt_smart_task_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "smart-task" + api_call_object_plural_version = "smart-tasks" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smart_task_trigger_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smart_task_trigger_facts.py new file mode 100644 index 000000000..cbdc3f747 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smart_task_trigger_facts.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_smart_task_trigger_facts +short_description: Get smart-task-trigger objects facts on Checkpoint over Web Services API +description: + - Get smart-task-trigger objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-smart-task-trigger + cp_mgmt_smart_task_trigger_facts: + name: Before Publish + +- name: show-smart-task-triggers + cp_mgmt_smart_task_trigger_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "smart-task-trigger" + api_call_object_plural_version = "smart-task-triggers" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server.py index 7feb0b7e1..9eff3c612 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -134,38 +136,79 @@ cp_mgmt_smtp_server: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - port=dict(type='int'), - server=dict(type='str'), - password=dict(type='str', no_log=True), - username=dict(type='str'), - authentication=dict(type='bool'), - encryption=dict(type='str', choices=['none', 'ssl', 'tls']), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - domains_to_process=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + port=dict(type="int"), + server=dict(type="str"), + password=dict(type="str", no_log=True), + username=dict(type="str"), + authentication=dict(type="bool"), + encryption=dict(type="str", choices=["none", "ssl", "tls"]), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + domains_to_process=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'smtp-server' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "smtp-server" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server_facts.py index b574885fd..151902f5f 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -110,32 +112,43 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - domains_to_process=dict(type='list', elements='str') + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + domains_to_process=dict(type="list", elements="str"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "smtp-server" api_call_object_plural_version = "smtp-servers" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_submit_session.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_submit_session.py index 0dfdd0f5e..18abdc243 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_submit_session.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_submit_session.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -56,13 +58,14 @@ cp_mgmt_submit_session: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - uid=dict(type='str') - ) + argument_spec = dict(uid=dict(type="str")) argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -73,5 +76,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tacacs_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tacacs_group.py new file mode 100644 index 000000000..989502da5 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tacacs_group.py @@ -0,0 +1,146 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_tacacs_group +short_description: Manages tacacs-group objects on Checkpoint over Web Services API +description: + - Manages tacacs-group objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + members: + description: + - Collection of tacacs servers identified by the name or UID. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-tacacs-group + cp_mgmt_tacacs_group: + members: + - t1 + - t3 + - group1 + name: group2 + state: present + +- name: set-tacacs-group + cp_mgmt_tacacs_group: + members: + - tacacs4 + name: group1 + state: present + +- name: delete-tacacs-group + cp_mgmt_tacacs_group: + name: tacacs group + state: absent +""" + +RETURN = """ +cp_mgmt_tacacs_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + members=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'tacacs-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tacacs_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tacacs_group_facts.py new file mode 100644 index 000000000..00f8302ce --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tacacs_group_facts.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_tacacs_group_facts +short_description: Get tacacs-group objects facts on Checkpoint over Web Services API +description: + - Get tacacs-group objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-tacacs-group + cp_mgmt_tacacs_group_facts: + name: group1 + +- name: show-tacacs-groups + cp_mgmt_tacacs_group_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "tacacs-group" + api_call_object_plural_version = "tacacs-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tacacs_server.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tacacs_server.py new file mode 100644 index 000000000..986b46156 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tacacs_server.py @@ -0,0 +1,171 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_tacacs_server +short_description: Manages tacacs-server objects on Checkpoint over Web Services API +description: + - Manages tacacs-server objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + secret_key: + description: + - The server's secret key.<br><font color="red">Required only when</font> "server-type" was selected to be "TACACS+". + type: str + server: + description: + - The UID or Name of the host that is the TACACS Server. + type: str + encryption: + description: + - Is there a secret key defined on the server. Must be set true when "server-type" was selected to be "TACACS+". + type: bool + priority: + description: + - The priority of the TACACS Server in case it is a member of a TACACS Group. + type: int + server_type: + description: + - Server type, TACACS or TACACS+. + type: str + choices: ['TACACS', 'TACACS+'] + service: + description: + - Server service, only relevant when "server-type" is TACACS. + type: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-tacacs-server + cp_mgmt_tacacs_server: + name: tacacs7 + server: h1 + state: present + +- name: set-tacacs-server + cp_mgmt_tacacs_server: + encryption: 'true' + name: tacacs server + priority: '5' + secret_key: '**secret**' + server: d700e8d5-d010-4f37-ab14-f78f5a26426c + server_type: TACACS + state: present + +- name: delete-tacacs-server + cp_mgmt_tacacs_server: + name: tacacs server + state: absent +""" + +RETURN = """ +cp_mgmt_tacacs_server: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + secret_key=dict(type='str', no_log=True), + server=dict(type='str'), + encryption=dict(type='bool'), + priority=dict(type='int'), + server_type=dict(type='str', choices=['TACACS', 'TACACS+']), + service=dict(type='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'tacacs-server' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tacacs_server_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tacacs_server_facts.py new file mode 100644 index 000000000..3a5868a20 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tacacs_server_facts.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_tacacs_server_facts +short_description: Get tacacs-server objects facts on Checkpoint over Web Services API +description: + - Get tacacs-server objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-tacacs-server + cp_mgmt_tacacs_server_facts: + name: t1 + +- name: show-tacacs-servers + cp_mgmt_tacacs_server_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "tacacs-server" + api_call_object_plural_version = "tacacs-servers" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag.py index 07bc150ce..2650b1913 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -96,31 +98,72 @@ cp_mgmt_tag: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'tag' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "tag" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag_facts.py index 942e1415b..918c9c8eb 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -95,30 +97,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "tag" api_call_object_plural_version = "tags" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_task_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_task_facts.py new file mode 100644 index 000000000..f76eba09b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_task_facts.py @@ -0,0 +1,150 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_task_facts +short_description: Get task objects facts on Checkpoint over Web Services API +description: + - Get task objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + task_id: + description: + - Unique identifier of one or more tasks. + type: list + elements: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + initiator: + description: + - Initiator's name. If name isn't specified, tasks from all initiators will be shown. + type: str + status: + description: + - Status. + type: str + choices: ['successful', 'failed', 'in-progress', 'all'] + from_date: + description: + - The date from which tracking tasks is to be performed, by the task's last update date. ISO 8601. If timezone isn't specified in the input, the + Management server's timezone is used. + type: str + to_date: + description: + - The date until which tracking tasks is to be performed, by the task's last update date. ISO 8601. If timezone isn't specified in the input, + the Management server's timezone is used. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the descending order by the task's last update date. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-task + cp_mgmt_task_facts: + task_id: 2eec70e5-78a8-4bdb-9a76-cfb5601d0bcb + +- name: show-tasks + cp_mgmt_task_facts: + from_date: '2018-05-23T08:00:00' + initiator: admin1 + status: successful +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + task_id=dict(type='list', elements='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + initiator=dict(type='str'), + status=dict(type='str', choices=['successful', 'failed', 'in-progress', 'all']), + from_date=dict(type='str'), + to_date=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )) + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "task" + api_call_object_plural_version = "tasks" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_test_sic_status.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_test_sic_status.py index 2eb7dbf0a..7224b7886 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_test_sic_status.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_test_sic_status.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -61,13 +63,14 @@ cp_mgmt_test_sic_status: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - name=dict(type='str') - ) + argument_spec = dict(name=dict(type="str")) argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -78,5 +81,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception.py index b6ea57f63..1b5f2b6bf 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -173,41 +175,47 @@ cp_mgmt_threat_exception: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, + api_call_for_rule, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - position=dict(type='str'), - exception_group_uid=dict(type='str'), - exception_group_name=dict(type='str'), - layer=dict(type='str'), - rule_name=dict(type='str'), - action=dict(type='str'), - destination=dict(type='list', elements='str'), - destination_negate=dict(type='bool'), - enabled=dict(type='bool'), - install_on=dict(type='list', elements='str'), - protected_scope=dict(type='list', elements='str'), - protected_scope_negate=dict(type='bool'), - protection_or_site=dict(type='list', elements='str'), - service=dict(type='list', elements='str'), - service_negate=dict(type='bool'), - source=dict(type='list', elements='str'), - source_negate=dict(type='bool'), - track=dict(type='str'), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + position=dict(type="str"), + exception_group_uid=dict(type="str"), + exception_group_name=dict(type="str"), + layer=dict(type="str"), + rule_name=dict(type="str"), + action=dict(type="str"), + destination=dict(type="list", elements="str"), + destination_negate=dict(type="bool"), + enabled=dict(type="bool"), + install_on=dict(type="list", elements="str"), + protected_scope=dict(type="list", elements="str"), + protected_scope_negate=dict(type="bool"), + protection_or_site=dict(type="list", elements="str"), + service=dict(type="list", elements="str"), + service_negate=dict(type="bool"), + source=dict(type="list", elements="str"), + source_negate=dict(type="bool"), + track=dict(type="str"), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'threat-exception' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "threat-exception" - if module.params['position'] is None: + if module.params["position"] is None: result = api_call(module, api_call_object) else: result = api_call_for_rule(module, api_call_object) @@ -215,5 +223,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception_facts.py index 1455df234..6473ef001 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -175,49 +177,66 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - exception_group_uid=dict(type='str'), - exception_group_name=dict(type='str'), - layer=dict(type='str'), - rule_name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - filter_settings=dict(type='dict', options=dict( - search_mode=dict(type='str', choices=['general', 'packet']), - packet_search_settings=dict(type='dict', options=dict( - expand_group_members=dict(type='bool'), - expand_group_with_exclusion_members=dict(type='bool'), - match_on_any=dict(type='bool'), - match_on_group_with_exclusion=dict(type='bool'), - match_on_negate=dict(type='bool') - )) - )), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - package=dict(type='str'), - use_object_dictionary=dict(type='bool'), - dereference_group_members=dict(type='bool'), - show_membership=dict(type='bool') + name=dict(type="str"), + exception_group_uid=dict(type="str"), + exception_group_name=dict(type="str"), + layer=dict(type="str"), + rule_name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + filter_settings=dict( + type="dict", + options=dict( + search_mode=dict(type="str", choices=["general", "packet"]), + packet_search_settings=dict( + type="dict", + options=dict( + expand_group_members=dict(type="bool"), + expand_group_with_exclusion_members=dict(type="bool"), + match_on_any=dict(type="bool"), + match_on_group_with_exclusion=dict(type="bool"), + match_on_negate=dict(type="bool"), + ), + ), + ), + ), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + package=dict(type="str"), + use_object_dictionary=dict(type="bool"), + dereference_group_members=dict(type="bool"), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "threat-exception" api_call_object_plural_version = "threat-rule-exception-rulebase" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator.py index 67772aef5..1fd458e81 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -218,57 +220,115 @@ cp_mgmt_threat_indicator: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - observables=dict(type='list', elements='dict', options=dict( - name=dict(type='str'), - md5=dict(type='str'), - url=dict(type='str'), - ip_address=dict(type='str'), - ip_address_first=dict(type='str'), - ip_address_last=dict(type='str'), - domain=dict(type='str'), - mail_to=dict(type='str'), - mail_from=dict(type='str'), - mail_cc=dict(type='str'), - mail_reply_to=dict(type='str'), - mail_subject=dict(type='str'), - confidence=dict(type='str', choices=['low', 'medium', 'high', 'critical']), - product=dict(type='str', choices=['AV', 'AB']), - severity=dict(type='str', choices=['low', 'medium', 'high', 'critical']), - comments=dict(type='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') - )), - observables_raw_data=dict(type='str'), - action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), - profile_overrides=dict(type='list', elements='dict', options=dict( - action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), - profile=dict(type='str') - )), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + observables=dict( + type="list", + elements="dict", + options=dict( + name=dict(type="str"), + md5=dict(type="str"), + url=dict(type="str"), + ip_address=dict(type="str"), + ip_address_first=dict(type="str"), + ip_address_last=dict(type="str"), + domain=dict(type="str"), + mail_to=dict(type="str"), + mail_from=dict(type="str"), + mail_cc=dict(type="str"), + mail_reply_to=dict(type="str"), + mail_subject=dict(type="str"), + confidence=dict( + type="str", choices=["low", "medium", "high", "critical"] + ), + product=dict(type="str", choices=["AV", "AB"]), + severity=dict( + type="str", choices=["low", "medium", "high", "critical"] + ), + comments=dict(type="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), + ), + ), + observables_raw_data=dict(type="str"), + action=dict( + type="str", choices=["Inactive", "Ask", "Prevent", "Detect"] + ), + profile_overrides=dict( + type="list", + elements="dict", + options=dict( + action=dict( + type="str", + choices=["Inactive", "Ask", "Prevent", "Detect"], + ), + profile=dict(type="str"), + ), + ), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'threat-indicator' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "threat-indicator" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator_facts.py index 3d441c435..7e211e197 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -95,30 +97,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "threat-indicator" api_call_object_plural_version = "threat-indicators" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer.py index 991b533ef..45d4e8e43 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["deprecated"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -34,6 +36,10 @@ description: - All operations are performed over Web Services API. version_added: "1.0.0" author: "Or Soffer (@chkp-orso)" +deprecated: + alternative: cp_mgmt_threat_layers + why: Newer and updated modules released with more functionality. + removed_at_date: '2024-11-01' options: name: description: @@ -97,32 +103,73 @@ cp_mgmt_threat_layer: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - add_default_rule=dict(type='bool'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + add_default_rule=dict(type="bool"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'threat-layer' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "threat-layer" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer_facts.py index c432b56ec..bfed8eff4 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -98,30 +100,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "threat-layer" api_call_object_plural_version = "threat-layers" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layers.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layers.py new file mode 100644 index 000000000..fdf605544 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layers.py @@ -0,0 +1,423 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright 2022 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +""" +The module file for cp_mgmt_threat_layers +""" + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = """ +module: cp_mgmt_threat_layers +short_description: Manages THREAT LAYERS resource module +description: + - This resource module allows for addition, deletion, or modification of CP Threat Layers. + - This resource module also takes care of gathering Threat Layers config facts +version_added: "5.0.0" +author: Ansible Security Automation Team (@justjais) <https://github.com/ansible-security>- +options: + config: + description: A dictionary of THREAT LAYERS options + type: dict + suboptions: + name: + description: Object name. Must be unique in the domain. + type: str + add_default_rule: + description: Indicates whether to include a default rule in the new layer. + type: bool + tags: + description: Collection of tag identifiers. + type: list + elements: str + color: + description: Color of the object. Should be one of existing colors. + type: str + choices: + - aquamarine + - black + - blue + - crete blue + - burlywood + - cyan + - dark green + - khaki + - orchid + - dark orange + - dark sea green + - pink + - turquoise + - dark blue + - firebrick + - brown + - forest green + - gold + - dark gold + - gray + - dark gray + - light green + - lemon chiffon + - coral + - sea green + - sky blue + - magenta + - purple + - slate blue + - violet red + - navy blue + - olive + - orange + - red + - sienna + - yellow + comments: + description: Comments string. + type: str + details_level: + description: The level of detail for some of the fields in the response can + vary from showing only the UID value of the object to a fully detailed representation + of the object. + type: str + choices: + - uid + - standard + - full + ignore_warnings: + description: Apply changes ignoring warnings. + type: bool + ignore_errors: + description: Apply changes ignoring errors. You won't be able to publish such + a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool + limit: + description: + - The maximal number of returned results. + - NOTE, this parameter is a valid parameter only for the GATHERED state, for config states + like, MERGED, REPLACED, and DELETED state it won't be applicable. + type: int + offset: + description: + - Number of the results to initially skip. + - NOTE, this parameter is a valid parameter only for the GATHERED state, for config states + like, MERGED, REPLACED, and DELETED state it won't be applicable. + type: int + order: + description: + - Sorts results by the given field. By default the results are sorted in the ascending order by name. + This parameter is relevant only for getting few objects. + - NOTE, this parameter is a valid parameter only for the GATHERED state, for config states + like, MERGED, REPLACED, and DELETED state it won't be applicable. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + DESC: + description: + - Sorts results by the given field in descending order. + type: str + round_trip: + description: + - If set to True, the round trip will filter out the module parameters from the response param, + which will enable the user to fire the config request using the structured gathered data. + - NOTE, this parameter makes relevance only with the GATHERED state, as for config states like, + MERGED, REPLACED, and DELETED state it won't make any config updates, + as it's not a module config parameter. + auto_publish_session: + description: + - Publish the current session if changes have been performed + after task completes. + type: bool + version: + description: + - Version of checkpoint. If not given one, the latest version taken. + type: str + state: + description: + - The state the configuration should be left in + - The state I(gathered) will get the module API configuration from the device + and transform it into structured data in the format as per the module argspec + and the value is returned in the I(gathered) key within the result. + type: str + choices: + - merged + - replaced + - gathered + - deleted +""" + +EXAMPLES = """ + +# Using MERGED state +# ------------------- + +- name: To Add Merge Threat-Layers config + cp_mgmt_threat_layers: + state: merged + config: + name: New Layer 1 + add_default_rule: true + tags: + - test_threat_layer + color: turquoise + comments: test description + ignore_warnings: false + ignore_errors: false + round_trip: true + +# RUN output: +# ----------- + +# mgmt_threat_layers: +# after: +# color: turquoise +# comments: test description +# icon: ApplicationFirewall/rulebase +# ips-layer: false +# name: New Layer 1 +# tags: +# - test_threat_layer +# before: {} + +# Using REPLACED state +# -------------------- + +- name: Replace Threat-layer config + cp_mgmt_threat_layers: + state: replaced + config: + name: New Layer 1 + add_default_rule: true + tags: + - test_threat_layer_replaced + color: cyan + comments: REPLACED description + ignore_warnings: false + ignore_errors: false + round_trip: true + +# RUN output: +# ----------- + +# mgmt_threat_layers: +# after: +# color: cyan +# comments: REPLACED description +# icon: ApplicationFirewall/rulebase +# ips-layer: false +# name: New Layer 1 +# tags: +# - test_threat_layer_replaced +# before: +# color: turquoise +# comments: test description +# icon: ApplicationFirewall/rulebase +# ips-layer: false +# name: New Layer 1 +# tags: +# - test_threat_layer + +# Using GATHERED state +# -------------------- + +# 1. With Round Trip set to True + +- name: To Gather threat-layer by Name + cp_mgmt_threat_layers: + config: + name: New Layer 1 + round_trip: true + state: gathered + +# RUN output: +# ----------- + +# gathered: +# color: turquoise +# comments: test description +# domain: SMC User +# icon: ApplicationFirewall/rulebase +# ips-layer: false +# name: New Layer 1 +# read-only: false +# tags: +# - test_threat_layer +# uid: 4dc060e2-0ed6-48c5-9b0f-3d2fbeb552ba + +# 2. With Round Trip set to False which is the default behaviour + +- name: To Gather threat-layer by Name + cp_mgmt_threat_layers: + config: + name: New Layer 1 + state: gathered + +# RUN output: +# ----------- + +# gathered: +# color: turquoise +# comments: test description +# domain: +# domain-type: domain +# name: SMC User +# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde +# icon: ApplicationFirewall/rulebase +# ips-layer: false +# meta-info: +# creation-time: +# iso-8601: 2022-11-21T07:30+0000 +# posix: 1669015820472 +# creator: admin +# last-modifier: admin +# last-modify-time: +# iso-8601: 2022-11-21T07:30+0000 +# posix: 1669015821024 +# lock: unlocked +# validation-state: ok +# name: New Layer 1 +# read-only: false +# tags: +# - domain: +# domain-type: domain +# name: SMC User +# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde +# name: test_threat_layer +# type: tag +# uid: 59f23149-ed5e-439f-9012-0cdf222a1c97 +# type: threat-layer +# uid: ca196a80-fdc4-4e7b-8b25-e3eed125a25f + +# 3. Gather ALL threat-layer config with DESC order filter + +- name: To Gather ALL threat-layer and order by Name + cp_mgmt_threat_layers: + config: + order: + - DESC: name + state: gathered + +# RUN output: +# ----------- + +# gathered: +# - color: black +# comments: '' +# domain: +# domain-type: domain +# name: SMC User +# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde +# icon: ApplicationFirewall/sharedrulebase +# ips-layer: true +# meta-info: +# creation-time: +# iso-8601: 2020-01-20T09:43+0000 +# posix: 1579513387322 +# creator: System +# last-modifier: System +# last-modify-time: +# iso-8601: 2020-01-20T09:43+0000 +# posix: 1579513387377 +# lock: unlocked +# validation-state: ok +# name: IPS +# read-only: false +# tags: [] +# type: threat-layer +# uid: 90678011-1bcb-4296-8154-fa58c23ecf3b +# - color: black +# comments: '' +# domain: +# domain-type: domain +# name: SMC User +# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde +# icon: ApplicationFirewall/rulebase +# ips-layer: false +# meta-info: +# creation-time: +# iso-8601: 2020-01-20T09:43+0000 +# posix: 1579513386848 +# creator: System +# last-modifier: System +# last-modify-time: +# iso-8601: 2020-01-20T09:43+0000 +# posix: 1579513387396 +# lock: unlocked +# validation-state: ok +# name: Standard Threat Prevention +# read-only: false +# tags: [] +# type: threat-layer +# uid: 0dbe7c44-6d3f-4f28-8f2b-0e6790e57f8a + +# Using DELETED state +# ------------------- + +- name: Delete Threat-layer config by Name and Layer + cp_mgmt_threat_layers: + config: + layer: IPS + name: First threat layer + round_trip: true + state: deleted + +# RUN output: +# ----------- + +# mgmt_threat_layers: +# after: {} +# before: +# action: Optimized +# comments: This is the THREAT RULE +# destination: +# - Any +# destination_negate: false +# enabled: true +# install_on: +# - Policy Targets +# layer: 90678011-1bcb-4296-8154-fa58c23ecf3b +# name: First threat layer +# protected_scope: +# - All_Internet +# protected_scope_negate: false +# service: +# - Any +# service_negate: false +# source: +# - Any +# source_negate: false +# track: None +# track_settings: +# packet_capture: true +""" + +RETURN = """ +before: + description: The configuration prior to the module execution. + returned: when state is I(merged), I(replaced), I(deleted) + type: dict + sample: > + This output will always be in the same format as the + module argspec. +after: + description: The resulting configuration after module execution. + returned: when changed + type: dict + sample: > + This output will always be in the same format as the + module argspec. +gathered: + description: Facts about the network resource gathered from the remote device as structured data. + returned: when state is I(gathered) + type: dict + sample: > + This output will always be in the same format as the + module argspec. +""" diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile.py index e41b82c84..457f5d402 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -326,81 +328,191 @@ cp_mgmt_threat_profile: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - active_protections_performance_impact=dict(type='str', choices=['high', 'medium', 'low', 'very_low']), - active_protections_severity=dict(type='str', choices=['Critical', 'High', 'Medium or above', 'Low or above']), - confidence_level_high=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), - confidence_level_low=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), - confidence_level_medium=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), - indicator_overrides=dict(type='list', elements='dict', options=dict( - action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']), - indicator=dict(type='str') - )), - ips_settings=dict(type='dict', options=dict( - exclude_protection_with_performance_impact=dict(type='bool'), - exclude_protection_with_performance_impact_mode=dict(type='str', choices=['very low', 'low or lower', 'medium or lower', 'high or lower']), - exclude_protection_with_severity=dict(type='bool'), - exclude_protection_with_severity_mode=dict(type='str', choices=['low or above', 'medium or above', 'high or above', 'critical']), - newly_updated_protections=dict(type='str', choices=['active', 'inactive', 'staging']) - )), - malicious_mail_policy_settings=dict(type='dict', options=dict( - add_customized_text_to_email_body=dict(type='bool'), - add_email_subject_prefix=dict(type='bool'), - add_x_header_to_email=dict(type='bool'), - email_action=dict(type='str', choices=['allow', 'block']), - email_body_customized_text=dict(type='str'), - email_subject_prefix_text=dict(type='str'), - failed_to_scan_attachments_text=dict(type='str'), - malicious_attachments_text=dict(type='str'), - malicious_links_text=dict(type='str'), - remove_attachments_and_links=dict(type='bool'), - send_copy=dict(type='bool'), - send_copy_list=dict(type='list', elements='str') - )), - overrides=dict(type='list', elements='dict', options=dict( - action=dict(type='str', choices=['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']), - protection=dict(type='str'), - capture_packets=dict(type='bool'), - track=dict(type='str', choices=['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2']) - )), - tags=dict(type='list', elements='str'), - use_indicators=dict(type='bool'), - anti_bot=dict(type='bool'), - anti_virus=dict(type='bool'), - ips=dict(type='bool'), - threat_emulation=dict(type='bool'), - activate_protections_by_extended_attributes=dict(type='list', elements='dict', options=dict( - name=dict(type='str'), - category=dict(type='str') - )), - deactivate_protections_by_extended_attributes=dict(type='list', elements='dict', options=dict( - name=dict(type='str'), - category=dict(type='str') - )), - use_extended_attributes=dict(type='bool'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + active_protections_performance_impact=dict( + type="str", choices=["high", "medium", "low", "very_low"] + ), + active_protections_severity=dict( + type="str", + choices=["Critical", "High", "Medium or above", "Low or above"], + ), + confidence_level_high=dict( + type="str", choices=["Inactive", "Ask", "Prevent", "Detect"] + ), + confidence_level_low=dict( + type="str", choices=["Inactive", "Ask", "Prevent", "Detect"] + ), + confidence_level_medium=dict( + type="str", choices=["Inactive", "Ask", "Prevent", "Detect"] + ), + indicator_overrides=dict( + type="list", + elements="dict", + options=dict( + action=dict( + type="str", + choices=["Inactive", "Ask", "Prevent", "Detect"], + ), + indicator=dict(type="str"), + ), + ), + ips_settings=dict( + type="dict", + options=dict( + exclude_protection_with_performance_impact=dict(type="bool"), + exclude_protection_with_performance_impact_mode=dict( + type="str", + choices=[ + "very low", + "low or lower", + "medium or lower", + "high or lower", + ], + ), + exclude_protection_with_severity=dict(type="bool"), + exclude_protection_with_severity_mode=dict( + type="str", + choices=[ + "low or above", + "medium or above", + "high or above", + "critical", + ], + ), + newly_updated_protections=dict( + type="str", choices=["active", "inactive", "staging"] + ), + ), + ), + malicious_mail_policy_settings=dict( + type="dict", + options=dict( + add_customized_text_to_email_body=dict(type="bool"), + add_email_subject_prefix=dict(type="bool"), + add_x_header_to_email=dict(type="bool"), + email_action=dict(type="str", choices=["allow", "block"]), + email_body_customized_text=dict(type="str"), + email_subject_prefix_text=dict(type="str"), + failed_to_scan_attachments_text=dict(type="str"), + malicious_attachments_text=dict(type="str"), + malicious_links_text=dict(type="str"), + remove_attachments_and_links=dict(type="bool"), + send_copy=dict(type="bool"), + send_copy_list=dict(type="list", elements="str"), + ), + ), + overrides=dict( + type="list", + elements="dict", + options=dict( + action=dict( + type="str", + choices=[ + "Threat Cloud: Inactive", + "Detect", + "Prevent <br> Core: Drop", + "Inactive", + "Accept", + ], + ), + protection=dict(type="str"), + capture_packets=dict(type="bool"), + track=dict( + type="str", + choices=[ + "none", + "log", + "alert", + "mail", + "snmp trap", + "user alert", + "user alert 1", + "user alert 2", + ], + ), + ), + ), + tags=dict(type="list", elements="str"), + use_indicators=dict(type="bool"), + anti_bot=dict(type="bool"), + anti_virus=dict(type="bool"), + ips=dict(type="bool"), + threat_emulation=dict(type="bool"), + activate_protections_by_extended_attributes=dict( + type="list", + elements="dict", + options=dict(name=dict(type="str"), category=dict(type="str")), + ), + deactivate_protections_by_extended_attributes=dict( + type="list", + elements="dict", + options=dict(name=dict(type="str"), category=dict(type="str")), + ), + use_extended_attributes=dict(type="bool"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'threat-profile' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "threat-profile" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile_facts.py index b3fcbaae2..00dc08a04 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -98,30 +100,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "threat-profile" api_call_object_plural_version = "threat-profiles" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_protection_override.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_protection_override.py index 22ce24a22..d3d96289c 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_protection_override.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_protection_override.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -101,21 +103,49 @@ cp_mgmt_threat_protection_override: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - name=dict(type='str'), - comments=dict(type='str'), - follow_up=dict(type='bool'), - overrides=dict(type='list', elements='dict', options=dict( - action=dict(type='str', choices=['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']), - profile=dict(type='str'), - capture_packets=dict(type='bool'), - track=dict(type='str', choices=['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2']) - )), - details_level=dict(type='str', choices=['uid', 'standard', 'full']) + name=dict(type="str"), + comments=dict(type="str"), + follow_up=dict(type="bool"), + overrides=dict( + type="list", + elements="dict", + options=dict( + action=dict( + type="str", + choices=[ + "Threat Cloud: Inactive", + "Detect", + "Prevent <br> Core: Drop", + "Inactive", + "Accept", + ], + ), + profile=dict(type="str"), + capture_packets=dict(type="bool"), + track=dict( + type="str", + choices=[ + "none", + "log", + "alert", + "mail", + "snmp trap", + "user alert", + "user alert 1", + "user alert 2", + ], + ), + ), + ), + details_level=dict(type="str", choices=["uid", "standard", "full"]), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -127,5 +157,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule.py index a69286364..11e23389d 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -169,40 +171,46 @@ cp_mgmt_threat_rule: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, + api_call_for_rule, +) def main(): argument_spec = dict( - position=dict(type='str'), - layer=dict(type='str'), - name=dict(type='str', required=True), - action=dict(type='str'), - destination=dict(type='list', elements='str'), - destination_negate=dict(type='bool'), - enabled=dict(type='bool'), - install_on=dict(type='list', elements='str'), - protected_scope=dict(type='list', elements='str'), - protected_scope_negate=dict(type='bool'), - service=dict(type='list', elements='str'), - service_negate=dict(type='bool'), - source=dict(type='list', elements='str'), - source_negate=dict(type='bool'), - track=dict(type='str'), - track_settings=dict(type='dict', options=dict( - packet_capture=dict(type='bool') - )), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + position=dict(type="str"), + layer=dict(type="str"), + name=dict(type="str", required=True), + action=dict(type="str"), + destination=dict(type="list", elements="str"), + destination_negate=dict(type="bool"), + enabled=dict(type="bool"), + install_on=dict(type="list", elements="str"), + protected_scope=dict(type="list", elements="str"), + protected_scope_negate=dict(type="bool"), + service=dict(type="list", elements="str"), + service_negate=dict(type="bool"), + source=dict(type="list", elements="str"), + source_negate=dict(type="bool"), + track=dict(type="str"), + track_settings=dict( + type="dict", options=dict(packet_capture=dict(type="bool")) + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'threat-rule' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "threat-rule" - if module.params['position'] is None: + if module.params["position"] is None: result = api_call(module, api_call_object) else: result = api_call_for_rule(module, api_call_object) @@ -210,5 +218,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule_facts.py index 683784bc8..ce8fa8fe2 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -165,46 +167,63 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts_for_rule, +) def main(): argument_spec = dict( - name=dict(type='str'), - layer=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - filter_settings=dict(type='dict', options=dict( - search_mode=dict(type='str', choices=['general', 'packet']), - packet_search_settings=dict(type='dict', options=dict( - expand_group_members=dict(type='bool'), - expand_group_with_exclusion_members=dict(type='bool'), - match_on_any=dict(type='bool'), - match_on_group_with_exclusion=dict(type='bool'), - match_on_negate=dict(type='bool') - )) - )), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )), - package=dict(type='str'), - use_object_dictionary=dict(type='bool'), - dereference_group_members=dict(type='bool'), - show_membership=dict(type='bool') + name=dict(type="str"), + layer=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + filter_settings=dict( + type="dict", + options=dict( + search_mode=dict(type="str", choices=["general", "packet"]), + packet_search_settings=dict( + type="dict", + options=dict( + expand_group_members=dict(type="bool"), + expand_group_with_exclusion_members=dict(type="bool"), + match_on_any=dict(type="bool"), + match_on_group_with_exclusion=dict(type="bool"), + match_on_negate=dict(type="bool"), + ), + ), + ), + ), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), + package=dict(type="str"), + use_object_dictionary=dict(type="bool"), + dereference_group_members=dict(type="bool"), + show_membership=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "threat-rule" api_call_object_plural_version = "threat-rulebase" - result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version) + result = api_call_facts_for_rule( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time.py index aa0af5e9a..92f6b8137 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -228,58 +230,112 @@ cp_mgmt_time: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - end=dict(type='dict', options=dict( - date=dict(type='str'), - iso_8601=dict(type='str'), - posix=dict(type='int'), - time=dict(type='str') - )), - end_never=dict(type='bool'), - hours_ranges=dict(type='list', elements='dict', options=dict( - enabled=dict(type='bool'), - index=dict(type='int'), - to=dict(type='str') - )), - start=dict(type='dict', options=dict( - date=dict(type='str'), - iso_8601=dict(type='str'), - posix=dict(type='int'), - time=dict(type='str') - )), - start_now=dict(type='bool'), - tags=dict(type='list', elements='str'), - recurrence=dict(type='dict', options=dict( - days=dict(type='list', elements='str'), - month=dict(type='str'), - pattern=dict(type='str'), - weekdays=dict(type='list', elements='str') - )), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + end=dict( + type="dict", + options=dict( + date=dict(type="str"), + iso_8601=dict(type="str"), + posix=dict(type="int"), + time=dict(type="str"), + ), + ), + end_never=dict(type="bool"), + hours_ranges=dict( + type="list", + elements="dict", + options=dict( + enabled=dict(type="bool"), + index=dict(type="int"), + to=dict(type="str"), + ), + ), + start=dict( + type="dict", + options=dict( + date=dict(type="str"), + iso_8601=dict(type="str"), + posix=dict(type="int"), + time=dict(type="str"), + ), + ), + start_now=dict(type="bool"), + tags=dict(type="list", elements="str"), + recurrence=dict( + type="dict", + options=dict( + days=dict(type="list", elements="str"), + month=dict(type="str"), + pattern=dict(type="str"), + weekdays=dict(type="list", elements="str"), + ), + ), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) - argument_spec['hours_ranges']['options']['from'] = dict(type='str') + argument_spec["hours_ranges"]["options"]["from"] = dict(type="str") argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'time' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "time" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_facts.py index 40eb88026..2802e5ae1 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -98,30 +100,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "time" api_call_object_plural_version = "times" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_group.py new file mode 100644 index 000000000..10ab28db4 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_group.py @@ -0,0 +1,148 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_time_group +short_description: Manages time-group objects on Checkpoint over Web Services API +description: + - Manages time-group objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + members: + description: + - Collection of Time Group objects identified by the name or UID. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-time-group + cp_mgmt_time_group: + name: timeGroup-1 + members: + - member1 + - member2 + state: present + +- name: set-time-group + cp_mgmt_time_group: + name: timeGroup-1 + members: + - member1 + - member2 + tags: + - tag1 + state: present + +- name: delete-time-group + cp_mgmt_time_group: + name: timeGroup-1 + state: absent +""" + +RETURN = """ +cp_mgmt_time_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + members=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'time-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_group_facts.py new file mode 100644 index 000000000..49146d949 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_group_facts.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_time_group_facts +short_description: Get time-group objects facts on Checkpoint over Web Services API +description: + - Get time-group objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-time-group + cp_mgmt_time_group_facts: + name: timeGroup-1 + +- name: show-time-groups + cp_mgmt_time_group_facts: + details_level: standard + limit: 50 + offset: 0 +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "time-group" + api_call_object_plural_version = "time-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client.py index 9b885f83a..f872eb7d9 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -169,48 +171,102 @@ cp_mgmt_trusted_client: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - ip_address=dict(type='str'), - ipv4_address=dict(type='str'), - ipv6_address=dict(type='str'), - domains_assignment=dict(type='list', elements='str'), - ip_address_first=dict(type='str'), - ipv4_address_first=dict(type='str'), - ipv6_address_first=dict(type='str'), - ip_address_last=dict(type='str'), - ipv4_address_last=dict(type='str'), - ipv6_address_last=dict(type='str'), - mask_length=dict(type='int'), - mask_length4=dict(type='int'), - mask_length6=dict(type='int'), - multi_domain_server_trusted_client=dict(type='bool'), - tags=dict(type='list', elements='str'), - type=dict(type='str', choices=['any', 'domain', 'ipv4 address', 'ipv4 address range', 'ipv4 netmask', - 'ipv6 address', 'ipv6 address range', 'ipv6 netmask', 'name', 'wild cards (ip only)']), - wild_card=dict(type='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + ip_address=dict(type="str"), + ipv4_address=dict(type="str"), + ipv6_address=dict(type="str"), + domains_assignment=dict(type="list", elements="str"), + ip_address_first=dict(type="str"), + ipv4_address_first=dict(type="str"), + ipv6_address_first=dict(type="str"), + ip_address_last=dict(type="str"), + ipv4_address_last=dict(type="str"), + ipv6_address_last=dict(type="str"), + mask_length=dict(type="int"), + mask_length4=dict(type="int"), + mask_length6=dict(type="int"), + multi_domain_server_trusted_client=dict(type="bool"), + tags=dict(type="list", elements="str"), + type=dict( + type="str", + choices=[ + "any", + "domain", + "ipv4 address", + "ipv4 address range", + "ipv4 netmask", + "ipv6 address", + "ipv6 address range", + "ipv6 netmask", + "name", + "wild cards (ip only)", + ], + ), + wild_card=dict(type="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'trusted-client' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "trusted-client" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client_facts.py index 8991e1125..46a620f9f 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -104,31 +106,42 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - filter=dict(type='str'), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + filter=dict(type="str"), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "trusted-client" api_call_object_plural_version = "trusted-clients" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_uninstall_software_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_uninstall_software_package.py index 1ddb16d74..ce1a035ae 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_uninstall_software_package.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_uninstall_software_package.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -79,18 +81,24 @@ cp_mgmt_uninstall_software_package: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - name=dict(type='str'), - targets=dict(type='list', elements='str'), - cluster_installation_settings=dict(type='dict', options=dict( - cluster_delay=dict(type='int'), - cluster_strategy=dict(type='str') - )), - concurrency_limit=dict(type='int') + name=dict(type="str"), + targets=dict(type="list", elements="str"), + cluster_installation_settings=dict( + type="dict", + options=dict( + cluster_delay=dict(type="int"), + cluster_strategy=dict(type="str"), + ), + ), + concurrency_limit=dict(type="int"), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -102,5 +110,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_unlock_administrator.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_unlock_administrator.py new file mode 100644 index 000000000..23fa7a58b --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_unlock_administrator.py @@ -0,0 +1,85 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_unlock_administrator +short_description: Unlock administrator. +description: + - Unlock administrator. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: unlock-administrator + cp_mgmt_unlock_administrator: + name: aa +""" + +RETURN = """ +cp_mgmt_unlock_administrator: + description: The checkpoint unlock-administrator output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "unlock-administrator" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_unlock_object.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_unlock_object.py new file mode 100644 index 000000000..8718ed825 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_unlock_object.py @@ -0,0 +1,96 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_unlock_object +short_description: Unlock object using uid or {name and type}. +description: + - Unlock object using uid or {name and type}. + - Can unlock object only if the current session owns the lock and there are no changes on the object. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. Must be unique in the domain. + type: str + type: + description: + - Object type. + type: str + layer: + description: + - Object layer, need to specify the layer if the object is rule/section and uid is not supplied. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: unlock-object + cp_mgmt_unlock_object: + name: host5 + type: host +""" + +RETURN = """ +cp_mgmt_unlock_object: + description: The checkpoint unlock-object output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + type=dict(type='str'), + layer=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "unlock-object" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_updatable_object_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_updatable_object_facts.py new file mode 100644 index 000000000..626794a5e --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_updatable_object_facts.py @@ -0,0 +1,143 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_updatable_object_facts +short_description: Get updatable-object objects facts on Checkpoint over Web Services API +description: + - Get updatable-object objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-updatable-object + cp_mgmt_updatable_object_facts: + name: CodeBuild US East 1 + +- name: show-updatable-objects + cp_mgmt_updatable_object_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements="dict", options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements="str") + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "updatable-object" + api_call_object_plural_version = "updatable-objects" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_update_provisioned_satellites.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_update_provisioned_satellites.py index 5202c95b5..326e289a7 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_update_provisioned_satellites.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_update_provisioned_satellites.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -59,13 +61,14 @@ cp_mgmt_update_provisioned_satellites: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - vpn_center_gateways=dict(type='list', elements='str') - ) + argument_spec = dict(vpn_center_gateways=dict(type="list", elements="str")) argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -76,5 +79,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_update_updatable_objects_repository_content.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_update_updatable_objects_repository_content.py new file mode 100644 index 000000000..315f6af95 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_update_updatable_objects_repository_content.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_update_updatable_objects_repository_content +short_description: Updates the content of the Updatable Objects repository from the Check Point User Center. +description: + - Updates the content of the Updatable Objects repository from the Check Point User Center. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: {} +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: update-updatable-objects-repository-content + cp_mgmt_update_updatable_objects_repository_content: +""" + +RETURN = """ +cp_mgmt_update_updatable_objects_repository_content: + description: The checkpoint update-updatable-objects-repository-content output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "update-updatable-objects-repository-content" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_user_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_user_group.py new file mode 100644 index 000000000..591645d61 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_user_group.py @@ -0,0 +1,149 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_user_group +short_description: Manages user-group objects on Checkpoint over Web Services API +description: + - Manages user-group objects on Checkpoint devices including creating, updating and removing objects. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + required: True + email: + description: + - Email Address. + type: str + members: + description: + - Collection of User Group objects identified by the name or UID. + type: list + elements: str + tags: + description: + - Collection of tag identifiers. + type: list + elements: str + color: + description: + - Color of the object. Should be one of existing colors. + type: str + choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', + 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', + 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow'] + comments: + description: + - Comments string. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + groups: + description: + - Collection of group identifiers. + type: list + elements: str + ignore_warnings: + description: + - Apply changes ignoring warnings. + type: bool + ignore_errors: + description: + - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + type: bool +extends_documentation_fragment: check_point.mgmt.checkpoint_objects +""" + +EXAMPLES = """ +- name: add-user-group + cp_mgmt_user_group: + email: myusergroup@email.com + members: + - myuser + name: myusergroup + state: present + +- name: set-user-group + cp_mgmt_user_group: + email: myusergroup123@email.com + name: myusergroup + state: present + +- name: delete-user-group + cp_mgmt_user_group: + name: myusergroup + state: absent +""" + +RETURN = """ +cp_mgmt_user_group: + description: The checkpoint object created or updated. + returned: always, except when deleting the object. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call + + +def main(): + argument_spec = dict( + name=dict(type='str', required=True), + email=dict(type='str'), + members=dict(type='list', elements='str'), + tags=dict(type='list', elements='str'), + color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', + 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', + 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', + 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', + 'yellow']), + comments=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + groups=dict(type='list', elements='str'), + ignore_warnings=dict(type='bool'), + ignore_errors=dict(type='bool') + ) + argument_spec.update(checkpoint_argument_spec_for_objects) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + api_call_object = 'user-group' + + result = api_call(module, api_call_object) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_user_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_user_group_facts.py new file mode 100644 index 000000000..97af74777 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_user_group_facts.py @@ -0,0 +1,149 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_user_group_facts +short_description: Get user-group objects facts on Checkpoint over Web Services API +description: + - Get user-group objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-user-group + cp_mgmt_user_group_facts: + name: myusergroup + +- name: show-user-groups + cp_mgmt_user_group_facts: + details_level: full +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool'), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "user-group" + api_call_object_plural_version = "user-groups" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_policy.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_policy.py index 77a4fc6eb..d9fdfb941 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_policy.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_policy.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -56,13 +58,14 @@ cp_mgmt_verify_policy: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): - argument_spec = dict( - policy_package=dict(type='str') - ) + argument_spec = dict(policy_package=dict(type="str")) argument_spec.update(checkpoint_argument_spec_for_commands) module = AnsibleModule(argument_spec=argument_spec) @@ -73,5 +76,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_software_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_software_package.py index 8f1d83816..de7d2155d 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_software_package.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_software_package.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -79,16 +81,21 @@ cp_mgmt_verify_software_package: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_commands, + api_command, +) def main(): argument_spec = dict( - name=dict(type='str'), - targets=dict(type='list', elements='str'), - concurrency_limit=dict(type='int'), - download_package=dict(type='bool'), - download_package_from=dict(type='str', choices=['automatic', 'central', 'target-machine']) + name=dict(type="str"), + targets=dict(type="list", elements="str"), + concurrency_limit=dict(type="int"), + download_package=dict(type="bool"), + download_package_from=dict( + type="str", choices=["automatic", "central", "target-machine"] + ), ) argument_spec.update(checkpoint_argument_spec_for_commands) @@ -100,5 +107,5 @@ def main(): module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed.py index 8ccc016e4..b4b043843 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -184,49 +186,149 @@ cp_mgmt_vpn_community_meshed: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - encryption_method=dict(type='str', choices=['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']), - encryption_suite=dict(type='str', choices=['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']), - gateways=dict(type='list', elements='str'), - ike_phase_1=dict(type='dict', options=dict( - data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']), - diffie_hellman_group=dict(type='str', choices=['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']), - encryption_algorithm=dict(type='str', choices=['cast', 'aes-256', 'des', 'aes-128', '3des']) - )), - ike_phase_2=dict(type='dict', options=dict( - data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']), - encryption_algorithm=dict(type='str', choices=['cast', 'aes-gcm-256', 'cast-40', - 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none']) - )), - shared_secrets=dict(type='list', elements='dict', no_log=True, options=dict( - external_gateway=dict(type='str'), - shared_secret=dict(type='str', no_log=True) - )), - tags=dict(type='list', elements='str'), - use_shared_secret=dict(type='bool'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + encryption_method=dict( + type="str", + choices=[ + "prefer ikev2 but support ikev1", + "ikev2 only", + "ikev1 for ipv4 and ikev2 for ipv6 only", + ], + ), + encryption_suite=dict( + type="str", + choices=[ + "suite-b-gcm-256", + "custom", + "vpn b", + "vpn a", + "suite-b-gcm-128", + ], + ), + gateways=dict(type="list", elements="str"), + ike_phase_1=dict( + type="dict", + options=dict( + data_integrity=dict( + type="str", + choices=["aes-xcbc", "sha1", "sha256", "sha384", "md5"], + ), + diffie_hellman_group=dict( + type="str", + choices=[ + "group-1", + "group-2", + "group-5", + "group-14", + "group-19", + "group-20", + ], + ), + encryption_algorithm=dict( + type="str", + choices=["cast", "aes-256", "des", "aes-128", "3des"], + ), + ), + ), + ike_phase_2=dict( + type="dict", + options=dict( + data_integrity=dict( + type="str", + choices=["aes-xcbc", "sha1", "sha256", "sha384", "md5"], + ), + encryption_algorithm=dict( + type="str", + choices=[ + "cast", + "aes-gcm-256", + "cast-40", + "aes-256", + "des", + "aes-128", + "3des", + "des-40cp", + "aes-gcm-128", + "none", + ], + ), + ), + ), + shared_secrets=dict( + type="list", + elements="dict", + no_log=True, + options=dict( + external_gateway=dict(type="str"), + shared_secret=dict(type="str", no_log=True), + ), + ), + tags=dict(type="list", elements="str"), + use_shared_secret=dict(type="bool"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'vpn-community-meshed' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "vpn-community-meshed" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed_facts.py index 9ea3882a7..43357f8a1 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -98,30 +100,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "vpn-community-meshed" api_call_object_plural_version = "vpn-communities-meshed" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_remote_access_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_remote_access_facts.py new file mode 100644 index 000000000..78da989b7 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_remote_access_facts.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_vpn_community_remote_access_facts +short_description: Get vpn-community-remote-access objects facts on Checkpoint over Web Services API +description: + - Get vpn-community-remote-access objects facts on Checkpoint devices. + - All operations are performed over Web Services API. + - This module handles both operations, get a specific object and get several objects, + For getting a specific object use the parameter 'name'. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + This parameter is relevant only for getting a specific object. + type: str + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + filter: + description: + - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The + logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in + name, comment, tags etc. + type: str + limit: + description: + - The maximal number of returned results. + This parameter is relevant only for getting few objects. + type: int + offset: + description: + - Number of the results to initially skip. + This parameter is relevant only for getting few objects. + type: int + order: + description: + - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order. + This parameter is relevant only for getting few objects. + type: list + elements: dict + suboptions: + ASC: + description: + - Sorts results by the given field in ascending order. + type: str + choices: ['name'] + DESC: + description: + - Sorts results by the given field in descending order. + type: str + choices: ['name'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str +extends_documentation_fragment: check_point.mgmt.checkpoint_facts +""" + +EXAMPLES = """ +- name: show-vpn-community-remote-access + cp_mgmt_vpn_community_remote_access_facts: + name: RemoteAccess + +- name: show-vpn-communities-remote-access + cp_mgmt_vpn_community_remote_access_facts: +""" + +RETURN = """ +ansible_facts: + description: The checkpoint object facts. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts + + +def main(): + argument_spec = dict( + name=dict(type='str'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + filter=dict(type='str'), + limit=dict(type='int'), + offset=dict(type='int'), + order=dict(type='list', elements='dict', options=dict( + ASC=dict(type='str', choices=['name']), + DESC=dict(type='str', choices=['name']) + )), + domains_to_process=dict(type='list', elements='str') + ) + argument_spec.update(checkpoint_argument_spec_for_facts) + + module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + + api_call_object = "vpn-community-remote-access" + api_call_object_plural_version = "vpn-communities-remote-access" + + result = api_call_facts(module, api_call_object, api_call_object_plural_version) + module.exit_json(ansible_facts=result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star.py index 0073a60de..a5a1030bf 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -42,7 +44,7 @@ options: required: True center_gateways: description: - - Collection of Gateway objects representing center gateways identified by the name or UID. + - Collection of center VPN Gateway and VPN Device objects identified by the name or UID. type: list elements: str encryption_method: @@ -55,6 +57,93 @@ options: - The encryption suite to be used. type: str choices: ['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128'] + granular_encryptions: + description: + - VPN granular encryption settings. + type: list + elements: dict + version_added: "5.1.0" + suboptions: + internal_gateway: + description: + - Internally managed Check Point gateway identified by name or UID, or 'Any' for all internal-gateways participants in this community. + type: str + external_gateway: + description: + - Externally managed or 3rd party gateway identified by name or UID. + type: str + encryption_method: + description: + - The encryption method to be used. + type: str + choices: ['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only'] + encryption_suite: + description: + - The encryption suite to be used. + type: str + choices: ['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128'] + ike_phase_1: + description: + - Ike Phase 1 settings. Only applicable when the encryption-suite is set to [custom]. + type: dict + suboptions: + encryption_algorithm: + description: + - The encryption algorithm to be used. + type: str + choices: ['cast', 'aes-256', 'des', 'aes-128', '3des'] + data_integrity: + description: + - The hash algorithm to be used. + type: str + choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'sha512', 'md5'] + diffie_hellman_group: + description: + - The Diffie-Hellman group to be used. + type: str + choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-15', 'group-16', 'group-17', 'group-18', 'group-19', 'group-20', 'group-24'] + ike_p1_rekey_time: + description: + - Indicates the time interval for IKE phase 1 renegotiation. + type: int + ike_p1_rekey_time_unit: + description: + - Indicates the time unit for [ike-p1-rekey-time-unit] parameter, rounded up to minutes scale. + type: str + choices: ['days', 'hours', 'minutes', 'seconds'] + ike_phase_2: + description: + - Ike Phase 2 settings. Only applicable when the encryption-suite is set to [custom]. + type: dict + suboptions: + encryption_algorithm: + description: + - The encryption algorithm to be used. + type: str + choices: ['cast', 'aes-gcm-256', 'cast-40', 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none'] + data_integrity: + description: + - The hash algorithm to be used. + type: str + choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'sha512', 'md5'] + ike_p2_use_pfs: + description: + - Indicates whether Perfect Forward Secrecy (PFS) is being used for IKE phase 2. + type: bool + ike_p2_pfs_dh_grp: + description: + - The Diffie-Hellman group to be used. + type: str + choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-15', 'group-16', 'group-17', 'group-18', 'group-19', 'group-20', 'group-24'] + ike_p2_rekey_time: + description: + - Indicates the time interval for IKE phase 2 renegotiation. + type: int + ike_p2_rekey_time_unit: + description: + - Indicates the time unit for [ike-p2-rekey-time-unit] parameter. + type: str + choices: ['days', 'hours', 'minutes', 'seconds'] ike_phase_1: description: - Ike Phase 1 settings. Only applicable when the encryption-suite is set to [custom]. @@ -75,6 +164,17 @@ options: - The encryption algorithm to be used. type: str choices: ['cast', 'aes-256', 'des', 'aes-128', '3des'] + ike_p1_rekey_time: + description: + - Indicates the time interval for IKE phase 1 renegotiation. + type: int + version_added: "5.1.0" + ike_p1_rekey_time_unit: + description: + - Indicates the time unit for [ike-p1-rekey-time-unit] parameter, rounded up to minutes scale. + type: str + choices: ['days', 'hours', 'minutes', 'seconds'] + version_added: "5.1.0" ike_phase_2: description: - Ike Phase 2 settings. Only applicable when the encryption-suite is set to [custom]. @@ -90,10 +190,47 @@ options: - The encryption algorithm to be used. type: str choices: ['cast', 'aes-gcm-256', 'cast-40', 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none'] + ike_p2_use_pfs: + description: + - Indicates whether Perfect Forward Secrecy (PFS) is being used for IKE phase 2. + type: bool + version_added: "5.1.0" + ike_p2_pfs_dh_grp: + description: + - The Diffie-Hellman group to be used. + type: str + choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-15', 'group-16', 'group-17', 'group-18', 'group-19', 'group-20', 'group-24'] + version_added: "5.1.0" + ike_p2_rekey_time: + description: + - Indicates the time interval for IKE phase 2 renegotiation. + type: int + version_added: "5.1.0" + ike_p2_rekey_time_unit: + description: + - Indicates the time unit for [ike-p2-rekey-time-unit] parameter. + type: str + choices: ['days', 'hours', 'minutes', 'seconds'] + version_added: "5.1.0" mesh_center_gateways: description: - Indicates whether the meshed community is in center. type: bool + override_vpn_domains: + description: + - The Overrides VPN Domains of the participants GWs. + type: list + elements: dict + version_added: "5.1.0" + suboptions: + gateway: + description: + - Participant gateway in override VPN domain identified by the name or UID. + type: str + vpn_domain: + description: + - VPN domain network identified by the name or UID. + type: str satellite_gateways: description: - Collection of Gateway objects representing satellite gateways identified by the name or UID. @@ -118,6 +255,12 @@ options: - Collection of tag identifiers. type: list elements: str + tunnel_granularity: + description: + - VPN tunnel sharing option to be used. + type: str + choices: ['per_host', 'per_subnet', 'universal'] + version_added: "5.1.0" use_shared_secret: description: - Indicates whether the shared secret should be used for all external gateways. @@ -194,51 +337,194 @@ cp_mgmt_vpn_community_star: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - center_gateways=dict(type='list', elements='str'), - encryption_method=dict(type='str', choices=['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']), - encryption_suite=dict(type='str', choices=['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']), - ike_phase_1=dict(type='dict', options=dict( - data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']), - diffie_hellman_group=dict(type='str', choices=['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']), - encryption_algorithm=dict(type='str', choices=['cast', 'aes-256', 'des', 'aes-128', '3des']) - )), - ike_phase_2=dict(type='dict', options=dict( - data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']), - encryption_algorithm=dict(type='str', choices=['cast', 'aes-gcm-256', 'cast-40', - 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none']) - )), - mesh_center_gateways=dict(type='bool'), - satellite_gateways=dict(type='list', elements='str'), - shared_secrets=dict(type='list', elements='dict', no_log=True, options=dict( + name=dict(type="str", required=True), + center_gateways=dict(type="list", elements="str"), + encryption_method=dict( + type="str", + choices=[ + "prefer ikev2 but support ikev1", + "ikev2 only", + "ikev1 for ipv4 and ikev2 for ipv6 only", + ], + ), + encryption_suite=dict( + type="str", + choices=[ + "suite-b-gcm-256", + "custom", + "vpn b", + "vpn a", + "suite-b-gcm-128", + ], + ), + granular_encryptions=dict(type='list', elements="dict", options=dict( + internal_gateway=dict(type='str'), external_gateway=dict(type='str'), - shared_secret=dict(type='str', no_log=True) + encryption_method=dict(type='str', choices=['prefer ikev2 but support ikev1', 'ikev2 only', + 'ikev1 for ipv4 and ikev2 for ipv6 only']), + encryption_suite=dict(type='str', + choices=['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']), + ike_phase_1=dict(type='dict', options=dict( + encryption_algorithm=dict(type='str', choices=['cast', 'aes-256', 'des', 'aes-128', '3des']), + data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'sha512', 'md5']), + diffie_hellman_group=dict(type='str', choices=['group-1', 'group-2', 'group-5', + 'group-14', 'group-15', 'group-16', 'group-17', + 'group-18', 'group-19', 'group-20', + 'group-24']), + ike_p1_rekey_time=dict(type='int', no_log=False), + ike_p1_rekey_time_unit=dict(type='str', choices=['days', 'hours', 'minutes', 'seconds']) + )), + ike_phase_2=dict(type='dict', options=dict( + encryption_algorithm=dict(type='str', choices=['cast', 'aes-gcm-256', 'cast-40', + 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', + 'aes-gcm-128', 'none']), + data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'sha512', 'md5']), + ike_p2_use_pfs=dict(type='bool'), + ike_p2_pfs_dh_grp=dict(type='str', choices=['group-1', 'group-2', 'group-5', + 'group-14', 'group-15', 'group-16', 'group-17', 'group-18', + 'group-19', 'group-20', 'group-24']), + ike_p2_rekey_time=dict(type='int', no_log=False), + ike_p2_rekey_time_unit=dict(type='str', choices=['days', 'hours', 'minutes', 'seconds']), + )) )), - tags=dict(type='list', elements='str'), - use_shared_secret=dict(type='bool'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + ike_phase_1=dict( + type="dict", + options=dict( + data_integrity=dict( + type="str", + choices=["aes-xcbc", "sha1", "sha256", "sha384", "md5"], + ), + diffie_hellman_group=dict( + type="str", + choices=[ + "group-1", + "group-2", + "group-5", + "group-14", + "group-19", + "group-20", + ], + ), + encryption_algorithm=dict( + type="str", + choices=["cast", "aes-256", "des", "aes-128", "3des"], + ), + ike_p1_rekey_time=dict(type='int', no_log=False), + ike_p1_rekey_time_unit=dict(type='str', choices=['days', 'hours', 'minutes', 'seconds']), + ), + ), + ike_phase_2=dict( + type="dict", + options=dict( + data_integrity=dict( + type="str", + choices=["aes-xcbc", "sha1", "sha256", "sha384", "md5"], + ), + encryption_algorithm=dict( + type="str", + choices=[ + "cast", + "aes-gcm-256", + "cast-40", + "aes-256", + "des", + "aes-128", + "3des", + "des-40cp", + "aes-gcm-128", + "none", + ], + ), + ike_p2_use_pfs=dict(type='bool'), + ike_p2_pfs_dh_grp=dict(type='str', choices=['group-1', 'group-2', 'group-5', 'group-14', + 'group-15', 'group-16', 'group-17', 'group-18', 'group-19', + 'group-20', 'group-24']), + ike_p2_rekey_time=dict(type='int', no_log=False), + ike_p2_rekey_time_unit=dict(type='str', choices=['days', 'hours', 'minutes', 'seconds']), + ), + ), + mesh_center_gateways=dict(type="bool"), + override_vpn_domains=dict(type='list', elements="dict", options=dict( + gateway=dict(type='str'), + vpn_domain=dict(type='str') + )), + satellite_gateways=dict(type="list", elements="str"), + shared_secrets=dict( + type="list", + elements="dict", + no_log=True, + options=dict( + external_gateway=dict(type="str"), + shared_secret=dict(type="str", no_log=True), + ), + ), + tags=dict(type="list", elements="str"), + tunnel_granularity=dict(type='str', choices=['per_host', 'per_subnet', 'universal']), + use_shared_secret=dict(type="bool"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'vpn-community-star' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "vpn-community-star" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star_facts.py index 09fbd90a6..845c11fc2 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -98,30 +100,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "vpn-community-star" api_call_object_plural_version = "vpn-communities-star" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vsx_run_operation.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vsx_run_operation.py new file mode 100644 index 000000000..15db77ea1 --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vsx_run_operation.py @@ -0,0 +1,242 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_vsx_run_operation +short_description: Run the VSX operation by its name and parameters. +description: + - Run the VSX operation by its name and parameters. + - An automatic session publish is part of all the operations in this API. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + operation: + description: + - The name of the operation to run. Each operation has its specific parameters.<br>The available operations are,<ul><li><i>upgrade</i> - + Upgrades the VSX Gateway or VSX Cluster object to a higher version</li><li><i>downgrade</i> - Downgrades the VSX Gateway or VSX Cluster object to a + lower version</li><li><i>add-member</i> - Adds a new VSX Cluster member object</li><li><i>remove-member</i> - Removes a VSX Cluster member + object</li><li><i>reconf-gw</i> - Reconfigures a VSX Gateway after a clean install</li><li><i>reconf-member</i> - Reconfigures a VSX Cluster member + after a clean install</li></ul>. + type: str + choices: ['upgrade', 'downgrade', 'add-member', 'remove-member', 'reconf-gw', 'reconf-member'] + add_member_params: + description: + - Parameters for the operation to add a VSX Cluster member. + type: dict + suboptions: + ipv4_address: + description: + - The IPv4 address of the management interface of the VSX Cluster member. + type: str + ipv4_sync_address: + description: + - The IPv4 address of the sync interface of the VSX Cluster member. + type: str + member_name: + description: + - Name of the new VSX Cluster member object. + type: str + vsx_name: + description: + - Name of the VSX Cluster object. + type: str + vsx_uid: + description: + - UID of the VSX Cluster object. + type: str + downgrade_params: + description: + - Parameters for the operation to downgrade a VSX Gateway or VSX Cluster object to a lower version.<br>In case the current version is already + the target version, or is lower than the target version, no change is done. + type: dict + suboptions: + target_version: + description: + - The target version. + type: str + vsx_name: + description: + - Name of the VSX Gateway or VSX Cluster object. + type: str + vsx_uid: + description: + - UID of the VSX Gateway or VSX Cluster object. + type: str + reconf_gw_params: + description: + - Parameters for the operation to reconfigure a VSX Gateway after a clean install. + type: dict + suboptions: + ipv4_corexl_number: + description: + - Number of IPv4 CoreXL Firewall instances on the target VSX Gateway.<br>Valid values,<br><ul><li>To configure CoreXL Firewall + instances, enter an integer greater or equal to 2.</li><li>To disable CoreXL, enter 1.</li></ul>. + type: int + one_time_password: + description: + - A password required for establishing a Secure Internal Communication (SIC). Enter the same password you used during the First Time + Configuration Wizard on the target VSX Gateway. + type: str + vsx_name: + description: + - Name of the VSX Gateway object. + type: str + vsx_uid: + description: + - UID of the VSX Gateway object. + type: str + reconf_member_params: + description: + - Parameters for the operation to reconfigure a VSX Cluster member after a clean install. + type: dict + suboptions: + ipv4_corexl_number: + description: + - Number of IPv4 CoreXL Firewall instances on the target VSX Cluster member.<br>Valid values,<br><ul><li>To configure CoreXL Firewall + instances, enter an integer greater or equal to 2.</li><li>To disable CoreXL, enter 1.</li></ul>Important - The CoreXL configuration must be the + same on all the cluster members. + type: int + member_uid: + description: + - UID of the VSX Cluster member object. + type: str + member_name: + description: + - Name of the VSX Cluster member object. + type: str + one_time_password: + description: + - A password required for establishing a Secure Internal Communication (SIC). Enter the same password you used during the First Time + Configuration Wizard on the target VSX Cluster member. + type: str + remove_member_params: + description: + - Parameters for the operation to remove a VSX Cluster member object. + type: dict + suboptions: + member_uid: + description: + - UID of the VSX Cluster member object. + type: str + member_name: + description: + - Name of the VSX Cluster member object. + type: str + upgrade_params: + description: + - Parameters for the operation to upgrade a VSX Gateway or VSX Cluster object to a higher version.<br>In case the current version is already the + target version, or is higher than the target version, no change is done. + type: dict + suboptions: + target_version: + description: + - The target version. + type: str + vsx_name: + description: + - Name of the VSX Gateway or VSX Cluster object. + type: str + vsx_uid: + description: + - UID of the VSX Gateway or VSX Cluster object. + type: str +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: vsx-run-operation + cp_mgmt_vsx_run_operation: + add_member_params: + ipv4_address: 25.25.25.223 + ipv4_sync_address: 20.20.20.223 + member_name: Mem3 + vsx_name: VSX_CLUSTER + operation: add-member +""" + +RETURN = """ +cp_mgmt_vsx_run_operation: + description: The checkpoint vsx-run-operation output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + operation=dict(type='str', choices=['upgrade', 'downgrade', 'add-member', 'remove-member', 'reconf-gw', 'reconf-member']), + add_member_params=dict(type='dict', options=dict( + ipv4_address=dict(type='str'), + ipv4_sync_address=dict(type='str'), + member_name=dict(type='str'), + vsx_name=dict(type='str'), + vsx_uid=dict(type='str') + )), + downgrade_params=dict(type='dict', options=dict( + target_version=dict(type='str'), + vsx_name=dict(type='str'), + vsx_uid=dict(type='str') + )), + reconf_gw_params=dict(type='dict', options=dict( + ipv4_corexl_number=dict(type='int'), + one_time_password=dict(type='str', no_log=True), + vsx_name=dict(type='str'), + vsx_uid=dict(type='str') + )), + reconf_member_params=dict(type='dict', options=dict( + ipv4_corexl_number=dict(type='int'), + member_uid=dict(type='str'), + member_name=dict(type='str'), + one_time_password=dict(type='str', no_log=True) + )), + remove_member_params=dict(type='dict', options=dict( + member_uid=dict(type='str'), + member_name=dict(type='str') + )), + upgrade_params=dict(type='dict', options=dict( + target_version=dict(type='str'), + vsx_name=dict(type='str'), + vsx_uid=dict(type='str') + )) + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "vsx-run-operation" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_where_used.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_where_used.py new file mode 100644 index 000000000..e2609fdfc --- /dev/null +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_where_used.py @@ -0,0 +1,116 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Ansible module to manage CheckPoint Firewall (c) 2019 +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: cp_mgmt_where_used +short_description: Searches for usage of the target object in other objects and rules. +description: + - Searches for usage of the target object in other objects and rules. + - All operations are performed over Web Services API. +version_added: "5.0.0" +author: "Eden Brillant (@chkp-edenbr)" +options: + name: + description: + - Object name. + type: str + dereference_group_members: + description: + - Indicates whether to dereference "members" field by details level for every object in reply. + type: bool + show_membership: + description: + - Indicates whether to calculate and show "groups" field for every object in reply. + type: bool + async_response: + description: + - Run command in asynchronous mode and return task UID. Use show-task command to check the progress of the task. + type: bool + details_level: + description: + - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed + representation of the object. + type: str + choices: ['uid', 'standard', 'full'] + domains_to_process: + description: + - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and + with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER. + type: list + elements: str + indirect: + description: + - Search for indirect usage. + type: bool + indirect_max_depth: + description: + - Maximum nesting level during indirect usage search. + type: int +extends_documentation_fragment: check_point.mgmt.checkpoint_commands +""" + +EXAMPLES = """ +- name: where-used + cp_mgmt_where_used: + name: Host 1 +""" + +RETURN = """ +cp_mgmt_where_used: + description: The checkpoint where-used output. + returned: always. + type: dict +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command + + +def main(): + argument_spec = dict( + name=dict(type='str'), + dereference_group_members=dict(type='bool'), + show_membership=dict(type='bool'), + async_response=dict(type='bool'), + details_level=dict(type='str', choices=['uid', 'standard', 'full']), + domains_to_process=dict(type='list', elements='str'), + indirect=dict(type='bool'), + indirect_max_depth=dict(type='int') + ) + argument_spec.update(checkpoint_argument_spec_for_commands) + + module = AnsibleModule(argument_spec=argument_spec) + + command = "where-used" + + result = api_command(module, command) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard.py index 54739fdfe..24eb2204f 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -124,36 +126,77 @@ cp_mgmt_wildcard: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_objects, + api_call, +) def main(): argument_spec = dict( - name=dict(type='str', required=True), - ipv4_address=dict(type='str'), - ipv4_mask_wildcard=dict(type='str'), - ipv6_address=dict(type='str'), - ipv6_mask_wildcard=dict(type='str'), - tags=dict(type='list', elements='str'), - color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', - 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', - 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green', - 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', - 'yellow']), - comments=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - groups=dict(type='list', elements='str'), - ignore_warnings=dict(type='bool'), - ignore_errors=dict(type='bool') + name=dict(type="str", required=True), + ipv4_address=dict(type="str"), + ipv4_mask_wildcard=dict(type="str"), + ipv6_address=dict(type="str"), + ipv6_mask_wildcard=dict(type="str"), + tags=dict(type="list", elements="str"), + color=dict( + type="str", + choices=[ + "aquamarine", + "black", + "blue", + "crete blue", + "burlywood", + "cyan", + "dark green", + "khaki", + "orchid", + "dark orange", + "dark sea green", + "pink", + "turquoise", + "dark blue", + "firebrick", + "brown", + "forest green", + "gold", + "dark gold", + "gray", + "dark gray", + "light green", + "lemon chiffon", + "coral", + "sea green", + "sky blue", + "magenta", + "purple", + "slate blue", + "violet red", + "navy blue", + "olive", + "orange", + "red", + "sienna", + "yellow", + ], + ), + comments=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + groups=dict(type="list", elements="str"), + ignore_warnings=dict(type="bool"), + ignore_errors=dict(type="bool"), ) argument_spec.update(checkpoint_argument_spec_for_objects) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) - api_call_object = 'wildcard' + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) + api_call_object = "wildcard" result = api_call(module, api_call_object) module.exit_json(**result) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard_facts.py index 474776b4f..cad95ce62 100644 --- a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard_facts.py +++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard_facts.py @@ -17,13 +17,15 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # -from __future__ import (absolute_import, division, print_function) +from __future__ import absolute_import, division, print_function __metaclass__ = type -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} DOCUMENTATION = """ --- @@ -98,30 +100,41 @@ ansible_facts: """ from ansible.module_utils.basic import AnsibleModule -from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts +from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import ( + checkpoint_argument_spec_for_facts, + api_call_facts, +) def main(): argument_spec = dict( - name=dict(type='str'), - details_level=dict(type='str', choices=['uid', 'standard', 'full']), - limit=dict(type='int'), - offset=dict(type='int'), - order=dict(type='list', elements='dict', options=dict( - ASC=dict(type='str', choices=['name']), - DESC=dict(type='str', choices=['name']) - )) + name=dict(type="str"), + details_level=dict(type="str", choices=["uid", "standard", "full"]), + limit=dict(type="int"), + offset=dict(type="int"), + order=dict( + type="list", + elements="dict", + options=dict( + ASC=dict(type="str", choices=["name"]), + DESC=dict(type="str", choices=["name"]), + ), + ), ) argument_spec.update(checkpoint_argument_spec_for_facts) - module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) + module = AnsibleModule( + argument_spec=argument_spec, supports_check_mode=True + ) api_call_object = "wildcard" api_call_object_plural_version = "wildcards" - result = api_call_facts(module, api_call_object, api_call_object_plural_version) + result = api_call_facts( + module, api_call_object, api_call_object_plural_version + ) module.exit_json(ansible_facts=result) -if __name__ == '__main__': +if __name__ == "__main__": main() |